Software licensing; GPL, BSD or public domain?

The discussion on GPL vs BSD  licensing will probably never end, unless one or both licenses cease to exist.

There’s an interesting post about the GPL license and BSD license, and the writer’s suggests that the public domain license is the license to be chosen for real freedom, as the other two lay restrictions on the user.

About the GPL license he notes:

That’s what the GPL really is. A binding contract : That is a set of restrictions on those who use, develop or modify content licensed under it. It is not now or has ever been a formula on “freedom”. The GPL is not the definition of “generocity” that is giving without expecting any return. I hope all you GPL advocates would stop treating it as such and call it what it is. A license and a binding contract. Nothing more.

I.e. GPL restrictions are there to keep the freedom to change, modify, and share the code.

With regards to the BSD license he remarks:

Unlike the GPL, the BSD license doesn’t pretend to be something it isn’t and users of BSD license are well aware that, like all licenses, it is a binding contract between developers, distributors, and users. They have no delusions about how much “freedom” both licenses afford however the BSD still being a license it still has usage restrictions. Namely the copyright and disclaimer.

Developers using the BSD license don’t care nor want to police the actions of users once the source is copied. They’re not interested in “freedom” through coersion, which is actually slavery. They just want to make sure their products and sources are available from them regardless of need or future availability. If the users want to share their own modifications, then more power to them. But they’ll be damned if it’s by force.

I.e. the BSD license lets users do whatsoever they want with the software, even using it commercially (in closed source).

If real freedom is to be chosen, the author suggests going down the public domain route. This license places basically no restrictions whatsoever on your software. Anybody can use the software, may sell it or do with it what (s)he wants.

Read the post in its entirity.

Talking about blog posts discussing GPL vs BSD, here’s another recent one: BSD vs GPL ( – 30/12/2008)

FreeBSD Forums; some useful howto’s

The FreeBSD Forums seem to be getting more and more popular and it’s also starting to  become a useful source of information with howto’s, suggestions, advice etc

Some useful ones are:

 These are just a few; there are many more.

Links: FreeBSD Forums | Howtos & FAQs

FreeBSD Kernel Internals Lecture Posted

The first lecture from Kirk McKusick’s full length FreeBSD Kernel Internals course has been posted to the BSD Conferences channel on YouTube.

The following video is the first hour of Marshall Kirk McKusick’s course on FreeBSD kernel internals based on his book, The Design and Implementation of the FreeBSD Operating System. This course has been given at BSD Conferences and technology companies around the world.

Murray Stockely has some interesting details and stats on how the BSD Conferences Youtube channel is doing.

Coyote Point builds on FreeBSD to accelerate

This article explains how FreeBSD is utilised at the core of Coyote Point’s appliance. Coyote is a networking vendor and provider of load balancing technologies.

While Coyote Point includes its share of proprietary development and features into its Equalizer GX platform, the core platform sits on top of an open source FreeBSD operating system.

We are using a modification of FreeBSD version 6 which provides for us the basic scaffold we need to build the appliance. FreeBSD gives us the file system, an I/O subsystem and device drivers, Web server for our management interface and it gives us all sort of great open source tools and we use them to the fullest.

Bill Kish, CEO and CTO of Coyote Point, told

Kish added that Coyote also has contributed back to the FreeBSD project, specifically in the device driver area.

Though FreeBSD is at the core of the Coyote acceleration appliance, Coyote Point adds its own secret sauce to the mix as well.

When a packet actually comes into the device and it is destined for application acceleration or load balancing at that point it is picked up entirely into our code.

So we didn’t have to put effort into developing the other bits and pieces we rely on the FreeBSD community to do that for us. When the actual traffic management is involved, we optimize that and that’s where our core intellectual property is in understanding the application flows and how the protocols work.

Full article can be read on (13 January 2008)

Gnome 2.24.2 available for FreeBSD

The FreeBSD GNOME team has announced the release of GNOME 2.24.2 for FreeBSD. The official release notes can be found at . On the FreeBSD front, this release introduces Fuse support in HAL, adds multi-CPU support to libgtop, WebKit updates, and fixes some long-standing seahorse and gnome-keyring bugs.

This version is not available in the ports yet.

Thank you FreeBSD Community!

freebsd foundation logoDeb Goodkin announced on behalf of the FreeBSD Foundation their gratitude for last year’s donations.

Dear FreeBSD Community,

The FreeBSD Foundation would like to thank everyone for your donations in 2008. We are extremely grateful to everyone who dug deep in their pockets, during these hard times, to help us get very close to our goal.

We raised $282,481 towards our goal of $300,000. With the downturn in the economy, we were very concerned about getting close to our goal. By the end of November, we had only raised $190,000. We sent out a plea for
donations and we received 173 donations in December!

This year we had 450 donors, compared to 374 last year. We were impressed with all the donations received from developers and other volunteers who already put in countless hours supporting the project.

We will be posting our 2009 budget soon, so you can see how we plan to spend the funds.


The FreeBSD Foundation

Source: FreeBSD Advocacy mailinglist

FreeBSD 7.1 gets a little help from Sun

FreeBSD LogoThis is an interesting article on how code and technologies are shared between FreeBSD and Sun

Latest BSD release adds new Sun developed feature but the tech transfer isn’t just one one way:

FreeBSD 7.1 includes numerous improvements over its predecessor FreeBSD 7.0, including Sun Microsystem-developed Dtrace technology as well as new boot options and scalability improvements.

The FreeBSD 7.1 release comes as FreeBSD developers push toward a FreeBSD version 8.0 later this year. The FreeBSD 7.1 release also demonstrates how the open source ecosystem can extend across company lines as well different operating systems. FreeBSD is one of the earliest open source operating system projects and is a direct descendant of the original open source BSD work performed at the University of California, Berkeley.

DTrace is a mature and compelling technology for performance monitoring developed originally by Sun, released as open source as part of OpenSolaris,

FreeBSD core team member Robert Watson told

While we have had many tools for specific sorts of analysis in the past, DTrace is an excellent general-purpose framework for managing and presenting trace data, and also allowing us to more easily add new types of tracing.

Watson added that integrating DTrace into FreeBSD would not have been possible without Sun’s contribution of DTrace to the open source world. John Birrell, who did the port, has been in close contact with Sun during his work.

Bryan Cantrill, senior staff engineer at Sun Microsystems, that, in addition to Birrell, several FreeBSD folks attended Sun’s DTrace unconference last year.

DTrace isn’t the only Sun-developed technology found in FreeBSD. The FreeBSD 7.0 release introduced experimental support for Sun’s ZFS filesystem. Plus, the technology transfer goes more than one way between Sun and FreeBSD.

We (the FreeBSD Project) have made a lot of noise about adopting some key OpenSolaris technologies. I’m not sure that the movement of code in the other direction has been as well-publicized, FreeBSD’s Watson said.

Watson argued that OpenSolaris has benefited from adopting the FreeBSD wireless networking framework in its kernel as well as the CIFS file system support in OpenSolaris, which is also from FreeBSD.

Sun denied that the CIFS stack came from FreeBSD. A Sun spokesperson noted that it comes from a company that Sun acquired years ago named Procom. The spokesperson agreed that many of OpenSolaris’s WiFi drivers and kernel WiFi infrastructure (common/io/net80211/) derive from FreeBSD.


Source & full article: (06-01-2008)




FreeBSD Security Advisories (openssl & lukemftpd)

FreeBSD LogoThe FreeBSD Team has issued 2 security warnings:


I. Background

FreeBSD includes software from the OpenSSL Project. The OpenSSL Project is a collaborative effort to develop a robust, commercial-grade, full-featured Open Source toolkit implementing the Secure Sockets Layer (SSL v2/v3) and Transport Layer Security (TLS v1) protocols as well as a full-strength general purpose cryptography library.

II. Problem Description

The EVP_VerifyFinal() function from OpenSSL is used to determine if a digital signature is valid. The SSL layer in OpenSSL uses EVP_VerifyFinal(), which in several places checks the return value incorrectly and treats verification errors as a good signature. This is only a problem for DSA and ECDSA keys.

III. Impact

For applications using OpenSSL for SSL connections, an invalid SSL certificate may be interpreted as valid. This could for example be used by an attacker to perform a man-in-the-middle attack.

Other applications which use the OpenSSL EVP API may similarly be affected.

For a workaround, solution and patch etc go here



I. Background

lukemftpd(8) is a general-purpose implementation of File Transfer Protocol (FTP) server that is shipped with the FreeBSD base system. It is not enabled in default installations but can be enabled as either an inetd(8) server,
or a standard-alone server.

A cross-site request forgery attack is a type of malicious exploit that is mainly targeted to a web browser, by tricking a user trusted by the site into visiting a specially crafted URL, which in turn executes a command which performs some privileged operations on behalf of the trusted user on the victim site.

II. Problem Description

The lukemftpd(8) server splits long commands into several requests. This may result in the server executing a command which is hidden inside another very long command.

III. Impact

This could, with a specifically crafted command, be used in a cross-site request forgery attack.

FreeBSD systems running lukemftpd(8) server could act as a point of privilege escalation in an attack against users using web browser to access trusted FTP sites.

For a workaround, solution and patch etc go here


For general information regarding FreeBSD Security Advisories, including descriptions of the fields above, security branches, and the following sections, please visit