Friday, June 30, 2006


Newsforge reported today about Huawei's assertion that it has applied for a patent that may impact the standardization of syslog over SSL,"Patent application jeopardizes IETF syslog standard". Am I the only one who finds Huawei's assertion of intellectual property rights more than just a little bit ironic, particularly given the suit with Cisco that was settled back in 2004?

That said, without knowing the details of Hauwei's patent, I find it hard to believe that running anything over SSL could conceivably be considered novel by the patent office. Given that both syslog and SSL have existed for quite sometime and SSL was made to be able to run various protocols over it, the combination can't be considered novel. If the patent office lets this through, can I take any other existing protocol and combine that with SSL to create a patentable technology? Maybe I can patent Apples iTunes download service running over SSL, for instance. ;-)

In terms of whether this patent application actually does impact syslog over SSL, isn't it nice that open source will allow us to adapt and evolve to other secure logging standards, if and when the larger networking community decides what those are?

Thursday, June 29, 2006

Linux, supercomputers, and where we go from here

I found this article today, courtesy of the folks at Tectonic in South Africa: Linux continues to rule supercomputers. It seems that yet again Linux continues to rule the list of most powerful computers on the planet. Tectonic reports that 73.4% of the top 500 supercomputers use Linux, including the top two fastest machines.

Remember the days when Linux just ran on a single-processor, 32-bit, x86 system? It was big news when Linux finally made the jump to SMP support. These days, Linux runs on everything from your cell phone to the big-iron described in the Tectonic article.

"What does this have to do with open-source networking?" I hear you ask. Well, as I have gone out and talked with the press, I have repeatedly been asked questions such as, "Doesn't networking, and routing in particular, demand proprietary hardware and software in order to run at speed?" The implication of the question is that proprietary products are better since they are somehow more well-tuned than open-source products.

My typical reply is, "Well, no. Certainly there are limits to what can be achieved by a software forwarding plane, but realize that most mid-range proprietary products are using software forwarding planes, too, and you're just paying more for them than you would for more powerful commodity hardware. Further, don't confuse open-source networking with a software-based forwarding plane. Those are two orthogonal ideas. Obviously, not all closed-source products use hardware-based forwarding. Similarly, one can build open-source networking products with hardware-based forwarding for higher performance."

The fact is, open-source networking is where Linux was in 1995: single-processor, 32-bit, x86 only. There is no fundamental technical reason why it must stay that way, however. In the same way that Linux runs from your mobile phone to the fastest two supercomputers in the world, look for open-source networking to be running on everything from your low-end set-top box to your carrier core. Maybe not this month, maybe not next month, but soon...

Friday, June 23, 2006

Damn hot

Yea, Allan, I grew up in Santa Rosa and I don't have air conditioning in my current house. It's damn hot.

Dining with Dave, Mike, Simon, and Tony

This last week, the Vyatta management team sat down to dinner with the Vyatta advisory board. We went to a local restaurant and chatted about all manner of stuff. I think I got the best seat in the house. I had Tony Li (Juniper/Procket/Tropos) across the table, Mike Schroepfer (Mozilla) to my left, and Simon Crosby (XenSource) to my right.

Tony was asking all sorts of technical questions about the Vyatta code base and what changes we thought we needed to make over time. He had several good comments about implementing particular features (QoS and others) and what to avoid. In terms of routing and networking code, Tony has seen it all from an implementation perspective.

Mike shared a bunch of fascinating stories about Mozilla's download infrastructure and how to avoid an international incident surrounding the default "skin" of your Firefox World Cup plugin. (The short story here is that Mozilla released a Firefox plugin that keeps World Cup fans up-to-date on all the latest scores. The plugin also allows you to "skin" your browser with your favorite team colors. It also implements a default skin that comes up the first time. Unfortunately, the plugin was developed here in the USA and somebody who shall remain nameless had the default skin be the USA skin. Of course, the USA is nowhere in World Cup and this only resulted in a lot of tweaked global fans outside the USA. Doh! ;-) )

Simon was all about marketing. I got peppered with a list of questions surrounding our model and where we were going. We discussed the upcoming 1.0 milestone and how we help support the community as it moves from trials and testing to actual deployment.

Dave Newman was a bit down the table, but I could hear him discussing DECnet at one point. Ah, those were the days. ;-)

This was a great evening. Everybody was double-checking our work and giving us great suggestions for how to move forward with Vyatta, based on their extensive experiences in the networking and open-source worlds. As I drove home, I couldn't help but think we have a rocking advisory board! These guys are great.

Wednesday, June 21, 2006

Cisco to Black Hat: "If I give you some money, will you still love me?"

Earlier this week, I was reading an article at Infoworld titled After lawsuit, Cisco embraces Black Hat. If you'll remember back to last year, Cisco sued both everybody and their brother to stop the release of information regarding an IOS security vulnerability. Security researcher Michael Lynn was confronted with a restraining order stopping him from talking about the issue and Cisco sent a bunch of folks over to Black Hat to cut/tear the pages of Lynn's presentation from the conference proceedings (juicy video).

This year, Cisco is a platinum sponsor of the event. In an understatement of the year, the Infoworld article quotes Cesar Cerrudo, chief executive officer of security research firm Argeniss as saying, "I think they realized that public relations is more efficient than legal battles." Yup.

Not to belabor the point, but we'd be more than happy for the broad security community to help us find potential exploits in the Vyatta code base. You can grab the complete source online, right now. All we ask is for a little notification as a courtesy before any publishing. Other than that, have at it. We're very interested in security issues and we'll work with you rather than bringing legal action against you.

Friday, June 09, 2006

Interchangeable Parts

The other day, the worst possible scenario happened: toilet repair duty reared its ugly head (so to speak) on the home-front. One of the joys of home ownership is that you get a first-hand lesson in entropy, the fact that all things decay over time. And because you own them, you're responsible for repairing them. In my case, the rubber gasket that separates the tank from the bowl had disintegrated, causing all the water in the tank to continually drain out.

So, off to the hardware store. Like any guy, I tried to look cool. I adopted my "I do this all day, every day, for a living" pose. After about 5 minutes of browsing all the various pieces of toilet-repair gear, a store employee came by and asked me if I needed any help (this was a local store, not a home-improvement super-store where I would have been on my own).

"Are you finding everything you need?" he asked.

"Yea, I think so," I replied. "I have a case of the tank just leaking into the bowl. What do you recommend I try first?"

"Well," he said thoughtfully, pausing briefly before delivering a juicy tidbit of hardware-store wisdom. "Toilets are an art, not a science. Try a new flapper and if that doesn't work, replace the seal between the tank and the bowl. Assuming you have a standard toilet model, this or this should do the trick," he suggested, pointing to a couple flappers and gaskets.

I grabbed the suggested flapper and gasket. My wife had also suggested that I replace an aging seat that she really didn't like with a new one. I asked about that. "What are my options for new seats?"

"Well, fortunately, seats are pretty standard. You basically have a choice between round and oval," he said, pointing to a wall of decorator options. There were wood ones, plastic ones, white ones, green ones, and pink ones. Just about every option you can imagine, all in two standard shapes, round and oval. I chose one and headed home.

After all was said and done, it ended up being the gasket, not the flapper, but I replaced that, too. My wife was pleased with my choice in seats (basic white is always safe). I learned quite a few things about toilets, life, and open source during the whole experience.

First, toilets really are an art, not a science. Between all the mechanics of a toilet, fill levels, etc., a toilet is about as complex as a Boeing 747. It's a wonder modern society isn't overflowing with raw sewage.

Second, go for the flappers that have a rigid plastic piece to them, not the cheapie ones that are just completely rubber. The rigid plastic arms make the flush mechanics work far better and they are worth the extra $4.

Finally, open interfaces and interchangeable parts are wonderful inventions. Fortunately, my problem toilet was a mainline brand and didn't involve any oddball mechanics. I had plenty of spare parts to choose from and I could get what I needed right off the shelf at the local store without having to either hunt all around town or special order anything. Had I been unlucky enough to have the problem with a more specialized model, it would have been a lot more expensive and time consuming to fix.

That last point has a lot to do with the world of open-source. Open-source fosters the creation of standard interfaces, interchangeable parts, and multiple suppliers. And so if you have your open-source router crap out on you (sorry, I couldn't resist) in a few years, you'll have multiple standard options for how to fix it.