Transcript 2001-09-17-LCOC-OpenSource

Lansing Chamber of Commerce
“Open Source”
Introductions – Mark Lachniet
•
•
•
•
•
•
•
Linux user since 1997
Security specialist for Sequoia Services
Pre-sales / engineer for Linux solutions
Linux Professional Institute LPIC-1
Novell CNE / Master CNE
Microsoft MCSE 4.0
Checkpoint Certified Security Engineer
Tentative Agenda
•
•
•
•
•
•
•
•
•
Introductions
Quick survey
Open Source History
Open Source Defined
The Cathedral and the Bazaar
Current Status
Linux in the Enterprise
Open Source security
Training and Support
Quick Survey
• How many of you are technicians?
• How many of you are IT managers?
• How many are already using O.S.
software? (this is trick question)
• What interests you most about OSS?
–
–
–
–
Cost of the software (“gratis”)
Freedom of software (“libre”)
Diversity and rapidity of development
The GEEK factor
Being ChEaP
• In order to understand OS, you have to
understand its advocates and developers
• Cheap refers more to the desire to learn,
experiment, and develop in new and clever
ways
• Cheap means pretty much the same thing as
the term Hacker used to, or the term Geek
currently does
• For many people, OSS is a powerful
statement about lifestyle and personal choice
• The question is… WHY?
Open Source History
• Richard Stallman could conceivably be called
the founder of the Open Source Movement
• Worked at the MIT Artificial Intelligence Lab
as part of a community of programmers who
designed a free compiler for the PDP-10
• The AI group promoted the sharing and use
of computer time and code - the early roots of
OSS
• This eventually came to an end when the
university decided to use a non-free system
and Stallman was forced into the world of
commercial software
Endings and Beginnings
• Stallman left MIT shortly thereafter, citing a
“stark moral choice” not to capitulate to a
commercial software company
• Thus began his mission
• The first step towards creating the “utopian”
software society of his dreams was the
creation of the first free operating system
• He then began work on the GNU System and
the Free Software Foundation
• This started with the GNU C compiler and
associated tools
Meanwhile, back in Finland
• GNU was a great work in process, but the kernel (the
real brains of the OS - like command.com) was nonexistent.
• A Finnish programmer name Linus Torvalds had
been working on creating a UNIX-compatible kernel
for the 386 platform
• His kernel was actually an adaptation of the earlier
MINIX operating system for the 386
• Linus worked long and hard on coding the kernel,
according the the legend, sometimes releasing two or
more versions in a single day
• Around 1992, GNU and the LINUX kernel were
combined to create what we now think of as Linux
Open Source Defined
• Depends upon the OS license – there are many!
• The GNU Public License has these aspects:
1. Free Redistribution – may not restrict or require a fee
2. Source Code – must distribute unobfuscated source
code
3. Derived Works – must allow modifications by others
4. Integrity of the Author’s Code – my require “patches”
5. No Discrimination Against Persons or Groups
6. No Discrimination Against Fields of Endeavor
7. Distribution of License – cannot add restrictions (NDA)
8. License Must Not Be Specific to a Product – bundling
9. License Must Not Contaminate Other Software
The Cathedral
• Think of the way that a cathedral is built - it is
overseen by the church and takes lifetimes to build
• The end result is usually quite beautiful, and a
testament to the work, but it is slow in the making
• Commercial software is built in exactly this way they take their time, release a few versions only now
and then, and try very hard to make sure that the
final product is beautiful (hopefully!)
• In software, this means insulating end users from the
process, and working very hard to make sure that
every possible bug is found and fixed before it is
released - just like making sure that the cathedral is
perfect before it is opened to the public
The Bazaar
• The bazaar, on the other hand, is a chaotic free-for-all
• Anyone can come to the bazaar if they bring the right
currency (skills) to the table
• The bazaar method makes all of the information available
to all of the people so that anyone with a knack or an
interest can tinker with whatever they want
• In the bazaar method, software is released frequently with or without bugs
• This invites the whole world to participate in the process bugs are found, people modify the code to suit them and
contribute it back to the project
• While this frequently means that a revision of software
may have a problem, it also means that it can be fixed very
quickly
“Viral Licensing”
• Following is a direct quote from a report by the European
Commission about Open Source Software:
Can the viral nature of the GPL damage OSS
business? It is said that the nature of the GPL
weakens the OSS business model, because
proprietary and open source approaches cannot be
combined in the same business strategy.
Challengers of the GPL like to spread fear about its
"viral" effect, but what is it exactly? Just one thing:
if you include or link at runtime GPL code in your
own application, it should become GPL also. In all
other situations, for example if proprietary and GPL
code just interacts through API’s or if proprietary
applications or drivers make normal calls to a GPL
operating system, there is no impact. In fact, almost
all software licenses have the same "viral" effect: for
example, if you obtain and include Microsoft code
into a derivate, this one should normally belong to
Microsoft.
Current Status
• Linux, runs now on some 20% of the
world servers in volume
• Apache, which runs over 60% of the
world's web servers
• Perl, which is the engine behind most of
the `live content' on the World Wide Web.
• BIND, the software that provides the DNS
(domain name service) for the entire
Internet.
• Sendmail, the most important and widely
used email transport software on the
Internet.
OSS F.U.D.
• [F]ear [U]ncertainty and [D]oubt
• Because of the highly polarized debate
on OSS, it is often difficult to get to the
true heart of the issue
• Both sides of the argument are guilty of
an overly one-sided argument
• The truth is that OSS is *not* the best
solution for all situations
• Let’s refer again to the European
Commission’s findings
F.U.D. Fighting
• OSS is just a new gadget
• OSS belongs to nobody
• People cannot be motivated to produce
OSS, because it is free
• OSS is just for hackers and students, not
for business
• OSS provides no support
• There is no stability, because so many
people can change the software.
• Divisions or “forking” will split OSS
projects in many un-compatible variants.
True OSS Risks
• Lack of accountability
• Reduced set of supported hardware
• Reduced set of business
applications
• Lack of guide-lines
• No guarantee that development will
happen
• Some limitations regarding highend installations (but IBM is
changing this problem)
• MJL: Difficulty – the Geek Factor!
OSS In the Enterprise
• Commercial support from a variety of “big
player vendors” such as IBM, Compaq, and
Dell
• Many companies now ship Linux preinstalled on select product lines
• Improved hardware support for enterprise
solutions such as the Compaq Smart Array
RAID adapter and others
• 24/7 Support contracts are available from
multiple sources such as LinuxCare, IBM,
and others
Popular uses for OSS
• Web server – Apache, PERL, PHP, and even
ASP emulation
• File server – NFS, Novell Emulation, SaMBa
Emulation
• Journaling File System (JFS)
• Mail / UNIX shell server
• Network appliance – dialup server, Linux
Router, security devices
• Programming and application development
platform
High-End OSS Computing
• One very real shortcoming in OSS /
Linux software is in high-end systems
• In particular, SMP support > 4 CPUs
• This is being addressed in several ways
• One way is to use IBM’s “Linux for
S/390” software
• Another way is to use “clusters” of
parallel-tasking machines such as the
Beowulf cluster system
Linux on the IBM S/390
• Runs on the “zSeries” server
• Can run in “native” mode as the main and
only operating system
• Can also run in logical partitions so that you
can run native OS/390 applications in one
partition, and Linux in another
• IBM made a test server available and offered
free computing time to anyone who wanted to
play with it
• Will provide service and support
• Future plans for “memory speed” network
communication between partitions
Beowulf Clusters
• Makes use of many cheap PC’s
• Communicate over regular 100mb/s or
Gigabite Ethernet
• Requires specialized client software but can
be installed on free Linux distributions
• Very popular in universities and schools
where cheap number crunching is required
such as physics and math
• E.g. National Oceanic & Atmospheric
Administration
Security on OSS software
• Some people say that OSS is inherently
insecure for a few reasons:
–
–
–
–
Anyone can scan the source code for problems
OSS developers are not “paid” to look for bugs
People simply like to hack UNIX and Linux
Lack of organized control over code
• Some people say that OSS is inherently secure
for a few reasons
–
–
–
–
Anyone can scan the source code for problems
OSS developers are not “paid” to look for bugs
People simply like to hack UNIX and Linux
Lack of organized control over code
Training
• One sign of a robust industry is
standardization of skill-sets and
certification
• Three major Linux certification exist:
– The Linux Professional Institute
– GNU / Sair Linux
– Red Hat – Red Hat Certified Engineer
• These are challenging certifications
• The curriculum is publicly available –
read it!
Support
• Contrary to the F.U.D., there are
support mechanisms for Linux
• Look to your favorite hardware vendor
• Many national companies will sell
support contracts – check your handout
• There are also many resources in
Michigan, certainly many more than are
listed in your handouts
Mark Lachniet
[email protected]