Copyright © 1995-2004 UKUUG Ltd

UKUUG

Newsletter Section 1

UKUUG News

Editor's Column

The SAGE organisation in the USA is going from strength to strength and it is sad that we have been unable to galvanise system administrators in this country in the same way. From my own personal experience I know what a vital role these people play and believe that as a mobilised group, they could be taken seriously as a profession. My own organisation horrified me recently when they floated the idea that (once the consultants sort out the network problems we currently have ;-) our Novell network of 150+ PCs could be administered by a secretary in her spare time!

My initial reaction was to merely listen, open-mouthed to the suggestion. The idea that system administration is just something that can be done as an afterthought, by a non-technical person, must be strongly resisted. Our system administrators need to organise themselves, to be heard and educate decision-makers. Otherwise we are going to continue to hear such ridiculous suggestions.

If you're involved in system administration, you may be interested to read the profile on page 23. If you care about your profession, why not contact Lindsay Marshall and help to resurrect the SAGE SIG.

Let me know your views on this topic - or anything else concerning the UKUUG - via my new e-mail address (see Contacts).

Report from the Chair

As a computing professional, I have been following the resistance to the Communications Decency Act (CDA) since President Clinton signed it into law. Many organisations consider that the CDA is the typical muddled Act written by politicians who have no understanding of the Internet. The broad spectrum of opposition to the Bill is spearheaded by the Electronic Frontier Foundation (EFF). They are joined by Microsoft, Yahoo, the Church of Scientology, and thousands of other organisations and individuals in bringing a lawsuit against the Bill which was filed on 26 February this year. The EFF maintain a number of web pages concerning the campaign. Their URL is given in our Web Site Directory on page 14. I wonder what would happen here if our politicians also tried to "clean-up" the Internet. Chaos probably.

We've moved!

We have finally completed the move of our computer services to the new Sun system (thank you SUKUG) at Owles Hall. Andrew Macpherson (UKUUG) and Gerald Newns (SUKUG) worked together with the staff at Owles Hall to make the system habitable. Andrew Macpherson also set up the various virtual domains and e-mail aliases. Martin Houston and I re-built the web pages. Now we're open for business. You can send us e-mail to ukuug.org . Our individual e-mail addresses are given at

the back of this issue with our contact information. As well as these, you can contact the following by e-mail:

UKUUG - ukuug@ukuug.org

Council - council@ukuug.org

Secretariat - office@ukuug.org

Linux SIG - linux@ukuug.org

Newsletter - newsletter@ukuug.org

London LUG - luug@ukuug.org

Webmaster - ukuug-web@ukuug.org

Our new web pages are now available at ukuug.org , (we've left a link at our old site, Birkbeck College, for the time being) with the following URLs:

UKUUG home page is http://www.ukuug.org

Linux SIG home page is http://www.linux.ukuug.org

Please visit our web pages and send comments, suggestions, brickbats, etc. to our webmaster, who will be pleased to receive anything!

Electronic Mailboxes

We are now ready to offer our members an e-mail alias for life (or until you leave the UKUUG :-). This alias will take the form xxx@ukuug.org , where xxx will be an individual name (such as mick.farmer ) or an organisation's name (such as bell- labs ). Contact your Secretariat (preferably by e-mail) giving your membership details, the alias that you'd like, and the target e- mail address. They will process the request and create the alias within one or two days. Any problems (such as an inappropriate alias or an invalid target) will be reported back.

WWW Home Pages

We are now ready to offer our members a free web page for as long as you are a member of the UKUUG. The URL will be http://www.ukuug.org/~xxx , where xxx will be an individual name or an organisation's name (see above for details). Send your home page to your Secretariat (preferably by e-mail) and they will process the request within one working week. One or more pages are acceptable as long as they don't exceed 512Kbytes in total (although we reserve the right to alter this quota at any time). Any problems (such as inappropriate material or invalid links) will be reported back. The UKUUG reserves the right to refuse, without explanation, any material not in keeping with our objectives.

Report from the Treasurer

You may like to know that we now have a formal contract in place with Owles Hall for the provision of administration for the next 12 months. The service to date, in my view, has been excellent (let me know if you think otherwise!).

Sadly, it has not been possible for me to recommend to the UKUUG Council that we renew our sponsorship of EurOpen. In

summary, historically EurOpen has provided a good service to our members. However, in my judgement, based on a review of the existing service provision and costs, our sponsorship is no longer viable. I have, however, recommended that we identify alternative ways of maintaining contact. I would be grateful if you would please contact me or Mick before the next Council meeting if you have any views, either way, on this matter, or if you would like further details.

Finally, if you have any concerns relating to any financial matter (regarding UKUUG that is...) please let me know.

For the last three years I have been involved with UNIX and, as an IT Auditor with the Bank of England, tend to concentrate on security. I am a member of both the Institute of Internal Auditors (IIA) and the Information Systems Audit and Control Association (ISACA). I currently chair the ISACA UNIX Special Interest Group.

Surfing and Serving the Web

This event will now take place on Friday 14 June 1996. Our keynote speaker will be Julian Ellison, who founded the BBC Networking Club and created the first BBC Web site. He and some other speakers will provide information on all aspects of the Web during the morning session.

The afternoon session will start with Julian talking about his new project "Murder on the Net", which is an innovative book, Web site, BBS and MUD, a murder mystery "how-done-it?" published by BBC Books in June. We hope to provide each participant with a copy of this book.

The event will be held in Central London with multi-media workstations available for hands-on use during the day. Further details will be announced on our Web page as soon as they become available.

Owles Hall On-line

In late 1994, it seemed like a good idea to get the user group Secretariat on-line. This was before the explosion of the WWW, but the hints were there. Gopher had suddenly transformed looking for files and documents, its mime capabilities were hinting at new possibilities, and the graphical ftp agents on Windows (X, PC and Apple). Add to this that we were beginning to think of using the technology to communicate with you faster and the imperative was there.

Jim Reid, then Secretary of UKUUG bravely volunteered to drive the project. He had some rapid successes, and was able to register both "ukuug.org" and "sunukug.org" domains. Simon Pool in Switzerland arranged for EurOpen.org. Jim then set about convincing JANET/UKERNA to give us a point of connexion; the user groups are, after all, not for profit organizations, so they probably fit with the restrictive use clauses imposed to prevent indirect subsidy by the taxpayers.

A year and a half later he was still getting a run-around. We decided to go with a commercial supplier, and as the person on the doorstep (I live 15 mins drive from Owles Hall) I took over the job. In the

meantime the technology had changed massively, and ISDN was a serious contender to provide the basic link. The sums go something like this:

*    A 64k permanent circuit will cost about £3k a year, and spend a lot of time idle

*    A switched 64k ISDN line costs about 5p a minute at peak rate (£11,300 a year for a continuous band "A" call), + £320 line rental

*    The ISPs charge about £2k more for a fixed link than for an ISDN dial-up link

*    The routers cost about the same

Therefore one has about £4.5k to spend on ISDN calls before a fixed link is cheaper. That's about four peak-rate hours per weekday, about eight hours at the weekends.

So what can go wrong?

ISDN calls, like phone calls, have a minimum charge. The minimum charge is usually offset against the duration of the call. One vendor is stacking the charges to make their system very attractive for video, and other long duration calls, and very unattractive for the typical IP user's profile, by making an explicit ISDN call set-up charge, then a low usage charge. Since the set up is the expensive part of any call this is actually reasonable (though not at the rate charged). Anyway there is a minimum period in which it is not a good idea to break the call, as there might be more data, and one might then have more than one minimum charge in the one period.

Only some of the ISPs will provide a call on
demand service, so that the Internet at large can access your services as and when required. This severely limits the choice of ISP.

Someone, somewhere on the net, might take a dislike to you and keep pinging you to keep your line open.

Of the ISPs who will call on demand, an even smaller subset will agree to filter the traffic which is permitted to open a call to you, to prevent your line being frivolously opened. The ISP will levy a one-off charge to instantiate the filter.

The bottom line is that the configuration of the router call parameters is critical to making good use of the technology, and this is discussed below.

For those of you who are interested, BTNET (members of both UKUUG and Sun User's Group) are not in the business of doing call-on-demand, having had their hands tied by Oftel. PIPEX, who give a technically excellent service, will call on demand, but will not run a call filter at their end, leaving one exposed. And PSI (a.k.a. EuNet-GB) will run the filter (for an extra £1000 set up charge). I've asked ThePlanet.co.uk about filters, but they have not got back to me. ThePlanet has a very much lower cost service offering than the big three.

The final setup at Owles Hall is not yet complete. We have an Ascend Pipeline P50 ISDN/frame-relay router, running with software release 4.5, which we bought from Chernikeeff. The ISDN local loop is provided by British Telecom, but we route calls over the Energis network (we have subscribed to their high use discount scheme). The current ISP is PSI Inc's English subsidiary EuNet-GB.

I'm afraid we're difficult customers, as, knowing some of the pitfalls, we know what we want, and what we want is not the current standard package. This manifests itself in many ways for instance we do want control of our DNS, rather than having it modified for us at arm's length. Yet we don't want to have the line opened every few minutes for someone to look up an address, or a canonical hostname. In the standard scheme of things there are but two scenarios:

*    We run DNS as primary, and have NS records for our own server, the ISP shadows but we take the hits on the line; OR

*    The ISP runs as primary, will not take zone files from you, even by mail, but insists on entering them itself. You do not show in an NS record, but the line then never opens for DNS queries

The preferred solution is of course a compromise where we can control the data in the zone file directly, without the line being opened for every lookup.

Rules for ISDN calls

I've mentioned that managing the call setup and sustain is important to minimize operating costs. Ascend routers are well suited to ISDN support of Internet links or SOHO (Small Office/Home Office) situations. The router works by applying two filters to the ISDN link:

*    The Data filter. This filter controls what data may pass. If you want to block X11, NFS, portmapper or any other well known point of vulnerability, this filter would be where to do it.

*    The Call filter. This filter controls which packets count as traffic for keeping a link open, and which packets should trigger a call if the link is down.

All packets have to pass the Data filter if they are to be forwarded. Those packets which pass the Call filter also will reset the call timer, or place the call. If the call timer ever times-out the call is dropped.

Most of the rules were worked out by Simon Kenyon of the EurOpen Executive and Koala Systems in Ireland, and were modified to suit Owles' UK operating environment.

To set up the data filter we had to decide what were the services we wanted to support from the Internet. Start with the answer none and then add only what we really need. We concluded that the set was small:

FTP (control and data), Secure shell (see http://www.cs.hut.fi/ssh/ ), Telnet, Mail and HTTP.

We also needed asymmetric DNS which Owles should be able to call to resolve addresses, but should only be called by its secondaries for DNS zone transfers.

Web Service

We find ourselves in the classic Internet Presence Provider scenario. The organizations serviced at Owles all have their own domains, so it would not be acceptable to have URLs of the form http://www.owles.co.uk/~sunukug . We needed per organization hosts, or at least virtual hosts. This is, thank goodness, no longer rocket technology, but is well documented at http://www.thesphere.com/~dlp/TwoServers/ . The

harrowing part of adding the new VIF drivers to a kernel is always that first reboot. One can test it out on a local machine, but then comes the point when one wants to reboot the machine on the far end of an ISDN line.

I took the safe way. I waited till I had Jane on the phone, sitting in front of the machine, ready to type "boot vmUNIX.old", but fortunately this was not needed.

Linux Users Group Meeting

On the evening of 20 February 1996 some 35 people of assorted backgrounds gathered in the Manchester Computing Building, were greeted by David ("Nobby") Clark and Dave Gilbert, and dispersed to various corners of the room to meet, talk, try out things on the several computers available, and operate the powdered-drinks technology; and did that until about 10pm when Owen LeBlanc called time.

Everybody said that this completely informal event was very enjoyable and very interesting, so it seems to have been a great success.

Quite a few people came from fairly far afield: to these especially, and in any case to all who came, thanks for turning up and contributing to a good evening for everyone.

We are currently in the process of making arrangements for our next meeting.

Linux News

Linux-FT offers more than the now almost de-facto Linux archive CDs and applications, more than just another proprietary packaging system. Certification provides users with real proof that Linux-FT has been tested and that there will be real consistency between this and subsequent releases. Certification removes the guesswork from selecting a quality, professional distribution. Certification proves that the distribution really has been tested and actually works.

POSIX Certification for Linux

Linux-FT is the first distribution to be certified against the POSIX.1 FIPS 151-2 standard. Developed as part of the continuing process towards full UNIX certification, Linux-FT is the only release that offers the following unique features:

*    POSIX.1 FIPS 151-2 Certification. Linux-FT is the only Commercial distribution to be Certified to ISO/IEC 9945:1990 POSIX.1 FIPS 151-2 by the National Institute of Standards and Technology (NIST) in the USA

*    POSIX.2 ISO/IEC 9945-2:1993 Preview. A preview of the forthcoming POSIX.2 certified release of Linux

*    Developed against proven Industry Standard Test Processes

*    ISO/IEC 9899:1990 Standard C (ANSI C) Conformant C Compiler

*    ISO/IEC 9899:1990 Standard C Conformant MATHs Library (libm) which has passed the XPG4 test suite

*    libc-5.2.18 extensively enhanced to meet POSIX.1 Certification and the XPG4 preview. This version of libc contains the "normal" features (such as multi-threading) found in the libc available on the Internet.

*    XPG4 certified shells and other routines and functionality

*    Over 200 major and minor bug fixes for POSIX.1 Certification

*    The 1.2.13 kernel certified POSIX.1 Kernel 1.3.59 passed certification tests

*    Adaptec 2940 series device drivers built into the standard 1.2.13 Certified kernel

The POSIX.1 Certification represents a milestone in the development of Linux providing the proof that Linux is a tested product conforming to International Industry Standards. Eliminating the confusion caused by the misleading (POSIX) message displayed by other Distributions, POSIX.1 Certification identifies which level of POSIX certification is provided with the supporting Conformance Documents.

Testing

For the first time, it is possible to prove that a Linux distribution has been tested. In addition to the problems located and fixed during the development of the C89 compiler and the MATHs library, over 200 bugs (major and minor) were located and fixed during POSIX.1 certification. You can read more about Linux Testing on the Linux-FT WWW pages in the Testing section (under "The Emperor's Clothes") which is also available via ftp in the pub/Linux-FT directory (and e-mail by request). Proving that Linux has been tested has always been a problem, partly due to the almost total lack of validation test software and the associated test results released with the components that comprise a Linux distribution and partly because it is almost a taboo subject.

POSIX.1 Certification requires that Linux be tested by a Certified Laboratory registered with the NIST (National Institute of Standards and Technology). It proves that Linux is tested. Proof that it has been tested against a real International Standard. You can obtain a copy of the Linux-FT entry from the NIST's mail-server on: posix@nist.gov with the line: send 151-2reg. Again, more information on Linux Testing can be found on the WWW pages.

X/Open Membership

The group developing Linux-FT have joined X/Open, the international open systems standards organization wich manages the Single UNIX Specification and licenses the UNIX trademark.

9899:1990 C Conformance

We have put this at the start of the specification as it represents a significant step forward in making Linux more conformant and far more consistent and stable. In case you think that C standard

conformance is of purely academic interest and not important for your work, just try the following small program on your Linux system:

#include <stdio.h>
int rtime;
int main()
{
    printf("%d\n", rtime);
    /* Should print "0" */
    rtime = 1;
    /* Should not crash */
    return 0;    
}

This program conforms to the C standard, to POSIX, to XPG4 and the Single UNIX(R) specification. It should print "0" and exit.

Try to compile this program with shared libraries and statically link it and observe what it does.

gcc a.c     for the shared version
and
gcc -static a.c    for the static version

It will probably compile without warnings. But it will print a nonzero number, and if you link it statically or use a non-Standard C conforming ELF compiler it will crash when it tries to assign to the integer variable 'rtime'. The problem would be less severe if the compiler gave at least a warning. Or if the program would crash when started. But the bug will only occur when it accesses 'rtime'.

This is caused by what is called "name space pollution". The symbol 'rtime' happens to be in the C library. You might know this. But do you also know all other symbols defined in the C library? Given the speed at which Linux changes, can you keep track of all the symbols in all the libraries you link against? It is like Russian roulette: for each symbol used, there is a small danger of a name clash. The more symbols are used, the larger the total danger. Of course, if the problem occurs in the main code path of the program, it may be possible to find it during testing and rename the symbol. But imagine a bug like this in a seldomly used and never tested code path, e.g. error recovery. This makes a nice time bomb. It makes for unstable, unreliable and un-supportable products. Problems like this happen in real programs. We found in excess of 10 programs in the Linux-FT distribution which crashed with the old C compiler, the small test program above is a condensed version of one of them. A large commercial package crashed, too; and we do not know how many more of these bugs were still hidden, waiting for the unsuspecting user to crash their application and maybe the system as a result.

Other Distinguishing Features

Linux-FT is unlike any other distribution you have used before. Containing many new and revolutionary features not present on any other product, with a full range of variations to suit almost every conceivable application, it has set new standards of conformance and excellence. The full package comprises an excess of 6 CD-ROMs and a complete integrated Motif development system.

At-A-Glance-Reference

*    Runnable from the CD-ROM

*    Copy-cache makes installation a truly hands-off affair

*    A full implementation of NIS/YP

*    All new Boot Manager

*    An easy to use X based admin tool

*    All ELF distribution

*    1.2.13 A Kernel version with quotas compiled

*    Demos of commercial applications
*    Window Manager - Option for an ELF format Motif mwm runtime license

*    Option for a preconfigured and integrated Motif runtime and development system

International Language Support

Linux-FT is available in the following languages:

*    English
*    French
*    German
*    Japanese (in development)
*    Korean (in development)
*    Italian

Note that large parts of the system and manual pages may remain in English.

SCO Binary Compatibility

Better still, Linux-FT allows you to run SCO binaries with the iBCS library (due to time and other practical constraints, it has not been possible to test this with all SCO binaries, but we do know that Informix, Word Perfect and Frame work).

Linux-FT is available via FTP for free(!), although it is a rather long ftp session! You can browse the file-system on:

ftp.lasermoon.co.uk:
    /pub/distributions/Linux-FT
ftp.open-linux.com:
    /pub/Linux-FT

or get more information on:

http://www.lasermoon.co.uk
http://www.open-linux.com
http://www.infomagic.com
http://www.to.de

(If you would like to mirror Linux-FT, please contact Lasermoon in the first instance).

You will also find the source to the manual, errata, support questions/FAQ's etc in same directory.

Lasermoon Linux Offer

A POSIX.1 Certified Linux-FT and a Dr Linux for the bargain price of £40.00 + £8.00 delivery + VAT = £56.40

This is a discount of about 50%. In addition we still offer a flat discount of 20% to UKUUG members or 10% to educational establishments and students, the exact deal being:

*    Proof of status is provided at time of order placement. Refunds will not be given after delivery.

*    This offer applies to products that are not already discounted or bundled.

*    We reserve the right to cancel, modify or remove all or any part of this promotion at any time without notice.

Regarding the nasty thread in the linux-uk newsgroups about Lasermoon's delivery service, the problems that existed many months ago have been resolved.

Please ask us about any concerns you have rather than looking at uninformed gossip on mailing lists.

We look forward to providing you with simply the best Linux products available!

Relevant numbers are listed on the Contacts page.