Why I no longer use the MIT license

What if your open source code is used for something evil?

It happened to Andrew Tanenbaum.

Table of Contents

What happened to Andrew Tanenbaum?

Andrew Tanenbaum released the third version of the MINIX operating system under the permissive Berkeley license.

When employees from Intel started asking Tanenbaum technical questions about the MINIX 3 operating system, he was happy to engage them. Eventually, Intel secretly modified the MINIX 3 operating system for use in Intel CPUs.

What’s wrong with Intel using open source code?

On the fifth of May in 2017, Intel released a patch for the Intel CPUs running MINIX 3. Before this security patch, it was possible for hackers to remotely access computers that had an Intel CPU running MINIX 3 without a password.

Did Intel fix their security problems?

Although Intel’s CTO Steve Grobman has denied it, Intel’s Management Engine is a backdoor by definition. Hackers can bypass normal authentication and access a user’s computer by entering their computer through the Intel Management Engine.

The sheer number of exploits affecting the Intel Management Engine - six to date - can be used to make the argument that the Intel Management Engine was designed to be exploited, that is, that the Intel Management Engine is a backdoor.

How does Andrew Tanenbaum feel?

Even in 2017, the creator of MINIX had regrets working with Intel on the Intel Management Engine, saying he would not have worked with them on the Intel Management Engine if he knew they were building a “spy engine”.

Andrew Tanenbaum seems to regret his decision working with Intel, but most people who permissively license their code find it rewarding. The question remains: to license permissively or not?