Overall Overview

Hugely successful internet startup eBay runs a 24x7 auction and retail site with over a billion items for sale annually. Its 75 million registered users keep the servers and networks jumping.
Join eBay's director of availability and performance engineering as he reveals some of the behind-the-scenes action that enables eBay to stay at the top of its game.

Samba (http://www.samba.org/) is the CIFS file and print server of choice for many network administrators. It is common to find Samba running on multiple servers within a network. However, the majority of the publicly released tools for managing Samba servers still focus on an configuring an individual host.

This talk will explore two proposed features planned for Samba 3.2 that are aimed at addressing this deficiency. The first is a newly developed protocol for monitoring and administering Samba servers over RPC and the second is to capability to utilize LDAP directories as a data store for sharing configuration parameters among Samba installations.

Wireless for a new world

Wireless communication technologies are HOT. More than half of the portable computers are sold with some sort of wireless network built in. On nearly every corner of the street there is a hotspot, and wireless community activity is thriving. Why is wireless so popular, and how can it cope with the growth of the number of users ? How do the new technologies fit in here, and can they bring relief to the problems we encounter deploying and maintaining a wireless network.
This presentation will focus on the technical aspects of deploying both small and large wireless networks, the challenges we meet, and possible solutions thereof. Also the new developments in wireless technologies will be discussed.

Dutch Law Enforcement vs High Tech Crime - What the Dutch police has experienced in the past, the challenges she faces nowadays and the surprises the future might have in store for all of us.

In this presentation I will first outline the current key features of the MySQL RDBMS, supported by a little history and an overview of the MySQL development and release philosophy. We then go on to look at what new funky stuff the MySQL development team is working on.

Come and hear it all from the source - your "when will MySQL support ?" will be answered! Interestingly, the answer these days is often in the form of "yes we have supported for a few years now, since version x.xx" ;-)

How can we improve the process by which System Administrators (SAs) help users? SAs spend much of their time responding to requests from users. Better system administrators use a similar, structured, process. I present the structured process as I have seen and practiced it, examples of each step in the process, and the pitfalls of eliminating various steps. Finally I look at the paper in the larger context of a step towards improving the science of System Administration.

First the author will sum up a non constructive argument showing that the mechanist hypothesis in the cognitive science gives enough constraints to decide what a "physical reality" can possibly consist in.
Then he'll explain how computer science together with logic make it possible to extract a constructive version of the argument by interviewing a wise (Loebian) universal machine. Through that process I emphasize the importance of both Cantor and Brouwer philosophy of mathematics. This will provide a kind of explanation of how both sharable physical laws and unsharable physical knowledge arise from number theoretical relations.

Under the European e-Commerce directive internet hosting providers risk liability for apparently illegal content from their customers. Once they are notified, they should take immediate action to block or remove the content. How serious are providers in the Netherlands about their responsability for the online freedom of speech? Should providers first ask their customer to respond to an allegation, or does 'immediate mean they have to first shoot and ask questions later? What if the complaint about an alleged infringement lacks legal grounds?

In this lecture, Sjoera Nas adresses notice and take-down procedures in the Netherlands, based on recent empirical research, and compares the results with procedures in the United States under the Digital Millennium Copyright Act.

For the movie 'I, Robot', over 1000 VFX shots were made, some with subsurface scattering. The visual effects team created a photoreal future Chicago from aerial footage, still pictures and lidar scans, populated it with thousands of Robots of all types, use massive technology to create armies of robots and humans fighting and generated an emotionally powerful performance for the lead robot named Sonny.

The talk will be about how the effect shots were created, for which the visual effects team had to push the envelope in more than one way. Before and after images of 'I, Robot' will be shown.

With the increasing complexity and workload of IT operations environments, staff are having to do more with less, and finding it more difficult than ever to obtain the resources necessary (money, staff, time) to move from a reactive fire-fighting mode to one of control and predictability.

In this talk, we look at the problems facing IT organisations and present a structured approach to assessing and maturing local system management practices.

NFS is the de facto distributed file system for UNIX. It has evolved over time to meet the requirements of a changing application base and the growth of various UNIX flavors into a wide array of markets.

The latest version is NFS Version 4, which is a standard from the IETF. It provides an extensible security architecture, enhanced semantics for modern file systems and applications, an architecture that encourages WAN deployment and a mechanism for forward compatible revisions to encourage more rapid innovation in the protocol. Products have started to ship, and NFS Version 4 is part of the Linux 2.6 kernel distribution.

NFS is indeed entering interesting times. The emergence of Linux and cost effective compute clusters has pushed discussions on the future directions for NFS into application deployments requiring high performance scalable storage. All the marketing aside, this is probably the most fun we had in a long time. Position papers on extensions to NFS are being rapidly generated and collaborated on in areas of migration/replication (to exploit basic capabilities in the core NFS Version 4 protocol), parallel I/O for server bandwidth aggregation, exploitation of emerging RDMA standards for high performance clustering, and heterogeneous storage architectures which exploit NFS Version 4 as a metadata protocol.

This invited talk will cover the technical details of the proposals, discuss the players involved, describe the issues and likely success of the proposals, touch on how to get involved, and boldly predict the future direction of NFS.

The first part of UNIX was created in August and September of 1969. The first ARPAnet node was set up at UCLA in September 1969. Linux became a teenager on 25 August 1994.

Just how all this came about is a fascinating story.

Even more fascinating is the criminal character of the two related operating systems: each has been in court as a juvenile offender. The legal and licensing systems have made important history, too.

Come, celebrate birthdays and (hopefully) liberation

Wietse Venema discusses lessons learned from the software that he released over the years. This includes how the software came into being, the widely varying publicity that his work received, and the impact his work had on open source and security.

Outline:
NetherLight is an advanced optical infrastructure and proving ground for network services optimized for high-performance applications, based in Amsterdam. Inspired by StarLight in Chicago, NetherLight is a multiple 1GbE/10GbE switching facility and lightpath transport hub. In this talk, Erik Radius will discuss the rationale for this testbed, the network build-out into Geneva, Chicago, Prague, London and other places that are joining, the emergence of the GLIF (Global Lambda Integrated Facility) and some of the high-performance networking applications that benefit from these new types of networks. Fore more information, see www.netherlight.net and www.glif.is.

Target audience:
network managers, network engineers, telecom engineers

Required Skills:
(none in particular)

The openMosix software package turns networked computers running GNU/Linux into a cluster. It automatically balances the load between different nodes of the cluster, and nodes can join or leave the running cluster without disruption of the service. The load is spread out among nodes according to their connection and CPU speeds.

Since openMosix is part of the kernel and maintains full compatibility with Linux, a user's programs, files, and other resources will all work as before without any further changes. The casual user will not notice the difference between a Linux and an openMosix system. To her, the whole cluster will function as one (fast) GNU/Linux system.

openMosix is a Linux-kernel patch which provides full compatibility with standard Linux for IA32-compatible platforms. The internal load-balancing algorithm transparently migrates processes to other cluster members. The advantage is a better load-sharing between the nodes. The cluster itself tries to optimize utilization at any time (of course the sysadmin can affect the automatic load-balancing by manual configuration during runtime).

This transparent process-migration feature makes the whole cluster look like a BIG SMP-system with as many processors as available cluster-nodes (of course multiplied with X for X-processor systems such as dual/quad systems and so on). openMosix also provides a powerful optimized File System (oMFS) for HPC-applications, which unlike NFS provides cache, time stamp and link consistency.

With openMosix you can start a process on one machine and find out it actually runs on another machine in the cluster. Each process has its own Unique Home Node (UHN) where it gets created.

Migration means that a process is splitted in 2 parts, a user part and a system part. The user part will be moved to a remote node while the system part will stay on the UHN. This system-part is sometimes called the deputy process: this process takes care of resolving most of the system calls.

openMosix takes care of the communication between these 2 processes.

Recent improvements in openMosix, contain the initial implementation of Shared Memory Migration, CheckPointing Support, LoadLimitation, Autodiscovery tools, the General openMosix daemon and lots more.

This presentation deals with the implementation of distributed IDS networks in enterprise environments, based on the OpenSource NIDS Snort (TM) as sensor engine. The different challenges and the solutions will be exemplified by means of a fictional enterprise network.

Topics presented will be, among others:

• communication methods (sensor<->server,server<->server)
• security mechanisms
• data reduction
• redundancy

Target Audience
Members of the security community interested in networkbased intrusion detection solutions.

Passive packet capture is necessary for many activities including network debugging and monitoring. With the advent of fast gigabit networks, packet capture is becoming a problem even on PCs due to the poor performance of popular operating systems. The introduction of device polling has improved the capture process quite a bit but not really solved the problem. This paper proposes a new approach to passive packet capture that combined with device polling allows packets to be captured and analyzed (e.g. using the NetFlow protocol) at (almost) wire speed on Gbit networks using a legacy PC.

Audience
Network managers/developers.

Skills
None.

High Available Network Services are becoming more and more important. Traditional Loadsharing solutions need a seperate load balancing device to distribute incoming packets over multiple working nodes. To get both High Availability and Loadsharing it needs a fully redundant setup and therefore at least a second Load Balancer.

This paper presents a nifty way to put the Loadsharing functionality directly into the working nodes. It explains how to combine the latest Networking Features of OpenBSD to build High Available, decentralized Loadsharing systems for VPNs, Firewalls and Servers.

Target Audience:
System Administrators that want to get new ideas and concepts on how to create high available Network Services with Loadsharing capabilities. Basic knowledge about TCP/IP and Ethernet is required.

The Domain Name System (DNS) affects most Internet services including e-mail. It has scaled well with the growth of the Internet but it also has limitations. In normal DNS operation it is likely for users to be directed to "sub-optimal" targets for obtaining service or even to nodes in which there is no service availability at a specific time interval. We propose an enhanced nameserver that functions in cooperation with the open-source BIND and takes into consideration the state of the machines that provide the mail service. The main task of our nameserver is to effectively carry out hostname resolution to cluster-node IPs even in light of failed or overloaded cluster nodes. We present the server's software architecture and the techniques for load evaluation to attain near-optimal name-to-address resolution.

Target audience:
People interested in optimization of mail systems.

Required skills:
Familiarity with DNS operation principles.

System and network administration education faces a significant challenge supplying students with both theory and hands-on practical experience. Students need real systems with root access in order to install and test popular services as a basis for learning key issues through experience.

We present how networks of virtual machines can be used in education to provide the necessary environments for students to work on and expect to see cost savings, more challenging student assignemnts, a protected test environment for every student or group and better scalability for larger classes and most importantly, the ability to reconfigure and restore networks rapidly.

This paper also presents a tool for the building and administration of virtual networks based on User-Mode Linux. This effort is a joint venture between the University College of Oslo, University of Amsterdam, University of Linköping and other experienced lecturers in the field of system and network administration.

When offering large-scale web services or content, it is imperative to limit network resources such as bandwidth, while at the same time maintaining an acceptable service level. Moreover, it is important to be able to differentiate this service level according to criteria such as the content area, type, size and possibly user- or viewer-dependent properties.

We present a set of techniques, implemented via Apache modules, which allow a web site administrator to categorize the content on-the-fly into various classes and to mark each class with a different IP Type-of-Service (ToS) value. At the network level, we take advantage of the advanced features of the Linux TCP/IP stack and map each IP ToS value into one out of a set of CBQ traffic shaping queues. Using our techniques, a web site administrator can limit the total bandwidth consumed and at the same time define acceptable per content-type or size service policies.

We present a tool for exploring the effects of different network policies for limiting spam and other flood-type attacks. Consider the situation where many distributed systems offer network services, especially applications such as E-mail and packet routing which require relaying through multiple nodes to arrive at their destination. In policy controlled systems, e.g. networks with local firewalls or BGP (Border Gateway Protocol) type routing, there is no automatic right to connect to a network node. A node can refuse certain traffic, for instance if it rejects it as a matter of policy or if a recent attack was registered from the origin host. In our paper, we present a method of simulation showing how spam E-mail, worms or BGP policy information can spread throughout a network, given hosts with different kinds of generic policy behaviour.

System administrators write scripts to automate daily tasks. These scripts are useful because they are powerful. It follows that they can also cause disasters if not used propperly. In my talk I will explain what you can gain from having a strict policy about how these scripts behave, where they are installed, and how they are documented. I will explain how we implemented such a policy at our site, and what it contains. Finally I will present a few of the most interesting tools in our policy managed collection of more than a 100 admin scripts: the IT Support Group Toolchest.

Target audience:
all system managers interested in working on reliable, reproducible and documented systems.

The Trusted Computing Group and Microsoft are working on the biggest change of the information landscape since decades. Besides positive features like a more secure hardware storage for cryptographic keys, an analysis of the proposed standards shows some problematic properties. One of main problems is that the computer owner is seen as an adversary, who no longer should have the full control over their own computers anymore.

Additionally, the market domination of Microsoft, obscurities regarding the needed trust infrastructure and a heap of patents have lead to critical evaluations from cryptographers, privacy organizations and European institutions. Because of this pressure the Trusted Computing Group has modified its proposal. We discuss the recent specification TCG 1.2. We also consider the usage of some of the hardware features of a 'cleaned' TPM chip to improve the security of free software.

Subversion [1] is meant to be a better CVS. It has support for renaming and copying files (with consistent visioning information), clean handling of directories (incl. renaming and copying directories), versioned file meta data, truly atomic commits, cheap (constant time) tagging and branching, efficient handling of binary files, etc. etc.

The ROCK Linux [2] project decided to switch to subversion over a year ago and is now developing SubMaster [3], a small set of scripts to make it as easy as possible for developers to create their own local branches, keep them in sync with the main repositories and send patches upstream. We from ROCK Linux believe that SubMaster can be used as adequate replacement for BitKeeper in many projects and has some important features BitKeeper is missing.

SubMaster consists of two parts: A command line tool for the developers to create and manage their local branches on the one hand and a CGI script which acts as management platform for submitting patches, collecting feedback, make regression tests and apply them to the main tree on the other hand.

The SubMaster server part can be extended using SubMaster Server Side User Scripts. This scripts are e.g. used in the ROCK Linux installation of SubMaster to decide which user must review which patch (based on the list of files modified by the patch) and to automatically run regression tests with the patch applied.

During the speech I will give an introduction into Subversion and SubMaster, explain the implementation details and show how to write SubMaster Server Side User Scripts.

[1] http://subversion.tigris.org/
[2] http://www.rocklinux.org/
[3] http://www.rocklinux.org/submaster.html

The attendees of the SANE 2004 conference will probably all be White Hats, or simply 'the good guys'. As at previous SANE conferences, the Black Hat Sessions will give the Black Hats viewpoint, i.e. that of the intruders (people who are trying to break into your computers).

Somebody once said: "the amount of clue on the Internet is a fixed constant". Indeed, the percentage of people on the Internet that are really hacking is decreasing. The problem is, however, that there are a lot of full-disclosure mailing lists that are read by people with too much spare time. Using standard exploit scripts and detailed descriptions they can easily attack thousands of systems with only minimal effort.

This Black Hats Session will highlight the problems that exist in Unix and Windows operating systems, application software and how administrators set up and work with those. Thus our intended audience will be these system and network administrators.

The BHS IV: Developments in Security session is a tutorial like the BHS III: The Essentials tutorial given at SANE 2002. There will be an overlap so keep this in mind if you have visited the tutorial at SANE 2002. Of course, new developments will also be discussed, including topics like wireless networks and IPSes. The focus of the tutorial is the general method of breaking into and protecting systems, although plenty of current examples will be shown.

Target audience:
Attendees are expected to have basic knowledge of UNIX and IP networks.

The attendees of the SANE 2004 conference will probably all be White Hats, or simply 'the good guys'. As at previous SANE conferences, the Black Hat Sessions will give the Black Hats viewpoint, i.e. that of the intruders (people who are trying to break into your computers).

Somebody once said: "the amount of clue on the Internet is a fixed constant". Indeed, the percentage of people on the Internet that are really hacking is decreasing. The problem is, however, that there are a lot of full-disclosure mailing lists that are read by people with too much spare time. Using standard exploit scripts and detailed descriptions they can easily attack thousands of systems with only minimal effort.

This Black Hats Session will highlight the problems that exist in Unix and Windows operating systems, application software and how administrators set up and work with those. Thus our intended audience will be these system and network administrators.

The BHS IV: Developments in Security session is a tutorial like the BHS III: The Essentials tutorial given at SANE 2002. There will be an overlap so keep this in mind if you have visited the tutorial at SANE 2002. Of course, new developments will also be discussed, including topics like wireless networks and IPSes. The focus of the tutorial is the general method of breaking into and protecting systems, although plenty of current examples will be shown.

Target audience:
Attendees are expected to have basic knowledge of UNIX and IP networks.

This tutorial is intended for system administrators who are currently managing Samba servers or are planning to deploy new servers this year. This course will outline the new features of Samba 3.0 including working demonstrations throughout the course session.

Attendees will learn how to

• Install Samba including new tools packaged with Samba 3.0
• Safely upgrade servers from 2.2 to 3.0
• Configure and maintain Samba's file serving features
• Configure and maintain Samba's basic print spooling features
• Configure and debug Samba servers participating in the Microsoft Network Neighborhood
• Utilize advanced Samba file serving features such as access control lists (ACLs)
• Configure Samba to support Windows point-and-print features by serving printer drivers on demand
• Install Samba as a member of Windows domain
• Install Samba as a domain controller
• Migrate from a Windows NT 4.0 domain to a Samba domain
• Replace smbpasswd using alternative account storage back-ends such as LDAP

System Administrators today run a variety of directory services, although these are referred to by names such as DNS and NIS. The Lightweight Directory Access Protocol (LDAP) is the up and coming successor to the X500 directory and has the promise of allowing administrators to consolidate multiple existing directories into one.

The tutorial is for both LDAP directory administrators and architects. The focus is on integrating standard network services with LDAP directories. The examples are based on UNIX hosts and the OpenLDAP directory server and will include actual working demonstrations throughout the course.

Attendees will learn how to utilize LDAP directories in:

• Replacing NIS domains
• Integraing Samba user accounts
• Authenticating RADIUS clients
• Integrating MTA's such as Sendmail & Postfix
• Creating address books for mail clients
• Managing user access to HTTP and FTP services
• Storing DNS zone information
• Managing printer information

Target Audience:
Systems and Network Administrators

MODULE 1: Introduction and IPv6 Packet Structure

An introduction to IPv6 explaining new and improved features, comparing the new IPv6 packet structure to that of IPv4.

Topics include:

• IPv6 objectives and characteristics
• IPv6 packet structure
  • IPv6 header layout
  • extension headers
• Real-time support in IPv6

MODULE 2: IPv6 Addressing and Routing

A detailed explanation of the IPv6 addressing architecture, introducing different types of address, the 6Bone, and transitioning mechanisms for early deployment of IPv6 networks.

Topics include:

• IPv6 addressing:
  • global unicast, multicast, and anycast addresses>
  • site-local and link-local addresses
• IPv6 routing
• Transition from IPv4 to IPv6:
  • 6Bone
  • Configured Tunneling
  • Automatic Tunneling

MODULE 3: IPv6 and Autoconfiguration

The ins-and-outs of autoconfiguration in IPv6, including the automatic derivation of interface identifiers and the discovery of network prefixes, gateways and other network parameters.

Topics include:

• ICMPv6
• IPv6 address-resolution; solicited node multicast addresses
• Neighbor Discovery
• Autoconfiguration;
  • stateless versus stateful autoconfiguration
  • DHCPv6

MODULE 4: IPv6 and Security

Devoted to the IPv6 Security facilities, also known as IPSEC. This module treats IPSEC in the context of IPv6, but also applies to IPSEC a used in combination with IPv4.

Topics include:

• Security in IPv6.
  • Security Concepts
  • IPSEC Authentication Header
  • IPSEC Encapsulating Security Payload
  • Key management

Topics not covered

• Mobile IPv6
• IPv6 QoS

Who should attend
This tutorial is intended for anyone with some basic TCP/IP experience. It will be of interest for both network administrators and consultants, providing hands-on demos as well as a thorough treatment of IPv6 concepts.

In this course you will learn how to design a network layout using various wireless network technologies, how to deploy and how to use the network safely.

Topics include:

• Network design
  • Wired vs Wireless
  • Technologies available
  • Protocols on physical level
  • Protocols on higher levels
  • Topologies
  • Equipment available
• Deployment
  • Antenna theory
  • Site surveys
  • Selection of equipment
  • Antenna setup, cabling
  • Management issues
  • Routing
  • Security
  • Free software available
• Usage
  • Integration
  • Security
  • Management

Target Audience:
The course is targetted towards te network professional / engineer who wants to set up a wireless network or revise an existing wireless infrastructure. We will discuss simple setups to cover a conference room as well as building to building networks and fully wireless infrastructures. (eg. wireless communities an mesh networking)

After completion of this course the attendees will have basic as well as advanced knowledge how to set-up, layout, deploy and (safely) use wireless infrastructures on various scales.

Who should attend:

• UNIX system administrators who want or need to administer Macintosh systems running Mac OS X and/or Mac OS X Server.
• Familiarity with standard UNIX system administration concepts and tasks is assumed. No previous Macintosh experience is necessary.
• Experienced Macintosh users who want to learn about system administration tasks in the Mac OS X environment will also benefit from this course.
• People very familiar with Max OS X or with the NeXTSTEP environment will find much of this material to be a review. Note that comparisons with NeXTSTEP will not be made.

Topics include:

• What is this beast and what's Darwin (and why should I care)?
  • System architecture
• Basic tasks
  • Installation hints and pitfalls
  • Software packages
  • Startup and shutdown
• File and file systems
  • File system layout
  • File types: resource forks, applications, etc.
• User management
  • Users and groups
  • Mac OS X shared domains
  • Managed preferences
• Networking
  • Client configuration
  • Managing standard TCP/IP daemons: DNS, DHCP, NTP, and so on
  • The Mac OS X multiprotocol environment
  • Rendezvous and its implications
• Process management and performance
• Managing funky Mac peripherals and user expectations
• Mac OS X security architecture and implementation

We will note interactions between the UNIX implementation and the Mac graphical user/administrative environment.

Postfix is a secure, fast, rock solid, flexible, open Internet standards compliant Mail Transfer Agent (MTA), written by Wietse Venema. It started life back in 1997 as a sendmail replacement. This tutorial covers the official Postfix 2.1.x release.

Initially, we will walk you through some of the key features of Postfix and its architecture: processes, queues, lookup tables, ...

Next, basic installation and configuration will be looked at in more detail and some practical examples for day to day use will be shown.

After that, we'll move towards more advanced topics, including address rewriting, performance tuning, resource control and debugging techniques. Focus will also be on junk-mail control and anti-virus solutions, including those that can be implemented in the Postfix SMTP server before actually accepting a message.

Target Audience
This tutorial is intended for systems administrators who are familiar with common (SMTP) e-mail software and want to learn more about the Postfix MTA, particularly details of configuration and operational issues. Some basic knowledge about the SMTP protocol and the UNIX operating system is assumed.

The tutorial will explain how to plan and realize the creation of a Beowulf cluster. We start with the selection of hardware components and deal with how to avoid some pitfalls. Then we will plan the configuration of the operating system and the applications. The tutorial focuses on the installation and configuration of the OS and the applications using FAI, the fully automatic installation for Debian GNU/Linux. Also, some cluster monitoring technics will be discussed.

Most of the things we will discuss are not cluster specific but also useful for installing large Linux infrastructures. This tutorial will be held as a hands-on tutorial. In its second part, the participants can perform an automated installation on available PC's. We will do installations with some default configurations but you can also try your own configuration.

Topics not covered:
Algorithms, libraries and tools for parallel programming

Who should attend:
Sysadmins who want to install a cluster, a server or desktop machines with hands tied behind your back.

The processor is the engine that keeps your Linux-system moving. The CPU scheduler in the kernel is responsible for assigning processes to the available processor(s). The scheduler aims:

• to guarantee good response-times for interactive processes,
• to assign enough weight to realtime processes (or timesharing processes with a higher priority),
• to avoid starvation even for processes with a low priority,
• to preempt cpu-intensive processes, and
• to keep affinity between a process and a processor.

This tutorial explains the design of the Linux 2.6 scheduler and the implementation of the runqueue. The tutorial also addresses the facilities that users and system administrators can use to influence the scheduling-order (modifying the nice value or scheduling-policy, binding processes, etc) and to view scheduling-characteristics (output of tools like ps and top).

Topics included:

• Processes and threads.
• Scheduling priorities and the nice value.
• Scheduling policies: realtime and timesharing.
• Scheduling algorithm and implementation of the runqueue.
• Binding processes to a particular processor.
• Scheduling and hyper-threading support.
• Scheduling and NUMA.
• Tools to determine process- and processor-utilization.

Topics not covered:

• This tutorial does not cover the details of the kernel's C-code.

Who should attend:
Experienced UNIX and/or Linux system-administrators, who want to have control over the way processes are scheduled in a Linux 2.6 system. Knowledge of the C programming-language is not required.

This tutorial covers MySQL installation, basic configuration and security topics, as well as best practises for backup/recovery and general maintenance.

The tutorial will be highly interactive, using discussions, games, and other ways that insure maximum benefit for all participants. This method of teaching, which is the standard format of MySQL AB training courses, has proven to be much more effective than regular lectures.

Target Audience:
Covering the MySQL administration essentials, this tutorial will provide an overview for newcomers as well as for experienced users, who can fill possible gaps in their knowledge, and addressing specific issues and bad habits.

You may benefit from bringing your own laptop computer. Make sure your laptop has a CD drive, if possible. You could also download the latest versions of the software from www.mysql.com beforehand. If you are a complete beginner, do start with a book such as "MySQL Tutorial" by Luke Welling & Laura Thomson. Do come prepared, as we won't have time for the trivial.

This tutorial will look at the many aspects involved when optimising a MySQL application, the MySQL server, and its environment.

Contrary to popular expectations (and habits), hardware will be the absolute last item on our list. The reason for this will become apparent as we build an overall picture and take a closer look at various specific issues.

The tutorial will be highly interactive, using discussions, games, and other ways that insure maximum benefit for all participants. This method of teaching, which is the standard format of MySQL AB training courses, has proven to be much more effective than regular lectures.

Target Audience:
Optimisation is certainly not a topic of dry knowledge. Instead it is about gaining the skills needed to analyse the big picture, and recognising the often small but important opportunities. As such, this tutorial will provide a valuable experience particularly for more experienced users.

You may benefit from bringing your own laptop computer, with MySQL Server and your favourite client installed. The latest versions of the software can be downloaded from www.mysql.com. Do come prepared, as we won't have time for the trivial.

This workshop will teach techniques and technology that lets you start your relationship right, repair broken ones, and maintain good ones. Sites considering creating a helpdesk, or sysadmins that maintain large desk-top communities will find this especially useful.

Making and maintaining a good first impression...

 (their PC is ready on their first day of employment, etc),

help them when they have problems...

 (running a spectacular helpdesk/support system),

maintaining positive relationships...

 (effective communication one-on-one and en masse),

and fixing problems before they notice...

 (system and network monitoring).

Topics included:

• How to make a lasting first impression
• The difference between Perception vs. Visibility
  • why both are important
• The secret to making users feel like they are the center of the universe
  • an algorithm for ordering request priorities
• How to make a good first impression always
  • considerations for the employee's first day and every day
• Technology that helps make a good first impression:
  • the "first day" checklist
  • rapid PC deployment techniques (Ghost, JumpStart, AutoLoad, etc.)
• Helpdesks (both real and virtual)
  • pros and cons of formal helpdesks
  • how to create and manage a helpdesk
  • survey of "request" and "ticket" systems
• Customer care
  • The 9-step process for handling customer requests
• Knowing what's wrong before they do
  • Monitoring services
  • Historical trend analysis
  • Should you have a NOC?
• Training that every customer-facing person should receive

Topics not covered:
Specific configuration steps for software products (free or commercial).

Who should attend:
Sites that feel "the users hate us!" and want to make fast improvements. Sysadmins with large user populations, especially large desktop user communities. People that want to better-manage their helpdesk, desktop deployment, and PC refresh cycles.

This course provides an in-depth study of the source code of parts of the FreeBSD 5.2 kernel. This course is aimed at users with a good understanding of the algorithms used in UNIX-based kernels that want to learn the details of their implementation. Students should have studied some UNIX-based kernel or have taken a university-level course on operating systems. Ideally they would have experience working with a BSD-based kernel (FreeBSD, NetBSD, OpenBSD, or BSD/OS). Students are also expected to have a complete background in reading and programming in the C programming language. This course will not cover the entire FreeBSD kernel. Rather it will focus on the specific areas outlined below.

• Overview of FreeBSD 5.2 organization
• Process and thread organization
• New system daemons
• The UFS2 filesystem

The course will have some descriptive slides, but will primarily involve the instructor displaying and discussing FreeBSD kernel source code. While bringing a laptop to the class is not strictly necessary, it will be easier to follow along.

The code to be studied and the specific list of functions to be covered can be downloaded. Students planning on taking the course are strongly encouraged to download and review the functions to be discussed before coming to class so as to be able to get the greatest benefit from the lecture.

What application do you spend most of your time with? If not playing games, then it is very likely editing text. E-mail, program source, reports, log files; all kinds of text you view and/or edit daily. If you can improve your text editing skills a little bit, you can get more work done in less time. And when you learn how to avoid mistakes, you avoid stress.

Vim is a very powerful editor. But most Vim users know only a small number of commands. This tutorial presents Vim solutions to every-day editing tasks, such as answering e-mail, writing source code and creating web pages. Practical examples will be given for clever solutions, which you can adjust to your own situation: Formatting text, finding your way in a tree of source files, using search patterns, etc.

An introduction is given to customizing Vim to your needs. Writing Vim scripts with functions, creating user commands and mappings that you can automate editing tasks with. And when Vim is not enough, know how to invoke external commands and use the Perl or Python inteface.

Who should attend:
People who use Vim for their daily editing tasks, such as answering e-mail, creating web sites, writing programs and reports. A minimal knowledge of Vi or Vim is required.

Topics included
Soon, all systems (including PCs and workstations) will have the capability of executing multiple threads simultaneously. As a result, it is to be expected that the interest in parallel computing will increase.

In this tutorial we will start with an extensive introduction into this topic. Key concepts like scalability, Amdahl's law, message passing, shared memory programming, cache coherency, parallel architectures, SMP, CMP/CMT and cc-NUMA will all be presented and discussed in detail.

As an illustration of these concepts, we will study the architecture of the Sun UltraSPARC IV processor and Sun Fire SMP systems in some detail.

We will then zoom in on the shared memory programming model. First we look under the hood how a modern compiler supports automatic parallelization for this model. It will be shown what can and can not be done (yet) at this level.

Next we will cover the OpenMP programming model for explicit parallelization in some detail. OpenMP is a de-facto standard and provides for a compact, but yet powerful model to program a shared memory system. An overview (mainly by example) will help understanding how this model operates and what the potentials are.

Topics not covered
Design and implementation of parallel algorithms

Who should attend
We do not assume a background in this topic. Anybody with an interest in parallel computing is welcome to attend and should be able to follow this tutorial. The concepts and ideas presented are generally applicable.

Topics included:

• This full-day tutorial will teach the attendants how to set up (stateful) packet filtering and network address translation (NAT).
• The various topics covered will be illustrated using the advanced and freely available IP-Filter packet filtering engine. IP-Filter runs on a variety of operating systems, like FreeBSD, Solaris, HP-UX and Linux.
• Although parts of the tutorial will explain how IP-Filter works, the goal of the tutorial is not to learn IP-Filter only. The primary focus will be on how the various packet filtering and NATting techniques shown can be used in a generic way in all kinds of products (of course if they provide the functionality needed).
• Besides theory, the tutorial will include lots of examples and demonstrations performed on live machines.

The tutorial will cover:

• TCP/IP basics in relation to packet filtering and NAT. This will include the newer extensions like ECN and SACK.
• Basic packet filtering
• NAT: theory about various ways of doing NAT (redirection, NAT, etc)
• Basic NATting
• Advanced packet filtering: returning error packets, stateful filtering, fragment handling, transparency
• Advanced NATting
• kernel proxying, transparent proxying
• authentication
• redundancy and fail-over
• tools
• New features in IP-Filter 4

Topics not covered:

• Although other packet filtering and NAT products will likely be mentioned during the tutorial, it will not cover the functionality and working of those products.
• This tutorial is also not meant to learn about the internal implementation details of IP-Filter or similar products.

Who should attend System and network administrators interested in the design and implementation of packet filtering firewalls and network address translation setups should attend this tutorial. But of course it is also interesting for those of you owning a cable or ADSL modem via which you want to connect a whole network via a single IP address in a secure way.

Even traditional PBX vendors have now grudgingly agreed that the future of telephony is on packet based networks. So reckon that TDT-based networks are going the way of token-ring :-). What exactly can you expect from this trend? What does IP telephony demand from a network? What protocols are used now and likely to be used in the near future? What extra features will likely become standard using this technology?

Who should attend
Everybody that will be confronted with this technology, willing or not.

This tutorial explains commonly used firewall terminology and concepts with reference to the security facilities and software packages to implement firewall techniques on Linux systems.

The various techniques are explained, discussing the pro's and con's of each. Techniques covered include IP packet filtering, circuit-level proxies and application-level proxy servers. An overview of the required software is given, together with configuration examples. Especially IP packet filtering with Linux using netfilter/iptables is covered in great detail. A number of add-on netfilter modules are also discussed.

Furthermore, a few other security-related techniques are explained, like masquerading and (the more generic) Network Address Translation (NAT), as well as Virtual Private Networks (VPN's). All topics discuss the available Linux software and include some configuration examples.

Target Audience
System and network administrators wanting a broad overview of firewall technologies in general and, more specifically, the way Linux can be used to implement these technologies.