If computers that cannot be hacked revolutionize the Internet next year, you can thank two guys named Eric who were just looking to get some sleep.
They come from a cyberspace neighborhood on the wrong side of the tracks–where the dull folks live. They’re the ones who design chips that run cell phones, pacemakers, home appliances and hundreds of other machines.
And, until recently, they didn’t mess around with the Internet. Now, the two former Motorola Inc. engineers–Eric Hauk and Eric Uner–run a consulting firm that hosts Web sites for clients.
And that’s where the problems began.
Hauk and Uner, engineers used to reliable equipment, felt like they’d been dropped into an alien land once they got entangled in the World Wide Web. Vandalism attacks kept the pair busy installing software patches to thwart hackers. They constantly were restarting crashed computers.
They were working weekends and holidays, but the worst thing, said Uner, was getting paged at 3 a.m. when things went wrong.
“We lived the reality of IT (information technology),” Uner said. “People don’t admit to the maintenance and security problems, but they’re overwhelming systems administrators. We decided there had to be a better way.”
So Hauk and Uner applied the same rigorous techniques used to design chips that run medical equipment to the computers that run the Internet.
Their first offering is a unique Web server built to run for months–even years–without human intervention. It has passed early government tests, and several federal agencies anxiously await servers from Bodacion Technologies Inc., the privately held Barrington-based firm founded by Hauk and Uner.
The reason their computer cannot be hacked and won’t break down, said Hauk, is its utter simplicity. It doesn’t have an operating system–the millions of lines of code that run most Internet computers–but relies instead upon a “kernel” of just 4 kilobytes of code.
The computer is stripped of bells and whistles, relinquishing some flexibility to enhance reliability. Bodacion’s philosophy of “less is more” is a radical departure from the other computers that support the Internet.
Embedded vs. enterprise
Hauk and Uner come from a field of closed, limited-purpose devices called “embedded computing” that in many ways is the antithesis of open-ended “enterprise computing” that spawned the Internet.
Bodacion’s central idea is to back away from the enterprise-computing mindset that has given the world the wonders of the Internet, along with its instabilities and insecurities.
“It’s a very deep break with traditional thinking in computer terms,” said Dave Brambert, president of Gilbert Information Systems, a security consulting and Web hosting firm in Bloomingdale.
“I’ve looked at hundreds of products designed to make servers reliable and secure, and this thing is unique.”
Hackers once were the computer elite, people who were able to find weaknesses in computer code as if working puzzles, Brambert said. But today almost anyone can commit computer vandalism by copying programs widely available on the Web.
Recipes intended to do vandalism won’t faze Bodacion’s server, he said.
“This has no operating system, so all the hacks on Unix and Windows mean nothing to it,” Brambert said. “We even went to the point of taking viruses and copying them onto the hard drive of this thing. It ignored them. Viruses don’t affect the code they wrote.”
Need questioned
Some express skepticism about what Hauk and Uner are doing.
“These guys may have an innovative approach,” said Joe Mambretti, director of Northwestern University’s International Center for Advanced Internet Research. “It’s an interesting idea. But to claim it’s unhackable is pretty bold. You never want to say that. Let it be proven first. It’s like a red flag to a bull.”
Mambretti also downplays the urgency for radically improving Internet reliability and security.
“There are very many quite reliable enterprise systems out there,” Mambretti said. “And some that are very unreliable. The No. 1 problem today is well known–system administrators not patching systems with the latest [software] updates.”
Historically, embedded-computer people have been electrical engineers who took a slow, methodical approach to designing chips, said Tom DeFanti, director of the Electronic Visualization Lab at the University of Illinois at Chicago. And enterprise-computing people tended to be computer scientists who wrote code to get programs working quickly.
“Those distinctions are fading,” DeFanti said. “Electrical engineers take some computer science now, and computer scientists take some engineering.”
In the Internet’s early days, there was little worry about vandalism, DeFanti noted, so the quick and dirty approach to getting things up and running made sense. But things have changed with the medium’s popularity and commercialization.
“To get an idea about the reliability of embedded systems, just think about video games,” DeFanti said. “Look at the Microsoft operating system, and how often it crashes. It’s getting better. Mine only crashes about once a week now.
“But I’ve watched Nintendo and have only seen the system crash once in seven years. That’s with kids hacking on it. Those things never die.”
Michael Davidson, who retired last summer as a major general in the U.S. Army, said that when he discovered Bodacion, “it was like the answer to a prayer.”
Awaiting test results
Davidson, who had worked in the Pentagon looking for useful new technologies, is a consultant shepherding Bodacion’s product through testing programs run by the government. When the firm gets its certifications, which could happen in a month or so, it will be able to sell products to federal agencies.
Many are eagerly awaiting the product, Davidson said, because unlike private companies, the agencies must provide Congress with information about the extent to which federal computer systems are compromised by vandals.
“A very large number of Pentagon computers have been hacked into,” said Davidson. “They want something to stop the hacking. They’re looking for anything that works.”
Brad Hessel, Bodacion’s chief executive, said he expects the firm’s server will start to gain traction with federal agencies by the end of this year. If the government tests demonstrate the product ends hacking, as Hessel expects, the company will expand its target market to banks and other financial customers.
Hauk and Uner think they can extend their embedded-based ideas to other aspects of the Internet, though acknowledging that these ideas “aren’t for everyone.”
Bodacion’s server, for example, can run only Java-based Web language. It cannot handle Microsoft active-scripting pages or any other language supported by most other servers, Hauk said.
“We determined that Java is the language used by most by our target customers,” he said.
Whenever one seeks to increase reliability and security, it inevitably requires giving up some flexibility, Hauk said. But many computer users may be eager to have that choice.
Indeed, Paul Saffo, director of the Institute for the Future, based in Palo Alto, Calif., said that reliability and cost have become the two top priorities among corporate chief information officers.
“Corporate culture wants reliability,” Saffo said. “If you can hand them a Web server architecture they don’t have to worry about, I don’t think that’s something they’d resist.
“People are just so desperate to have Web services that are affordable and reliable, they will happily trade loss of fine-grain control, especially since most people don’t do the fine-grain stuff anyway.”
