The Second Semester

OpenSSH Logo

During the master’s program, I gradually went deeper into the world of information security. It was a time of transition from Telnet to safer protocols like SSH. While following that discussion, I discovered OpenBSD and its promise of being a secure-by-default operating system. Its developers would later create OpenSSH. I started reading more about OpenBSD and even following the developers’ mailing lists. Around that time, the idea also came up of creating a lab for the Unicamp cryptography group. We got hold of a somewhat old SUN workstation and I suggested installing OpenBSD on it. It worked for a while, until we got better equipment.

One of the things I wish I had done — and which ended up not happening — was to contribute to OpenBSD development. I wasn’t sure how to get started, didn’t have enough experience to navigate the source code, and didn’t yet understand how a collaborative, distributed development process worked. The project definitely stirred my curiosity about secure software, but that wasn’t where I got to practice it. It’s a shame: I believe I would have learned a lot if I had actively taken part.

I already had some history with the BSD world, and I remained a fan of OpenBSD. A few years later, I even used it at home, on my personal computer. But, as my friend Sapujo used to say, “Unix on the desktop and Windows on the server are choices that take a good amount of effort.” And BSD really lived up to that saying.

In the second semester of the master’s program, I took a computer networks course with Professor Paulo Lício. I learned a lot about the structure of TCP/IP networks, but what stuck with me the most was the emphasis he put on DNS, the system that lets you use human-friendly names to access services on the internet. The actual address is an IP address, similar to 192.168.1.153, which is hard to memorize; DNS solves exactly that problem. It’s much easier for us to remember google.com than to remember a sequence of numbers. On top of that, the course also covered topics like proxies and important aspects of secure software development. Of all the courses I took across the universities I attended, this one may have been the one that gave me the most practical foundation for my professional life.

During that period, while studying e-commerce and security issues and following the rise of Java both in industry and academia, I ended up combining ideas from a conversation with my advisor with things I had seen here and there. That produced one of the papers I most enjoyed writing. The idea was to merge Java’s promise of on-demand execution with electronic payment systems to create a pay-per-use model for software. That is, instead of paying a single expensive license, as was common, the user would pay per execution, per time of use, or via a subscription. Keep in mind that cloud-based software as a service did not exist yet: the software would run on the user’s machine, not on a remote server, even though an internet connection was needed to fetch it before execution. I even implemented a prototype that authenticated the user, downloaded the Java classes, and ran the program.

At the end of my first year of the master’s program, my life changed drastically — but that’s a story for another chapter.