USENIX LISA Large Installation Systems Administration Conference Blog » LISA Chair

Chair’s Pick for Papers

wnl — Thu, 19 Oct 2006 05:31:10 +0000

It’s always risky to pick out a few papers and say “I really like these,” because such an act tends to alienate and discourage authors of those that did not get chosen. So I have to say up front that I like all the papers we chose for this year’s conference. In fact, if I didn’t like them then they would not be in the conference.

But as we read through the submissions there were a few papers that really stood out. These are papers that really make me want to go see the presentations.

A collection of scientists from the Netherlands will be speaking on a hardware platform for the security and privacy administration of RFID tags. RFID is quickly permeating the marketplace. These tiny things are showing up everywhere, including US Passports. They’re ubiquitous and generally promiscuous, which in my mind is not a good combination. Some very clever people have come up with a way to provide security and privacy for RFID tags. The idea is timely, the execution is great, and the presentation is fantastic. The only concern we had with this paper was the appropriateness for LISA. But in this case the importance of the subject and the excellent research trumped concerns about the subject being a stretch for the audience. Their presentation will be in the Security session, conference Wednesday at 4 pm.

Dan Klein was looking through his MRTG graphs one day and discovered that his system was being hijacked by spammers. He immediately went in to an investigative mode and began collecting as much data as he could. The result is an amazingly thorough forensic analysis of this particular kind of spammer attack. His presentation is in the Electronic Mail session on conference Wednesday at 11 am.

People who don’t pay much attention to networking may not even know what a network flow is, but anyone who has ever tried to troubleshoot a network problem will certainly understand the concept. Rather than looking at a file full of packets sorted by time, one can collect up and examine packets by connection, or flow. Using flows can greatly simplify lots of tedious tasks in network adinistration and troubleshooting. The problem is, every manufacturer has a different way of storing and examining flows. Well someone from CERT (Brian Trammel) and from CA Labs (Carrie Gates) have come up with a suite of tools that lets you examine and manipulate flows. The result is great! The NetSA Aggregated Flow Suite does for network flows what ImageMagick does for digital images. Their presentation is in the Visualization session on conference Thursday at 4 pm.

Large installations have large problems, especially when part of the infrastructure fails and other parts have to be changed to take up the slack. Most installations use either manual or ad hoc mechanisms to detect these changes and take corrective actions. The state of the art in this area is policy-based management systems, but even these don’t always scale well to large installations. Interdependencies of components can cause a flood of changes caused b a series of reactions to a single stimulus. Some scientists from UIUC and from HP think that part of the problem is the way in which policies are specified. Their paper does an excellent job of presenting the current widely accepted mechanism for policy specification, called Event-Condition-Action (ECA), and proposing an enhancement to it which will scale better in larger installations. This is an excellent presentation of sound theoretical work with immediate practical application. Their presentation is in the Theory session on conference Thursday at 9 am.

There are many more excellent papers that you may find interesting. I wish I had time to write about each and every one. Look through the conference schedule and see what papers sound promising. When you arrive at the conference, get your copy of the Proceedings right away, then read through those paper that interest you. If you like what you read, go to the paper’s presentation, hear what the author has to say, and you will even have a chance to ask questions, either as part of the audience or one-on-one when the session is over.

I hope you enjoy this year’s papers as much as I do.

Guru Spotlight: Jordan K. Hubbard

lisa05chair — Mon, 19 Sep 2005 20:31:45 +0000

If you’ve been in the business for a while you probably recognize the name Jordan K. Hubbard. (If you’ve been in the business as long as I have, you may even remember it from the comp.sources.unix days). Hubbard was one of the co-founders of FreeBSD and one of the reasons why that project has developed into the well-respected operating system it is today [just fyi, the words you are reading are being served off FreeBSD boxes]. I still remember when it was announced in 2001 that Hubbard joined Apple to work on Darwin. It was at that point that I knew we were in for some interesting and substantial stuff out of Apple. Turns out I was right [he says while typing on an Apple Powerbook]. For the Guru-is-In track, we do our best to bring someone who really knows their stuff on a topic. For Mac OSX I’m sure you’ll agree we found the very epitome of the term “guru” when you hear that we’re privileged to have Hubbard as the Mac OSX guru-is-in speaker at LISA 2005. Here’s Jordan Hubbard’s bio from our program:

Jordan Hubbard is the Director of UNIX Technology, CoreOS, at Apple Computer. He has been a software developer since the late 70’s and is a longtime contributor to the open source community, from the earliest days of USENET’s comp.sources.unix group, through MIT’s X11 contributed software collection, to the FreeBSD Project, which he co-founded in 1993. These days, he focuses on the day-to-day development of Mac OS X and, more generally, on Apple’s open source strategy and its relationship with traditional UNIX developers and administrators. His current pet count, for those who follow such things, is 10 cats and 4 dogs.

The LISA Conference Network

lisa05chair — Thu, 08 Sep 2005 23:52:56 +0000

If you want to know how the tech behind-the-scenes at LISA works, the right guy to talk to is Tony Del Porto, the USENIX system administrator and conference network administrator. He’s the laid-back, ultra-capable guy you see moving at warp speed during the conference keeping everything running. I was curious about what it took to provide a network for a conference full of sys and netadmins so I asked Tony to describe the setup he uses for LISA. Here’s what Tony, the sysadmin’s sysadmin, wrote back: David asked me to talk a little about the USENIX conference LAN. I’ve tried to limit the following to the bits that are somewhat unique to a conference network, and LISA at the Town and Country specifically though most of it applies to every USENIX conference LAN. The most crucial bit of the LISA ‘05 conference LAN is the internet connection, without which there really isn’t much point in having a network. Attendees used to corporate LANs or cable modems don’t think twice about downloading ISOs or pulling large chunks of code from CVS while at a conference, so having plenty of bandwidth is an obvious primary concern. ISP contracts being what they are, USENIX can’t order up a T3 for a week, or even a month, so we’re largely reliant on what the venue has to offer. The T&C has a shiny new T3 which is wonderful compared to the T1 we’ve used in previous years. Second to the connection is the site network infrastructure and how much leave I have to use and alter it. The T&C is a property (meeting planners call hotels “properties”) USENIX has visited many, many times and, unlike some properties I’ll not mention, is very accommodating in granting access to its infrastructure. The T&C’s ethernet isn’t great, but isn’t non-existent either. There are always challenges in making a network that is designed to work a certain way work the way I need it to. Most of the resolutions to those challenges involve me on my hands and knees taping down several hundred feet of CAT5. Don’t walk barefoot at a conference. Trust me. The T&C requires three such runs of cable to work around the way the room the router sits in is wired. Why not move the router to some central location you ask? Access. The main wiring closet of the hotel is in a locked cage that only a few people have unrestricted access to, and I don’t number amoung them. A bit on the hardware and software I use. The “router” for the conference LAN in past years has been an 800 PIII Mhz Dell laptop with three interfaces running OpenBSD. A little over a year ago I discovered the hard way that PCMCIA cards are pretty limited in the amount of traffic they can handle. Thus the current “router” is a 700Mhz PIII desktop with a gigabit interface for the conference LAN and a four port Soekris card for the internet connection and registration LAN. A note on the Soekris card: it buffer underruns under load. I have a cron job that ifconfigs the active interfaces up and down every five minutes. The next conference router will not have a four port Soekris card. The “router” runs the usual collection of network software: Bind 9, ISC dhcpd (the OpenBSD version), Squid, and an ftp proxy. NAT, packet filtering and redirection is done by OpenBSD’s packet filter, PF. A laptop provides a second dns server for the network and doubles as a router and firewall for hands-on security training classroom. The Squid proxy has been voluntary at past conferences but became transparent for our Security conference. 400 people on a 1.1Mbit DSL line without caching is not pretty. Wireless hardware is a collection of four old Aironet 4800 series access points, five Cisco 1200 series access points, and an Airport Base Station for small isolated meetings. The T&C presents more of a challenge than most venues because it is so spread out, thus requiring more hardware than any other property. The LISA conference format recently changed such that training and technical sessions happen on the same days which requires additional hardware. In short, I need more access points for LISA at the T&C than any other USENIX conference, and I don’t have them. I’ve tried using borrowed SOHO access points, but they fall apart with more than about 10 active connections. The Ciscos can handle 40 to 50 active connections on a single power outlet and ethernet connection. If you have spare Cisco gear laying idle you’d like to lend to the network please let me know. What I do is based on the work of many others, my own experience, and the suggestions of attendees at each USENIX conference. LISA is the most challenging USENIX conference as its attendees use the most bandwidth, use “security evaluation” tools the most, and have the highest percentage of laptop usage. LISA is also the USENIX conference I learn the most at, and have the most fun at. This year a network team is forming to provide additional services on the Conference LAN. If you are interested in helping or have an idea for a service to provide, please send e-mail to wireless at usenix dot org.