Overview Conference

Hugely successful internet startup eBay runs a 24x7 auction and retail site with over a billion items for sale annually. Its 75 million registered users keep the servers and networks jumping.
Join eBay's director of availability and performance engineering as he reveals some of the behind-the-scenes action that enables eBay to stay at the top of its game.

Samba (http://www.samba.org/) is the CIFS file and print server of choice for many network administrators. It is common to find Samba running on multiple servers within a network. However, the majority of the publicly released tools for managing Samba servers still focus on an configuring an individual host.

This talk will explore two proposed features planned for Samba 3.2 that are aimed at addressing this deficiency. The first is a newly developed protocol for monitoring and administering Samba servers over RPC and the second is to capability to utilize LDAP directories as a data store for sharing configuration parameters among Samba installations.

Wireless for a new world

Wireless communication technologies are HOT. More than half of the portable computers are sold with some sort of wireless network built in. On nearly every corner of the street there is a hotspot, and wireless community activity is thriving. Why is wireless so popular, and how can it cope with the growth of the number of users ? How do the new technologies fit in here, and can they bring relief to the problems we encounter deploying and maintaining a wireless network.
This presentation will focus on the technical aspects of deploying both small and large wireless networks, the challenges we meet, and possible solutions thereof. Also the new developments in wireless technologies will be discussed.

Dutch Law Enforcement vs High Tech Crime - What the Dutch police has experienced in the past, the challenges she faces nowadays and the surprises the future might have in store for all of us.

In this presentation I will first outline the current key features of the MySQL RDBMS, supported by a little history and an overview of the MySQL development and release philosophy. We then go on to look at what new funky stuff the MySQL development team is working on.

Come and hear it all from the source - your "when will MySQL support ?" will be answered! Interestingly, the answer these days is often in the form of "yes we have supported for a few years now, since version x.xx" ;-)

How can we improve the process by which System Administrators (SAs) help users? SAs spend much of their time responding to requests from users. Better system administrators use a similar, structured, process. I present the structured process as I have seen and practiced it, examples of each step in the process, and the pitfalls of eliminating various steps. Finally I look at the paper in the larger context of a step towards improving the science of System Administration.

First the author will sum up a non constructive argument showing that the mechanist hypothesis in the cognitive science gives enough constraints to decide what a "physical reality" can possibly consist in.
Then he'll explain how computer science together with logic make it possible to extract a constructive version of the argument by interviewing a wise (Loebian) universal machine. Through that process I emphasize the importance of both Cantor and Brouwer philosophy of mathematics. This will provide a kind of explanation of how both sharable physical laws and unsharable physical knowledge arise from number theoretical relations.

Under the European e-Commerce directive internet hosting providers risk liability for apparently illegal content from their customers. Once they are notified, they should take immediate action to block or remove the content. How serious are providers in the Netherlands about their responsability for the online freedom of speech? Should providers first ask their customer to respond to an allegation, or does 'immediate mean they have to first shoot and ask questions later? What if the complaint about an alleged infringement lacks legal grounds?

In this lecture, Sjoera Nas adresses notice and take-down procedures in the Netherlands, based on recent empirical research, and compares the results with procedures in the United States under the Digital Millennium Copyright Act.

For the movie 'I, Robot', over 1000 VFX shots were made, some with subsurface scattering. The visual effects team created a photoreal future Chicago from aerial footage, still pictures and lidar scans, populated it with thousands of Robots of all types, use massive technology to create armies of robots and humans fighting and generated an emotionally powerful performance for the lead robot named Sonny.

The talk will be about how the effect shots were created, for which the visual effects team had to push the envelope in more than one way. Before and after images of 'I, Robot' will be shown.

With the increasing complexity and workload of IT operations environments, staff are having to do more with less, and finding it more difficult than ever to obtain the resources necessary (money, staff, time) to move from a reactive fire-fighting mode to one of control and predictability.

In this talk, we look at the problems facing IT organisations and present a structured approach to assessing and maturing local system management practices.

NFS is the de facto distributed file system for UNIX. It has evolved over time to meet the requirements of a changing application base and the growth of various UNIX flavors into a wide array of markets.

The latest version is NFS Version 4, which is a standard from the IETF. It provides an extensible security architecture, enhanced semantics for modern file systems and applications, an architecture that encourages WAN deployment and a mechanism for forward compatible revisions to encourage more rapid innovation in the protocol. Products have started to ship, and NFS Version 4 is part of the Linux 2.6 kernel distribution.

NFS is indeed entering interesting times. The emergence of Linux and cost effective compute clusters has pushed discussions on the future directions for NFS into application deployments requiring high performance scalable storage. All the marketing aside, this is probably the most fun we had in a long time. Position papers on extensions to NFS are being rapidly generated and collaborated on in areas of migration/replication (to exploit basic capabilities in the core NFS Version 4 protocol), parallel I/O for server bandwidth aggregation, exploitation of emerging RDMA standards for high performance clustering, and heterogeneous storage architectures which exploit NFS Version 4 as a metadata protocol.

This invited talk will cover the technical details of the proposals, discuss the players involved, describe the issues and likely success of the proposals, touch on how to get involved, and boldly predict the future direction of NFS.

The first part of UNIX was created in August and September of 1969. The first ARPAnet node was set up at UCLA in September 1969. Linux became a teenager on 25 August 1994.

Just how all this came about is a fascinating story.

Even more fascinating is the criminal character of the two related operating systems: each has been in court as a juvenile offender. The legal and licensing systems have made important history, too.

Come, celebrate birthdays and (hopefully) liberation

Wietse Venema discusses lessons learned from the software that he released over the years. This includes how the software came into being, the widely varying publicity that his work received, and the impact his work had on open source and security.

Outline:
NetherLight is an advanced optical infrastructure and proving ground for network services optimized for high-performance applications, based in Amsterdam. Inspired by StarLight in Chicago, NetherLight is a multiple 1GbE/10GbE switching facility and lightpath transport hub. In this talk, Erik Radius will discuss the rationale for this testbed, the network build-out into Geneva, Chicago, Prague, London and other places that are joining, the emergence of the GLIF (Global Lambda Integrated Facility) and some of the high-performance networking applications that benefit from these new types of networks. Fore more information, see www.netherlight.net and www.glif.is.

Target audience:
network managers, network engineers, telecom engineers

Required Skills:
(none in particular)

The openMosix software package turns networked computers running GNU/Linux into a cluster. It automatically balances the load between different nodes of the cluster, and nodes can join or leave the running cluster without disruption of the service. The load is spread out among nodes according to their connection and CPU speeds.

Since openMosix is part of the kernel and maintains full compatibility with Linux, a user's programs, files, and other resources will all work as before without any further changes. The casual user will not notice the difference between a Linux and an openMosix system. To her, the whole cluster will function as one (fast) GNU/Linux system.

openMosix is a Linux-kernel patch which provides full compatibility with standard Linux for IA32-compatible platforms. The internal load-balancing algorithm transparently migrates processes to other cluster members. The advantage is a better load-sharing between the nodes. The cluster itself tries to optimize utilization at any time (of course the sysadmin can affect the automatic load-balancing by manual configuration during runtime).

This transparent process-migration feature makes the whole cluster look like a BIG SMP-system with as many processors as available cluster-nodes (of course multiplied with X for X-processor systems such as dual/quad systems and so on). openMosix also provides a powerful optimized File System (oMFS) for HPC-applications, which unlike NFS provides cache, time stamp and link consistency.

With openMosix you can start a process on one machine and find out it actually runs on another machine in the cluster. Each process has its own Unique Home Node (UHN) where it gets created.

Migration means that a process is splitted in 2 parts, a user part and a system part. The user part will be moved to a remote node while the system part will stay on the UHN. This system-part is sometimes called the deputy process: this process takes care of resolving most of the system calls.

openMosix takes care of the communication between these 2 processes.

Recent improvements in openMosix, contain the initial implementation of Shared Memory Migration, CheckPointing Support, LoadLimitation, Autodiscovery tools, the General openMosix daemon and lots more.

This presentation deals with the implementation of distributed IDS networks in enterprise environments, based on the OpenSource NIDS Snort (TM) as sensor engine. The different challenges and the solutions will be exemplified by means of a fictional enterprise network.

Topics presented will be, among others:

• communication methods (sensor<->server,server<->server)
• security mechanisms
• data reduction
• redundancy

Target Audience
Members of the security community interested in networkbased intrusion detection solutions.

Passive packet capture is necessary for many activities including network debugging and monitoring. With the advent of fast gigabit networks, packet capture is becoming a problem even on PCs due to the poor performance of popular operating systems. The introduction of device polling has improved the capture process quite a bit but not really solved the problem. This paper proposes a new approach to passive packet capture that combined with device polling allows packets to be captured and analyzed (e.g. using the NetFlow protocol) at (almost) wire speed on Gbit networks using a legacy PC.

Audience
Network managers/developers.

Skills
None.

High Available Network Services are becoming more and more important. Traditional Loadsharing solutions need a seperate load balancing device to distribute incoming packets over multiple working nodes. To get both High Availability and Loadsharing it needs a fully redundant setup and therefore at least a second Load Balancer.

This paper presents a nifty way to put the Loadsharing functionality directly into the working nodes. It explains how to combine the latest Networking Features of OpenBSD to build High Available, decentralized Loadsharing systems for VPNs, Firewalls and Servers.

Target Audience:
System Administrators that want to get new ideas and concepts on how to create high available Network Services with Loadsharing capabilities. Basic knowledge about TCP/IP and Ethernet is required.

The Domain Name System (DNS) affects most Internet services including e-mail. It has scaled well with the growth of the Internet but it also has limitations. In normal DNS operation it is likely for users to be directed to "sub-optimal" targets for obtaining service or even to nodes in which there is no service availability at a specific time interval. We propose an enhanced nameserver that functions in cooperation with the open-source BIND and takes into consideration the state of the machines that provide the mail service. The main task of our nameserver is to effectively carry out hostname resolution to cluster-node IPs even in light of failed or overloaded cluster nodes. We present the server's software architecture and the techniques for load evaluation to attain near-optimal name-to-address resolution.

Target audience:
People interested in optimization of mail systems.

Required skills:
Familiarity with DNS operation principles.

System and network administration education faces a significant challenge supplying students with both theory and hands-on practical experience. Students need real systems with root access in order to install and test popular services as a basis for learning key issues through experience.

We present how networks of virtual machines can be used in education to provide the necessary environments for students to work on and expect to see cost savings, more challenging student assignemnts, a protected test environment for every student or group and better scalability for larger classes and most importantly, the ability to reconfigure and restore networks rapidly.

This paper also presents a tool for the building and administration of virtual networks based on User-Mode Linux. This effort is a joint venture between the University College of Oslo, University of Amsterdam, University of Linköping and other experienced lecturers in the field of system and network administration.

When offering large-scale web services or content, it is imperative to limit network resources such as bandwidth, while at the same time maintaining an acceptable service level. Moreover, it is important to be able to differentiate this service level according to criteria such as the content area, type, size and possibly user- or viewer-dependent properties.

We present a set of techniques, implemented via Apache modules, which allow a web site administrator to categorize the content on-the-fly into various classes and to mark each class with a different IP Type-of-Service (ToS) value. At the network level, we take advantage of the advanced features of the Linux TCP/IP stack and map each IP ToS value into one out of a set of CBQ traffic shaping queues. Using our techniques, a web site administrator can limit the total bandwidth consumed and at the same time define acceptable per content-type or size service policies.

We present a tool for exploring the effects of different network policies for limiting spam and other flood-type attacks. Consider the situation where many distributed systems offer network services, especially applications such as E-mail and packet routing which require relaying through multiple nodes to arrive at their destination. In policy controlled systems, e.g. networks with local firewalls or BGP (Border Gateway Protocol) type routing, there is no automatic right to connect to a network node. A node can refuse certain traffic, for instance if it rejects it as a matter of policy or if a recent attack was registered from the origin host. In our paper, we present a method of simulation showing how spam E-mail, worms or BGP policy information can spread throughout a network, given hosts with different kinds of generic policy behaviour.

System administrators write scripts to automate daily tasks. These scripts are useful because they are powerful. It follows that they can also cause disasters if not used propperly. In my talk I will explain what you can gain from having a strict policy about how these scripts behave, where they are installed, and how they are documented. I will explain how we implemented such a policy at our site, and what it contains. Finally I will present a few of the most interesting tools in our policy managed collection of more than a 100 admin scripts: the IT Support Group Toolchest.

Target audience:
all system managers interested in working on reliable, reproducible and documented systems.

The Trusted Computing Group and Microsoft are working on the biggest change of the information landscape since decades. Besides positive features like a more secure hardware storage for cryptographic keys, an analysis of the proposed standards shows some problematic properties. One of main problems is that the computer owner is seen as an adversary, who no longer should have the full control over their own computers anymore.

Additionally, the market domination of Microsoft, obscurities regarding the needed trust infrastructure and a heap of patents have lead to critical evaluations from cryptographers, privacy organizations and European institutions. Because of this pressure the Trusted Computing Group has modified its proposal. We discuss the recent specification TCG 1.2. We also consider the usage of some of the hardware features of a 'cleaned' TPM chip to improve the security of free software.

Subversion [1] is meant to be a better CVS. It has support for renaming and copying files (with consistent visioning information), clean handling of directories (incl. renaming and copying directories), versioned file meta data, truly atomic commits, cheap (constant time) tagging and branching, efficient handling of binary files, etc. etc.

The ROCK Linux [2] project decided to switch to subversion over a year ago and is now developing SubMaster [3], a small set of scripts to make it as easy as possible for developers to create their own local branches, keep them in sync with the main repositories and send patches upstream. We from ROCK Linux believe that SubMaster can be used as adequate replacement for BitKeeper in many projects and has some important features BitKeeper is missing.

SubMaster consists of two parts: A command line tool for the developers to create and manage their local branches on the one hand and a CGI script which acts as management platform for submitting patches, collecting feedback, make regression tests and apply them to the main tree on the other hand.

The SubMaster server part can be extended using SubMaster Server Side User Scripts. This scripts are e.g. used in the ROCK Linux installation of SubMaster to decide which user must review which patch (based on the list of files modified by the patch) and to automatically run regression tests with the patch applied.

During the speech I will give an introduction into Subversion and SubMaster, explain the implementation details and show how to write SubMaster Server Side User Scripts.

[1] http://subversion.tigris.org/
[2] http://www.rocklinux.org/
[3] http://www.rocklinux.org/submaster.html