This is a long overdue post. I had the opportunity to have dinner with Mitchell Ashley, CTO for StillSecure, when he was in the Boston area recently. Apparently good clam chowder is somewhat of a rarity in Colorado. I had met Mitchell at the security bloggers meetup in San Francisco. Mitchell is one smart cookie. I had a great time talking about this crazy industry we call home. It was very informative for me. We spent a bit of time discussing Cobia as well.
Cobia is StillSecure’s implementation of Mitchell’s Unified Network Platform vision. In a nutshell the Cobia team has taken a bunch of Open Source network applications (think DNS, DHCP, routing, firewall) and integrated them under a modular architecture which is then wrapped in a very nice User Interface. I’ve been playing around with it for a few days and I have to say I like it….a lot. The idea makes sense to me. It’s built on a stable platform (Linux) with time tested applications and has an interface that a junior network admin can easily handle. I think that is an important aspect that many of my more Linux savvy friends find un-necessary. If I want to run a Linux DHCP server instead of an MS one I would rather not start editing .conf files in VI to do it. Sure I can do it, many people don’t have the experience to do it properly. A good UI will provide some input validation that will keep that fat finger error from crashing the service. The modular architecture provides other developers a platform to build additional functionality into Cobia. Since the architecture is open, any new modules should look like native applications in the UI, if the developer follows the modular spec.
Cobia is released under a license written by StillSecure. They are not using one of the OSI approved Open Source licenses. This has been the source of some sharp criticism. Many people are saying that Cobia is not an Open Source product because of this. If your definition of an Open Source application is one that is licensed under an approved OSI license, then Cobia is not Open Source. I can’t say for sure why Cobia was released under their own license rather than an OSI one…..but I have a good idea why. They probably did not want it to become another Snort or Nessus where companies are making money off a commercially sponsored Open Source application and then not contributing back to the application. That’s why the latest version of Nessus was not GPL and why there is talk / rumors of Snort 3.0 following suit.
In Cobia’s case…..IT DOES NOT MATTER…in my not so humble opinion.
Under the licensing you:
Have access to the source code
Can use the product for free (both commercial and non-commercial uses)
What more will the majority of users require? The Cobia license prevents people from taking the source and selling a commercial application. With many of the OSI approved licenses, like GPL, you can take the source and create a commercial application. It seems to me that the only people who would not like the license would be the ones who want to make a buck from the source code.
Cobia is worth taking a look at. If you are looking to setup reliable network services for the cost of a server, this is a good option. You can even grab a VMware image for either Windows or Linux host machines.
–Chris
Technorati Tags: StillSecure, Cobia, UNP, OSI, GPL
Leave a Reply