SANE 2006 - Konferenzbericht

Die 5te System Administration and Network Engineering Conference fand vom 15ten bis 19ten Mai im Aula Congress Centre im niederländischen Delft statt. 5th System Administration and Network Engineering Conference
May 15-19, 2006
Aula Congress Centre, Delft, The Netherlands

Here I collected links and remarks while I've been at SANE … some spell done, SANEity-check not yet done, pictures not added, yet — Hella Breitkopf, 2006-05-21 23:18


My travel to the SANE was nearly smooth1). At the (nice) hotel I met people I know and some other nice conference participants: Dan and Emil I knew from the SANE 2002. Yeah, and we are really international: Swedes, Irish, French, Norwegian …


Jos Vos: Building and Maintaining RPM Packages

Tutorial M5 / Time: Monday 15 May 2006 09:00 - 17:30 Location: Commissiekamer 3 / IAR

  • rpm2cpio
  • ~/.rpmmacros
%_topdir /home/me/build/rpm


Bad luck for the participants of "Linux System administration" - the referent didn't reach Delft in time

Good weather outside, so Delfts youth did probe their car music equipment in front of the conference centre. One couldn't here that inside, but it was a bit contrary to my search of a sunny silent space to use the wlan

In the evening a small group went for dinner … pancakes. The menu was in a lot of languages - but not yet in Swedish.


Walter Belgers: Black Hats Session V

News from the Security Front

Tutorial T1 / Time: Tuesday 16 May 2006 09:00 - 17:30 Location: Senaatszaal


Nice talk with Ed and Dan about the state of the world, wikis (and there not being articles about system administrator in Dutch 2) or Swedish Wikipedia) and the honeynet project (there will be talk later at the week)

Dinner: Chinese Food with Dan somewhere in the city.


Jim Reid: Advanced Scottish DNS


  • Advanced Topics in DNS

(Tutorial W2AM) Time: Wednesday 17 May 2006 09:00 - 12:30 Location: Collegezaal A


  • DNS Security (Tutorial W2PM)

Time: Wednesday 17 May 2006 14:00 - 17:30 Location: Collegezaal A


Per and me bought some Delft Blue thingies for people at home in the noon break.

Dinner: Between tutorials and BOF we - large group of Juliana-Guests - had some chinese food in the neighbourhood of the hotel.

BOF: OpenOffice

has a new release scheme3) and a new campaign: Get Legal!

I put in the button to this wiki while being in the BOF, told so at the end, and a photographer of the Dutch c't took a picture of it and me4)

BOF: Asterisk and VOIP

The BOF-Initiators have a nifty GSM to VOIP Hardware in their office, skype is working fast and easy for the normal user but might do strange things and most of us don't think it is really wanted in business environment, SIP is ugly to firewall so one better firewalls IAX, the best start point for Asterisk still is the Linux Distribution Asterisk@Home


Alexios Zavras opened the Conference and announced some changes to the program.

Ed Felton hold the Keynote about "Freedom to Tinker"

"Shift in control from distributors to users" and the "Role of multi-use technologies" and the political and legal involvements of users and sysadmins: CD DRM, and some details about the Sony CD Root kit ($sys), and some reactions,

Ed Feltons Blog: (and he promised after the talk to put his presentation as free content on the web, so it should be found there)


Bill Cheswick: Did with Unix on my Mind (pdf) a really enthusiastic and very fast talk .. some good titbits to pick up, wonderful rants and some ideas for network scripts.


Luca Deri: Open Source VoIP Traffic Monitoring

ntop now can monitor VoIP traffic (mostly)

There is a paper(pdf) and his foils (pdf)

Sam Leffler: Wireless Networking in the Open Source Community: The Good, The Bad, and The Ugly is developer for the Madwifi project (Atheros wlan driver for FreeBSD and Linux) 6)

Universal Plug and Play: Dead simple or simply deadly? by Armijn Hemel (abstract) was for me a nice introduction to UPnP and SOAP and gave some healthy ideas about the dangers involved in it. 7) Armijn Hemel concludes:


  • is not very well designed
  • has ambigious specs, easy to exloit security holes
  • is everywhere
  • won't disappear

just turn it off

Five days later even the Heise "News"ticker has heard about that.

Social Event

Done at a very nice place (beachclub) at the beach of the north sea. It was a bit windy8) and so most people felt a bit cold outside later, but otherwise nice weather. Stuffed with food I had very nice talks with interesting people - and a small barefoot walk at the beach.

Our busses drove back to the conference center just in time to get the rain while going back to the hotel. Dan invited us to a nightcub of wiskey. And then I started to pack - and who has bought all these heavy books and the delicate souvenirs?


Peter Honeyman: NFS4 to say the truth: I've not been very awake and attentive at that time. …

Honeypots, the latest trends, findings and technologies was a energetic US-Army-Style introduction by Lance Spitzner for the presentation done by young Georg Wicherski of a new tool to research botnets (mwcollect), which can be used also to do some sort of IDS.

Radia Perlman: Data: How to keep it when you want it, and lose it when you want it gone. A talk about an interesting usage of cryptography. 9)

Lee Damon Is Entropy Winning? Drowning in the Data Tsunami?. In earlier times less noise was printed or written down. Since the time of Mag-Tapes we can't see the written down data with our eyes … … Packrat-Symtom

BOF: (Smuggling) Wikis in Enterprises

(my first initiated BOF) (Smuggling) Wikis in Enterprises

Melanie Rieback: RFID Security for Sysadmins

with reactions to "cats having rfid viruses"

best cite: "Insecurity in this time is sort of a standard"

no flights which got cancelled like last time. Only a vending machine didn't deliver the promised beverage after taking my money
but there is an article "Systeembeheerder", haven't seen that
4 times a year to encourage people programming new features
and I probably never find out whether they print it
unsorted collection of titbits I picked up:
  • Powerpoint vs prosper,
  • as alias for ls -lls-l or better because shorter: , (Comma)
  • no surprises
contrary examples:
  • ls
  • real cats don't have options
  • grep
  • sed 10q better than head sed0q head -0 don't work
  • Editors: sam
  • Languages: he doesn't like perl, but python and thinks on tinkering with ruby, C is ugly and dangerous but he does it anyway
  • Bash: learn new tricks
  • find out suid things .. use jail if available - but we need better and standard sandboxes
-- -- --
what worked
  • wpa/802.11i support
  • Multi-BSS support
  • Radio tap
  • vendor push (Atheros does it… )
  • profit for wireless research
  • commercial adoption
what didn't work
  • Linux misunderstandings (BSD code/BSD license)
  • ?
-- -- --
Notes control with SOAP (requests / function calls in XML send via HTTP) usage eg: Internet Gateway Devices (eg. Linksys), MediaServer and MediaRenderer Vulnerable are lots of Linux boxes basing on Broadcom (WRT54G/WrtGS, Asus WL-HDD 2.5, .. maybe more, see Openwrt webpage), ZyXEL P-335WT, all "EdiLinux" based routers (, most vendors didn't wanted to cooperate
bringing a windprotecting jacket really was a good idea
Store encrypted, throw away the key … but you need lots of keys, if you want to throw away not all at the same time - difficult to manage. So: you need some automatic tool (the ephemerizer) to create these keys, manage the encryption/decryption and delete them on the right time. Usage:
  • Predetermined expiration times
    • Health test (e.g. fetch your AIDS test after two weeks)
    • corporate e-mail,
  • Custom Key
  • Enenmy at the door
  • Client files
  • On Demand
de/sysadmin/sane2006.txt · Zuletzt geändert: 2020-02-11 00:05 von hella


Mastodon Twitter