Catch up on stories from the past week (and beyond) at the Slashdot story archive


Forgot your password?

Intel Opens CDSA Source 46

Quite a number of people have written over the last couple of days about Intel's decision to open-source CDSA, their security software, when it's released on May 15. That's their Common Data Security Architecture -- it's an enterprise-level security application.
This discussion has been archived. No new comments can be posted.

Intel Opens CDSA Source

Comments Filter:
  • by Anonymous Coward
    2 qt Water
    12 oz Quick grits
    1/2 lb Butter
    2 Jalapenos, diced, remove
    - seeds for sissies.
    1 md Red bell pepper, diced
    1 md Poblano pepper, diced
    1 md Onion, diced
    1/2 lb Cheddar cheese, grated
    1/2 lb Monteray Jack, grated
    4 Eggs, beaten
    Salt, to taste

    Bring water to a boil. Add grits and simmer for 5 minutes. (For thinner grits, add more water.) Set aside. Melt butter in a large skillet over medium high heat; add peppers and onion. Saute until tender, about 5 minutes. Add to grits, along with cheeses. Add eggs and season with salt. Pour into a 2-quart casserole and refrigerate until ready to cook. Bake in a preheated 350 degree oven for 25 minutes, or until set. Serve immediately.

    Serves 10.
  • "Putting more of the AIX technologies into the open-source communities ... will help us narrow the gap between Project Monterey [the IBM and Santa Cruz Operation IA-64 Linux project] and Linux," said Miles Barel, program director of Unix brand marketing for IBM's Enterprise Systems Group.
    He, now Monterey has become a "Linux project".
  • IBM is also contributing its JFS. So we have 4 journaled fs's on the horizon: ext3, journaled-Reiser, XFS, and JFS.
  • Why would OpenSource/FreeSoftware proponents want
    *more* security? Doesn't information want to be
    free? Aren't you hoarding information by scrambling
    it so that only you and the recipient of your keys
    can read it? Aren't we being hypocritical if we
    want everybody else's information to be free?

    At least RMS is consistent when he wants everybody to have root access.

  • See here []
  • Are you sure about that? I seem to remember kipling launching a series of products named like 'hacker' and 'cyber' etc. Somebody got irritated about this (actually, most of us did), and cracked their webpage (Something most of us didn't do).
  • Here [] is the slashdot article. There was quite a bit of discussion about the contest. I didn't really help out, but I kept up with it, and I got the username and password off the website in time to get a "Hacker" bag. Yeah, I was a mooch.

    They were actually very nice bags, even if they were a little bit cheesy looking. In big plastic letters, the word HACKER was prominently displayed, and, for some reason they thought this was cool, they clipped on a plastic representation of a parallel port connector (easily removed). But, it was waterproof (lined with PVC), very comfortable to walk around with, and just the right size for my laptop. My wife was so impressed with the bag that she went out and bought one (a non-"hacker" model, of course).

    "... message passing as the fundamental operation of the OS is just an excercise in computer science masturbation."

  • Actually, I did, and I agree. I just don't agree that this is an example of "security through obscurity."
  • As if releasing the source code is "obscurity." The security comes from how you, as a user make use of the software.

    Source code is one thing. Implementation is another, and more important.

    If their code is solid there should be no problems in securing a site with it.

  • That's just it... "algorithms and keys." But, nobody with half a brain would ever keep the algorithms AND the keys in the same place. If you use a strong enough key you'll have plenty of time to detect a crack attempt. Once detected you can start changing your keys on a much more frequent basis. If a cracker can't get a reliable key they'll eventually be forced to give up on breaking your security.
  • So, download the source and tweak it to run on Alpha. Much easier said than done but, do-able.
  • by dkh2 ( 29130 )
    The report (earlier this week) was that the source would be posted to and freely downloadable from one of the many Intel servers. They will make it relatively easy to find too. So, yes, it's free.

    Your challenge is to then find the holes and patch them.

  • I was reading the article and it made no mention of the style of license that will be used. They'd be crazy as hell to use GPL(would get news though..) Maybe they'll use something like the apple Open Source license.

    Anyone know for sure?
  • No, more like...Is it Free? [] I'd rather have _free_ open source software than have to obide by a "community license" or have to pay for the source, just like some companies *cough*microsoft*cough* do.
  • Regarding:
    Look at mozilla, they needed crypto, so they're using psm from sun (available from iplanet). PSM is closed source.

    This is not at all accurate. Both the PSM application and the NSS libraries are available in source form from For more information, please see:
    The Mozilla open source projects page []
    Please also see the FAQ and the newsgroup (referenced on that page).

    Also, PSM is not "from Sun" (not that it really matters). It was written by Netscape engineers on my team. We are distributing binary versions for use with Netscape 4.7 and Mozilla from the iPlanet site. You'll notice that PSM is bundled with Netscape 6.

    I encourage everyone interested in open source crypto to visit that web site above. It's the best way to keep up to date on what we're doing.

  • It could also simply be that it includes inline assembly language with the special new optimized instructions, but only for critical sections. It's crazy to write a whole app in assembler these days (unless it's for an embedded system, but even then...), but it sometimes makes sense to do small parts in assembler.

  • Well, it's not too hard to draw some conclusions from the article [] and the Intel piece [] it's presumably based upon.

    1. ZDNet are clueless, but most of us knew that already. They refer to "releasing it to open source", which is a clunky phrase of ambiguous meaning. It could mean, releasing it to run on an open source platform like Linux, without actually being open source.

    2. Most importantly, because it's cryptography, there will be restrictions on which countries you can export it to. But I don't see any difference between the inability to enforce that rule on licensees, whether it's open source or just free of charge. So I don't think that should be a problem.

    3. "As an open source technology, CDSA can now be exported with greatly reduced restrictions**." (see point 2 for caveat). It may be that the only reason they're providing it as source code is to get around idiotic US export laws. That would be a very cynical claim though...

    4. From Intel: "Companies can view the source code to verify for themselves that no backdoors or security holes exist in the software." This is pretty black-and-white. It's a step forward.

    5. From Intel again: "Experience with open source technology such as Linux reveals that companies can often resolve problems by examining and modifying the working code, or by collaborating with open source developers on a fix." This strongly suggests that they will allow you to distribute your fixes - otherwise how could you collaborate? OTOH, it might turn out like the SCSL, where you can share code in theory, but only by posting it to a moderated, licensees-only site (this is what happens with Java platform source code).

  • "IBM is already contributing some of its AIX UNIX technologies, including its journaling file system,to the open source process."

    I am missing something? I thought SGI was contributing XFS.
  • True, but you don'ty need the cdr. Most modern linux have an ftp and/or nfs install, thus your cost, assuming already have a net connection is $0. It is also probably a little better for your sanity if you have something faster than a modem, but whatever.

    If you do buy your cd, might I suggest Debian, their cd's are reasonably priced ( no 80+ dollars for Redhat, please....) even if you don't buy from cheapbytes.

  • Ok, finally a subject I have some practical information. *Disclaimer: I work for Intel in an unrelated group, but I figured I might add some info I found on the internal website.*
    From the website:
    "Software Availability A Windows* version of the CDSA open source software will be available from Intel in May. The 64- and 32-bit Linux versions will be available in August"
    "CDSA software is currently approved for export" - a paragraph regarding the US Gov's change in encryption restrictions
    "...providing CDSA software as open source code..."
    Granted, there is no mention of the liscence which it will be available under.
  • That joke is so old that the first time I heard it, I had a MillionInstructionsPerSecond processor and the name sounded impressive....
  • I'll assume this isn't a troll, even though it probably is, and try to answer very simply:

    1. Your credit card number may be "information," but you don't want everyone to have it.

    2. If you send an email to CNN descibing misdeeds of the repressive regime in your country, you probably don't want the local regime to be able to intercept and modify it.

    Just because international waters are free doesn't mean pirates can intercept any ship more than 10 miles from shore with impunity.
  • Will the software run on AMD, or will it depend on Intel-only extensions (PSN). I see this as a way for Intel to try and push their PSN stff more. It'd be nice to see someone port it to non-Intel chips if the license agreement doesn't restrict that.

    Also, why is it that no one really cares about the PSN anymore? It seemed like it was going to be a huge deal, then it just kind of disappeared.
  • Not to mention being hella fast, too.
  • Why is this flame bait? Because I didn't say "but it would be great if the released it under the GPL because everyone knows that the GPL is God's gift to geeks.?"

    Or perhaps it was because I gave Intel a little bit of props instead of just saying something cool about AMD.

    One way or another, all I did was ask a simple fscking question related to the topic.

    I guess this will just be moderated right down to "0" as "Offtopic."
  • CDSA sounds a lot like PAM. What does CDSA do that PAM does not?
  • Above is underrated...

    From the Intel site:
    Software Availability A Windows* version of the CDSA open source software will be available from Intel in May. The 64- and 32-bit Linux versions will be available in August. The software will be downloadable from Intel's Web site at

    Hmm. Few details. Long time table. Could do biometrics. I smell vapor. How many monkeys could port libpam to windows by August, and make the same claims that are in this release? It looks like there is no choice but to wait and see about the license, functionality, etc.

  • your cost, assuming already have a net connection is $0

    Unless you're using dialup. Then you have to consider:

    • the opportunity cost of having your phone line busy
    • the fact that a freebeer ISP (e.g. limits the continuous hours online (killing your ftp install before it's even 1/3 done) and/or requires a proprietary client program (to display advertisements) that requires proprietary Microsoft® Windows®.
    There ain't no such thing as a free lunch, but $10 Mandrake at Office Depot is pretty close.

    And yes, I use GNOME. Latest Helix Code preview distro.

  • Trollin', Trollin', Trollin',
    When the zealots are whorin',
    Keep the posts a trollin' - Slashdot

    Flames and grits and dither
    minus one forever
    Wishin` Natalie was by my side
    All the threads I`m postin'
    The karma whores we're roastin'
    Flames are waiting at the end of my post

    Thread `em on
    Mod `em up
    Thread `em on

    Karma out
    Trollin' in
    Karma out
    Trollin' in

    Keep Trollin', Trollin', Trollin'
    When the moderator isn`t checkin'
    Keep the karma whores a guessin' - Slashdot

    They don`t understand us
    We love when they feed us
    Soon we will get that insightful +5
    My karma's in the dumper
    The moderator caught me trollin''
    Postin' at the top of the thread

    Thread `em on
    Mod `em up
    Thread `em on

    Karma out
    Trollin' in
    Karma out
    Trollin' in
    Slashdaaaaght! Slashdot!


  • okay. granted, and I don't know if cdsa would help out mozilla, either.

    but looking at the faq here [] it says that all the code isn't there. I guess that is only the actual encryption and not anything else?
  • this has two effects:
    1) Make opengroup poorer. The cdsa is the midlayer that opengroup sells for gss implementation (amoung cdsa's functionality). So intel takes it away from them and gives it to us directly. Thats good, because opengroup is really closedgroup. Look, just six months into having X and they tried to close it, until they reliezed XFree86 is deployed more then all of their members combined (suckers).
    2) Provide gss on linux. Look at mozilla, they needed crypto, so they're using psm from sun (available from iplanet). PSM is closed source.

    cdsa is amounth other things a gss impletmentation. GSS is an API for security for applications. encryption authorization and authentication stuff. middleware for crypto is important, as you need to be able to move on to new crypto at a sota pace, and programmers shouldn't need to get all twisted/confust in lots of different API for security (it'd hardly make it more secure if coders coded wrong). GSS isn't pam, they are different spaces. PAM is for ostools vendors with control given to system admins. gss/cdsa are for application developers.

    Imagine if cdsa came out under a good opensource license (btw the osd is too generous, as we have bad "opensource" licenses), and we could add openssl and friends when RSA patent expires (in 5 months). mozilla's cryoto would be completely opensource, and linux can be used more for large corporations which would use this type of stuff.

    The stuff opengroup provides a checklist for what businesses want (not that we want motif).

    That's it. I'm talking out my ass, but I think this is pretty correct. Anyone disagree?
  • 80 dollars? Redhat 6.2 costs $3.50 from cheapbytes, and thats for two cds.

  • Does anyone know if this system uses the pentium hardware keys that were protested a couple of months ago? I read that it was designed by commitee (Open Group), but is there any change that you might have "tighter, more effective security" if you enable the Pentium Keys on Intel machines? Do you have to enable the keys on Intel machines? And if so, is Intel suggesting to other processor manufacturers to add a UID to their chips?

    This seems like the most obvious for Intel to be developing such a system, so that joe average doesn't have to remember a password, etc. Of course, switching your data to another machine would be a problem...

    Just a shot in the dark, but this seems like quite an obvious use for the UID, which may concern some people. Anybody have any thoughts or information on this?

  • He, now Monterey has become a "Linux project".

    Where's my moderator points when I need em? ;)

    I never understood the whole Project Monterey thing.. IBM never needed SCO: Linux development on Merced/IA64 was always further ahead (thanks to Intel's involvement) IIRC, I'm wondering what kind of extrication dances are going on in Austin... Sheeit, I coulda told IBM this when I worked for them, but listen to a lowly sysadmin?

    IBM's still cool tho, imo.. Anyone got a used RS6k model 340 + 2-drive caddy + 64MB RAM + AIX >=4.2 + 6091 monitor they'd be willing to part with for about $300? I'm feeling nostalgic and I gots room on the desk ;)

    Your Working Boy,
  • Right on there. I remember about a year ago, Kipling BagPeople had a contest going that if you could "hack" their site you'd getcherself a free bag and whatnot.
    The "hack" was actually a wide-open javascript algorithm that took something like a week or two to brute force crack. I believe I still have the source somewhere for reference..
  • The article linked to didn't really do much to explain CDSA... I'm curious. What does it do?
  • Well, it's now obvious. Todays' moderators are smoking crack.
    I have no truck with the "open source hot grits Portman" trollers, but this post is at least a bit amusing. Trollmastuh got nailed like this yesterday... []...
    And I noticed that the chickenshit moderator marked it as overrated so that the M2 stage wouldn't affect their karma.
    From the moderator guidelines: []
    Good Comments (...) are clear, hopefully well written, or maybe amusing. These are the gems we're looking for, and they deserve to be promoted.
    Maybe Rob should add another moderation heading "-1 : Personal Vendetta"...

    This is posted at +2; I've got karma to spare and I want more people to see it. Moderators, prove that some of you didn't leave your brain on your pillow this morning.

    Strong data typing is for those with weak minds.

  • The thing that really confused me was the references in the article to this software being Itanium optimized. Fair enough then, Intel's motives could be seen as carrot dangling to persuade consumers to migrate more enthusiastically to a nascent technology platform. Then I was left wondering exactly how source code would be Itanium optimized. Surely it could be optimally tweaked and recompiled for any platform, even non-intel architectures

    Possibly it is just a buzz-word. The Itanium is going to have to do good things for Intel otherwise they are going to be up the proverbial creek as far as 64 bit processors goes, and this is not a playing field they have to themselves (with 64 bit POWER, Alpha and AMD Sledgehammer processors also featuring). I suspect however that the source code makes copious use of things that the Itanium is supposed to do well - lots of use of 64 bit and longer integers in math processing, and accesses of memory in 64 bit lengths. Of course, that means that the current Athlon will also do well on the same code (see Aces hardware for an article on K7 memory access []). So yes, you can write C code which favours a particular processor, as long as you understand it's strengths and weaknesses and have some appreciation of what the compiler does to your code. But I strongly suspect that knowing the most optimal set of compiler flags for a particular processor is also important in getting a given set of code to run as fast as possible.


    Toby Haynes

  • Actually, it might be cheaper to buy linux (eg. from cheapbytes) than to download the thing over a modem, buy a CDR, and burn it yourself.

  • by XenoWolf ( 6057 ) on Wednesday April 12, 2000 @02:25AM (#1138432) Homepage
    This just goes to prove that the software they are releasing uses good, strong algorithms that don't rely on hiding the source for their effectiveness.
  • by (void*) ( 113680 ) on Wednesday April 12, 2000 @03:34AM (#1138433)
    Well why not? Why isn't it cool for companies to open-source their products? From my point of view, it's excellent! As long as they know that it doesn't make them cool forever.

    The only issue seems to be whether they can keep maintaining it open-sourced, if it is really opensourced in the first place. Now that would make them continually cool. And that is the hard thing for commercial interests to do.

  • by ltcordelia ( 116425 ) on Wednesday April 12, 2000 @02:51AM (#1138434)
    First: kudoes to Intel for helping to accelerate the growth of the security industry.

    However, *thwack* to ZDNet for an article that says almost nothing about CDSA, and instead focuses on marketing Itanium, Trillian, and Whistler (Windoze '01, if you didn't catch that). Note: it appears from the style of linking that this was actually three different articles that were tied together because they were related

    Information wants to be free

  • Just because it's free, don't assume you'd actually want it.

    Firstly, it's heavyweight, secondly it's an interface to a cloud of other interfaces, any one of which may be sufficient, and thirdly it drags along the assumptions of the authors about "what's good for the 'net".

    As Laurence Lessig points out in Code and Other Laws of Cyberspace [], a perfect authentication and identification system may be something you don't want.


  • by PolyWog ( 17122 ) on Wednesday April 12, 2000 @02:36AM (#1138436) Homepage
    Once again, you see that companies start to spread the fairy dust of open source and immediately think that they are cool.

    Many companies think that just because they are open sourcing some stuff, they'll instantly become cool. Now what (i must say) i find interesting is that this is a hardware manufacturer.

    Now, only if windows were GPL'd, i might actually buy a copy ;)

  • by scrutty ( 24640 ) on Wednesday April 12, 2000 @03:04AM (#1138437) Homepage
    Well , following on from my subject line the first question that strikes me is how "open source" this "open source" release is going to be , in these days of this being a much-maligned label. Are we going to be seeing yet another open-source licence, or will Intel have the sense to use a pre-existing one.

    I must confess to knowing vey little about this product , but I am also led to speculate if this is going to lead to any interesting crypto algorithims leaking their way out into open-source space. Security products often mean cryptography and as we all know, cryptography often means patents, so there could be some interesting issues there.

    The thing that really confused me was the references in the article to this software being Itanium optimized. Fair enough then, Intel's motives could be seen as carrot dangling to persuade consumers to migrate more enthusiastically to a nascent technology platform. Then I was left wondering exactly how source code would be Itanium optimized. Surely it could be optimally tweaked and recompiled for any platform, even non-intel architectures.

    Unless of course I'm missing the point as to what the product does and there is a hardware component of some kind.

    Either that or its largely an assember source code release which people could already have disassembeled for themselves. But that would be ridiculous, so I'm still left pondering. Have to wait and see I guess. Anyone got any more information, or links

  • by stx23 ( 14942 ) on Wednesday April 12, 2000 @03:08AM (#1138438) Homepage Journal
    The article linked to didn't really do much to explain CDSA... I'm curious. What does it do?
    Better details from the horses mouth [].

Q: How many IBM CPU's does it take to execute a job? A: Four; three to hold it down, and one to rip its head off.