OpenBSD Journal
Contributed by deanna on from the open-source-blobs dept.
"This situation can be worse yet if the author who signed the NDA writes poor quality code, full of constants whose meaning is clear to nobody. In some cases, the vendor may require that the driver be written in that way in order to expose as little information about the hardware as possible."
(Comments are closed)
Copyright © - Daniel Hartmeier. All rights reserved. Articles and comments are copyright their respective authors, submission implies license to publish on this web site. Contents of the archive prior to as well as images and HTML templates were copied from the fabulous original deadly.org with Jose's and Jim's kind permission. This journal runs as CGI with httpd(8) on OpenBSD, the source code is BSD licensed. undeadly \Un*dead"ly\, a. Not subject to death; immortal. [Obs.]
By Nate (74.13.41.213) on
Disclosure time
Readers of this article should be aware that your editor is in the final stages of writing a GPL-licensed driver for the OLPC camera controller - and that he signed an NDA to obtain the requisite hardware documentation. As a result, he is, according to Theo de Raadt, "part of the problem."
Comments
By Anonymous Coward (69.70.207.240) on
>
> Disclosure time
> Readers of this article should be aware that your editor is in the final stages of writing a GPL-licensed driver for the OLPC camera controller - and that he signed an NDA to obtain the requisite hardware documentation. As a result, he is, according to Theo de Raadt, "part of the problem."
It is true though.
By Anonymous Coward (205.153.56.10) on
By Anonymous Coward (218.75.87.37) on
It's one thing for a volunteer to write an open source driver, in their unpaid spare time, to share with the world. The source is there for anyone to build upon and learn from. This is a very large part of its value.
It's another thing _entirely_ to write some obscure driver, under NDA, that will only work as much and as long as the vendor thinks it should, in one's unpaid spare time. It's creating what is basically a windows driver, with the big difference being that those windows driver guys are, um, paid very well to do the same work. With the same ephemeral value to the end user; something that works only as long as it's profitable to the vendor.
The NDA signers are willingly participating in a kind of involuntary servitude. Will they wake up and see that they're being used?
Comments
By Jason Wright (71.36.19.67) jason@thought.net on http://www.thought.net/jason
At one point I was part of the problem. I was being paid to write and maintain drivers for Broadcom crypto cards. I had to sign NDAs for the docs. If the driver still works, great, if not, don't bug me, I'll never touch them again because the docs are closed.
Incidentally, it used to be possible to get docs for these chips, without an NDA from BluesteeleNet, but then they got bought by Broadcom, one of the worst offenders.
On a tangent, can someone explain to me what competitive advantage these vendors believe they have by keeping docs closed for Ethernet chips? I mean, there's some config crap, there's receive descriptors, there's transmit descriptors, and there's buffers... that's it.
Comments
By Anonymous Coward (62.252.32.12) on
This question has come up quite a few times recently. The answer is usually somewhere along the lines of "their documentation is messy or nonexistent and often actually contains bits and bobs they won't the competition to see". Smells like horse crap to me, though. How can any self-respecting multi-(m|b)illion-dollar hardware manufacterer *not* take the time and effort to document their stuff?
However, it wouldn't surprise me if certain operating system vendors threw large amounts of cash at hardware manufacterers in return for keeping their source nice and closed. Speculation, of course, but you never know..
Comments
By Anonymous Coward (66.92.79.15) on
And yet, it happens so often. I used to work for just such a self-respecting multi-(m|b)illion-dollar hardware manufacturer. I was supposed to maintain the driver for one of their pieces of hardware - a board that you couldn't buy for less than US$20k.
I got quite a bit more, documentation-wise, than what it sounds like a lot of open source devs get, but it was still nothing more than a couple of photocopied class diagrams, a register list (names and default values, no descriptions), the code (mostly machine-generated C++), and a list of people who had worked on the project before me (many of which had left before I got there, including the most recent 2-3).
About a year after I made a release that fixed some major bugs (including a deadlock and some memory leaks), they finally decided they needed to round up all of the documentation for all of their products. The guy in charge of compiling the docs did nothing but shake his head the entire time he sat in my cube.
About two weeks later, this same guy happened by and mentioned that he'd finally come across a few of the original design proposals and had a lead on where a few of the first-rev docs were. The rest, it seems, was lost forever.
I left the next week, after making absolutely sure that this guy at least had documentation of the changes I'd made, and a reconstructed "script" of what it took to compile from scratch, test, and release a new driver. I haven't heard from them since, so I have no idea how the new monkey is doing.
I suspect there are a good many companies that are just being greedy and blind in not releasing their documentation, but from my experience it is also far from unusual that the company itself doesn't have it.
By Anonymous Coward (70.179.123.124) on
> On a tangent, can someone explain to me what competitive advantage these vendors believe they have by keeping docs closed for Ethernet chips? I mean, there's some config crap, there's receive descriptors, there's transmit descriptors, and there's buffers... that's it.
The best explanation that I ever heard was that you had to take a look at the economics of the situation:
If a vendor releases documentation sufficient to create an open-source driver, then they lose control over EOL'ing the device, which means that they won't be able to lock users into upgrading. It makes a certain amount of sense, if you're a corporate marketeer.
Comments
By Anonymous Coward (85.178.76.119) on
>
>
>
>
>
> > On a tangent, can someone explain to me what competitive advantage these vendors believe they have by keeping docs closed for Ethernet chips? I mean, there's some config crap, there's receive descriptors, there's transmit descriptors, and there's buffers... that's it.
>
> The best explanation that I ever heard was that you had to take a look at the economics of the situation:
>
> If a vendor releases documentation sufficient to create an open-source driver, then they lose control over EOL'ing the device, which means that they won't be able to lock users into upgrading. It makes a certain amount of sense, if you're a corporate marketeer.
Thats why you should take the power back.The power of making decissions, the power as customer... and over your OS.
Companies do lie to you, steal ya money and give a fuck about you.
Propably it`s time to get more radical in soem ways.
Comments
By Anonymous Coward (216.175.250.42) on
>
> Companies do lie to you, steal ya money and give a fuck about you.
> Propably it`s time to get more radical in soem ways.
I'm not saying that it's the right thing for them to do, or that we shouldn't pressure vendors to open up; I'm just saying that there's a certain predatory capitalist logic to the position.
By Anonymous Coward (85.25.141.60) on
Think more about Guerilla-Tactis.
Those big Companies do have Money, Lawyers, time to sue you in case you do something "wrong". So it`s like a modern war.
And you, as developer, do have nothing but a dream.
If somebody requests Docs from a company for nearly anything and signs NDAs he propably get the Docs of all kind of Hardware he requested.
And isn`t it known that developers do like to develop on Laptops?
And isn`t it known that Laptops get stolen? Even the FBI/CIA/NSA/Homeland-Security do lose a lot Laptops each year.
SO in case a developer/person signed a NDA and got the Docs and just in case his Laptop was robbed then the thief may propably just "release" the `secret` docs like the MS-Source was released.....
You may think that the company will sue the developer. Well..
Sure it could but it would be pointless if the laptop was stolen.
But except of the laptop you propably love to store all shit on USB-Drives. If "somebody" would steal those USB-Sticks you can replace them easier because they`re cheaper.
If you`ve other methods to get Documentations from a Vendor who simply wont help you... feel free to tell me your ideas.
Is my tactic fair? No it`s not but it`s propably working.
All you need is somebody who steals ya USB-Stick.... ;]
Telling the police after the robbery would make you look even better (less chances to sue you, less Suspicious).
Little checklist:
You`ll need:
- somebody hwo signs the NDAs for all Docs you propably wnana get
- a USB-Stick
- a "Thief" who`ll release the Docs at some networks.. (p2p)
- a proofen lost (tell the police about it...)
- reget the Docs from the Vendor and stop working on them later
(lack of time ofcourse..)
What you may shouldn`t do then: Be the developer who uses the stolen Docs to write a driver. ;]
In case you fear that the company will then never provide you Docs again: Well take a company who never provided you anything (Broadcom?!).
Comments
By Anonymous Coward (128.171.90.200) on
Comments
By Anonymous Coward (68.167.146.78) on
Actually, he's right. There's a thing in US law called "intent". If you got burgled, and your laptop's stolen, you cannot help that. You file a police report, tell your employer, cooperate fully with the authorities, you're in the clear.
The thief him/herself is liable for the theft.
The one who actually discloses the information "protected" by that NDA is the one who is liable. That means that, in order for this scheme (BTW, highly illegal if you're caught conspiring to do this!) to work, whoever makes this information available to the public had better be in a country that is not exactly friendly to the United States (China, North Korea, and just about every Arab country right now all come to mind) or doesn't have copyright/trade secret treaties with the USA.
BTW, don't do this. Don't break the law just to get docs. Ya wanna make an effect, vote not with illegal schemes, but with your money. Buy hardware for which the specs *are* available. If that means you buy an older, say, ATI Radeon 7500 or 8500 video board, then so be it. My older ATI video cards are serving me *just fine*.