Capital Area Central Texas UNIX Society
CACTUS Newsletter

Volume 18, Number 3 - March 2002


Contents:


March Meeting Program

Chad Kissinger (Onramp Access) has the floor to discuss US House Resolution 1542. This bill, which is sometimes called the Tauzin-Dingell bill, was passed by the House on February 27th. The Senate is considering a similar bill, S.877. Up for consideration are changes to the Telecommunications Act of 1996. The legislation met with less-enthusiastic response than expected in the House, and may have a tougher time in the Senate.

Chad wrote an opinion piece that was posted on the Texas ISP Association's web site, outlining his opposition to the legislation. Check it out here:

http://www.tispa.org/info/common_sense.html

Chad will discuss this from the Texas point of view, and perhaps other topics of interest to the UNIX community (such as collocation for power users and groups like CACTUS) if time permits.

  • Return to top
  • Letter from the CACTUS president

    CACTUS is *your* organization. Article II of the CACTUS bylaws state:

    "This organization is formed to promote education information
    exchange among persons interested in Open Systems embracing
    the Unix philosophy."

    For well over a decade, CACTUS has strived to uphold this purpose by providing its members with interesting and informative venues. (Some more so than others!) This we have done entirely with dedicated individuals who give their time and effort year after year to the benefit of all of us. CACTUS exists for its members and is fueled by this volunteer energy. It is the nature of such an organization to suffer when it's volunteers are pulled by job or family responsibilities. The slack cannot always be taken up by the other volunteers, and the end result is that CACTUS becomes less able to fulfill it's purpose. Programs suffer, membership wanes, and volunteers become harder to find. It is a downward spiral. At some point we must question whether it is worth it for us to exist as an organization.

    Well, is it? To answer that question one doesn't need to think about it too long. Is there or is there not a large population of Unix enthusiasts in the greater Capital Area? Would they or would they not benefit from a Unix organization formed to promote education and information exchange about Unix? I cannot see how anyone could answer those questions other than with a resounding "yes".

    The question then becomes, "How is this purpose best realized?" What is the best way for CACTUS to "promote education information exchange among persons interested in Open Systems embracing the Unix philosophy"? It is clear to me that in order for CACTUS to achieve it's purpose, it must have a strong membership pool. Members must be attracted to meetings to interact with each other and draw upon each other's skills. We can learn new Unix administrative techniques, teach and learn from each other about new products, SPAM control, security, and new perspectives that can strengthen our Unix skills. Members must benefit substantially from CACTUS so that volunteering time and effort becomes "worth it". Without members, CACTUS has no reason to exist. Members are the lifeblood of CACTUS.


    The CACTUS board has decided to rebuild our organization through a concerted effort to attract new members and renew old members. Your CACTUS officers are working hard to make this a banner year for CACTUS. We have decided to bring some well known and respected speakers to Austin. We owe it to our members. Our treasurer, Johnny Long, has told me that we have more than sufficient funds in our treasury to bring in Eric Raymond for our July meeting, and at least another renowned speaker this year. It is our hope to bring more, solely for the benefit of our members. Did you all think your membership just paid for pizza? Guess what? It was a good investment! We are going to have some of the best programs in our history this year. And this is only the beginning. We hope that, with enough members, we can keep the momentum going and do the same every year.

    I urge all of you to come to the meetings. You could volunteer to do a tutorial on your favorite topic to share your enthusiasm with other enthusiasts. You could suggest topics for discussion or volunteer to help line up speakers. You could bring in stories of how you used Unix at work to displace a Windows application! Or could line up your arguments of why emacs is better than vi - or why vi is better than emacs!! But whatever you do, become an involved member!!

    Ray Schafer
    CACTUS President

    February Meeting Report

    Ron Roberts

    Fifty folks attended the February meeting thanks to the outstanding efforts of the leadership to promote the event. This includes the two guards at ARL, who we always invite to share in the pizza and soda. President Ray Schafer welcomed members of the Central Texas Linux User's Group (CTLUG) and thanked them for also bringing pizza. We have a link to CTLUG on our WEB page: www.ctlug.org Ray solicited a hand count of those present who were members of the CTLUG mail list. About a dozen responded, half of whom are also CACTUS members. There's a lot of symbiosis.

    In deference to our guests, Ray dispensed with most of the committee reports, but did invite membership chairman Luis Basto to tell everybody how they could become a member of CACTUS and explain who are and what we try to do. Luis brought membership applications forms.

    Ray then introduced Chip Rosenthal to speak about his tribulations defending the unicom.com domain. Ray mentioned that Chip had helped him with a domain registration eleven years ago. Chip was the CACTUS newsletter editor when it was produced with troff [sic].

    With the assistance of Fletcher Mattox at the University of Texas, Chip had UUCP connectivity, an MX record for mail, and a registration for the "unicom.com" domain in 1990, before the internet reached into our homes.

    Two weeks before Christmas, Chip heard a knock on the door. "Is Lenard here?" Chip's given name is Lenard, but only his mother uses it. The caller had a stack of papers from Unicom Systems Incorporated, who provide legacy software solutions and registered a trademark in 1997. The CEO of Unicom Systems Inc. had emailed Chip several times since then asking about acquiring the unicom.com domain. He offered from $2,000 to $4,000 to buy the domain name. Chip responded no. They accused him of arbitrage. Websters defines arbitrage as the "simultaneous purchase and sale of the same or equivalent security in order to profit from price discrepancies." Not even Enron did that.

    In December of 2000, the CEO mailed Chip a cease-and-desist order. Chip hired a lawyer to respond to them.

    A year later, Unicom Systems Inc. filed a law suit in California federal court. Chip hired Jim Taylor, a California based lawyer who did a lot of first amendment and free speech cases. Taylor had defended a guy named Felton who published an account of a security breach. Taylors's response was not to the substance of the charges. He simply stated that the federal court had no jurisdiction. The domain was registered in Texas. The federal court canceled the hearing and decided strictly on the filed briefs. They dismissed the suit for lack of jurisdiction. This means that Unicom Systems must either appeal or file a suit in Texas.

    There are three stages in the legal proceedings. The response to the cease and desist letter can cost anywhere from $500 to $5,000. The response to the lawsuit can cost anywhere from $5,000 to $50,000. If it goes to trial, it can cost more than $100,000. Chip has spent more than $10,000 to date. He's set up a site to solicit help at: www.save.unicom.com

    Chip says he's collected about $1,500 so far.

    Unicom Systems Inc. can still pursue the issue in Texas court, but it will cost them more. No word yet. Chip did mention that he is not without legal recourse, but declined to be specific for purposes of publication.

    Two other members chipped in stories about their own domains.

    Marc Wiz of wiz.com was pursued by an electronics chain called "The Wiz". He made the mistake of not getting an intellectual property lawyer. Through The Internet Corporation for Assigned Names and Numbers (ICANN) Marc went through the Uniform Domain-Name Dispute Resolution Policy and won. This however, does not preclude court action. An intellectual property lawyer saw the issue at www.icann.org and contacted Marc. Marc hired him to make a successful defense. He wound up spending about $2,000. One of the reasons for his successful defense, besides that fact the it really is his name, was that wiz.com is the only domain Marc owns.

    Out of curiosity, Chip asked how many people in the room owned a domain. All but a few raised their hands. When he asked how many people on the room owned more than twenty domain names, only two responded. One was from Symbiot Security (see below) and the other was a CACTUS officer.

    Lenny Tropiano said that he once was approached by icus.net about icus.com. After some discussion, Lenny just provided a link on his Web page for them. No lawyers, no threats. Marc Wiz also provides such a link for the Wiz electronics store.

    We had to cut the discussion short after thirty minutes so that Ray Schafer could introduce the speaker for the evening, Mike Erwin of Symbiot Security.

    Mike brought several of his staff with him, and a laptop with the presentation. Alas, we had no VGA projector on site. Just after Mike began the presentation, one of his staff arrived with newly printed overhead slides from Kinkos. Mike pointed out that he had registered over one hundred domain names. He graciously allowed our publicity chairman, MH Kahn to plant a recording device on him. He bugged him. MH also made a video recording.

    What does security mean? Mike explained that it is things that you can, should, or would/will not do. He delineated a spectrum of activities: prevention, detection and response.

    Prevention includes the older perspective: hardware, software, consulting, audit, policy and procedures. This means locks, monitors, firewalls, etc.

    Detection involves your ISP, managed security space, monitors, and honey pots.

    Response usually entails shock, panic, anger, fear, rage, and vengeance (and sometimes, denial). The primary urge is usually to restore the service. Mike then listed what you know how to do.

    What have you done? The service is operational, but you've alerted the intruder. You modified the system, but you've also modified or destroyed evidence.

    Mike introduced Wayne at this point to explain what you should do. First said Wayne, start an incident log. Contact the subject matter expert. This should be an outside consultant, such as Symbiot, who are specialists who are removed from the panic and less subject to management pressures. Observe and begin non-intrusive data collection. Protect the data and analyze the service logs. Only then should you begin restoration. This could take anywhere from a couple of hours to a couple of days.

    Wayne listed the priorities as follows:

    Wayne then listed the usual characterization of a response:

    Wayne contrasted this with his view of the priorities:

    Contrary to what some CACTUS members asserted, Wayne stated that the FBI will investigate incidents of at least $5,000 in damages (as opposed to $50,000). Wayne then introduced Adam to review an actual incident.

    Adam didn't name names, but the incident involved an attack of a financial institution where the client loss was estimated at $500,000. The attacker was a kid (with a kit) from another state. The institution had a partnership with a data center. Symbiot handled the entire forensic process. The initiated damage control and preserved the reputation of the client. They performed a bit for bit copy of the hard drive. The attacker used the CRC ssh exploit available to script kiddies. He had access to the system for three days before he was noticed. Symbiot was able to recreate deleted files and view the command history of the root account and the newly created user. The case is currently being investigated by the FBI.

    In conclusion, Mike Erwin emphasized that, "it's not a matter of if, but when."

    Thanks to Symbiot for the real world presentation by Mike, Wayne, and Adam, and to Chip Rosenthal and Unicom for the domain wars account.

  • Return to top
  • Our Newsletter E-mail List

    We're trying to keep the mailing list for the CACTUS newsletter up to date and make sure that everyone who's a member gets a copy of it. If you use more than one email address, our efforts may result in your getting multiple copies of the newsletter. If this is the case, you can easily unsubscribe any address at which you don't want to receive the newsletter as follows.

    Assume you're getting the newsletter at the address oh_no [at] not <dot> here <dot> gov and you don't want to receive it at this address. Send a blank email to the following address

    cactus-news-unsubscribe-oh_no=not <dot> here <dot> gov [at] lists <dot> cactus <dot> org

    Note that the address you want to unsubscribe is included in this address, with the "@" symbol replaced with an equal sign. You'll get a confirmation request sent to oh_no [at] not <dot> here <dot> gov asking if you really want to unsubscribe. Just reply to this confirmation and it's a done deal.

     

  • Return to top
  • CACTUS System News

    Lindsay Haisley

    On Feb. 24 and 25 linux.cactus.org received a much-needed update. It is once again running RAID-1, now on top of Linux kernel 2.4.17. The distribution has been upgraded to Debian woody (currently the pre-release 'testing' distribution). We are running dynamic devices (devfs) in /dev which is now a pseudo-filesystem similar to /proc expressed by the kernel. Cat /proc/mdstat to see our RAID configuration statistics.

    The Linux RAID documentation is still somewhat chaotic. Documentation for Linux software RAID, even in the Linux Documentation Project repository (www.linuxdoc.org) is inconsistent, some of it dating back to the days of the 2.0 kernel when kernel patching was required to use RAID. Linux RAID has been extensively re-engineered since then, with different confuration files, different tools, and different structures on disk - which has been part of the reason we've been slow to update the kernel on the box. A general search on Google for articles related to Linux software RAID turned up lots of helpful information which resulted in a fairly smooth upgrade.

    New RAID utilities and a newer, much simpler and Unix-like RAID configuration file (/etc/raidtab) have actually made Linux software RAID configuration simpler and more reliable. All RAID partitions use a special partition type, "Linux RAID Autodetect", which informs the kernel that each such partition should be integrated into a RAID array at boot time. A special RAID superblock on each drive uniquely identifies it and its position and function in its RAID array. We no longer need to run special RAID daemons to make the array function properly. All support is now built into the kernel.

    Another new feature on linux.cactus.org, new with the Linux 2.4 kernels, is the Linux Device (pseudo) Filesystem, devfs. Much like the /proc pseudo-filesystem, the files and directories under /dev are expressed by the kernel rather than being resident on the hard drives. Dynamic support for devfs is provided by a user-space daemon, devfsd. Although devfsd is officially "optional", it maintains the symbolic links in /dev which present a much more conventional interface to running software. Unless and until all software is compiled to use the new /dev filesystem layout, these links will continue to be required. As an example, the 1st partition on the 1st SCSI drive is expressed by devfs in the kernel as /dev/scsi/host0/bus0/target0/lun0/part1. Since most existing software expects to see this, in traditional Unix fashion, as /dev/sda1, devfsd maintains a symbolic link from /dev/sda1 to the more complex device path expressed by the kernel. Devfs has the advantage of providing run-time creation and deletion of devices. Inserting a module into the kernel, or installing a kernel with additional device support will auto-magically create appropriate devices under /dev and devfsd will consult its configuration file to install appropriate symbolic links to new devices. One may also manually create symbolic links in /dev, and these are stored and recalled over reboots just as if /dev were an actual drive-based filesystem.

    In other news, linux.cactus.org is now running a standard Debian Apache web server. Since we're already running an older version of Apache in support of the CACTUS website (using a very non-standard file layout), the newly installed Apache is running on port 1125 (don't ask me why I picked this number!). We also have PHP (version 4) installed, as well as the MySQL database engine, both server and client. I plan to move the membership database out of the current flat-file, accessible only to the membership chair via a custom perl script, and install it as a web-based interface to a MySQL database, accessible both the the membership chair and to individual members who can take responsibility for keeping their own personal information up-to-date. This will allow us to automate such tasks as the timely emailing of membership renewal notices, and even the disabling, archiving and possible removal of abandoned accounts.

    If you use linux.cactus.org, you'll probably notice at least a few other changes in addition to those discussed in this article. A great deal of the old system software on the system was removed and replaced in the distribution upgrade. I have tried to keep as much diversity on the system as existed before the upgrade, providing emacs, vi, joe, ssh, zsh, and many of the other utilities which were previously installed, but I make no guarantees that I covered all our bases on this. If you find that something you're accustomed to using on the system is no longer there, or is not configured in a way that you expect, please email fmouse [at] fmp <dot> com and I'll do what I can to fix the problem for you.

     

  • Return to top
  • Editorial

    Bob Izenberg

    The CERT bulletin about a vulnerability in the "zlib" compression library was posted on March 12th. Versions prior to 1.1.4 had the bug where a section of memory was de-allocated twice. An exploit is possible that might cause a failure of any software that incorporated the affected code. There's alot of software out there that uses zlib. Anything that supports Portable Network Graphics (PNG) encoding has some flavor of zlib in it. Same for many software packages that do data compression or decompression on the fly. There's a list of approximately six-hundred applications that are built with zlib.

    Those six-hundred packages include eight that came from an unexpected source, namely the fine folks at Microsoft. DirectX 8, MSIE, Office, the GDI interface for WinXP... they all have the buggy zlib code in there somewhere.

    Up to now, the minions of Microsoft have not been the biggest supporters of the Open Source movement. (Aside from the motivation given by not releasing any Open Source products itself, of course.) It would be easy to tweak the collective nose of any software company for belittling raw materials on the one hand, and making commercial use of those materials with the other. Heaven knows that some of the people reading this have enjoyed a good chuckle at Redmond's expense over such confused behavior.

    Though it pains me to say it, this may be a good time to cut Microsoft some slack. If it makes Bill Gates pause even for fifteen seconds in his quest to control all space and time (especially the space and time inside your bank account) and say "Thanks" to Jean-loup Gailly and the other zlib developers, then it's slack well-sliced. Maybe they'll use Open Source tools again. Maybe they'll release some of their code for public inspection and re-use, since the order of the day is to make .NET secure.

    It's hard to imagine the Microsoft that I knew from the 1970s and 1980s doing this without a gun to its head. Are the days of hoarded API and need-to-know specifications gone forever? They might well be, if that's what's needed to prove the reliability of the service platforms that Microsoft wants every man, woman and child everywhere to be using in the years to come. The very idea makes the ganglia twitch, but it's goal numero uno at Microsoft H.Q., so the quid pro quo is for Microsoft to do itself and possibly the rest of us a favor. Use the code that's free and tested. Improve upon it if you can, but always leave it as open to the public as you found it. Don't pollute or deflect the standards track to something alot less standard.

    Microsoft has taken the first baby steps towards acknowledging the Open Source universe. They need encouragement to keep up the trend. I promise to try really hard not to mock Microsoft for using what they've derided publicly. I'll urge them, in some quiet karmic way, to not let the zlib double free issue prevent them from participating, and perhaps contributing, to the Open Source movement in the future. Can a silk purse really be made out of a sow's ear? Especially if the sow's ear really likes itself just the way that it is? Wait and see. Market share can be a terrific motivator. Give some to get some, and let the wall come down.

  • Return to top
  • Membership report

    Luis Basto

    We'd like to thank Outserv.Net in supporting CACTUS as one of our new sponsors.

    OutServ provides end-to-end e-business site operations and management services to companies that are deploying critical applications on the Internet. OutServ combines engineering and operations expertise with an IT service delivery platform to supply solutions that ensure the continuous security, availability, performance, maintainability, and scalability of our customers' online services.

    The contact person is David Maynard. He can be reached at 977-8918x102, or dmaynard [at] outserv <dot> net. Their website is http://www.outserv.net/.

    We also want to thank Multi-Media Arts for renewing their membership. Their continuing corporate sponsorship is appreciated.

    Multi Media Arts develops educational materials that address a range of ability levels and subject areas and are used for in-service training, classroom teaching, and independent study. MMA also provides consulting services for instructional program design, development, and implementation.

    The contact person is Lee Williams. He can be reached at 451-7191, or send email to mma [at] cactus <dot> org.

    We would like to thank Chip Rosenthal, David Wieboldt, John Fusselman, Johnny Long, Darrell Long, and Mike Cheselka for renewing their memberships.


    Membership
    ----------

    Someday we may be able to accept direct deposit or PayPal but currently we only deal with checks and cash, preferably in small unmarked bills.

    To renew your membership, please send check or money order payable to CACTUS ($25/yr for regular membership and $96/yr for corporate sponsorship):

  • Return to top
  • CACTUS Officers


  • Return to top
  • CACTUS Sponsors

    Significant Contributing Sponsors

    Applied Research Laboratories/University of Texas at Austin www.arlut.utexas.edu
    (Gil Kloepfer, Computer Science Division (CSD), 835-3771, gil [at] arlut <dot> utexas <dot> edu)
    OuterNet www.outer.net
    Internet service provider.
    OnRamp www.onr.com
    Internet service provider.

    CACTUS Sponsors

    Auspex Systems www.auspex.com
    Fastest reliable network fileservers.
    Outserv.net www.outserv.net
    Covad/Laserlink www.laserlink.net
    (Chip Rosenthal)
    Multi Media Arts (MMA)
    (Lee Williams, 451-7191)
    Publisher of instructional materials for classroom and independent study.

    Friends of CACTUS

    Applied Formal Methods, Inc.
    (Susan Gerhart, 794-9732, gerhart [at] cactus <dot> org)
    Austin Code Works
    (Scott Guthery, 258-0785, info [at] acw <dot> com)
    CASDNS, Inc. www.casdns.net
    (Warren Brown, (800) 977-3475), wlb [at] cas-com <dot> net)
    A top-level domain name registrar, CORE member.
    CTG
    (Maurine Mecer, 502-0190 [FAX 502-0287])
    Professional recruiting.
    EDP Contract Services
    (Mark Grabenhorst, 346-1040) Professional recruiting.
    Hewlett Packard www.hp.com
    (Bill Sumrall, 338-7221)
    Hounix http://www.texascomputers.com/hounix/
    (Marilyn Harper)
    Houston's Unix Users Group.
    Network Appliance Corporation www.netapp.com
    (Frank Mozina, fmozina [at] netapp <dot> com)
    O'Keefe Search www.okeefesearch.com
    Professional recuiting.
    (John OKeefe, john [at] okeefesearch <dot> com, 512-658-9224 or 888-446-2137)
    Sailaway System Design
    (Chris J Johnson, 447-5243)
    Schlumberger www.slb.com
    (Kathy O'Brien, obrien [at] asc <dot> slb <dot> com)
    Technical services and products in over 100 countries.
    Silicon Graphics www.sgi.com
    (Don Williams, 346-9342)
    Solid Systems
    (Pete Farrell, 442-2222)
    Sterling Infomation Group www.sterinfo.com
    (Darrell Hanshaw, 344-1005, dhanshaw [at] sterinfo <dot> com)
    Sun Microsystems www.sun.com
    (Rick Taylor)
    Supplier of Unix client-server computing solutions.
    Texas Internet Consulting www.tic.com
    (Smoot Carl-Mitchell, 451-6176, smoot [at] tic <dot> com)
    TCP/IP networking, Unix, and open systems standards.
    Technow
    A Sun Authorized Training Center and a Hardware Reseller.
    Unison Software
    (Shelley St. John, 478-0611)
    Supplier of networked systems management solutions.
    UT Computer Science Department
    (Patti Spencer)
    UT Computation Center
    (Mike Cerda, 471-3241, cerda [at] uts <dot> cc <dot> utexas <dot> edu)

  • Return to top
  • CACTUS Meeting Location:
    Applied Research Labs

    CACTUS meets on the third Thursday of each month at the Applied Research Labs (ARL) in the JJ Jake Pickle Research Campus (JJ PRC). We'll meet in the main auditorium located directly behind the guard's desk and main lobby.

    Please do not show up earlier than 6:20 pm on the specified day. Enter through the main entrance at 10000 Burnet Road for ARL:UT. Tell the guard that you are here for the CACTUS meeting. You will be required to sign a log book, but not required to wear a badge. The guards will direct you to the auditorium entrance. Limited parking in the front of the building is available, but more extensive parking is available in the large parking lot just north of the ARL building. After 6:30 pm, all entrances to JJ PRC, except for the Burnet Road entrance, are closed and locked. You can still enter the parking lot in front of the ARL building. No parking tags are necessary after 6:00 pm. See map for further details.

    Online maps are available at:

    As always, please leave the facility as you saw it when you arrived.

    Map to the Monthly CACTUS Meeting

    The ASCII Map has been shredded.