October 2, 1998
Venema aims to make network software safe
by Cameron Laird
"It's a lot more work than I expected." -- Wietse Venema
E-mail is so mature an Internet application that it now
almost doesn't seem like "technology"; it's just an expectation
of late Twentieth Century life, like clean water or falling
gasoline prices. It hasn't become easy yet, though, for
people like IBM research staff member Wietse Venema, who's
in the middle of a project "to build a mail system that does
not screw up your machine," called VMailer.
Venema's a good man for the job. He's worked for over a
decade on a broad range of "software whose existence you
don't notice because it works well": network security,
inter-company financial transactions, terminal emulation,
and so on. "My software rarely fails ... My claim to fame
is largely based on the low incidence of error" in the
infrastructural applications he's written. Now he's moved
permanently to the "beautiful landscape" of central New York
state from his native Netherlands to dedicate a year to VMailer.
How e-mail moves
When you send a letter through e-mail to someone down the
street or on the other side of the globe, dozens of distinct
operations are typically involved: "Electronic mail is one of
the most complex applications. It's a network server, because it
receives mail from the network; it's a network client, because it
delivers mail through the network; it's a queue management system,
because sometimes mail can't be delivered right away; it's a database
management system, because it must deal with multi-user access to
the mailbox store. And of course, it has to be safe, fast and secure,
and easy to administer."
When things work right, you aren't aware of all these complexities.
You see only the so-called "user agent" on your own machine, that
manages communications with all the other pieces. You might have
heard, though, of one of the most widely used of these other pieces:
sendmail. It is an open-source application originally written
by Eric Allman in 1980 while a student. sendmail is the "transfer
agent" in use on the overwhelming majority of Internet servers; its
job is to pass letters along from one machine to another, until
they arrive at their final destination.
sendmail is a resounding success; it has delivered trillions of
messages in the last two decades, and the Sendmail Consortium
and Sendmail, Inc. co-operate well to maintain and enhance it.
It's also notoriously complex and subject to cracking. That's
where Venema comes in.
The VMailer alternative
VMailer is Venema's alternative to sendmail. "VMailer attempts
to be fast, easy to administer, and hopefully secure, while at
the same time being sendmail compatible enough to not upset your
users." Venema's aim is that Internet servers will soon begin
to switch over from sendmail to VMailer. End-users shouldn't notice
this when it happens, apart from small improvements in reliability and
speed of delivery.
It'll be a big change for system administrators, though. Sendmail
is written as a monolithic program, with an exceedingly terse
configuration language ("R$* <@$+.uucp> $* $: $1 <@ $(U $2.uucp $) >$3"
is typical). VMailer is a collection of small, relatively simple,
secure, swift programs, which work together to do the job sendmail
now does. "The reason for making VMailer distributed was to get
better insulation between different parts of the system. ...
Monolithic programs have poor damage control. ... As with
Titanic, a compartmentalized architecture does not make the system
immune against disaster, but it won't fail as easily as a system
that isn't compartmentalized."
The VMailer "teammates" are fast. "With a [US] $3,000 desktop PC,
VMailer can receive and deliver a million different messages per day."
They're safe -- they respond intelligently when loaded heavily or
attacked. And they're compatible with existing work; Venema has
designed VMailer so it can replace a working sendmail installation
without wasted motion.
The price for VMailer is also right. To encourage the widest
possible dissemination, Venema doesn't charge for VMailer. IBM
Research has supported him in this, he says, because the attitude
it has communicated to him is, "if you don't give it away, you
might as well throw it away."
VMailer's prospects
So when will you begin to use VMailer? If you've traded letters
with Venema this year, or are on one of the specialty mailing lists
he manages, you already have: "In December 1997 I turned off
sendmail, forever, on all my machines." VMailer handles everything
to and from porcupine.org (the name is an insider joke: "Europe is
a collection of countries each with their own regulations. Making
progress in Europe reminds me of porcupines making love. Auch!
Sorry! Look out!"). Alpha tests with a small group of trusted
colleagues began a month later. Beta release will be public, and
he hopes it'll be in just a few weeks, during November 1998.
Understand that Venema uses those words differently from
several commercial vendors. Public beta for VMailer means
"people expect that my programs solve more problems than they
cause. [It's] something close to perfection. ... I am
preparing an incomplete system for release [to experimentally
determine people's needs]. That's why I call it a beta. It has
nothing to do with software quality."
Life after and before VMailer
Once VMailer meets Venema's goals, he'll turn it over to a
maintenance group and move on to other work. "My next project
is porting tcp wrappers to IP version 6, the next generation of
Internet protocols; vendors have gotten ahead of me already,
which is an embarassment for me."
Before VMailer, Venema was probably best known for his work
with the Security Administrator Tool for Analyzing Networks
(SATAN). SATAN probes machines connected to the Net and
reports on problems or weaknesses it finds. This is a great
convenience for system administrators responsible for securing
these machines; it gives them a nicely formatted, thorough
explanation of the deficiencies they need to address. As with
all the tools Venema writes, "I have given away the programs ...
so that other people can inspect and use them, too."
SATAN has attracted a bit of controversy during its life.
A few commentators mislabeled it as a tool for breaking into
sites. In any case, "[m]ost people know me from my software
to protect systems against Internet intruders." That kind of
high profile attracts crackers, who treat break-ins to
prominent sites as a competitive sport. In the case of Venema's
domain, though, the most accomplished and dangerous intruders
"know that for many years, my Internet gateway has been logging
every network packet to disk. It's good insurance."
Away from the keyboard, Venema and his wife Annita are looking
forward to replacing the bicycles they sold when they moved. This
will give them a chance to explore the North Country Trailway, which
runs near their new home. "This is continent collision zone, with
lots of weird geology. It's quite a change from the Netherlands,
which is all flat and which has almost no trees."
Links on this story
Cameron Laird has written several other articles for developer.com. You can reach him at claird@neosoft.com.
|
What's Cool:
John Law vs. the virus
What's New:
DHTML Behaviors directory
What's Hot:
FREE trial subscription to ITKnowledge
|