The are the usual cost benefits of buying the software and running it on older hardware. But as more of the city runs on the same software they can support each other, this is similar in some ways to how the Military works.
They have contracts for support, but most issues are resolved by local units or calling someone at another base for help.
Linking this with schools would be a big push for me. Why not provide the students with the chance to work on the systems, or in the programming class to write software that the city needs? There are some schools in California where the computers are run by the parents and volunteers who work tech jobs. Since many schools require students to do community service to graduate this might also be an opportunity for that.
As I was thinking about what to write I realized the question of why I write software and give it away is also the reason. Hopefully this will make more sense by the time I finish, if not please email me for any clarifications or questions.:)
I would also like to have a disclaimer that I work for a company that has commercial, closed source, software and I am the main developer for that program. Although my preference is Open Source, my employer has final say in how the software I write on their time is used. I like working for the company, so we have an agreement about releasing some code openly and some closed.
My first exposure to "Open Source" software (c: it was not called that at the time) was in the Marine Corps, I was stationed on El Toro in Santa Ana, CA and tasked with being the "firewall administrator." The first thing I did was look for the fire exists and extinguisher.
Because I was given this responsibility, and the Military would not train me on maintaining the system (c: nobody else there knew it and we did not have the money for classes), I was forced to start poking around on the system. The system was using BSDI and Gauntlet as the firewall software.
When I didn't know how something worked, or when I had the question "why" I could always start looking. I took a long time before I ever managed to fix my own mistakes, but I learned how to troubleshoot and tackle problems procedurally. This helped tremendously when I was in the field, when other people would get overwhelmed by inspections, formations, the route for the march, etc. I just broke it down and started to pick it apart like the firewall.
Had the Military sent me to any formal training I don't think I would have had that, because I would have stopped learning when I knew how to perform the basic functions. Or I would have waited for someone to send me to a class where I would be told most of what I needed to do and provided with the information. There would also be no opportunity to become enthralled in why this box did what it did, which would not have translated into learning how to handle situations where I am not given every piece of information or a long time to prepare.
When I was transferred from MCAS El Toro to MCAS Miramar in 1998 my SNCOIC was sent to the secondary 40xx MOS school. In that class they used a Portuguese version of Linux to setup DNS servers. There were two main reasons that they used Linux, the cost and the availability.
Keep in mind that not every department in the Military has a ton of money, some of the 3MAW units were still using 486 computers on the desktop when I was on MCAS Miramar in 1999. They were able to do this because the servers were running Banyan VINES, which hosts the email and file storage at the server rather than the local computer. When we were forced, even after I put up a BIG fight, to migrate to Windows NT as part of the BRAC this changed; virtually all of the networking and desktop systems, which had not been recently purchased, had to be torn out.
The cost justification for using Linux to teach was that it wouldn't have to be authorized for the budget and could be setup quickly because it was freely available.
I don't know if you are familiar with the way the budget works, but if you don't spend the money you are allocated for the year you loose it; and your budget for the next year is probably going to be lower. There's no incentive to NOT spend money like it would never end.
But not everybody had that money, so using Linux provided the lowest common denominator that everyone could use.
After having been on MCAS Miramar I was one of the only people with Unix backgrounds, everyone else learned NT because of the BRAC migration. When talking to one of the other "old timers" on another base, I became aware of the number of programmers the DoD has. Yet the DoD does not write much of its own software for general use, they use COTS software instead.
The money the DoD spends on buying software could easily finance the programmers writing that functionality into any needed software. This software could easily be used in other Government departments and would not require the purchase of an entirely new application to get any needed functionality or features.
I realize my thought process is has run away, so to cut this short and summarize my reason for writing code and giving it away is because I like to ask "why".
If you are interested, some specific examples of why include:
1. I am a Marine and I come from a _very_ military family; of my 9 siblings 6 have already served in addition to my Father and Uncles. I never want to hear about a Marine, Sailor or Soldier killed in combat because their Pocket PC crashed. Nothing will ever be completely fail safe, but Open Source allows for a bigger review process with a better chance of finding problems.
Consider encryption, why doesn't the Government keep their encryption schemes a secret if they are supposed to be used to secure the most sensitive data they have? Why not throw all the Russians in jail under the DMCA if they try to break the encryption? We could have ended the Cold War a lot quicker that way.
2. The DoD has a lot of programmers, what would it look like from a cost savings perspective if those programmers contributed to Open Source? How much money would the DoD save in making Linux Common Criteria Certified and deployed internally. Use SE Linux, created by the
NSA, on the servers and critical desktops, SAMBA for file and print sharing, etc. The put the money towards beans, band-aids and bullets.
This is one of my motivations, because I have "been there, done that" in the field with old, outdated, hand-me-down equipment falling appart. The justification was always that we did not have the money, but if you went into our comptuer room we have rows of Compaq Proliant 6500 computers fully loaded running Windows NT. With Linux we would not need machines that big, or that expensive. We would also save money on the licensing and not have to upgrade so often.
3. If I write software I usually learn something in the process, often not just about the program but about myself as well. But if I have other people contributing to my code I can learn from them as well, if the code is closed they are less likely to contribute their knowledge and experience. This allowed me to learn things much faster and tap a much broader knowledge base when I get into a Portuguese bind (c: BIND = = DNS).
4. So I can ask why. Why does this work? Why _doesn't_ this work? Why can't I do what I want to do?
By asking "why" I poke and prod until I either have more questions or until I get sued and put in jail.
Unlike many people I do not tend to stop when I am faced with what at first appears to be an unanswerable question; I pick it appart or ask for the assistance of others to find the answer; which leads to more questions.
Because it is not the answer that is important, it is where you are left after having had the inquiry.
What good is it to talk to myself?
That is what it is like to program with closed source software, nobody but your co-workers can see what you have created. Nobody can witness that clever algorithm you created to solve a really thorny problem; all they see is the result of the program in action.
As an example, earlier today I had a co-worker who took a 15 line script for error checking and re-wrote it in 2 lines of regular expressions. But that is not the interesting part for me, when he sent me the new code he pointed out that I "always make things difficult" when they do not have to be.
My program is an expression of myself. Who I am being when I write software is the same, generally speaking, as when I am with family and friends. When he pointed out to me that I always make things more difficult, one of the first things that came to mind was that a very dear friend had said the same thing to me the night before.
When someone comments on my code or my coding stle, they are commenting on who I was being when I wrote that code. It is an extension of how I choose to express myself under that particular situation.
By opening the source I can have the inquiry with the world with amazing results. What happens when you are open to the possibility of allowing others to contribute to not only your program but yourself in the process.
Semper Fi,
Wayne Pierce
Former SGT USMC
PS: I am MUCH better with firewalls now.;)
----
wpierce at athenasecurity dot com
VP of Technology
Athena Security
Information Security is a process, not a product.
In the past I've programmed in C, C++, Java, Jython, Python, Perl, Clips, Scheme and Tcl/Tk. What I like about Ruby is the 'everything is an object' mentality; this has saved me a lot of time and hassle learning the language.
What I don't like is all the 'end' statements (mostly because I tend to forget or mis-place a few of them).
If anyone at "BlackAdder" is reading this I would love to have a Ruby IDE. One thing that I would love to have is the ability to 'compile' the scripts. I'm not interested in preventing reverse engineering or improved performance; I write code that may be put on a firewall or other secure machine. We don't allow interpreters or compilers on the systems, therefore I can't use rb2exe or similar programs as they require the interpreter.
I think part of the problem Ruby has, at least for now, is that most of the original work is in Japan. When I try to find information I usually have to work from a translation, or read code on a.jp page. Many of the hooks or modules that would be standard on Python or Perl are also not available for Ruby at this time.
If you are concerned about platform support, or the users turning off their software; scan before the data gets to their desktop.
I wouldn't recommend Norton for this though; Norton was designed for the desktop and their server products are "lacking" compared to competitors. The two I've had the best experiece with are Trend Micro's Interscan Virus Wall or Aladdin's eSafe. My personal preference is for Aladdin's eSafe (as long as you don't tie it into Checkpoint's firewall;-) if you do that use Trend).
From what I've seen Aladdin's product holds up best under high stress using the same hardware; they don't have to operate as a proxy like Trend. Both of these companies started at the gateway, so their desktop product generally sucks compared to Norton.
Trend's desktop is the usual anti-virus scanning program; Aladdin's is a personal firewall and content checking program (uses SurfCONTROL for the URL list).
If you have any questions about the two drop me a line at "wpierce at athenasecurity dot com".
One big difference is that it allows the person sending the document to place restrictions on how and when the document can be used. With PGP you would have no way to prevent them from forwarding the information to individuals who are not supposed to view the data.
Thanks for the extremely well written comment. I agree with your sentiments, although I doubt that I would ever be able to word it so well.
>The most ideal place is to the stars. But I don't think mankind is headed out that way for a long, long time.
Hopefully we'll be able to prove you wrong on that one (at least on the "long, long time" part). We aren't many and we've got a long ways to go, but we're persistant.
I'd start them with Python. It's easy to learn and you can write Java code with jPython [c: same syntax, basically].
They can start writing code on the Win 98 box and later use the same language to write shell scripts for *nix or dynamic web pages.
You can build graphical interfaces with Tk, MFC, GTK, Qt, wxWindows and a bunch of other toolkits. There's also work being done to teach Python as a first language in high schools.
Code can easily be integrated with C++ or Java as well.
Run a HMAC MD5 or HMAC SHA1 hash against the files, and have that hash presented to the server when you try to connect. If they match the hashes that the server allows they can play, if not they get notified and given the option to play on a "modified client" server.
The server could keep a dbm of the hashes (c: there shouldn't be too many, I would think) created with the private key of the author. The problem is that the client would need to run the files through the public key of the author and return the hash to check against the server.
There's nothing stopping them from sending a false hash back or runnning a different client after the first has been checked. If an app had to be launched from the server side that you pointed at a file to hash it could check and send the data back automatically for verification.
If it passes it might automatically start the game. This might help prevent someone from sending a hash that wasn't generated, because the program will get the hash itself. As well as preventing them from running a different client after the first was checked, the server would spawn the program that was hashed. This would also get around the problem of updating the keys on the client side, everything would run on the server.
Anyone interested in building a prototype in JPython/Java to see how it works?
Don't try to take too much on at once. Move into it gradually, and refine the business plan as necessary.
Remember that the business plan is nothing more than a roadmap of where you -want- to go. It's a living document that should be consulted and revised from time to time. Try to keep it current; if you have to, set aside a day every once and a while to review it. Check to see if you are on track, have your plans changed, has the market changed, etc.
If you're in the US, keep this URI under your pillow:
http://www.score.org
SCORE is the Service Corps Of Retiered Executives. They give free business advice to any US based business. They have local offices across the US, as well as email consultation. I've only used the email version, but the people there were -very- helpful.
Most importantly, know how much risk you can take. If it's a sinking ship..step back and decide if it's still worth continuing.
The best thing you can do is fail the first time. This may not sound good, but the next time you run a business you'll know what failure is like and be more careful. Especially when it comes to VCs and they have to put their money into your company. If you've failed and started again it shows that you won't give up easily and, hopefully, you've learned something along the way.
It'll help inject a dose of reality into the situation as well.;-)
Anyway, that's my take on it..from personal experience.
Slashdot Mirror
The are the usual cost benefits of buying the software and running it on older hardware. But as more of the city runs on the same software they can support each other, this is similar in some ways to how the Military works.
They have contracts for support, but most issues are resolved by local units or calling someone at another base for help.
Linking this with schools would be a big push for me. Why not provide the students with the chance to work on the systems, or in the programming class to write software that the city needs? There are some schools in California where the computers are run by the parents and volunteers who work tech jobs. Since many schools require students to do community service to graduate this might also be an opportunity for that.
Do you have any links for these reviews?
As I was thinking about what to write I realized the question of why I write software and give it away is also the reason. Hopefully this will make more sense by the time I finish, if not please email me for any clarifications or questions. :)
;)
I would also like to have a disclaimer that I work for a company that has commercial, closed source, software and I am the main developer for that program. Although my preference is Open Source, my employer has final say in how the software I write on their time is used. I like working for the company, so we have an agreement about releasing some code openly and some closed.
My first exposure to "Open Source" software (c: it was not called that at the time) was in the Marine Corps, I was stationed on El Toro in Santa Ana, CA and tasked with being the "firewall administrator." The first thing I did was look for the fire exists and extinguisher.
Because I was given this responsibility, and the Military would not train me on maintaining the system (c: nobody else there knew it and we did not have the money for classes), I was forced to start poking around on the system. The system was using BSDI and Gauntlet as the firewall software.
When I didn't know how something worked, or when I had the question "why" I could always start looking. I took a long time before I ever managed to fix my own mistakes, but I learned how to troubleshoot and tackle problems procedurally. This helped tremendously when I was in the field, when other people would get overwhelmed by inspections, formations, the route for the march, etc. I just broke it down and started to pick it apart like the firewall.
Had the Military sent me to any formal training I don't think I would have had that, because I would have stopped learning when I knew how to perform the basic functions. Or I would have waited for someone to send me to a class where I would be told most of what I needed to do and provided with the information. There would also be no opportunity to become enthralled in why this box did what it did, which would not have translated into learning how to handle situations where I am not given every piece of information or a long time to prepare.
When I was transferred from MCAS El Toro to MCAS Miramar in 1998 my SNCOIC was sent to the secondary 40xx MOS school. In that class they used a Portuguese version of Linux to setup DNS servers. There were two main reasons that they used Linux, the cost and the availability.
Keep in mind that not every department in the Military has a ton of money, some of the 3MAW units were still using 486 computers on the desktop when I was on MCAS Miramar in 1999. They were able to do this because the servers were running Banyan VINES, which hosts the email and file storage at the server rather than the local computer. When we were forced, even after I put up a BIG fight, to migrate to Windows NT as part of the BRAC this changed; virtually all of the networking and desktop systems, which had not been recently purchased, had to be torn out.
The cost justification for using Linux to teach was that it wouldn't have to be authorized for the budget and could be setup quickly because it was freely available.
I don't know if you are familiar with the way the budget works, but if you don't spend the money you are allocated for the year you loose it; and your budget for the next year is probably going to be lower. There's no incentive to NOT spend money like it would never end.
But not everybody had that money, so using Linux provided the lowest common denominator that everyone could use.
After having been on MCAS Miramar I was one of the only people with Unix backgrounds, everyone else learned NT because of the BRAC migration. When talking to one of the other "old timers" on another base, I became aware of the number of programmers the DoD has. Yet the DoD does not write much of its own software for general use, they use COTS software instead.
The money the DoD spends on buying software could easily finance the programmers writing that functionality into any needed software. This software could easily be used in other Government departments and would not require the purchase of an entirely new application to get any needed functionality or features.
I realize my thought process is has run away, so to cut this short and summarize my reason for writing code and giving it away is because I like to ask "why".
If you are interested, some specific examples of why include:
1. I am a Marine and I come from a _very_ military family; of my 9 siblings 6 have already served in addition to my Father and Uncles. I never want to hear about a Marine, Sailor or Soldier killed in combat because their Pocket PC crashed. Nothing will ever be completely fail safe, but Open Source allows for a bigger review process with a better chance of finding problems.
Consider encryption, why doesn't the Government keep their encryption schemes a secret if they are supposed to be used to secure the most sensitive data they have? Why not throw all the Russians in jail under the DMCA if they try to break the encryption? We could have ended the Cold War a lot quicker that way.
2. The DoD has a lot of programmers, what would it look like from a cost savings perspective if those programmers contributed to Open Source? How much money would the DoD save in making Linux Common Criteria Certified and deployed internally. Use SE Linux, created by the
NSA, on the servers and critical desktops, SAMBA for file and print sharing, etc. The put the money towards beans, band-aids and bullets.
This is one of my motivations, because I have "been there, done that" in the field with old, outdated, hand-me-down equipment falling appart. The justification was always that we did not have the money, but if you went into our comptuer room we have rows of Compaq Proliant 6500 computers fully loaded running Windows NT. With Linux we would not need machines that big, or that expensive. We would also save money on the licensing and not have to upgrade so often.
3. If I write software I usually learn something in the process, often not just about the program but about myself as well. But if I have other people contributing to my code I can learn from them as well, if the code is closed they are less likely to contribute their knowledge and experience. This allowed me to learn things much faster and tap a much broader knowledge base when I get into a Portuguese bind (c: BIND = = DNS).
4. So I can ask why. Why does this work? Why _doesn't_ this work? Why can't I do what I want to do?
By asking "why" I poke and prod until I either have more questions or until I get sued and put in jail.
Unlike many people I do not tend to stop when I am faced with what at first appears to be an unanswerable question; I pick it appart or ask for the assistance of others to find the answer; which leads to more questions.
Because it is not the answer that is important, it is where you are left after having had the inquiry.
What good is it to talk to myself?
That is what it is like to program with closed source software, nobody but your co-workers can see what you have created. Nobody can witness that clever algorithm you created to solve a really thorny problem; all they see is the result of the program in action.
As an example, earlier today I had a co-worker who took a 15 line script for error checking and re-wrote it in 2 lines of regular expressions. But that is not the interesting part for me, when he sent me the new code he pointed out that I "always make things difficult" when they do not have to be.
My program is an expression of myself. Who I am being when I write software is the same, generally speaking, as when I am with family and friends. When he pointed out to me that I always make things more difficult, one of the first things that came to mind was that a very dear friend had said the same thing to me the night before.
When someone comments on my code or my coding stle, they are commenting on who I was being when I wrote that code. It is an extension of how I choose to express myself under that particular situation.
By opening the source I can have the inquiry with the world with amazing results. What happens when you are open to the possibility of allowing others to contribute to not only your program but yourself in the process.
Semper Fi,
Wayne Pierce
Former SGT USMC
PS: I am MUCH better with firewalls now.
----
wpierce at athenasecurity dot com
VP of Technology
Athena Security
Information Security is a process, not a product.
QuakeC??
:-) Is that really a language? I wonder what the IDE would be like...run around with a shotgun and shoot the functions you want to use?
--
In the past I've programmed in C, C++, Java, Jython, Python, Perl, Clips, Scheme and Tcl/Tk. What I like about Ruby is the 'everything is an object' mentality; this has saved me a lot of time and hassle learning the language.
.jp page. Many of the hooks or modules that would be standard on Python or Perl are also not available for Ruby at this time.
What I don't like is all the 'end' statements (mostly because I tend to forget or mis-place a few of them).
If anyone at "BlackAdder" is reading this I would love to have a Ruby IDE. One thing that I would love to have is the ability to 'compile' the scripts. I'm not interested in preventing reverse engineering or improved performance; I write code that may be put on a firewall or other secure machine. We don't allow interpreters or compilers on the systems, therefore I can't use rb2exe or similar programs as they require the interpreter.
I think part of the problem Ruby has, at least for now, is that most of the original work is in Japan. When I try to find information I usually have to work from a translation, or read code on a
--
...you'll never receive it, and they won't bother to give you any information.
--
If you are concerned about platform support, or the users turning off their software; scan before the data gets to their desktop.
;-) if you do that use Trend).
I wouldn't recommend Norton for this though; Norton was designed for the desktop and their server products are "lacking" compared to competitors. The two I've had the best experiece with are Trend Micro's Interscan Virus Wall or Aladdin's eSafe. My personal preference is for Aladdin's eSafe (as long as you don't tie it into Checkpoint's firewall
From what I've seen Aladdin's product holds up best under high stress using the same hardware; they don't have to operate as a proxy like Trend. Both of these companies started at the gateway, so their desktop product generally sucks compared to Norton.
Trend's desktop is the usual anti-virus scanning program; Aladdin's is a personal firewall and content checking program (uses SurfCONTROL for the URL list).
If you have any questions about the two drop me a line at "wpierce at athenasecurity dot com".
Wayne
--
One big difference is that it allows the person sending the document to place restrictions on how and when the document can be used. With PGP you would have no way to prevent them from forwarding the information to individuals who are not supposed to view the data.
Wayne
--
Security.
--
Thanks for the extremely well written comment. I agree with your sentiments, although I doubt that I would ever be able to word it so well.
>The most ideal place is to the stars. But I don't think mankind is headed out that way for a long, long time.
Hopefully we'll be able to prove you wrong on that one (at least on the "long, long time" part). We aren't many and we've got a long ways to go, but we're persistant.
Wayne
ASI Member
--
I think it should be owned by the person that created it, especially if you are paying to be there.
If they claim that you are 'hired' and thus it's their code...ask for your tuition back and a pay check.
P-
What about putting PSINet in the MAPS RBL?
I'd start them with Python. It's easy to learn and you can write Java code with jPython [c: same syntax, basically].
They can start writing code on the Win 98 box and later use the same language to write shell scripts for *nix or dynamic web pages.
You can build graphical interfaces with Tk, MFC, GTK, Qt, wxWindows and a bunch of other toolkits. There's also work being done to teach Python as a first language in high schools.
Code can easily be integrated with C++ or Java as well.
Wayne
You can always help ASI, we're going to get to the Moon. It's not a question of if, but of when. http://www.asi.org Wayne
How about persistant connections with PHP?
Since UNIX is case sensitive, shouldn't 'UNIX.com' be different than 'unix.com' ;-)
Take a look at http://www.worldforge.org it'll be much better for a game framework.
'nuff said.
I would as long as I could upgrade it some. Which is why I don't currently have a hacked one either...
Run a HMAC MD5 or HMAC SHA1 hash against the files, and have that hash presented to the server when you try to connect. If they match the hashes that the server allows they can play, if not they get notified and given the option to play on a "modified client" server.
The server could keep a dbm of the hashes (c: there shouldn't be too many, I would think) created with the private key of the author. The problem is that the client would need to run the files through the public key of the author and return the hash to check against the server.
There's nothing stopping them from sending a false hash back or runnning a different client after the first has been checked. If an app had to be launched from the server side that you pointed at a file to hash it could check and send the data back automatically for verification.
If it passes it might automatically start the game. This might help prevent someone from sending a hash that wasn't generated, because the program will get the hash itself. As well as preventing them from running a different client after the first was checked, the server would spawn the program that was hashed. This would also get around the problem of updating the keys on the client side, everything would run on the server.
Anyone interested in building a prototype in JPython/Java to see how it works?
Wayne
piercew at netscape dot net
:-) Never noticed that before!
:-) That was funny!
That's a great moderation!! It took a minute for me to catch it...
:-)
Linux One == A bunch of crap
...so it's redundant.
Don't try to take too much on at once. Move into it gradually, and refine the business plan as necessary.
;-)
Remember that the business plan is nothing more than a roadmap of where you -want- to go. It's a living document that should be consulted and revised from time to time. Try to keep it current; if you have to, set aside a day every once and a while to review it. Check to see if you are on track, have your plans changed, has the market changed, etc.
If you're in the US, keep this URI under your pillow:
http://www.score.org
SCORE is the Service Corps Of Retiered Executives. They give free business advice to any US based business. They have local offices across the US, as well as email consultation. I've only used the email version, but the people there were -very- helpful.
Most importantly, know how much risk you can take. If it's a sinking ship..step back and decide if it's still worth continuing.
The best thing you can do is fail the first time. This may not sound good, but the next time you run a business you'll know what failure is like and be more careful. Especially when it comes to VCs and they have to put their money into your company. If you've failed and started again it shows that you won't give up easily and, hopefully, you've learned something along the way.
It'll help inject a dose of reality into the situation as well.
Anyway, that's my take on it..from personal experience.
Wayne
There's a GPL space strategy game bein developed, here's the freshmeat link:
http://freshmeat.net/appind ex/1998/12/27/914746519.html