MUUG Monthly Meetings for 2008-09

Please note our meeting location: The IBM offices, at 400 Ellice Ave. (between Edmonton and Kennedy). When you arrive, you will have to sign in at the reception desk, and then wait for someone to take you (in groups) to the meeting room. Please try to arrive by about 7:15pm, so the meeting can start promptly at 7:30pm. Don't be late, or you may not get in. (But don't come too early either, since security may not be there to let you in before 7:15 or so.) Non-members are welcome, but may be required to show photo ID at the security desk.

Limited parking is available for free on the street, either on Ellice Ave. or on some of the intersecting streets. Indoor parking is also available nearby, at Portage Place, for $5.00 for the evening. Bicycle parking is available in a bike rack under video surveillance located behind the building on Webb Place.

September 9, 2008: Advanced Usage of OpenSSH

In many ways, SSH has become the ubiquitous tool for using remote shells. It is that, and a lot more. Over the years, SSH (and specifically OpenSSH) has blossomed into a networking and security Swiss-army knife. When used properly, SSH is a powerful tool which can solve some surprisingly difficult problems in very simple and elegant ways. It can also be used as a tool to give you some peace of mind when working in hostile, administratively constrained or seemingly closed networks.

In this presentation by Sean Cody, the goal was to show a few tips, tricks and secure practices using some lesser known OpenSSH features, as well as some defences against (or at least some awareness of) some of the more clever uses of OpenSSH.

Sean has made his presentation notes available online.

October 14, 2008: Got Spam? Fight Back!

This month, MUUG regular Gilbert Detillieux talked about spam, why it's a problem, and how (as a mail system administrator) you can fight back. His presentation focused on how he's configured sendmail's built-in features for blocking spam, including the local access hashed database (for blacklisting and whitelisting addresses) and using DNS-based blocklists, as well as a few external mail filters (milters) that allow for more elaborate filtering. Milter-greylist as well as milter interfaces for SpamAssassin and ClamAV were also covered. Gilbert concluded with some stats he gathered from a couple mail servers he maintains, which showed how effective certain blocklists and greylisting can be in reducing unwanted e-mail.

Gilbert has made his presentation notes (including links to lots of useful resources) available online.

It was also election night in Canada, as well as for the MUUG board. In the latter case, the new board was elected by acclamation, with the only change from the previous year being that Sean Cody replaces Shawn Wallbridge, who's left us for the warmer climes of Los Angeles. Welcome Sean, and we'll miss you, Shawn!

November 11, 2008: What's new in OpenSUSE 11

John Lange demoed the recently released OpenSUSE 11 running the Gnome desktop, highlighting the major changes from the OpenSUSE 10.X series and focusing on its rich desktop features, especially things that go "whizz-bang!" such as the 3D Desktop Effects, available with Compiz. John also showed some of the package management tools, including the new OpenSUSE Build Service, featuring a one-click install of third-party packages.

December 9, 2008: Round-table, Gadget Showcase and Mix & Mingle

With the usually active holiday season approaching, we took things at a more relaxed pace, by giving more time for the round-table discussion (rather than cutting it short as we had to last month). Then, instead of a very short coffee break, we had a more laid-back mingler with some holiday treats and more time for informal discussion.

This was also a geek gadget showcase, with several people bringing their favourite gadgets to show off. We had a couple Asus Eee PC's, a Nokia N800 and an N810, Apple iPhones and/or iPod Touches, a Bookeen eBook reader, and locally made GPS unit with Iridium-based two-way messaging, from a company called Solara. A couple wireless routers were provided to give Internet access to many of these devices.

January 13, 2009: RT: Request Tracker

RT is an enterprise-grade ticketing system under developent since 1996 which enables a group of people to intelligently and efficiently manage tasks, issues, and requets submitted by a community of users. RT has undergone a lot of development in the last few years that makes it even more flexible and usable for everyone from 1-man "teams" to 10,000-strong communities, from tracking my shopping list (OK, maybe not...) to streamlining tech support and customer contact for huge enterprises.

"How do you take an disorganized, overworked, overstressed, and unmanagable sysadmin in a small company and make him an organized and managable sysadmin? Install RT and tell him that if it's not in RT it doesn't exist." - Paolo Supino, Telmap

Adam Thompson did the first part of the presentation, and gave an overview of what RT is, what it isn't, and how it might be used. Adam has researched, evaluated and implemented ticketing systems from software defect-management to customer management and everything in between, for over ten years. So far RT is the most flexible solution he's found and has personally used it for both his personal ToDo list and network infastructure servicing 10,000+ clients.

Montana Quiring followed up, with a hands-on demo of the RT system he's set up for tracking requests by students at the U of M residences. Montana had previously used other systems, such as Rutgers University's ruQueue, but switched to RT because of its features and customisability.

February 10, 2009: Firewall Software for UNIX

Network firewalls are typically dedicated boxes that sit between an organisation's internal network and the Internet. But how do you protect hosts that are outside of that, such as in a DMZ? How do you protect your internal hosts from potential rogue systems? What if you can't afford a dedicated firewall?

As it turns out, most common UNIX/Linux systems today have some form of packet filtering software included in their kernels. These can be used to provide added protection for Internet-connected hosts, at no extra cost. In this presentation, Gilbert Detillieux looked at three such solutions: ipfilter for Solaris (and also available for other platforms), ipfw for Mac OS X, and Netfilter/iptables for Linux. In addition to showing some of the basic features of each, the presentation also mentioned some of the limitations.

Gilbert has made his presentation notes (including links to lots of useful resources) available online. There is also an audio recording (large, 46MB, 1h38m MP3 format) of the presentation. (Synchronisation with the slides is left as an exercise for the listener!)

March 10, 2009: MySQL Replication

Replication is a feature of MySQL that allows you to configure a MySQL daemon to be a "slave" that retrieves and executes logged changes from another MySQL daemon ("master"). Mark Jenkins of ParIT Worker Co-operative (parit.ca) gave an overview of the feature, discussing configuration and security, and described three key applications of replication:

Near-realtime offsite/offsystem backup, with point-in-time recovery
Failover - having a MySQL slave server take over and provide equivalent service when a master fails
Load balancing - one MySQL master server handles all writes, many slave MySQL servers handle read operations. This fits the workload profile of most dynamic websites. (e.g. Wikipedia)

Mark has made his presentation notes, in both OpenDocument Presentation and PDF format, available online. There is also an audio recording (large, 23MB, 49m MP3 format) of the presentation. (This work is licensed under the Creative Commons Attribution-Share Alike 3.0 Unported License.)

April 14, 2009: Xubuntu on a Mini-ITX Single-Board System

Single-board PC's are becoming increasingly small, cheap and plentiful. The Mini-ITX motherboard offers almost everything you need to set up a basic system running a scaled-down or full-featured Linux distribution. Just add an enclosure, power supply and disk, and you're good to go. But there may be a few "gotchas" along the way.

In this interactive demo presentation, Scott Balneaves, from Legal Aid Manitoba, brought a few surplus Epia 5000 Mini-ITX motherboards along. In his demo, he planned to do the following:

Step through the mobo's features, identifying pinouts for headers, etc.
Install a mobo in a case, demonstrating connecting PSU, disk, cdrom, etc.
Install Xubuntu on the system.

Unfortunately, Scott was thwarted in the last step by a defective CD-ROM drive. The presentation did nonetheless cover a lot of details about the board, BIOS settings, and what to expect from your Linux installation. Judging from the number of questions that followed, and the fact that all 20 or so boards Scott brought along got scooped up, there's a fair bit of interest in these little boards.

Michael Doob later pointed out that VIA has an EPIA User's Manual available online. Michael added: "Another interesting thing: the board uses the 20-pin ATX power supply connector. However according to a Wikipedia article, the usual 24-pin connector is identical for the first 20 pins, so it can be used with no adaptor necessary."

May 12, 2009: VirtualBox - Run Several Virtual Systems On A Single Host Computer

Sun's xVM VirtualBox offers full virtualization on many host platforms for many guest systems like Linux, Windows, BSD, OpenSolaris and many others. VirtualBox requires no changes in the guest systems and provides for guests as far back as MS-DOS and forward to Windows Vista and OpenSolaris.

In this presentation, Daryl Fonseca-Holt, from the University of Manitoba, explained what kind of virtualization VirtualBox offers, the major features it has, and some of the uses it can be put to. During the demo, Daryl showed how to set up for a new guest in VirtualBox, installed the guest, and showed the effect Guest Add-ins have on the user experience of the guest system. He also demonstrated setting up virtual machines entirely from the command line (or a prepared shell script), and showed how you could use multiple virtual machines on a private virtual network, to test out more complicated setups, such as an LTSP server and client.

Daryl has made his presentation notes, in both OpenDocument Presentation and PDF format, available online. He's also provided the text files for his demo script, and his cc-ttyl shell script, which uses the VBoxManage command to automate the setup of a virtual machine.

Before the break, Adam Thompson introduced a new feature to MUUG meetings, called RTFM, where a particular command and its documentation are explained in depth. The ls(1) command was covered this month. Adam has also made his presentation notes, in both OpenDocument Presentation and PDF format, available online.

We're experimenting with the format of this new mini-presentation, and we'd like to to respond to the needs of MUUG members in attendance, so we'd appreciate your feedback on how we can improve this.

June 9, 2009: TrustedBSD Architecture

The TrustedBSD project develops advanced security features for the FreeBSD operating system. Features from TrustedBSD have also made their way into other operating systems, such as NetBSD, OpenBSD, Mac OS X, and Linux.

Christian Peron is a FreeBSD security developer. He discussed the security deficiencies in the architectures of most existing operating systems. Christian showed us the technical and architectural changes that the TrustedBSD project made to the FreeBSD operating system to enhance security. Some of the changes include separating the access control framework from the security policy, modifying the kernel to support an auditing framework, and setting up an intrusion detection system.

Chris has made his presentation notes available online.

Before the break, Mike Pfaiffer provided another brief RTFM topic. The cp(1), rm(1) and mv(1) commands were covered this month. Mike has made a one-page hand-out, in PDF format, available online.

July 2009: No meeting this month

August 2009: No meeting this month

Home

About

FTP