2002 Usenix Annual Technical Conference

and related events

Pekka Nikander Pekka Nikander

This is a personal report from my trip to California for the 2002 Usenix Annual Technical Conference, held at Monterey Confence Centre. This documents contains some technical and research related material, but mostly deals with interesting people, some food (but almost no wine and no exceptional experiences), and maybe also a couple of interesting ideas of stuff. The style is narrative, mostly to make it easier for me to remember what actually happened, and what kind of connections I was able to do.

For the impatient

Monterey Conference Center

If you are impatient and only interested in some specific stuff, here are the links:

General remarks

For me, Usenix does not seem like a conference worth visiting any more. It is too much operating systems oriented, and I am not an OS guy any more. On the other hand, the trip was certainly worth taking, largely due to the chance to create so many contacts with the Berkeley people at the CITRIS meeting (see below). But still, I had good talks and met interesting people at the conference site corridors and during coffee breaks.

Thus, there were lots of talking and ideas for hacks that use positioning, GPS etc, or connect devices in a stranged way, like putting a digital camera directly to WLAN (it didn't work). And having fun with gedgets in general.

I became to the conclusion that I definitely need to beef up my toy budjet in a way or another. Right now I am acting far too regressively, relying on old stuff that works, and therefore I am dropping behind on what actially can be done with the new cool stuff. Now that I don't have enough of money on your toy budget, I end up only buying those toys that look useful before I buy them. That usually means they are the wrong toys, those that are not fun at all after all and end up on the shelf instead of getting actually used.

To summarize: You can't build infrastructure without understanding the users and their needs, and the manifestation of those needs in the form of appliances. Motto: Buy gadgets, and use them.

Monday June 10th

I arrived at SFO at 12:30pm, after having been able to do quite a lot of serious work during the flights, including paper review, slide preparation, and other stuff. The weather was somewhat hot, but not too bad. I quickly got my rental car and headed towards Berkeley, arriving there few minutes before 2pm. After some hassle I found myself drinking decent cappucino at Cafe Strada with Volker Roth and Martti Mantyla. We talked about security, trust, and user interfaces related stuff, finding out that most probably Volker and Kristiina Karvonen may share some interests, and agent based search engines, which Martti found somewhat fascinating.

After coffee Martti introduced me to SIMS, arranged my WLAN card to work on the SIMS network (thanks Martti!), and finally we went for a early dinner at a local Thai place, located two blocks down from Bancroft on Telegraph Avenue, half a block away from the Telegraph. We eventually shared the dishes, since the seafood platter Martti recommended was not quite worth mentioning, but the roasted duck he took himself was excellent.

I stayed at Berkeley Marina Radisson, which was OK to stay at, but it is really in the middle of nothing. Nice and cozy place to spend a peaceful night, but you need a car or take the bus to get somewhere.

Tuesday June 11th

I woke up at 5am, more or less as expected, and headed to the Berkeley campus to read e-mail as soon as possible. It was fairly hard to find a good parking place that early, since all pay-per-hour public parking places were still closed, and there are only 2 hour parking places at the streets. Finally I ended up parking the car at street, and moving it after 7am to the Student Union Garage.

CITRIS Founding Corporate Members meeting

I spent most of my day at the CITRIS Founding Corporate Members meeting. CITRIS, Center for Information Technology Research in the Interest to Society, is a new University of California institute for societally related technology research. The participating campuses are UC Berkeley, UC Davis, UC Santa Cruz, and UC Modesto. CITRIS represents a new form of interaction between industry, academia, and the state. In one way, its funding model represents pretty much that of HIIT. The university provides the basic operational funding, but the corporations almost all of the research. There seems to be a difference on the role of the state though, at least so far. CITRIS seems to be much more oriented in producing results that have more direct relevance to the state than HIIT does, and therefore the state is also providing more direct funding to CITRIS than what HIIT is getting (not counting the Tekes support which is more or less an extension to industry funding).


For the current year, CITRIS operational (administrative) turnover is around 2 million dollars, and the research volume about 40 million dollars. CITRIS has industry related two boards, the Technical Advisory Board (TAB), which consists of research oriented people from the founding members, and the Management Advisory Board (MAB), which is more adminstratively oriented. The Technical Advisory Board meets every 6 months, and the Management Advisory Board annually.

The university is planning a new CITRIS II building. The work is scheduled to start in 2003 and be ready in 2005. The state will be paying the building, the corporate members the research inside the building. All the Founding Corporate Members are entitled named offices in the building, up to three persons, once it is ready.

The Founding Corporate Members are expected to pay six million dollars over four years. However, only three of the nine FCMs seem to be on the speed. Ericsson's current contributions fall into the middle of all FCMs. Richard Newton, Dean of Engineering, mentioned that it is expected that some financieers will tilt their contributions towards the end of the four year period due to the current economic situation.

Scientific Strategy

The scientific strategy centers around three issues:

In a way, the purpose is to apply new technology on the societal scale applications by developing a new distributed system architecture that allows the large scale deployment scenarios. The system architecture binds together distributed information systems, micro sensors and actuators and HCI principles. The work is based on the foundations of reliability, availability, security, algorithms, and social & policy issues. The idea is do wide scale prototype deployment, using test beds that allow new and innovative applications to be easily tested.

CITRIS is expected to make a difference through large scale deployment of new IT technologies on societal problems.

The Chief Scientist and Associate Director of CITRIS is James Demmel.

Mode of operation

CITRIS works closely with the industrial financiers, encourages transfer of people between CITRIS and the financieers. The administration is lean and mean, focusing on providing support for the actual projects and the prototype platforms. The projects are independent, but CITRIS coordinates them and encourages co-operation where feasible, if I understood correctly.

Each Founding Corporate Member is eligible for membership in the Advisory Boards. Additionally, they will have a possiblity of having a named office in the new building once it is build. CITRIS is also prepared to spend a day separately with each member, focusing on the research issues that are of interestest to the FCS. There will be possibilities for large scale online participation, such as remote Master's programs and other remote education. Finally, each research project is expected to have an annual retreat with indiustry members participating.

Selected research projects

In the meeting quite a few people presented a largish number of research projects. Most of them have good websites, and therefore I mention here just a few that I found myself interesting. In general, the goal in everything are systems that can be trusted (and often must be trusted), systems that must be secure, non-stop, often zero configuration, contain adaptive user interfaces, and that are always connected.

For me, one of the most interesting things were Berkeley MOTEs, small autonomic computers that contain sensors and radio units and that autonomously form ad hoc networks. They run TinyOS. The plan is to instrument several buildings with these, and to control the HVAC (Heating, Ventilation, Air Conditioning) of the buildings with these.

Side note. According to Ed Arens, 10% of world's energy consumption, equaling 1/3 of U.S. energy consumption, goes to the heating and air conditioning of U.S. buildings.

The percieved future of the MOTes was outlined by Ben Yoo (UC Davis) and Roger Howe. Their goal is to build systems with ultralow communcations power requirements, giving 1 Mbps with less than one microwatt. The approach is based on integrating CMOS and MEMS (Micro Electro-Mechanical Systems) together, to form reconfigurable signal processing systems that consist of both reprogrammable hardware and software. The effort aims to drop total power consumption, eventualy allowing the devices to power themselves autonomoysly even indoors, e.g. through energy harvesting or indoors solar power.

Paul Wright

Paul Wright described his efforts on distance learning and rapid prototyping. His has run and plans to run classes together with industry partners. The students design new electronic applicances, and they are actually prototyped using Berkeley's fast prototyping facilities. The emphasis is on design, i.e. user interface issues and actual physical design of the appliances.

Sahara and OceanStore are projects led by Randy Kats. They are directly interesting to my activities; e.g. trust management and behaviour verification are topics on Sahara.

Hal Varian presented very vividly his efforts on Mining the Web for economic data. Demonstrations can be found at fff.cs.berkeley.edu and footprint.

Down to San Jose

I was pretty exhausted after the meeting, but I still managed to drive to Hampton Inn & Suites San Jose, checking on the way whether there was anything worth buying at Fry's Electronics (there wasn't). The hotel was nice, I had free high speed Internet access in my room, and the pool was almost immediately next to the room. The pool was small, but still an evening and morning swim basically directly from your room was really enjoyable. The only downside was that the hotel was outside of the downtown area, in the middle of nothing, and it was somewhat hard to find: the address is somewhat misleading, driving directions are essential.

Wednesday June 12th

Visiting DoCoMoLabs USA

In the morning, James Kempf came to the hotel and we drove for a quick breakfast, continuing to DoCoMoLabs DoCoMoLabs USA office, located close to San Jose airport. James and I discussed mostly issues related to Secure Neighbor Discovery (SeND) BoF, planned for Yokohama. I was also able to synchronize my e-mail using their conveniently open outside-of-the-firewall WLAN.

The main part of the visit was my talk about HIP. I think everybody got a much better understanding what HIP is, but it also become clear that I need to add a couple of slides about the actual protocol into the presentation.

For lunch we went to San Jose Hilton. Food was OK but featureless. Grabbing a mandatory triple cappucino I headed towards Stanford University bookstore, spending there a couple of hours reading The Invisible Computer by Don Norman. Great book, highly recommended. Chapter 6, "The power of infrastructure", is especially related to Ericsson business and all systems and middleware kind of stuff.

Dinner at Tom Berson's

Tom Berson

I had the pleasure of having a dinner at Tom Berson's place. Tom showed me his ham gear, and we talked a little bit about trust, universe, and everything. Dorothy's mixed green salad was just excellent, and I learned how to eat baby artichokes.

Afterwards my drive south to Monterey was almost an adventure. I took a couple of detours due to sleep deprivation and lacking maps, but finally arrived at Monterey Marriot at 10:30pm.

Thursday June 13th

Lawrence Lessig

Larry Lessig

The Usenix Conference was opened with a keynote by Lawrence Lessig. I had never before had a chance to listen to him, and it was a joy. He is an exceptionally good speaker.

The speach itself did not contain any real surprices or new insights, as far as I remember. But that's only because I had already read so many of his writings. His basic message came out loud and clearly: We techies can't ignore the copyright wars that are going on. Basically, he drew a high number of parallels between earlier cases where the copyright law was challenged or extended, like when the congress set up a mandatory licensing scheme for cable TV companies, (the broadcasting companies were forced to license their content to the cable TV operators, at a price determined by the goverment), the fights when the VCRs were brought to the market, etc.

I do not want to repeat all his argumentation here. If you are not familar with it, you can check his website.

The rest of the day

I was pretty tired, and so the only talk that I listened to was about JX operating system, and only the send half of thet presentation. JX is an i386 operating system written almost completely in Java, and supporting only Java runtime. The talk wasn't that good, and the would have benefitted from some improvements. However, I found the talk quite fascinating from a long term development point-of-view. The fact that one can build microkernels using an object-oriented programming language is a fascinating one.

I had lunch at Fisherman's Warf, eating clam chowder in a sour dough bread, which seems to be local tourist attaction stuff. It was OK, but nothing especial.

I was very tired all the day. Thus, I went to my hotel room at 4pm to take a nap, and woke up the next time at 5am next morning.

Friday June 14th

I was hungry as a wulf when I finally got to breakfast by 7am. Thus, I ate a ton of bacon, sausages, a pouched egg, fruit, etc.

My presentation

My presentation was in the middle of the first Freenix session. While in the paper I write mostly about the technical details of our 802.1x implementation, in the talk I covered more the background and some lesson's learned. The talk wasn't any specific success, I could have made much better. Shees, maybe I am getting lazy.

Skipped lunch; I wasnt' hungry fater the large breakfast I had had.

People, people, people

Friday was my day for meeting people. First Peter Honeyman dug me up. He is a really nice guy, and for some strange reason interested about what I am doing. Right now he wants to implement a single sign on system that uses a cell phone and Bluetooth as the primary technologies. Extremely cool. IMHO, we should really put some cycles on this, and make sure he can fulfil his vision. Besides, I would like to use that system, too!

Next I bumped to Peter Collinson. I think I had met him last in 1986 or so in an EUUG workshop at Nice, but maybe later. He is still working as freelance consultance, mostly running websites with his own software. Among other things, he manages the Usenix website.

Teus Hagen is also one of the old farts from EUUG days. He and his pals used to run the Neatherlands part of the EUUG network, EUnet, sold it to Worldcom, and founded the Stifting NLnet foundation with the money they got. The foundation's goal is to fund open source projects.

I told Teus about HIIT's open source search engine idea, and he found it interesting. Thus, I'll try to put together Martti and him, and see if something comes out of that. It might also be a good idea to seek funding for our HIP work, maybe for Janne Lundberg.

Peter Honeyman also introduced me to Rob Pike, one of the real Unix guru's from AT&T Bell Labs. Rob is a really nice guy. For example, realizing that I am a Finn, he vent to utter "hyvaa paivaa" (good afternoon) and "yksi, kaksi, kolme, nelja, viisi, kuusi" (one, two, ..., six). He had been to Finland in 1987 at the EUUG boat conference, I guess, or in the late 1980's anyway.


One of the things we talked with Rob was Venti, a distributed block storage system. Very cool stuff. The basic idea of Venti is that you store blocks (not files) of arbitrary sizes. When you store a block in venti, it returns a SHA1 hash of the block. This hash functions as a handle to the block. That is, you give the system a hash, and it replies with the block.

Blocks are never erased in Venti. If the same block is stored again, the data is not stored again but the same block is reused. In this way replication and version management is very easy.

The only real trick lies in designing the blocking boundaries. For example, if you store digital video for editing, i.e. in an uncompressed or very lightly compressed format, you may want to store each image as a separate block. Sequences of images would be stored by putting the hashes of the individual blocks in a block, and storing that block. Breaking the sequences at suitable boundaries, e.g. whenever there is a cut, would allow reuse of sequences, as well. In that way the actual image data would never need to be copied, and most of the natural sequencing could be reused as well. Implementing Venti for Mac OS X looks like a pretty nice project...


Mary Baker hosted the Work-in-Progress (WIP) session. Apparently I was in a wrong conference since I didn't find almost any of the WIPs interesting enough to mention. The most interesting one was yet another talk about network security. In the conference WLAN, there had been the usual amount of clear text passwords, open Windows shares, port scanning, windows exloits, attempts to use scanned passwords on SSH connections, etc.

After the session I went saying Hello to Mary Baker, but didn't want to bother her more since I knew she was busy with her family.

Dinner with Angelos Keromytis

Rappa's Seafood Restaurant

Angelos Keromytis and I went to Rappa's Seafood Restaurant for dinner. I had their seafood combination platter. It was OK, but again nothing exception. Bad trip from the food point of view -- no good food, only average.

Basically, Angelos and I decided to write together a paper to next Financial Cryptography conference, to be held in Guadeloupe.

Reception at Monterey Aquarium

After the dinner I went for a short walk, trying to walk to the Monterey Aquarium over the hill, but failed. That is, I needed to came back to the shore line and the the walkway there.

The aquarium is just great. This time they had unsually large jelly fish exhibit, and I enjoyed it greatly. It was also interesting to learn that there is actually a very large underwater canyon, starting almost immediately outside Monterey. The exhibits also displayed a number of deep sea species.

Saturday June 15th

I tried to start the morning by following refereed track talks. Somewhat interesting, but not really worth mentioning, IMHO. Go to the proceedings if you are interested in geographical mapping of routers, proximity of web clients and their closest DNS servers, etc.

Bill Cheswick

Since the refereed track stuff was not that great, I went to a guru session to listen to Bill Cheswick. Entertaining and fun, but I was at least vaguely aware of most of the stuff. He is clearly more paranoid than I am, and relies more on old and simple software than I do, but maybe he has more to lose if someone hacks to his systems than I do.

At the end of the session he was asked to tell a story. It went like this. Bill was giving an invited talk in San Jose two years ago. He checked out his laptop for the presentation in good time, some 20 minutes before the talk was due. However, he needed to do some business in the bathroom, ventured to a quiet area in the hotel, and found a bathroom. He did his business, and came out from the stall. To his horror he found that the door was locked. He banged on the door, but no-one came to help. Fortunately he had some tools in his backback, so out he took them and managed to pick the lock. With sigh of relieve he opened the door, and indinigtly stepped into the janitor's room, only to notice that there was a door without any lock right on his back. The moral of the story: Make sure you are solving the right problem.

Bruce Schneier

After the break I went to follow Bruce Schneier's invited talk. His slides are excellent, check them. The main moral is that security is a part of the net, and the limits of security become the limits of the net. If you can't do it securely, you are going to stop doing it. To make the net a secure place, we need liability. That may cause problems for free software or small startups, but not necessarily. He also talked about the role of insurancde industry in the process. In his view, in the future security can be viewed as a city. We need a dynamic, very context sensitive definition of security that we revise all the time in our real life.

The discussion that ensued after the talk was quite interesting. In the following I've tried to distill some essential insights. Firstly, the issue of liability is really a question of a delicate interplay between government law and insurance companies. Law is never perfect. Matt Blaze has once said that Computer Science is a search for the truth, lAw is a search for the concensus. Bruce noted that in the current situation big companies are basically buying laws for themselves. There is no magical technological fix for that; we need a whole new legal infrastructure.

Niels Provost (Peter Honeyman's student) asked Bruce to clarify his claims about the affordability of security, and whether uniform (and therefore inexpensive) tools form a risk, leading to a situation where only the rich can afford real security. Bruce answered that in our real life non-digital society, everybody can afford basic security. Since we live in lawful society, the average person doesn't need walls and guards in their house. He acknowledged that systems of diverse types will be more survivable and more secure. However, we already now have just a few security products, not even hundreds or millions. For example, there are only three wide spread firewall products in the market. If there were more products, then heterogneity would really matter, but not in the current situation.

In many of his answers, Bruce emphasized that all solutions are imperfect. Legistlation is a random walk towards convergence. There will be spectacular failures. It takes time before we really understand the time and space shifting abilities of the technology. Furthermore, there will always be domains in the planet that do not fall into these legistlations. Maybe there will be good and bad countries, and a wall in between. Or maybe we can deal the situation in a way similar to how we deal with uninsured motorists.

One interesting idea that came up would be a mandatory individual liability insurance, that woudl come with your computer or ISP connection. Like mandatory traffic liability insurance. That might fit into the U.S. system, but I am personally sceptical about the European case.

In the end, Matt Blaze asked whether Bruce has any advice for the rest of us. He replied that liability is coming, sooner or later. The security problems will be solved through the legal framework. So, we should think how this interplay will affect us, whether we write free software or deal with standards. We don't have that lot of lobbying dollars. This is happening whether we like or not. We need to understand it and get ahead it.

Technical sessions

In the afternoon technical session there was one interesting paper, Robust Position Algorithms for Distributed Ad-hoc Networks by Chris Savarese from Berkeley Wireless Research Center (BWRC). His work is related to the Picoradio project going on at BWRC. In their vision, there is an ad hoc radio network of very small nodes, all nodes being equal other than some very few nodes (anchor nodes) know their location e.g. by GPS. Everything is distributed.

The problem in hand is estimating the geographical location of the nodes, using information about the locations of the anchor points. However, usually the radio range of the nodes is so small that they can't hear enough anchor points, often not even one. Thus, the nodes need to first estimate their location based on hop counts, and then revise the estimates based on estimates. A confidence factor comes to play as well, to detect bad nodes. However, that approach seemed to be collaborative and not able to guard against intentionally malicious nodes.

One of the intesting results was that if you range errors are very high, perhaps larger than 40%, refinement (as used) does not seem to help, but hop count seems to be relatively immune towards range estimate errors.

Special Closing Session

In the Usenix tradition, the last session is always something special. This time professor Michael H. Dickinson from UC Berkeley presented his research on How flies fly. Fascinating, given the very small number of neurons involved. Only through this kind of research one is able to understand how complex systems the evolution is really able to produce, and how the interconnections within such a system may look like almost wild and arbitrary, but they do work in a very efficient way.

After the talk, I was able to drive safely back to SFO, and got on my plan in time. This report was written mostly during the transatlantic flight.

Sunday June 16th

For me, Sunday June 16th did not really exist. That is, I sat on the plane, wrote this travel report, and worked on a paper for the forthcoming workshop on Trust Management and related issues.