OpenBSD asks for more contributions coz it's running at a loss. Mozilla asks for help in giving away money coz it's washing in funds. What a funny world.
Humour aside it is worthwhile to analyse these differences. Mozilla delivers browsers and email clients to the great masses of Internet users. Yours and my mom might use Firefox. BSD is an obscure operating that gets used by people who know what it is for, and probably have more than a passing ability to read and hack the code. Hard-core geeks in other words.
Mozilla stresses community and tries to get along, CEO Mitchell talks about personal lessons from falling off the trapeze; in contrast Theo de Raadt has a reputation for not getting along and frequently stars in flame wars over some security issue or other.
What's the core difference here? It's in the mission. Mozilla's software is standing in front of the user, and offering her an experience. Indeed, they say that part of the mission is improving the experience, which of necessity means getting all close and cozy with the users - all of them. You cannot improve your users' experiences unless you get into their hearts, their souls, their minds.
OpenBSD's mission in contrast is security, which isn't close and cozy anywhere anytime. Quite the opposite - for OpenBSD, the user is as much a threat as a beneficiary. In the hard security world, everything and everyone is treated with suspicion until proven otherwise. And even then, we have our doubts...
Which means that on first, second and third blush the OpenBSD project is unfriendly. The nicest thing you could say about those guys is that they are uncompromising, whereas the Mozilla guys are quite compromising. So here's where it all comes together: to cut a deal with Yahoo or Google that is worth 8 figures in revenue (numbers not available but widely speculated) you do need to be compromising - very compromising. Yahoo and Google want serious compromises for their dosh.
OTOH, you can imagine what would happen if Google turned up with a suggestion of, say, putting their disk searching technology into OpenBSD. (For a fee, of course.) We want an uncompromising response to that, forsooth, the nastier the better. I feel quite comfortable when I hear of the latest security spat - because I know that an uncompromising attitude is essential to security.
I wouldn't go so far as to say you have to be downright nasty to be secure. But it is certainly very hard to be secure when you have a mission of embracing all. A nice trick to pull off, if you can do it, and please tell us about it.
Getting back to OpenBSD. Just how does an open source project that makes a mission of being, ahem, uncompromising, go about doing some deals to get some revenue? Just who in business wants to pay for pain? Tough one, that. Those who solicit the dominatrix's services aren't saying, either.
Posted by iang at March 26, 2006 03:19 PM | TrackBackhilarious .......
> "What is happening is that the CD purchase-FTP ratio is out of control. People pretty much stopped purchasing CDs in quantities they used to and use the FTP mirrors instead. This lack of sales is what is causing the project to turn a small loss for the second year in a row," Peereboom said
You idiot, Peereboom .. just make it shareware for $2 (for gods sake). there are any number of credit card processors for shareware. you'll be rolling in money. (I mean, within the scale of their problem.) why charge for CDs, and not charge for downloads?
Idiots.
It would literally take them a solid 3 to 4 minutes to hook up to one of the many shareware CC-processing companies.
Idiots.
I mean, jokers that make like "color your menu bar!" shareware widgets pull in $100,000 a year. a number of the most popular shareware titles make 2 or 3 times that or even more.
the fact that the guy is having hassle over $20 grand a year is tragic.
all they have to do is a few clicks at kagi.com or regsoft.com
Just add this Exciting Sentence of text to his website before the ftp process "Sharewidth download fee of $2.99 (supports bandwidth costs), continue to pay at kagi.com"
Posted by: JPMay at March 26, 2006 12:38 PMThe financial struggles of OpenBSD may indicate a lack of gratitude from its users. Perhaps if gratitude or lack thereof were a matter of public reputation, more people would pay. One approach to this would be to compile a public list of web servers running OpenBSD, their owners, and next to the owner's name, how much money that person had paid in gratitude to the OpenBSD project. This list could be maintained over the years so that the number of years that person uses OpenBSD for a web server also shows, and the amount of gratitude paid could be divided by the number of years, so that money paid per year of usage also shows. This list should be linked to in web pages by people who care about OpenBSD, so that it gets a high page rank in Google. People often use Google to search on somebody's reputation. A reputation search for a known OpenBSD user should turn up the page which shows how well this person pays gratitude for benefit received. If one searches on somebody and find that they use OpenBSD as a web server for a profitable enterprise, but never give back anything, then one can draw implications about the character of that person and adopt an appropriate bias when dealing with them.
Posted by: Vincent at March 28, 2006 11:30 PMP.S. to the above comment: the websites that use OpenBSD should be discoverable via the Netcraft survey. The owner information for those websites should be discoverable via the DNS registrar information. Most of the people who use OpenBSD probably do so because they need its extra security for a web server. The Netcraft survey data would probably uncover the vast majority of OpenBSD's users. That puts OpenBSD in a unique position to tie gratitude payment to reputation. This provides a unique opportunity to try this as an experiment and see how well it works. Most other open source projects would have a difficult time compiling a list of users of the software. For OpenBSD, its list of users is already public enough, that somebody would just have to compile it.
Posted by: Vincent at March 29, 2006 12:22 AMSeen on the FreeBSD security group:
==============================
Dear FreeBSD users,
Slightly more than three years ago, I released FreeBSD Update, my first major contribution to FreeBSD. Since then, I have become a FreeBSD committer, joined the FreeBSD Security Team, released Portsnap, and become the FreeBSD Security Officer. However, as I have gone from being a graduate student at Oxford University -- busy writing my thesis -- to a researcher at Simon Fraser University -- busy doing research and writing papers -- my "to do" list of FreeBSD-related work has continued growing, and I have now come to realize that some of the items on that list will probably never be finished until I get a chance to work full-time on FreeBSD.
This is where you come in. I'm hoping to raise $15,000 Canadian (about US$13,000) to pay me to work full-time on FreeBSD for 16 weeks over the summer. This will allow me to devote more time to my role as FreeBSD Security Officer, perform a complete overhaul of FreeBSD Update, and make some significant improvements to Portsnap.
Based on my estimates of the number of systems currently using Portsnap and FreeBSD Update (about 8500 and 4500 respectively based on my server logs) this works out to one US dollar per computer (or two dollars for systems using both Portsnap and FreeBSD Update); I don't think this is an unreasonable amount to ask for even if I only receive donations from people who are using Portsnap or FreeBSD Update. That said, if I don't reach my target for donations, I'll get as much work done within the time I have funds for before returning to other paying work (most likely at the university again).
Donations can be sent by paypal to cperciva@freebsd.org; if you would prefer to send a cheque (which is probably only worthwhile for cheques in Canadian or US dollars), please contact me by email to obtain my mailing address. In either case, please let me know if you wish to remain anonymous.
For more details, see http://people.freebsd.org/~cperciva/funding.html .
Colin Percival
_______________________________________________
freebsd-security@freebsd.org mailing list
http://lists.freebsd.org/mailman/listinfo/freebsd-security
To unsubscribe, send any mail to "freebsd-security-unsubscribe@freebsd.org"
Interesting. I'm not sure where my work fits on the Mozilla -- OpenBSD spectrum.
On one hand, my work is all about security, but on the other hand it's also about making life easier for users -- FreeBSD Update was inspired by people commenting that they didn't apply security patches because it was "too hard" -- and the comments I've received along with donations so far have all been thanking me for making it easier for them to keep their systems updated -- not thanking me for making their systems more secure.
Of course, there's another very obvious difference between myself and either project: I'm asking for money to fund a very specific block of work, while funding for Mozilla and OpenBSD goes into a large pot and is spent on whatever the project leaders decide to spend it on.
Posted by: Colin Percival at April 3, 2006 06:30 AM