Gene Spafford

Gene Spafford

Professor (Purdue University), security expert

Posted

Filed under:

Who are you, and what do you do?

Eugene H. Spafford (known as "Spaf"). I'm a professor at Purdue University, and Executive Director of a university-wide institute named CERIAS. I also teach, advise graduate students, and supervise research. During my 30 years in computing - including 25 years as a faculty member at Purdue - I have worked on issues in privacy, public policy, law enforcement, software engineering, education, social networks, operating systems, and cyber security.

I'm also involved in a number of other activities: serving as Editor-in-Chief of the oldest computer security journal, Computers & Security, member-at-large on the ACM Council, chair of USACM, member of the USAF Air University Board of Visitors, and advisory boards for the US Naval Academy, the GAO, and Sandia National Lab. I've testified before Congress and been to the White House, among other things. I travel a lot for all my various positions. I've been fortunate to do many really interesting things, although it has all involved a lot of hard work, too.

I try to fit in time for my family, and some hobbies including reading, writing, watching bad movies, listening to music, and gardening (in the summer). Most of the time I regret not having enough spare time!

What hardware do you use?

One of the nice things about working in computing at a university is I have access to a lot of equipment in addition to what I have purchased for my personal use. Because of all of the various things I do, I need a variety of different systems.

My usual day-to-day computer at the university is a relatively new 15" MacBook Pro with SSD. I have been using Macs since 1987, and I generally get a new one every 18-24 months. I have duplicate 22" monitors & input devices in the two offices I work in, and I simply dock the machine to get my work environment. I have an OtherWorld Computing RAID storage server in the office to do automatic backups whenever I plug in.

When I'm traveling I use a recent MacBook Air for taking notes, email, checking things on the WWW, and presentations. It doesn't have a keyboard I am comfortable using for extended writing. When I travel outside the US to a country where I am concerned about the overall security of my laptop (either theft or snooping), I take along one of several "disposable" ASUS EE PCs running Ubuntu. I can read mail, show presentations, and surf the WWW just fine, and if the machine is stolen it is not significant economic loss. (I also carry along cable locks, etc.)

Depending on what research I'm working on at the university, I have an array of other equipment I can use. I have an older HP laptop that will dual-boot in Windows 7 or Ubuntu. We have a set of servers from HP and IBM that are running OpenSolaris and several versions of Linux and Windows. We also have some servers running OpenBSD. All the servers are up in racks in a protected machine room that I don't go to very often, so I'm not even sure what models we have - we have a great staff that ensures it is all running well. My students and staff all have workstations or laptops of one sort or another, and we network everything together with switches and routers from Cisco and HP.

For my advising, consulting, and personal use, I have a 21.5" iMac at home as my main machine, with a Mac Mini to provide some limited network services. I have a Lenovo ThinkCentre that I use for OpenBSD, and a brand new HP Pavilion dv6 for Windows 7 use. I have an Epson Workforce 545 for printing and faxes, along with an older HP Photosmart color printer. I could use the Epson for scanning, but for quick scans of papers I use a Fujitsu ScanSnap, and I also have a flatbed Epson 1660. I have another OWC RAID server to keep backups of the home machines.

In at the university we have a half dozen laser printers of all sorts, and I have a duplicate ScanSnap and Epson 1660 on my desk.

If all that wasn't enough, I also have an iPhone, and a Gen 3 iPad that usually travels with me to campus meetings.

Oh, and there are some other items with various firewalls and security involved, but I won't list those. :-)

And what software?

Much of my work online is email-based, and I use various mail programs for that. I also use Safari, Firefox and Chrome for WWW access. For text processing I use Apple Pages, TeXShop and LaTeX, and (rarely) MS Word. For numerical work, I use Apple Numbers and MS Excel. For presentations I use Apple Keynote and MS Powerpoint. I will rarely use the OpenOffice programs instead of their MS alternatives. I use Evernote, 1Password, Dropbox, and a bunch of other Mac utilities. When I can't find something I need, I will write up a script in Kshell or Perl, or (sometimes) in C. A lot of my backend software (mail server, WWW server, file storage) is on a server maintained by university staff, or on my OpenBSD server (not on the net).

I run Parallels on my Macs, and in that I run Chrome, OpenBSD, Windows Vista, 7 and 8, OpenSolaris, Ubuntu, RedHat, and (sometimes) Knoppix.

So, why all the different systems? Well, most of my work can be done in a small set of utilities on a single system. However, I sometimes switch up to test out various other software, to create a "moving target" for my security research, or to match an environment where I'm working.

I also run some honeypots and a variety of security systems, but I'm not going to talk about those. :-)

What would be your dream setup?

I already have most of what would be my dream setup. What I would like is to have it all in one location - maybe a dedicated server room in my house so I could take a break whenever I wanted to go do something else - but with some part-time staff to help keep it all up-to-date. For me, the key is not a particular thing, but a regular stream of refresh so I have the latest hardware and software along with some of my stable standby systems. The room would have both a standing desk and a comfortable recliner chair with swivel desk, a big screen TV, and a serious audio system so I could have something entertaining in the background while coding or writing. A dedicated coffee machine, too.

Of course, the ideal setup would be if I were independently wealthy so I could set my own schedule to have time to play with all of that! But even if I was independently wealthy, I'd still want to do some of the travel and teaching - I like the research, but making a difference for people means more to me.