Questions and Answers
LISA VI Conference
The USENIX LISA VI system administration conference
is now over. A
number of good papers were presented, but, as always,
many of the
highlights of the conference came in the course of social
between system administration peers in the hallways
and bars of the
conference hotel. Except for those at very large sites,
usually have no peers at work. Users may be friends,
but they cannot
be peers, because their perspectives and needs are so
the system administrator's.
Among the interesting papers presented were Paul Anderson's
Use of Local Workstation Disks in an NFS Network,"
"Is Centralized System Administration the Answer?"
"Customer Satisfaction, Metrics and Measurement,"
Elling and Matthew Long's "user-setup: A System
for Custom Configuration
of User Environments, or Helping Users Help Themselves."
interesting to me was Michael A. Cooper's "Overhauling
for the '90s," a description of a new version of
which was first introduced in 4.3 BSD UNIX. This version
to fix many of the problems in the original rdist that
to do with large-scale distribution.
LISA VII in 1993
Although LISA VI is barely over, the work on next year's
to take place November 1-5 in Monterey, California,
is already underway.
The Call for Papers will be out before the USENIX Winter
in January, but in the meantime, here's a little taste
of what we
are working on. The topic, "The Human Aspect of
UNIX System Administration,"
reflects the fact that system administrators have come
that providing good support is not only a technical
task, but also
one which requires dealing with human beings. This is
not to say that
LISA will become an amateur psychology gathering. What
we hope for
is submissions that deal practically with management
of the human
aspect -- through policies, procedures, and improved
forms of communication.
Of course, traditional technical papers will be welcomed
in the usual
The Interop Exhibition
The Interop exhibition, one of the major tradeshows
in the UNIX community,
took place in San Francisco the week after LISA VI.
The fact that
this show has grown so much must be proof of the commercial
of UNIX. This year was the first in San Francisco --
the show had
been in San Jose, in the heart of Silicon Valley, in
The size of the show is now almost intimidating, and
it's packed with
vendors who claim to have all the solutions to one's
one will only purchase their application. While many
vendors did indeed
have good solutions to some of the problems, the oft-repeated
of having the one and only solution served to heighten
skepticim. Taken in moderation, however, the show is
a very good source
of information. I decided ahead of time to focus on
and was able to obtain some good information in this
The routers provided by well-known companies such as
Cisco and Wallfleet
are all of the high-performance kind and are priced
was looking for alternatives, capable of performing
well enough for
a slip connection or a 56Kbit lease line and priced
for smaller companies. I found a couple of possible
One of the most facinating possibilities was a T1 radio-wave
from Cylink. Using this kind of technology, you pay
only the setup
cost and the cost to the Internet service provider,
but no cost for
leased lines from the phone company. Cylink claims that
works up to a distance of 10 miles, with very slight
in bad weather.
Network Application Technology showed an IP router,
the LANB/290 Remote
IP Router, which seems to qualify as one as the lowest-priced
on the market. Each router comes with a LAN connection,
port, and a data link connection for RS-232, RS-449/422,
X.21. It uses the PPP over the serial link, and will
CMC Network Products unit of Rockwell International
the Net Hopper, a dialup TCP/IP router, which seems
to be positioned
as competiton to the NetBlazer from Telebit. With the
in, the Net Hopper is very competitively priced at $2,000
modem and one LAN connection, or $3,500 with one LAN
and three modems.
CMC claims that the Net Hopper is easier to set up than
a stereo system
(I find this hard to believe, especially since the Net
seems to support package filtering).
Defense Fund for Berkeley UNIX
Berry Shein, president of Software Tool & Die, is
working on creating
a defense fund for the University of California in the
Laboratories copyright suit against BSDI and the University
And now to this month's questions.
What is the ARPANET?
The ARPANET no longer exists, so the question must
be rephrased as "What was the ARPANET?" However,
since the ARPANET had a very significant influence on
development of the Internet as it exists today, the
question is worth
The ARPANET was funded by the US Department of Defense
Projects Agency, ARPA (later DARPA) in the late 1960s.
It was an experimental
network that spanned the United States, and was used
by the goverment
to share computer resources across the continent. During
1980s, the TCP/IP protocol family was developed, and
available through the University of California at Berkeley.
made it easier for many organizations, such as universities,
to the ARPANET. In just a few years, ARPANET grew from
relatively few machines to become the backbone of a
large number of
local networks. And the Internet was born. In the 1980s
the ARPA network
experiment was terminated by DARPA, and the NFS network,
by the National Science Foundation took over. Today,
is made up of many wide area networks, such as NFSNET,
and in fact
covers the entire world.
You often emphasize in your writing and talks the need
for system administrators to be able to deal with people.
any books or tutorials you can recommend to help me
Unfortunately, I know of no books or courses that address
these issues. Over the years, I've learned from practical
and mistakes made in the process. The books I've found
been various books on management, even though the form
practiced by a system administrator in dealing with
users and daily
management is in a somewhat different category. If I
had to recommend
one book, it would probably be Tom DeMarco's People
book deals mainly with software development, but it
good deal of common sense on how to work with people.
Changes have been slow in coming about. In the beginning,
when I encouraged
people to work on this area, many administrators were
caught up in the technical issues of the profession.
Now a number
of people have told me they are excited about the theme
of the next
LISA conference, and in just the last few weeks, an
working group has been created. The new group, sage-managers,
explore how, from the system administrator's perspective,
Your best bet, however, is still to use common sense,
and to be able
to listen to users' and management's wishes and requirements.
In articles on USENET, I often see references to something
called a "firewall." It seems to be something
you need when
you are connecting to the Internet. Could you explain
a bit more?
A firewall is a security tool that you can use to protect
your site from unwanted access from the Internet. Strictly
it is not necessary, but it is very much recommended.
The firewall serves two purposes. One is to give you
very high degree
of control over who and what can access your site; the
second is to
limit this control only to the point where your site
connects to the
Internet. Your site is then rather like a shellfish,
hard on the outside
and soft on the inside.
The firewall itself consist of two items, a router and
the latter often referred to as the gateway (as it is
the single point
of access to the Internet). The router, sometimes also
choke, must be set up to ensure that any network packet
it lets through
must come from, or be destined to, the gateway machine.
it impossible to connect to or from any other machine
on your network
other than the gateway. In turn, the gateway must be
set up to forward
any package to or from the Internet in a reasonable
manner -- otherwise,
users will have to log on to the gateway machine itself,
all too easily compromise the security of both the gateway
system. The problems this strategy creates for e-mail
can fairly easily
be resolved through use of aliases and MX records. Problems
services, like ftp, are more difficult, but can be resolved
use of a proxy mechanism, such as SOCKS (written by
Michelle and David
Koblas). SOCKS is available by anonymous ftp from s1.gov.
In the above example, the router must be configured
to reject all
traffic, except the one fulfilling certain requirements.
It is also
possible to set up a firewall with a different filtering
where traffic is let through by default and specific
are denied. I believe this approach to be somewhat less
and a lot more difficult to make functional.
The above explanation is somewhat simplified due to
For more information, I recommend two good books from
Associates, both of which can be helpful in setting
up a firewall.
One is the Practical UNIX Security, by Simson Garfinkel
Gene Spafford; the second is DNS and BIND, by Paul Albitz
About the Author
Bjorn Satdeva -- email: email@example.com /sys/admin,
inc. The Unix
System Management Experts (408) 241 3111 Send requests
to the SysAdmin
mailing list to firstname.lastname@example.org