[UKUUG Logo] Copyright © 1995-2004 UKUUG Ltd

UKUUG


news@UK 4.5

The Newsletter of the UK UNIX Users Group


Volume 4 Number 5 (October 1995)

UKUUG News

Editor's Column

(Susan Small)

I've introduced some formatting changes to this edition of the newsletter and hope they make it even easier for you to find your way around. Any feedback would be most welcome, not only on the new layout, but on the content of the newsletter as well.

As requested by one member, we have started a page of Website addresses which may be of interest. My thanks go to Lindsay Marshall for contributing the first of these. Now, let me have your suggestions.

The Council have agreed to the issue of a Christmas CD packed with goodies for you. What software would you like to see issued on the disk? Please send your suggestions to the Secretariat as soon as possible, in order that we can prepare a CD which has what you want on it.

While I am writing about Christmas, the next meeting of the Cambridge LUG will be their Christmas Party. It's going to be held at the end of November or early December, but there are no firm details yet. If you want to be kept informed, contact Jane Shute or Piete Brooks (details in the contacts list at the back).

There are some interesting reviews and articles in this issue and I hope you enjoy reading them as much as I did - thank you to all my contributors.


Report from the Chair

(Mick Farmer) It has been a quiet and restful period since I last wrote in this Newsletter, especially as it included a much-needed holiday in Italy. I won't bore you with stories about the weather. However, I took two books with me to read and what a contrast there was between them! The first book was The UNIX-HATERS Handbook (edited by Simson Garfinkel, Daniel Weise, and Stephen Strassmann) which had such a good review by Iain Fleming in the last issue of the Newsletter. I enjoyed it immensely. Some of the time I half-agreed with their views, at other times I was silently mouthing rebuttles. It's a pity that many of their criticisms are aimed, not at UNIX itself, but at the baggage modern UNIX carries around with it. Although not intellectually stimulating, it was a thoroughly enjoyable read and hard to put down. The second book was The Future Does Not Compute (by Stephen Talbott) which Lindsay Marshall attempts to review in this issue of the Newsletter. Like Lindsay, I found this an infuriating book. It isn't that Stephen Talbott can't write, but that he constantly makes his sentences vague. None of his views are black and white. It is very difficult to get a handle on what he's trying to put across, so it's virtually impossible to agree or disagree. I only got half way through the book, so I'm very glad that Lindsay has taken on the mantle of reviewer for this one!

Read This!

I must re-iterate what I've grumbled about over and over in this column, namely the lack of feedback from UKUUG members. You may be saying to yourself "there he goes, complaining about us again", but it's true. We tried to start a The Guru is In column, but received no substantial queries. We tried to start a Skills Register in the last issue of the Newsletter but, so far, no-one has offered us their details. We are trying to get a Click Here column of interesting FTP sites and WWW pages and, so far, have not received anything from you, our members. Come on. Give us your views. As I said in the last issue, don't deafen us by your silence!

The Matrix Today and the Internet Tomorrow

There are still some places left for the two tutorials given by John Quarterman. These will be given in Edinburgh on 17 October and London on 19 October. Contact your Secretariat to book your places or book them electronically; the URL is http://web.dcs.bbk.ac.uk/ukuug/events/jsq95/jsq.html.

Winter Conference

There is still time to submit an abstract for our Winter Conference in York. The theme is Mobile Computing or, more succinctly, Location-Independent Computing. If you are interested in giving a paper in this subject area, then send your abstract by e-mail to ukuug-conf-95@bnr.co.uk as soon as possible. I expect the rest of you to come to York in December and hear about what's going on in this exciting field of modern computing.


London LUG

(Andrew Findlay)

Linux vs FreeBSD vs the rest - which to choose?

The October meeting will be held on Thursday 26 October 1995 at 19:00hrs at the Senate House, University of London, Malet Street, London, WC1E 7HU.

Proponents of Linux, FreeBSD and maybe some other free or cheap UNIX ports will each give a short description of their favourite system. The floor will then be open for questions and the chairman will attempt to keep order!

Andrew Findlay organises LUUG events, barndances, and ox-roasts. Between these momentous events, he is in charge of the team that deals with the exponential computing requirements of Brunel University.


SU2SG hits a SNAG

(Nigel Mitchem)

At the last meeting of the group, there was a long discussion about the group's aims and interests. Historically, the group rose out of the remains of the original University of London Gould UNIX Users Group (quite a mouthful ;-) and was attended mainly by members of the medical schools within London. After the demise of the Gould machines, the group decided to continue under a new name, after all it was a useful forum for people with similar problems. As the diversity of kit and services grew there was a marked fall off in attendance, leaving a hardcore that turned up for the meetings. Even this small group of people is now depleted.

At a meeting of the SU2SG held on Monday 24 July 1995 it was decided to discuss exactly what the areas of interest were and in order to reflect this change, a new name was agreed. The group is now called the Small Network Administrators Group (SNAG for short). Our aims are to meet to exchange ideas and experiences in the following areas:

This is not an exclusive, or exhaustive list other areas can be added as they come up, or are thought to be relevant. Subjects for discussion will include:

Managing the desktop

Software updates, distribution of files, "look & feel".

Protocols

TCP/IP, IPX/SPX, NETBIOS/NETBEVI, ISDN, FDDI/ATM, PPP.

Services

nntp, http, gopher, FTP, SMTP, telnet, WAIS, BOOTP, dhcp, archie, X500, DNS, WINS, NIS, NFS, amd

Applications

Usenet news, WWW, (h)gopher, FTP, sendmail, smail, mercury, charon, telnet, free-WAIS, BOOTP, dhcp, archie, named, NIS, amd, whitemail.

We welcome anyone at our meetings from institutions up to a size of approximately 500 nodes (a number we just pulled out of the air), who is trying to keep a network of machines up and running and integrating new services. We hope to attract members from academic institutions, as well as commercial organisations.

Please come and join us at our next meeting which will be at the Royal Free Hospital School Of Medicine, Rowland Hill Street, London, NW3 on 16 October 1995. The traditional pre-meeting gathering will be in a pub around the RFHSM and the equally traditional post meeting get together will be in this or another hostelry in the same area. Come and join us! All those interested please contact nigel@cs.city.ac.uk for further details.

Nigel started his working life at the National Physical Laboratories investigating the properties of steels. A working interest in computing grew over the years to system administration and user support. Nigel now runs the technical support team for the School of Informatics of City University.


How Secure is "Secure"

(Piete Brooks) [Ed's Note: On 31 August The Guardian carried an article headed "Cypherpunks lead Netscape's Navigator astray". The excitable headline was referring to the fact that an international team had succeeded in breaking the secure key used on international versions of the WWW browser, Netscape Navigator. The team was led by Dr Piete Brooks of the University of Cambridge Computer Laboratory, one of our LUG contacts, and took 31 hours and 47 minutes, using around 300 machines strung across the Internet.

I asked Piete if he would give us his version of what the team were doing and why. His article follows.]

Due to the desire by the USA's National Security Agency (NSA) to be able to easily snoop on computer communications outside the US, they imposed International Traffic in Arms Regulations (ITAR) restrictions on the number of bits which can be used within exported cryptographic software. This means that secure network traffic is readable by the NSA.

My favourite analogy for explaining this area of cryptography is a bicycle combination lock. There are good designs, and bad designs, corresponding to cryptographically strong and weak protocols. If you give me a badly designed lock, I can find the first digit with a maximum of nine moves of the first ring. I can then get the second, third, etc. These locks are cryptographically weak as I can find a shortcut, and therefore can be broken by cryptanalysis. Four rings take a maximum of thirty-six moves to open. However, a decent lock will not be open to such cryptanalytic attacks. The only way to attack it is to use brute force" and try all possible combinations, meaning that a four ring lock will take a maximum of nine hundred and ninety-nine moves. The ITAR restrictions mean that well designed locks can be exported, but they are only allowed to have a maximum of two rings. This means that there are only a maximum of ninety-nine moves.

In our case, Secure Sockets Layer (SSL), http://www.mcom.com/newsref/std/SSL.html, is currently believed to be cryptanalytically secure, but the restriction to 40 bits means that there are only (!) a million million possible keys. Not long ago, this would have meant that only the NSA could have tried a brute force" exhaustive search of all keys, but computers have increased in power so much that a research student can decode a message in eight days on his own. By providing some software to share out the keys to people across the Internet, this time was reduced to 32 hours. With a few tweaks of the code the next attempt should take somewhat less than a day.

So what does it mean?

Security is not a boolean. You have to consider how secure it is, and how much you care about your data. You should consider the ways in which your data may be snooped:

But surely not simply monitoring your IP traffic that's why you use "secure" connections. Think again!

Send your Credit Card information over a "secure" link, and within a day it could be published. Send some commercially sensitive information, and within a day, your competitors could have it too.

So what can you do?

Don't depend on something labelled "secure" until you have found out just how secure it actually is.

If you have some spare CPU cycles, download the packages from http://www.brute.cl.cam.ac.uk/brute/ and run it on the test data, so that when the next attempt is made, your CPU cycles can be included.

So what has it achieved?

The objective was to raise awareness that not all "secure" protocols actually are.

Recently Netscape have announced that they will be making a 128 bit version of their browser, Netscape Navigator, available.

Since the first draft of this article was written, a cryptanalytic attack has managed to decode Netscape SSL transactions in under a minute. In this case, it is not the protocol itself which is weak, but the initial data (seed) of the Pseudo Random Number Generator (PRNG). David Wagner <daw@cs.berkeley.edu> and Ian Goldberg <iang@cs.berkeley.edu>, two first year students, dis-assembled the Netscape PRNG and found that it was seeded with information such as the current time and the process ID. Thus by trying a (relatively) small number of seeds and cranking the PRNG, the key can normally be found.

This holds for 128 bit keys as well as 40 bit - even apparently "secure" keys may be found in under a minute. Netscape plan to get a new version out "within the week". Had the code been made available in source form, this problem would most likely have been fixed some time ago.

This is known as "security through obscurity" - it just doesn't work! For the latest on cracking Netscape, see http://www.c2.org/hacknetscape.

Piete works in the University of Cambridge Computer Laboratory, mostly on "communications" things, the most relevant of which is that he is currently working for UKERNA on the Secure E-mail Project (accessible via http://tech.ukerna.ac.uk/pgp/).


News from Owles Hall

(Jane Morrison) Bookings are currently going well for the John Quarterman tutorials - "The Matrix Today and the Internet Tomorrow". There are still places available at both the Edinburgh venue on 17 October and the London venue on 19 October - please note the deadline for bookings is 11 October.

Again, abstracts are coming in now for the York Conference "Location Independent Computing" being held from 19-20 December 1995. We hope to have the final programme and booking details out to you all by the end of October.

Future events for 1996 which are currently being planned will include Tutorials by Richard Stevens and Eric Allman.

As announced in the last newsletter, we are repeating Rik Farrow's successful seminar on Internet Security. The dates have now been confirmed as Wednesday 10 - Friday 12 January 1996. The earlier seminar in February of this year was held at the Kenilworth Hotel in London and was fully booked four weeks before the event. The event in January '96 will be held in the Marlborough Hotel, sister hotel to the Kenilworth and just across the road. There will be an option to book just the Seminar or a package which includes accommodation. Booking details should be available by the end of October and will be sent to members automatically. Book early to be sure of a place.

We are currently chasing by letter the outstanding subscription invoices for this year. There appear to be quite a few company members who still haven't paid their subscription. Please note that this will be the last chase and all outstanding memberships will be cancelled on 16 October 1995 if payment has not been received. No further copies of the newsletter or event details will be sent!


DEC supports Linux - official!

(Martin Houston)

The following is an extract from the report of the DECUS Free UNIX Seminar which took place on Monday 18 September at Digital's Birmingham Offices. The full report will be published in the next edition of Linux@UK.

"The most exciting part of the day was the presentation by Dave Rusling of Digital Equipment about the work being done to port Linux onto the super fast 64 bit Alpha processor. An operating system with full source code, coupled with a clean architecture and serious number crunching ability, should prove very attractive to many academics. A free operating system will also let Alpha based PCs compete in the Intel Pentium and P6 marketplace for people who want up to a billion instructions per second on their desk tops. Alpha Linux is aiming to be binary compatible with DEC's own UNIX based operating system. So Alpha customers have a clear and attractive choice between open, self- supported Linux and fully-supported and controlled DEC UNIX for different tasks.

DEC is co-operating with Lasermoon to produce easy to use distributions of Linux compiled for Alpha. An Alpha PC running Linux with X Windows was demonstrated, but it will be a few months before speed demons will be able to order Alpha with Linux as an off the shelf solution."


Reviews

TCP/IP Illustrated Volume 2

Gary R. Wright & W. Richard Stevens

(Reviewed by Jim Reid)

By any measure, this is a very impressive book. It is so big - just under 1200 pages! and heavy that it would make an impression on just about anything that it happened to get dropped on. An idea of the scope and scale of the book can be gauged from the fact that the index stretches to over 40 pages! One word aptly describes this book: awesome.

In the second volume of this landmark series, Stevens and Wright explain the TCP/IP implementation, the sockets subsystem and related code found in 4.4 BSD, approximately 25,000 lines of C source code. This difficult some might say impossible task has been accomplished with great style.

As with Volume 1, the operative word is "illustrated". The book is packed with diagrams, tables and fragments of code. It is impossible to find two consecutive pages in the book which did not have a diagram or a section of code or a table. In fact, several pages contain all three!

The extensive use of illustrations is not the only method that has been used to explain such a complex subject. The text is broken down into 32 chapters, each covering a functional unit of the BSD networking subsystem: network buffer management, ARP, ICMP, IP option processing, UDP, protocol control blocks and so on. Other areas such as multicasting, routing, TCP and protocol/driver/hardware interfacing each have a few chapters dedicated to themselves. Within each chapter, the code is presented in manageable units, perhaps a single routine or a chunk of code which performs one operation in a larger C function. Each chapter concludes with a summary followed by exercises and questions which probe the reader's understanding of the material. Some of these are answered in an appendix.

The size of the book reflects the thorough and comprehensive job that has been done by the authors. Rather than focus on the implementation of the key protocols, the authors cover the entire networking subsystem. Four hundred pages or so a mere third of the book is assigned to explaining the implementation of IP, ICMP, TCP and UDP. The rest of the text covers the difficult subjects that go largely undocumented: protocol/device driver interaction, protocol/protocol interfaces, routing, the sockets infrastructure and miscellany such as the Berkeley packet filter and raw IP processing. One particularly useful appendix details how the implementation conforms to and deviates from the criteria in the "Host Requirements" RFCs.

The way the material is presented is methodical and orderly. This greatly helps the reader's understanding. There is very little forwards and backwards referencing, quite surprising considering the subject matter, and an exhaustive index is on hand whenever this is necessary.

For anyone wanting to know how production-quality networking code really works, this book is essential. It provides insight into the various speed/space tradeoffs that have to be made and the tricks which are needed to make TCP work well over network cables as diverse as a long fat pipe and a serial line dialup link. Stevens and Wright provide an object lesson in how to clearly explain in detail a large and complex piece of software. They are to be congratulated for presenting a comprehensive and detailed treatment of a difficult subject which is remarkably straightforward to read and understand.

Quite simply, this book is a towering achievement which deserves the highest praise. The first volume of TCP/IP Illustrated was a staggering success. Volume 2 more than maintains that very high standard. This reviewer can't wait for the next in the series.


The Future Does Not Compute - Transcending the Machine in Our Midst

Stephen L. Talbott
O'Reilly & Associates Ltd. 479pp
ISBN 1-56592-085-6

(Reviewed by Lindsay F Marshall)

Straight away let me confess that Sue is chasing me and I am writing this without actually having finished reading the book yet! For the sake of argument let us call this Part One. To be concluded next issue. Now, for those of you who don't know me, I am definitely of the "book-a-day" reader persuasion, and I recently went on a speed reading course, but to no avail this book is tough going! OK, so you want to know what it's about. Well, let's just say that it is one of the "net backlash" books that are currently appearing and you will have a pretty good idea. Add to this some decidedly obscure ideas and you are getting a better picture. Express it in long words and throw in lots of footnotes. Now you know.

However, the real, real problem I have with this book, is not that it is incredibly hard to read - lots of worthwhile books are hard to read - but that I just can't get into sympathy with the author and his point of view. In fact, I agree strongly with most of the points he makes; the net is hugely overhyped and people write endless nonsense about its virtues. I just find it hard to agree with someone who campaigned for Goldwater in the 60s, has never voted in an election in his life and who thinks that moving his family to a rural community and sending his kids to a Steiner school is some kind of solution to the problems of the world. Basically he annoys the hell out of my bourgeois, anarcho-socialist soul. And he does it in words of six or more syllables (though he never ever splits infinitives!). What it most reminds me of is articles in the now-defunct Modern Review fundamentally irritating, but somehow important.

Talbott bases a lot of his thought on the work of someone called Owen Barfield who I shall admit straightaway that I have never heard of. Judging from the excerpts from his work quoted in an Appendix, his work is even harder to read! I expect that I will have to track some of his work down and find out more, just as I shall have to go off and read many of the references that are made in the text the author seems to have read a completely different set of books to the ones I am familiar with in this area. There are lots of interesting ideas in this book which I want to think over carefully, particularly when I have managed to get the whole picture.

This is not a holiday book I know, I took it on holiday with me! However, if you are interested in all the things being said about the usefulness or otherwise of networks then you have to bite the bullet and read it. I am just going to have bite down harder and report back to you from the trenches next issue when the battle is won. There are no "blighty ones" for book reviewers....

Lindsay Marshall is a lecturer in the Department of Computing Science at the University of Newcastle upon Tyne. He has some UNIX DECtapes and a paper tape machine in his office.


Installing and Using the Auspex FileServer; or Darth Vadar's Wardrobe: Two Years of Boredom

(Ian G Batten)

Some years ago, I was on the periphery of doing the systems admin on a fledgling network of Suns in a Computer Science department. Although I handled the mail and news, I intermittently got involved in the rest of the work. I remember just how much harder things got when we had more than one fileserver, with all the problems of cross-mounting and routing. We rapidly discovered that in order to do anything useful, both the servers had to be up.

When I came to what was then BT Fulcrum I moved away from Suns, although not from mail and news I spent many a happy hour building custom M6000s to handle it. Suns crept back in, though: we bought a 3/50 with a small disk on it for NFS testing. We moved a project from an IBM RS6000 onto a Sun 4/470. And before I knew where I was I was managing a forty workstation network, with multiple fileservers. I even had the mail and news back on Suns!

When the time came to move to about one hundred workstations, we cast around for a better solution. When we bought our largest fileserver, a 4/690MP, we had looked briefly at a company called Auspex. I had seen one of their employees, a former SunOS internals man, talking about them on the net. We were in the market for a large fileserver, and what they had was certainly large. But in the end, pricing and the fact that there wasn't one installed in the UK at the time deterred my management.

Second time around, however, there were installations in the UK. I had visited their US offices and been impressed. And most significantly, we were unhappy about the upgrade floated by Sun, as it would have involved much box swapping between 4/690s and SparcCenter 2000s: we were doing this work during the launch of the latter product.

We eventually ordered a 4 network, 14 gigabyte Auspex NS6000 in May 1993. It was delivered whilst I was on holiday in late June, and was installed and humming in the machine room when I returned. It's the first NS6000 in Europe, serial number 14.

An Auspex like ours (the so-called Mack Truck" chassis) is an intimidating beast. Over six feet tall, painted matt black, with a sculpted front panel relieved only by a small green lighted logo, it cuts a mean pose in the machine room. The top half of the cabinet contains space for twenty disks (on our older machine; today it's forty two smaller disks), the bottom half is a fourteen-slot VME crate that will be familiar to those who have used VME Suns.

The disk array is hot-pluggable. You can add space, or remove quiescent disks, with the system running and in service.

If you are using shadowing, you can replace failed disks live.

Auspex broke out the functionality that provides NFS service onto dedicated cards. In the original model there were five types of board, all aside from the later HPs based around various 68K processors.

An incoming NFS operation is decoded by the EP, which then asks the FP to find the data. If it's not in cache, the SP is asked to perform disk IO. Because the cache is shared between all the boards, there is no copying of data between buffers. Because the cards run a real-time kernel, they do not have much in the way of interrupt latency. And because the disks are on a large number of controllers, high throughput is possible.

Our machine was a 2EP, 1FP, 1SP model. All machines have an HP and an APM.

Auspex have two main claims to your money. Firstly, they are claiming excellent performance. Secondly, they place great emphasis on their support and customer care.

We found the performance astounding. We could saturate all the networks on demand, and drive the disk array ludicrously hard. And it just didn't break. Although we had planned to phase it into service, we eventually moved all the data on to it overnight and had it in production a few days after completing configuring. Our early experience, now borne out in the longer term, of their support people aided our confidence in this rash move.

We have moved more and more of our business onto the Auspex, to an extent now where we have over fifty gigabytes of disk space and six networks. We are currently planning a move to over one hundred gigabytes and twelve networks to incorporate our CAD department. Although we have added a write accelerator, more APM memory (taking us to 48M) and more HP memory (to 64M to support better dumping) our main upgrade was early this year.

January was a big event. As the load on the Auspex rose, downtime became harder and harder to get. In mid-January we moved all of the Software Engineering group to the company's new offices, and decided to do all the work we had saved up in one weekend. We had taken the latest release of the Operating System over Christmas, but as we moved we replaced our EPs and FP with a Network Processor (NP) which provides 6 ethernets as well as the functionality of the FP and some APM. We also reinstalled all our workstations to move them on to the new collection of nets, took some machines from SunOS to Solaris, commissioned a UPS and put some more disks on the Auspex.

Since then it's just sat there, grinding out data.

So what's it like to manage? It's a Sun. Anyone who has run a SunOS fileserver, especially if it's got Online:DiskSuite, will have no trouble at all.

How reliable is it? Auspex's argument is that if you have N servers, you probably need all N of them up. If you can get a single server whose individual reliablity is no worse than any one of your cluster, you are clearly much better off. We'd agree: our downtime caused by failure software and hardware, and we have no disk shadowing is less than two hours per year. Even including operating system upgrades, hardware upgrades and other such fun it's less than six hours a year. Auspex have new products that provide the ability to reboot the HP whilst the NFS service remains ( DataGuard") and now the ability to shadow filesystems over LAN or WAN with failover between servers ( ServerGuard"). They claim six minutes per year of downtime for the latter configuration.

How fast is it? They can saturate everything you attach to it. What more do you want? Newer machines support FDDI, and other fast protocols are due by the end of the year.

Would I buy one again? Yes. No question.

Ian G Batten is the Principal Software Engineer, Fujitsu Telecommunications Europe Limited.


SNMP Version 1 & 2

Mathias Hein and David Griffiths

(Reviewed by Virantha Mendis)

If you take a closer look at what today's computer networks are made up of, then you will be in for a big surprise. The days of "computers" making up the network have languished and a diverse collection of hardware is attached to the network. This includes routers, bridges, network printers, x-terminals, networked fax machines and un-interruptible power supplies. As you can see, the list is not big, but it is continuing to grow, so there will be more devices that can be attached to the network. As the network grows it is most important to manage it properly so as to provide the users with the service they require. It is at this point that the Simple Network Management Protocol (SNMP) is going to play a vital role in assisting the network administrators.

Today almost everything which can be networked supports SNMP and this should become a must when you go shopping for network products. The idea behind SNMP is that you manage the network from a "Management Station" by exchanging messages with the networked peripheral. For example, the management station can request a router to send back the information about the current routing table used by it, or even send a message asking it to reset itself.

This book on SNMP tries to give the reader a background to network management and to the tools available within SNMP. The first chapter starts with concepts of network management and emphasises the importance of a properly managed network. The next chapter deals with the OSI framework model for managing networks. Unlike the TCP/IP protocol stack within the OSI model, the network management is defined.

Chapters three and four are used to introduce the SNMP protocol in detail and version 1 of the SNMP is discussed at length. Areas covered include various SNMP object types, SNMP commands (there are only five commands available) and the format of various SNMP Management Information Bases (MIBs).

The idea behind the SNMP - being simple - made it highly successful in the data communications field for network management purposes. However, the same concept also introduced some weaknesses into the protocol. These include heavy network loading by certain SNMP functions, lack of security and difficulty integrating to other protocol stacks other than TCP/IP. These have led to the introduction of the Simple Network Protocol Version 2 (SNMPv2). Chapter five of the book is used to take a closer look at the new functionality available in this version of SNMP. This includes features such as improved security, better use of the network bandwidth and extended error signalling. This chapter is followed by an examination of the future of SNMP and network management which concludes the book.

There are ten appendices to the book which constitute a massive 100 pages. The information provided in these appendices includes Network Layers, Protocols, various RFC's on network management, SNMP objects and SNMP header formats.

For me the book tends to be weighted towards the theoretical part of SNMP and gives little attention to practical examples. When I received the book for review, I was expecting it to show me how to set up a network management model for a medium size network with various types of devices. This could have been easily achieved by showing examples from Sun's SunNet Manager, HP OpenView, or using public domain software such as tkinetd. If the authors had spent some time developing such a model to include in the book, then this would have been an invaluable book for the Network Administrator.


Website Directory

http://riceinfo.rice.edu:80/~indigo/gsotd/
Let's face it the Cool Site of the Day is often pretty dull. Especially after you've waited 20 minutes for all those gifs to downline. Check out the Geek Site of the Day for a much more interesting set of sites.
http://www.cse.ogi.edu/~iverson/mambo_karaoke/entrance.html
Mr. Nefff's Mambo Karaoke Steakhouse. I have no idea what this is about but it's a lot of fun.
http://www.xs4all.nl/~riksmits/
Find out what OJ and Slick Willy have in common! This site is still growing but for lefties everywhere this is a must.
http://huizen.dds.nl/~schippie/
Take a gentle walk round Marion's garden. You can even pick the season you want it to be.
http://www.ping.be/escrime/
Interested in fencing? I mean the kind with swords not what you put round fields! A niche site if there was one.
http://lumber.com/
Interested in fencing? This time it is the kind you put round fields, not the kind you use swords for! This is the place for you. Nice background too.
http://indy1.cs.uiuc.edu:8080/vosaic_home/index.html
Fire up your SGI Indy or your Sparc-20 for Vosaic! The next step in contiuous media browsing! You haven't got an Indy? Tough luck.

Around Europe

European Commission sets up ISPO

The Information Society Project Office (ISPO) has been set up to handle "Information Superhighway" issues, especially problems of security when organisations join the Internet. The EC is gradually waking up to the Internet and this project is currently evaluating firewall software (déja vu to our members). From this initial evaluation the EC expects that a larger implementation of firewall software will be made in two or three key directorates. A call for tenders will be going out this October.


EurOpen Executive Meeting

The Executive met in Rekjavik, Iceland on 15 July. They also had a meeting with the Icelandic group, who agreed to pay their subscription to EurOpen. Only Luxembourg, Portugal, and Slovenia have not yet paid.

Simon Kenyon reported that EurOpen's SOCIA proposal had been submitted to the European Commission and demonstrated at a meeting in Brussels on 6 July, but that the proposal had been turned down. However, an alternative proposal was being formulated with the help of Jean-Michel Cornu, Chair of ICT Round Table #8.

Their next meeting will take place in Brussels on 30 September/1 October when they hope to meet with representatives of the Belgium group, which hasn't sent anyone to a Governing Board meeting for some time.


Publishing on the World Wide Web

This one-day conference, organised by the NLUUG, takes place on 23 October at "De Reehorst" in Ede, The Netherlands. The keynote speaker is Peter Salus with "Before the Internet, there was the ARPANET".

The Technical track includes presentations from Mick Farmer (troff2html -ms), Evi Nemeth (WWW Publishing), and Martien van Steenbergen (HotJava). The Commercial/Management track covers legal issues, business benefits, payment issues, and publishing. The Graphical Design track includes presentations from Steve Pemberton (Readable Electronic Journals), Simon Kenyon (KoalaIO), and Dan Farmer (Satan).

All but three of the talks are in English. This is going to be a popular event, so contact the NLUUG Secretariat to book your place before it's too late!


EurOpen Governing Board Meeting

The next meeting will take place in The Netherlands, probably on 25/26 October, the weekend after the NLUUG conference (see above). Mick and Ivan will represent the UKUUG at this meeting so, if you want to put forward a proposal, please let your Secretariat know as soon as possible.


Publishing on the Internet

EurOpen has organised this event for national groups. It was originally due to "premier" this September, but this has now been re-scheduled for 29/30 January in Switzerland. It will be repeated on 31 January/1 February in Stockholm. We will bring this event to the UK next year.


New Products

UNIXhelp for Users

Release 1.2 of the popular resource "UNIXhelp for Users" is now available.

This continues to offer a large collection of helpful information for users of the UNIX operating system, extensively hyperlinked. Release 1.2 features updated text, improved formatting, a new search interface and comprehensive advice on setting up a local copy.

You can view Edinburgh's local installation through WWW at the URL:

http://unixhelp.ed.ac.uk/TOP.html

There is also a UNIXhelp home page with some background information on the product. Its URL is:

http://www.ucs.ed.ac.uk/~unixhelp/

Full instructions on downloading the source files are included at both locations.


Across the Pond

2nd Conference On Object-oriented Technologies And Systems (COOTS)

17-21 June 1996
Toronto, Canada

Announcement and Call for Papers

The COOTS conference is intended to showcase advanced R&D work in object-oriented technologies and software systems. The conference emphasizes experimental research and experience gained in using object-oriented techniques and languages to build complex software systems that meet real world needs.

The two-day tutorial program will offer a selection of tutorials. We expect tutorials to include:

Distributed object systems (CORBA, Network OLE, DSOM, etc.)

C++ Standard Template Library

Object-oriented network programming

Design patterns for object-oriented systems

Evolution of ANSI/ISO C++ standardization

Concurrent object-oriented programming

Efficient and effective framework design Alternative object-oriented languages

Tutorial proposal submissions must be received by 7 February 1996. The preferred form of submission is via e-mail to the Tutorial chair Doug Lea at dl@g.oswego.edu. Tutorials selected for presentation at the conference will be confirmed by 20 February 1996.

Two days of technical sessions will follow the tutorials. We seek papers describing original work concerning the design, implementation, experimentation, and use of object-oriented technologies. Like the USENIX C++ conferences from which it is derived, COOTS emphasizes advanced engineering aspects of object technology, focusing on experimental systems research and development on distributed objects, multimedia, operating systems, compiler technology, and C++. While papers covering work in C++ are strongly encouraged, we invite submissions describing results and work in other object-oriented or object-based languages.

Questions regarding a topic's relevance to the conference may be addressed to the program chair via e-mail to schmidt@cs.wustl.edu. Proceedings of the conference will be published by USENIX and will be provided free to technical sessions attendees; additional copies will be available for purchase from USENIX.

In addition, based upon feedback solicited at the conference from attendees, the program committee will select five papers to be published in revised and expanded form in a special issue of a suitable journal. To help authors prepare these papers for publication, we will have one or more "writers workshops."

The USENIX COOTS conference will conclude with an Advanced Topics Workshop. The goal of this workshop is to provide an informal setting in which to exchange in-depth technical information among peers. The workshop will be open to authors of papers presented at the conference, as well as participants who submit position papers related to the workshop's topic. This topic will be determined several months prior to the conference and a Call for Position papers will be distributed.

Important Dates in 1996

Tutorial submissions due: 7 February

Paper submissions due: 13 February

Notification to authors: 5 March

Camera-ready papers due: 17 May

The full text of this Call for Papers is available on the World Wide Web. The URL is http://www.usenix.org.


6th USENIX UNIX Security Symposium

22-25, July 1996
San Jose, California

Focusing on Applications of Cryptography

The goal of this symposium is to bring together security and cryptography practitioners, researchers, system administrators, systems programmers, and others with an interest in applying cryptography, network and computer security, and especially the area where these overlap. The focus on applications of cryptography is intended to attract papers in the fields of electronic commerce and information processing, as well as security. This will be a four-day, single-track symposium with tutorials, refereed and technical presentations, and panel discussions.

The Tutorial Programme, for both technical staff and managers, will provide immediately useful, practical information on topics such as local and network security precautions, what cryptography can and cannot do, security mechanisms and policies, firewalls and monitoring systems.

In addition to the keynote presentation, the technical program includes refereed papers and invited talks. There may be panel sessions. There will be Birds-of-a-Feather sessions and Works-in Progress Reports on two evenings. You are invited to make suggestions to the program committee via email to security@usenix.org.

Symposium Topics

[Please note: papers about new cryptographic algorithms are not solicited; however, those about new applications are. This symposium is not about new codes or ciphers, or cryptanalysis for its own sake.] Presentations are being solicited especially but not exclusively in the following areas:

Anonymous transactions

Applications of cryptographic techniques

Attacks against secure networks/machines

Cryptanalysis and codebreaking as attacks

Cryptographic tools

Electronic commerce security

Firewalls and firewall toolkits

Legislative and legal issues

Case studies

Computer misuse and anomaly detection

File and File system security

Network security

Security and system management

Security in heterogeneous environments

Security incident investigation and response

Security tools

User/system authentication

Penetration testing

Malicious code analysis

Important Dates in 1996

Extended abstracts due: 19 March

Notification to authors: 15 April

Camera-ready papers due: 10 June

If you would like to receive detailed guidelines for submission and examples of an extended abstract, you may send email to securityauthors@usenix.org or telephone the USENIX Association office at +1 510 528 8649.

Please send one copy of an extended abstract or a full paper to the program committee via two of the following methods. All submissions will be acknowledged.

Preferred Method:

Email (Postscript or ASCII) to:securitypapers@usenix.org

Additional Methods:

Postal delivery to:

Security Symposium
USENIX Association
2560 Ninth St.

Berkeley CA 94710 U.S.A.

Fax to:

USENIX Association
+1 510 548 5738


4th Annual Tcl/tk Workshop

10-13 July 1996
Monterey, California

The fourth annual Tcl/Tk workshop is a forum to: bring together Tcl/Tk researchers and practitioners; publish and present current work; plan for future Tcl/Tk related developments.

Papers and demonstrations should report on original Tcl/Tk research. Example topics include system extensions, novel Tcl/Tk based applications, reports on experiences building particular applications, use of different programming paradigms within Tcl, and proposals for new directions. The audience for the workshop is researchers and practitioners who are expert users of Tcl/Tk.

There are three types of submissions: applications papers, general papers, and demonstrations. Paper authors will be given a twenty-minute time slot at the workshop. Demonstrations are intended as a forum to highlight and describe innovative techniques having a highly visual or interactive component; they are not intended as a forum for marketing-oriented presentations. Live, non-commercial demonstrations of software will be given a thirty-minute time slot. A paper of up to four pages must accompany the demonstration.

Important Dates in 1996

Papers due 5 March

Notification to authors 16 April

Camera-ready copy due 28 May

We are accepting workshop submissions via email. If accepted, both electronic and camera-ready hard copy of the final version will be required.

Submissions should consist of a uuencoded, compressed tar file, containing both a plain text and Postscript version (filenames should be based on your last name, e.g. smith.txt and smith.ps). The tar file should be emailed, along with the cover letter to tcl96@sco.com. Receipt of submissions will be acknowledged by return email within the week. If an acknowledgement is not received, please contact the co-chairs.


From the Net

John Brunner (from Alec Muffett)

I was idly flicking through ITV Teletext at 4am in the morning, and came across an article which read (to paraphrase):

John Brunner, the British science fiction author noted for his experimentation with style and for his writings about social issues, has died, aged 60, of a heart attack, whilst attending a science-fiction convention in Glasgow."

The convention presumably was WorldCon which I couldn't spare the time to attend, sadly.

For those who don't see the security tie in, Brunner wrote The Shockwave Rider" - the book generally credited with coining the term worm" in respect of computer-based self-replicating programs.


Antarctica on the net (from Bill Marcum)

Check out the New South Polar Times:

http://www.deakin.edu.au/edu/MSEE/GENII/NSPT/NSPThomePage.html


The world's smallest computer: 4 grams! (from Marsha Woodbury)

On 12 September the world's smallest computer was introduced in the form of a hearing instrument, which will dramatically improve the quality of life for hard-of-hearing people throughout the world.

An international team of scientists at Oticon, one of the world's three largest hearing instrument manufacturers based in Denmark, has developed the world's first fully digitized hearing instrument, based on a revolutionary new computer chip with processing power equalling a normal 486 desk top computer. The new concept enhances the tailoring of hearing instrument performance to the exact personal needs of individual users. To the hard-of-hearing, the effect of the added computer power can be compared to the transition from a radio with only bass and treble controls to a fully digitized recording studio.

The Digital Audio Processor is smaller than the top joint of the little finger. The real break-through is a radical reduction of the voltage required to run the microchip. It needs only 0.9 volt compared to the 3.3 volts required by a standard lap top computer. The newly developed micro-processor will be included in DigiFocus, a 4-gram hearing instrument from Oticon. Depending on local approval procedures DigiFocus is expected to be ready for worldwide sale in the first half of 1996. Further information: www.oticon.dk


"The Net" As A Trademark? (from info@intervid.co.uk)

Bell Canada subsidiary WorldLinx announced it is withdrawing its application for a trademark on "The Net." The company said public response to its application indicates it is impractical to attempt to trademark a term in such common usage. Looks like they got some negative feedback.


Magic As The Only Explanation (from Philip Gagner)

In response to Fredrick Backman's request for some good (and true) computer-related stories where hardware or software has behaved in such a manner that there is no explanation but pure magic", and, in the realm of mistaking sufficiently advanced technology for magic, I offer the following:

Many years ago when the Post Times newspaper in West Palm beach had a little DECNET-10 network (DEC-10 connected to DN8x terminal servers and various drivers for the high speed printers and such), there were persistent problems with the network software, and loud customer complaints.

The local DEC salesperson talked up the expert, Kalman Reti, as one who could solve a network problem just by looking at the machine, and who would be in the next day to do so.

Unknown to the salesperson and the customer, Kalman arrived at night, heard about the salesperson's puffery and went to the customer site where he diagnosed the problem, changed the code, and left for his hotel. The next morning he walked in, with suitcase, and was introduced to everyone. He walked into the machine room, put his hand on the computer and shut his eyes for a minute, then mumbled an incantation with arcane gestures and the like, then told them the machine had been exorcised and started to leave.

The salesman started to freak and the customer insisted he stay until they at least showed him what the problem was, and ran the sequence that always caused the network to hang. Kalman smiled knowingly and said that it really was okay now, that it was exorcised.

I don't think anyone ever did tell them that he'd been there the previous night, but the problem stayed fixed.


Software With Attitude: Win 95 Plays Hard Ball (from Nick Rosen)

Microsoft's new Windows 95 operating system is playing havoc with the computer networks at a few American universities, prompting at least one university to issue a policy restricting students and faculty from running Windows 95 on its computer network.

Windows 95 has a new network feature that allows computer users to share information stored on each other's computers. The problem, according to people who have worked with the software, is that a computer running Windows 95 can be configured to masquerade as an organization's Novell Netware server, or centralized "control" computer. When that occurs, the computers trying to talk with the server shut down, or "crash," university officials say.

Microsoft, meanwhile, denies that the problem exists. "We have done extensive testing with Novell's products," said Mike Conte, a group manager with Microsoft's Personal Systems Division. "There was an issue . . . during the beta [test period], but actually the problem has been fixed for months".

But computer system administrators and Novell itself disagree. Novell and Microsoft are competitors in the lucrative networking software market. It has been said there is a way for system administrators to prevent system crashes, but representatives from the universities say they have been unable to resolve the problem.

This follows hot on the heels of the Word prank macro the turning to mush of the Thesaurus in Word6; Netscape's poor performance on Win 95; and the debate about the bundling of Win 95 and MSN (The Microsoft network). It would appear that Microsoft's aggressive attitude has translated into its code. An OS that is compatible with everything as long as it's another Microsoft product.


The Origins Of Modern Computing: Enigma And Boolean Logic (from Nick Rosen)

Richard Harris, Author of "Selling Hitler" has a new novel just out, "Enigma" looks set to equal the success of "Fatherland", earning rave reviews and huge media coverage on its release. One reviewer called this gripping tale of mathematics, romance and betrayal the "thriller of the year, if not of several years."

Just as German work on jet-propelled rockets was the foundation of the US post-war space program, Bletchley Park's success provided the forerunner for modern day computers. "It's how Bill Gates, the Internet and all that started. Trace it back and you end up at Bletchley Park." The Ultra project, as Bletchley Park's work was known, was kept a state secret until 1974 when a former cryptographer published "The Ultra Secret," causing a sensation.

If you are interested in the origins of modern computing the Alma mater of George Boole, who gave us Boolean Logic, is University College Cork. Their Web site has information on this and other aspects of its 150th anniversary celebrations on www.ucc.ie


Internet : A New Weapon for Women (Net News)

With Canada's financial help, feminists at the UN's Fourth World Conference on Women in Beijing are setting up networks linking them together to track government action on women's rights and mobilize protests against any backsliding politicians trying to squirm out of the UN's plan to improve women's lives.

A survey of Internet users for the period 1994-1995, conducted by The Online Research Group, a subsidiary of O'Reilly & Associates, revealed that women comprise 34% of Internet users a significantly higher percentage than previous estimates had projected. See URL http://www.ora.com/survey/


Internet Raises Serious Trans-Border Issues For Australia

The Internet has taken the freedom of the airwaves and channelled it into a globe-spanning network, where messages can enter and leave countries without effective means of regulation. Several serious trans-border issues arise. For instance, what effect will US laws have on the operation of online casinos in the Caribbean? How will people sue across borders for comments made to Internet mailing lists? Will "cyberextradition treaties" have to be negotiated to deal with illegal transborder activities on the Internet? For Australia, probably the most significant local transborder issue will be the storage of data from Australian sources on servers located in the US. Eventually, it may so happen that the Internet could be subject to special international law by the United Nations.

(Internet Australasia; September 1995)


Calendar of Events

1995

17 Oct, The Matrix Today and the Internet Tomorrow, Edinburgh, UK

19 Oct, The Matrix Today and the Internet Tomorrow, London, UK

19-20 Dec, UKUUG Winter Conference, York, UK

1996

10-12 Jan, EurOpen Security Workshop, London, UK (UKUUG)

15-17 Jan, EurOpen Security Workshop, Copenhagen, Denmark (DKUUG)

22-26 Jan, USENIX Winter Conference, San Diego, USA

13-17 May 5th UNIX System Administration, Networking, And Security Symposium (SANS V), Washington, DC, USA

17-21 Jun, 2ND Conference On Object-oriented Technologies And Systems (COOTS), Toronto, Canada

10-13 Jul, 4th TCL/TK Workshop (TCL/TK 96), Monterey, California, USA

22-25 Jul, 6th USENIX Security Symposium, San Jose, California, USA

13-17 Sep, 10th USENIX Systems Administration Conference (LISA '96) Chicago, Illinois, USA

29 Oct-1 Nov, 2nd USENIX Symposium On Operating Systems Design And Implementation (OSDI II), Seattle, Washington, USA


Acronyms for 1995

AFUU
French UNIX User Group
ARPA
Advanced Research Projects Agency
ASCII
American Standard Code for Information Interchange
BBS
Bulletin Board Service
BITNET
Because It's Time NETwork
CD-ROM
Compact Disk-Read Only Memory
CDE
Common Desktop Environment
COPS
Security Checker System from Purdue University
CPU
Central Processing Unit
DEC
Digital Equipment Corporation
DKUUG
Danish UNIX User Group
EARN
European Academic and Research Network
EBONE
European Networking Backbone
ECU
European Currency Unit
EU
European Union
EurOpen.SE
Swedish UNIX User Group
FTP
File Transfer Protocol
GUI
Graphical User Interface
IBM
International Business Machines
ICT
Information and Communication Technology
IP
Internet Protocol
ISO
International Standards Organisation
ISS
Internet Security Scanner
LAN
Local Area Network
LISA
Large Installation System Administration
LSI-11
16-bit microcomputer manufactured by DEC
LUG
Local (UNIX) User Group
MIT
Massachusetts Institute of Technology
NFS
Network File System
NIS
Network Information System
PC
Personal Computer
SAGE
System Administrators' Guild
SEAL
DEC's Firewall Consultancy Service
SIG
Special Interest Group
SOCKS
SOCK-et-S (Firewall Proxy Host)
SU2SG
Small UNIX Users Systems Group
Tcl
Tool Control Language
Tcl/Tk
See Tcl and Tk
TCP/IP
See TCP and IP
TCP
Transmission Control Protocol
TED
TriTeal Enterprise Desktop
TELNET
Internet Remote Login
TIS
Trusted Information Systems (Firewall toolkit)
Tk
Toolkit for the X Window System
Tripwire
Change Control Software from Purdue University
WAIS
Wide Area Information Server
WAN
Wide Area Network
WWW
World Wide Web
XINU
XINU Is Not UNIX, an operating system for LSI-11s
Tel: 01763 273 475
Fax: 01763 273 255
Web: Webmaster
Queries: Ask Here
Join UKUUG Today!

UKUUG Secretariat
PO BOX 37
Buntingford
Herts
SG9 9UQ