Hyper-V ICS 1.0 (w/Synthethic Network Driver) for pfSense 2.1 & 2.1.1

key4ce

@gonzopancho

i don't wanna get in the middle of the fuzz of this topic but lets stick to facts:
I got a 100% working PFSense with Xen, everything works and even the i to install has been changed to install due to Xen's poor refresh rate on console.

with everything works i mean everything works, including carp, managed switches with LACP etc (all been tested).

Tho for xen tcp checksum offloading have to be disabled on vm level (else connections get hard on the same server, strangely opposite server works fine out of the box, and wan in lacp setup requires is).

all with all we pretty much got automated scripts and hooks for that too on xen.

We do plan on releasing this back to the community, as said there's almost no firewalls working with Xen, so it's a shame not to.
even within just our customers we received countless of requests when we publish it.
–------------------------------------------

That all being said: where do we proceed from here?, to comply with PFSense etc, yet contribute to your community?
(with minimum extra time spent on it, as in the end we are still paid workers, yet tend to give back to community whenever our contractors allow us to).

doktornotor

Extremely difficult to have a conversation when someone posts 5 random things in a row in 5 different posts (your Edit button got broken, or what?)

1/ I am well aware of the Mozilla BS, that was about the last straw for me. Seems like they are at it again, now they don't like that Dell UK is charging for installation service (maybe someone should mention to them that their trademark rights are exhausted by the first distribution in the EU, after that, they have no way to stop anyone from redistributing it, selling it or whatever else… Meanwhile, the browser development got completely off-track to put it mildly, same happened to their release cycle (wheeeew, we need to catch up with Chrome), and they are losing their userbase pretty fast. Is this the way you'd like to follow?

2/ Debian/Ubuntu - again, already discussed this on the other thread, not going to go thru this again in detail. And as said on the other thread as well, I have yet to see Debian sending "the most polite letters from lawyers" to the Mint guys, e.g. I also have yet to hear about complaints from Ubuntu or Debian about "abusing" they package mirrors.

So oh yeah, you say you are just protecting your trademark. The easiest way to protect it would be providing the unbranded build tools. Instead of pissing off large part of the active community and trying to make them jump through hoops to get access to something that's been always available. So honestly, all I can see behind this are the $$$$. All of this being even more absurd, given the origins of the pfSense project as a m0n0wall fork. And to be perfectly honest, the mails by Jim T. on the ML (archive still down, on purpose?) made me pretty much sick. If you guys feel so much exploited by people using your code, you should have chosen a different license from the very beginning. Oh wait, it wasn't about money at that time, right?

Guest

I got a 100% working PFSense with Xen, everything works and even the i to install has been changed to install due to Xen's poor refresh rate on console.

That's great!

That all being said: where do we proceed from here?, to comply with PFSense etc, yet contribute to your community?
(with minimum extra time spent on it, as in the end we are still paid workers, yet tend to give back to community whenever our contractors allow us to).

Contributions are welcome (and we are grateful for them), but we don't want anyone confused about what 'pfSense' is, and is not.
And we have to act in a manner that preserves our trademarks.

The 'rules' for pfSense are the same as for nearly any Open Source project of our side or lager.

You can build and run a version inside your organization, (or individually), which you have done.
This is fine, as the BSD license(*) allows exactly this, and we want to encourage experimentation and development of the pfSense base.  But you can't distribute the results outside your organization with the pfSense indicia intact.

If you want to provide us with pull requests, we're happy to review them.  If they meet with our evaluation, and a CLA(**) is received from the individual(s) or company(ies) who have accomplished the work, then we will accept them into the pfSense source repository.  If we have the resources, we will build and release these for the community.  (We may choose to not support them for various reasons, including lack of resources.)

If you like, you can use me as 'point' on this.  <jim-at-pfsense.org>or <jim-at-netgate.com>work.

All the above also applies to the original subject of this thread, 'Hyper-V' support.

(*) Most of pfSense is licensed under the BSD license, but pieces of it come with different licenses attached.  These are not our work, but the work of individuals and companies outside BSD Perimeter or Electric Sheep Fencing.  Typically they are in the original FreeBSD tree.

(**) CLA = "contributor license agreement".  This basically a low-key agreement were you assert that it's your original work, and that we have the rights from you sufficient to build and redistribute it, and that you won't sue us for doing so (or infringing on your IP in the work, etc.</jim-at-netgate.com></jim-at-pfsense.org>

key4ce

CLA agreement isn't an issue (we sign tons of stuff like that) aslong as ofcourse the ownership of contributed codes don't change hands.

We only been fools once to sign such agreement and still see our art work flow around for free because of it (while the artwork had a specific purpose for a specific project yet without ownership rights you can not make any form of claims of misuse neither).

The pull request , i have to ask our R&D for this, as far as i understaind they did change quite a few basic's AND our build is NOT recommended to mix with another build (lets say hyper-v) duo to the specific changes AND extra tools being installed for Xen.

meaning: this build should not or should it ever be in the "generic pfsense" iso, but a specific pfsenxe - Xen iso.
our R&D mentions this exact same thing for hyper-v aswel.

they shouldn't be mixed, but just seperated releases to keep optimum security and performance. (ours was tested and optimized up to 10 Gbit)

So… does this comply with a pull request? as to me it sounds like you need to make a new fork for hyper-v and Xen, for the kernel optimization AND security optimization.

Guest

@doktornotor:

Extremely difficult to have a conversation when someone posts 5 random things in a row in 5 different posts (your Edit button got broken, or what?)

1/ I am well aware of the Mozilla BS, that was about the last straw for me. Seems like they are at it again, now they don't like that Dell UK is charging for installation service (maybe someone should mention to them that their trademark rights are exhausted by the first distribution in the EU, after that, they have no way to stop anyone from redistributing it, selling it or whatever else… Meanwhile, the browser development got completely off-track to put it mildly, same happened to their release cycle (wheeeew, we need to catch up with Chrome), and they are losing their userbase pretty fast. Is this the way you'd like to follow?

2/ Debian/Ubuntu - again, already discussed this on the other thread, not going to go thru this again in detail. And as said on the other thread as well, I have yet to see Debian sending "the most polite letters from lawyers" to the Mint guys, e.g. I also have yet to hear about complaints from Ubuntu or Debian about "abusing" they package mirrors.

So oh yeah, you say you are just protecting your trademark. The easiest way to protect it would be providing the unbranded build tools. Instead of pissing off large part of the active community and trying to make them jump through hoops to get access to something that's been always available. So honestly, all I can see behind this are the $$$$. All of this being even more absurd, given the origins of the pfSense project as a m0n0wall fork. And to be perfectly honest, the mails by Jim T. on the ML (archive still down, on purpose?) made me pretty much sick. If you guys feel so much exploited by people using your code, you should have chosen a different license from the very beginning. Oh wait, it wasn't about money at that time, right?

It still isn't about money.  If it was, the reaction here would be very different.  I wouldn't be trying to have a conversation with you.

I've already discussed my reasons for not wanting to provide "unbranded" build tools.  Doing so doesn't help the project.

You don't say that you're actually a lawyer.  You're 'trained', which doesn't have an actual definition.  So what is it, did you go to law school?  Have you passed the bar?

No, the debian guys aren't cross with the Linux Mint people because their IPR.  But debian does enforce their marks, or you wouldn't see them granting licenses (https://lists.debian.org/debian-www/2011/04/msg00163.html)

Maybe you should read this: https://wiki.debian.org/ProposedTrademarkPolicy

"Palming off is a real issue, and we really do want to prohibit it …"

No my edit button isn't broken, but editing that stuff on the phone isn't fun, and you're not the only person reading this thread.  In particular, someone recently attempted to use the 3-clause BSD license as a reason that we don't need to be concerned about our marks.  He was wrong, and not only because most of the source tree is under the 2 clause license.

Guest

@key4ce:

CLA agreement isn't an issue (we sign tons of stuff like that) aslong as of course the ownership of contributed codes don't change hands.

As long as we have rights sufficient to do what we need to do.

@key4ce:

We only been fools once to sign such agreement and still see our art work flow around for free because of it (while the artwork had a specific purpose for a specific project yet without ownership rights you can not make any form of claims of misuse neither).

understood.

@key4ce:

The pull request , i have to ask our R&D for this, as far as i understaind they did change quite a few basic's AND our build is NOT recommended to mix with another build (lets say hyper-v) duo to the specific changes AND extra tools being installed for Xen.

meaning: this build should not or should it ever be in the "generic pfsense" iso, but a specific pfsenxe - Xen iso.
our R&D mentions this exact same thing for hyper-v aswel.

they shouldn't be mixed, but just seperated releases to keep optimum security and performance. (ours was tested and optimized up to 10 Gbit)

So… does this comply with a pull request? as to me it sounds like you need to make a new fork for hyper-v and Xen, for the kernel optimization AND security optimization.

Yes, it sounds like a 'fork', leading to an 'edition' is the right approach.

key4ce

Rights to use isn't an issue.

Only issue we ever encountered was when a project went commercial and tried to bann us from using our own made code :-)
Aslong as that ain't happening we are fine.

I will talk to our R&D and see how we can push the potential fork over to you guys.
All i can say is: it works well, besides kernel optimization and a few basic's:

1. i to install has been removed: poor refresh rate of Xen console can actually miss this message which lead to unwanted live CD runs while they wanted to install –> ours just installs

2. reboot and shutdown functions have been adjusted to work with xen (without it just says the vm didn't respond in timely fashion as it gets stuck to "press a key to reboot"

3. Xentools / guest have been installed

4. minor kernel optimizations have been made

5. Freebsd adjustment to use the hardware limits rather then predefined limits by BSD kernel (this was a odd one but took a while to figure out how to use the "full capacity of 1 Gbit, let alone 10 Gbit")

anyways... can i mail / let my R&D mail your address to handle this further? seems rather out of place with the hyper-v topic.
the replies just "scared me off" after reading which is why i replied on this topic.

For true detailed knowledge on how it's made --> i'm just the middle man testing it all not the one making it that's R&D, so best to let you techies sort it out amongst eachother if possible (atleast you know what your both talking about while i just know general outlines)

doktornotor

@gonzopancho:

I've already discussed my reasons for not wanting to provide "unbranded" build tools.  Doing so doesn't help the project.

While pissing off the community and forcing the people to fork the code surely does. Hmmmm.  ::)

Lets see:

• I'm a random corporate user who'd like to use the product on foobar virtualized machines. I fix and modify the code for free, and want it tested by wider community so the bugs get squashed. Now what? You're gonna send me the polite lawyer letters? Wow, that's an excellent motivation to share fixes and improvements back with others, your project including.

• I'm a random user who finds a couple of minor issues with your code, easily fixed in a couple of minutes. I go through the trouble of registering at your bug tracker, filing a bug, heck, even submit a pull request via Github since I'm a good open-source guy. You're gonna tell me what? Sorry, Sir, sign these licensing papers with your own blood in triplicate and snail-mail this back to our office. We'll get back in touch with you in a couple of weeks. Wow, another excellent motivation to contribute. You know what I'm gonna say? Yah, you guessed it right…

• I just want to use your code, with a few touched here and there, say as an ISP with my routers. So, now I cannot because you nuked access to/relicensed the build tools so that this is impossible. Even though I'd be perfectly happy with giving credits to you, but instead you tell me I'm a trademark offender. So say, I decide to get it stripped of any trademarks and logos and similar nonsense - again a no go, unless I use some outdated forked off repo. So, tough cookies, guys, I'm just gonna use something else where people are actually happy with their code being used, such as DD-WRT or whatever, instead of complaining about being exploited, their resources getting abused by others and in general they think I'm a bad rip-off guy. And you tell me it ain't about money now? Read something totally different over there at the mailing list.

@gonzopancho:

You don't say that you're actually a lawyer.  You're 'trained', which doesn't have an actual definition.  So what is it, did you go to law school?

Yeah. Two even. Czech and UK. Got pretty much sick of the profession. This "intellectual properly" madness being one thing (it has really gone so far that it seriously hinders innovation and billions of dolars are wasted on lawyers arguing about BS for months in courts), the big brother shit being another. See what's become of the U.S., and how's all that crap slowly "exported" worldwide. Freedom, oh yeah, what a load of bollocks.

P.S. Some nice reading: Sony's War on Makers, Hackers, and Innovators. So, congrats, you too have "killed Aibo", and now you want to control how your - until now BSD-licensed - code mostly written by others can be used. Ya know, the bad modchip guys and emulator guys.

Why, just why?  >:( :'(

Guest

You're "sick of the profession", and I'm just trying to defend the project from yet another challenger who decides to file for cancelation of the registration, or puts someone else's IP in the source tree, or asserts a patent against some code they contributed (possible latches defense, but still expensive), etc etc etc.

As a (former) lawyer, you know the risks are all too real.

I didn't define the battleground, I just have to deal with it.

Guest

@doktornotor:

1/ I am well aware of the Mozilla BS, that was about the last straw for me. Seems like they are at it again, now they don't like that Dell UK is charging for installation service (maybe someone should mention to them that their trademark rights are exhausted by the first distribution in the EU, after that, they have no way to stop anyone from redistributing it, selling it or whatever else… Meanwhile, the browser development got completely off-track to put it mildly, same happened to their release cycle (wheeeew, we need to catch up with Chrome), and they are losing their userbase pretty fast. Is this the way you'd like to follow?

Firefox had a ton wrong with it.  Chrome was, and is, better.

The mere fact that every major browser sans Firefox and IE uses WebKit should explain everything.

Neither is Chrome a fork of Mozilla's code, so your analogy fails to illuminate.

To your point about Mozilla and Dell, first sale does not exhaust or grant reproduction rights.
If what you say we're true, putting Hollywood movies ripped from DVDs would be completely legal.

key4ce

Ehmm..

not to bust your chops but Chrome is a fork of chromium , where as chromium now kicked off contributions by chrome (ala google)

<– when your talking about forks and way to do it chrome isn't the best example when it comes to community, great example for one who left community yet became succesful tho :-)

Guest

Chrome is chromium plus extra proprietary code.

Since Google authored the original code base, supports the project, etc

Google's intention, as expressed in the developer documentation, was that Chromium would be the name of the open source project and that the final product name would be Chrome, however other developers have taken the Chromium code and released versions under the Chromium name. These are listed under "community builds".

And then there is this:

http://trademarkem.com/chrome-turf-war-did-google-abandon-chromium-trademark

Which is exactly the problem.

The suit was later dismissed, and, as part of an undisclosed settlement between Google and ISYS, ISYS abandoned its trademark efforts.

Note that google claim trademark on chromium as a term
http://www.google.com/permissions/trademark/our-trademarks.html

Chrome is not a "fork" of chromium. Chrome is a product based on chromium. Both chromium and Chrome are owned by Google.

key4ce

Again –> not the best example when it comes to community :-)

that was my point where with facts you just strenghten it.
All with all communities expect a certain level of "appriciation" when you contribute things

i don't get that feeling in this topic as mentioned from the start.

My company now actually does look into alternatives due to this as we don't feel PFSense has the type of management thats "good for opensource".

As far as what we already made (pfsense with xen)  --> we are still happy to contribute, but as also indicated we aren't looking on spending alot of time on a finished product, in that case removing pfsense name is way more quick (yet a dick move).

So.. the outcome of contribution vs fork i guess now lays in your court :-)

Guest

OK, we agree that Google is not the best open source company.

I hope to resolve the -tools repo issue this week.  Certainly by the end of the month.

I've been doing open source and free software work since 1987.

Agreed that there is a value trade in all business, including those concerned with offerings based on open source.  But if you look, I've made the same representations to both you and the people with the hyper-v work.

Let's do the work to put it in the tree and make a pfSense branded release.

Isn't that what is best?

key4ce

It is best, only reason why i'm still talking :-)

All the rest and cematics around it we don't really care for.

in the very end: we got a finished product
We want it to be for the community
and hope it might be a nice base for future releases regarding Xen.

the only warning i give is: make sure it's within limits of time (so we don't jump through hoops too much to achieve, as we just want to give out what we created, not spend weeks on getting it out there :-))

doktornotor

@gonzopancho:

Neither is Chrome a fork of Mozilla's code, so your analogy fails to illuminate.

Errrrr, huh, whut? Read again, maybe? What analogy? I've been referring to the "lets see who can release new 'major' versions faster" frenzy, that's all there's to read into about Chrome vs. Mozilla.

@gonzopancho:

To your point about Mozilla and Dell, first sale does not exhaust or grant reproduction rights.
If what you say we're true, putting Hollywood movies ripped from DVDs would be completely legal.

Uh… you completely missed the point.

• As for trademarks, once you introduce your product to any market within EU, you can no longer control the movement (i.e., further distribution/sale) of the trademarked product within EU.

• As for copyright, same thing applies here as well. "The first sale in the Community of a copy of a program by the rightholder or with his consent shall exhaust the distribution right within the Community of that copy, with the exception of the right to control further rental of the program or a copy thereof." (Directive 2009/24/EC, Article 4/2). Further, "when the customer of the copyright holder [here, Dell] purchases a copy of a computer program that is on the rightholder’s [here, Mozilla] website, he performs, by downloading the copy onto his computer, a reproduction of the copy which is authorised under Article 5(1) of Directive 2009/24 … The argument ... that the concept of ‘lawful acquirer’ in Article 5(1) of Directive 2009/24 relates only to an acquirer who is authorised, under a licence agreement concluded directly with the copyright holder, to use the computer programme cannot be accepted. That argument would have the effect of allowing the copyright holder to prevent the effective use of any used copy in respect of which his distribution right has been exhausted under Article 4(2) of Directive 2009/24, by relying on his exclusive right of reproduction laid down in Article 4(1)(a) of that directive, and would thus render ineffective the exhaustion of the distribution right under Article 4(2).   (Cf. UsedSoft GmbH v. Oracle International Corp, Case C‑128/11.)

So, that's how it works in large part of Europe. As for U.S., that unfortunate part of the world is something I've already written off.  :P

Guest

You've still confused first sale exhaustion with reproduction.

If you buy a DVD, you can resell that DVD.
But you can't make copies of that DVD (and then sell or publicly perform them.)

It works the same with software.  If I buy a copy of windows (even one pre-installed by Dell on a new computer), I can sell the computer with that copy of Windows intact.  That's first sale.

But I can't clone the disk and put it in another computer and sell that copy of windows again. That's reproduction.  Mozilla is arguing with Dell because Dell is charging to preload Firefox, (each copy is a reproduction), which is contrary to Mozilla's license.

Mozilla wants Firefox (as built by Mozilla) distributed far and wide, at no charge.

doktornotor

No, I'm not confused, really.

@gonzopancho:

Mozilla wants Firefox (as built by Mozilla) distributed far and wide, at no charge.

Mozilla does not matter. Likewise, Coca-Cola has no say in whether I give out the bottles of the Coke I bought for free, or resell them. (Finally, Dell is not reselling anything here, they are charging for service. If Mozilla does not like it, well, they don't like it, noone cares really.

Furthermore, the nonsense was about trademark license, not copyright. "We give out our Coke for free, you must not resell it" is something you just cannot enforce. Once you have put some product on the market (for what price is your decision), you only may restrict free movement of goods by virtue of your trademarks as long as the purpose of the trademark protection is being pursued. Which is - foremost - to give you an exclusive right to use the trademark for the first introduction of the product to the market. IOW, to prevent others from selling fake/counterfeit/immitation products, abusing the goodwill/reputation/whatnot of your products. Or, seeing that from the other side, to protect the consumers from those and ensure they get a genuine product. Price policies, on the contrary, is something that is explicitely NOT a valid reason for trademark enforcement, as that defeats the whole purpose of free movement of goods.

jdillard

@doktornotor:

Coca-Cola has no say in whether I give out the bottles of the Coke I bought for free, or resell them.

What if you open the bottle and add your own ingredients, before reselling it (or handing it out) as Coca-Cola?

@doktornotor:

IOW, to prevent others from selling fake/counterfeit/immitation products, abusing the goodwill/reputation/whatnot of your products. Or, seeing that from the other side, to protect the consumers from those and ensure they get a genuine product.

I believe that is what ESF is trying to accomplish, protecting the trademarks and consumers from potential abuse in the best way possible for everyone involved.

edit:added a word for clarificaiton

doktornotor

@jdillard:

I believe that is what ESF is trying to accomplish, protecting the trademarks and consumers from potential abuse in the best way possible for everyone involved.

How did this "best way possible for everyone involved" improve any of the 3 example situations mentioned in my previous post. (Just a couple of most obvious/likely ones.) Kinda curious about the answer, since after that, another bunch of semi-random posts appeared, pretty much totally taken out of the context and not following the conversation logic at all.

What you seem to be missing is that these people in general don't give a damn about your trademarks. You are taking away access to required tools from them and are making their life a PITA and are wasting their time, using trademarks as a magic formula due to a largely overblown incident… Frankly, I couldn't care less how's this thing called and what logo it uses, does NOT matter in the least for me. Features, usability, stability, as few bugs as possible, fixing issues fast - that is what users are interested in. Not your trademarks.