The following document is intended as the general trip report for Josh Simon at the USENIX General Technical Conference in Monterey CA, from June 10-16, 2002.
The day starts bright — well, dim — and early with an oh-dark-30 airport shuttle. It gets me to O'Hare in plenty of time to catch the 10am flight to Los Angeles and then to Monterey. Both flights were full but uneventful.
Got to the hotel in Monterey and seemed to be the first one there. Managed to hook up with Esther Filderman and we went hottubbing to recover from our respective journeys. Trey Harris and J.D. Welch arrived; their room overlooked the hottub so they came down to join us, as did Geoff Halprin who ran into them at hotel registration. Also joining us were Stacy Guildenstern and Lois Bennett and her husband and his brother. We broke off into two different groups for dinner and crashed back at the hotel.
Today was to be the half-day of meetings, but it ran a little long. I started with a 9am breakfst meeting to discuss the new web sites' QA and redundancy plans with Geoff, and we were joined by David Parter and Lee Damon. After breakfast, Geoff and I cornered Trey Harris and continued our general discussion about the web, SAGE, certification, the Executive Committee, and certification before heading off to our noon meeting where we were going to discuss things informally before the Big SAGE Executive Committee Business Meeting From Hell on Tuesday.
At the meeting we discussed all sorts of things, including how the Executive would work together, and how we'd work with our new Executive Director, Rob Kolstad, and what the state of the budget was like, certification, and so on. Then we moved to the vision meeting to try to figure out specifically and in the context of the reduced budget what we could do to achieve our agreed-upon goals, sort of as a structured brainstorming session. We also discussed informally Rob's first month on the job and how he spent his time in the USENIX office. It was a very productive meeting.
On our late dinner break we went to Montrio, an American bistro a couple of blocks from the hotel. I had the artichoke, spinach, and apple-smoked bacon risotto, which was superb, and the twice-cooked duck with haricot verts and a potato galette. I was too stuffed to have dessert, but I'm assured by others who weren't that they were wonderful. After dinner, we went back to discuss what we wanted from a USENIX Board Liason to the Executive Committee and some other open issues. We adjourned around 11pm for a 14-hour day of meetings. And since it was Sunday night, all the bars were closed so we couldn't go drinking.
Today was the day for the SAGE Certification Board to meet. I skipped out on the meeting because (a) I haven't been very involved in certification up to this point, (b) two members of the Executive and our Treasurer were involved or there to speak, and (c) we didn't want the certification folks to feel pressured by having the entire Executive there. So I slept in, updated SAGEwire, had a nice lunch with Greg Shapiro, and spent the afternoon helping out with Registration and Member Services and doing the whole Hallway Track thing.
For dinner, the SAGE Executive Committee and the Certification Board went out to dinner at India's Clay Oven 3 blocks from the hotel. I'm generally not a huge fan of Indian food, but the lamb I had was very tasty and not too spicy. And with the appetizers we got for the table, I was stuffed. So we adjourned to the hot tub for a while then I went and boozed with the folks from the Executive who'd gone liquor shopping. (Maker's Mark is a very nice bourbon.)
Today was the aforementioned Big SAGE Executive Commttee Business Meeting From Hell. Our agenda included:
- Changes to agenda
- Minutes of the previous meetings
- Action items
- Report on SAGE Certification
- Report on Web Committee
- SAGE Financial Report
- Report on USENIX activities
- Report on LISA conference
- Report on SAGE booklet series
- Salary survey
- Awards committee
- SAGE Birds of a Feather session
- Code of Ethics
- Other business
- Next meeting
(Minutes will eventually be posted on the sage.org web site.)
We met from 9am through to 5:30pm, then met for a little more than an hour with the USENIX Board of Directors with a quick update of the state of our world, and then we all went to dinner with the USENIX Staff. 40 or 50 of us took over Epsilon, a Greek restaurant a few blocks from the hotel. I thought they did a great job witht he bread-and-garlic spread, fresh Greek salad, and combination platters served family-style at each table — beef kabobs, stuffed grape leaves, chicken fingers, a lamb stew, pastitsio, rice, and beans; someone else said he wasn't impressed. Oh well.
After dinner but before leaving the restaurant, the USENIX Board continued its tradition of embarassing the outgoing members of the board — Mike Jones presented Dan Geer with a gift certificate to his local bookstore and a gavel-and-stand marked President; Kirk McKusick presented Andrew Hume with some stuffed Mickey Mouses for his kids and a certificate good for two free nights at the Orlando Marriott with day-passes to the park for his family. Both Dan and Andrew were very embarassed and much fun was had by all.
After dinner I hottubbed then went to my room to crash.
Today was the USENIX Board meeting. Since we already had representation of the SAGE Executive by our President and Liason, our Vice President, and our Treasurer, I skipped out on attending. I slept in and hallway-tracked for the day.
In the evening, I skipped out with a friend to have clam chowder in a sourdough bread bowl between 5 and 6 before the SAGE BOF (from 6-8pm) and the LGBT* BOF (scheduled from 8-10pm but we broke for food around 9:30pm).
The SAGE BOF went well. The six members of the SAGE Executive Committee present — Bryan Andregg, Geoff Halprin, Trey Harris, Gabe Krabbe, David Parter, and I; Tim Gassaway was absent because his employer sent him to Kuwait for the week — introduced ourselves and said what we did for SAGE. We then announced our new web content editor, Dennis King, and our new Executive Director, Rob Kolstad. Rob then spoke for 45 minutes or so on what he (and we) envisioned for SAGE and how we'd be moving forwards. We then went to a free-form Q&A session; generally the feedback from the audience was positive.
Because of scheduling issues (like several members who'd normally run the LGBT* BOF being on the SAGE Executive Committee, including Your Correspondent) and other problems (like moving the BOF to make room for an event that was never actually confirmed or scheduled), we only had about 15 people show up. But we adjourned to dinner at Montrio again; I just had a caesar salad since I'd had soup before the BOFs.
Session 1: Announcements and Keynote
The conference program was exciting. The general track had 105 papers submitted (up 28% from 82 in 2001) and accepted 25 (19 from students, 4 non-American); the Freenix track had 53 submitted (up from 52 in 2001) and accepted 26 (7 from students). In addition to the two program committees for the general and Freenix tracks, the organizers thanked the authors, coordinators, speakers, USENIX staff, and the 66 external reviewers who helped get it all together.
Paper awards were presented in both the general and Freenix refereed papers tracks:
- General Track
- Best Paper, "Structure and Performance of the Direct Access File System," Kostas Magoutis, Salimah Addetia, Alexandra Federova, ad Margo Seltzer, Harvard University; Jeffrey S. Chase, Andrew J. Gallatin, Richard Kilsey, and Rajiv G. Wickremesinghe, Duke University; and Eran Gabber, Lucent Technologies
- Best Student Paper, "ETE: End-to-End Internet Service performance Monitoring," Yun Fu, Duke University; Ludmilla Cherkasova and Wenting Tang, Hewlett-Packard Laboratories, and Amin Vahdat, Duke University
- Freenix Track
- Best Paper, "CPCMS: A Configuration Management System Vased on Cryptographic Names," Jonathan S. Shapiro, Johns Hopkins University
- Best Student Paper, "SWILL: A Simple Embedded Web Server Library," Sotira Lampoudi and David M. Beazley, University of Chicago
The two annual USENIX-given awards were presented by outgoing USENIX Board president Dan Geer. The USENIX Lifetime Achievement Award (also known as the "Flame" because of the shape of the award) went to James Gosling for his contributions including the Pascal compiler for Multics, emacs, an early SMP Unix, work on X11 and Sun's windowing system, the first enscript, and Java. The Software Tools Users Group (STUG) Award was presented to the Apache Foundation and accepted by Rasmus Lerdorf. In addition to the well-known web server, Apache produces Jakarta, mod_perl, mod_tcl, and XML parser, with over 80 members in at least 15 countries.
The keynote speaker, Professor Lawrence Lessig of Stanford University, spoke about the Coming of the Internet's Silent Spring, providing historical background for how the balance between technology, privacy, and copyright has shifted back and forth over the years and how it affects innovation and creativity. Things that are allowed in environments, societies, and architectures helps build freedom; innovation and creativity come from freedom. Right now, technology is being miscast as a problem instead of being neutral because the debate is misframed as property and theft. He urged us to help reframe the debate: Instead of property, use the highway analogy, where the platform is neutral and no one car company has any advantage for or against using it. Instead of theft, show it's creating something new based on the past, much like Disney using the works of previous authors but adding animation.
Session 2: Invited Talk:
The IETF, or, Where Do All Those RFCs Come From, Anyway?
Steve Bellovin spoke about the Internet Engineering Task Force (IETF). Bellovin is an entertaining speaker and while dry, the material he covered is interesting. This talk is a great introduction to the IETF, what they do, and how they do it.
The IETF is a standards body but not a legal entity, consisting of individuals (not organizations) and driven by a concensus-based decision model. Anyone who "shows up" — be it at the thrice-annual in-person meetings or on the email lists for the various groups — can join and be a member. The IETF is concerned with Internet protocols and open standards, not LAN-specific (such as Appletalk) or layer-1 or -2 (like copper versus fiber).
The organizational structure is loose. There are many Working Groups, each with a specific focus, within several Areas. Each Area has an Area Director, who collectively form the Internet Engineering Steering Group (IESG). The six permanent areas are Internet (with Working Groups for IPv6, DNS, and ICMP), Transport (TCP, QoS, VoIP, and SCTP), Applications (mail, some web, LDAP), Routing (OSPF, BGP), Operations and Management (SNMP), and Security (IPSec, TLS, S/MIME). There are also two other areas; SubIP is a temporary area for things underneath the IP protocol stack (such as MPLS, IP over wireless, and traffic engineering), and there's a General area for miscellaneous and process-based working groups.
Internet Requests for Comments (RFCs) fall into three tracks: Standard, Informational, and Experimental. Note that this means that not all RFCs are standards. The RFCs in the Informational track are generally for proprietary protocols or April first jokes; those in the Experimental track are results, ideas, or theories.
The RFCs in the Standard track come from the Working Groups in the Areas through a time-consuming complex process. Working Groups are created with an agenda, a problem statement, an email list, some Draft RFCs, and a chair. They typically start out as a BOF session. The Working Group and the IESG make a charter to define the scope, milestones, and deadlines; the Internet Advisory Board (IAB) ensures that the Working Group proposals are architecturally sound. Working Groups are narrowly focused and supposed to die off eventually, once the problem is solved and all milestones achieved. Working Groups meet and work mainly through the email list, though there are three in-person high-bandwidth meetings per year. However, decisions reached in person must be ratified by the mailing list, since not everybody can get to 3 meetings per year. They produce RFCs which go through the Standard track; these need to go through the entire Working Group before being submitted for comment to the entire IETF and then to the IESG. Most RFCs wind up going back to the Working Group at least once from the Area Director or IESG level.
The format of an RFC is well-defined and requires it be published in plain 7-bit ASCII. They're freely redistributable and the IETF reserves the right of change control on all Standard track RFCs.
The big problems the IETF is currently facing are security, internationalization, and congestion control. Security has to be designed into protocols from the start. Internationalization has shown us that 7-bit-only ASCII is bad and doesn't work, especially for those character sets that require more than 7 bits (like Kanji), and UTF-8 is a reasonable compromise. But what about domain names? While not specified as requiring 7-bit ASCII in the specifications, most DNS applications assume a 7-bit character set in the name space. This is a hard problem. Finally, congestion control is a hard problem since the Internet is not the same as a really big LAN.
Working Lunch: Web Committee
Today over lunch at Round Table Pizza most of the SAGE online services committee — Trey Harris and I — met with our developers — Giuliano Carlini, Nick Stoughton, and J.D. Welch — and Rob Kolstad to make sure we all were on the same page as we moved forwards with the release plans for SAGEwire, which was announced yesterday evening at the SAGE BOF, and SAGEweb, and to make sure we were all set.
Session 3: Invited Talk:
Introduction to Air Traffic Management Systems
Ron Reisman of NASA Ames Research Center spoke on managing air traffic control systems; his talk focused on the tools used to manage air traffic. However, to understand the software you need to first need to understand parts of the air traffic control system.
Air traffic control is organized into four domains: Surface, which runs out of the airport control tower, controls the aircraft on the ground, such as taxi and takeoff; Terminal Area, which covers aircraft at 11,000 feet and below, handled by the Terminal Radar Approach Control (TRACON) facilities; En Route, which covers between 11,000 and 40,000 feet, including climb, descent, and at-altitude flight, run out of the 20 Air Route Traffic Control Centers (ARTCC, pronounced "artsy"); and Traffic Flow Management, which is the strategic arm. Each area has sectors for low, high, and very-high flight. Each sector has a controller team, including one person on the microphone, and handles between 12 and 16 aircraft at a time. Since the number of sectors and areas are limited and fixed, there's limited capacity of the system. The events of September 11th 2001 gave us a respite in terms of system usage, but based on path growth patterns the air traffic system will be oversubscribed within 2 to 3 years. How do we handle this oversubscription?
Air Traffic Managment (ATM) Decision Support Tools (DST) use physics, aeronautics, heuristics (expert systems), fuzzy logic, and neural nets to help the (human) aircraft controllers route aircraft around. The rest of the talk focused on capacity issues, but the DST also handle safety and security issues. The software follows open standards (ISO, POSIX, and ANSI). The team at NASA Ames made Center-TRACON Automation System (CTAS), which is software for each of the ARTCCs, portable from Solaris to HP-UX and Linux as well. Unlike just about every other major software project, this one really is standard and portable; his co-presenter, Rob Savoye, has experience in maintaining gcc on multiple platforms and is the project lead on the portability and standards issues for the code. CTAS is interesting in that it allows the ARTCCs to upgrade and enhance individual aspects or parts of the system; it isn't a monolithic all-or-nothing like the old ATM systems.
Some of the future areas of research include a head-mounted augmented reality device for the Tower operators, to improve their situational awareness by automating human factors; and new digital global positioning system (DGPS) technologies which are accurate within inches instead of feet.
Questions included using advanced avionics (for example, to get rid of ground control), cooperation between the US and Europe for software development (we're working together on software development, but the various European countries' controllers don't talk well to each other), and privatization.
Session 4: Vendor Exhibition
There was nothing I wanted to see in this time slot, so I went through the (smaller than usual) vendor show. Didn't see any great goodies — I already had my BSD daemon blinking ears, didn't need t-shirts, and couldn't afford books or hardware — so I went and did the terminal room.
Tonight, Cat Okita had scheduled a group dinner for 11 of us at Fresh Cream, a very nice French restaurant just past Fisherman's Wharf. We started with a very nice amusé bouche of pastry, sour cream, caviar, and red onion. I had the house salad (with a balsamic vinaigrette dressing) and a delicious rack of lamb. For dessert I had a chocolate ganache cake in raspberry and creme fraisch sauces, and the restaurant provided sugar candy-coated fresh strawberries for all.
After dinner, I adjourned to the hottub for a while then went to hang out with folks in the lobby. Leaving the lobby I managed to slip and fall and bang myself up pretty well. No marks — at least not until after flying home — but I managed to botch my right arm and both knees and ankles fairly well. Took about ten minutes for my head to stop spinning and my vision and breathing to return to normal, though I never hit my head. Oh well. Went to bed, slept badly, and decided to take care of myself the rest of the week.
Session 1: Sleep In
This morning had nothing I urgently wanted to see and I still hurt from the fall yesterday so I slept in. I managed to wander out and down to the conference center around 10am.
Session 2: Invited Talk:
Technology, Liberty, and Washington
Alan Davison, a lawyer and sometimes-lobbyist from the Center for Democracy and Technology, spoke about current US legislation as it affects individual liberties and architecture as well as what we, as individual citizens, can do about it. While the talk itself was mostly geared to the United States, several aspects apply to all democracies so please read on.
Defeating "bad" laws once isn't enough, since they come back again and again. Part of the USA Patriot Act radically changes the personal privacy/state police balance. In general you need to know your rights and responsibilities: Seek counsel, talk to agents of law enforcement, and obey any and all lawful orders. So as system architects we need to design technology with liberty in mind, as if people matter. Security and freedom shouldn't be incompatible design goals.
Slides from the talk will be available shortly.
Had a nice quiet lunch of fish and chips at one of the local British-themed pubs near the hotel and conference center with David Parter and Ethan Solomita. Talked about nothing in particular, which was nice. It was good to not talk about USENIX and SAGE matters for a change.
Session 3: Works in Progress (WIPs)
This afternoon I attended the Works in Progress (WIPs) session. I didn't take notes, but someone else was assigned to write it up so it's not like a big deal. We had 15 or 16 speakers, each with 5 minutes or so, on the following topics:
- Kartik Gopalan, "Resource Virtualization Techniques for Wide-Area Overlay Networks"
- Jennifer Bevan, "SoftFlow"
- Li Xiao, "Browsers-aware Caching: A Case for Peer-to-Peer Internet Systems"
- Leni Mayo, "Fast Reboot"
- John Merrells, "Berkeley DB XML"
- Justin Moore, "Cluster On Demand"
- Elias Sinderson, "Catacomb"
- Dan Ellard, "Lessons Learned from NFS Traces of ISP Workloads"
- John Costigan and Ben Wilhite, "Data Structure Visualization"
- Jeff Chase, "Dash"
- Amit Purohit, Joseph Spadavecchia, Charles Wright, and Erez Zadok, "Improving Application Performance Through System Call Composition"
- Can Leonard, "Elastic Quotas"
- Niels Provos, "Systrace: Interactive Policy Generation for System Calls
Session 4: Personal:
SAGE Executive Committee Meeting
In lieu of attending the break and the next session, the SAGE Executive Committee met in the courtyard to discuss the actions and discussions from the USENIX Board meeting on Wednesday.
After the sessions, a group of 9 of us went out to the end of Calle Principal (the street the hotel was on) to Stokes, a rustic-looking French place. We had a very pleasant appetizer — flatbread with olives, carmelized red onions, olives, and anchovies. I had a lamb shank tagine that was fork-tender and delicious.
After dinner — where on our way out we harassed a table of 20 or so other conference-goers — we took the bus to the Monterey Bay Aquarium for the dessert reception. I wandered around, chatting with folks, eating yummy chocolate things (like the ice cream sundae with hot fudge, a couple of truffles, and an eclair). Then, because my various limbs were in moderate pain from the fall Thursday, I took off early to go soak in the hot tub for an hour.
After the hottub, I hung out with my laptop in the Marriott lobby and caught up on mail, news, web sites, and job-hunting. Chatted on and off with folks as they went in and out. Pleasant evening, and then to bed.
Session 1: Guru Session:
Internet Security, Intranet Security, Mapping Networks
Guru Bill Cheswick spoke with the about 50 audience members about the security and networks and mapping. The second edition of his book, Firewalls and Internet Security, is about 80% done, and he and Steve Bellovin have added Avi Rubin as their third author.
Some security insights from his talk include using genetic or AI analysis of security information, throwing away the data you understand and analyzing the rest; intrusion-detection systems' main problem is false positives; firewalls are good for unsecured hosts but are not a substitute for host-based security; using older well-understood protocols, read-only directories, and chroot-based jails to limit access.
Cool things on the horizon include backscatter, where by listening to the death screams of denial-of-service attacks you can find out who's being attacked and how often. One attack he sees as possible in the near-to-mid future is an attempt to take down the Internet; the root DNS servers are constantly under some form of attack, and people try to tap or break flows into and out of major routing providers. Someone asked about a truck bomb, but Ches discounted it as being unlikely to have any real international affect.
Most people are security-conscious and are using ssh instead of telnet. However some people use the same ID and password for insecure services (like POP, IMAP, and FTP) as they do for their shell account. As we saw at the Works in Progress sessions yesterday, this leaves passwords sniffable over wireless networks. However, ssh has its own set of problems; it's big and has a lot of features, which means complexity, which leads to problems. There are also several CERT advisories against it. To mitigate the problems, he only uses protocol version 2 and usually uses OpenSSH on Unix. Audience members suggested SecureCRT or MindTerm for Windows NT clients.
Asked how he would set up a new network from scratch, he said he would use FreeBSD secured hosts, ssh and very limited NFS internally, use one-time passwords, have a honeypot, use an intrusion detection system, and block ICMP. He doesn't have a good clean solution to the mobile-users problem because IMAP and POP send clear-text passwords. Possibly tunnel mail through ssh to home (secured) systems, or IPSec on the mail server, or a web mail client using https.
Session 2: Invited Talk:
Fixing Security by Hacking the Business Climate
Bruce Schnier spoke about security for business people. The talk was basically about how business people consider risk and reward, and that security is like any other issue for them. The thrust was to cast information security in terms that business people can understand, to make the rewards of security greater than the risks and the costs.
How do we as technologists fix the problem? Make security affect the bottom line, or provide incentives for changing the cost/benefit analysis. There are four steps to follow: Enforce liabilities, transfer them to someone else (the insurance model, such as "hacking insurance"), provide mechanisms to analyze the risk (QA before and after), and rational prosecttion and education to lead to deterrence.
Working Lunch: USENIX/SAGE Budget
I went to lunch with Lois Bennett and David Parter to talk about the USENIX budget and future of both USENIX and SAGE. We thought "something light" but decided against the deli. We went hunting for Turtle Bay Taqueria since they're good, fast, and fresh, and managed to walk a block past it in two directions. Oops. But we found it, ate there, and it was delicious. (And a good thing we got there early; the line was out the door while we were eating.)
Session 3: Personal:
Naptime, Packing, and Overhead
My knees and ankles were acting up, especially given the walking to the taqueria, so I went back to the room to nap. And when I couldn't sleep, I started packing up for the trip home, mainly so I wouldn't have to on Sunday morning.
Special Closing Session: How Flies Fly
The day and the conference concluded with the special closing session by Professor Michael H. Dickson of the University of California at Berkeley speaking on how flies fly. His research is on the flight behavior and aerodynamics of flies and how they "see" through a combination of visual and olfactory sense input (both sight and smell). This is immediately applicable to technology since it can be used as an efficient search algorithm for control systems in autonomous vehicles ("smart cars").
After the session, about a dozen of us went to dinner, again at Stokes, since Lois Bennett wanted to have another plate of the crispy polenta and mushrooms or whatever it was (fungus, ick). Tonight I just had my share of the random appetizers we ordered (including the appetizers we didn't order but which got mis-delivered to our table). My main course was the chicken and onion calzone, which was wonderful. Decided against dessert, since I was stuffed and likely to get dessert at the end-of-conference party.
After dinner, went back to the hotel, modeled a gift from Trey and J.D., and changed into my bartender outfit before heading up to the end of conference party. Chatted with folks, tended bar for a while, and gave up around midnight since my knees and ankles were starting to hurt pretty badly.
Today was my travel day. After waking up — to the sound of the sirens of the EMT team and ambulance arriving to treat and eventually take to the hospital someone I recognized from my hotel room (a conference attendee with a known recurring problem which is normally treatable by a drug in ambulances but which this one doesn't have so they took them to the hospital for the drug; the person is fine and home and alive and well) — I went down and breakfasted at the hotel buffet before hitching a ride to Monterey airport with John Sellens and we chatted while waiting for his plane to board. (I tried to get on the standby list for an earlier flight to Los Angeles but they were booked solid.) After he left I chatted with Brian Kantor until his plane left, then finally got to my plane.
The flight from Monterey to Los Angeles was nice and uneventful, though the flight attendant and I joked about the saftey dance. The joys of being a frequent flyer. Got into LA fine and had plenty of time to grab a bite to eat and get to my gate — which wasn't the gate it was when the Monterey flight got connecting gate information, but it was next door so it's not like it was a big deal.
The flight from LA to Chicago was also uneventful. I managed to get an exit row seat on a not-heavily-loaded Airbus A319, and the flight attendant asked if I could help out with the exit or whatever, and I said Yes. She said I could help with the drinks cart. So I said, "Sure, so beer and wine is $20 and we keep the difference, right?" It was fun.
At O'Hare we managed to get to our gate in decent time — though we were four minutes early so the ramp crew wasn't there yet to park us. Oops. And they said baggage would be on one carousel — the furthest one from our far-flung gate at the end of the terminal, of course — and it wasn't. It went onto another one. (Three flights from LAX to Chicago O'Hare within a 60-minute period. Gack.) But the shuttle got there in plenty of time and I managed to get home by 11pm.