So I think to the same degree that user space and
kernel space has worked in the last 30 years in the
operating systems that the Safe Tcl mechanism will
work for scripts.
We are going to consign everyone now to
a padded cell with a reading list. That will give you
some time. Before we do, we taped this earlier, let me
add to it another book which has been recommended here,
Gregory Andrews' book on Concurrent Programming, I will
put it to a camera here, there is this and here is
another book that Jim published called Spring
Collection. These will be on the URL. Let's now look
at a list of assigned reading for all of you that would
like to catch up with this, and remember John
Ousterhout has a book about this titled elegantly,
Tcl/Tk. Is that the first words of the title? Tcl and
the Tk Tool Kit. Let's look at the rest of the reading
assignment.
This is the 13th edition of the cumulative book
list. What I'm going to show you today, my assigned
reading list for you, is a sequence of books that build
on all those we have mentioned in the past, those lists
of course are at our web page, I will show you the URL
for the site later at the end of the book list, we are
going to link them so each that refers to the other
will appear as hyperlinks in the web pages. So the
first book about today's topic, Distributed Systems,
Concepts and Design, George Coulouris of Queen Mary
College in the east end of London, has done a second
edition of his book on distributed systems. This is
the best overall compendium of understanding how these
object based systems, these distributed systems, work.
Very thorough, very complete book.
In a more general tone is this book, this came out
last week, this is called Evolving the National -- I'm
sorry, the High Performance Computing and Communication
Initiative to support the Nation's Information
Infrastructure. This is a report from the National
Academy of Sciences of the United States, the National
Research Council is part of it, Ivan Sutherland, John
Hennessey, a number of people you would know the names
of, were the prime authors of this. This discusses how
the overall infrastructure of distributed systems
brings information, brings computing power to all of
us. So this is a very worthwhile document for
understanding how each nation's infrastructure can
evolve.
In a more specialized vein, this Tradoc pamphlet
525-5, this is a United States Army publication. This
is called Force XXI, it describes how the information
infrastructure for an army for a combined joint
command, combining elements from many nations together
into one force, using modern communications and
computational technology, how do you make all that
work? These documents, with a particular focus
essentially on killing people, provide a clarity in
some sense of some of the more general discussions you
may get.
Here is another one, again the United States Army,
there is a similar one from the Marine Corps, these are
available, you will see the references on the web
pages.
For a general discussion, a new book, very nice
book, a compendium of his Wired Magazine articles, and
more, Nicholas Negroponte from the media lab at MIT has
a nice series of essays discussing in a nice
what difference does it make when everything is just
bits. Very well done book, many years of experience
Nicholas Negroponte brings us.
Now in some sense a counterpoint to that is a book
that's a week old, this is Clifford Stoll's book. You
remember Clifford Stoll, the astronomer from Lawrence
Berkeley Lab who wrote Cuckoo's Egg on the Bulgarian
hackers, this is his new book, Silicon Snake Oil, which
says, well, we can talk about digital libraries, do
they reach everyone? Is there too much to understand?
He brings experience of 20 years on the net to a very
nice series of essays about how can we form the new
infrastructure into something useable by everyone.
Now the magazine that you need to subscribe to, to
do that you need to join IEEE, this is the best English
language technical magazine. IEEE Spectrum
consistently wins awards. In this particular issue
there is a deep discussion of the bottleneck we now
reach in computing, we are down to two nanosecond cycle
times, those are Cray speeds for many of you. You
remember that was the memory cycle time of a Cray a few
years ago. We have this on the desktop now. So the
bottlenecks become the switching fabric, the backplane,
the bus. This is a lovely article about that. Each
month there is something very good on topics that are
technical with annotated reading lists as well.
One of the best science magazines, the most
spritely and lively is New Scientist, a British
publication, this again covers every week some new
aspects of technology and science, many of them having
a bearing on what we do. In this particular case it
describes some of the new inventions, some of the new
discoveries about mathematical objects, we will discuss
that later today in the Mathematical Science Research
Institute's hour on advances in mathematical research.
To that end, and on that same segment is Bob Osserman
and his new book Poetry of the Universe, discusses --
its goal is to discuss, in a way accessible to all, how
space is curved, and how understanding the curvature of
space, how understanding how light beams are shaped by
the geometry of space, that allows us to understand
many things, for example, switching fabrics in
computers. And how they may be redesigned. Bob
Osserman will be with us later to discuss those.
Poetry of the Universe.
Lastly, something for all of those interested in
security. When Tsutomu Shimomura speaks later about
how he can walk through many computers, encryption
becomes a serious concern. This is a good book about
PGP, Phil Zimmerman's Pretty Good Privacy, that you can
implement on your machines in spite of the United
States government restrictions on export of encryption,
and you should, so that you understand how to
administer complicated yet secure systems. PGP, Pretty
Good Privacy, the author is Simson Garfinkel, this is
from O'Reilly.
That's my list, look on the URL that we will show
you now so you can find the complete annotated and
webbed bibliography covering the last four years of
Sunergy.
We have one more, another assignment from Roy
Campbell, Research Directions in Concurrent
Object-Oriented Programming. You can show -- I wrote
it here on the paper. This is an MIT Press book, 1993,
Research Directions in Concurrent Object-Oriented
Programming, Agha, Wegner and Yonezawa. Yet more to
read.
Now let me introduce our panelists with us to
discuss implications of what we just heard. Geoff
Baehr is Chief Networking Technologist at Sun
Microsystems, Tsutomu Shimomura is a research physicist
associated with a variety of institutions, Los Alamos,
San Diego Supercomputer Center, Sun, many computers
worldwide on the WWW and Dan Farmer, originally at
Cornell -- Purdue or Cornell? Purdue when you wrote
COPS. Then at CERT, Sun, then at SGI, and currently a
free agent.
MR. FARMER:
That's right.
MR. GAGE:
The discussion I want to move you all
toward comes from the scary idea that we are going to
have millions of new people on the net. We are going
to have lots of new software, essentially untested, on
the net and these very powerful new systems with
scripts running all around. We have had recent
experiences, and Tsutomu has figured highly by
capturing Kevin Mitnick, essentially from a ski cabin
in the Sierra Nevada Mountains, trapping someone three
thousand of miles away on a cell phone. These issues
of security seem to me to be fundamental, seem to be
the basic problem we face.
Is there anything in your recent experiences that
gives you hope that we are making progress? Are we --
are changes in operating systems and languages enough?
What future do we see when we bring millions of people
on the net?
MR. SHIMOMURA:
First of all, with regards to the
previous session, languages are not going to prevent us
from writing bad code. There is nothing we can do in
language to prevent us from doing silly things.
MR. GAGE:
Intelligence pays?
MR. SHIMOMURA:
There is no substitute for thought.
MR. GAGE:
In the code you saw as you chased
Mitnick, through telephone switches and networks around
the world, was it the code itself or the operating
system itself that lay, that opened it to attack and
the flaws that you exploited or Mitnick exploited?
MR. SHIMOMURA:
Most of it had to do with
administration issues, I think. There were
occasionally bugs, protocol issues, problems with
protocols, cases where protocols were being used for
things they weren't designed for, such as using TCP
for authentication. Which were exploited by, you know,
we believe to be Kevin and friends.
MR. GAGE:
So John Postel never designed TCP for
authentication.
MR. SHIMOMURA:
No, and it should not be used for
such. Of course it hasn't really stopped anyone.
MR. GAGE:
From attempting to use it.
MR. SHIMOMURA:
Correct.
MR. GAGE:
What help does someone have, if you are
administering a system, what help do you have to point
out where it's not administered properly?
MR. SHIMOMURA:
In what sense?
MR. GAGE:
You would like to test things, when you
have a machine you are putting on the net when you send
E-mail or use it you can trust it's at least moderately
administered, moderately configured.
MR. SHIMOMURA:
Most of what Kevin used were
well-known bugs, he seems to have written, allegedly or
whatever, seems to have written very few tools, most of
the tools we saw him use were tools written by other
people to exploit already well-known bugs and ones for
which often patches existed and tools to assess systems
to find out what vulnerabilities exist are likely to be
very useful, and Dan Farmer here I guess is the expert
on this.
MR. GAGE:
That's true, Dan. When you wrote COPS
years ago, I ran COPS on my machine, drove the
administrators crazy because it tested all the parts of
the system. It found all the misconfigured things. So
I could pose as an expert, you didn't put the plus sign
in the right place. Now you have amplified this
considerably with Satan. Tell us, what is Satan?
MR. FARMER:
To backtrack a moment. The answer to
your question is education is the key. You can't
expect an administrator to run something then all of a
sudden the system is safe. Over time systems degrade
with security. The more it's used the less secure it
gets. The real problems in security are those of user
system administrators opening up a hole or doing
something incorrectly and over time these kind of
accrete, the more the system is used, the longer it's
in production, the little holes become larger holes.
They are mostly configuration issues. Mostly policy
problems. Administrative problems.
And the main thing that the security tools that I
like to see and that I write myself, are tools that try
to collect and audit these kinds of problems. Then
with the whole issue of Satan is that you have
typically an administrator will administer hundreds,
thousands of machines. While they can look at any
individual machine with a fairly high confidence level
that they can secure this one machine, when talking
about this whole aggregate of machines, huge collection
of machines, with all the interconnections, there is
absolutely no way they can understand the implications
of all the services talking to each other, all the
administrative issues, all the configuration issues.
The only way to do it is by either having the operating
system inherently secure, we know that's not going to
happen, or you can have the tools that can run
configuration checks, run sanity checks on what's going
on. That's pretty much what Satan is. It's a
glorified configuration policy, vulnerability tester.
Takes existing known problems, applies rule sets and
rules to the existing configuration, checks all the
problems and solutions, and checks all the problems and
attempts to come up with hard core solutions, do this
and you can fix your system type of solutions.
MR. GAGE:
It's focused on networkcentric kinds of
problems.
MR. FARMER:
Absolutely. The network is where the
Internet is at, obviously. And the entire focus before
has been very hostcentric. You talk about firewalls
and security nowadays, and people are interested in a
very small piece because it's very difficult to look at
a large network. The whole objective of this was to
say, okay, that's fine, for certain types of solutions.
Certain types of situations you can create a firewall,
a small solution on a tiny piece of a network, but when
talking about the entire thing, there is nothing out
there that looks at it. You know, I can guarantee that
any large network that you run Satan against, it will
be compromised. Flat out, it will be. It will happen.
The reason is just the complexity issues. The vendors
keep bringing out new security patches, new problems
come out every day. Systems get broken into every day.
The reason is because they can't keep up with the
information. Satan is just one way, it's not a panacea
or a cure or anything, but it's a fairly reasonable way
to keep an eye on your system in terms of what's going
on out there.
MR. GAGE:
We will give accessibility data so
people can get Satan, it's clearly constantly evolving.
Geoff, you in a way bring new problems to this.
You and the group that founded ATM forum, now suddenly
the world will have 622 gigabit speeds, linking these
very powerful machines, suddenly the complexity Dan is
talking about explodes. Do you think there is hope
here?
MR. BAEHR:
Well, actually, because of the cost,
people are now installing a common network
infrastructure and allowing multiple virtual private
networks to exist over that common infrastructure. And
this is predominant, it's appearing with frame relay
networks and soon to be ATM networks. This means with
the tools that are used both for administration and
attacks, one can attack a wider range of networks or a
wider range of users. So as the user base increases,
the technology is actually making it easier in some
ways to inspect the traffic on the networks.
MR. GAGE:
So sniffer has become a very important
tool both for good and evil.
MR. FARMER:
One of the problems, when you have 600
megabits coming down the pipe, it's impossible for a
good guy to know what's going down there. So you have
absolutely no idea what's heading down your data lines.
And for some people that's a problem, for others it's
not.
MR. BAEHR:
And there is a trend which is in the
past we secure the networks by employing point-to-point
leased lines, unfortunately those are not cost
effective anymore. So companies and universities and
such are going to -- they essentially use bandwidth on
demand, this is a prime characteristic of ATM for
example. And this means that their packets and their
connections all go into a common sea of packets or
cells surging around in the network. So the question I
asked Dan and Tsutomu is, isn't it true that as these
new technologies evolve, and as holes are found in
current ones, that cooperation and publication and wide
dissemination of the holes is actually better than
attempting to keep things secret? I will pose that
first to Dan.
MR. FARMER:
Absolutely. I'm a strong believer in
information, freedom of information. Not necessarily
destruction of privacy, but there are certain types of
information and concepts out there that have been
around for a long time but we are just rediscovering
the government has had them or they have been
classified or whatever it is. The vendors have an
enormous store of information as well.
None of the vendors talk to each other, no one
talks to each other, one of the big problems with
security has been when someone finds a problem, no one
wants to talk about it. They will tell one person, a
vendor, a CERT, and no one else can find out anything
about it. And the only way you can fix problems is
knowing that they are there. Especially when talking
about these huge networks, incredible intricacies that
springs up, it's literally impossible to know what's
out there unless you have complete information. No one
does right now.
MR. GAGE:
Now when you reported, when you were
tracking Kevin Mitnick and you reported the attack upon
you at San Diego, CERT was faced with a political
problem. That's the crux of it. If you publish
information about these things, those that haven't
thought about it, suddenly thought about oh, I can try
that as well.
MR. SHIMOMURA:
The thing we need to remember, even
if we refuse to admit there are problems, if we are in
denial, the black hats aren't.
MR. GAGE:
Are not in denial.
MR. SHIMOMURA:
Right. They know we don't know
what's going on or may not know what's going on. They
are quite willing to take advantage of that fact.
MR. GAGE:
I would be content if I had an idea of
what I think my own machine is doing. I have an idea
what it's doing. Whether it thinks it's what it's
doing.
MR. SHIMOMURA:
There are a few issues here. There
is what the machine is actually doing, what was
actually implemented, then there is what the
documentation claims it does, then there is what we
want it to do and hope it does. Unfortunately we often
behave as though the machine is doing what it is we
would like it to do.
MR. GAGE:
We start with what we would like to do,
then we read the documentation, alter it slightly and
neither of those has a lot of relevance often.
MR. SHIMOMURA:
What is going on is what is going
to help us or hurt us, that's what we have to live by.
Unfortunately if we want it to do something else we may
choose to forget it's actually doing something other
than what we want, though it appears to be doing what
we want.
MR. GAGE:
This brings up the issue of tools. What
tools are there to find out what it's doing?
MR. SHIMOMURA:
I have a few tools for looking at
vulnerability, Dan has written many, many more. Dan
has written probably the authoritative set of tools.
MR. FARMER:
But his are better.
MR. GAGE:
We have an argument about whose are
better. Not all of them, with great power comes great
responsibility.
MR. SHIMOMURA:
Also tools aren't inherently good,
bad, evil or whatever. Tools are what we use them for.
MR. FARMER:
Absolutely. You say great power
brings great responsibility. That implies some tools
shouldn't be released or some information shouldn't be
released. I couldn't disagree more. I think the
problems are people are writing tools and information
and it's not being disseminated. And the
responsibility you have is to put these things out, is
to present them to the world, not to decide whether or
not well, this is too dangerous or this isn't the right
thing to do by releasing it. We have had a long-
standing argument about some of Tsutomu's tools that he
feels are too dangerous to put out in the world. I'm
strongly in favor of releasing them.
MR. GAGE:
There is no answer in these arguments.
The poison gas attack is an example. Do you discuss
what was the poison gas or not? We are in a world now,
I think it's clear to everyone, of increasing
vulnerability as very complicated systems become at the
core of the fabric we rely upon for business. You are
going to use the open Internet as a foundation for
services and that requires certain technical elements,
encryption, I have a list from the past panel,
authentication protocols and encryption. How important
is this for survival for all of us?
MR. BAEHR:
This really is the only, the only way
out. And that is over the last 20 years encryption and
authentication have largely been a gray area for a
number of reasons. There has been great confusion and
uncertainty as to what could be developed, what could
not. And there are considerations, national security
and others, but the only way out now is to proceed with
strong authentication, strong encryption, and also the
management of keys for large user bases, and this
actually is what we term the final frontier, to
actually implement the algorithms for a particular
encryption scheme are relatively simple but to manage
the keys for a hundred thousand or a million users is a
different story. And no one has done that yet. And to
build encryption and authentication into the operating
systems or into the use of binaries is something that
people are just beginning to start.
And I also will throw this back to Tsutomu and Dan
for their opinions about this, as to whether they agree
strong encryption, strong authentication is really the
only way out.
MR. SHIMOMURA:
Clearly that's the only way to get
real security, to get privacy information, to get
integrity or some handle on integrity rather than just
optimism or wishful thinking. And to get some type of
authentication, integrity, privacy.
MR. BAEHR:
Do you believe that people actually see
enough of a threat to force their vendors or force the
government or whoever to allow these technologies to be
developed?
MR. SHIMOMURA:
Well, there are a bunch of problems
here. First, if we are going to have encryption, and I
believe we are going to as we have more commercial
traffic on the net, we need it, otherwise someone is
going to lose a lot of money. We need open standards,
that means we need standards that can be used not just
in the States but overseas as well. And unfortunately
there have been all these issues with export control of
crypto tools, crypto material, made it very difficult
to come up with interoperable standards that we can use
worldwide.
MR. BAEHR:
I would also ask both of you, since
previously with the level of attacks that you two have
seen, and the type of activities that you have been
involved with, what do you think will happen when
actual money is now added to the mix? Is now added to
the network?
MR. GAGE:
Digital money, money moving at these
data rates.
MR. FARMER:
It already is there on the Internet,
there is lots of stuff there. The whole issue with
encryption, you can have the best encryption in the
world and the best authentication in the world, but if
people tape their password to the front of their
machine and you walk by and can read the password or
you can get it -- if the traffic is secure, but on the
end points you don't have security, you are running
into the same problem except now people have a higher
sense of false security than they did before. Without
a doubt the only way to get real security is to have
encryption and authentication and awareness. You can't
just expect encryption and authentication to solve the
problems. It won't. And people at banks do encryption
all the time, they still get broken into, they still
get stolen money. The reason is because people are
stupid. People are ignorant and don't understand the
issues. Without any kind of real education, real kind
of learning that's going on about the fundamental
issues in security, you are back where you started
from, even worse than before.
MR. GAGE:
One educational strategy is to name the
auditing software Satan so it scares everyone.
MR. FARMER:
There is that. Within a product the
name is two-thirds of what it does, anyway. You have
to come up with a good name, good slogan or byline,
and, you know, if you can catch people's attention, you
can get the fundamental message past them. Even if
they are not willing or thinking that they are going to
get a good message, you can still slip it past them if
you drill it enough times.
MR. GAGE:
I do wonder with the defaults of C++
with languages which are very close to the hardware
that let's you implement increment integers, wander
through memory, PCs are hopeless in protection against
a virus if there is no hardware control of memory, it's
trivial to break a PC, running DOS, at least. It's
going to be better with NT, and better with Windows --
what do we call it, Windows 9X? Some day?
MR. SHIMOMURA:
FORTRAN 9X.
MR. GAGE:
But the -- is there a move in new
languages or in the definition of the interfaces
between objects that gives us a better grip on some of
these things? Will we need more expanded auditing
tools like Satan?
MR. FARMER:
As Tsutomu said earlier, languages are
not the answer. They are a tool that can be used, but
without any kind of fundamental understanding of the
problems behind them, you can write bad code no matter
what language, COBOL or --
MR. GAGE:
And you can write good code in COBOL.
MR. FARMER:
I don't know if I would go that far.
MR. GAGE:
What do you think, are there languages
people should look at or languages people should avoid?
MR. SHIMOMURA:
Various people have tried this,
languages will solve the cluelessness problem and there
is ADA, which was -- there was hope that ADA would
remedy many of the problems that DOD was having in
their codes, right? Has it? It's made things much
more expensive. I really don't think that language
tools alone will get people to think. And we need
people to think, we need people to actually consider
what they are doing and have a clue.
MR. GAGE:
You have said when you are examining a
system, that you think about it, what it's supposed to
do. And you pointed out that what it says it does
isn't usually what it really does. And as you think
about it and model the constraints it's supposed to
satisfy, then by looking at it in a slightly different
way you can see the holes in it.
MR. SHIMOMURA:
Uh-huh.
MR. GAGE:
How does someone who doesn't have a clue
begin to come closer to that capability to understand
these things?
MR. SHIMOMURA:
Well, there are several different
kinds of bugs that show up. There is when you have a
silly idea or when you are unclear on the concept and
you try to implement something and you implement
something that by its very nature by design will not do
what it is you expect it to do, is not secure or your
notion of secure, whatever that may be.
Then there is taking this notion of what it is you
want to do and turning that into code, which has been a
mechanical process. The languages may help in the
second part, it may prevent you from, or make it more
difficult perhaps to make mistakes or make it more
obvious to spot mistakes. They will not help at all
with the first part of the problem where you don't know
what's going on. And hoping, saying gee, I have this
fancy language here, it will save me from my stupidity.
No way.
MR. GAGE:
It can make it more difficult to be
stupid?
MR. SHIMOMURA:
I guess it can make it more
difficult to be sloppy, but doesn't make it more
difficult to be stupid.
MR. GAGE:
There may be a number of people that
don't know much of the details of what was quite a
celebrated event in the United States. That was the
capture of a, they called him a cybercriminal, I don't
know, but at least someone who raided people's files
and stole source code from many companies and put it
out, and stole ASIC designs, CAD files from hardware
vendors, which is quite dangerous. Hardware Trojan
horses is not an idea of a computing future we care to
think about.
As you did this and the United States covered it,
in Europe, I think in other places there was a bit of
coverage. Perhaps you could outline quickly what
happened here, what were your first signs as your own
system administrator of attacks by some of the more
sophisticated people in the world?
MR. SHIMOMURA:
I don't know about sophisticated,
but certainly persistent. We saw, our first sign of
trouble was that log files on one of my machines got
shorter. Log files are never supposed to get shorter,
right? You can tell when things get shorter.
MR. GAGE:
Rule one, keep log files.
MR. SHIMOMURA:
Well, rule 1.1, look at your log
files.
MR. GAGE:
Do you have tools to examine log files?
MR. FARMER:
Absolutely. Unfortunately, log files
are extremely tricky things to look at because, No. 1,
there is a lot of information getting pumped into them.
If there isn't a lot of information, there is never
enough. And the idea is collecting and collating the
data into something readable. I looked at the logs
Tsutomu had, it was amazing to me someone would look
through the logs and find what happened. He pointed
out things to me, well, I can see it now that you
pointed it out.
MR. GAGE:
So with enormous experience you did
that. People like me need help. So 1.1, examine the
log files. They were truncated, someone wrote over
them, you didn't have the full log files, what did you
do then?
MR. SHIMOMURA:
It turns out we keep routine packet
logs of all inbound traffic. Back to the sniffing
problem. We use tools similar to the ones the black
hats had but I think ours were better and faster. We
were able to monitor inbound traffic, in the event
something goes wrong we can find out what happened. In
this case the intruder or intruders attempted to
destroy the log files. By using a bunch of not
terribly sophisticated techniques we were able to
recover the full intrusion. That's how we discovered
the IP spoofing attack, IP spoofing, address spoofing,
and TCP address number sequencing attack actually in
use back on Christmas day last year.
MR. GAGE:
So on Christmas day you found, suddenly,
you had to reconstruct from the packet traffic each of
these events. That must have been laborious.
MR. SHIMOMURA:
We have tools for looking at these,
for sorting these and putting them in order,
determining streams and finding things that shouldn't
be there. But still --
MR. FARMER:
It helps that he is brilliant.
MR. GAGE:
Well, it does. But you don't sleep much
when you do this. If you move through the path of
traffic, you discover categories of attacks. I think
on the web page we should write a quick summary of what
these are. In the literature you posted an account of
this to a variety of sources. I think we should put a
pointer to that and put that document up.
MR. SHIMOMURA:
That document has been put in
several places, I don't actually have the URLs for
those. Peter Lewis, I think of the New York Times, on
February 22nd took that piece and wrote a column, wrote
a graphic for the New York Times business section
describing the attack and how it worked.
MR. GAGE:
The person that did the graphic did an
excellent job in capturing the notion of how this
worked. We will find the graphic and under fair use
will put this on the net.
I have one thing to tease Tsutomu with, I will put
here, this is for all of the people in the world that
write code. I want you to take a look at the page I
have put right here, you can't read the fine print, so
I will. This is from Miramax Films, any of you that
have money that you spend, when you go to the movies,
much of it goes to Miramax, they nabbed rights to,
"Catching Kevin", it goes through the dramatic
real-life story, the two-year hunt for convicted
computer felon Kevin Mitnick, capturing took two years
and the work of Tsutomu Shimomura, Bob and Harvey
Weinstein are the people that run the world's largest
box office leading film studio. They say this
incredible real-life dramatic of the cybersleuth is one
of the most innovating, thrilling projects we have been
associated with. Tsutomu Shimomura, in our opinion, is
the James Bond of the cyber age. You are stuck with
this, that means that the book rights reported in the
Washington Post, and I won't pin Tsutomu down on the
amount of money, the New York Times reporter that
covered this and Tsutomu, I believe, there was a
$750,000 figure in this, so beyond that, this is the
film rights which go on beyond that considerably. So
I'm just pointing out to all of us if you want to find
out about making your system secure, run various pieces
of the software, you don't have a film contract yet.
MR. FARMER:
Unfortunately not. I won't hold my
breath.
MR. GAGE:
Examine your systems, enrage the people
that administer them, become a better administrator
than your own administrators, because only if you take
the effort to learn are you going to be able to make
things better. So -- and then possibly you too will
get a film contract.
Tsutomu, you had a thing to say.
MR. SHIMOMURA:
Yes. It's interesting that Kevin's
undoing also was not understanding what was actually
implemented and believing properties about things that
-- about systems that he used that probably weren't
true. Believing things about cellular systems,
cellular policies, things like that, and I don't think
he actually understood what the other companies, what
the network managers, operations people were capable of
doing and instead chose to believe he was safe in his
fixed location.
MR. GAGE:
I hope all cellular operators become
better, and security systems, intelligence is required.
There is one -- now I would like to change topics
slightly and announce that since this is the first day
of spring, here in California, at least, as time zones
move, this is the first day of spring, a beautiful day
here, and Jim Mitchell wants to make an announcement on
the first day of spring about the software named
Spring.
Jim? Are you prepared?
MR. MITCHELL:
Hi, yes. Since this is the first
full day of spring, we thought it was an appropriate
time to put out the Spring OS, for use by universities
and researchers all around the world. Here it is
running on a SPARCstation 10, it also runs on
SPARCstation 2s, 5s and 20s. We are making it
available as a CD, we will tell you later how to order
it. And we use this every day as our desktop and
development machines. You will see it looks kind of
familiar because it has Netscape running on it and the
Motif window manager. You can pretty much see the
sorts of things you can do. It looks at this level
very UNIX-like, but that's because we run Motif on top
of it to get access to those applications.
As I say, it will be available on the CD, you will
be able to order it today, and John and I are going to
talk about what's on it, what people might do with it.
MR. GAGE:
First, the graphics are much prettier
than standard Sun graphics. Clearly you weren't under
the domain of corporate. This is a research project.
MR. MITCHELL:
This is not a real product, after
all, this is for our friends out in universities and
research organizations, so that they can get Spring and
use it and give us feedback and improve it, because I'm
sure they will, they are the experts in the world on
operating systems. If they try it, then I'm sure we
will get good feedback.
MR. GAGE:
Is this FTPable? Do they need the CD?
MR. MITCHELL:
Yes, they need the CD to get started
because there is a lot of stuff on the CD, there is
Spring, of course, the binaries and installation
software, the apps like you saw up here, there is on-
line documentation and in fact we use Netscape for our
on-line documentation, so you can wander around in
your local web and find the source code and so on. We
put all the development tools on here, the versions of
the workshop for C++ tools that SunSoft sells that are
tailored for Spring so they know about distributed
objects and multi-threading. There is a C++ compiler.
So you can see there is a lot of stuff. And lastly, of
course, sources.
MR. GAGE:
Just about the C++, the C++ compiler,
you say there are multi-threading tools.
MR. MITCHELL:
There is a debugger that understands
about multi-threading because Spring is multi-threaded
and understand Spring distributed objects as well. As
you are debugging your distributed applications or
systems services you can be following from machine to
machine and not have to do something special in that
case. And run over to the machine and type on it.
MR. GAGE:
So it's a network-wide debugger?
MR. MITCHELL:
Yes.
MR. GAGE:
That's nice. Earlier we were discussing
some of the problems in building these systems. You
have put a lot of tools here. And anyone can get it
anywhere?
MR. MITCHELL:
Anyone can get it. You call
1-800-SunSoft. I am told you have to press option 2.
You call 1-800-SunSoft, $75 in the U.S., we are just
trying to cover costs, we want to get it out so our
friends in universities can use it, improve it, give us
feedback, build great things with it that we will have
a chance to see, maybe use, that's the whole idea. So
basically that's it.
MR. GAGE:
$75.
MR. MITCHELL:
$75.
MR. McNEALY:
Excuse me, John. Excuse me.
Jim, I was over in my office, I got this press
release, I heard you guys were taping over here. This
is tape, right?
MR. MITCHELL:
Actually this is live.
MR. GAGE:
This is a live broadcast.
MR. McNEALY:
Oh, it is?
MR. MITCHELL:
Is there something we can help you
with, Scott?
MR. McNEALY:
$75? What's going on here? $75?
MR. MITCHELL:
I'll following your lead. You said
the company believes in open systems.
MR. McNEALY:
Open systems, yes, but my lead has
been profits.
MR. GAGE:
Scott, Scott, sit down, talk to Jim.
Sit down right here. Just talk to Jim.
MR. McNEALY:
Tell me what's going on.
MR. MITCHELL:
What's going on, we have a new
system.
MR. McNEALY:
I know, I have seen it.
MR. MITCHELL:
Trying to make it very open, the
only way a new system is going to be open is if other
people can change it, the best people to change it and
try things with it are universities.
MR. GAGE:
And they have $75.
MR. McNEALY:
How many are you going to sell at
$75?
MR. MITCHELL:
I have no idea, as many universities
as can get it as want it, we get lots of feedback, we
can get a technology lots of people use. Then we
compete on implementations and making great new
systems.
MR. McNEALY:
I guess we do kind of owe something
to the university and academic and research community,
we did get our start there.
MR. MITCHELL:
They started us, they are the world
expert in operating systems. Who better to ask? Do we
ask Microsoft? What would they tell us?
MR. McNEALY:
Open doesn't mean free, does it?
MR. MITCHELL:
No, but it means readily accessible
to and changeable by lots of people.
MR. McNEALY:
I guess it is important. Who can
change NT, for instance? There is only one company.
MR. MITCHELL:
Microsoft.
MR. McNEALY:
So you are going to drive open
interfaces, public domain kind of interfaces?
MR. MITCHELL:
Absolutely. We made this easy.
It's a shrink-wrap license, you just open it, use it,
we keep commercial rights so we can make money in the
future. But the schools can go ahead and build stuff,
they own whatever they build, we are asking everyone to
share the software they develop. Just like Sun.
MR. McNEALY:
Only a commercial version of the
Berkeley UNIX kind of strategy, is that accurate?
MR. MITCHELL:
Yes, because we did it in our
commercial place, we want it to be open, so it's cheap.
MR. McNEALY:
This is really good stuff, I guess it
makes sense, we get a lot of people working on it,
enhancing it, improving it, finding new uses for it.
MR. GAGE:
You don't have to pay them. They are
going to work.
MR. McNEALY:
I don't have to pay them?
MR. MITCHELL:
They might even produce people we
can hire. They have been doing that pretty well.
MR. McNEALY:
This is pretty good stuff.
MR. MITCHELL:
Do you think we can get on with it?
Okay, boss, thanks.
MR. GAGE:
This is a big question, if we say it's
going worldwide he bought in.
MR. MITCHELL:
I think he bought in. I have got my
job for a little while.
MR. GAGE: Setting him up is perfect for this. We
have a commitment from the top. If it's going to into
internationally, that means no export issues, it moves
out, Moscow, everywhere, there is Russian code in here,
I understand.
MR. MITCHELL:
There actually is Russian code in
here. We have been working with a group in Moscow for
about a year and a half under Boris Babaian. Boris
Babaian is Mr. Supercomputer of Russia, he has had an
operating system team, they are now working with us, in
fact about a week ago we went to Moscow and did a quick
interview with Boris and one of his people, Sergei, to
tell us what they have been doing with Spring, and I
think we are going to see that video clip, aren't we?
MR. GAGE:
Are we? Good.
[Videotape playing.]
[BELLS RINGING]
MR. BABAIAN: Our team which engaged in this work
in Spring before was part of the big domestic team
which made the most powerful Soviet computer and with
this computer we made the most sophisticated operating
system. So we have big experience in programming,
in designing operating system. So our team is quite
experienced and our operating system, Elbrus operating
system with many new features and this experience was
very, very liked by Jim Mitchell, leader of the Spring
team and when he was here we find good many things in
common. And we started this big project, which our team
is participating and now they have a good result.
Connection with Spring.
MR. ZABELIN: And we were very glad to be involved in
Spring project because we are got the possibility to
continue to work in the fields which we like and we
are sure that we can add something, new features to the
Spring design. This project, the ideas of Spring, they
have good future. And we are sure that this approach
is the most contemporary approach.
MR. BABAIAN: It's very interesting that UNIX
emulator will be designed and programmed in Russia,
it's very interesting and this is big important
project and it shows the big, big joint project with
the United States and Russia and I think it's have a big
future. This collaboration.
[BELLS RINGING]
[End of videotape.]
MR. MITCHELL: Maybe the most amazing thing about
this, that was a clear sunny day in Moscow in the
winter.
MR. GAGE:
Well, another amazing thing as
academician Babaian said, to have Russians creating new
elements based on the software, I can remember not so
long ago, four or five years ago, he as the creator of
all Russian supercomputers, was an object of great
interest on our side, it was impossible to find out,
now he is talking on a sunny day in Moscow, talking
about the innards of the operating system. Where else?
MR. MITCHELL:
We wanted to make this available
worldwide, so we have also had it out to be tested by a
number of groups. I think we have got one on the phone
from the
University of Erlangen in Nuremberg, Germany
is Professor Juergen Kleinoeder, and they have been
doing work in something they call parallel modules,
which are an awful lot like Spring, an awful lot of
overlap. When they found we were going to make this
available they were eager to test it and see how it
compared with their ideas. I think we have him on the
line. Juergen, are you there?
PROFESSOR KLEINOEDER:
Hello, Jim, yes, I hear you.
MR. MITCHELL:
Here is John Gage, he is going to
quiz you.
MR. GAGE:
My quiz is what are you doing with this,
how do you find the software?
PROFESSOR KLEINOEDER:
Well, thank you a lot for
the possibility to introduce my research here. Let me
first give you a short overview of our research. As
you already mentioned, we are working on the project,
and that's a project, we want to create a framework for
constructing open distributed OO operating systems.
And the main focus of our research lies in the creation
and identification of fundamental concepts and methods
together with a suitable architecture and program
model. Our primary goals are to create a useability
and adaptable open operating system architecture. So
for useability we require programming configuration
concepts that are independent from each other. For
example, we are able to separate the distribution
configuration from the problem-oriented part of an
application and thus tailor the software to different
network architectures or different security needs just
by putting objects on different spaces on different
notes. In addition, this facilitates the reuse of
objects, classes for different applications as you
don't have any distribution description in your program
code. The operating system can then be built using
those concepts.
Furthermore, we can create especially shaped
systems that are adapted to specific tasks, for
example, storage requirements. Just think of the
difference in storing objects on a disk. Already we
have designed the different parts of such a system, for
example, for the object storage on hierarchical and
homogeneous kernel. Well, what are we planning to do
with Spring now? In contrast to our previous
prototyping experiences, with platforms such as UNIX or
MACH Spring will provide us with a truly
object-oriented platform. The big advantage is Spring
meets a lot of our PM goals. As Jim mentioned, it's
highly modular and open architecture, this in its
maturity present a perfect environment for our PM
research project. Although the Spring is not yet
completely perfect in its current configuration, but it
won't be a problem but rather an incentive for our
research, it gives us a chance to come up with
additional ideas and concepts to enhance Spring. We
are planning to do several prototype implementations on
top or inside of Spring, examples are homogeneous
kernel use of scheduling architecture, support for
distribution, configuration mechanisms, support for
progressive computations, support for processing
multi-media data streams.
MR. GAGE:
Could I ask -- your web address is on
the screen, so everyone worldwide can see it. Are the
details of these projects present on the web page?
PROFESSOR KLEINOEDER:
Yes, you can find it. I
think it's enough for a first draft, to have an idea of
what we are currently doing at Erlangen, about our
plans working with Spring, you can find out anything on
our WWW pages.
MR. GAGE:
I think one interesting aspect of what
Tsutomu talked about, be sure to read your log files,
you will be able to tell the distribution of those.
PROFESSOR KLEINOEDER:
Of course we are doing it.
MR. GAGE:
I think it's extremely important that
the community working in the research area pays
attention to who else is working. The cross-
fertilization of ideas I think is going to explode.
Thank you, thank you very much.
MR. MITCHELL:
Thanks, Juergen.
PROFESSOR KLEINOEDER:
Thanks a lot, bye-bye.
MR. GAGE:
Bye-bye. Jim?
MR. MITCHELL:
So we thought we would try something
completely different, as another test site all the way
to College Station, Texas, where there is another group
at Texas A&M under Professor Udo Pooch, who have been
working with the test version of Spring, and so going
from our German friends to wild and crazy Texas I think
we have also got Professor Pooch on the line. Udo, are
you there this morning?
MR. POOCH:
Howdy, Jim.
MR. GAGE:
Hi, how are you.
MR. POOCH:
Pretty good. I have been listening to
the friends in Germany about the different projects and
I did -- part of the thing I have to echo is it's
really exciting to be able to have source code and
things where we can slip different parts of the
operating system in and out.
MR. MITCHELL:
Good. And what sort of things are
you doing, Udo, in your work with distributed systems
in general? Not necessarily Spring, but what sort of
things have you been pursuing?
MR. POOCH:
Well, we have been interested in
Spring, we have a distributed systems lab where we
investigate things from applications down through
operating systems issues, down to protocols and even
the hardware. We have facilities to look at the way
things act over different media, ethernet, token ring,
ATM, and then look at how we can build systems on top
of that. A major area we have been interested in over
the past several years is a distributed fault tolerant
system where the user applications may not have to do
very much to get all the benefits of fault tolerance.
Obviously what it takes to really do it transparently
to the user, takes a fair amount of modification to the
operating system. We have done that to Sun OS a number
of years ago, that was interesting, now we are looking
forward to having something where we can not only look
inside each part of the system, but be able to replace
parts basically transparently to the end user
application. So fault tolerance is a big thing we have
been doing.
I have an associate who is working on hard realtime
systems and scheduling. He has come up with a lot of
things on ATM and we want to extend that up through the
microkernel into parts of Spring itself.
MR. GAGE:
These are the parts that have never been
addressed by UNIX?
MR. MITCHELL:
And not by Spring, either in the
sense we built a system to enable this kind of work,
but we are a small research team, we weren't able to do
all these sorts of things Udo is talking about.
Thanks a lot, Udo.
MR. POOCH:
You are welcome.
MR. GAGE:
Again, he has his pages up and we can
search through. One of the subtle goals we have in
searching through web pages, if all graduate students
and all associates working on this have names and faces
we don't have to travel so much. All PhD theses should
be up and the research should be interchangeable
worldwide. You have some more material about this.
MR. MITCHELL:
A couple of things. Just to help
people learn about Spring, one of the things that we
have done is a video with University Video
Communications that does a Distinguished Lecture
Series, we have done a video that is kind of an
overview of two classes' worth of video to give an
introduction to Spring and some of the details of the
technology.
At the -- as a second thing -- that can be ordered
from UVC video, that's on the screen right now.
A second thing that people can get if they really
get into Spring, we have developed a programming course
as well, actually taught, Dr. Tom Doeppner from Brown
University has done it with us, and that's available,
we have put the course materials on the CD, as a matter
of fact, so people could teach it themselves, if they
feel like it, but it's available on video. In fact Tom
is available to come and teach courses on it. Just to
help people with that.
MR. GAGE:
We will put everyone on the MBone and
interchange the course work. I want to thank you, this
is very exciting, everyone get the code.
I want to remind all of you in Mexico, the United
States, Canada, North America, stay with us for the
Future of Mathematics, with Mathematical Sciences
Research Institute, the front-running mathematical
research institute in the United States, we will
discuss the fundamental changes coming that alter how
we think about the foundations not only understanding
the physical world, but these complicated systems we're
building.
Thanks to all our guests, thank you very much, we
will see you in Moscow, May 11, the next Sunergy
broadcast.