Daniel Barron - LUGRadio Live 2005 Lightning Talk

Hello, my name is Daniel Barron.  I am a director of SmoothWall Ltd which produces an Open Source firewall as well as a range of multi-licensed firewalls and web content filtering solutions.  I am also the original and principal developer of the Open Source True Web Content Filter; DansGuardian.  I‘ll explain why I say True web content filter later.

I‘ve not done this sort of thing before so please bare with me.  I‘ve got just under 15 minutes for this lightning talk.  According to Matthew Revell, ”how I use them is up to me.”  So who‘s for a drinking contest at the bar?

Seriously though, what I want to cover is a bit about DansGuardian, dispel a surprisingly common open source misconception, touch on the sometimes contradictory needs of an open source project, and of a commercial product.  Then finally cover an interesting and unfortunate case where Free software can reduce freedom.

Let‘s start with my first point.

I say TRUE web content filter because it‘s amazing how many, usually proprietary, web filters are simply URL filters yet call themselves content filters.  They do not filter the content - they filter just the URL.  And charge huge amounts for it.  DansGuardian looks at the actual content of the pages including, optionally, virus scan the downloads.  To decide whether to deny a page or not DG first checks the URL, mime and other properties then it does a phrase analysis which gives the page a score.  If the score is over a configurable number it is denied.

This software is available GPL licensed and without cost for non-commercial users from my website.  Everyone can also buy it nicely packaged with GUI, support and so on in the form of the SmoothWall Guardian products.  Shameless plug there ;)

I‘d like to take this opportunity to mention interesting future developments this year.  In DansGuardian you can look forward to AV being brought into the main source tree, content manipulation similar to privoxy where you can remove web bugs and common Internet Explorer exploits as well as force safe search in Google.  Also to be added is an improved group system and support for subnets and ranges in the group determining IPs.  We are also looking at SmoothWall funding more development of GPL DansGuardian; more why later.  SmoothWall are also planning to release the next version of the Open Source firewall, SmoothWall Express 3 with nice features like a 2.6 kernel, an improved automated patch system and much more.

Now I‘d like to touch on dealing with the sometimes contradictory needs of an open source project, and that of a commercial product.  This is a subject that was suggested to me.  However it‘s not good to use commercial as a synonym for Open Source.  That confuses two entirely different issues.  A program is commercial if it is developed as a business activity. A commercial program can be open or closed source.

That aside.

SmoothWall Ltd funds an Open Source firewall project called SmoothWall Express.  Their permanent staff are tasked to produce any security patches and updates that may be needed, so ensuring they are quickly available. SmoothWall Express is designed with home users in mind and is completely Free to use.  Express comes with quality documentation written by SmoothWall Ltd.

But is the SmoothWall Open Source Project in competition with SmoothWall Ltd?

No. The Project provides a fertile testing and development ground for bleeding edge firewall features - some of which may get used by the company under the terms of the licence under which the code is contributed. SmoothWall Express is aimed at home users, while the SmoothWall commercial products are aimed at commercial companies and organisations. SmoothWall Express is a fully complete, competent and secure solution - with hundreds of thousands of copies of Open Source SmoothWall having been downloaded, it is a major factor in promoting the SmoothWall brand and the quality of its products. 

Is DansGuardian in competition with SmoothWall Ltd?

No. DansGuardian provides a fertile testing and development ground for bleeding edge filtering features - some of which may get used by the company under the terms of the licence under which the code is contributed. DansGuardian is aimed at technical users with the time to build and maintain their own unix-like server, while the SmoothWall commercial products are aimed at companies and organisations who want a ready built appliance.

All the development and testing that goes into DansGuardian is fed back into SmoothGuardian just like the Open Source developments and testing of the Linux kernel, Apache, squid, OpenSSH and so on are fed back in. The reverse is also true. Bugs found in Open Source software SmoothWall Ltd use are fixed and fed back to the original project. For example a number of DansGuardian bugs have been fixed due to SmoothGuardian work. It is a win win situation. Everybody benefits - everyone has the freedom to choose what‘s best for them. 

However, Jesús Villasante, head of software technologies at the European Commission, paraphrased, said the open source community today is a subcontractor of corporates. Open source communities need to take themselves seriously and realise they have contribution to themselves and society. From the moment they realise they are part of the evolution of society and try to influence it, we will be moving in the right direction.

I strongly disagree - it‘s solving a requirement and sharing the result. Huge companies like IBM or a bloke sitting at home in his pants can both do this, and have the same access to the tools of the trade. It‘s a fair playing field, and everyone gets something good out of it.

Some people think that ”On the one hand, successful open source development relies on the nature of man to contribute to a work without expecting a return - doing it just for the good of the community.”

Others agree with me and think that this is not true ”Open Source isn‘t about altruism. Open Source functions because I have a need for software that doesn‘t exist, and I write that software (or portions of it).”

Often because one‘s work place requires it.  DansGuardian was written because there was no good web content filtering software and the company I was working for at the time, Beebug in St Albans.  They needed software to do the job and did not want to have customers pay the thousands of pounds needed for Igear.  That said I did write it in my own unpaid time.

Many improvements to the Linux kernel in areas like IPtables and journaled file systems have been funded by companies.  Squid, Apache and many others are the same.

Not that I don‘t care about making the world a better place; 
it is a secondary concern that my contributions do that.

Which brings me to Free Software.

Free software such as that licensed under the General Public License (GPL) can in some rare circumstances remove and hinder the freedom of people.

I will explain how, but first some background information on what Free software actually is.  A common misconception is that Free software costs nothing - the word “Free” refers to freedom not “free” as-in no cost.  The dictionary has many definitions for Free and only one of them refers to cost.  There is nothing in the common Free licences which stipulates against selling Free software; it is in fact encouraged as this then helps more Free software to be developed.  You can find more information about this on the Free Software Foundation website.

Common Free software licences include the GPL and the BSD licence.  Both of these licences allow the end user access to the source code (know as Open Source) as well as to modify and redistribute the software.  They also stipulate that the original copyright notice and licence information must not be removed.  The GPL, however, has a further rule that any users of modified copies of the software must be allowed access to the source code.  This means for example that a company may not take some GPL licensed software, develop it and then sell it without providing access to the users the source code including any changes they made and any other code linked to it.

The BSD license does not have this, some might say, viral condition and any company or individual is free to take and develop and not “give back” the changes.  Many companies have done this including Microsoft and Nokia.  There is nothing wrong with doing this as the authors have given permission by the very act of choosing the BSD licence to licence their code under.

(pause)

Moving on.

I am very pro-freedom and anti-censorship.  I believe in classification not banning of any material or information.  My software, DansGuardian, is provided free (at no cost) to non-commercial organisations such as schools and individuals.  DansGuardian is a tool to maintain free speech by moving the ability to censor to individuals, such as parents and school officials, rather than imposing a specific ideal on the whole world.

Were there no free filters then laws would more likely be made deeming adult material illegal, which would deny adults who may choose to look at such material their basic human rights of choice.  If I choose to look at a Web site detailing birth control, for example, then I should be allowed to do so in the privacy of my own home, but a child in a school or someone at work does not have the right to view material that is inappropriate for the rules of the location and service provided.

Now you understand the background.  The situation that I am going to talk about is one the affects software under the General Public License (GPL).  It is this stipulation that the source code must be always available and no “closed source” versions may be developed from software under this licence that can hinder people‘s freedom to it.

I have received several correspondences from different people in a country called Myanmar (formally known as Burma).  Their country is ruled by inhuman and cunning Military Junta called the SPDC.  Their government do not allow Myanmar citizens to full access of the web and other communication technologies.

They block almost all free webmail sites like Yahoo mail and Hotmail, free web hosting sites like Geocities, Tripod, Web Spawner, and every site that they assume to be indecent or contains news and information about their opposition groups and true news about their activity.  The software they use to do this is DansGuardian.

The Myanmar citizens that contacted me suggested that I revoke their government‘s licence, insert code to make the software not function on their network, block them from updates, block them from downloading the software. I had to explain to each of the emailers that the software was GPL and Open Source and their oppressors could obtain it from anywhere.  The very nature of open source means it is almost impossible to insert code to defeat the use by certain users.  They were not overly impressed with the lack of a solution.  Usually they assumed that the government had bought the software from me and that I was evil and the concept of Free software was alien to them.  I‘ve not actually had a death threat but certainly the odd uncomfortable email.

They did not understand that I‘ve not made any money from their government‘s use of DansGuardian.  No - I did not even know they were using it until recently and being non-commercial I‘d not be asking for any.

This is not the first time open source software has been used in this way.  A recent article on the BBC website described how open source software formed a large basis of the great firewall of China.

I also learned this week that Isiran-net uses DansGuardian to block access to pornographic content and content critical of the Iranian government.

We all know that companies like Microsoft and others have no scruples and readily censor their proprietary online offering in return for large cash sums as covered on many news sites recently.  So proprietary software really is no help either.

Luckily Open Source can actually come to the rescue.  Software like squid and Linux provide very cheap and ready external proxy servers which, reportedly, allow oppressed peoples to bypass the Great Firewall of China and other filters.  This is exactly how some of the people of Myanmar have been able to email me to alert me of the situation.

Thus concludes my talk.  I will submit a transcript to the LUGRadio team along with bibliography so you can see where I got my information.

Any questions?  Or can I go and listen to Mark‘s talk that has started just now? ;)



About the author:

Daniel Barron lives in the UK and is the principal author and project leader for the award winning Open Source Web Content Filter, DansGuardian (www.dansguardian.org).  He is also Technical Director of SmoothWall Ltd (www.smoothwall.net) who produce an Open Source Free and free firewall as well as many enhanced commercial offerings such as a corporate firewall with add-on modules to add VPN, web filtering, monitoring, and QoS (traffic shaping).


About SmoothWall:

Based in the United Kingdom, with offices in Leeds and Southampton, SmoothWall delivers global security solutions through a worldwide support network, with representation in the USA, Canada, the Caribbean, South America, South Africa, India, Malaysia, Australia, Germany and across Europe. With a user base spanning home users, small business and non-profit organisations through schools and universities to major corporations, hundreds of thousand of networks rely upon SmoothWall protection.

Bibliography:

http://dansguardian.org/
http://linux.slashdot.org/article.pl?sid=05/06/01/0221204&tid=187&tid=106
http://www.rsf.org/article.php3?id_article=10748
http://www.blockpage.com/gallery/BlockPages/isiran_net
http://www.blockpage.com/gallery/BlockPages/myanmar_burma
http://ice.citizenlab.org/archives/2004_05.html
http://yro.slashdot.org/article.pl?sid=05/06/14/1228230&tid=109&tid=17
http://www.gnu.org/philosophy/selling.html
http://www.gnu.org/philosophy/words-to-avoid.html