Bruce Schneier, Chief Security Technology Officer, British Telecom, presented some abstract and cutting edge ideas about security at the LISA conference this year. The topic of re-conceptualizing security presented some new insights and perspectives into what we think of security.

One example Schneier gave was about risk heuristics. The best way to describe risk heuristics is to present some of the example Schneier speaks of: Take afree collector mug, for example, . If one were to give the mug away (or any other object) the object automatically has value. Schneier spoke about some other examples of the components of risk heuristics:

“There are a number of other heuristics involved, the optimism bias, which is that bad things always happen to certain people.”

Another common security misnomer made by the general public is that we tend to exaggerate rarities, because they are well, rare. For example, try to think of some words with K as the first letter, you can rattle off a list of words starting with K. Now try to think of words with K as the third letter. Which is much more difficult.

Take these two statements, for example:
Linda is a bank teller.
Linda is a bank teller and active in the feminist movement.

With these two statements, the second one causes the reader to focus more on the fact that Linda is a feminist, rather than a bank teller, even though the fact she is a feminist is merely a small attribute to her more accurate identity as a bank teller.

Schneier spoke about the difference between the feeling of security, and the reality of security. He made the point that the feeling of security is much more important to most people, because it is their perception which causes them to feel secure or not.

Scheneir speaks about “Security Theater” and Security Models

Security, by design is supposed to make you feel better, so if the market drives security, then the economic incentive is to make people feel secure, rather than to actually make them secure. Schneier refers to this behavior as “Security Theater”. Security Theater is necessary to a certain extent reasons Schneier, but it is also most obvious when there is no realized increase in security, yet claims are being made to make people simply feel better.

Child kidnapping is exaggerated by the media and is an exaggerated security model. Schneier makes the point that very few child kidnappings happen each year, and family members commit the majority of kidnappings; however, the media exaggerates this security model using elements of Security Theater.

The new global warming crisis is much closer to reality than feeling, which is why most people reject it or simply do not care as much. Compare this to child kidnapping, which plays on peoples emotions and feelings of security, so it gets much more attention.

Suggestions on Security

When analyzing security models, look for agendas and subjectivity. In these cases most likely they are trying to manipulate you to benefit them.

We use proxies to get good information. We trust our doctor as a proxy to prescribe us the right medication; we do not prescribe the medication ourselves.

There is a certain value in security theater, for example, it saved the over the counter drug companies with the poisoned Tylenol incident. The simple fact is that if someone wanted to poison Tylenol and put it back on the shelf, there are many ways they could still do this and subvert the “tamper-proof” cap.

Schneier made the point that we need to focus on giving better models to bring security and the way we utilize security back to facts.

“Every year, there is a new reality in a world of technology”.
– Bruce Schneier

If you used code that was derived from AT&T’s Intellectual property, you could only share that with others that had the same license.  But a developer has always been free to share anything they owned, although traditionally before sharing you add a copyright and simple terms of usage license – a.k.a. the CMU/MIT/UCB (– sometimes called the Dead Fish style License). So if you wrote something original, you as the author could and did do what you wanted with it and traditionally most Unix developers gave it away to other users to use – consider any of the tools that came out of Harvard, Purdue, CMU, MIT, UCB et al – e.g. CMU Emacs, and UCB Pascal,  GCC ; the list is quite long.

Another way to think of this say – since the Universities were using Unix as a research tool, they could and did use Unix for as they wished, but they could not give out the AT&T derived Unix technology.

In order to get a copy of AT&T Unix at the time, Universities had to pay a $100 license fee to AT&T and
the source code was delivered on a magnetic tape (”abandoned on your doorstep” as it was sometimes referred). The problem with this
model is that you could not legally share source code that was ported from
Unix derived technology unless the recipients had their own license.

Cole revealed some intricacies related to the discrepancies between AT8T Unix and BSD Unix:

UCB, like many research users using Unix made a distribution of it’s tools and modifications – BSD – Berkeley Software Distribution. Numerous Berkeley distributions were made over time, and since all were based on the AT&T technology, to get a copy of BSD you needed to be show that you too possessed an AT&T Unix licensee.

Originally, BSD Unix could be licensed by any institution (research or commercial actually) that could demonstrate they had an AT&T license.  It was just easier to check for that license since “everyone” could get one (although commercial users paid more to AT&T). Remember, the cost of the hardware to use the AT&T code was at minimum $100K and often 5 or 10 times that.  So
the $100 for an AT&T license for a University was peanuts, and cost to UCB were equally small to pay for the duplication etc.

Note that at that time… the owner of the code would add a copyright
and a “license” to the top the file, and the different license were created to solve different issues.  The non-viral “dead-fish” style used by UCB is probably the longest-lived and basically says something like:  Hey we wrote this.  Use it at your own risk – i.e. don’t try to collect damages. If you do anything with it, you have to mention it came from us originally, but you can do what ever you want with it”  – i.e. wrap dead fish in it for market, make a product with it, study it, etc – have fun.

Over the course of a number years and after many different BSD releases, Berkeley’s team said, “hang on” – very little of what is now in BSD is based on AT&T’s code.  So a number of folks at UCB began to make two piles of code in BSD depending on the “providence” (“AT&T derived – a.k.a. tainted” and “non-AT&T – a.k.a. clean” code).   Eventually the non-AT&T owned pile was nearly the entire set.   So, the UCB Team eventually released as the BSD NET2 distribution (the non-AT&T version) and it was made available to anyone – you only needed to obey the licenses and copyrights in the code itself.  All of this occurs during this time, when BSD was being ported to more and more systems other than the original VAX system it was designed for – such as the Sun2, 386, etc.

Once NET2 was released, some of the developers formed a company called BSD, Inc.  The BSD Inc. folks then started with NET2 and add the “missing” parts that they wrote themselves and created an “open source” “product” for Intel based PC’s running 386’s and 486s – called BSDi.

Shortly thereafter AT&T sued both BSDi and UCB for improper use of their IP.   UC Berkeley & BSDi eventually won the case, although I believe the court forced a handful more of files to be removed from NET2”

Us hacker types thought the AT&T/UCB case was about copyright.  It turns out it was not.  The case was about trade secrets – which is much more serious.   In fact, we were later told that if AT&T had won, any Unix/POSIX-like system is a derivative of the ideas used to build Unix – not just system built using AT&T based source code.  This means any Unix-like system would have to been not allowed – not just BSD.  If this definition had come into play, it would been that any Unix or POSIX system would an “AT&T derivitive work.”  Which to modern users it would have meant that not only BSD but Linux [and Minux, et al] would have to been licensed from AT&T to be made available for use.

According to Cole, “A user would obtain the source, then modified the software, and then fed the modified version back into the community.” It is a model that has pioneered some of the greatest and widely adopted software projects to do date, many of them incubated on Unix or Unix-like systems. To this day, this practice continues – but at a scale never before imagined.

In 1998 Oetiker came to LISA on a student grant and presented a paper on the Multi Router Traffic Grapher: http://www.usenix.org/event/lisa98/full_papers/oetiker/oetiker_html/oetiker.html.

I asked Tobias why he thought MRTG and RRDTool are so popular for powering most modern network and performance trending solutions? Oetiker explained that there were no network monitoring tools at the time that could trend and graph usage over time, so he had to write it himself.

MRTG grew in popularity and was being used for network monitoring but and for very unconventional uses such as trending wave size at the Scripps Pier in La Jolla, California.

RRDTool was created soon after MRTG to expand MRTG’s shortcoming of only accepting two data-sources. The idea behind RRDTool was to allow for a time-series database with the ability to create graphs. It is an all-in-one solution created specifically to solve the

Some topics discussed was the process of converting OS X into a certified UNIX operating system, how file quarantine works, the lesser-known sandbox profile language which is based on FreeBSD Mandatory Access Control, code signing on all of the binaries and libraries of OS X, better programming language support (RubyCocoa, HotCocoa, and PyObjC), Apple Syslog, and ZFS.

The Apple Syslog (ASL) is a complete rewrite of syslog from the ground up. ASL offers a consistently encoded syslog format as welll as a Boolean search API. ASL is open source, available on macosforge.org, and not dependant on Apple technology.

In the talk ZFS was spoken about in Leopard. The current Apple implementation of ZFS is read-only, however there is a full read-write implementation on http://zfs.macosforge.org.

Hubbard’s talk was informative and exclusive and offered bits and pieces of information that otherwise would be unlikely to discover. The information presented at this talk gave some informative insights into Apple’s more silent innovations, as well as the more public vocal ones.

I have posted a few links here for anyone interested in testing out a Java application server. The target audience is for those who have little or no experience with running J2EE application servers and how to get it set up.

The Elevator Pitch on Application Servers
Pre-requisites: Have Java installed on the host (JRE or JDK 1.5+ is recommended)

Step 1) Get the application server of choice (in this case the free, open-source version of JBoss AS) to install on their system from http://www.jboss.org/jbossas/downloads/
Step 2) Configure the ulimit settings and JAVA_OPTS to enable core dumps and remote management with Java Management Extensions (JMX).

NOTE: For the ulimit settings a ulimit of unlimited is recommended for the user account under which the application server will run. This is to enable core dumps and setting this to unlimited will eliminate the need to change this setting if heap size is adjusted.

Setting the JAVA_OPTS: http://gallemore.blogspot.com/2007/11/connecting-jconsole-to-jboss-jmx-server.html
What is JMX: http://blogs.sun.com/jmxetc/entry/what_is_jmx

Step 3) Unzip the jboss installation to it’s desired location and run bin/run.sh.
Step 4) Deploy an application that you created or downloaded from a trusted site. A simple Hello World web application was used as an example: http://www.centerkey.com/jboss/

Now the application server is running, and is ready for the deployment of Java web applications or web service applications to it. That’s it! You have configured a Java application server.

Troubleshooting the Application Server
Some utilities were showcase and introduced during the talk, and those links are available below. Gathering thread dumps was shown during the talk and the process is generally as follows:

Generate a thread dump
How to generate and capture Java stack traces: http://www.jboss.org/community/docs/DOC-12300

Analyze the thread dump.
A tool called Samurai (written in Java) was used as an example: http://yusuke.homeip.net/samurai/en/index.html
Monitor the live application server via JMX using Jconsole. Jconsole part of the standard J2SE 1.5+ distribution: http://java.sun.com/developer/technicalArticles/J2SE/jconsole.html
I hope this BoF/Talk has whetted your appetite for Java, which is a rich, incredibly powerful programming language and application platform.

Matthew

Clem Cole, President of USENIX, fielded a question on the history of USENIX and its beginnings. He offered insights into how USENIX was started that there was a common nemesis called Digital Equipment Corporation. At the time, DEC was imposing licensing restrictions on programmers who wanted to port Unix to PDP computers. A group of programmers/system administrators came together to for the first Unix group called USENIX. Since that time, it has grown into the expansive organization it is today including training and fostering academic growth in the areas of computer science.

The details of USENIX’s beginnings are most interesting, considering it contains a great deal of how history has been made with the computer which we use today. The history of USENIX may be followed up with a separate article on the USENIX blog, so stay tuned in.

The responsibilities of the USENIX board still contain the original vision of uniting the computing community and fostering innovation that was present at its inception. Some of the more current responsibilities of the are to review and publish papers from the computer science academic community, and bring students to the conference who would otherwise not be able to afford to attend.

On the educational note – for students, system administrators, programmers and the curious, the training program has become an essential part of the USENIX organization’s efforts in providing excellent training, and is headed up by Mr. Dan Klein.  The people who created the technology we use on a daily basis often deliver the training at USENIX.

USENIX is also active in the standards community with an active representation on various standards committees from Nicholas M. Stoughton, Standards Liaison.

The USENIX board concluded that their responsibility is to deliver the best value to their members, and the best value is the conference content and efforts of the organization year round.

Qooxdoo (pronounced kooks-doo) is an Ajax application framework, which is utilized to build standalone web applications solely with Javascript. After speaking with Oetiker about the Qooxdoo framework it has become apparent that Qooxdoo is revolutionary for designing web applications. There were many questions that surfaced when introduced to the framework, such as “How is this even possible?” and “Is this yet another Ajax framework?” After questioning Tobi, it is apparent that this is not an ordinary Ajax framework and there is definitely a bit of voodoo in Qooxdoo.

Q (Sacks): Can you please explain how Qooxdoo works for readers who might be interested in the framework but doesn’t really know what it is?
A (Oetiker): Qooxdoo is for ’standalone’ applications running in the web-browser – sort of a new breed of creature. Something that was attempted with Java years ago.

Q (Sacks): Is Qooxdoo an Ajax framework?
A (Oetiker): Yes, but it is not a collection of Ajax/DHTML widgets.

Q (Sacks): How is Qooxdoo unique from other Ajax/Javascript frameworks?
A (Oetiker): It provides a framework for writing complete applications in JavaScript. In contains everything you need, done in a very tasteful and technically skilled manner.

Q (Sacks): Qooxdoo seems to compile all of libraries into a single js file, does this make troubleshooting more difficult?
A (Oetiker): The trick is that Qooxdoo allows you to run the application also
from the “uncompiled” Javascript source files. So while debugging you use the original files and only convert them to the single file format when you deploy the application.

Q (Sacks): Would you call a Qooxdoo page a web application or something else?
A (Oetiker): Yes you would call it a web application I guess … but only because of the lack of a better word. There is some good material on Qooxdoo in http://resources.qooxdoo.org/download/presentation/Ajax%20in%20Action%202008%20-%20GUI-Development%20with%20qooxdoo%20-%20with%20notes.pdf

Qooxdoo offers a simple way to build and entire web application into a single Javascript file and deploy it on a web server. This is a rather amazing feat considering it is a purely web-based (no application server) web application, allowing for database callbacks and all of the other full features of an Ajax-based application. The Qooxdoo training at LISA presented how to build an application with Qooxdoo and debunked the internals of the framework and how to fully leverage it’s features.

I spoke to a few students to get a better understanding of why computer science students come to LISA: Niia Lartey of Oslo University College said that it is a tradition for students in his department to come to LISA. In addition to following tradition, one of the main reasons Lartey traveled across the pond to get ideas for his own thesis paper.

Students from all over the world frequent the USENIX conferences, LISA in particular to gather and share ideas for research projects, discover job opportunities for when they graduate and get involved in the computing community.

USENIX offers student grants for those interested in attending the conference. To find out more, visit http://www.usenix.org/events/lisa08/students.html

Interview with the Xen Community Manager, Stephen Spector
Stephen’s commitment and enthusiasm for the Xen project are evident. His feelings seem to be shared by most of the people attending the training. When you talk to Stephen it becomes apparent why others get so fired up about the Xen project. According to Spector, due to the prevalence of the academics in general and computer science students in particular, LISA is a great venue for disseminating information and progressing the Xen.org project. According to Spector, given the collaborative nature of the educational community, academics are the best conduit for spreading the word about Xen.

“The Xen.org community is about building the best Hyperivisor”, says Spector. Judging by the number of attendees Xen is most certainly holding true to this vision, and the main purpose of Xen as described by Ian Pratt, creator of the Xen hypervisor. The Xen open source community is what fuels the success of the commercial Xen-based products; however, the reason they are successful is because of the open-source community’s contributions and feedback on the Xen project.

Up Close with the Xen Trainers: Wenjin Hu and Zach Sheperd
Hu believes that the reason for the extreme popularity of the course is due to the popularity of the Xen project on a large scale. People are starting to use it in production and as a better computing platform for their business technology infrastructure as well as University computing platforms. Hu and Sheperd both believe it is important to connect with the community to get feedback on use cases for the Xen hypervisor. Sheperd antes that “development fosters research”, and Xen provides the substrate for incubating software development projects, which is one of the many use cases for this virtualization platform.

Conclusions
Xen is a new course offered at the LISA training tracks and there will likely be intermediate and advanced courses at future LISA’s. One of the reasons the Xen team chose LISA to gather feedback about their training, disseminate information to the most relevant audience, and gather use cases about how Xen is being used. On the flipside, the conference attendees received an introduction to Xen and come away with the ability for use the Xen hypervisor for whatever projects thay may have dreamed up, and fast-tracks their ability to get the most out of Xen. There are many new great things coming down the line, stay tuned on the LISA blog and Xen.org for more information.

Further Information
Xen Community Website: http://www.xen.org
Xen Blog: http://blog.xen.org
Xen Mailing Lists: http://lists.xensource.com

After speaking with a few of these LISA veterans there is an apparent common thread amongst returnees: the people. There are very few technology-related conferences in the world that have the breadth and wealth of information that is present at LISA. Conference presenters are consistently the leaders, authors, and experts in the field of system administration. This provides an advantage when seeking feedback, ideas, and solutions to problems on technologies that are used by systems administrators worldwide. By going to the source of the technology we use and meeting the people behind the scenes, it opens up a whole new world for those involved in the field of technology.