Alan Cox - Red Hat Hacker
This article first appeared in LinuxUser, December 2001
Free software has a great story to tell, from Richard Stallman's lone struggle to free the world of software from its creeping proprietary chains, to the rise of Linux into a real force in the computing industry. A starring role in this story must be reserved for Alan Cox, who has been number two on the Linux kernel tree since the earliest days, and is probably the largest single code contributor to the kernel.
Born in Solihull in the West Midlands in 1968, Cox went to the University of Wales in Aberystwyth and Swansea, where he still lives, working from home as a paid employee of Red Hat. When he was at university he "was working on things like a multi-user game which is how I accidentally got involved with the kernel. He was "aware of the free software things, not so much the GNU stuff," as the small tools that were posted to Usenet, which came with the proviso that "if the software breaks you get to keep both pieces." A lot less code was GPL'd than would be the case now. Cox recalls that the way of things in those days was that "if you wrote something neat you posted it to Usenet", and people downloaded it and did as they liked with it.
Cox got involved in Linux kernel development "by accident". He discovered Unix after he had "discovered bits of mainframe stuff at university", and had got used to multi-tasking. He had been writing a multiuser game and "wanted a better platform than my Amiga for that. I saw the 386BSD announce and thought - woah! - finally there is something worth running on a PC." 386BSD at that point needed floating point hardware, and there was a fix coming really soon, and Linux didn't need floating point hardware. "I hadn't got the floating point chip, which was 70 quid at the time, so I installed Linux." He ported his multi-user game to Linux, but there were still things it couldn't do, "so I fixed those and discovered that someone else had already fixed them before me."
He installed Linux on the Swansea Computer Society machine, and "started trying to make the networking code work properly, because it was buggy at the time," because the university had "this nice very noisy multi-protocol network which was just perfect for crashing your computer. I started fixing these things, which is how I ended up doing the networking code, building on the base networking code that other people had done. I was pretty much downloading standards and learning it as I read. The standards in TCP are small and clear but there is an unwritten law behind it which does take time to learn, like queue theory. Some things weren't really fixed until somebody became involved who really understood how the maths behind these things worked."
By the time of the 1.2 release of the kernel, Linux had become "a real operating system" and was being installed as the back room server in many companies. Gratifyingly, Cox began to observe the now-classic scenario, where the techies lead the management into "finally deciding that Linux is acceptable. Management says: `OK. We'll agree to switch the web servers over to Linux. How long will it take?', and the guys have gone away and made up a number, because they have been running Linux for months."
Out of jail
After the arrest of Dimitry Sklyarov earlier this year, Cox, tendered his resignation from the Usenix ALS committee, because "it has become apparent that it is not safe for non-US software engineers to visit the United States." Sklyarov, a Russian programmer, was arrested by the FBI at the behest of the Adobe corporation, after attending a security conference in Las Vegas and revealing the flaws in Adobe's eBook encryption (see Adobe Walls, LinuxUser September 2001, page 47). Sklyarov's arrest was made possible under the Digital Millennium Copyright Act (DMCA), a controversial law passed by the US Congress that twists the balance of copyright law in favour of large corporations.
"Usenix by its choice of a US location is encouraging other programmers, many from Eastern European states hated by the US government, to take the same risks," said Cox. "That is something I cannot morally be part of. Who will be the next conference speaker slammed into a US jail for years for committing no crime? Are Usenix prepared to take the chance it will be their speakers?"
He stands by this view: "I am not the only one either, quite a few people feel the same way, at least until a precedent has been set, that you can't go round harassing people for doing nothing wrong. The DMCA as it is currently put together in the US has a collection of problems with it. One is uncertainty, because it is very, very badly drafted legislation." Various interests "are trying to push and abuse the law to silence critics who embarrass corporations. People who are not doing anything that can remotely be considered illegal [such as Sklyarov] are being stuck away from the home country for months" at the behest of a US corporation, for activities that are legal inside their own countries. "Assuming the US is still trying to be a democratic country, which is sometimes questionable, then the higher courts are not likely to uphold that kind of interpretation."
As part of his protest against the DMCA, Cox released an update the Linux 2.2 kernel that did not include information about the security holes patched in the software, a move which drew the ire of some, and the approval of many more. At the time Cox wrote: "With luck, the Sklyarov case will see the DMCA overturned on constitutional grounds. Until then US citizens will have to guess about security issues."
These difficulties are not restricted to the US. According to Cox, the problem at the core of both the DMCA and the equivalent copyright law projected by the European Union is that "when it talks about copy protection it doesn't deal with intent." Under current law in the UK, if someone were to "publish a method to get around a copy protection mechanism with the definite intent of using it for a criminal offence, in other words to break copyright or something, you can take action. So, for example, you can stop people selling equipment that is solely intended for pirating music", but under the DMCA and the upcoming European law, there is no notion of intent at all. This means that "publishing information even for the public good is not something that you can do, so that, for example, if you discover that the cryptographic systems being used by the British government are horribly insecure, and all the bad guys are listening in, you cannot tell them."
Moreover, the EU law also allows some countries to opt out of provisions, such as the one that would allow some exemptions for blind people to make copies of products that they own rights to but cannot use in their present form, a problem that is currently exercising disability rights groups, as well as the free software community. "The only thing that is going on on the legal side to deal with that is to ensure that they, and anybody who assists them, gets locked away for it. Not a positive direction to be going."
The problem for copyright lawyers is that it is hard to define what copyright law is intended to do. The purpose is professed to be in the interests of the individual artist, but in practice, it is the middle man, the distributor or publisher, who profits, and not the artist. "They are passing laws to make the unworkable work, and it won't." Control of the work is taken from the artist and passed to the corporations.
"One thing any content control system does is strengthen the hand of the monopoly." The music industry, for example, is "keen to push things like very strong protection mechanisms. They would love every CD player to only be able to play content-protected music, and will argue that this is to protect their copyrights. But what they are much more interested in is to ensure that independent musicians can't go other ways", to distribute their work through other channels. For this reason, DVDs are heavily protected, and in order to be able to manufacture DVDs, even of one's own copyright material, it is necessary to license all sorts of patents, a restriction that inhibits entry to the market for individual producers. CDs present much less of a problem, partly because most of the patents have lapsed, "so independent producers can of their own accord relatively cheaply produce music. They get so little going through the middle men they choose to stay independent and earn more money."
The content industries do not like this phenomenon, in music or in film. Even less do they like the fact that the Internet offers a way past their stranglehold on the distribution channels, that individuals can use to reach a wider audience. Their solution is to produce copy protected CDs that can only be played on Windows machines in the Windows Media format, which is "playing directly into the hands of a convicted monopolist", and that is dangerous.
â€œ With luck, the Sklyarov case will see the DMCA overturned on constitutional grounds. Until then US citizens will have to guess about security issues â€
Although the interim agreement is known, the final outcome of the antitrust trials of Microsoft will not be known until the individual states have passed their judgement, but Cox feels that "it is still only the beginning from Microsoft's point of view. If Microsoft is convicted, clearly there are a lot of people who have lost as a result of its monopoly actions - their pension funds, their shares, all the people that have suffered, like Netscape, for example, and everybody who owned a Netscape share. It could go on for years."
At the time of the World Wide Web Consortium's (W3C) announcement of its proposal to adopt RAND licensing for patents, Cox wrote to the W3C, pointing out that the policy was "bad for the W3C, bad for business, and bad for users. When patented W3C standards ensure there is only one web browser in the world, its owners will no longer have time for the W3C or standards."
Cox concedes that patenting is "a long and complicated issue", and hopes that the W3C "will stick to the policy of no patents for standards, or at least no standards that include patents where a fee is payable to use the patent." The purpose of the Wide World Web "is to communicate." There will "always be standards which require patents, or standards which require all kinds of complex licensing between groups of companies, but it is important that they shouldn't be pushed as community standards, which is what the W3C and IETF standards are."
Like many other figures in the free software movement, Cox feels that failure to satisfactorily resolve the patent issue could seriously damage the W3C as an effective standards body. Developers will "push free webbased standards through the IETF instead, and the W3C will get bogged down and lost in all the patent arguments, which is what happened to the ITU [International Telecommunications Union]. The ITU now spends almost its entire operational life arguing about patent cross-licenses. We saw this with the 56K modem fiasco. In the US there has been a similar mess with WAP, because someone has said: `Aha, we have a patent for WAP in the US, and you have to pay us lots to have a website'."
One effect of patent law is that only the largest companies can afford to contest or refuse to pay the charge for a patent, "whether they are right or wrong", and the expense incurred in fighting the case will outweigh the initial charge. Cox sees two important aspects to the issue: "One is whether software patenting should be allowed at all; the other is that someone has got to sit down and figure out how to make patents work." He has been at meetings where "people with countless patents to their name, with awards as inventors, are standing up and saying the patent system does not work for the small inventor. The only people who say that the patent system works for small inventors are the large companies." In Cox's view, patents have become "a way of stealing control of large areas of science, which is not what they were intended for."
Secrecy and non-disclosure
A number of big companies have, of course, leapt onto the Linux bandwagon over the last few years, some becoming intimately involved in the project, making direct contributions to the development of the kernel. This is clearly welcome to Cox, but he says that collaborative development has come easier to some companies than others.
There has been little friction with IBM: "From its point of view, having multiple competing companies is obviously an advantage. Working with Linux vendors, if Red Hat gives them a price they don't like, they can ask SuSE, and they understand that. They are intentionally making sure there is a market with real competition in it for these services, and I can understand why."
"Even the first bit of code the S/390 guys shipped us was basically OK." It was a case of "OK, I have read all that, and here are two or three minor quibbles, but that was it. Some of them don't like being told there is a kernel coding style, and it's not your coding style, but it's no worse that."
Relations with Intel have been "harder to gauge ... because they don't seem to understand how to interact with the free software community at all. They're obsessed with secrecy and non-disclosure. Their own chairman described Intel as `paranoid', which is reasonably true. They are very hard to work with."
"They are so busy being secretive about what their own agenda is, that you can't work with them to get the right way to their real agenda because they won't tell you." There are other issues with Intel that date back to the 1993 "legal fiasco with Randall Schwartz, who was one of the major Perl guys. He was doing security work there, and ended up getting into a lot of trouble for doing his job a little bit too thoroughly. A lot of people won't work with Intel as a result. It was a long time ago but a lot of people have long memories."
Savings and the desktop
"A lot of companies are saving huge amounts of money using Linux," notes Cox, "and they really don't want their competitors to find out." Using Linux in certain configurations can shave as much as "40 per cent off your annual budget, year on year." If an IT manager is under pressure to, "cut the IT budget by say 15 per cent year on year" this is an important difference. "The slowdown is motivating some of them to rethink their IT policies."
Cox gives the example of Amazon, where their savings were revealed surreptitiously in the company's annual financial report. "They had to do a lot of thinking, time and investment to use Linux, but it's saving them a lot of money, something like 90 million dollars off their IT budget. They really didn't want to tell anybody how, because they liked the advantage."
Linux is beginning to make inroads into the desktop, particularly on the technical and developer desktop, where it is replacing both Unix and NT. "For the business desktop all the pieces are there, but not for everything. I don't think you want to put a lawyer in front of StarOffice 5.2. He isn't going to be happy. But for a large number of office-based applications, applications like StarOffice are certainly good enough now. And the StarOffice 6.0 Beta looks superb. From the business migration point of view the fact that it looks like Windows is a plus point. You can sit somebody in front of StarOffice who is used to WordPerfect or the Microsoft suite, and they look at it, scratch their heads for a moment, and then sit down and do work."
The greatest incentive in moving to Linux and StarOffice is price, as it was in a previous era for Microsoft in its campaign to usurp the earlier word processor dominance of Lotus and WordPerfect.
"One of the things pushing StarOffice adoption is Microsoft, because they are pushing the prices up. Some people need all the fancy features in Word, but there are not that many of them." Some companies are "adopting StarOffice but keeping Windows. Once you have your documents available to you in a multi-platform environment, which is what StarOffice lets you do, it gives you the power to pick the operating system that is appropriate for the job. You are no longer forced to pick an operating system because it is the only one that can read your documents. You can't be locked in in the same way."
A sea change
"The basic kernel now has everything we ever need for the generic desktop or the generic server," Cox maintains. "We are pushing now into the handhelds embedded devices, and to the high end, with things like the Compaq clustering code, which is going to be interesting. They have the code on their site. It isn't integrated into the kernel yet, which is going to be a big task. Also, there's integrating single system image across multiple machines, and the ability to do failover properly."
The cunning plan - "as always it's primarily a cunning plan at the moment" - has been to hand kernel maintenance over to Marcello Tosatti. Cox explained his own future role in an announcement on Advogato:
"I will not be disappearing from the scene, although I might be a little less visible at times. There are various kernel projects I will be working on, as well as spending more time concentrating on Red Hat customer-related needs. I'm hopeful that spending more time closer to customers will help provide more insight into where 2.5 needs to be going."
Kernel development is a constantly evolving task, and cannot necessarily be predicted. "There is a list of maintenance tasks that we don't dare do on 2.4, things we know that are not currently done the right way. There is too significant a risk in fixing them in the stable tree. Beyond that there are things like the clustering, more scalability, figuring out how to get the IA64, and PowerPC 64 trees tidied up and merged. We also have to merge the AMD Hammer code tree. They don't have real hardware yet, but we've got a real operating system for it," which has been tested and proven on a simulator.
A lot of kernel development depends on what people contribute. "There's a lot that we just can't predict because there will be individuals popping up and saying: `I have written a driver for this', or corporations who tell us: `We weren't telling anyone about this, but here is whatever." Sometimes it's a real pain because these companies are doing a lot of extra work, but being too secretive. So, for instance, we have had two bunches of people contributing Bluetooth stacks, to one of which we had to say: `Thanks very much, but we've already got one.' It's a sea change for some companies, this notion of telling other people what they are doing."
Round the block
Cox's code may be running on billions of pounds worth of hardware located in some of the world's most expensive real estate, but the man himself has no need for expensive tools or a glamorous office. He writes with the Joe editor, his earliest computer having run WordStar on CP/M. "WordStar was wired into my fingers and Joe is very like WordStar." His office is a room in his home, full of 486s for testing - "they come by the box-load, and you don't care if they blow up."
Working from home requires its own disciplines, although he has no problems with it. Quite a few of his friends share a similar lifestyle, and get together for parties and the like, to get out of the house. One person he knows steps out of his front door every morning, walks around the block and goes back in through his front door to go to work, reversing the process every evening.
Cox may not compartmentalise his life quite so rigidly, but neither does he allow the long hours of work on Linux to monopolise his existence, or that of his partner. As recounted in their web diaries, both he and Telsa Gwynne fit their free software contributions around a busy social life, although they are definitely not "the Posh and Becks of the Linux community", as someone once attempted to describe them.
In fact, she isn't even sure who Posh and Becks are: "I don't listen to Radio One, I don't watch much television, and I don't read tabloids. Is he the one that is famous for getting his hair cut? I don't think we're like them at all. I could never persuade Alan to get his hair cut!"