[UKUUG Logo] Copyright © 1995-2004 UKUUG Ltd


Table of Contents Next


Editor's Column

(Susan Small)

Sue I am delighted to be bringing you another bumper-packed issue of the newsletter, with thanks to all those who contribute so freely of their time.

As always, Steve Talbot gives us pause for thought about where we are heading - I for one do not want to be contactable by email via my mobile phone when I'm sitting in the pub.

It is also good to see you making use of the letters page - this could be a useful service to members who wish to buy, sell or swap items.

There are even cartoons which I hope will raise a smile (both books are also reviewed in this issue) and there are pointers to some of the more wacky web sites out there (banana labels indeed :-).

Finally, the sad news about Pkzip's creator.

Have a good summer (it should be starting soon, I hope).

Chairman's Report

(Charles Curran)


Thanks to all those of you who have renewed or taken out membership, the others will just be receiving a reminder letter this time. We welcome all new members and encourage you all to participate in the group's activities.

UKUUG's Council -- David Hallowell, Mike Clinch, Drew Durkin, Alasdair Kergon, James Youngman, and myself -- has been meeting every couple of months in London (an especial thank you to the three northerners who spend either end of those days on the train) and trying to keep the group running but we would appreciate there being more participation so that we can do more.

We are particularly interested in fostering local groups and welcome any effort you may be able to spare in organizing such. Likewise, we welcome your ideas on any other items that you would like the group to provide. We are still contemplating changes to the newsletter to make it even more relevant, and attractive to members... By the next issue, we also hope to have a web journal/log...

I have been asked to remind you of UKUUG's mailing lists: email a message containing the word help or lists to majordomo@list.ukuug.org, or check out http://www.ukuug.org/cgi-bin/majordomo.

SANE 2000 -- report by Ray Miller inside -- the follow-up to the 1998 conference, was once again organized by NLUUG in Maastricht; it was held on 22-25 May. There were 500 participants, with >100 from outside NL. I managed to hold interesting discussions with other groups and agreed to establish links with them once again. Once upon a time the European UNIX groups coexisted with EUUG, which became EurOpen, but that burnt out. We hope to establish a lightweight network for the various national and other groups. Similarly we hope to introduce better connections with (the US-based) Usenix, including a cheaper and easier way to become members.

At the beginning of June, we had a stand, sponsored by Alcove, IBM, Perforce, and Wrox (thanks, guys), at the LinuxExpo 2000 exhibition at Olympia. It was busy with a lot of interest being shown in the group.

Elsewhere in this issue and in your mail you will see that we are organizing another Linux developers' conference, this time near Hammersmith, West London, on 7-9 July.

The AGM has been booked for 6:00pm on 21 September at the University of London's Institute of Education. Details will be posted out later in the summer. Currently the Council is constitutionally limited to six but we hope to change that. Please do come along and help organize the group.

Please email all your suggestions to ukuug@ukuug.org.

News from Owles Hall

(Jane Morrison)

Jane The UKUUG Linux Developers Event looks to be a great success and if you haven't already booked a place, please see the events section for details of the up to date programme and booking form. You will have unfortunately just missed the early bird delegate rate of just £75 including VAT - but even at £100 plus VAT - it really is an event that you cannot afford to miss!

Josette will be there giving discounts on the O'Reilly books, WROX Press will attend and also give discounts, SuSE LINUX Ltd. and Debian have also booked table-tops.

There are still a few table-tops left - if your company is interested please contact the Secretariat.

I would like to say thank you to all the UKUUG book review team who worked their way through quite a few titles since the March newsletter - see the book review section below.

Due to the amount of work the Council has put into the Linux event July I am afraid there is no CD this time - if anyone thinks they could help out with ideas for UKUUG CDs, and help with putting the actual project together each quarter the UKUUG would like to hear from them - please contact the Secretariat.

The next UKUUG Council meeting will take place on Tuesday, 30th May in London.

We shall be on the .org stand at LINUX Expo - 1st & 2nd June - London. LINUX for the Enterprise - is being held 7th - 9th July. AGM - September - actual date to be advised shortly.

So you see it's quite a busy time.

SANE 2000 Conference Report

(Ray Miller)

The Second International System Administration and Networking Conference (SANE 2000) took place from 22-25 May 2000 at the Maastricht Exhibition and Conference Centre (MECC) in the Netherlands. More than five hundred delegates from twenty-seven countries descended on the MECC for the conference, organized by the Netherlands UNIX User Group and co-sponsored by USENIX and Stichting NLnet.

The conference was preceded by two tutorial days, with topics including Sendmail configuration, delivered by Eric Allman, author of Sendmail; IPSEC and FreeS/WAN, by Hugh Daniel of the Linux FreeS/WAN project; DNS administration, by Jim Reid of Nominum; and firewall technologies, by Jos Vos of X/OS Experts in Open Systems.

The main conference began with a keynote address from Brian Reid of Bell Labs, entitled Blame Allocation: the key to successful system administration in a world in which absolutely everyone uses the Internet and absolutely no one is in charge. He discussed administrative boundaries: with many entities involved in information delivery (particularly with the advent of wireless Internet and WAP phones) there are many boundaries and you have no control over other people's systems. Who do you blame when something goes wrong? The lazy solution is to buy everything from one vendor, but this brings its own problems: computer viruses; license fees; implementations not conforming to standards or subject to public review; monopoly plans not consistent with your own.

He also had some interesting ideas on infrastructure for information delivery: maybe one day we will all have a data meter in our homes just like we now have an electricity meter. Telephone, Internet, and television will all come down the same wire, with different companies competing for our custom and delivering over the same physical channel - as is happening now with the power utilities.

Another of his messages was that good marketing can sell bad software: sometimes the name is everything. We should use a single brand name to stand for "not controlled by a monopoly." Will Linux and FreeBSD find a way to combine forces?

After the keynote the conference split into two main streams of technical presentations with additional BoF (Birds of a Feather) and WiP (Work in Progress) sessions.

The first technical session I attended was Confining the Omnipotent Root by Poul-Henning Kamp of the FreeBSD project. He talked about the FreeBSD jail facility that allows an administrator to partition the system into separate virtual machines, or "jails." Management capabilities for each virtual machine environment can be delegated, but a privileged user in a jail cannot affect the parts of the system outside their virtual machine. This is a very useful feature for ISPs and the like who offer virtual hosting. During questions at the end, Malcolm Beattie pointed out that the FreeBSD jails are a special case of the "compartments" element of MAC (Mandatory Access Control) that he has implemented for the Linux kernel.

The next two technical sessions concerned cryptography: How to Ring a Swan by Baastian Bakker; then Architecture for Secure Multicast Communications by Rüdiger Weis. Baastian's talk covered methods for storing private key information on an iButton device, rather than in a configuration file, while Rüdiger talked about adding security (strong cryptography, real-time streaming, and reliability) to multicast applications, based on OpenPGP and RTP (Real-time Transport Protocol). These talks are described in detail in the conference proceedings.

In the afternoon I attended the Linux High-Availability BoF session. Alan Robertson talked about the goals of the High-Availability Linux project: ...to provide a high-availability (clustering) solution for Linux which promotes reliability, availability, and serviceability (RAS) through a community development effort. He discussed software that is currently available, and things planned for the future - which include a port of SGI's FailSafe to Linux. This was not a formal presentation and there was some audience interaction, as well as some disagreement! This session was of particular interest to me as my job includes administration of the Linux cluster, Herald, that provides mail store and web-based email access to staff and students at Oxford University.

The final technical session of the day was Bastille Linux: Security Through Transparency, presented by Jon Lasser of the University of Maryland, Baltimore County (UMBC). Jon was hired by UMBC to tackle the problems of Linux spreading rapidly throughout the University network: Linux is easy to install, but hard to administer (securely). An environment with inexperienced administrators, applying security updates infrequently (if at all), lead to wide-open systems and frequent break-ins. Bastille Linux was originally intended to be a Linux distribution that improved security over existing distributions. Instead, a hardening script (based on the RedHat distribution) was developed. More information about Bastille Linux is available from their home page.

In the evening came the conference social event, held at La Bonbonnière in the centre of Maastricht. This included free pinball; live music from The Konkoma Maximum Love Open Source Software Orchestra - a salsa band dressed as penguins; plenty of food and drink; and the American comedy act Boom Chicago! In the Netherlands, beer is served in 1/3 litre glasses with a large head, and on hearing that I was English (or perhaps prompted by my frequent appearance at the bar) one of the staff commented that I must find their beer glasses very small!

The second conference day began with Thomas Fehr, co-author of YaST (Yet another Setup Tool) and one of the founders of SuSE Linux, discussing automated installation (and configuration) of Linux. This was another talk of particular interest to me: I haven't looked closely at any of the automated tools before, but have been prompted me to take another look at RedHat's kickstart utility.

Next came two talks on packet filtering. The first covered IP Filter, a packet-filtering engine available for *BSD and Solaris. This was a technical (but interesting!) talk concentrating on the new state engine in IP Filter. The second discussed a new, rule-based interface to the Linux kernel for packet filtering, which enables implementation of flexible, fine-grained firewall rules. Development moves quickly in the Linux world, and while the first pre-release of the 2.4 kernel has just been announced, the author's patches are against 2.0.34. The example given in the talk (of firewalling an FTP server) was of a policy that would be better implemented by the FTP daemon. Again, details of these two talks appear in the conference proceedings.

After lunch was a talk by Mark Burgess of Oslo College, Evaluation of cfengine's immunity model of system maintenance. The author pointed out that his interest was primarily academic: cfengine was developed to help study system administration and not as a practical tool (although some people find it useful). As the title promised, the presentation concentrated on the "immunity model" and I left the talk still not knowing what cfengine might do to help me in the job of system maintenance!

This was followed by Deploying (and Developing) Free Software for Network Administration, a talk by Alexios Zevras of Athens University. He described two projects he had been involved in: Cordial, a system for administration of a dial-up access service; and an as-yet unnamed system for monitoring and reporting the status of various servers and services. He described some of the advantages of custom software over the commercial alternatives (focussed functionality and familiarity of administrators) and of component-based systems over all-encompassing (hence very large) software solutions.

One of the most entertaining technical talks came at the end of the second day: Crypto Blunders by Steve Burnett of RSA Security Inc. Steve described some of the mistakes people have made over the years in their use of cryptography: putting a back door into the product; implementing the algorithm incorrectly; using a one-time pad more than once. The talk was spiced with amusing anecdotes and the presenter didn't shy away from pointing the finger (although he has promised some of those concerned that this will be the last time they are mentioned).

It wasn't possible to attend every session, but they were all recorded on video and available for viewing throughout the conference. Sessions I missed included: Wireless Internet delivery; Future directions of Sendmail; Cricket (Web TV); NFS version 4; Modern file systems and storage; An experimental tool for visual data mining; DNS-SEC; Usenet news system. There was also a vendor exhibition where hardware and software vendors, support services, Linux distributors and booksellers displayed their wares.

The conference closed with thank you speeches to the organizers, volunteers, and speakers, and an award for best paper given to Brian Pawlowski for his presentation on the NFS Version 4 Protocol. Finally came the zany inSANE quiz, which got off the ground after some problems with a Perl script and X configuration. Quiz topics included assembler instructions; Monty Python; SCSI commands; cartoon characters; programming languages. Contestants bent their minds to questions such as:

The quiz master claimed to have all the answers in his head!

As well as printed proceedings, T-shirts and other goodies were to be found in the conference packs. I wonder how many red faces were seen coming through airport security on the way home - the baggage checkers at Maastricht told us they'd found at least a dozen people with handcuffs in their bags: security in a box from tunix.

The MECC provided excellent facilities for the conference, and Maastricht the ideal setting - with good transport links, first-class hotels and restaurants, and - although served in small glasses - good beer! Everyone I encountered spoke excellent English, and I felt ashamed that I couldn't even say "thank you" in Dutch. The conference itself was well-organized and offered a good selection of talks, with something for (almost) everyone. Good attention was paid to detail, with a conference badge entitling you to free travel on the local buses. I'm looking forward to SANE III, which is planned for about eighteen months time. Perhaps by then I'll have learned some Dutch!

Copyright (C) 2000 Ray Miller.
Verbatim copying and distribution of this entire article is permitted in any medium, provided this notice is preserved.

UKUUG RC5 Team Update

(David Hallowell)

I mentioned the UKUUG RC5 team in our last newsletter and since that announcement we have made excellent progress. Our original aim was to become a team in the top 100 of the distributed.net statistics and we are steadily progressing towards this aim. We are currently ranked 240th overall and climbing. However, we are in the top 100 for the daily stats and are usually ranked about 80th for the day.

The progress of the UKUUG RC5 team is amazing and is only possible because of our members who are running the distributed.net RC5 client. Running the distributed.net client makes use of your CPUs idle time, so you should not notice any performance loss by running the client. For more information see http://www.ukuug.org/rc5/ and view our team statistics at http://stats.distributed.net/rc5-64/tmsummary.php3?team=2443. You are welcome to join our RC5 team and we would appreciate your help. We are now aiming for a top 50 place in the daily stats and a place in the top 100 overall.

Table of Contents Next
Tel: 01763 273 475
Fax: 01763 273 255
Web: Webmaster
Queries: Ask Here
Join UKUUG Today!

UKUUG Secretariat