Capital Area Central Texas UNIX Society
CACTUS Newsletter

Volume 19, Number 9 - September 2003


Contents:


September Meeting

The September CACTUS meeting will be held at 7:00pm (6:30pm for pizza and lively, informal discussion) on Thursday, September 18th, 2003 in the auditorium of UT Applied Research Laboratories (see below for directions to the facility).

This month, prior to the main presentation, we will discuss the results of the working group formed to investigate how CACTUS should respond to the recent actions of SCO. We will also discuss an official resolution regarding this that will be voted-on by the membership at the October meeting.

The main presentation this month will be Gil Kloepfer with a follow-up presentation on FreeBSD ("beyond installation"). During Gil's presentation in May, there were several attendees that wished to go deeper into some of the features of the FreeBSD OS, such as the vinum logical volume manager, kernel configuration, and rebuilding the whole system ("make buildworld"). Additionally, Gil has initiated discussion at various times about package management. Part of the presentation will include a short overview of how Gil handles this for the FreeBSD systems he manages at Applied Research Laboratories. The presentation is intended to be driven by the requests of those attending, so that as many features can be reviewed as time allows.

August Meeting Report

by Ron Roberts

Despite the good attendance, there was plenty of pizza and soda. Membership and treasury reports, "about the same." Program chair Ray Schafer announced that John Quarterman was signed up to present in October. We applauded the excellent job that Gil Kloepfer is doing with the newsletter. President Lindsay Haisley asked about the status of sparc.cactus.org. It hasn't responded to ssh in about two months, though it is still pingable.

Lindsay suggested that we shut it down and replace it with a new 1U rack machine to take advantage of the offer from OuterNet to host us. Ron Roberts suggested that we could bring up and new machine and still maintain the Sparc. Ray Solanik had accepted the administrative responsibility for the Sparc, but had not returned email and remained unreachable. Ron Roberts agreed to fix the Sparc. Membership indicated that it should run Solaris 8, if it needs re-installation. It was running Solaris 7.

Discussion turned to the possible configuration of a new Intel box. Despite it's age, the current Linux box is still rather snappy. We expect serial ATA drives and a faster processor for the new machine will be much faster. Lindsay agreed to come up with a proposal for new hardware, and we can decide later whether to install a newer Debian on it and migrate the existing software to it, or just install BSD on the new box.

Lindsay next suggested that CACTUS as a group engage in some kind of activism against SCO's legal attack against the open source community. SCO is suing IBM for copyright infringement and seeking licensing fees from Linux users. Lindsay suggested that we set up a discussion list on cactus.org. Various software was suggested by the membership.

Member at Large Randy Zagar distributed handouts about the SCO campaign, which generated a lot of discussion. Lindsay contacted lawyer Jim Tyre, who handled Chip Rosenthal's domain registration case, asking what we could do to fight the SCO campaign. He also contacted Eric Raymond of the Open Source Foundation. After much discussion back and forth, it was agreed to form a committee consisting of Lindsay, Randy Zagar, and Ray Schafer to come up with some proposals. Called the SCO Action Committee, it was also called the SCO FUD Busters.

So we have a new link on the web page: Unix in the news. This is just a beginning. Lindsay wants CACTUS to get involved and take a position. We had trouble getting him to shut up, so we could get to the presentation.

Longtime member, Dewey Coffman, presented his new company product NetSieve. Dewey was instrumental in the founding of Jump.Net, the Unix-friendly Austin ISP. Jump.Net hosted the CACTUS sparc at one time. Jump.Net was a very successful and respected ISP, which acquired Zilker Internet Park in the 1990s. Recently, Jump.Net was bought out by Hosting.Com and Allegiance Telecom.

As Allegiance moved in a different direction, Dewey looked for another opportunity. Two years ago he began to develop NetSieve, a SPAM and web filter appliance. The idea was to develop something that even a point-and-click type Windows [TM] administrator could use beneficially. Dewey noted that much of his market is Mexican ISPs. In Mexico, most SPAM is pornography, which in the US it's viagra. In response to a membership question, Dewey indicated that the appliance can be configured to redirect all of the porn to Gil. Or you could redirect it to the HR department.

[Editor's note [Gil]: Forwarding the porn to me was an inside joke, please DO NOT do this!]

Some NetSeive customers asked for the ability to just delete SPAM, rather than quarantine it. This raised the question of rather or not you should bounce SPAM. Membership seemed to agree to drop it silently, except for Gil, who said, "send more."

NetSieve uses the virus engine from openantivirus.org. It uses an enhanced version of Paul Graham's Baysiean filtering. Someone asked how you treat images. Dewey indicated that nothing was implemented yet, but there have been attempts to block images based on shape and color. Some web sites are Flash only, making it very difficult to filter content. The handout Dewey brought contained some examples of image filtering. The examples were impressive, but Dewey indicated that the technique is experimental and not quite ready for prime time.

Thirty percent of bulk mail quarantined by filters such as Postini and Brightmail is porn. SPAM may be coming from outside of the US, but the people responsible for it are in Las Vegas. Dewey also mentioned that the FTC hearings about SPAM nearly broke into fisticuffs. It's a very hot-button issue.

NetSieve began in December of 2000 with seven employees. Illuminati Online was a beta site for the product. The appliance is designed as a drop in, plug-and-play solution that most anybody can use. Updates are pulled automatically from NetSieve servers. Presently, they only have twelve machines in the field.

In conclusion, Dewey mentioned that SPAM is an arms race, a war of attrition. He also acknowledged that CACTUS membership is not his target clientele. Details available at: http://www.net-sieve.com/.

Thanks to Dewey Coffman for his excellent presentation not only of his product, but his discussion of network SPAM and web filtering.


Letter From the President

by Lindsay Haisley

It seems that the issue of SCO vs. Linux, and in particular the appropriateness of CACTUS taking a public position on it, has ignited some controversy among our members. Perhaps this in inevitable since the intellectual property issues regarding Unix and Linux are by their nature contentious issues. It is my hope, as a CACTUS member, that CACTUS can take a public position on this issue and lend our prestige and name recognition to efforts in support of strong and free Open Source versions of Unix such as Linux and BSD, and in support of the GNU and BSD licences which define the place of these works in the world of intellectual property. It is, however, my responsibility, as CACTUS president to see that no action is taken which represents or obligates CACTUS as an organization without following due process as laid out in our bylaws.

I've proposed a resolution on CACTUS's position regarding the SCO/Linux issue for consideration by our membership which I have asked Gil, our newsletter editor, to publish in this newsletter. CACTUS bylaws specify that, for the purposes of voting on any issue, a quorum of voting members shall be defined as those members present at a meeting, provided that 30 days notice be given to the membership on the question requiring a vote. Given that one of our members has expressed a strong objection to CACTUS taking such a position, this issue has, in my opinion, become an issue of substance. The proposed resolution will be submitted for seconding, discussion and voting to members present at the October CACTUS meeting.


Vote Regarding CACTUS' Position on SCO's Actions

Pursuant to the CACTUS bylaws, the following resolution is being put forth to the membership for a vote by the CACTUS president, Lindsay Haisley. The vote regarding this resolution will be officially put before the voting members of CACTUS present at the October meeting. At that time, we will either adopt or reject the resolution. Please take this time to examine the text below as we will briefly discuss this and answer any questions at the September meeting:

Resolved, that CACTUS is on record as being opposed to SCO's attempts to take control of Linux and to invalidate the GNU GPL. CACTUS, through it's approved working group on this issue (and any others which may be constituted in the future), shall engage in public education, public advocacy, and any other actions reasonably within our means in support of this position. This shall include, but not necessarily be limited to:


CACTUS System News

by Lindsay Haisley

The Sparc 10

Our Sparc 10 is currently out of service, at Ron's house. According to him, it "should be at the doctor." This doesn't sound good. Ron will report to Gil, and hopefully we'll get a full report at the next CACTUS meeting and we can perhaps make decisions about where to go next with the box, and with Onramp's colocation sponsorship should the box need replacing.

Our Website Filespaces

Randy Zagar has put forth an interesting proposal for organizing the filespaces for our now multiple virtual web servers. Our standing public website, cactus.org, is currently in /var/www. Our administrative website, which contains our PHP-based membership management web files, is in /home/admin/membership, while our newly-created (and still under construction) news site - http://unixnews.cactus.org - is housed in /var/local/unixnews. Randy's proposal is to bring all of these into a central location in the /home filesystem, possibly /home/httpd (as in Redhat Linux) with the addition of a new virtual server, testing.cactus.org, in which we can sandbox ideas and test new web technologies. Randy's proposed layout looks like this:

${WEB_SITE_DIR}/
   |
   +-> www.cactus.org/
   |    |
   |    +-> cgi-bin/
   |    |
   |    +-> htdocs/
   |    |
   |    +-> images/
   |
   +-> unixnews.cactus.org/
   |    |
   |    +-> cgi-bin/
   |    |
   |    +-> htdocs/
   |    |
   |    +-> images/
   |
   +-> membership.cactus.org/
   |    |
   |    +-> cgi-bin/
   |    |
   |    +-> htdocs/
   |    |
   |    +-> images/
   |
   +-> testing.cactus.org/
       |                  
       +-> cgi-bin/
       |           
       +-> htdocs/
       |          
       +-> images/

This would allow everything to be in one convenient location but be administered/owned by different people. In my opinion, this idea has merit. Thoughts, ideas, suggestions on this from members with system administrative experience will be welcome.

[Editor's note [Gil]: I think the web site idea is a fantastic one!]


Gentoo Linux Revisited

by Lindsay Haisley

After the excellent presentation on Gentoo Linux by Mike Erwin and Jamie Pugh at July's CACTUS meeting, I decided to give Gentoo Linux a tryout on one of my system here. Having recently trashed the Debian installation on my laptop due to an improperly inserted hard drive, I decided to make it the guinea-pig for my investigation. Gentoo gets good marks from me on a number of counts. Here's a summary of my experience.

INSTALLATION

The instructions for installing Gentoo are, by and large, very well written. While they can be complex, they are very explicit. For someone with Unix experience they are pretty easy to follow since they're arranged step-by-step with alternative sequences of steps clearly referenced and labeled. The size of the manual (27 pages of printout) may be daunting to some, but the documentation website makes good use of color highlighting and is easy to follow. Consider, too, that because everything has to be compiled from source, you'll have plenty of time for reading while waiting for each step to finish! I had no trouble with the basic install, although I certainly wouldn't recommend it to someone with little or no Unix experience. Although the documentation doesn't provide a lot of extraneous details, it also does provide reasonable explanations of many steps which are useful and informative to someone with Unix knowledge.

I installed the basic system, and added Gnome, Mozilla, Galeon, support for PCMCIA cards and several other features required for a laptop. There's little support in Gentoo for generating an XF86Config file over and above the simple tools provided with the standard X package. I had to do a bit of research to get X working properly. The same goes for sound. The Gentoo documentation doesn't cover the ALSA setup required for sound cards and chipsets other than pointing one to the proper files in which to put configuration settings. I was on my own here. Fortunately, I'd set this particular box up with sound before and had good notes and bookmarks on the required configuration.

SUPPORT

Open Source software development requires good communication between developers and end users, particularly when problems crop up. Gentoo gets generally high marks in this department. Because Gentoo is a constantly evolving distribution, bugs creep into software and the update process on a regular basis. My first problem was a failure of the groff formatting system to compile, and the entire update bombed out when this compile failed. Gentoo uses the bugzilla web-based bug management system, so I went to bugs.gentoo.org and looked around. Sure enough, someone has reported the same problem the same day I hit it. Within 24 hours, the bug activity log for this problem had several Gentoo volunteers signed on and those of us who were reporting the problem were given tests to perform. The problem was first reported on the evening of 8/4 and was solved at 12:20AM on the morning of 8/7. It turned out to be a somewhat obscure problem with a conflicting utility installed by the Debian dpkg build. Debian dpkg is also available for Gentoo, much as rpm is available for Debian. A new ebuild was made available for dpkg the next day and the problem was solved.

Another problem, not as critical but rather annoying, was a reproducible kernel OOPS whenever an installed PCMCIA card was removed. I filed on the bug myself on 8/19 since no one else had reported it. On 8/27 the problem was solved. It would have been solved sooner save for a bug in Gentoo's bugzilla system which prevented the Gentoo volunteer kernel hacker on the case from getting a notice of a trace upload which I posted. The Gentoo volunteer who solved the problem is in the UK, and was very helpful and informative in private correspondence, above and beyond the call of duty!

The Gentoo development community, though widely dispersed, seems more tightly integrated and less bureaucratic that that of Debian, which is much larger, and everone with whom I've interacted has been helpful and informative. A third problem, this one with page searches in the Galeon web browser was filed on 8/25 and remains unaddressed. The problem is a minor annoyance.

OVERVIEW

All and all, I've been happy with what I've seen of Gentoo so far. Mike and Jamie report substantial performance (4 to 5 x) improvements at OuterNet on boxes converted from Redhat to Gentoo, and can back this up with the results of careful tests using applications which they've written and run on a regular basis. My laptop appears snappy and the OS loads and comes up quickly, although this is anecdotal and by no means represents the results of careful benchmark testing. There are some very real concerns with using Gentoo on a production system. Chip Rosenthal has a good commentary on Gentoo on his weblog at http://www.unicom.com/chrome/a/000351.html. In it, he points out that requiring a compiler to be resident on a publicly accessible system is a definite security risk. The recent Slapper worm, for instance, took advantage of a resident compiler on a Linux box to exploit vulnerabilities in OpenSSL. The same objection, of course, applies to FreeBSD, which Chip also eschews. Long compile times are also an issue. Arguably, the speed advantages claimed for Gentoo may not be worth putting up with the very real install times which run in the neighborhood of several hundred times those required for precompiled binaries.

The Gentoo system does include some basic pieces, such as the init system in /etc/init.d, which are elegant in design and represent some of the best of what I've seen in Linux distribution design. Everything I've seen in Gentoo, with few exceptions, is very well integrated with the installation as a whole. I will continue to use it on my laptop, although I'm not sure if I'd install it on a new server or desktop system in preference to Debian, with which I'm much more familiar. I may stick with Debian, then again I may not ;-)


August CACTUS Membership Report

by Luis Basto

We wish to thank Core NAP as the newest corporate sponsor for CACTUS. A full description of their company will be published in a future newsletter. Meanwhile, the contact person is Kenneth Smith, 685-0010, kenneth [at] corenap <dot> com. Their website is www.corenap.com.

We would also like to thank these members for renewing their membership - Stephen Kneuper and James Umbarger.

Membership

To renew your membership, please send check or money order payable to CACTUS ($25/yr for regular membership and $96/yr for corporate sponsorship):

     CACTUS
     PO BOX 9786
     AUSTIN, TX 78766-9786
You may also pay in person at the general meetings. Please direct any inquiries or address changes to membership [at] cactus <dot> org.


CACTUS Officers


CACTUS Sponsors

Significant Contributing Sponsors

Applied Research Laboratories/University of Texas at Austin (http://www.arlut.utexas.edu/)
(Gil Kloepfer, Computer Science Division (CSD), 835-3771, gil [at] arlut <dot> utexas <dot> edu)
OnRamp (http://www.onr.com/)
Internet service provider.
Outserv.net (http://www.outserv.net/)
IT operations and management solutions to small and midsized businesses.

CACTUS Sponsors

CoreNAP, L.P. (http://www.corenap.com/)
(Kenneth Smith, (512) 685-0010, kenneth [at] corenap <dot> com)
"Providing Austin and central Texas businesses and power users the best choice for server colocation and high speed Internet access."
Covad/Laserlink (http://www.laserlink.net/)
(Chip Rosenthal)
Dresser Industries - Wayne Division (http://www.wayne.com/)
(Steve Cox, steve <dot> cox [at] dresser <dot> com, (512) 338-8444)
A leading supplier of integrated retail solutions to the global petroleum and convenience store industries, including point-of-sale systems, fuel dispensers, and after-sale support services.
Journyx (http://www.journyx.com/)
Provider of workforce management software and services
Prog Corp.
(David Mallis, prog [at] cactus <dot> org, (512) 451-7191)
Develops educational materials used for in-service training, classroom teaching, and independent study. They also provides consulting services for instructional program design, development, and implementation.
VoIPing, LLC (http://www.voiping.com/)
A Central Texas privately owned and operated partnership specializing in IT Consulting and Services. (Email info [at] voiping <dot> com. Phone 512-698-VOIP (8647) or 512-698-8031)

Friends of CACTUS

Applied Formal Methods, Inc.
(Susan Gerhart, 794-9732, gerhart [at] cactus <dot> org)
Auspex Systems (http://www.auspex.com/)
Fastest reliable network fileservers.
Austin Code Works
(Scott Guthery, 258-0785, info [at] acw <dot> com)
BestRegistrar.com (http://www.bestregistrar.com/)
(Steve Locke, (800) 977-3475), swl [at] cas-com <dot> net)
A top-level domain name registrar, CORE member.
CTG
(Maurine Mecer, 502-0190 [FAX 502-0287])
Professional recruiting.
EDP Contract Services
(Mark Grabenhorst, 346-1040) Professional recruiting.
Hewlett Packard (http://www.hp.com/)
(Bill Sumrall, 338-7221)
Hounix (http://www.texascomputers.com/hounix/)
(Marilyn Harper)
Houston's Unix Users Group.
Network Appliance Corporation (http://www.netapp.com/)
(Frank Mozina, fmozina [at] netapp <dot> com)
O'Keefe Search (http://www.okeefesearch.com/)
(John O'Keefe, john [at] okeefesearch <dot> com, 512-658-9224 or 888-446-2137)
Professional recuiting.
Sailaway System Design
(Chris J Johnson, 447-5243)
Schlumberger (http://www.slb.com/)
(Kathy O'Brien, obrien [at] asc <dot> slb <dot> com)
Technical services and products in over 100 countries.
Silicon Graphics (http://www.sgi.com/)
(Don Williams, 346-9342)
Solid Systems
(Pete Farrell, 442-2222)
Sterling Infomation Group (http://www.sterinfo.com/)
(Darrell Hanshaw, 344-1005, dhanshaw [at] sterinfo <dot> com)
Sun Microsystems (http://www.sun.com/)
(Rick Taylor)
Supplier of Unix client-server computing solutions.
Texas Internet Consulting (http://www.tic.com/)
(Smoot Carl-Mitchell, 451-6176, smoot [at] tic <dot> com)
TCP/IP networking, Unix, and open systems standards.
Technow
A Sun Authorized Training Center and a Hardware Reseller.
Unison Software
(Shelley St. John, 478-0611)
Supplier of networked systems management solutions.
UT Computer Science Department
(Patti Spencer)
UT Computation Center
(Mike Cerda, 471-3241, cerda [at] uts <dot> cc <dot> utexas <dot> edu)


CACTUS Meeting Location:
Applied Research Labs

CACTUS meets on the third Thursday of each month at the Applied Research Labs (ARL) in the JJ Pickle Research Campus (JJ PRC). We'll meet in the main auditorium located directly behind the guard's desk and main lobby.

Please do not show up earlier than 6:20 pm on the specified day. Enter through the main entrance at 10000 Burnet Road for ARL:UT. Tell the guard that you are here for the CACTUS meeting. You will be required to sign a log book, but not required to wear a badge. The guards will direct you to the auditorium entrance. Limited parking in the front of the building is available, but more extensive parking is available in the large parking lot just north of the ARL building. After 6:30 pm, all entrances to JJ PRC, except for the Burnet Road entrance, are closed and locked. You can still enter the parking lot in front of the ARL building. No parking tags are necessary after 6:00 pm. See map for further details.

Online maps are available at:

As always, please leave the facility as you saw it when you arrived.