dacs.doc electric

 

Free For All & Crypto

by Jim Scheef

 

I’m going to review two books and right up front I’ll tell you that I want you to read them both. As you read this review, be aware that I’ll switch back and forth between two hats at will. Most of the time I’ll be wearing my computer nerd hat as I think these are both interesting books that deserve your attention and tell important parts of computing history that you - fellow computer nerds - should know. The other hat is my literary critic hat; something that takes real nerve for someone who flunked spelling in seventh grade!

The first book is Free for All - How Linux and the Free Software Movement Undercut the High-tech Titans by Peter Wayner published by HarperCollins, 2000, 340 pages hardcover including index and bibliography.

Did you ever wonder why Linus Torvalds started working on his own version of UNIX when several others are available? For that matter why is FreeBSD free? Is OpenBSD really open and what, if any, is the difference between free and open? Why didn’t Richard Stallman and his Free Software Foundation write an operating system or did they? Why is Linux protected by the Gnu General Public License (GPL)? [If you didn’t know Linux has a license agreement, you are excused, but if you don’t know what a license agreement is, you can immediately put down this review and shoot yourself in the foot which should blow out your brains.] All of this and much more is explained, sometimes in excruciating detail, in Free for All.

Even if you don’t read Free for All, I absolutely insist that you read crypto - How the Code Rebels Beat the Government- Saving Privacy in the Digital Age by Steven Levy published by the Penguin Group, 2001, hardcover, 356 pages including index and notes.

If you watch the History Channel, you know all about the code breakers at Bletchley Park, England, and the "Ultra" secret of World War II. American and British cryptanalysts broke both the German and Japanese codes just before WWII. But have you ever wondered about our codes during WWII? Did the enemy ever break any of our codes? You don’t hear about this because all information about cryptography - the science of encrypting information you want to keep secure - was classified during the war and has never been unclassified. crypto is the story of public cryptography, something you use everyday without even realizing it. Many things we take for granted today, like automatic teller machines, would not be possible without public cryptography.

Free for All

What is "free software"? Well it means different things to different people. In the early days of the personal computer, the term ‘freeware’ was used to describe programs that could be distributed freely. Most of the time, the authors retained a copyright and/or limited redistribution in some way. This was great, but if there was a problem you had to go back to the author, if you could find him, and ask that he fix the bug. For Richard Stallman, free software meant that you could do anything you wanted with the software including change it in any way you wanted. Naturally this meant that you must have the source code so that you can fix or change it to meet your needs. Stallman defined four principles for truly free software:

The freedom to run the program, for any purpose (freedom 0).

The freedom to study how the program works, and adapt it to your needs (freedom 1).

The freedom to redistribute copies so you can help your neighbor (freedom 2).

The freedom to improve the program, and to release your improvements to the public so that the whole community benefits (freedom 3).

So, is it free like free beer? Is it free as in free speech? Richard Stallman, the prototypical hacker, found an important difference. Thus was born the GNU General Public License which requires that software be distributed with source code (one meaning of the term "open source"). The GPL has another very important restriction: any derivative work that is distributed must also carry the GPL. This means that once something is released under the GPL, no one can take the source code and use it to build a proprietary product. This is why Microsoft has likened the GPL to a virus.

OK, so what is GNU? What does Richard Stallman have to do with Linux? Why is some software "open source" but not GPL? Can you sell "free" software? The answers to these and many other questions are told as part of a very interesting story that includes the Microsoft anti-trust trial and the story of how UNIX came to be "free". The unfortunate side to this book is that it appears to have been rushed to press. There are parts of the book written in different styles. My guess is that Peter Wayner suffered under several editors while writing the book. While reading the book there were times when I wished he would just cut to the chase.

Wayner credits the success of Linux not to Linus Torvald’s skill as a programmer but rather to his skill as an organizer and manager and to his use of the GNU GPL. The story of the UNIX “begets” is worthy of a book in itself. How AT&T UNIX begat 386BSD and somehow morphed into the three forks we have today: FreeBSD, NetBSD, and OpenBSD has all the elements of a soap opera (except sex). All of these UNIX variants are "open source" but have a different license. Read the book to find out why.

crypto

For many years after it was created in 1952 by a secret Presidential order, the words "National Security Agency" were never seen in print. The NSA was so secret the people who worked there could not utter the name of the organization. The agency was charged to maintain the lead our nation enjoyed following WWII in both cryptography and cryptanalysis. Cryptography is the science of creating codes and ciphers, while cryptanalysis is the means to extract the plain text message from a secret code without the original key. For centuries these skills have been the realm of government and the military. For everyone else, if you wanted your message kept secret, you delivered it yourself! Corporate secrets were kept in a vault. Confidential information was kept in locked desk drawer.

Like any good bureaucracy, the spooks at Fort Mead, home of the NSA, used every means they could to keep this their exclusive province. This included a building with no sign, surrounded by three fences. These guys meant to keep the secret of secret codes secret, yet they failed. How did a handful of visionaries pull this off? They story is fun, and Steven Levy is a truly great writer.
The story of crypto begins in 1969 with a visionary named Whit Diffie. Diffie would have been a computer nerd had computers been more available in 1969, yet he understood that encryption would be needed for the computer-based commerce that was coming. So he set out to learn more about a topic that our government classified with missiles, nuclear weapons and similar articles of mass destruction! Of course Diffie was not the only person to figure this out. His contribution - the concept of a split key, led to the birth of public key cryptography. This was and is the key (no pun) to the secure internet transactions today we use today. Somewhere in the middle of this is the story of how five guys created RSA Data Security.

It was no less than IBM that developed the first computer encryption available outside the government. How an IBM research project became the Data Encryption Standard (DES) is a fascinating story full of irony and, of course, meetings with the spooks from Ft. Mead. If anyone other than IBM had developed this product, we would probably still be waiting in line for the bank teller.

Then there is the story of Phil Zimmermann and Pretty Good Privacy (PGP). The release of PGP in 1991, after five years of solitary work, literally blew the doors off any remaining government control of public cryptography. PGP was written specifically to prevent government control of cryptography and hence to enable personal privacy. After the release of PGP 1.0, Zimmermann realized that he needed help and, like Linus Torvalds, used the fledgling Internet to bring together a geographically diverse group to improve the program.

The next leg of the story is the Clipper Chip. Remember the controversy this caused during the Clinton administration? Clipper is an encryption system created by the NSA that has a "back door" controlled by the government. If Bill had been able to keep his pants on, this might have succeeded. The real reason it failed was also the impetus behind all of the other public crypto efforts - no one trusts the government to run crypto!

Steven Levy tells a story in an easy natural manner that keeps you glued to the book. While crypto would probably fail the "Don Imus first page test" if the I-Man were to read it, I was hooked before I finished the first page of the Preface. There is just no comparison between crypto and Free for All on the basis of the writing (sorry Peter), but the stories are equally compelling.

Both of these books will be added to my list of required reading.

Now I’d like to step onto my soap box for a minute. If the people described in crypto had lived somewhere outside the United States, they would likely have landed in jail. The NSA was prevented from such tactics by a niggling little detail - the First Amendment to the Constitution of the United States of America. In recent weeks some of our leaders have called for new controls on encryption and other limits to our civil liberties. We must be vigilant and vocal if we are to protect the very freedoms that the terrorists sought to destroy.


Jim Scheef is the Mad Scientist at Telemark Systems Inc. where he develops custom software using Visual Basic and SQL Server and provides networking services using Windows NT/2000. He has been a DACS member since the day DOG became WC/MUG.

BackHomeNext