Yes!
November 30, 2007 12:42 PM   Subscribe

djb releases code to public domain, including qmail.

qmail (and djb's other software) was previously considered "license-free", which meant that it was copyrighted but had no license aside from some simple language that allowed distributing unmodified versions. The practical effect was that distributors of modified versions were forced to distribute their modifications as patches, like this. In the brief video under the first link, djb explains his reasons for releasing these copyrights.
posted by finite (48 comments total) 6 users marked this as a favorite
 
I love djb's stuff, qmail and djbdns in particular. Also fond of daemontools and tcpserver. The stuff Just Works. I've got a qmail/ezmlm installation running for some heavily-used internal company listservs that still rocking along with no administration whatsoever.
posted by jquinby at 12:59 PM on November 30, 2007


Daemon tools is awesome. I use it with my purchased copies of kids games so they don't trash the cds.
posted by craniac at 1:01 PM on November 30, 2007


craniac, that's a different daemon tools.
posted by mikeh at 1:10 PM on November 30, 2007


craniac, you're confusing daemontools with Daemon Tools
posted by finite at 1:11 PM on November 30, 2007


Strange. I was aware of his work and when i saw this I first assumed it was moving from some Open Source license to public domain.

I wonder what his motivation was, but I guess I'll have to see the video :P
posted by delmoi at 1:14 PM on November 30, 2007


Wow, so does this mean we can get a version of Qmail that doesn't suck without tons of patches? Awesome.

(I'm a Postfix guy myself, but I've always appreciated certain elements of Qmail's design, although I think DJB's stubbornness in certain areas has been self-defeating.)

I wonder if the OpenBSD people will pick it up now that it's public domain -- OBSD still ships with Sendmail as the default (and only 'official,' non-ports) MTA; if they could replace it with a modernized version of Qmail, that would rock.
posted by Kadin2048 at 1:18 PM on November 30, 2007


yay, nerdfilter
posted by jepler at 1:19 PM on November 30, 2007


For those of you who aren't tech geeks:

Daniel J. Bernstein, djb, is the author of a number of important software packages in the Free Software world. His basic designs are amazingly secure; he writes better code than almost anyone. It's damn near bulletproof: it doesn't break and it doesn't get hacked. I don't remember ever seeing a security issue with anything he's written.

That said, his programs have always had a strange license on them. It's been impossible to take his software, modify it, and release a modified copy. It always requires an original + patches that you install yourself, which is awkward and frustrating, and has slowed the pace of development of these pieces of software. He also has a reputation of being a real asshole (which is pretty common in the security-first crowd), more or less expecting that you will redo whatever Unix distribution you run to suit his software, rather than the other way around. He's basically engraved certain requirements into his code, "Thou Shalt Run a Unix Machine This Way", and this drives sysadmins around the freaking bend, because it requires so much damn work to comply. The rest of the world has caught up in terms of security design, so rejiggering an entire system to suit his software is just extra work for no real payoff. This frustrates the hell out of a lot of people.

No ordinary mortal could get away with that, but his code is just so damn good that people, for a long time, would swallow this basic assholishness and Do Things DJB's Way. But a lot of other people wouldn't, and gradually, every important piece of software he's written has been superseded by other, arguably better tools. In the only case I'm truly familiar with, Qmail versus Postfix, the replacement is easier to configure, offers higher performance, equal security, and is happy to work with all kinds of different machine setups, rather than requiring you to do things a particular way. Postfix fits into a modern Linux distro seamlessly, and qmail is always a pain.

I'm not sure what the long-term implications are for releasing this code into the public domain. djb's stuff is incredibly good, but he's lost so much mindshare over the last few years that I'm not sure his programs will ever become as important as they once were. That said, however, they are shining examples of the very best code that humans can write, and perhaps with the relaxed restrictions, lesser mortals can adapt the code to modern systems without damaging it... or even, perhaps, making it better.

One can hope.
posted by Malor at 1:19 PM on November 30, 2007 [34 favorites]


Thanks for the context Malor.
posted by ALongDecember at 1:28 PM on November 30, 2007


Thanks, Malor. I'm pretty high up on the nerd totem, but I couldn't get but the slightest whiff of the whole situation.
posted by cowbellemoo at 1:32 PM on November 30, 2007


Qmail: The Delorean of MTAs.

As in, it's an interesting concept, but if you want it in anything other than silver, well, you're wrong.
posted by Kadin2048 at 1:34 PM on November 30, 2007


Thanks, Malor.
posted by arcticwoman at 1:36 PM on November 30, 2007


Sendmail is the one true MTA. Anything else is a piece of crap garbage, and I hate you and your whole family if you use it.
posted by synaesthetichaze at 1:38 PM on November 30, 2007 [1 favorite]


Did anyone else think he would look different? After many hours of slogging through djbdns docs and config files, I had kind of built up this image of djb as a much older man who spewed magic out of his fingertips but was really, really crotchety about it. Maybe Gandalf meets Scrooge?
posted by heresiarch at 1:39 PM on November 30, 2007 [1 favorite]


Sendmail is the one true MTA.
# strip group: syntax (not inside angle brackets!) and trailing semicolon
R$*                     $: $1 <>                     
R$* <> $* <>       $: $1 <> $3               
R@ $* <>               $: @ $1                         
R$* [ IPv6 : $+ ] <>   $: $1 [ IPv6 : $2 ]             
R$* :: $* <>           $: $1 :: $2                   
R:include: $* <>       $: :include: $1                 
R$* : $* [ $* ]         $: $1 : $2 [ $3 ] <>           
R$* : $* <>            $: $2                         
R$* <>                 $: $1                           
R$* ;                      $1                       
R$* <> $*        $@ $2 :; <>                  
R$* <>               $1 <>                 
WARNING: CAT LIKE TYPING DETECTED
posted by eriko at 1:44 PM on November 30, 2007 [7 favorites]


"I'm not sure what the long-term implications are for releasing this code into the public domain."

Presumably someone who still thinks qmail is decent will decide to adopt it and create a semi-official distribution which contains the various patches (repeatedly rejected by djb) to make it useful. Meanwhile Exim will continue to take over as the world's one true MTA and qmail will remain obscure.
posted by majick at 1:49 PM on November 30, 2007


Mail Transport Agent hissy fit wars... BEGIN!
posted by dammitjim at 2:05 PM on November 30, 2007


Its so weird seeing photos/videos of geeks you've only heard of. I imagined him being so much older and fatter. He practiclly looks like a kid!
posted by damn dirty ape at 2:22 PM on November 30, 2007


I thought we're all MTA-administrating UNIX geeks here, aren't we? Seriously though, I'm sorry that my post lacked context, and thank you Malor for your excellent explanation of why this matters. At the least, I should have also included a link to the qmail security guarantee (the cash rewards for finding exploitable security bugs remain unclaimed), and mentioned his statement that "I won’t be satisfied until I've put the entire security industry out of work." [1]

Personally, I've gone from failing to make sendmail do what I wanted, to happily using qmail for several years, to using postifx for a while because I was too lazy to recreate my qmail setup when I moved to a different server, and now finally I've [gotten even lazier and] moved my email to a nice medium-sized ISP that uses -surprise- a modified version of qmail. I think qmail is still decent and after this announcement I expect to see a lot more development around it and eventually see it become easily installable from the main sections of Debian and Ubuntu and other OSes, instead of the non-free ghetto where the src+patches installer script package has long resided. IOW, I think this is fantastic news.

I also expected djb to look a lot older.
posted by finite at 2:31 PM on November 30, 2007


.
thanks, Malor
posted by noether at 2:43 PM on November 30, 2007


qmail is always a pain

Like Finite, I don't remember it being a pain. I remember it as being fairly easy to build and configure. However, I was coming from Sendmail, which really *was* a pain -- but then I don't recall patching it. An out of the box configuration did what I needed, IIRC. However, this was back in the days of RedHat 7 or so, and I havent configured an MTA since then.
posted by PeterMcDermott at 3:04 PM on November 30, 2007


So this *isn't* the guy who used to write for Television Without Pity then. Huh.
posted by Smallpox at 3:05 PM on November 30, 2007


Mail Transport Agent hissy fit wars... BEGIN!

I see your fascinating link about internets history and raise you djb's page about postfix disasters and ED's page about djb.
posted by finite at 3:38 PM on November 30, 2007


SQLite, the embedded database engine, is also in the public domain. I like the notice found at the top of every source file:

** The author disclaims copyright to this source code. In place of
** a legal notice, here is a blessing:
**
** May you do good and not evil.
** May you find forgiveness for yourself and forgive others.
** May you share freely, never taking more than you give.

posted by teraflop at 4:38 PM on November 30, 2007 [3 favorites]


Ok straighten me out here... does public domain imply limited liability? If I PD some code, do I need to add a NO WARRANTY ass-covering clause? If I add such a clause, is it still public domain?
posted by rlk at 4:38 PM on November 30, 2007


I remember it as being fairly easy to build and configure.

Relative to Postfix, it's a monumental pain.

That having been said, this is amazingly good news. The "Yes!" in the video mirrors my own reaction.

The only issue I'll take with Malor's post is that in the realm of solid, non-BIND (which may be redundant) DNS servers, I'm unaware of a serious competitor to tinydns.
posted by Ryvar at 5:58 PM on November 30, 2007


I have the wrong username, apparently (and unintentionally).
posted by djb at 5:59 PM on November 30, 2007 [3 favorites]


Unfortunately, some people have concluded that US copyright law actually makes it legally impossible to "place a work in the public domain":
there is nothing that permits the dumping of copyrighted works into the public domain, except as happens in due course when any applicable copyrights expire. Until those copyrights expire, no mechanism is in the law by which an owner of software can simply elect to place it in the public domain.
...Lawrence Rosen's article in Linux Journal then goes on to say...
Though there is no useful “public domain” repository of computer software, it is possible for a software creator to give it away. One doesn't have to be a lawyer to craft appropriate language: “This is my software. I hereby give it away to anyone who wants it for any purpose whatsoever.”

Unfortunately, such gifts are illusory. Under basic contract law, a gift cannot be enforced. The donor can retract his gift at any time, for any reason—scant security for someone intending to make long-term use of a piece of software.
...and also...
This “Give-It-Away” license provides no protection for anyone if the donated software causes harm. Obviously one cannot intentionally give away something he knows to be dangerous; that is criminal behavior. But, neither can one escape a lawsuit because his gift was only accidentally harmful. The risk of such a license is far greater than the warm feelings that enrich the soul of the giver. One important value of a license is the opportunity to disclaim warranties and distribute the software “AS IS”. If you give software away, you may retain a risky warranty obligation.
Apparently djb must disagree with this opinion, as he is giving it away with the simple statement "I hereby place the qmail package (in particular, qmail-1.03.tar.gz, with MD5 checksum 622f65f982e380dbe86e6574f3abcb7c) into the public domain. You are free to modify the package, distribute modified versions, etc.". I think it will be very interesting to see if the Debian project is willing to accept a copyleft-licensed qmail fork, and/or if other OSes will accept BSD-licensed qmail forks, and/or if djb will modify the wording of his public domain declaration to disclaim liability and/or assert his copyright before waiving it. Or maybe, although I really doubt it, djb really is planning to sue people, like Theo de Raadt "always assumed".
posted by finite at 6:07 PM on November 30, 2007


Sendmail is the one true MTA. Anything else is a piece of crap garbage, and I hate you and your whole family if you use it.

Ah yes, the old "Make your open source software impossible to configure, and then charge people to configure it" business model.
posted by delmoi at 6:08 PM on November 30, 2007


I enjoy the fact that I got DJB to call me an asshole in email once about ten years ago (in a discussion regarding qmail vs. postfix and related security issues).

Unfortunately, too much of his software has potential but is limited by his "my way or the highway" methods, such as requiring daemontools to functionl properly.
posted by mrbill at 6:32 PM on November 30, 2007


Well, I long out of the sysadmin biz, but if I never have to configure a sendmail setup again, it'll be too soon.

It really blew my mind how easy qmail was after that. Good on him for finally seeing the light.
posted by lumpenprole at 6:42 PM on November 30, 2007


Speaking as a sysadmin and consultant well-versed in sendmail (above and beyond a typical Unix greybeard admin), I'll take brief exception to the assertion sendmail is "impossible to configure".

It's not easy, no. But that line-noise^W^Wchunk of the sendmail.cf known as rulesets aren't meant for human consumption. Nowadays the rulesets are pre-made, stored in m4 macro stubs, and selected through a template, which for most people runs about ten to fifteen lines. Yup: A 10-15 line template that more or less generates a functional mailserver configuration. Really, it's not hard anymore, despite all the bashing -- and it hasn't been hard for over a decade.

If people want to customize the line noise, they'd find that it enables some impressive capabilities that aren't quite there in postfix (if I recall correctly) or any other MTA. Such an endeavor is usually not necessary because the default options cover the 99-percent case.

I can actually speak ruleset language, but it took years for me to reach some measure of fluency, and is about as charming in polite society as Klingon. But, like Klingon, it's impressive at parties!
posted by Jubal Kessler at 7:05 PM on November 30, 2007


Respectfully (because I like you), rtfm, delmoi (if you really want to learn sendmail, and not just snark). Sendmail is not impossible to configure.

I'm not as fluent as Jubal Kessler (apparently), but it is obvious to me that sendmail is 100% the most flexible, configurable MTA in existence (unless there's another one out there that I have not used yet [certainly possible]).

Despite my (obviously, hopefully) exaggerated comment above, being the most configurable product isn't always the best. I even use postfix on SuSE now, since all the fucking service packs *automatically* install & auto-start it. It's not so bad if all you are doing is forwarding to a real mailserver.
posted by synaesthetichaze at 7:21 PM on November 30, 2007


The only issue I'll take with Malor's post is that in the realm of solid, non-BIND (which may be redundant) DNS servers, I'm unaware of a serious competitor to tinydns.

dnsmasq is used in a lot of places/projects, including m0n0wall and any openBSD servers I've set up for SMB clients. I don't know what your standard for 'serious' is, though. :)
posted by tarheelcoxn at 7:30 PM on November 30, 2007


Respectfully (because I like you), rtfm, delmoi (if you really want to learn sendmail, and not just snark). Sendmail is not impossible to configure.

Eh, I'd rather just snark. If I needed to configure an MTA that badly I'd write my own.
posted by delmoi at 7:57 PM on November 30, 2007


If I needed to configure an MTA that badly I'd write my own.

It would probably be better than Sendmail.

Seriously. The problem is that Sendmail was written for a different era. Sendmail is based on, IIRC, delivermail from 1979.

Sendmail can, with the right rules, deliver mail on just about any mail system out there.

It's now 2007. How do we deliver mail? ESMTP via TCP. Period. Everything else is cruft, and Sendmail is full of it.

Why the line noise? There was a time when storage cost *real* money. Syntactical Sugar meant you couldn't afford to run a mail system. That was true in 1982, but nowadays?

Nowadays the rulesets are pre-made, stored in m4 macro stubs, and selected through a template, which for most people runs about ten to fifteen lines.

When you need an entirely different configuration system to *build* the conf file, your cruft factor isn't infinity, it's ℵ1.

Sendmail solved a problem we don't have anymore -- and it's not a good answer now. This is why we have things like qmail and postfix -- and why they're building MeTA1.

(and, yes, to be hypocritical, mail.eriko.us runs sendmail. Why? Lazy. But I don't pretend it's the best answer -- or even a good one.)
posted by eriko at 8:43 PM on November 30, 2007 [2 favorites]


Good. Maybe this will mean that someone will make djb's code readable.
posted by zsazsa at 9:00 PM on November 30, 2007


I guess I came to the game late, I never came across qmail when I was looking for an MTA for my linux server... Googling on qmail I'm coming up a bit skeptical. What's the charm? It doesn't look like it does basic stuff like storing mail to a DB instead of the filesystem or provide a mail processing API. I may be jaded in coming from the Windows world, though... I also got severely castigated for thinking it ought to be easy to not use root privileges to run a daemon handling ports below 1024. I use Apache JAMES. (Which, in being free, open-source, and runnable on a low-to-no resource Linux or UNIX system is way more awesome than any Windows-based MTA I've ever deployed.)

Although, the Apache guys don't have their IMAP implementation together yet, which seems to be available (as a patch?) for qmail. So maybe it's six of one, half a dozen of the other.
posted by XMLicious at 9:41 PM on November 30, 2007


And I'll also confess that I don't put much of a load on JAMES so I've got no idea how it scales. Vetted scalability definitely beats out features in any high-traffic situation.
posted by XMLicious at 9:47 PM on November 30, 2007


Bah. On the DB issue I totally missed teraflop's comment about SQLite, there it is. Curse my inadequate Google-fu.
posted by XMLicious at 9:56 PM on November 30, 2007


And here I am setting up a new mail/web/DNS server. Perfect timing, djb! I'm excited to try something different (and reputedly really fucking good), and god knows I'd walk through fire to avoid using BIND ever again.

Taking a quick glance at the code, however, I'm compelled to add: thank god there are people like djb to write in C so I don't have to. Here's to garbage collection — allowing non-geniuses like me to write code since 1959!
posted by enn at 10:09 PM on November 30, 2007


I always preferred exim.
posted by cytherea at 10:14 PM on November 30, 2007


Thanks, Malor. Your comment above is the best explanation I've ever seen of who djb is, why he matters, and why he doesn't matter.
posted by jdfalk at 10:15 PM on November 30, 2007


I never came across qmail when I was looking for an MTA for my linux server... Googling on qmail I'm coming up a bit skeptical. What's the charm? It doesn't look like it does basic stuff like storing mail to a DB instead of the filesystem or provide a mail processing API.

No, it doesn't.

To be frank, I don't think there's any reason why you'd want to run Qmail right now. It's, in a word, charmless.

That said, when it was new (about 10 years or so ago) it brought out some very nice new features and blew some fresh air into the MTA world, which was dominated by Sendmail. In particular, it introduced the concept of a modularized MTA rather than a monolithic one, and maildir-style (one-message-per-file) storage rather than traditional .mbox (one-file-per-mailbox). Those were big steps forward, IMO, both for security and storage.

However, it was also a real PITA for some other reasons, and it externalized security and performance concerns onto other parts of the system, rather than being optimized for the hardware and software currently in use. It was brutally and unapologetically inflexible. And perhaps most seriously, it was never updated and could only be distributed in the form of virgin source code plus patches that had to be applied by the user.

Really, the highest praise I can come up with for Qmail -- and it's really high praise, I'm not being sarcastic here -- is that it provided the motivation and inspiration for a bunch of other MTAs, and generally advanced the state of the art quite significantly. I can't come up with a real compelling reason why a person would want to run it these days (but then again, I can't come up with a compelling reason why someone would want to run Sendmail, either, yet many people do).

You don't need to run Qmail to get the benefit of Qmail; you get (some of) the benefit of its existence any time you run pretty much any modern MTA.
posted by Kadin2048 at 10:23 PM on November 30, 2007 [1 favorite]


I wouldn't touch any of DJBs software, and I'd recommend other's to stay away. He's managed to find perhaps the only license in the world /more/ difficult that the one it had before.

He has consistently behaved like a dick in all of his dealings with distros, to such an extent that hardly any of them ship his software.

The "security challenge" is a joke, with at least one security flaw found in qmail that he's just refused to acknowledge. And it only extended to the unpatched qmail (that you had to patch yourself because he's such a DUMBASS) that literally NOBODY runs.

Basically, avoid.
posted by winjer at 11:35 PM on November 30, 2007




So, nobody uses xmail?

*hides in shame*
posted by eclectist at 6:35 PM on December 1, 2007


Or Xmail, even?
posted by eclectist at 6:37 PM on December 1, 2007


« Older Shopping in Web 2.0: sucks   |   Evel Dead Newer »


This thread has been archived and is closed to new comments