Date: Sun, 7 Mar 1999 14:59:51 -0700 From: Sean Reifschneider <jafo@tummy.com> To: NCLUG Mailing List <nclug@nclug.org>, lug@lug.boulder.co.us Subject: [lug] LinuxWorld Day 3, March 3, 1999 Images at http://www.tummy.com/reports/LinuxWorld99/ LinuxWorld Day 3 March 3, 1999 Today I mostly attended the conference presentations. The first talk I attended was Integrating UNIX and NT environments presented by Jeremy Allison of the Samba development team. Because MS never expected anyone to reverse engineer the SMB authentication protocol, there was no testing done to ensure that "bad" implementations didn't cause problems. There are 46 known ways to *CRASH* an NT server by sending invalid authentication data to an NT server. If you sniff the session of the initial add of an NT server to a domain, you can then decrypt all future traffic from that server. Samba 2.0 contains some experimental code for allowing it to do minimal authentication as a Primary Domain Controller. The 2.1 alpha code has fixes and enhancements for making it even more usable as a PDC. 2.2 will probably be able to do act as a PDC, however it probably won't implement replication (because replication is another big, ugly, undocumented mess). Because NT has undocumented portions in this authentication scheme, we can't just put in an NIS+ or some other authentication strategy into NT. This is how they keep their strangle-hold on things... One thing that Samba demonstrates is just how flexable Unix is. They took an undocumented protocol and were able to implement it's authentication mechanism fairly seamlessly. Samba can create and delete accounts on the Samba Unix server as accounts are created and deleted on the Primary Domain Controller. This makes management of users on a Samba server much easier. ================ Keeping Linux Unified: To Fork or Not to Fork Panel headed by Art Tyde, LinuxCare The most interesting thing was that he polled the audience and roughly 4 people raised their hands that they were using SuSE. 6 people raised their hands when asked who had never heard of SuSE before today... About half as many people ran Caldera (or at least admitted to it). Most of the audience was running RedHat. Forking isn't inherantly good or bad. BSD variants are a good example of forking. For the Linux kernel, and example where forking might be desired is that a group decides they are unhappy with it taking 2.5 years to get from 2.0 to 2.1. There is also distribution forking, which we already have. Other areas where there has been forking is in platforms (largely merged back in at kernel version 2.2), real-time Linux, micro-controller Linux, etc... And that's just the kernel. Is unification a good thing? Certainly in some areas, for example the file-system layout or having compatible versions of libraries, etc... However, there is a project called IStore (being worked on by the guy who brought us RAID), which has a number of servers running FreeBSD, NetBSD (in Linux compatibility mode) and Linux. If one server fails because of a particular bug, the other servers may not have that same bug. In this case, diversity is a benefit. ================ In the speakers lounge, Jo-Ellen Matthews was showing off a nice little box they had put together with a little single-board computer based off a Motorola processor, 10/100 network card, serial interface, and a PCMCIA card. Mark Matthews works on wireless support based on 802.11, and so it might make a nice wired access point for a wireless network. Unfortunately I missed their presentation this morning on wireless Linux. I was interested enough in the wireless, that I missed the first part of the XFree 4.0 presentation by Dirk Hohndel of SuSE. Yesterday in the speakers lounge he projecting that 4.0 would be available in the first half of this 1999. Liz was furiously taking notes during the presentation, so check out http://www.lwn.net/daily/ for more specific notes on XFree 4.0 (though she later informed me she missed the first 20 minutes of that presentation, but was going to buy the audio tape). We started going through the exhibits in more detail. I looked at the RaidZone IDE RAID 0/1/5/10 system. It looks fairly good... The base price is $1200 for a kit that fits in 3 5" drive bays, includes 5 hot-swap carriers and the PCI controller. This is relatively expensive compared to the Arco DupliDisk ($200, limited to RAID-1 on 2 or 4 drives) or the Mylex DAC960/AcceleRAID single SCSI bus card ($450, all RAID levels, but no drive carriers). It's very price-competitive with the Vortex boards at $600 for a RAID-1 board or $1200 for a RAID-5 capable board. The Debian area had a nice little car stereo in there. It's a custom made system using a StrongARM running Debian. It can hold up to 2 laptop hard drives to play MP3s in your car. With a wireless PCMCIA card, it could be pretty sweet. Price on that guy starts at $1000, but it's not in mass production. Linux Hardware had a nice little box that was just a hair over $1000, included 10/100 network connection, one PCMCIA slot, one ISA, and a CD-ROM. The box was about the size of a NetWinder, perhaps slightly larger. They were giving away full demo copies of the Alexandria backup software, usable for 45 days. There was something weird about the pricing, the sales person kept saying "zero to nine hundred dollars", it sounds like they are a little confused about what their price will be for Linux. However, they may have a free low-end software package available. Be sure to ask about it if SpectraLogic gives a presentation at BLUG. :-) On the backup front, there are rumors that the next BRU release will finally support fast recovery on DDS media. I may finally look at BRU once that is available. I simply ignore any backup system that takes an hour or two to recover a single file from a tape, when the drive supports recovery in under 2 minutes. =================== Linux autofs -- The Next Generation H. Peter Anvin, Transmeta What is autofs? It's a kernel/user-level auto-mounter. Currently a stable version is in 2.2, with a not-so-stable version in 2.0. Most commonly used with NFS, but (while not designed for it) has also been used for removable media management. It's better than nothing though. The problem with amd is that it emulates an NFS server, which makes it very complex. There currently isn't any support for "/net" mounts, however it's being worked on. Because of it's hybrid kernel/user-space architecture, it is much faster than a user-space-only implementation. The frequent operations are done in the kernel, while the large or complex or time consuming tasks are done in user-land. =================== Future Plans for IP Packer Filtering under Linux Paul Russell of RustCorp IT Consulting Michael Neuling of RADLogic Pty. Ltd. Problems with existing 2.2 packet filtering: No method of sending packets from kernel to user space. Transparent proxying is very far from ideal. Creating packet filter rules independant of interface is not possible. Masquerading is tacked onto packet filtering, which leads to interactions that make firewalling complex. New code has 5 places in the routing code in which filtering can be done. It also includes hooks so that one can register packet filters in user-land, and based on ACLs packets will be handed off from the kernel. This sounds pretty sweet and later I was talking to Paul about the implications for things like isinGlass and other user tools and we were both excited about what could be done. He was slightly apoligetic about having broken ipfwadm when implementing ipchains. I kind of groaned when I saw that the 2.4 stuff is going to use an entirely different method called "iptools" (or something similar). However, later in the presentation he explained that the new facility will allow him to create a module which has the ipchains personality and the ipfwadm personality. So, the 2.4 version may be *MORE* backwards compatible than the 2.2 version. -- We are all in the gutter, but some of us are looking at the stars. -- Oscar Wilde Sean Reifschneider, Inimitably Superfluous <jafo@tummy.com> URL: <http://www.tummy.com/xvscan> HP-UX/Linux/FreeBSD/BSDOS scanning software. ----------------------------------------------------- Boulder Linux Users Group: http://lug.boulder.co.us -----------------------------------------------------