Information Ethics

Contributed by jose on 2003-10-24 from the BSD-land-security dept.

Markus writes: "Hi,
a friend of mine, who gives a seminar about Information Ethics at the university of our city, asked me some time ago if i could do a short talk about OpenBSD. While if have some years of experience in Linux, my knowledge of OpenBSD is limited to the installation of a router and readings at deadly.org. Plain information-seeking didn't produce very usable results for me. Therefore I would be grateful if someone here could tell me about similar talks or documents, which adress ethical issues in conjuction with OpenBSD. According to my plans, the main point in this talk will be the right in personal privacy and the effort of the OpenBSD-Project to keep a system secure, which is in this case synonymous with securing privacy.

Thanks in advance
Markus"

In some ways the answer to this is pretty simple, but it's potentially an interesting answer. Any thoughts?

(Comments are closed)

Comments

By Peter Hessler () spambox@theapt.org on 2003-10-25 01:28 http://www.theapt.org

Pardon me for being obtuse, but how is ethics with OpenBSD any different from ethics with Linux?

Or more accurately: theoretically, what ethical issues can there be with OpenBSD?
Comments
1. By Michael () on 2003-10-25 01:38
  
  If I understand correctly...
  The subject is information ethics relating to privacy. The goals of the OpenBSD project is correctness/security and thus privacy.
  
  The 'ethics' is the focus of the seminar, OBSD is an example of a project that strives to give you personal privacy.
  
  --michael
2. By Anonymous Coward () on 2003-10-24 14:49
  
  I'm probably going to be only the first to say this, but the OBSD team's serious commitment to liscensing issues is probably a fit for this (even if a somehat odd one). After all, ensuring that those who use your products aren't deprived of their legal rights (e.g., the OpenSSL/VRRP issues) is, to this untrained ethicist, rather ethical.
3. By Sloppy () on 2003-10-24 20:11
  
  That spikey fish is heavily armed, whereas Tux appears to be unarmed. One uses deadly force as a deterrent, where the other's satisfied smile (after gorging on herring) conveys love and peace. These two radically different approaches get them into different situations where they face different ethical problems.
  
  Hope this helps.
  Comments
  1. By Anonymous Coward () on 2003-10-28 00:01
    
    Maybe they could be roomates. That would make for some "perfect strangers"-esque comedy now eh?
By Jordi () on 2003-10-24 14:52

I see a relation between Information System (IS) Ethics and OpenBSD. Theo's determination of providing a real FREE OS is one. Some examples come to mind, such as the Sendmail versus Postfix programs. Another example is how OpenBSD is dealing with the isakmpd NAT-T patches, which are not being included due to some patent issues. This is the right thing to do, therefore it is an ethic attitude.

OpenBSD do provide mechanisms to secure IS, which can be illegal in some countries / states / organizations (Minnesota comes to mind) This is clearly illegal, but ethical.

Anyway, maybe some information about GNU versus BSD will be also educative to the audience.
Comments
1. By Alejandro G. Belluscio () baldusi_NOTWORKING@hotmail.com on 2003-10-24 16:37 mailto:baldusi_NOTWORKING@hotmail.com
  
  Without starting a flame war. Wasn't Postfix ISL one of the preferred software licenses?
  Comments
  1. By Matthew Weigel () on 2003-10-24 18:10
    
    My recollection of the OpenBSD team's position is that discussing the matter with an IP lawyer led them to believe that it wasn't as open source as presented (whether it was intended to be sufficiently open source or not).
2. By dlg () dlg+obsdj@dorkzilla.org on 2003-10-25 02:02 mailto:dlg+obsdj@dorkzilla.org
  
  > (Minnesota comes to mind)
  
  what?! i have openbsd machines in MN .... you're kidding, right?
  Comments
  1. By James Nobis () on 2003-10-25 18:27
    
    I think it was July or August, vpn's amoungst other things were made illegal in MN. Sorry I don't have a link off hand.
    
    Comments
    
    By Justin () on 2003-10-26 02:29
    
    I highly doubt that VPNs are illegal in MN. While just because I live in MN does not mean I know anything about the laws but it does lend me to be more aware of them then the general citizens of other places. If they were illegal than all of these VPN devices (the Linksys/Netgear/Whatevers) I am sure would be illegal to sell in MN or to Minneostans. Well, they are all over the place here in tons of stores and what not and I have never heard of any problems (other than technical problems :) with them. I have also created VPNs with OpenBSD as well in MN, so...
3. By Anthony () on 2003-10-25 19:16
  
  "Anyway, maybe some information about GNU versus BSD will be also educative to the audience."
  
  If by "educate" you mean "start a holy war on slashdot", then yes...
By Paul Pruett () ppruett@webengr.com on 2003-10-24 18:59 http://www.cocoavillagepublishing.com/

Perhaps it is was mentioned elsewhere,
But an important point to stress is that the developers of OpenBSD have made a strenous effort to adhere to licenses, which IMHO is very ethical.
(and a pain - but worth it)

Msny examples can be found were OpenBSD developers removed ot changed software because the license could not be verified to meet their polices about copyrights. And because of the adherence to having clean licenses, good and better things have resulted, in a strange way good deeds benefit in the long run. A famous example was the squable by the author of the ipf method of filtering and the developers. The developers rewrote a lot of code and put in a lot of support behind pf for packet filtering because that way they could stand on their policy.
And quite a few other applications may not in base because of the license, ask the community for examples if need...

Sure, many is the time, some people say, don't worry about the fuzzy unclear nature of the license, use it any ways. THAT is unethical!!!!
!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!

If you have not already, you should reference the policy page:
http://www.openbsd.org/policy.html
By Dom De Vitto () dom@devitto.com on 2003-10-24 20:00 mailto:dom@devitto.com

a) I'd ask theo's opinion - I'm sure he's encountered plenty of ethical issues.
b) licensing, what is "open" and "free", BSD/GNU etc.
c), most importantly disclosure issues, if you find a bug that could, maybe, possibly allow remote root, should you make a big sing and dance? or if it's obvious? what about likely? what about if it's actually being exploited?

The latter is REALLY interesting compared to companies like MS, who deny everything and only release bulletins prior to expected exploitation, and Cisco who notify (some) people early - even when only workarounds (no fix) is available!
By SH () on 2003-10-25 14:32

The term "ethics" is, to put it mildy, quite loaded by contradictory definitions/intepretations. "Ethical" != "legal" != "moral" for starters. To make a contrived example, for the sake of argument, OpenBSD is less "ethical" than Windows because OpenBSD offer more easy logging of just about anything, even for the ones not so scrupoulus. Abuse of information is, as you should be aware of, quite common.On the other hand, OpenBSD offer tools for privacy (like strong encryption), that of course is only used criminal terrorists that is going to deploy Weapons of Mass Dissappearance.

To make a not quite so contrived example: In OpenBSD (as other *nixes) it's very easy to do extensive monitoring of network traffic, which might be legal but
By Anonymous Coward () on 2003-10-25 20:05

It's far fetched, but do contact http://www.custodix.com. It's a belgian firm specializing in privacy-enhancing it-infrastructure. One of their employees once wrote the posix/1.e acl patches for OpenBSD 2.8. It's a wild guess, but they might be using openbsd for some of their work...
By Anonymous Coward () on 2003-10-27 14:40

what comes to my mind is theo's anti-war statement and resulting darpa grant withdrawal just before this year's hackathon.

which boils down to something like: just because we accept funding does not mean we will refrain from voicing our opinions. that is not a very widespread attitude.
By Robert Folkerts () RobertFolkerts@mchsi.com on 2003-10-28 13:01 mailto:RobertFolkerts@mchsi.com

Personally, I trace all ethics back to the Golden Rule. I find this simplifies the question of is XXX ethical. Consider the OpenBSD development team in all of these questions.
1) Is your privacy worth protecting? If yes, you should support allowing others to have tools that protect thier privacy.
2) Do you want to be able to track down the source of your errors? If so, you should work to have good documentation in your OS. You should also strive to shut down as many defects as you can.
3) Do you want a secure operating system more than you want new features? If so, you should develop a secure OS.
4) Do you want to use other people's software freely, while respecting their authorship? If so, you should use a BSD-style license.

In all of these areas, I find the OpenBSD team to be exibiting the highest ethical standards. I, by comparison, am relatively selfish, most of my coding is for pay. This isn't wrong, but it isn't noble either. There is real nobility in the selflessness of OSS developers.

Does this make sense to others?
By Anonymous Ninja () on 2003-10-29 04:32

I've got one question.

Why did you arrange to speak at a seminar about a subject you clearly did not have sufficient knowledge in?
Comments
1. By Markus () on 2003-10-30 00:47
  
  Maybe I expressed myself in a slightly misleading way.
  I won't try to do a talk about OpenBSD, because I admittedly don't know as much that I could reasonably argue. That's why this one is rather about privacy and data security, which is a thing I'm into.
  But it is not too hard to see that the onset of OpenBSD is clearly different from other systems in terms of security and the underlying philosophy. Machines are the most frequently involved thing when it comes to violations of data. For this reason I deemed it not an insulting idea to ask for some hints.

Latest Articles

Tue, Apr 23
- 05:25 pfctl(8) and systat(8) to display fragment reassembly statistics (0)
Thu, Apr 18
- 05:05 Coming soon to a -current system near you: parallel raw IP input (0)
Wed, Apr 17
- 05:33 In -current, default write format for tar(1) changed to "pax" (11)
Wed, Apr 10
- 18:50 OpenSMTPD 7.5.0p0 Released (2)
Tue, Apr 09
- 04:49 20 years since "and we're just starting": undeadly.org turns 20 (2024-04-09) (13)
Fri, Apr 05
- 06:16 OpenBSD 7.5 released (3)
Thu, Mar 28
- 18:18 LibreSSL 3.8.4 and 3.9.1 released (0)
Tue, Mar 12
- 06:53 OpenSSH 9.7/9.7p1 released! (0)
Mon, Mar 11
- 11:28 Game of Trees 0.97 released (0)

Credits

Copyright © 2004-2008 Daniel Hartmeier. All rights reserved. Articles and comments are copyright their respective authors, submission implies license to publish on this web site. Contents of the archive prior to April 2nd 2004 as well as images and HTML templates were copied from the fabulous original deadly.org with Jose's and Jim's kind permission. This journal runs as CGI with httpd(8) on OpenBSD, the source code is BSD licensed. undeadly \Un*dead"ly\, a. Not subject to death; immortal. [Obs.]