Community experts explore Opening SSH
HP placed a bet on SQL with open IMAGE

Open source enables MPE enhancements

Earlier this week we looked at the prospects for creating an OpenSSH server component for HP 3000s. Some veteran developers have spent a bit of time on the engineering and learning the undocumented behavior of parts of MPE/iX. As such, this is work that could benefit from the knowledge in source code. Source was licensed to seven companies by HP.

We also wondered if enabling the server aspect of OpenSSH would be considered an MPE/iX enhancement by Hewlett-Packard -- or just a repair of a bug report. That would mean it was a workaround for anybody who'd like the complete OpenSSH on their MPE system.

The source code was provided to help repair problems and perform workarounds for homesteading HP 3000 customers. HP didn't want anybody creating new features for MPE/iX. But enabling the full range of SSH services doesn't constitute a new feature -- at least not from Brian Edminster's viewpoint. He runs a repository of open source software for HP 3000 users. 

If OpenSSH gets better on MPE/iX, Edminster suggests it won't improve simply by way of MPE internals information.

I'd argue that because OpenSSH is not an HP product -- and if making modifications to allow it to use existing features (even undocumented ones) within MPE/iX can allow it to work -- HP would not have grounds to complain. MPE/iX would not be modified in the process. They may not be happy about it, if such a modification extends the useful life of the remaining systems. But I don't believe they'd have legal standing to object. 

I'm not a lawyer, and I don't play one on TV, the 3000 NewsWire, or the 3000-L. What I'm saying is not legal advice, just my own opinion of the situation. If someone is potentially at risk from HP by acting on the above advice, they should first get advice from competent contract and intellectual property counsel.

However, I'd go so far as to suggest that even if enabling OpenSSH required a binary patch to an existing MPE/iX routine which might not be behaving properly, HP still wouldn't be able to complain.

During the brief discussion out on the 3000-L newsgroup, Allegro's Stan Sieler identified the behavior of some routines that could help complete OpenSSH. He quipped that if somebody such as Ken Hirsch -- who started the OpenSSH project rolling more than seven years ago -- wanted to know more about the likes of "a way to actually write to a terminal while there is a read pending," they could've just asked Stan.

Edminster makes a case that documenting system internals and processes, out in the clear, is a backup resource to the community. (This is also documentation which these support firms paid to license, so they have their rights to make it a customer benefit, instead of open explanation.) It's a complicated line to cross, because in this case the MPE/iX internals would have to be understood and utilized to extend OpenSSH -- an open source package.

My understanding is that the agreement between HP and the licensed MPE/iX source holders is to prevent compiling and/or distribution of any new or enhanced copies of MPE/iX. I believe the specific reason MPE/iX source was licensed was to allow 'dissecting' the code — to see what it really does under the hood, regardless of what the documentation says (or doesn't say).  

Why? To allow better understanding of how it works — so that coding workarounds can be developed for applications, and so that in the case of the discovery of a bona fide bug in a critical area of MPE/iX. In this way, at least the option exists of creating a binary patch that can be used to fix a bug (or mitigate the ill-effects of the bug, if a fix is not feasible).

And really, compiling a documentation wiki of system internals and processes (especially the Posix routines as implemented and undocumented user-callable MPE/iX internals) along with workaround best practices for porting code, would be a very valuable thing to preserve existing knowledge.  

Back when MPE/iX was subject to change -- because new releases came out from time to time -- using procedures not documented by HP was considered a 'Bad Idea'(tm).  Now that the OS is, for all intents and purposes, static, that may no longer be the case. While Stan Sieler was right in saying: "You could have just asked me," it also begs the question: What happens when, someday, he's not available to answer?