[DE | EN FR | JA | ES | KO | PT]

Welcome to another issue of the Brave GNU World. This one will be started by an eternal topic of information technology: security.

Simple Security Policy Editor (SSPE)

The Simple Security Policy Editor (SSPE) [5] by Johannes Hubertz is a network/firewall solution based upon netfilter, [6] FreeS/WAN [7] and OpenSSL. [8] The project is primarily targeted at companies that have offices, branches, subsidiaries or field workers networked over the internet.

Johannes Hubertz began working on SSPE in December 2001 -- just after he had no success looking for an available solution meeting the needs of his employer.

Being familiar with "Kerckhoffs' Principle" and therefore knowing why "security through obscurity" doesn't work -- for reference see the article by Bruce Schneier [9] about this topic -- proprietary, intransparent systems were no option for them. It had to be Free Software.

But there were also technical requirements. One of them being that the system needed to allow centrally administrating a distributed set of firewalls. Which was why none of the existing Free Software solutions Johannes encountered really satisfied him. So he decided to start his own project.

Development was done in Perl and Bash shell-script since most administrators are familiar with them and they can easily be used on all GNU/Linux distributions.

After three months of development, the project was ready for use and has been deployed in a production environment since March 2002; currently two companies are using it in eight locations. A third company plans using it for some hundred engineers working in the field. Despite its rather low version number 0.1.7, the project has not seen any major changes since March 2003 and can therefore be considered stable.

Johannes is currently not aware of any problems, but he would like to point out that the project was not designed for single-machine use, advantages only become visible when administrating multiple machines. Also experience compiling Linux kernels and basic knowledge about networks and security is necessary to use this project.

As far as the distribution is concerned, SSPE gives total freedom of choice. The author is using it on Debian GNU/Linux and knows about successful use on RedHat, but it should be useable on other distributions without a problem.

As per its design requirements, a major advantage of the project is to allow administrating the whole network structure in a few central plaintext files, making the creation of new external subnets very easy. Flexibility, transparency and stability were foci of the project according to its author.

And after he was able to convince the management of the company to release it under the GNU General Public License (GPL) in March 2003, the legal future of the project also seems secured.

So the project is ready for wide use. Since Johannes is currently lacking time for development, he is hoping for others to maybe use and even develop the project further.

UK Free Software Network (UKFSN)

A very unusual Internet Service Provider (ISP) is the UK Free Software Network (UKFSN) [10] by Jason Clifford; the business model is to offer high-quality internet services ranging from ADSL dialin to web hosting for a reasonable price and use the profits to fund Free Software.

The software providing the main services is Apache as web server, postfix and tpop3d for email, as well as FreeRADIUS for dialin authentification. Also the project strongly relies on MySQL. The entire administrative system from the creation of new accounts to the maintenance scripts running in the background was written in Perl.

According to Jason Clifford, UKFSN receives a lot of praise for the services offered. Users can choose between Python, Perl and PHP for scripting -- and all three are seeing good use. Complementary to this full CGI offer is the access to MySQL as databse, an unlimited number of POP3 mailboxes per domain and easy account management by means of a web interface.

A special goodie for those who require means of online payment is a Perl module offering access to WorldPay, allowing payments via credit card, mobile phone, or wire transfer. That module itself is of course also available from UKFSN as Free Software under the GNU General Public License (GPL) in the CPAN. An additional implementation in PHP is planned.

Another current expansion Jason is working on is the possibility of supplying virtual GNU/Linux servers with "User Mode Linux", so customers can maintain their own server without the need for hardware setup. The other new feature is a Spam- and Virus-filter that can be customized by domain through the customers. Both expansions should be available end of September 2003.

The Spam policy of UKFSN is also worth a look. It is based upon a clause in the contract/terms of use that users agree to pay an additional fee of 150 GBP per recipient when mailing out spam. Jason already knows of some potential "customers" who preferred to not go looking for another provider because of this clause.

So UKFSN does not only protect its own customers against spam -- a standard service offered by most providers -- it also actively helps reducing the total amount of spam sent. Given that even the best spam filters usually cannot reduce the amount of spam to the desired amount ("zero") one can only hope this example will inspire others.

The idea for UKFSN was based on the realization by Jason Clifford that the Free Software community globally spends a large amount of their time online and the internet provides the most commonly used work- and communicationplatform. Since -- according to him -- it isn't very hard to run an ISP, he thought this might be a fun project.

The first approach at realizing this was very successful commercially and has become a prominent factor in the UK by now, but after he could not detect any payments to further Free Software, Jason unhappily left the company.

After some thinking he decided to give it another try in July 2002 and in September he had the finances necessary to set things up and introduce UKFSN officially at the London Linux-Expo October 9th 2002. Ever since he's been busy improving the services and finding more users. June 2003 provided a big leap for UKFSN as he was finally able to provide ADSL-broadband access. And thanks to a hardware donation by Digital Networks UK, he was able to stock up on the server side. So in August 2003, UKFSN for the first time made a small profit.

So we can hope that UKFSN will soon be profitable and then the whole profit minus a small reserve for improving and expanding services will be donated for the advancement of Free Software to the Association For Free Software (AFFS) [11], an associated organization of the Free Software Foundation Europe (FSF Europe). [12].

As Jason has already proven that it is possible to have an ISP as a working fundraising model for Free Software, he now wishes to prove that it is also possible to have that money go to Free Software. To make sure this is all transparent, he -- among other things -- publishes the monthly finances on the UKFSN web page. [10]

For future perspectives, there are two things to hope for. For one, that readers in the UK, or travellers needing an ISP in the UK, will switch to UKFSN. And also that this model will inspire others to set up similar things in their countries.

Enough of the area of innovative fundraising, more is coming nextt month.

Free Software in Science

There have been numerous discussions on the parallels between science and Free Software in the past. In fact indications on how science and Free Software operate on similar principles can be found regularly.

Fundamentally, science and Free Software have in common that both build upon cooperation of many people that in cooperation achieve more than each of them could have achieved alone. The best quote describing this is by Sir Isaac Newton, who said: "If I have seen further it is by standing on the shoulders of Giants."

The advantages of cooperation do not only benefit the scientists or developers involved, but society as a whole -- and the notion of society here does include economy. It is characterizing that the advantages are also available to those who have not contributed to them or maybe even fought against them actively (just consider the people who fought the notion that earth was not a disk).

Within these parameters, the connections are pretty clear to most people. But there is yet another, hardly understood connection, resulting from the scientific method.

Part of the scientific method is to create new theories and conduct experiments that will verify them. Has a theory been experimentally verified once, any additional verification will not add to the scientific knowledge base.

In other words: By having been experimentally verified, a theorem is considered valid. Additional verifications will not make it "more true than true."

Another case is disproving a theory by conducting an experiment that contradicts the theory, falsifying it. In that case, the theory in its current formulation is not true. It needs to be modified or discarded alltogether -- independent of the amount of verifications that existed for it.

One single falsification can make an unlimited amount of verifications irrelevant. Falsification is an essential part of the scientific process. Without falsification there is no science.

Where is the connection to Free Software?

Software becomes a more intrinsic part of science, which does not refer to using text processing tools to write down the results. From the viewpoint of scientific quality it is irrelevant whether a scientist is using plain ASCII text files or a certain word processor for their publication.

Although in the latter case it is probable that in a few years time the results will have to be entered anew because the current program cannot read the old file properly or maybe not even at all.

The connection between software and the scientific method exists when experiments partially or entirely rely on software. This means the software becomes part of the scientific process and result.

And to anyone who has ever developed software it is obvious that knowing an algorithm is not sufficient to provide means for falsification; implementation is equally important and also becomes part of the scientific result.

Proprietary software by nature creates a "black box". If you wish, you can visualize it as a small, black box with a button and a light. Now someone tells you that when you press that button, a certain experiment is going to be conducted and when the lamp lights up, it was successful.

One could raise the question what knowledge a person could gain From pushing the button and seeing the lamp lighting up.

It gets really fascinating, when a second person comes with a second box, which claims that the same experiment is going to be conducted -- but this time the lamp does not light up when pushing the button.

In none of these cases do we have the capabilities to verify or falsify, everything is based upon belief and trust only. This implies a very interesting conclusion.

Proprietary software is incompatible with the scientific method!

Additionally, we are experiencing other problems. Science is not only about what we know today, but also how we got there. The way we took, the way a discipline developed, is part of the cultural heritage of mankind and may contain important information for future generations. Results must not be time dependent.

Should anyone wish to repeat an experiment of Leonardo da Vinci today, this can be done. It may require work, but it is possible.

Making the assumption that the software used in an experiment still exists and did not -- as usual -- get destroyed because after 10 years the last remaining floppy disk containing the program got thrown in the trash. What are the chances for an experiment based upon proprietary software that people will be able to find the specific hard- and software versions that the software depends upon?

That probability is obviously reaching zero pretty quickly, especially when thinking in timescales of generations.

Free Software with its freedom to port it to other platforms really does allow to repeat such experiments and the good or not-so-good ideas people had.

Therefore, Free Software helps archiving the scientific and cultural development of mankind. It allows preserving the way of how we got where we are today.

So when going into detail, it becomes apparent that the connection between Free Software and science is much more intensive than it seemed at first. Also this shows the connection to social and cultural aspects that connect mankind.

That should be enough food for thoughts, which I hope some of you will find interesting.

Until next time

The author of this column is looking at a rather exhausing month with UN conference on the Information Society in Geneva, as well as speeches in Madrid, Berne and Zurich.

But of course I will have my laptop with me, so I would like to hear what you got to say. Especially the small projects that usually are not making it to the large fora would be very interesting -- as well as personal initatives connected to Free Software.

So as usual, please send lots of ideas, comments and suggestions to the standard address. [1]