Steve Bellovin in Ottawa (Part I)

On Thursday, December 1st 2005, Professor Steve Bellovin came to Ottawa, and gave a public lecture. To me it was a very big deal. Here is why:

Back in early 90s my parents bought me a personal computer to replace Commodore VIC 20. It was a speedy 486 DX2-66 with 16 megabytes of 72 pin RAM and 420 (408 megs real) meg Seagate hard drive. 2x CD-ROM drive was on a special daughter card (Mitsui? Panasonic?), and the 4 meg ATI Mach 32 video card was VLB. At the time when standard for RAM was 4 megs, this computer was not really bought for me – it was bought so that my dad could learn drafting using AutoCAD, and was specced accordingly, but in essence it became “mine”. The first thing I bought for it was a 14.4 modem.

It was not my “first” computer, as before hand there was the aforementioned VIC 20 with basic, and a really annoying (in retrospect) keyboard, and somewhere around that time there also was a DEC VT320 white terminal hardwired into a DEC Scholar modem, and then into a phone line, and but it was a “real computer”.

DEC VT320 was not really a computer. It was a dial-in terminal with no local storage. However it had an important function – it allowed me to dial-in at 2400 baud into National Capital Freenet and into bulletin boards. VT320 was black and white, so it had no support for ANSI colors, so BBSes were not really a big deal. It was great with NCF – at 2400 baud it was slow enough that I didn’t need to page articles – they were scrolling on my screen slower then I could read them. Only later, when I actually started using a computer with local storage, I started differentiating between BBSes. Most public BBSes were ‘lame’ – at best they had door games like LORD, and at worst they had a rather pathetic selection of messages and files. In order to be on the ‘cool’ boards one had to be able to upload ‘0-3 warez’ (Pirated software that became available in retail up to 3 days ago). I didn’t have access to that (and even if I could buy something, I had no idea at the time now to crack it), cool boards were invite only, with phone numbers that were not published in Monitor magazine.

NCF was an exception – it allowed access to both local and global newsgroups thanks to Paul Tomblin, it allowed me to send e-mail, and supposedly even “chat” (I actually never chatted on freenet, so I don’t know it by ‘chat’ they meant IRC, or something else. Hrm). Eventually it allowed access to internet using lynx (text based browser) and elm was made available to read mail[1].

Someone I hooked up with over NCF had a Sun 3/60 box running SunOS 3.5.

Now, for all you kids who have no idea what a Sun 3/60 was, it was a 3 MIPS motorolla 68020 based workstation from Sun. VME based, single board. James Birdsall has a hardware reference somewhere on Beel’s sitethat lists old Suns, so you can take a look at what you missed 🙂 It run SunOS 3.x [2].

He gave me shell account to play with on his box for a few days. Catch was that because I didn’t have internet access, and neither really did he, he hooked up a modem to the Sun, and gave me a phone number to dial-in.

It was very sporadic, and only gave me a couple of hours of actual use of the system, but it was my introduction to UNIX.

At some point around end of 94, I were at a local computer store (that since closed), and ended up talking to a sales person. The guy (whose name I don’t remember, in fact, I don’t think I ever asked him his name) eventually told me to try Linux out. He said that it was just like SunOS on that Sun system, and I got interested. What sold me was his assurance that it includes Midnight Commander, which is the same as Norton Commander, so I ended up buying a Lasermoon 3 CD sets with Slackware on it. Kernel was 1.2.8, IIRC.

Installation of Slackware was… interesting. In retrospect, I don’t see a normal user going through this – remember the non-standard CD-ROM that required a daughter card and DOS drivers? Well, it was not supported by that version of Slackware, so eventually I convinced my parents to spend 20$ on floppy disks, backed up all the relevant data I had (I got really really proficient with ARJ archiver at the time) onto floppies, re-partitioned the hard drive, copied and labeled contents of each of the proper install directories (I think just base, network, and something else, like games) from the Slackware CD onto floppies, rawrited the boot and root disks, and eventually, after 3 or 4 attempts, did the install. Basically, it was an experience. No, CD didn’t work. I lucked out with X – ATI was one of the forward thinking companies of the time, so someone (Andrew Mileski maybe) already implemented ATI drivers. So I had X! twm, fvwm and an openlookish clone which name I forgot. But I were driven – I were trying to re-capture the SunOS 3.x feeling, and Linux at the time delivered.

In August of 95 an inaugural meeting of Ottawa Carleton Linux Users Group (OCLUG) was held at Algonqueen College Rideau Campus (Since sold by the college). I were there (Yes, I am a founding member of OCLUG. Back then I were proud of the fact, now a days I am much less so). For the next few years I used to go to OCLUG meetings religiously, and heck, it was there where I met Luc Lanthier and Eric Laforest, where Gert Jan recruited me to work for iStar in August of 97, etc. Folks I met through OCLUG also were the ones who influenced me to look into computer security, and around end of 96, beginning of 97 I bought the computer security book that was highly recommended – “Firewalls and Internet Security, Repelling the Wily Hacker” 1st edition, by William Cheswick and Steven Bellovin.

Over the years of working for ISPs, admining systems, then networks, that book was a great help. It had a bunch of mantras that are still true today – Security is hard, technology is not evil – people are evil, security starts with people, and people are lazy and stupid. It opened an entire new world for me, back in in 97. It helped me get my first “real” job – I knew enough about computer security and were making intelligent and helpful enough presentations at OCLUG for GJ to hire me as a systems administrator of iStar, at the time largest ISP in Canada.

So over the years authors of this book held a special place in my heart. In the book, they were witty, entertaining, explained complex technological problems in easy to understand terms. They were knowledgeable, and intelligent. For years, while lurking on BUGTRAQ mailing list, and deleting unread most drivel that was leaking through moderators at the time, every time I’ll see a post from Steve Bellovin, I would read it, and then go back and read entire thread. He was one of (few) people on the list who didn’t look for fame or tried to show how ‘leet’ his ‘mad hax0r skillz’ were.

So I were really looking forward to meeting Steve Bellovin in person for the first time. And I brought the book that changed my life with me :-P.

[1] As an aside, many many people in Ottawa, at least people who I kind of knew, dealt with freenet in one way or another – Gert-Jan Hagenaars was my boss at iStar, and also did work for FreeNet. Ian! D. Allen was an OCLUG member, and dealt with NCF. Paul Tomblin used to run NCF newsserver, vented in alt.sysadmin.recovery and was reasonably well known to John Henders, who in turn used to work for iStar with GJ and was one of the bofh.* nodes of usenet[3]. I remember e-mailing Paul Tomblin a couple of times asking for help with usenet. He was really charitable with his replies. I knew Mark Mielke from highschool, and he was responsible for getting elm mail reader to work with the FreePort software at NCF. Mark, if you read this, get in touch, we should do coffee/beer.

[2] I think there was a version of SunOS 4.1.1 that would run on 68K based systems. I am sure some sick souls out there still run sun3 arch. If you are one of them – respect. Give me a shout, I’ll scan in the right pages from old (covers some sun2, all sun3, all sun4/sun4c/sun4m and some sun4u arch) Sun Hardware Reference for you, if you want.

[3] I used to get my bofh.* feed from news.ott.istar.ca (or somesuch), which was propogating the newsfroop thanks to John. Ah, days of INN 1.4 on Pentium 133 desktop on my desk at iStar office.