Lansing Chamber of Commerce“Open Source”

Introductions – Mark Lachniet

• Linux user since 1997

• Security specialist for Sequoia Services

• Pre-sales / engineer for Linux solutions

• Linux Professional Institute LPIC-1

• Novell CNE / Master CNE

• Microsoft MCSE 4.0

• Checkpoint Certified Security Engineer

Tentative Agenda

• Introductions• Quick survey• Open Source History• Open Source Defined• The Cathedral and the Bazaar• Current Status• Linux in the Enterprise• Open Source security• Training and Support

Quick Survey

• How many of you are technicians?

• How many of you are IT managers?

• How many are already using O.S. software? (this is trick question)

• What interests you most about OSS?– Cost of the software (“gratis”)

– Freedom of software (“libre”)

– Diversity and rapidity of development

– The GEEK factor

Being ChEaP

• In order to understand OS, you have to understand its advocates and developers

• Cheap refers more to the desire to learn, experiment, and develop in new and clever ways

• Cheap means pretty much the same thing as the term Hacker used to, or the term Geek currently does

• For many people, OSS is a powerful statement about lifestyle and personal choice

• The question is… WHY?

Open Source History• Richard Stallman could conceivably be called

the founder of the Open Source Movement• Worked at the MIT Artificial Intelligence Lab

as part of a community of programmers who designed a free compiler for the PDP-10

• The AI group promoted the sharing and use of computer time and code - the early roots of OSS

• This eventually came to an end when the university decided to use a non-free system and Stallman was forced into the world of commercial software

Endings and Beginnings

• Stallman left MIT shortly thereafter, citing a “stark moral choice” not to capitulate to a commercial software company

• Thus began his mission• The first step towards creating the “utopian”

software society of his dreams was the creation of the first free operating system

• He then began work on the GNU System and the Free Software Foundation

• This started with the GNU C compiler and associated tools

Meanwhile, back in Finland• GNU was a great work in process, but the kernel (the

real brains of the OS - like command.com) was non-existent.

• A Finnish programmer name Linus Torvalds had been working on creating a UNIX-compatible kernel for the 386 platform

• His kernel was actually an adaptation of the earlier MINIX operating system for the 386

• Linus worked long and hard on coding the kernel, according the the legend, sometimes releasing two or more versions in a single day

• Around 1992, GNU and the LINUX kernel were combined to create what we now think of as Linux

Open Source Defined

• Depends upon the OS license – there are many!

• The GNU Public License has these aspects:1. Free Redistribution – may not restrict or require a fee

2. Source Code – must distribute unobfuscated source code

3. Derived Works – must allow modifications by others

4. Integrity of the Author’s Code – my require “patches”

5. No Discrimination Against Persons or Groups

6. No Discrimination Against Fields of Endeavor

7. Distribution of License – cannot add restrictions (NDA)

8. License Must Not Be Specific to a Product – bundling

9. License Must Not Contaminate Other Software

The Cathedral• Think of the way that a cathedral is built - it is

overseen by the church and takes lifetimes to build

• The end result is usually quite beautiful, and a testament to the work, but it is slow in the making

• Commercial software is built in exactly this way - they take their time, release a few versions only now and then, and try very hard to make sure that the final product is beautiful (hopefully!)

• In software, this means insulating end users from the process, and working very hard to make sure that every possible bug is found and fixed before it is released - just like making sure that the cathedral is perfect before it is opened to the public

The Bazaar• The bazaar, on the other hand, is a chaotic free-for-all

• Anyone can come to the bazaar if they bring the right currency (skills) to the table

• The bazaar method makes all of the information available to all of the people so that anyone with a knack or an interest can tinker with whatever they want

• In the bazaar method, software is released frequently - with or without bugs

• This invites the whole world to participate in the process - bugs are found, people modify the code to suit them and contribute it back to the project

• While this frequently means that a revision of software may have a problem, it also means that it can be fixed very quickly

“Viral Licensing”• Following is a direct quote from a report by the European

Commission about Open Source Software: Can the viral nature of the GPL damage OSS

business? It is said that the nature of the GPL weakens the OSS business model, because proprietary and open source approaches cannot be combined in the same business strategy. Challengers of the GPL like to spread fear about its "viral" effect, but what is it exactly? Just one thing: if you include or link at runtime GPL code in your own application, it should become GPL also. In all other situations, for example if proprietary and GPL code just interacts through API’s or if proprietary applications or drivers make normal calls to a GPL operating system, there is no impact. In fact, almost all software licenses have the same "viral" effect: for example, if you obtain and include Microsoft code into a derivate, this one should normally belong to Microsoft.

Current Status• Linux, runs now on some 20% of the world

servers in volume• Apache, which runs over 60% of the

world's web servers• Perl, which is the engine behind most of

the `live content' on the World Wide Web.• BIND, the software that provides the DNS

(domain name service) for the entire Internet.

• Sendmail, the most important and widely used email transport software on the Internet.

OSS F.U.D.• [F]ear [U]ncertainty and [D]oubt• Because of the highly polarized debate

on OSS, it is often difficult to get to the true heart of the issue

• Both sides of the argument are guilty of an overly one-sided argument

• The truth is that OSS is *not* the best solution for all situations

• Let’s refer again to the European Commission’s findings

F.U.D. Fighting• OSS is just a new gadget • OSS belongs to nobody • People cannot be motivated to

produce OSS, because it is free• OSS is just for hackers and students,

not for business • OSS provides no support • There is no stability, because so many

people can change the software. • Divisions or “forking” will split OSS

projects in many un-compatible variants.

True OSS Risks• Lack of accountability • Reduced set of supported

hardware • Reduced set of business

applications • Lack of guide-lines • No guarantee that development

will happen• Some limitations regarding high-

end installations (but IBM is changing this problem)

• MJL: Difficulty – the Geek Factor!

OSS In the Enterprise• Commercial support from a variety of “big

player vendors” such as IBM, Compaq, and Dell

• Many companies now ship Linux pre-installed on select product lines

• Improved hardware support for enterprise solutions such as the Compaq Smart Array RAID adapter and others

• 24/7 Support contracts are available from multiple sources such as LinuxCare, IBM, and others

Popular uses for OSS

• Web server – Apache, PERL, PHP, and even ASP emulation

• File server – NFS, Novell Emulation, SaMBa Emulation

• Journaling File System (JFS)• Mail / UNIX shell server• Network appliance – dialup server, Linux

Router, security devices• Programming and application development

platform

High-End OSS Computing• One very real shortcoming in OSS /

Linux software is in high-end systems

• In particular, SMP support > 4 CPUs

• This is being addressed in several ways

• One way is to use IBM’s “Linux for S/390” software

• Another way is to use “clusters” of parallel-tasking machines such as the Beowulf cluster system

Linux on the IBM S/390• Runs on the “zSeries” server• Can run in “native” mode as the main and

only operating system• Can also run in logical partitions so that you

can run native OS/390 applications in one partition, and Linux in another

• IBM made a test server available and offered free computing time to anyone who wanted to play with it

• Will provide service and support• Future plans for “memory speed” network

communication between partitions

Beowulf Clusters• Makes use of many cheap PC’s• Communicate over regular 100mb/s or

Gigabite Ethernet• Requires specialized client software but can

be installed on free Linux distributions• Very popular in universities and schools

where cheap number crunching is required such as physics and math

• E.g. National Oceanic & Atmospheric Administration

Security on OSS software• Some people say that OSS is inherently

insecure for a few reasons:– Anyone can scan the source code for problems– OSS developers are not “paid” to look for bugs– People simply like to hack UNIX and Linux– Lack of organized control over code

• Some people say that OSS is inherently secure for a few reasons– Anyone can scan the source code for problems– OSS developers are not “paid” to look for bugs– People simply like to hack UNIX and Linux– Lack of organized control over code

Training

• One sign of a robust industry is standardization of skill-sets and certification

• Three major Linux certification exist:– The Linux Professional Institute

– GNU / Sair Linux

– Red Hat – Red Hat Certified Engineer

• These are challenging certifications

• The curriculum is publicly available – read it!

Support• Contrary to the F.U.D., there are

support mechanisms for Linux

• Look to your favorite hardware vendor

• Many national companies will sell support contracts – check your handout

• There are also many resources in Michigan, certainly many more than are listed in your handouts

Mark Lachniet mlachniet@sequoianet.com