by Rik Farrow
<[email protected]>

Rik Farrow provides UNIX and Internet security consulting and training. He is the author of UNIX System Security and System Administrator's Guide to System V.

Recently, I labored at removing barbed wire fences. These rusty relics once separated one ranch from another and stopped cattle from disappearing into the wilderness. It cannot be said that the fences prevented the cattle from destroying the land they grazed, which will take hundreds of years to recover. Before there were cattle, the land was covered in knee-deep grass, and even the trees were more abundant and varied. Now the land is rocky and barren.

The fences in my backyard no longer correspond to any boundary. I am removing them so that my neighbors don't get confused and decide to build a real fence along the old, partially fallen down, fence line. I like the illusion fenceless backyards bring­that your house simply sits on the land, animals can move uninhibited from one yard to another, and there are no visible boundaries.

There are times and places for boundaries. My house serves as a boundary against bugs, critters, and weather, as well as surrounding and protecting my possessions. I have the opportunity to control who enters my house and how long they may stay. More than my yard, the house defines my true boundary­the yard is a buffer zone.

But there are other boundaries. The history of computers is replete with boundaries as artificial as any other made by human beings. And these boundaries have not served us well. Nor, in the long run, do they serve the vendors who created them.

Fences

Early computers were standalone by nature. It was quite enough to build, design, and operate a single mainframe, and nobody expected that one manufacturer's product could exchange data with another. In some cases, it was hard to exchange data even between the same makes of computers­unless you consider punched cards or paper tape efficient. Over time, standards for magnetic tape evolved, making it possible to exchange data between computers.

Rather than making it easy to connect computers, vendors strove to make them different. Repeat business is the foundation for any enterprise, and having customers who could buy their software, supplies, and replacements from only one vendor guaranteed repeat business. IBM and DEC had their own terminals. Legal battles were fought against vendors who dared to build compatible components such as memory or disks. Margins, the markup percentage, stayed high.

Revolution

Microcomputers created an avalanche of change. The earliest microcomputers were practically useless­interesting, but not good for getting any work done. There was no software.

One of the earlier successes was an operating system called CP/M, originally written on DEC hardware and ported to the Intel microprocessor. If you had a floppy drive that was aligned correctly, you could load CP/M, use software, and exchange data with other people and their computers. The key here was a combination of hardware (the floppy drive and the processor) and the operating system, CP/M.

IBM changed everything. I was working with one of the early microprocessor vendors when the PC came out. The engineers and I laughed when we learned that PC power supplies were blowing up. The VP of marketing overheard us and sternly reminded us that IBM could afford to give away PCs, and they would one day own the market.

Well, not quite. The PC created a de facto hardware standard. Once the BIOS had been successfully reverse engineered, PC compatibles could be built, and competitors almost shut out IBM from the market it had created. Margins today on desktop PCs are razor thin. For consumers, this is a great deal.

The basis for software compatibility was MS/DOS, a simple operating system that was chosen because the owners of CP/M had trouble with the IBM contract negotiations. Bill Gates didn't have an operating system, but he quickly bought the rights to MS/DOS, and changed the course of history. MS/DOS permitted software to be written for the new machines, making the new PCs actually useful.

Networks

As computers became more common, vendors conceived of wiring the computers together, creating a network. These early plans did not involve multiple vendors. The ARPAnet did manage to connect many computers, using one vendor's computer (BBN) as a front end. But vendors other than BBN were really not much involved in this process.

The early Internet had a much different model for breaking down boundaries. People would design software, use it, and propose that it was good enough for use by others. If the proposal was accepted, it was considered a standard. Although a document, the RFC, represents a standard, the operational basis is being able to communicate successfully with other systems using existing versions of the software.

Something similar happened with networking hardware. Although there are written standards, the real measure of compatibility for a network interface is being able to interoperate with other existing products. Of course, establishing this baseline was not as easy as I am perhaps making it sound. Again, standards evolved from working examples.

Having vendor-neutral standards has been very good for us. Standards foster competition, keep prices lower, and actually help us get work done. The focus is not on getting our computers and software to communicate, but on getting real work done.

Boundaries

Over time, the standards process, especially the excellent Internet standards process, has become more bogged down with vendor battles. Vendors plot to create a "standard" that will directly benefit their own designs or work to the detriment of a competitor. Not long ago I heard a salesperson say "they had just IETF'd" a competitor. He meant they had passed through a committee a "standard" that would directly benefit his company and hurt a smaller competitor.

In this case, standards become boundaries that help only certain vendors.

Another way of creating boundaries is to create a de facto standard, but not publish it. Microsoft has become a master of this technique by simply not publishing interfaces. The NT API is not published­the Win32 subsystem API is layered on top of the unpublished NT API. SMS (Simple Management System) requires the use of Microsoft's SQL server­and they refuse to publish schemas that would make other databases useful.

UNIX vendors have played this game, but in a different way. Workstations and servers were designed so that the only source for add-on memory or disks was the vendor. That has changed to a large degree, and there are second sources for most UNIX workstation, and even server, add-ons.

Even worse, UNIX vendors fought to create and maintain many minor differences in the versions of UNIX used. Although this may have appeared a religious war, it was not, no more than the Bosnian conflict is really about Christians and Moslems, but more about a surfeit of people and a scarcity of resources. Religion provides a useful demarcation, and the losers will no longer compete.

At this time, I would be happy to have network and administrative interfaces that work reliably between all versions of UNIX. The networking does work well, really, but the administration is another matter. NT strives to have coherent administration, but only among Microsoft products. Microsoft strives to create artificial barriers between other vendors' products and its own.

I don't really have any solution to offer. Tearing down old fences made me think about the other artificial boundaries that have been created in the world of computers, software, and operating systems. Achieving interoperability is not easy, but history has shown us it can be done. When it is done, business flourishes (PCs, the Internet), and when it is not done, businesses often suffer (IBM and DEC).

In the world of security, it is a truism that if customers do not demand security from vendors, they will not get good security. Perhaps we should also be asking for real standards and products without artificial boundaries.

Will this be good for vendors, too? Economists tell us that a nation's economic success can be measured by its product. I disagree. A nation's wealth is measured by exchange­the exchange of products and services. If no one buys your product, you will have a valueless product. History has shown us that products that embrace standards have done better, that is, contributed more to exchange, over time than closed, proprietary products. Standards-based products are easier to exchange.

Over time, I believe that vendors who create artificial boundaries will suffer, as they have in the past. I just don't like dealing with them while this happens. Do your part. Insist on open standards. And I'll keep on tearing down old fences.