![[LWN Logo]](/images/lwn.banner.gif)
Date: Sun, 7 Mar 1999 14:59:51 -0700
From: Sean Reifschneider <jafo@tummy.com>
To: NCLUG Mailing List <nclug@nclug.org>, lug@lug.boulder.co.us
Subject: [lug] LinuxWorld Day 3, March 3, 1999
Images at http://www.tummy.com/reports/LinuxWorld99/
LinuxWorld Day 3
March 3, 1999
Today I mostly attended the conference presentations.
The first talk I attended was Integrating UNIX and NT environments
presented by Jeremy Allison of the Samba development team. Because MS
never expected anyone to reverse engineer the SMB authentication protocol,
there was no testing done to ensure that "bad" implementations didn't
cause problems. There are 46 known ways to *CRASH* an NT server by
sending invalid authentication data to an NT server.
If you sniff the session of the initial add of an NT server to a domain, you
can then decrypt all future traffic from that server.
Samba 2.0 contains some experimental code for allowing it to do minimal
authentication as a Primary Domain Controller. The 2.1 alpha code has
fixes and enhancements for making it even more usable as a PDC. 2.2 will
probably be able to do act as a PDC, however it probably won't implement
replication (because replication is another big, ugly, undocumented mess).
Because NT has undocumented portions in this authentication scheme, we
can't just put in an NIS+ or some other authentication strategy into NT.
This is how they keep their strangle-hold on things...
One thing that Samba demonstrates is just how flexable Unix is.
They took an undocumented protocol and were able to implement it's
authentication mechanism fairly seamlessly. Samba can create and
delete accounts on the Samba Unix server as accounts are created and
deleted on the Primary Domain Controller. This makes management of
users on a Samba server much easier.
================
Keeping Linux Unified: To Fork or Not to Fork
Panel headed by Art Tyde, LinuxCare
The most interesting thing was that he polled the audience and roughly 4
people raised their hands that they were using SuSE. 6 people raised their
hands when asked who had never heard of SuSE before today... About half
as many people ran Caldera (or at least admitted to it). Most of the
audience was running RedHat.
Forking isn't inherantly good or bad. BSD variants are a good example
of forking. For the Linux kernel, and example where forking might be
desired is that a group decides they are unhappy with it taking 2.5
years to get from 2.0 to 2.1. There is also distribution forking,
which we already have. Other areas where there has been forking is in
platforms (largely merged back in at kernel version 2.2), real-time Linux,
micro-controller Linux, etc... And that's just the kernel.
Is unification a good thing? Certainly in some areas, for example the
file-system layout or having compatible versions of libraries, etc...
However, there is a project called IStore (being worked on by the guy who
brought us RAID), which has a number of servers running FreeBSD, NetBSD
(in Linux compatibility mode) and Linux. If one server fails because
of a particular bug, the other servers may not have that same bug.
In this case, diversity is a benefit.
================
In the speakers lounge, Jo-Ellen Matthews was showing off a nice
little box they had put together with a little single-board computer based
off a Motorola processor, 10/100 network card, serial interface, and a
PCMCIA card. Mark Matthews works on wireless support based on 802.11,
and so it might make a nice wired access point for a wireless network.
Unfortunately I missed their presentation this morning on wireless Linux.
I was interested enough in the wireless, that I missed the first part
of the XFree 4.0 presentation by Dirk Hohndel of SuSE. Yesterday in
the speakers lounge he projecting that 4.0 would be available in the
first half of this 1999. Liz was furiously taking notes during the
presentation, so check out http://www.lwn.net/daily/ for more specific
notes on XFree 4.0 (though she later informed me she missed the first
20 minutes of that presentation, but was going to buy the audio tape).
We started going through the exhibits in more detail. I looked at the
RaidZone IDE RAID 0/1/5/10 system. It looks fairly good... The base
price is $1200 for a kit that fits in 3 5" drive bays, includes 5 hot-swap
carriers and the PCI controller. This is relatively expensive compared
to the Arco DupliDisk ($200, limited to RAID-1 on 2 or 4 drives) or the
Mylex DAC960/AcceleRAID single SCSI bus card ($450, all RAID levels,
but no drive carriers). It's very price-competitive with the Vortex
boards at $600 for a RAID-1 board or $1200 for a RAID-5 capable board.
The Debian area had a nice little car stereo in there. It's a custom
made system using a StrongARM running Debian. It can hold up to 2
laptop hard drives to play MP3s in your car. With a wireless PCMCIA
card, it could be pretty sweet. Price on that guy starts at $1000,
but it's not in mass production.
Linux Hardware had a nice little box that was just a hair over $1000,
included 10/100 network connection, one PCMCIA slot, one ISA, and
a CD-ROM. The box was about the size of a NetWinder, perhaps slightly
larger.
They were giving away full demo copies of the Alexandria backup software,
usable for 45 days. There was something weird about the pricing, the
sales person kept saying "zero to nine hundred dollars", it sounds like
they are a little confused about what their price will be for Linux.
However, they may have a free low-end software package available.
Be sure to ask about it if SpectraLogic gives a presentation at BLUG. :-)
On the backup front, there are rumors that the next BRU release will
finally support fast recovery on DDS media. I may finally look at BRU
once that is available. I simply ignore any backup system that takes
an hour or two to recover a single file from a tape, when the drive
supports recovery in under 2 minutes.
===================
Linux autofs -- The Next Generation
H. Peter Anvin, Transmeta
What is autofs? It's a kernel/user-level auto-mounter. Currently a
stable version is in 2.2, with a not-so-stable version in 2.0. Most
commonly used with NFS, but (while not designed for it) has also been used
for removable media management. It's better than nothing though. The
problem with amd is that it emulates an NFS server, which makes it very
complex.
There currently isn't any support for "/net" mounts, however it's being
worked on. Because of it's hybrid kernel/user-space architecture, it
is much faster than a user-space-only implementation. The frequent
operations are done in the kernel, while the large or complex or time
consuming tasks are done in user-land.
===================
Future Plans for IP Packer Filtering under Linux
Paul Russell of RustCorp IT Consulting
Michael Neuling of RADLogic Pty. Ltd.
Problems with existing 2.2 packet filtering: No method of sending packets
from kernel to user space. Transparent proxying is very far from ideal.
Creating packet filter rules independant of interface is not possible.
Masquerading is tacked onto packet filtering, which leads to interactions
that make firewalling complex.
New code has 5 places in the routing code in which filtering can be done.
It also includes hooks so that one can register packet filters in
user-land, and based on ACLs packets will be handed off from the kernel.
This sounds pretty sweet and later I was talking to Paul about the
implications for things like isinGlass and other user tools and we were
both excited about what could be done.
He was slightly apoligetic about having broken ipfwadm when implementing
ipchains. I kind of groaned when I saw that the 2.4 stuff is going to use
an entirely different method called "iptools" (or something similar).
However, later in the presentation he explained that the new facility will
allow him to create a module which has the ipchains personality and the
ipfwadm personality. So, the 2.4 version may be *MORE* backwards
compatible than the 2.2 version.
--
We are all in the gutter, but some of us are looking at the stars.
-- Oscar Wilde
Sean Reifschneider, Inimitably Superfluous <jafo@tummy.com>
URL: <http://www.tummy.com/xvscan> HP-UX/Linux/FreeBSD/BSDOS scanning software.
-----------------------------------------------------
Boulder Linux Users Group: http://lug.boulder.co.us
-----------------------------------------------------