by Rik Farrow
<rik@spirit.com>

Rik Farrow provides UNIX and Internet security consulting and training. He is the author of UNIX System Security and System Administrator's Guide to System V.



I just got back from the LISA conference in Boston. Boston was okay: not as cold as I had feared, plenty of good restaurants, and lots of people did show up. I think it was one of the largest LISA conferences ever, actually. While standing facing a wall, as men often do, an exhilarated attendee told me that he got more from standing in the halls talking with people than at many other conferences he had attended. I can't say that I was surprised.

Of course, there were also the traditional activities, such as listening to papers or invited talks, the LISA quiz show, and drinking beer (that's why we were standing at the wall).

Eric Allman, author of sendmail and a genuine USENIX hero, gave the keynote. Eric has decided that it was high time he made some money from sendmail. He once told me that he wished that he had a dime for every copy of sendmail that was in use. He may do better than that for some of the copies out there, once the commercial version of sendmail appears. But sendmail will remain Open Source (a trademark of the Open Source Initiative; see <www.opensource.org>).

There was a time when I would have defined the USENIX Association as the largest organization founded on the idea of free software. The heroes of USENIX, like Eric, produced useful tools or programs and made not only the compiled programs but the source to the programs available as well. Revealing the source has several side effects, not the least of which being what happens when many other programmers start looking over your code. This is not for the faint of heart, or the truly arrogant either. Instead, it is both a humbling and a useful experience. People will find fault with either your coding or your designs (and often both), but in the end the code gets better.

Opening Remarks

Eric began the keynote by describing the history of software as a three-act play. The first act included mainframes and minicomputers. During the question-and-answer session that followed, Peter Salus pointed out that open source had its roots in SHARE, when '50s (and later) mainframe programmers shared source code on punched cards. But that era is best described as closed and proprietary, with large expensive computers in glass rooms (think of glass display cases) and a priesthood to minister to their needs. Digital Equipment's PDP series did make computing more accessible (computers in the tens of thousands of dollars instead of millions), but the operating systems and software were still closed.

Act 2 in this chronology was the advent of first the homebrew, then the personal computer. Both the homebrew community and the early Apple computers (I and II) sponsored an "extend and return" mentality. Programmers would generally share source and communicate any extensions or changes made back to the original author. Note that Bill Gates began Microsoft by not doing this. He and a few programmers created a proprietary version of what had been a free version of BASIC and began selling it. Their extensions were never returned to the community, which was the original reason for the animosity toward Microsoft.

Act 3 opens with the beginning of virtual open source -- UNIX and the Berkeley Software Distribution, or BSD. The UNIX system was actually proprietary, but because of the actions of AT&T, many schools and universities had access to the source code. BSD included many extensions to the standard UNIX distribution and was controlled by the Computer Science Research Group (CSRG) at the University of California, Berkeley campus.

Bill Joy, better known as one of the four founders of Sun Microsystems, crafted the early releases of BSD. Not only did he contribute code (vi and csh, for example), he also decided what software would be included in each release.

Eric pointed out that Samba, FreeBSD, NetBSD, OpenBSD, Linux, Apache, BIND, and sendmail all share a similar feature -- that of a central, controlling person or group. Without some form of release management -- deciding what features and patches will make up a release -- software tends to fragment. Core teams watch over the BSDs, Linux, Apache, Samba, and BIND, while Eric watches over sendmail. In this, Eric disagrees with Eric Raymond's "The Bazaar and the Cathedral" paper (<http://www.tuxedo.org/~esr/writings/cathedral-bazaar/>), which describes a somewhat different model of open-source creation.

Money

Open Source also means the birth of hybrid organizations, such as Red Hat or Eric's Sendmail, Inc. These organizations still give away the source but make money while doing so. Red Hat makes money by selling CDs and documentation and by providing handholding. Sendmail, Inc. will make money by selling extensions, such as an easy-to-use configuration GUI, as well as commercial support.

If you visit the Open Source Web page, you will quickly discover that the difference between "free software" and open source is largely one of marketing -- but not totally. Marketing, because you cannot sell "free software." And not totally different, because open-source software will be freely available, although covered by license agreements. A lot of the Open Source Web site is devoted to explaining how open-source software can be a good thing for programmers.

And big business as well. IBM Research released Jikes, a Java compiler, as open source the first week of December. Earlier in this year, IBM also announced that it would offer support for the Apache Web server. If IBM can make money supporting software that they did not create and do not own, why shouldn't it? Service and support have always been a large part of computer companies' income. While IBM's support helps to legitimize open-source software, it also places IBM in competition with non-IBM programmers and consultants. At this point, I think IBM's recognition is more important than possible competition.

Speaking of competition, one of the LISA invited talks set the authors or representatives of four MTA (Mail Transport Agents) head-to-head in a panel. Besides Eric Allman, there was Wietse Venema, who had just completed Postfix (previously Vmailer; see <www.ibm.com/alphaworks>), Dan Bernstein, author of qmail (<www.qmail.org>), and a representative of the University of Cambridge, author of exim. Interestingly to me, all three replacements for sendmail claim better security as one of their main goals. But sendmail has had a remarkable security track record recently, leaving security as perhaps a poor method for choosing an MTA. Visit the Web sites (including <www.sendmail.org>) and choose your own favorite -- if you haven't already done so.

Dan Klein repeated his talk at LISA on the "Succumbing to the Dark Side of the Force: The Internet as Seen from an Adult Website." Although you might have expected Dan's talk -- which does include lots of useful Web-server lore and little about the other side of the business -- to have drawn the entire conference attendance, the papers track, including a talk by Chris Page about configuring database servers, drew a large crowd as well.

The Borg

I had hoped that while I was in Boston I could slip away from the conference and meet with some of the wearable-computing folk, occasionally known as the borg, over at the MIT Media Lab. I had not counted upon the end of the semester, as well as a thesis defense, occurring at the same time. I did get to meet with Dave Kaplowitz (Dkap), now at Tufts University, who showed me around the Media Lab Friday afternoon. You may have seen Dkap at the last LISA conference, in San Diego, and he was also in attendance in Boston. His rig includes a Private Eye display, a Twiddler for input, a box containing an Intel 486 processor and hard drive, and a fairly heavy set of lead-acid batteries.

When we met at MIT, Dkap had left his wearable at Tufts. There had been a security incident, and he had left his wearable behind working on a Tripwire check of the invaded system. The lead-acid batteries, although bulky, do provide all-day power and make a useful system for Dkap in his system-administration duties. It did seem strange to see him without his wearable.

I also had a chance to talk with Steve Schwartz, a research scientist hired specifically to work on wearables at the Media Lab. Steve has worked with head-mounted displays (HMDs) for many years, starting with work with Lucas Films in the '80s. Steve provided me with a rapid-fire history of HMDs, and I quickly learned how wrong I was to assume that an HMD should be much less power hungry and easier to support than a large notebook display. HMDs can be less power hungry, but getting them to work requires special hardware -- they do not work directly from VGA output, any more than the new flatscreen display monitors do. What's worse, companies that have focused on producing HMDs have had a bad habit of either going out of business (as Private Eye has) or focusing on other products.

As I wandered around the Media Lab, I also learned that the wearables group (<www.media.mit.edu/wearables>) is spread throughout the building and organization. For most people in the Media Lab, a wearable computer is not a goal, but rather a tool for exploring new applications made feasible by the wearable. Software agents that adapt to what you are doing as well as your past behavior. Effective computing, getting computers to recognize and respond to human moods. Not being strange, borglike humans.

I plan on revisiting the topic of wearables in the not-too-distant future. I am astonished by the number of people in the USENIX community who are already using wearables -- mostly PalmPilots, with a scattering of other types of what are today called handhelds. These computers are worn until they are needed, then they are opened, turned on, then put back into a pocket until needed again. Not quite true wearables, but getting close. And the age of true wearable computing is not quite here yet, either.