Tobi Waves

A tutuorial by Tom Limoncelli

This is the second time I attended this tutorial. This time I got the first half, Check the (people.ee.ethz.ch ...) entry.

New Hire Process

Draw up a check list for new hires.

Let new users choose their username.

Visit the new hire on their first day for a short chat about the system.

Give them a 2 page handout with the most important things new users need to know.

Show them how to print.

Show them how to access/install software.

Show them how to get help.

Do a follow-up visit in their the new users second week.

Things people expect to be fast

There are some support requests, people expect to be handled quickly. If it takes us a long time todo these things, our image will suffer badly. Identify the tasks that are supposed to be quick and make sure that they are.

Users for example expect reseting passwords or getting new IP addresses to be quick. Take this into account when deciding on what to work first. Resetting a password really does take very little time, so if you do it immediately, customers will be happy and you do not have to work any harder.

If something is put on hold, tell the user when he can expect the problem to be solved.

You should also look at the damage created by a problem persisting when deciding on the priority for dealing with it. Involve the customer in this decision as he may know more about the side effects of the problem.

Make sure you understand what problem the user has before starting to work. Some people do not report their problems but rather give instructions what support has todo for them. This can lead to interesting situations where there would be a perfectly simple solution to a problem but because the user never told you the problem and you did not ask, you start working on the complex solution to an unknown problem.

The visibility paradox

The best System Managers do not get recognized because everything works and people almost forget about them. So we have to become active to make sure people know that we are working for them.

Have a monthly meeting with the leader of each group you are working for. These meetings can be very short ("30 minutes are enough"). Let them talk and mention your things in passing.

Be physically visible. Have stickers on the computers about how to contact support.

Make sure the office layout lets customers see the people first they are supposed to talk to (front line support) when they walk into your space.

Have a yearly town hall meeting with all your users. Have a lecture on a current topic and then have questions and answers. Don't be afraid of unhappy users who might complain in public, this is much better than people complaining about your behind your back.

When spam^H^H^H^Hmailing all your users ... Make sure that grammar and spelling are correct, keep extra short, have the important information first. Create a useful subject. People will NOT even start to read the mail when they do not see a reason to do so in the subject.

Customer satisfaction

Users will resist answering complex questionnaires. But if you send a short evaluation mail whenever a request ticket gets closed, you may get better response: One question, three possible answers Happy, Indifferent, Unhappy, with links to paste into the browser.

Helpdesk Scope

How about this? We know which things we are responsible for, and for all the other things people bring to us, we know where to refer them to.

Infinite scope but clearly defined responsibility.

If you walk up to a computer with unsupported hardware. Tell the user that this HW was not supported, but that you were allowed to work for 30 minutes on the problem. Then try to fix it for 60(!) minutes and then if you are not successful, tell the user that they would have to buy a supported card.

Continued in (people.ee.ethz.ch ...)

A Keynote by Paul Kilmartin

eBay is the worlds 68th largest economy right behind Kenia.

WalMart took 41 years to grow to somewhat over 100 billion dollar. MS took 19 years to grow over 30 billion, eBay took 8 years to reach 3 billion. Managing growth is a challenge.

eBay started on the first Monday in September 1995 (labour day) out of eBays founders bedroom on a 30$ account with a local ISP. In January 1997 eBay had 4 pcs, at a co-location facility with 10 Mb/s. At that time it was supporting 200'000 auctions. Growth continued in 1999 they had over 200 servers and over 200 Mb/s dedicated bandwidth.

In 1999 things stared getting really serious as eBay had a 22h outage due to its hap-hazard IT architecture not keeping up with the rapid growth. The first attempt to get to grips with this was to throw more hardware and clustered computers at it. This did get them some headroom, but things only started to really get better when they started to split the application out into more individual clusters.

The base idea was to restructure the whole architecture so that one server failing should not take down the whole site. This was implemented by having the same code base on all servers, but running only part of it on any particular machine.

Special precautions had to be put in to prevent clever users from manually changing URLs into executing parts of the ebay functionality on the 'wrong' machine.

By January 2001 eBay another 11 hour outage happened as the whole dual attached SCSI setup for storage went south. At this point a new IT strategy was established at eBay: It is not possible to find 'the ultimate' setup. Everything we setup has a maximum life of 3 years. We do not only need good solutions to our current problems but we also have to plan for its replacement with the next better thing.

Today: 100 Database Instances on Sun 440's and 6800's all in VCS auto failover. 7800 Mb/s bandwidth. Search and Listings on 1100 CPUs on 127 Servers, Mail on 271 Server, ...

Since the 2001 outage the average availability has been around 99.9% ...

Quotes:*

Most support organizations are more interested in closing tickets than fixing problems.

Using market leaders means other people find problems before we do and fixes are introduced quickly.

We are a live entity with millions of active customers, not a cadaver to be dissected. Vendors have to bring fixes for problems not experimental solutions. (Running Sun Explorer is forbidden on production machines.)

We can't set up cameras on the grassy knoll to record the next Kennedy assassination.

A presentation by Luca "ntop" Deri

With todays fast networks packet capture has become a problem.

The problem is two fold, first the packets have to be captured, and second there must be spare cpu cycles for analyzing the packets.

The tool of the trade is the pcap library which provides a unified interface to packet capture. It presents the same API on every OS while it is highly customized on the machine side.

The problem is that pcap performance is not very performant. Especially in problem cases when denial of service attacks happen pcap is not able to capture the traffic because it does not deliver the necessary performance.

There are specialized cards available for packet capture but they do not have pulic APIs and are very expensive.

Lucas tests have shown that normal Linux packet capture is really the worst among Linux (0.2%) , FreeBSD (34%) and Windows (68%).

There have been various attempts to improve this, but even the best solutions were only able to capture (11.7%) of the traffic in the worst case.

In essence this mean using Linux for packet capture is a very bad idea. FreeBSD is better by almost a magnitude.

Lucas idea was to create a special package capture architecture for Linux by providing a new socket type Socket Packet Ring (PF_RING). PF_RING provides a ring buffer in memory for each socket. The application can then read from the ring buffer with mmap. The socket has facilities to record the fact that it had to overwrite a packet in the ring before it was read. This decouples the application from the kernel and improves performance substantially. This implementation is network driver neutral and quite fast (47%) still a bit slower than FreeBSD and still over 50% of the traffic lost in the worst case.

The interesting thing at that point was that the CPU was running at 30% in that situation and loosing 50% of the traffic. Luca found that disabling and enabling the interrupts in the kernel were preventing it from going into packet capturing mode fast enough. The rtirq patch was able to solve this last problem. Luca ended up with a System that was as fast as FreeBSD in capturing packets but with much more CPU to spare.

This solution is about twice as fast as commercial netflow capturing probe selling for much higher prices than the hardware cost for running Lucas solution.

Luca has been investigating ways to further improve performance and found that Gigabit Ethernet drivers on Linux could be programmed much more efficiently by exploiting the cards local packet buffers. A second issue is that Linux does memory allocation and de-allocation whenever it reads from the network card which takes a long time.

Luca has published his work in a project called nCap which provides a accelerated variant of libpcap that lets you recompile your old libpcap applications to reach much better speed.

In an attempt to further improve performance Luca has created a custom gigabit Ethernet card driver that programs the Ethernet card to make its traffic data available directly in the computers memory, freeing the CPU totally from this task, letting it work on traffic analysis exclusively. Luca calls this new method 'straight capture'. This method gives you traffic capture at device speed. With the limitation that only one application per card.

(www.ntop.org < ...)

(www.nmon.net < ...)

A talk by Wietse Venema

Wietse tells how he got into security in the early nineties at Eindhoven university, when trying to figuring out who was scanning their network, writing tcpwrapper in the process and learning lots about network programming.

In 1995 Wietse and Dan Farmer announced their automatic network scanner called SATAN in a white paper. For some people this announcement was introducing the death of the Internet. A lot of discussions happened about a sensible way to release such a dangerous software. Finally it was released on a limited basis first and then to every body at the same time. This was even featured on CNN. The whole excitement about the tool was totally overdrawn though, neither an increase nor a decrease of break-in activity was noted in the wake of the release.

This was just another episode in the ongoing debate over full disclosure or as a US Military put it: "If my systems have a problem, I would rather hear it from a friend."

Finally Wietse talked about his experience when writing PostFix. Work on PostFix started in 1996 out of frustration about the continued security problems of sendmail.

Quote: Some problems in software are found because and others are found because so many users use it.

Today PostFix is the standard in many Systems and building the cornerstone of many large organizations infrastructure.

The release of the PostFix mailer was touted by the IBM PR department in an article in the New York Times. This caused Lou Gersner (the CEO at that time) to start asking Questions about IBMs strategy in OpenSource. A year later IBM had fully embraced Linux from its smallest to its largest systems.

Quotes:

You can run from Windows but you can't escape from it. Suddenly you UNIX-based mail server because a major vehicle for email worms and other malware.

SPF is evil

Spammers don't destroy the infrastructure, it's the well-meaning people with poorly designed coutnermeasures.

On security of OpenSource vs. ClosedSource: You don't need source to find bugs.

The number of people who contribute source to PostFix I haven't got to spend much time fixing before integration is about two.

Security initiative are great, but only for new systems.

You can all layers of security around old systems, but these layers will also have bugs.

More on security (seclabs.cs.ucdavis.edu ...)

a presentation by Rüdiger Weis

My interpretation: TCG is basically a system for vendors who do not trust users. Even though the licenses which go with TCG enabled products with licenses that would not be valid in Europe to enforce it with hardware support. TCG 1.2 fixes some of the problems, but only some.

In principle a security infrastructure in every computer would be nice if it did not come with all the (evil) 3rd party interests and did not have all the problems still to be found in TCG 1.2.

The systems that prevent access to copyrighted songs can also be used to prevent any other documents. It would even be possible to prevent access to some documents at a later date by changing the appropriate access keys.

Imagine the copyright holder looses his keys, all copies of his work may become inaccessible.

The cryptographic foundations of TCG 1.2 stand on pretty week (new) legs cryptographically as many new methods are being employed in this system.

While TCG supports long keys of 2048 bits, it is still possible to use 512 bit keys and weak 160 bit sha-1 keys this raises questions regarding the cryptographic viability of this system.

Neat: https://www.trustedcomputing.org uses an invalid SSL certificate.

Bundesamt für Sicherheit in der Informationstechnik (www.bsi.bund.de ...)

A presentation by Clifford Wolf

SubMaster is a system for distributed software development where every developer can develop on his own repository and then forward patches to a central repository. The patches received at the central repository go into a system from where their integration into the main repository can be controlled by the project maintainer using specialized tools.

With SubMaster you get a rich tool set for working in such an environment.

SubMaster uses SubVersion as its data repository but wraps it so that distributed development becomes possible.

SubMaster comes with two main scripts sm for maintaining local repositories and uploading patches and smap for applying the patches to the main repository.

Further information is available on (www.rocklinux.org ...)

a presentation for Kris Buytaert

OpenMOSIX is a platform for HPC clustering.

An OpenMOSIX cluster is self organizing. It has no central node. New nodes are discovered as they join the cluster.

Each process is split in two parts, the frontend part which does all the IO and a backend part which does 'the math'. The frontend node stays where it was started. The backend will migrate to another node where it will be executed. Backend parts can continue to migrate at a later stage if the situation changes.

OpenMOSIX uses an economics model to figure out where a process should migrate to.

OpenMOSIX does not require any special libraries to run application. All the core functionality is in the kernel. There is a set of special tools for administration of the cluster. A lot of configuration information is in the /proc interface.

Applications do not have to be recompiled to run on an OpenMOSIX cluster.

For performance reasons, there is no security between the nodes of an OpenMOSIX cluster. So the setup has to be done on a private network.

OpenMOSIX does not do Batch queuing. It can be combined with condor for this to get the best from both worlds (excellent scheduling from condor and simple process migration and check-pointing from OpenMOSIX.

New Features: Migration of shared memory, port to 2.6, no more OpenMOSIX file system (there are enough cluster file-systems already like luster or gfs), migration of most features into user-space.

HOWTO: (www.faqs.org ...)

Homepage: (openmosix.sourceforge.net ...)

OpenMOSIX Knoppix (bofh.be ...)

a presentation by Marco Pfatschbacher

Normally a load-balancer is a physical box sitting in front of the nodes doing the actual work. In this setup the load-balancer becomes a single point of failure. To have high reliability, we need a second load-balancer with fail-over.

Marco presented a method to setup a group of hosts with load sharing/balacing functionality. Instead of using a dedicated load-balancer, the worker nodes are sitting on the same Ethernet segment and each node receives all traffic and just consumes the traffic it is supposed to use.

In order to receive all traffic, all nodes setup a virtual interface with the same Ethernet address and ip number. Simple repeaters have no problems with this, but switches are normally not happy when they do see the same mac address on several ports. The trick to solve this problem, is to configure the physical interfaces to respond with proxy ARP responses telling the switch the Ethernet address of the virtual interface. This will make the switch to always flood the network with traffic destined for the IP address of the virtual interface.

The nodes now use a distributed filtering approach (nms.lcs.mit.edu ...) to decide for each incoming TCP connection which node is going to handle it.

High-Availability is implemented through a small daemon ifstated and CARP (www.newsforge.com ...) to redistribute incoming connections appropriately if one node becomes unavailable.

Known Limitations and further work: Load-Sharing is static and stateful packet filtering (PF) can not be used.

A talk by Sjoera Nas

Bits of Freedom is an Dutch NGO funded by private parties. Their topics are privacy, freedom of speech, spam, e-voting and copyright. In September 2004 they did a test how simple it was to get Dutch ISPs to take down a web page which contains an obviously public domain text.

7 out of 10 providers acted swiftly by taking down the alleged violating document.

The full paper: (www.bof.nl ...)

taught by Dave Thomas

Programmers are like artists, they can only be successful if you have fun doing it. The programmer sitting in front of an empty editor buffer is like an artist in front if a blank canvas.

A good programmer picks the language appropriate for the problem.

Ruby as a language was created in 1994 by Yukihiro Matsumoto (Matz). He combined concepts from various other languages into a new language. Despite what one might expect, the new language is actually beautiful and coherent.

Ruby is similar to Perl in the sense that it does not force a programming paradigm on the user. It is rather a multi-paradigm language allowing procedural, object oriented, functional as well as meta programming.

About the language

All Ruby objects AND classes inherit from the default Class Object which has a default new method on the class that calls the default initialize method on the object. Each method can be overridden.

class Song
   def initialize(a_title)
     @title = a_title
   end   
   attr_reader :title
   attr_accessor :artist
end

a_song = Song.new("Hello")
a_song.title
a_sont.artist = "Sam"

The attr_* functions are meta programming elements, they create an attribute reader and an accessor method respectively.

def title
  @title
end

def artist=(val)
 @artist = val
end

In Ruby you always have to use accessor methods to get to object variables. The advantage is that your code will always stay the same regardless if you actually do something when a variable is set, or just set it directly. The = in the method definition is part of the method name. So even though it looks like an assignments it is actually a method call.

Strings can contain embedded ruby code

"string#{arbitrary ruby code}string"

Methods can be called with blocks of code

def example
  yield arg1,arg2
end
example {|var1,var2| puts var1 puts var2}

or

example do |var1,var2| puts var1 puts var2 end

The yield function will execute the block passed to the example call. In the block, arg1 and arg2 are accessible as var1 and var2.

Ruby does exception handling

def my_file_open(name)
  f= File.Open(name)
  yield f ensure f.close
end

my_file_open("file") do
 |file| line = file.gets
 puts line
end

this will make sure f.close gets called even when the block runs into problems and throws an exception.

Blocks can be nested ...

DBI.connect("DBI:Pg:my_db") do |db|
  db.transaction do
    db.execute("SELECT ..." do |stmt|
      stmt.each do |row|
        # process row
      end
    end
  end
end

In Ruby, variables are untyped while objects are typed by the thing they do (method names). The means if an object has the right methods, you can use it as a replacement for another object. In Ruby this is called Duck Typing (If it walks and talks like a duck it might as well be duck). This helps for things like unit testing. The type of an object is what it can do.

Meta programming

Ruby classes and objects are "open". This means you can add new methods or overwrite existing ones.

class String
  def encrypt
    tr "a-z","b-za"
  end
end

a = "cat"
puts a.encrypt

Adds a new encrypt method to rubies standard String class.

Languages should allow you todo cool things even when it would allow stupid people to horribly break everything.

Classes and Modules get executed at 'definition time'.

class Logger
 if ENV['DEBUG']
   def log(msg)
     STDERR.puts "LOG: " + msg
   end
 else
   def log(msg)
   end
 end
end

A module is a class that can not be instantiated (static method). Class methods in normal Classes have to be prefixed with the Class name to separate them from object methods.

module Dictionary
 WORDS = {}
 File.read("/usr/share/dict/words").split.each do |word|
   WORDS[word]= true
 end 

 def Dictionary.known_words?(word)
   WORDS[word]
 end
end

class Dave
  def Dave.hello
    puts "Hello"
  end
  Dave.hello
end

Method names can end in =, ! and ? in addition to the normal characters and numbers. By convention, = is for 'set' methods, ? is for test methods and ! is for dangerous methods.

Methods always get executed on an object (aka receiver) if no object is mentioned, then the default receiver 'self' will be used. Inside a class definition the default receiver is the current class.

class Dave
  def Dave.hello
    puts "Hello"
  end
  hello
end

Dave.hello

Subclasses inherit class and instance methods of their parents.

module ActiveRecords
  class Base
    def Base.set_table_name(new_name)
      @table_name = new_name
    end
  end
end

class Book lt ActiveRecord::Base
  set_table_name "volumes"
end

Note that @table_name is a variable of the class Base. This works because class Base is actually an object of the class Class.

Additional Ruby Stuff

A good IDE for ruby is Freeride

Rails THE is Ruby framework for web applications. (www.rubyonrails.org < ...)

Ruby has a database interface called DBI (equal to the one in perl) and it also has a much more powerful one called ActiveRecord that maps databases to classes, objects and methods.

class Book ltActiveRecord::Base
end

will access the database "books" and create all sorts of useful methods for accessing the information inside the database. For dumb database like mysql which do not allow to define a internal consistency rules, you can use ActiveRecord to define restrictions on what the database should accept.

Why Ruby

Lightweight

Transparent, Ruby is obvious and easy to read

Portable

OpenSource (MIT, Artistic)

Easy to learn, things work the way you or rather Mats expects.

Ruby is fun.

Stable Language. The language has not changed much over the recent versions, most action happens in the extension libraries.

Resources

Websites (www.ruby-lang.org ...) and (www.rubygarden.org ...) and the newsgroup comp.lang.ruby

Ruby Programmer guide ... (www.pragmaticprogrammer.com ...) (1st edition is available for free online)

taught by Bill Dudney

About Eclipse

Eclipse is a rich-client-platform (rcp) that gives you a lot of functionality for building rich clients, this means that a lot of functionality is contained in the client. Eclips itself is such a "client".

Currently there are about 100 companies who donate resources to eclipse development.

The main focus of Eclipse is still Java, but there is a growing number of plugins for using Eclipse to write code in other languages.

Eclipse consists of 1000s of tools. A perspective is Eclipses way of only showing the tools required to do the task at hand. Eg the Java perspective only shows the tools relevant for Java development.

The Java editor is aware of the Java language and has lots of java specific functions like context help and command completion. It can even help to fix bugs by suggesting fixes to common errors.

Eclipse is fully integrated with JUnit. It can automatically generate JUnit test skeletons for any class you select. The Eclipse Java editor has lots of functions fo code generation. At the touch of a button it can generate all that fluffy code that does not do anything and still has to be repeated many times. (Ruby solves this problem with its META programming functionality in the language itself.)

Eclipse can deal with Ant (the java make alternative) files, but internally Eclipse has its own build system, so it does not keep Ant files in sync. NetBeans on the other hand, uses Ant internally as its build system so if you are into Ants, you may want to look an NetBeans.

Debugging Java with Eclipse

Eclipse can remote debug java applications. With this it is possible to fully separate the application from the eclipse environment. This comes especially handy with big java apps like Tomcat. Use options -Xdebug and -Xrunjdwp: to start the application with remote debugging hooks enabled (this is a special function of the Sun JDK, so it will only work when running with the Sun JVM.

The Eclipse debugger can be enhanced with custom java code (toString methods) to teach it how to represent custom types when printing variables.

J2EE development with Eclipse

If you are doing web application development you should get WTP (Web Tools Project) which provides full J2EE integration for Eclipse.

Installing WTP: First get GEF (Graph Editor Framework), EMF (Eclipse Modeling Framework) and Visual Editor Project and only then you can install WTP successfully.