{"acronym":"linuxtag06","aspect_ratio":"4:3","updated_at":"2026-04-09T17:30:06.990+02:00","title":"Linuxtag 2006","schedule_url":"","slug":"conferences/linuxtag/2006","event_last_released_at":"2019-02-17T01:00:00.000+01:00","link":null,"description":null,"webgen_location":"conferences/linuxtag/2006","logo_url":"https://static.media.ccc.de/media/unknown.png","images_url":"https://static.media.ccc.de/media/events/linuxtag/2006","recordings_url":"https://cdn.media.ccc.de/events/linuxtag/2006","url":"https://api.media.ccc.de/public/conferences/linuxtag06","events":[{"guid":"0b0db69d-bda6-567e-9c5a-9fea99e86404","title":"OpenSC - die freie Smartcard Unterstützung","subtitle":null,"slug":"linuxtag06-267-opensc_die_freie_smartcard_unterstuetzung","link":"https://c3voc.de","description":"OpenSC (www.opensc-project.org) ist ein freies Programmpaket zur Nutzung von ISO-7816 konformen Smartcards (bzw. von USB Crypto-Token mit ähnlichen Funktionen) unter Unix, MS-Windows und MacOS. Es wird von einem internationalen Team entwickelt.  Genutzt wird es unter anderem neben vielen Privatanwendern auch von mehreren Regierungen um auf die nationalen elektronischen Ausweise zuzugreifen zu können (z.B. ID-Karte der Esten: http://www.id.ee, Belgische ID-Karte: http://eid.belgium.be). In Deutschland werden Signaturkarten noch vergleichsweise spärlich eingesetzt, vermutlich wird sich das aber mit der für 2006/2007 geplanten Einführung der elektronischen Gesundheitskarte ändern. OpenSC unterstützt die in Deutschland gängigen Signaturkarten der Deutschen Post (SignTrust-Karte) und der Telekom (NetKey-Karte).  Im ersten Teil des Vortrages werden die asymmetrischen Verschlüsselungsvorgänge innerhalb einer Smartcard kurz und verständlich beschrieben. Es wird erläutert, warum eine Authentifizierung mittels Smartcard aus Sicht des Autors derzeit die höchstmögliche Sicherheit bietet. Dieser Teil des Vortrages soll allen Teilnehmern, die über keine oder nur geringe Kenntnisse über die kryptographischen Vorgänge innerhalb einer Smartcard verfügen, das notwendige Grundverständnis für diese Abläufe vermitteln.  Im zweiten Teil des Vortrages werden die Bestandteile des OpenSC Projektes und die Nutzung der enthaltenen Programme erläutert. Neben den Hardwarevoraussetzungen, den unterstützten Karten und Kartenlesern wird insbesondere erläutert, welche Standards mit diesem Projekt auf welche Art und Weise umgesetzt wurden (z.B. ISO-7816, PKCS#11, PKCS#15). Dies wird anhand der zum Vortragszeitpunkt aktuellen OpenSC-Version erfolgen. Geplant ist auch ein Ausblick auf zukünftige Features von OpenSC.  Im dritten Teil des Vortrages werden dann verschiedene Anwendungsmöglichkeiten von OpenSC in Zusammenspiel mit anderen freien Softwarepaketen vorgestellt. So kann OpenSSL zusammen mit OpenSC als vollwertige Zertifizierungsstelle eingesetzt werden. Die mit einer solchen Kombination erzeugten Zertifikate können auf Smartcards gespeichert werden. Mozilla, Firefox und Thunderbird wiederum können zusammen mit OpenSC solche Smartcards (oder auch Smartcards kommerzieller Zertifikats-Anbieter) zur Client-seitigen Authentifizierung an Webservern benutzten (Apache und ModSSL). Eine weitere Anwendungsmöglichkeit ist die Anmeldung mittels Smartcards von einem Windows-Arbeitsplatz aus an einer Samba-Domäne oder mittels PAM-Modul an einem Linux-System. Vorgeführt und erläutert wird ebenfalls die Smartcard-basierte SSH-Anmeldung mittels OpenSSH und PuTTY.\n\nÜber den Autor Peter Koch:  Dr. Peter Koch leitet seit 5 Jahren die EDV-Abteilung eines berufständischen Versorgungswerkes und beschäftigt sich seit drei Jahren nebenberuflich mit der Programmierung eines Smartcard basierten Authentifizierungssystems. Er studierte Mathematik und Informatik an der Universität Duisburg, der Fernuniversität Hagen und der Florida State University. Zur Zeit beteiligt er sich am OpenSC-Projekt und ist dort vorrangig für das Karten-Betriebssystem TCOS und deutsche Signaturkarten zuständig. Peter Koch lebt in Duisburg, ist verheiratet und hat zwei Kinder. Über den Autor Andreas Jellinghaus:  Im Sommer 2001 hat Andreas Jellinghaus einen Smart Card Workshop in den Niederlande besucht und seither ist er beim Thema geblieben. Bei OpenSC kümmert er sich vor allem um alles ausser den Code: Dokumentation, Releases, Support, den Server, Binär Pakete für Windows und was sonst noch so anfällt. Zudem hat er Treiber für diverse USB Crypto Token mitgeschrieben. Linux hat er über eine Handvoll Disketten mit der Aufschrift SLS kennengelernt und ist seitdem begeistert dabei. Während seinem Studium hat er eine Zeit an Debian mitgearbeitet und für eine Alternative im Computer Pool der Fakultät gesorgt.","original_language":"deu","persons":["Peter Koch (OpenSC Project","www.opensc-project.org)","Andreas Jellinghaus (OpenSC Project)"],"tags":["linuxtag06","267"],"view_count":372,"promoted":false,"date":"2006-05-04T00:00:00.000+02:00","release_date":"2018-06-25T02:00:00.000+02:00","updated_at":"2026-03-01T10:15:05.923+01:00","length":3451,"duration":3451,"thumb_url":"https://static.media.ccc.de/media/events/linuxtag/2006/267-sd.jpg","poster_url":"https://static.media.ccc.de/media/events/linuxtag/2006/267-sd_preview.jpg","timeline_url":"https://static.media.ccc.de/media/events/linuxtag/2006/0b0db69d-bda6-567e-9c5a-9fea99e86404-timeline.jpg","thumbnails_url":"https://static.media.ccc.de/media/events/linuxtag/2006/0b0db69d-bda6-567e-9c5a-9fea99e86404-thumbnails.vtt","frontend_link":"https://media.ccc.de/v/linuxtag06-267-opensc_die_freie_smartcard_unterstuetzung","url":"https://api.media.ccc.de/public/events/0b0db69d-bda6-567e-9c5a-9fea99e86404","conference_title":"Linuxtag 2006","conference_url":"https://api.media.ccc.de/public/conferences/linuxtag06","related":[{"event_id":106,"event_guid":"import-c6b33fcb2523d7b8e4","weight":1},{"event_id":744,"event_guid":"import-889a1b50b1e3adc8f5","weight":2},{"event_id":1035,"event_guid":"import-522b456890530bf341","weight":1},{"event_id":1064,"event_guid":"import-95d8bc2858a58621e6","weight":1},{"event_id":1120,"event_guid":"import-6208bdaf46f4c64c2b","weight":1},{"event_id":1221,"event_guid":"import-28f2251a0a4fa316f6","weight":2},{"event_id":1277,"event_guid":"import-46ee25357ca568906f","weight":1},{"event_id":1654,"event_guid":"import-efc946f94edef3de15","weight":1},{"event_id":1726,"event_guid":"w9UU1iDfP18QvWJ5i2VDsg","weight":1},{"event_id":2365,"event_guid":"157510b7-5154-4f7d-ac20-a680e45f53c1","weight":1},{"event_id":2407,"event_guid":"7c371767bfd05e41e9e8e1cf8dff6766","weight":1},{"event_id":2500,"event_guid":"6587bc79-27e5-4cf3-847b-77b0acc96682","weight":1},{"event_id":2744,"event_guid":"7c933d1d-6a52-48ac-9417-601e529bcddc","weight":4},{"event_id":2796,"event_guid":"3c066b63-c764-4571-bc3b-eb8dfbb5a6d9","weight":1},{"event_id":2814,"event_guid":"3cb4101c-2042-4883-b6fb-6591994a70c0","weight":1},{"event_id":2850,"event_guid":"4f1a0717-6931-4580-9e49-5d523be045df","weight":1},{"event_id":2907,"event_guid":"3b16ddc9-499b-44b1-9084-b3e328daea30","weight":1},{"event_id":2917,"event_guid":"16613345-4f8c-44f1-a065-b3fa1d7b51cc","weight":1},{"event_id":2947,"event_guid":"422ba0b9-debb-436e-9822-e9a201dec845","weight":1},{"event_id":3007,"event_guid":"8d3d7bf7-7e45-4621-9da2-dd518609a45c","weight":1},{"event_id":3390,"event_guid":"780f8f8e-9210-4bf6-8e0f-087b56bdd54c","weight":1},{"event_id":3615,"event_guid":"74783236-46f4-493c-9574-1b27a44847b7","weight":1},{"event_id":3701,"event_guid":"155a622a-196e-4e05-a262-88f3a7726bbe","weight":1},{"event_id":3792,"event_guid":"f2f3b250-3806-4a0b-9eb5-17b3441cbe61","weight":1},{"event_id":3947,"event_guid":"ZwjtZbsZpe6Xfim50cj-CA","weight":1},{"event_id":4669,"event_guid":"d81a5dd7-4132-4afe-8749-aab08b324687","weight":1},{"event_id":4808,"event_guid":"acab4111-aba7-44f7-b56e-ef805dcacd00","weight":1},{"event_id":4885,"event_guid":"956cf3ed-c342-4c1d-b636-29ec3d4578d2","weight":1},{"event_id":5009,"event_guid":"73c1d740-06c2-11e8-aa24-a771a532ebc5","weight":1},{"event_id":5027,"event_guid":"e213beae-6b9a-48fd-b3c5-7036a4e530ac","weight":1},{"event_id":5228,"event_guid":"44434a47-4b41-2020-2020-202020202020","weight":1},{"event_id":5355,"event_guid":"8afc16c2-d76a-53f6-85e4-90494665835d","weight":1},{"event_id":5474,"event_guid":"178e37b7-7508-50e9-b603-ce864723e0db","weight":1},{"event_id":5569,"event_guid":"d37bc91e-f1dd-4fbb-b793-c08b2436eecb","weight":1},{"event_id":5617,"event_guid":"952292a6-923e-534a-a4ae-9522777f092c","weight":1},{"event_id":5618,"event_guid":"bac51d24-c529-5d9e-81c9-73a5c09e81ac","weight":1},{"event_id":5623,"event_guid":"0f74ae28-15c4-5f97-8c6f-dc90619ac30d","weight":1},{"event_id":5628,"event_guid":"480aa632-0d92-5b04-9af0-30df192e5ebe","weight":1},{"event_id":5636,"event_guid":"ba118e5f-1c35-585c-91f6-9477b0c64897","weight":1},{"event_id":6025,"event_guid":"6d52b06c-1295-4983-84e1-d0fb807af357","weight":1},{"event_id":6400,"event_guid":"527b56af-8d56-4edb-9027-9ca60767c742","weight":1},{"event_id":6423,"event_guid":"ea7c532f-cc2d-4cb1-8f15-1933df7fd523","weight":1},{"event_id":6545,"event_guid":"400622c5-3754-43fd-aaf3-0ca00e9ad551","weight":1},{"event_id":6590,"event_guid":"7ee42591-4f4d-481d-884b-44f5e18e1803","weight":1}]},{"guid":"6809c89b-899e-529f-a651-1d0c19d2421e","title":"Sanfte Migration mit Terminal Clients","subtitle":null,"slug":"linuxtag06-377-sanfte_migration_mit_terminal_clients","link":"https://c3voc.de","description":"Der Beitrag richtet sich vorzugsweise an Entscheider in kleineren und mittleren Betrieben bzw. Behörden. Er zeigt, dass Terminalserver-Konzepte eine sanfte Teilmigration nach Linux möglich machen, die mit vertretbarem Aufwand auch in kleineren und mittleren Umfeldern realisiert werden können. Der Vortrag stellt keine völlig neuen Lösungen vor, sondern berichtet über die Implementation und den Betrieb eines Applikationsserverclusters für etwa 40 Arbeitsplätze, das seit drei Jahren im Produktionsbetrieb ist. Durch Kombination einer Reihe von Open Source Produkten (heartbeat, linux virtual server, drbd, nx) aber auch kommerzieller Software (STATA, nx server) konnte eine stark verbesserte Leistung bei gleichzeitig deutlich geringeren Kosten erreicht werden.  In der Forschungsabteilung von HIS wurden über lange Zeit statistische Auswertungen mit SPSS durchgeführt, zuletzt mit einer Version für Windows-PCs. Mitte des Jahres 2002 wurde erstmalig über eine Migration nachgedacht. Auslöser war die Forderung der Firma SPSS, die jährlich zu entrichtenden Lizenzgebühren innerhalb von drei Jahren zu verdreifachen. Hinzu kam eine schon länger bestehende Unzufriedenheit sowohl mit der Quailtät der Software als auch mit dem Support durch SPSS.  Von der EDV-Gruppe der Abteilung wurde eine Konzept erarbeitet, dass den Anwendern insgesamt nicht weniger als drei Migrationen zumutete:  Erstens die Migration der Statistiksoftware von SPSS auf STATA: STATA ist wesentlich kostengünstiger als SPSS, gleichzeitig aber nach eigener Einschätzung und auch nach Einschätzung z. B. von Mitarbeitern von ZUMA (Zentrum für Umfragen, Methoden, Analysen) in wesentlichen Bereichen deutlich leistungsstärker.  Zweitens eine Migration von der Arbeit auf einem Arbeitsplatz-PC zu einer Arbeit auf einem Terminalservercluster: Die EDV-Gruppe versprach sich hiervon eine erleichterte Administrier- und Wartbarkeit der Software, eine Verbesserung der Datensicherung durch Zentralisierung, eine höhere Ausfallsicherheit, eine einfachere Skalierbarkeit (Erhöhung der Ressourcen ben Bedarf) sowie die Möglichkeit, einzelnen Anwendern bei Bedarf sehr große Leistungsreserven zur Verfügung stellen zu können. Bestimmte statistische Verfahren benötigten sehr viel Arbeitsspeicher (4 Gigabyte und mehr).  Drittens eine Migration von der Arbeit unter Windows zur Arbeit unter Linux. Ziel der Migration von Windows nach Linux war es natürlich einerseits, Kosten zu reduzieren und bestehende Abhängigkeiten abzubauen. Entscheidend waren aber Qualitäts- bzw. Stabilitätsgesichtspunkte. Nach Einschätzung der EDV-Gruppe spricht die jahrzehntelange Erfahrung mit Multiuser-Systemen unter UNIX/Linux für deren Einsatz als Betriebssystem für ein Terminalservercluster.  Im Vortrag soll einerseits das Konzept und seine Realisierung vorgestellt werden. Andererseits sollen aber auch über Probleme berichtet werden, die zu manchen Änderungen bei der Implementation der technischen Details zwangen. \n\nÜber den Autor Peter Müßig-Trapp:  Peter Müßig-Trapp ist Gruppenleiter in der Abteilung Hochschulforschung von HIS Hochschul-Informations-System und verantwortlich für die EDV-Gruppe der Abteilung, für Online-Befragungsforschung (u. a. mit den Online-Panel HISBUS) sowie für das Informationssystem ICE (ein webbasiertes Informationssystem zur Unterstützung von Hochschulplanung und Hochschulpolitik). Mit der Veröffentlichung des Buches \"Datenbanken unter Linux\" (mitp) hat er sich im Jahr 2000 das Recht erkämpft, sich als Sozialwissenschaftler zu IT-Fragen äußern zu dürfen. Auf verschiedenen Tagungen hält er Vorträge zu Informationssystemen (z. B. EUNIS European University Information Systems 2003) sowie zu Online-Forschung (z. B. GOR German Online Research 2004, 2006). Seine Freizeit nutzt er zum Schrebergärtnern und Fruchtweinkeltern. Über den Autor Holger Kettler:","original_language":"deu","persons":["Peter Müßig-Trapp (HIS Hochschul-Informations-System)","Holger Kettler (Hochschul-Informations-System (HIS) GmbH)"],"tags":["linuxtag06","377"],"view_count":17,"promoted":false,"date":"2006-05-03T00:00:00.000+02:00","release_date":"2018-06-25T02:00:00.000+02:00","updated_at":"2024-12-29T01:15:03.771+01:00","length":2741,"duration":2741,"thumb_url":"https://static.media.ccc.de/media/events/linuxtag/2006/377-sd.jpg","poster_url":"https://static.media.ccc.de/media/events/linuxtag/2006/377-sd_preview.jpg","timeline_url":"https://static.media.ccc.de/media/events/linuxtag/2006/6809c89b-899e-529f-a651-1d0c19d2421e-timeline.jpg","thumbnails_url":"https://static.media.ccc.de/media/events/linuxtag/2006/6809c89b-899e-529f-a651-1d0c19d2421e-thumbnails.vtt","frontend_link":"https://media.ccc.de/v/linuxtag06-377-sanfte_migration_mit_terminal_clients","url":"https://api.media.ccc.de/public/events/6809c89b-899e-529f-a651-1d0c19d2421e","conference_title":"Linuxtag 2006","conference_url":"https://api.media.ccc.de/public/conferences/linuxtag06","related":[{"event_id":286,"event_guid":"import-153723c1b6b23e3538","weight":1},{"event_id":2722,"event_guid":"mQWmO_GFztko5akLQJTURQ","weight":1},{"event_id":3385,"event_guid":"74460321-01f0-4a03-b0fd-ae67143edfab","weight":1},{"event_id":3439,"event_guid":"9e0065b6-d49e-4bad-b8e5-0a9fd7e8bed7","weight":1},{"event_id":3983,"event_guid":"f21bc737-27f2-5aed-be11-48c52f144f4d","weight":1},{"event_id":3986,"event_guid":"ff2bf44f-3417-5914-a017-9777087662f7","weight":1},{"event_id":4019,"event_guid":"16922cca-75bd-5628-bbed-9eaa36447926","weight":1},{"event_id":4126,"event_guid":"ded4a05f-156c-558b-99e8-21170c7a96f6","weight":1},{"event_id":4376,"event_guid":"148ed078-91f2-4436-bc69-6dd10eb1b3b3","weight":1},{"event_id":4770,"event_guid":"a890dbd3-8859-4788-a72f-ded5c5c08e5f","weight":1},{"event_id":5255,"event_guid":"9f891f57-4fc3-4804-9f41-cac1ef55b529","weight":1},{"event_id":5286,"event_guid":"d120538e-817a-420b-9be2-a5088429f439","weight":1},{"event_id":5343,"event_guid":"41f8b9a3-6245-5cf4-9c36-abfa5ffbd666","weight":1},{"event_id":5358,"event_guid":"25047665-60e0-5bbb-bd15-d5937103dc24","weight":1},{"event_id":5366,"event_guid":"95457cf6-6e5c-530c-8ce8-8bf9662cb90a","weight":1},{"event_id":5379,"event_guid":"a3bda554-eb73-5a33-a14c-6303f83cc451","weight":1},{"event_id":5380,"event_guid":"acc35999-4707-5ef9-a8af-f3b197f09704","weight":1},{"event_id":5381,"event_guid":"2b148a03-ea3f-5aa8-8a6d-9cb7624f303e","weight":1},{"event_id":5398,"event_guid":"641f2cd4-5a49-5663-8105-0b4e2c13a724","weight":1},{"event_id":5613,"event_guid":"1a145dde-fc10-5e84-b37f-f712aa0897d8","weight":1},{"event_id":5617,"event_guid":"952292a6-923e-534a-a4ae-9522777f092c","weight":1},{"event_id":5618,"event_guid":"bac51d24-c529-5d9e-81c9-73a5c09e81ac","weight":1},{"event_id":5626,"event_guid":"2a8358b0-2f22-5f3e-9b5e-58f06a4b3b6c","weight":1},{"event_id":5632,"event_guid":"5d94dbe5-fdee-5b1c-9a8a-459b1bbeef27","weight":1},{"event_id":5634,"event_guid":"88a9da4b-80b4-5e2f-ba57-85fdfea7bcd4","weight":1},{"event_id":5636,"event_guid":"ba118e5f-1c35-585c-91f6-9477b0c64897","weight":1},{"event_id":6589,"event_guid":"afa54ff4-f64e-5426-b822-50342f5d4ce9","weight":1}]},{"guid":"1a145dde-fc10-5e84-b37f-f712aa0897d8","title":"Linux in Viertausend Arztpraxen auf Server und Desktop","subtitle":null,"slug":"linuxtag06-375-linux_in_viertausend_arztpraxen_auf_server_und_desktop","link":"https://c3voc.de","description":"Von Firmen und freien Projekten werden mittlerweile einige Linux-Lösungen für den Einsatz in Arztpraxen angeboten. Ein Überblick über Stand und Einsatzmöglichkeiten der einsetzbaren Lösungen ist notwendig, um der Praxis oder ihrem Systembetreuer vor Auswahl eines Systems Hintergrundinfos zu geben.  Es wird ein Vergleich der Lösungen sowohl in Bezug auf Abhängigkeiten von der Pharmaindustrie und Konzernen, wie auch die eingesetzten Datenbanken und Programmiersprachen aufgezeigt. Dabei werden die Vor- und Nachteile objektiv anhand von Beispielen dargestellt: Die Lösung eines Konzerns hat den Vorteil einer runden ausgefeilten Lösung, aber den Nachteil der Abhängigkeit von Pharmawerbung und Schwerfälligkeit bei Sonderwünschen.  Die Lösung eines kleinen Anbieters in Verbindung mit freier Software ist zwar von der \"www.kbv.de\" bereits zugelassen, hat aber noch nicht den Komfort einer propietären Lösung. Es wird immer mehr Praxen geben, welche die Unabhängigkeit einer freien Löung bevorzugen. Die Beweggründe dieser Praxen werden beispielhaft vorgestellt. Dieser Beitrag zeigt das aktuelle Spektrum, wie es sich zur Zeit darstellt, ohne Festlegung auf eine Distiribution. Auch die sinnvolle Integration properitärer Betriebssysteme wird an Beispielen aufgezeigt.  Die Kenntnisse für diesen Vortrag entstehen aus der eigenen Betreung von fast 400 Arztpraxen im letzten Jahrzehnt mit einer Techniker- Hotline- und Entwicklermannschaft von mittlerweile 9 Angestellten in unserem Unternehmen und bundesweit aktiven Partnern vor Ort. Wir betreuen sowohl Arztpraxen mit Abrechnungsprogrammen verschiedener Hersteller, wie auch Arztpraxen mit einer wirklich \"FREIEN und offenen Gesamt-Lösung\" (ComProMed mit Meditux und Openoffice).  Es werden beispielhaft Konfigurationslösungen für Mehrplatzanlagen mit Lösung für die papierarme Praxis, digitalem Diktieren mit sicherer Internetanbindung aufgezeigt. Unser Sicherungskonzept auf Spiegelserver, Tagesverzeichnissen und Bändern wird in Verbindung der Fernwartungsmöglichkeiten (Modem/ISDN/VPN,IPSEC) vorgestellt. Die LDS/DXS (LinusDisklessClients) - Lösung \"http://www.ks.uni-freiburg.de/projekte/ldc/\" wird von uns angepasst in Arztpraxen eingesetzt.\n\nÜber den Autor Karl-Heinz Heggen:  Karl-Heinz Heggen beschäftigt sich seit langem mit der Betreuung von Arztpraxen und Klinikambulanzen. In diesem Umfeld konzipiert und installiert er Abrechnungssysteme und Netzwerke unter Linux, sowohl hinsichtlich server- wie auch clientseitiger Systeme. Er ist Geschäftsführer der Multi-Data Klinik-, Praxis- und Unternehmensberatung GmbH in Schlossheck. Die freien Projekte www.meditux.de, www.multitux.de wurden gegründet. Die Usergruppe www.schneifeltux.de wurde initiiert.","original_language":"deu","persons":["Karl-Heinz Heggen (Multi-Data Klinik-","Praxis- und Unternehmensberatung GmbH)"],"tags":["linuxtag06","375"],"view_count":74,"promoted":false,"date":"2006-05-03T00:00:00.000+02:00","release_date":"2018-06-25T02:00:00.000+02:00","updated_at":"2026-01-22T20:00:11.205+01:00","length":2460,"duration":2460,"thumb_url":"https://static.media.ccc.de/media/events/linuxtag/2006/375-sd.jpg","poster_url":"https://static.media.ccc.de/media/events/linuxtag/2006/375-sd_preview.jpg","timeline_url":"https://static.media.ccc.de/media/events/linuxtag/2006/1a145dde-fc10-5e84-b37f-f712aa0897d8-timeline.jpg","thumbnails_url":"https://static.media.ccc.de/media/events/linuxtag/2006/1a145dde-fc10-5e84-b37f-f712aa0897d8-thumbnails.vtt","frontend_link":"https://media.ccc.de/v/linuxtag06-375-linux_in_viertausend_arztpraxen_auf_server_und_desktop","url":"https://api.media.ccc.de/public/events/1a145dde-fc10-5e84-b37f-f712aa0897d8","conference_title":"Linuxtag 2006","conference_url":"https://api.media.ccc.de/public/conferences/linuxtag06","related":[{"event_id":562,"event_guid":"import-5f60a561c25be4f4ac","weight":1},{"event_id":1892,"event_guid":"98b17d0799a31053","weight":1},{"event_id":1952,"event_guid":"e7ca6d029c833227","weight":1},{"event_id":1980,"event_guid":"05u2_WazMrfvEJ8KqmwsXA","weight":1},{"event_id":2836,"event_guid":"56e8d345-8c04-4281-9811-d4ed9da8603e","weight":1},{"event_id":3772,"event_guid":"e89c168d-dc51-4de1-8aa0-26743ee5c815","weight":1},{"event_id":4118,"event_guid":"6517cc3b-cdee-5d40-a46e-33424a7c856b","weight":1},{"event_id":4618,"event_guid":"544e7dec-a9a6-11e7-9649-6f2a45a76afd","weight":1},{"event_id":4759,"event_guid":"119d0188-df86-11e7-a509-670931c02efc","weight":1},{"event_id":4840,"event_guid":"21127aeb-fe1f-4506-a3f0-d747e20419a5","weight":1},{"event_id":4942,"event_guid":"684c65c0-f61d-11e7-a1a3-57c648cc8333","weight":1},{"event_id":5254,"event_guid":"83235eb6-ce2d-4f4d-8124-1d38010a2076","weight":1},{"event_id":5266,"event_guid":"a4e7700f-8839-42ef-acfd-7d26af0463ef","weight":1},{"event_id":5271,"event_guid":"3af88c8a-b051-4691-9c3e-f518f42ca5d3","weight":1},{"event_id":5274,"event_guid":"c38c514b-99f4-4906-a0e5-189df72dbd9e","weight":1},{"event_id":5283,"event_guid":"f636e390-cad4-47f7-873d-7a23431fed16","weight":1},{"event_id":5291,"event_guid":"81747e92-2676-40b9-86ff-09869b125d94","weight":1},{"event_id":5325,"event_guid":"dda720ca-f11b-5ef5-beeb-5e33d2ed3e53","weight":1},{"event_id":5390,"event_guid":"5821f506-1609-55b5-a58d-2ae972df0f78","weight":1},{"event_id":5393,"event_guid":"faea7134-21b2-5264-9e02-a8706b63e7fc","weight":1},{"event_id":5606,"event_guid":"0cebf60f-0411-5ac1-a647-945f42c793fe","weight":1},{"event_id":5607,"event_guid":"d360b86d-4efa-5caa-a6a3-87fde4b48cdf","weight":1},{"event_id":5615,"event_guid":"6809c89b-899e-529f-a651-1d0c19d2421e","weight":1},{"event_id":5617,"event_guid":"952292a6-923e-534a-a4ae-9522777f092c","weight":1},{"event_id":5627,"event_guid":"da374617-f909-5f6e-96af-420049aa8410","weight":1},{"event_id":5630,"event_guid":"21bf8bef-026f-54bc-a0c9-815d0b018f44","weight":1},{"event_id":5634,"event_guid":"88a9da4b-80b4-5e2f-ba57-85fdfea7bcd4","weight":1},{"event_id":5635,"event_guid":"0cb16633-a722-5977-817e-5ead93caa0e7","weight":1},{"event_id":5637,"event_guid":"d9898c2f-fd78-4d04-b5d3-683df6895fa3","weight":2},{"event_id":5787,"event_guid":"4a080f4f-ec05-4c7a-990d-fa26c6227ab5","weight":1},{"event_id":6016,"event_guid":"9207c7bf-1ce6-5fb6-92a9-7b49bc55473b","weight":1},{"event_id":6409,"event_guid":"a42e5a4f-fd9b-4571-bf17-483978afecb3","weight":1},{"event_id":6590,"event_guid":"7ee42591-4f4d-481d-884b-44f5e18e1803","weight":1}]},{"guid":"da374617-f909-5f6e-96af-420049aa8410","title":"OCFS2: Native Linux Cluster Filesystem","subtitle":null,"slug":"linuxtag06-289-ocfs2_native_linux_cluster_filesystem","link":"https://c3voc.de","description":"This talk will review the various components of the OCFS2 stack, with a focus on the file system and its clustering aspects. OCFS2 extends many local file system features to the cluster, some of the more interesting of which are posix unlink semantics, data consistency, shared readable mmap, etc. In order to support these features, OCFS2 logically separates cluster access into multiple layers. An overview of the low level DLM layer will be given. The higher level file system locking will be described in detail, including a walk through of inode locking and messaging for various operations.  Caching and consistency strategies will be discussed. Meta data journalling is done on a per node basis with JBD. Our reasoning behind that choice will be described. OCFS2 provides robust and performant recovery on node death. We will walk through the typical recovery process including journal replay, recovery of orphaned inodes and recovery of cached meta data allocations. Allocation areas in OCFS2 are broken up into groups which are arranged in self optimizing \"chains\". The chain allocators allow OCFS2 to do fast searches for free space, and deallocation in a constant time algorithm. Detail on the layout and use of chain allocators will be given. Disk space is broken up into clusters which can range in size from 4 kilobytes to 1 megabyte. File data is allocated in extents of clusters. This allows OCFS2 a large amount of flexibility in file allocation. File meta data is allocated in blocks via a sub allocation mechanism. All block allocators in OCFS2 grow dynamically. Most notably, this allows OCFS2 to grow inode allocation on demand. \n\nÜber den Autor Philip Copeland:  Philip Copeland is senior software developer in Oracle’s Linux Engineering group, has been working with open source software (or designing and testing software) for more than 10 years.  From Northern Ireland, Studied at the University of the West of England an gained a BSc(hons) Computing for Real Time Systems degree  Worked in IBM Global Services Networking for EMEA 4 years. Worked at RHAT (North Carolina HQ) Specifically on clustering/high availability and the alpha processor distribution 3 years I moved back to N.Ireland and I started working for Oracle in the Open Source Systems group (Under Wim Coekaerts) almost 3 year.","original_language":"eng","persons":["Philip Copeland (Oracle)"],"tags":["linuxtag06","289"],"view_count":136,"promoted":false,"date":"2006-05-05T00:00:00.000+02:00","release_date":"2018-06-25T02:00:00.000+02:00","updated_at":"2026-02-18T20:00:05.578+01:00","length":2531,"duration":2531,"thumb_url":"https://static.media.ccc.de/media/events/linuxtag/2006/289-sd.jpg","poster_url":"https://static.media.ccc.de/media/events/linuxtag/2006/289-sd_preview.jpg","timeline_url":"https://static.media.ccc.de/media/events/linuxtag/2006/da374617-f909-5f6e-96af-420049aa8410-timeline.jpg","thumbnails_url":"https://static.media.ccc.de/media/events/linuxtag/2006/da374617-f909-5f6e-96af-420049aa8410-thumbnails.vtt","frontend_link":"https://media.ccc.de/v/linuxtag06-289-ocfs2_native_linux_cluster_filesystem","url":"https://api.media.ccc.de/public/events/da374617-f909-5f6e-96af-420049aa8410","conference_title":"Linuxtag 2006","conference_url":"https://api.media.ccc.de/public/conferences/linuxtag06","related":[{"event_id":2907,"event_guid":"3b16ddc9-499b-44b1-9084-b3e328daea30","weight":1},{"event_id":4485,"event_guid":"da208942-2be8-4f14-9466-ba8e7b74fca8","weight":1},{"event_id":5521,"event_guid":"c3dbbb23-45de-421a-89bf-74ba5f0607e8","weight":1},{"event_id":5613,"event_guid":"1a145dde-fc10-5e84-b37f-f712aa0897d8","weight":1},{"event_id":6064,"event_guid":"c80dcd0e-6ca3-4299-a793-dd023a22b54c","weight":1},{"event_id":6233,"event_guid":"9fa9eae0-2d2f-4bce-a7f5-1983003b3db7","weight":1},{"event_id":6484,"event_guid":"600ea8de-65d9-540d-abb1-a4f956e6143f","weight":1},{"event_id":6693,"event_guid":"68eef21a-279b-5ac7-9a22-0d6e43c1d97f","weight":1},{"event_id":7313,"event_guid":"7327aca1-14dd-4314-90f5-89546a1354b4","weight":1}]},{"guid":"de905f06-a3a5-593c-a862-95969b167793","title":"Daily Use of Git and Cogito","subtitle":null,"slug":"linuxtag06-286-daily_use_of_git_and_cogito","link":"https://c3voc.de","description":"(talk will be delivered in English language)  Nach der Abkehr von dem proprietärem BitKeeper als Source Code Management System (SCM) für den Linux Kernel Quellcode wurde von Linus Torvalds eine Toolsammlung mit dem Namen Git als Alternative vorgestellt. Git selber ist kein wirkliches SCM, sondern eher ein Content-Tracker um Änderungen und Patches zu verwalten. Es ist immer noch ein sehr junges Projekt, aber dennoch wurde nach einem guten halben Jahr die Version 1.0 veröffentlicht. Mit dem Aufsatz Cogito kann man es als vollständiges SCM benutzen. Mittlerweile wird der komplette Quellcodes vom Linux Kernel von Git verwaltet und auch viele andere Projekte setzen es ein. Hiermit hat Git seine Praxistauglichkeit sehr deutlich unter Beweis gestellt und auch gezeigt wie gut es skaliert.  Dieser Vortrag gibt eine Einführung in die Konzepte und den Aufbau von unterschiedlichen SCM System. Hierbei geht es hauptsächlich um zentrale Entwicklung im Gegensatz zur verteilten Entwicklung. Weiterhin geht es um die Architektur von Git und Cogito und wie man beide Pakete für eigene Projekt einsetzt. Hierbei geht dann speziell um denn täglichen Einsatz. Ein großes Augenmerk ist dabei auch die Benutzung dieses neuen \"SCM\" für die Entwicklung am Linux Kernel.  Das Ziel dieses Vortrags ist es ein wirkliches Hands-On zu Git und Cogito zu geben um diese neuen Tools ohne Probleme benutzen zu können. Sei es für die eigenen Projekte oder um an anderen größeren Projekten mitzuarbeiten. \n\nÜber den Autor Marcel Holtmann:  Marcel Holtmann ist der Maintainer des offiziellen Linux Bluetooth Stacks BlueZ und arbeitet dabei am Kernel Code so wie auch an der Bluetooth Library und den Tools. Des weiteren kümmert er sich auf den BlueZ Mailing Listen um die Fragen und Probleme der Bluetooth Anwender und unterstützt andere Open Source Projekte, die die Bluetooth Technologie integrieren wollen. Zusammen mit Jean Tourrilhes betreut er ausserdem das OpenOBEX Projekt.  Neben der Weiterentwicklung von BlueZ beschäftigt er sich auch aktiv mit den Problemen und Fragen der Bluetooth-Sicherheit. Zusammen mit Adam Laurie und Martin Herfurt leitet er den Security-Table auf dem Bluetooth UnPlugFest.","original_language":"eng","persons":["Marcel Holtmann (BlueZ Project)"],"tags":["linuxtag06","286"],"view_count":26,"promoted":false,"date":"2006-05-05T00:00:00.000+02:00","release_date":"2018-06-25T02:00:00.000+02:00","updated_at":"2025-06-22T16:15:05.341+02:00","length":3920,"duration":3920,"thumb_url":"https://static.media.ccc.de/media/events/linuxtag/2006/286-sd.jpg","poster_url":"https://static.media.ccc.de/media/events/linuxtag/2006/286-sd_preview.jpg","timeline_url":"https://static.media.ccc.de/media/events/linuxtag/2006/de905f06-a3a5-593c-a862-95969b167793-timeline.jpg","thumbnails_url":"https://static.media.ccc.de/media/events/linuxtag/2006/de905f06-a3a5-593c-a862-95969b167793-thumbnails.vtt","frontend_link":"https://media.ccc.de/v/linuxtag06-286-daily_use_of_git_and_cogito","url":"https://api.media.ccc.de/public/events/de905f06-a3a5-593c-a862-95969b167793","conference_title":"Linuxtag 2006","conference_url":"https://api.media.ccc.de/public/conferences/linuxtag06","related":[{"event_id":2386,"event_guid":"4bd97fd3-c85e-48b1-8456-cc208545a911","weight":1},{"event_id":2920,"event_guid":"d516ffe3-d32d-4bed-8289-09d245ac2b2f","weight":1},{"event_id":5616,"event_guid":"a44b9b1c-4839-5d07-9f44-166a59cb6dda","weight":1},{"event_id":5623,"event_guid":"0f74ae28-15c4-5f97-8c6f-dc90619ac30d","weight":1},{"event_id":5792,"event_guid":"f5c68cea-eb34-49ae-bb15-d0fc1085985b","weight":1},{"event_id":5810,"event_guid":"291fe17d-80ca-46a9-9978-c61509a4f9c9","weight":1},{"event_id":5818,"event_guid":"f730ef2e-a133-4174-ae95-3d7c012b4b09","weight":1},{"event_id":6116,"event_guid":"adf228ad-49ed-577c-b788-7acc6e78575b","weight":1},{"event_id":6120,"event_guid":"6f3f49b6-2f08-50ff-a45c-aa728047dd5e","weight":1},{"event_id":6247,"event_guid":"74f91f9e-dc11-4af0-b393-69ebb684e9e9","weight":1},{"event_id":6248,"event_guid":"a142251b-81f2-4195-95ba-c0f3818ce884","weight":1}]},{"guid":"2a8358b0-2f22-5f3e-9b5e-58f06a4b3b6c","title":"Iscsi, scsi on steroids","subtitle":null,"slug":"linuxtag06-288-iscsi_scsi_on_steroids","link":"https://c3voc.de","description":"\"Iscsi\" is a new star on the sky of enterprize storage-solutions and means \"scsi over ip\". It is one possible answer for the need of a generic, robust, fast and (last but not least) cheap SAN-based network-filesystem for enterprize data-centers.  The tcp-ip protocol is used to transport generic scsi-commands over the network to access a remote blockdevice. This mechanism allows flexible management of scsi-storage devices for huge server-farms, e.g. plugging in or removing harddisks from a running server.  Much effort from the Open-source community has been done to implement and stableize Iscsi according to the Iscsi-RFC/Standard for the GNU/linux operation system. Various Iscsi-related Open-source projects are currently dealing with better Desktop-integration, booting from Iscsi-devices and to make Iscsi more user-friendly.  Iscsi has become one of the most popular new server-storage components during the last year and is now gaining acceptance in the enterprize computing world as a valuable and cheap alternative to the SAN- and NAS-technologies.  It is now to get to know more about the benefits and advantages but also about the disadvantages, common pitfalls and the hype of this new technology.  This presentation deals with the role of the Open-source community according Iscsi and introduces diffrent Iscsi-related Open-source projects. It covers planning, installation, configuration, management and maintainance of an iscsi-environment in a modern data-center. \n\nÜber den Autor Matthias Rechenburg:  Matthias Rechenburg is the author of the openMosixview and kiscsiadmin project. Since some years he is involved in all kinds of data-center related open-source projects like high-performance and high-availibility clustering, consolidation, network and enterprize storage management. He is a contributor of various linux-related events, lives in Bonn, Germany, and is working as a freelancer developing for Qlusters.","original_language":"eng","persons":["Matthias Rechenburg (freelancer)"],"tags":["linuxtag06","288"],"view_count":37,"promoted":false,"date":"2006-05-05T00:00:00.000+02:00","release_date":"2018-06-25T02:00:00.000+02:00","updated_at":"2024-02-19T23:45:07.039+01:00","length":3086,"duration":3086,"thumb_url":"https://static.media.ccc.de/media/events/linuxtag/2006/288-sd.jpg","poster_url":"https://static.media.ccc.de/media/events/linuxtag/2006/288-sd_preview.jpg","timeline_url":"https://static.media.ccc.de/media/events/linuxtag/2006/2a8358b0-2f22-5f3e-9b5e-58f06a4b3b6c-timeline.jpg","thumbnails_url":"https://static.media.ccc.de/media/events/linuxtag/2006/2a8358b0-2f22-5f3e-9b5e-58f06a4b3b6c-thumbnails.vtt","frontend_link":"https://media.ccc.de/v/linuxtag06-288-iscsi_scsi_on_steroids","url":"https://api.media.ccc.de/public/events/2a8358b0-2f22-5f3e-9b5e-58f06a4b3b6c","conference_title":"Linuxtag 2006","conference_url":"https://api.media.ccc.de/public/conferences/linuxtag06","related":[{"event_id":215,"event_guid":"import-ba0466d5c3cae21c79","weight":1},{"event_id":2082,"event_guid":"exuQFfNR0oVP49Bt6g8kPQ","weight":1},{"event_id":2378,"event_guid":"213f5667-d2b5-4f7c-b3f7-90ef3f6322a0","weight":1},{"event_id":2381,"event_guid":"04ec4cc0-499d-40c4-9222-134482af8e5f","weight":1},{"event_id":2382,"event_guid":"5f916faf-b4aa-405d-985b-4a51f36ea04f","weight":1},{"event_id":2387,"event_guid":"432f984a-715b-4885-b7a9-bc201636a272","weight":1},{"event_id":2388,"event_guid":"e9a54249-b4a7-4562-91fe-421a6bde0831","weight":1},{"event_id":2389,"event_guid":"b017904f-f0aa-4bbf-a52a-bc9b002e2de9","weight":1},{"event_id":2470,"event_guid":"c131b08d-e1be-4658-b98a-a223bc746784","weight":1},{"event_id":2528,"event_guid":"6393a33b-889d-4850-b0e3-cbc7caeab1cb","weight":1},{"event_id":2534,"event_guid":"0e66ac36-d9c6-4900-b532-4f651dd39582","weight":1},{"event_id":2544,"event_guid":"2cce4d76-619d-4f60-b7e9-28e8ee9d6483","weight":1},{"event_id":2545,"event_guid":"2ee47684-8114-4361-8f3e-8b61946d8335","weight":1},{"event_id":5343,"event_guid":"41f8b9a3-6245-5cf4-9c36-abfa5ffbd666","weight":1},{"event_id":5358,"event_guid":"25047665-60e0-5bbb-bd15-d5937103dc24","weight":1},{"event_id":5366,"event_guid":"95457cf6-6e5c-530c-8ce8-8bf9662cb90a","weight":1},{"event_id":5379,"event_guid":"a3bda554-eb73-5a33-a14c-6303f83cc451","weight":1},{"event_id":5380,"event_guid":"acc35999-4707-5ef9-a8af-f3b197f09704","weight":1},{"event_id":5381,"event_guid":"2b148a03-ea3f-5aa8-8a6d-9cb7624f303e","weight":1},{"event_id":5398,"event_guid":"641f2cd4-5a49-5663-8105-0b4e2c13a724","weight":1},{"event_id":5612,"event_guid":"be647aba-f085-5c12-a3a0-f70c4253c80d","weight":1},{"event_id":5615,"event_guid":"6809c89b-899e-529f-a651-1d0c19d2421e","weight":1},{"event_id":5617,"event_guid":"952292a6-923e-534a-a4ae-9522777f092c","weight":1},{"event_id":5632,"event_guid":"5d94dbe5-fdee-5b1c-9a8a-459b1bbeef27","weight":1},{"event_id":5633,"event_guid":"86cb2960-b074-55f3-9416-89ba072a84e5","weight":1},{"event_id":5638,"event_guid":"bc119064-0b23-443b-82d4-55719d478151","weight":1},{"event_id":6634,"event_guid":"71bdcf60-c567-4cf6-94f4-5681b1d008b4","weight":1},{"event_id":6693,"event_guid":"68eef21a-279b-5ac7-9a22-0d6e43c1d97f","weight":1},{"event_id":6753,"event_guid":"7fb7e9a0-0bcd-4500-a0e5-5a99614a192c","weight":1},{"event_id":7211,"event_guid":"816f18a3-0868-5e45-ad35-e6d160ef9712","weight":1},{"event_id":7215,"event_guid":"12f94fb4-9e79-549c-9fe1-7ea056dff46c","weight":1},{"event_id":7221,"event_guid":"86af48ba-ac86-444a-ad9b-a6b74eb84a74","weight":1},{"event_id":7222,"event_guid":"2cdf16f6-51db-4f8b-9982-210d49851d4e","weight":1},{"event_id":7231,"event_guid":"6e585f42-52f3-4015-8a7a-f2e204f7afe8","weight":1},{"event_id":7232,"event_guid":"526bc948-ab22-47e4-85df-36077b1b9d62","weight":1},{"event_id":7361,"event_guid":"977957d7-ef42-4ea0-8380-b9a48bd583f0","weight":1},{"event_id":7883,"event_guid":"40aa2960-6288-5a2f-bf6f-268746f0ecdf","weight":1}]},{"guid":"480aa632-0d92-5b04-9af0-30df192e5ebe","title":"Kernel Kwestioning","subtitle":null,"slug":"linuxtag06-290-kernel_kwestioning","link":"https://c3voc.de","description":"A lot of kernel developers show up at LinuxTag. This is an exclusive opportunity to learn how the development process is organized and what the developers plan for in the future. This is a moderated question and answer session and the audience is able to ask everything it wanted to know about the Linux Kernel but did not dare to ask before ...  The participating developers join a round tabel on the stage and the microphone is passed to the audience to ask questions.\n\nÜber den Autor Nils Magnus:  Nils was co-founder of LinuxTag back in 1995 and is today involved as Program Chair. He is resposnsible for LinuxTag conference planning and organization and is member of the extended board. Nils works as Senior Security Consultant at secunet Security Networks AG, Hamburg, Germany and has a focus on security analysis and solutions for high-security environments. He is head of the best practise team security analysis and leader of the network security team. If not concerned with computers, he loves to cook, to travel, and to listen to substantial music.","original_language":"eng","persons":["Nils Magnus (secunet Security Networks AG)"],"tags":["linuxtag06","290"],"view_count":102,"promoted":false,"date":"2006-05-05T00:00:00.000+02:00","release_date":"2018-06-25T02:00:00.000+02:00","updated_at":"2025-06-27T12:30:04.423+02:00","length":4125,"duration":4125,"thumb_url":"https://static.media.ccc.de/media/events/linuxtag/2006/290-sd.jpg","poster_url":"https://static.media.ccc.de/media/events/linuxtag/2006/290-sd_preview.jpg","timeline_url":"https://static.media.ccc.de/media/events/linuxtag/2006/480aa632-0d92-5b04-9af0-30df192e5ebe-timeline.jpg","thumbnails_url":"https://static.media.ccc.de/media/events/linuxtag/2006/480aa632-0d92-5b04-9af0-30df192e5ebe-thumbnails.vtt","frontend_link":"https://media.ccc.de/v/linuxtag06-290-kernel_kwestioning","url":"https://api.media.ccc.de/public/events/480aa632-0d92-5b04-9af0-30df192e5ebe","conference_title":"Linuxtag 2006","conference_url":"https://api.media.ccc.de/public/conferences/linuxtag06","related":[{"event_id":1057,"event_guid":"import-d93f6f776ff5e0bf3d","weight":2},{"event_id":5577,"event_guid":"f6286be9-0708-5bc9-b669-5d783e2516e6","weight":1},{"event_id":5610,"event_guid":"456fb60c-5ce7-11e8-be47-1fb2912eb889","weight":1},{"event_id":5617,"event_guid":"952292a6-923e-534a-a4ae-9522777f092c","weight":1},{"event_id":5618,"event_guid":"bac51d24-c529-5d9e-81c9-73a5c09e81ac","weight":2},{"event_id":5620,"event_guid":"0b0db69d-bda6-567e-9c5a-9fea99e86404","weight":1},{"event_id":5623,"event_guid":"0f74ae28-15c4-5f97-8c6f-dc90619ac30d","weight":1},{"event_id":5634,"event_guid":"88a9da4b-80b4-5e2f-ba57-85fdfea7bcd4","weight":3},{"event_id":5636,"event_guid":"ba118e5f-1c35-585c-91f6-9477b0c64897","weight":2}]},{"guid":"bac51d24-c529-5d9e-81c9-73a5c09e81ac","title":"Die letzte Verteidigungslinie","subtitle":null,"slug":"linuxtag06-265-die_letzte_verteidigungslinie","link":"https://c3voc.de","description":"Die Firewall ist offen. Der einzige Admin ist im Urlaub, und da meldet bugtrack einen Exploit genau für die verwendete Apache Version...  Dieser Talk beschäftigt sich mit einigen Technologien, die dann einspringen, wenn die normalen Mechanismen versagt haben.  Dabei richtet sich der Vortrag vor allem an \"normale\" Sysadmins, die sich nicht jeden Tag mit Security beschäftigen.  Der Talk beginnt mit einem kurzen Überblick zu verschiedenen Angriffstechniken. Im Anschluss beleuchtet er Ansätze mit denen die Auswirkungen einer Sicherheitslücke minimiert werden können. Der Fokus liegt dabei auf Techniken, die ab Fedora Core 3, beziehungsweise Red Hat Enterprise Linux 4 standardmäßig verwendet werden: Execshield, Position Independent Executables und SELinux.  Die einfache Anpassung von SELinux an eigene Bedürfnisse bildet die zweite Hälfte des Vortrags. Es wird gezeigt, wie man -- ohne Modifikation der komplexen Policy -- SELinux für den täglichen Servereinsatz anpassen kann. Dies geschieht mittels sogenannten Booleans und Security Contexts. Als Beispiel dient hier der Klassiker: Linux im Webserver-Betrieb.  Ein Ausblick auf die tiefergehenden Möglichkeiten von SELinux rundet den Vortrag ab. \n\nÜber den Autor Florian Brand:  Florian Brand ist seit 1999 für Red Hat in Stuttgart tätig. Hauptsächlich hält er weltweit Kurse zu verschiedenen Themen der Systemadministration und beschäftigt sich als Kursauthor mit den Bereichen Authentication, Kickstart und Apache. Neben Security gilt sein Interesse hauptsächlich der Softwareverwaltung und -Verteilung in größeren Unternehmensnetzen. Auf dem Linuxtag trat er bereits duch mehrere Administrations- und Security-Vorträge in Erscheinung.","original_language":"deu","persons":["Florian Brand (Red Hat)"],"tags":["linuxtag06","265"],"view_count":57,"promoted":false,"date":"2006-05-04T00:00:00.000+02:00","release_date":"2018-06-25T02:00:00.000+02:00","updated_at":"2025-01-06T00:15:15.534+01:00","length":2912,"duration":2912,"thumb_url":"https://static.media.ccc.de/media/events/linuxtag/2006/265-sd.jpg","poster_url":"https://static.media.ccc.de/media/events/linuxtag/2006/265-sd_preview.jpg","timeline_url":"https://static.media.ccc.de/media/events/linuxtag/2006/bac51d24-c529-5d9e-81c9-73a5c09e81ac-timeline.jpg","thumbnails_url":"https://static.media.ccc.de/media/events/linuxtag/2006/bac51d24-c529-5d9e-81c9-73a5c09e81ac-thumbnails.vtt","frontend_link":"https://media.ccc.de/v/linuxtag06-265-die_letzte_verteidigungslinie","url":"https://api.media.ccc.de/public/events/bac51d24-c529-5d9e-81c9-73a5c09e81ac","conference_title":"Linuxtag 2006","conference_url":"https://api.media.ccc.de/public/conferences/linuxtag06","related":[{"event_id":4770,"event_guid":"a890dbd3-8859-4788-a72f-ded5c5c08e5f","weight":1},{"event_id":5370,"event_guid":"ea068ddc-aef6-5367-ba79-cd90ddbf8353","weight":3},{"event_id":5615,"event_guid":"6809c89b-899e-529f-a651-1d0c19d2421e","weight":1},{"event_id":5617,"event_guid":"952292a6-923e-534a-a4ae-9522777f092c","weight":1},{"event_id":5620,"event_guid":"0b0db69d-bda6-567e-9c5a-9fea99e86404","weight":1},{"event_id":5623,"event_guid":"0f74ae28-15c4-5f97-8c6f-dc90619ac30d","weight":1},{"event_id":5628,"event_guid":"480aa632-0d92-5b04-9af0-30df192e5ebe","weight":2},{"event_id":5629,"event_guid":"732a3378-feed-52ff-b8b3-899549842eb4","weight":1},{"event_id":5636,"event_guid":"ba118e5f-1c35-585c-91f6-9477b0c64897","weight":3},{"event_id":5637,"event_guid":"d9898c2f-fd78-4d04-b5d3-683df6895fa3","weight":2},{"event_id":5638,"event_guid":"bc119064-0b23-443b-82d4-55719d478151","weight":1},{"event_id":6640,"event_guid":"55045346-5af9-56e9-8fb2-0c23c5bfb225","weight":2}]},{"guid":"952292a6-923e-534a-a4ae-9522777f092c","title":"Vergleich AppArmor und SELinux","subtitle":null,"slug":"linuxtag06-264-vergleich_apparmor_und_selinux","link":"https://c3voc.de","description":"Nachdem AppArmor nun Open Source ist, ist es sicherlich sinnvoll die Sicherheitslösungen der beiden großen kommerziellen Linux-Distributoren Novell/SuSE und RedHat zu vergleichen und gegenüberzustellen. Dieser Vortrag wird kurz erläutern, was Mandatory-Access-Control (MAC) ist und wie sie die Sicherheit eines Linux-Betriebsystems erhöht. Anschließend werde ich beide Systeme vorstellen, Beispiele der Administration und Konfiguration zeigen und ihre Vor- und Nachteile aufzeigen.  Dabei steht der praktische Nutzen für den Administrator/Anwender im Vordergrund. Im Fazit werde ich an Hand eines tatsächlich erfolgten Einbruchs aufzeigen, wie und wann SELinux und AppArmor den Angriff wirksam verhindern können.\n\nÜber den Autor Ralf Spenneberg:  Ralf Spenneberg has used Linux since 1992 and worked as a system administrator since 1994. During this time he worked on numerous Windows, Linux and UNIX systems. The last 6 years he has been working as a freelancer in the Linux/UNIX field. Most of the time he provides Linux/UNIX training. His specialty is network administration and security (firewalling, VPNs, intrusion detection). He has developed several training classes used by Red Hat and and other IT training companies in Germany.  He has spoken on several SANS conferences and even more UNIX/Linux specific conferences. He was chosen to be member of the program comitee of the Linux Kongress and the GUUG Frühjahrsfachgespräch. 2002 he published his first german book \"Intrusion Detection für Linux Server\". His second german book \"VPN mit Linux\" was published in 2003. The last book in this series \"Intrusion Detection und Prevention mit Snort \u0026 Co.\" was published in November 2004. At the moment he writes a book on Linux Firewalling to be published in Febuary 2006.","original_language":"deu","persons":["Ralf Spenneberg (OpenSource Training Ralf Spenneberg)"],"tags":["linuxtag06","264"],"view_count":229,"promoted":false,"date":"2006-05-04T00:00:00.000+02:00","release_date":"2018-06-25T02:00:00.000+02:00","updated_at":"2026-04-09T17:30:06.983+02:00","length":3391,"duration":3391,"thumb_url":"https://static.media.ccc.de/media/events/linuxtag/2006/264-sd.jpg","poster_url":"https://static.media.ccc.de/media/events/linuxtag/2006/264-sd_preview.jpg","timeline_url":"https://static.media.ccc.de/media/events/linuxtag/2006/952292a6-923e-534a-a4ae-9522777f092c-timeline.jpg","thumbnails_url":"https://static.media.ccc.de/media/events/linuxtag/2006/952292a6-923e-534a-a4ae-9522777f092c-thumbnails.vtt","frontend_link":"https://media.ccc.de/v/linuxtag06-264-vergleich_apparmor_und_selinux","url":"https://api.media.ccc.de/public/events/952292a6-923e-534a-a4ae-9522777f092c","conference_title":"Linuxtag 2006","conference_url":"https://api.media.ccc.de/public/conferences/linuxtag06","related":[{"event_id":2422,"event_guid":"03553ade-bec3-4833-8210-6ac0983bb0c0","weight":1},{"event_id":3098,"event_guid":"6c0a5272-7a78-4c15-8e31-13f8c6e66085","weight":2},{"event_id":3099,"event_guid":"1af4bb7e-d722-4380-b890-3e0d8eda24b3","weight":1},{"event_id":3775,"event_guid":"f854e264-4728-472e-9e57-4dad6ea3d668","weight":1},{"event_id":4410,"event_guid":"26c1f7b1-3859-4ce3-a837-664a1bcb735d","weight":2},{"event_id":5544,"event_guid":"Vhm3GQebxdtzVPq4uFTaPA","weight":2},{"event_id":5612,"event_guid":"be647aba-f085-5c12-a3a0-f70c4253c80d","weight":1},{"event_id":5613,"event_guid":"1a145dde-fc10-5e84-b37f-f712aa0897d8","weight":1},{"event_id":5615,"event_guid":"6809c89b-899e-529f-a651-1d0c19d2421e","weight":1},{"event_id":5618,"event_guid":"bac51d24-c529-5d9e-81c9-73a5c09e81ac","weight":1},{"event_id":5620,"event_guid":"0b0db69d-bda6-567e-9c5a-9fea99e86404","weight":1},{"event_id":5623,"event_guid":"0f74ae28-15c4-5f97-8c6f-dc90619ac30d","weight":1},{"event_id":5626,"event_guid":"2a8358b0-2f22-5f3e-9b5e-58f06a4b3b6c","weight":1},{"event_id":5628,"event_guid":"480aa632-0d92-5b04-9af0-30df192e5ebe","weight":1},{"event_id":5633,"event_guid":"86cb2960-b074-55f3-9416-89ba072a84e5","weight":1},{"event_id":5634,"event_guid":"88a9da4b-80b4-5e2f-ba57-85fdfea7bcd4","weight":1},{"event_id":5636,"event_guid":"ba118e5f-1c35-585c-91f6-9477b0c64897","weight":1},{"event_id":5638,"event_guid":"bc119064-0b23-443b-82d4-55719d478151","weight":1},{"event_id":6015,"event_guid":"2565d7fd-510e-57b4-a4e8-2566d6c85915","weight":1},{"event_id":6044,"event_guid":"5808be1e-ce91-48a2-a22a-91c3289d3819","weight":1},{"event_id":6047,"event_guid":"e83405c6-2a35-4834-a462-5da4fe10652e","weight":1},{"event_id":6058,"event_guid":"7fe2a84b-bbed-4a4e-80fb-85b581c14b13","weight":3},{"event_id":6191,"event_guid":"177f3537-1744-5042-9e63-0adaa09660fc","weight":1}]},{"guid":"5d94dbe5-fdee-5b1c-9a8a-459b1bbeef27","title":"Keynote: Ubuntu - The future of a Free Linux Distribution","subtitle":null,"slug":"linuxtag06-353-keynote_ubuntu_the_future_of_a_free_linux_distribution","link":"https://c3voc.de","description":"Ubuntu Founder Mark Shuttleworth will address in his keynote aspects of Free Software development.\n\nÜber den Autor Mark Shuttleworth:  Mark Shuttleworth studied finance and information technology at the University of Cape Town, and went on to found Thawte, a company specialising in digital certificates and internet privacy. He sold Thawte to US company VeriSign in 1999, and founded HBD Venture Capital and The Shuttleworth Foundation.  In April 2002 Mark flew in space as a cosmonaut member of the crew of Soyuz mission TM34 to the International Space Station. Mark has participated as a Debian developer since the early 1990s, and in 2004 he returned to the GNU/Linux world by funding the development of Ubuntu, a user-friendly version of Linux, through Canonical Limited. In 2005 he founded the Ubuntu Foundation and made an initial investment of 10 million dollars.  Mark was born and raised in South Africa, and is currently living in London.","original_language":"eng","persons":["Mark Shuttleworth (Ubuntu Linux)"],"tags":["linuxtag06","353"],"view_count":71,"promoted":false,"date":"2006-05-06T00:00:00.000+02:00","release_date":"2018-06-25T02:00:00.000+02:00","updated_at":"2026-02-17T15:45:09.139+01:00","length":3819,"duration":3819,"thumb_url":"https://static.media.ccc.de/media/events/linuxtag/2006/353-sd.jpg","poster_url":"https://static.media.ccc.de/media/events/linuxtag/2006/353-sd_preview.jpg","timeline_url":"https://static.media.ccc.de/media/events/linuxtag/2006/5d94dbe5-fdee-5b1c-9a8a-459b1bbeef27-timeline.jpg","thumbnails_url":"https://static.media.ccc.de/media/events/linuxtag/2006/5d94dbe5-fdee-5b1c-9a8a-459b1bbeef27-thumbnails.vtt","frontend_link":"https://media.ccc.de/v/linuxtag06-353-keynote_ubuntu_the_future_of_a_free_linux_distribution","url":"https://api.media.ccc.de/public/events/5d94dbe5-fdee-5b1c-9a8a-459b1bbeef27","conference_title":"Linuxtag 2006","conference_url":"https://api.media.ccc.de/public/conferences/linuxtag06","related":[{"event_id":24,"event_guid":"import-df7b25850170e056b1","weight":1},{"event_id":553,"event_guid":"import-1642ac54dd91815d89","weight":1},{"event_id":710,"event_guid":"import-996ee6767784dc2e88","weight":1},{"event_id":1644,"event_guid":"import-7510d3224277db726d","weight":1},{"event_id":1677,"event_guid":"import-4b68a0b6bf95de3965","weight":1},{"event_id":2079,"event_guid":"f449c7b7-7c45-4cd3-9d82-7b91cae9567d","weight":1},{"event_id":2085,"event_guid":"0Yrjp9uKurxoSYw0p2pNdA","weight":1},{"event_id":2362,"event_guid":"7f0d54a2-31fa-4039-ae84-a1686922e387","weight":1},{"event_id":2363,"event_guid":"52af7df6-796f-41ed-ada8-289a8b87667e","weight":2},{"event_id":2366,"event_guid":"4e275f5e-32b6-492a-90d1-d3b92a15a9ec","weight":1},{"event_id":2621,"event_guid":"13a682be-a221-44de-a1a3-9231f23aadd6","weight":1},{"event_id":2642,"event_guid":"3b001741-27fc-4261-9808-17e46b8279b3","weight":1},{"event_id":2846,"event_guid":"527d5a8e-841d-48ad-89d9-b62fbee741b8","weight":1},{"event_id":3231,"event_guid":"ZailH5jsKoZjybdb_srn9A","weight":1},{"event_id":3866,"event_guid":"wtIryX0wXoJwm3FKr4PRZw","weight":1},{"event_id":3982,"event_guid":"fcc2ffca-3079-5b55-ba27-a676c7b5e8c7","weight":1},{"event_id":4485,"event_guid":"da208942-2be8-4f14-9466-ba8e7b74fca8","weight":1},{"event_id":4589,"event_guid":"d13d0904-92a4-11e7-be40-5373c2f92fbe","weight":1},{"event_id":4766,"event_guid":"19b7e5d7-bba7-46da-afbc-f16d43fe395f","weight":1},{"event_id":4791,"event_guid":"8d29d28d-a222-4731-bdfc-fde590385cae","weight":1},{"event_id":4826,"event_guid":"16645200-2036-4a3c-a44d-a5ff44ac2991","weight":1},{"event_id":4840,"event_guid":"21127aeb-fe1f-4506-a3f0-d747e20419a5","weight":1},{"event_id":4842,"event_guid":"581ccbad-4bbf-47a2-8845-f52278d61061","weight":1},{"event_id":4866,"event_guid":"117a52b4-f675-49dd-aafe-659c07b6bc9c","weight":1},{"event_id":4876,"event_guid":"dec6a7e0-2651-4bb5-8300-977795e901ed","weight":1},{"event_id":5259,"event_guid":"1ab2ef24-a3cd-4c11-bb81-c7ff472b8d61","weight":1},{"event_id":5260,"event_guid":"5c28a69e-02ed-4e3e-bf26-9046cf5fde11","weight":2},{"event_id":5261,"event_guid":"f55c60ce-85d5-457f-a6c1-74317ea72bdd","weight":1},{"event_id":5270,"event_guid":"5ae52c55-6447-45f8-9d13-36d15303fffe","weight":1},{"event_id":5274,"event_guid":"c38c514b-99f4-4906-a0e5-189df72dbd9e","weight":1},{"event_id":5279,"event_guid":"baef3860-9786-4917-a46c-5ddd4fdac22e","weight":1},{"event_id":5286,"event_guid":"d120538e-817a-420b-9be2-a5088429f439","weight":3},{"event_id":5287,"event_guid":"5d5e3275-0f1a-41ae-a1ad-a98ba66f1390","weight":1},{"event_id":5291,"event_guid":"81747e92-2676-40b9-86ff-09869b125d94","weight":1},{"event_id":5292,"event_guid":"0bf761ab-9746-44c3-8bd0-a1239da75c17","weight":1},{"event_id":5343,"event_guid":"41f8b9a3-6245-5cf4-9c36-abfa5ffbd666","weight":1},{"event_id":5358,"event_guid":"25047665-60e0-5bbb-bd15-d5937103dc24","weight":1},{"event_id":5366,"event_guid":"95457cf6-6e5c-530c-8ce8-8bf9662cb90a","weight":1},{"event_id":5379,"event_guid":"a3bda554-eb73-5a33-a14c-6303f83cc451","weight":1},{"event_id":5380,"event_guid":"acc35999-4707-5ef9-a8af-f3b197f09704","weight":1},{"event_id":5381,"event_guid":"2b148a03-ea3f-5aa8-8a6d-9cb7624f303e","weight":1},{"event_id":5398,"event_guid":"641f2cd4-5a49-5663-8105-0b4e2c13a724","weight":1},{"event_id":5569,"event_guid":"d37bc91e-f1dd-4fbb-b793-c08b2436eecb","weight":1},{"event_id":5615,"event_guid":"6809c89b-899e-529f-a651-1d0c19d2421e","weight":1},{"event_id":5625,"event_guid":"7beb02b1-cc01-573b-8d74-4dd50e3c01d2","weight":1},{"event_id":5626,"event_guid":"2a8358b0-2f22-5f3e-9b5e-58f06a4b3b6c","weight":1},{"event_id":5628,"event_guid":"480aa632-0d92-5b04-9af0-30df192e5ebe","weight":1},{"event_id":5633,"event_guid":"86cb2960-b074-55f3-9416-89ba072a84e5","weight":1},{"event_id":5634,"event_guid":"88a9da4b-80b4-5e2f-ba57-85fdfea7bcd4","weight":1},{"event_id":5635,"event_guid":"0cb16633-a722-5977-817e-5ead93caa0e7","weight":1},{"event_id":5722,"event_guid":"906c5611-7e85-4593-8a4e-b33dedfce19e","weight":1},{"event_id":5761,"event_guid":"eff9b1c1-1e6b-445f-b153-a0b4a4e58b67","weight":1},{"event_id":5832,"event_guid":"fcae0fe2-fc3b-466f-85d5-4777cd46099d","weight":1},{"event_id":6078,"event_guid":"8a3c7006-ba7f-451c-a555-3a9ca4af5f2f","weight":1},{"event_id":6153,"event_guid":"53beeb85-7ec9-591d-1482-a276b1ccdd96","weight":1},{"event_id":6233,"event_guid":"9fa9eae0-2d2f-4bce-a7f5-1983003b3db7","weight":1},{"event_id":6379,"event_guid":"9dde571b-4d49-4b44-8329-42e354bcc24b","weight":1},{"event_id":6401,"event_guid":"f0d70663-0769-4462-ad27-bc516d9cb141","weight":1},{"event_id":6406,"event_guid":"686c1387-e761-4df6-b395-f9ddf92d46e7","weight":1},{"event_id":6417,"event_guid":"bf5019dc-499d-4c06-9ad0-35adbe01e7f3","weight":1},{"event_id":6462,"event_guid":"23e85d7a-9645-4ae2-9954-63b71abc08d4","weight":1},{"event_id":6474,"event_guid":"f58a2b6d-bde0-483b-a8db-043ea9371cb6","weight":1},{"event_id":6493,"event_guid":"2375222b-7dae-4bca-a5b0-aea227ab0d76","weight":1},{"event_id":6507,"event_guid":"787007cf-828d-4409-94b0-90a0b8d727a0","weight":1},{"event_id":6588,"event_guid":"f106b309-ffa8-5800-b9bf-00acb573e48c","weight":1},{"event_id":6603,"event_guid":"ea00d1e0-a580-415f-a8cf-f02883d939dc","weight":1},{"event_id":6670,"event_guid":"c3de84b0-fae8-5dc4-baf8-e1d3d288c78d","weight":1},{"event_id":6677,"event_guid":"c2fa2e95-752c-5ead-9e7b-3c171241619e","weight":1},{"event_id":6693,"event_guid":"68eef21a-279b-5ac7-9a22-0d6e43c1d97f","weight":1},{"event_id":6761,"event_guid":"fe35e706-2204-5740-a646-53064ee1a53e","weight":1},{"event_id":6775,"event_guid":"46df57d7-fa82-4a17-8b95-c02d2acfb6d5","weight":1},{"event_id":6953,"event_guid":"69bd5b99-fbd1-568f-8cde-9694b6f7e319","weight":1},{"event_id":7158,"event_guid":"64e6fe15-bbdd-5b85-b28f-b1f77d83ee11","weight":1},{"event_id":7415,"event_guid":"5af5134f-a56d-4a42-88e1-d179be98b8db","weight":1},{"event_id":7935,"event_guid":"134a9ee0-53b5-4a62-81d8-9406c85767c9","weight":1},{"event_id":7974,"event_guid":"6c23bcc6-2c83-4d15-913c-4b59cb8eb40d","weight":1},{"event_id":8201,"event_guid":"3712beb2-12f2-552a-b831-b0cd5e4527ab","weight":1}]},{"guid":"be647aba-f085-5c12-a3a0-f70c4253c80d","title":"Samba: Opening Windows","subtitle":null,"slug":"linuxtag06-374-samba_opening_windows","link":"https://c3voc.de","description":"Im April 2006 erstellt die SerNet GmbH für einen grossen Anwender der Öffentlichen Hand eine Migrationsstudie für die Umstellung nach Samba 3. Für 13.000 Benutzerkonten soll Samba 3 die zentrale Server-Anwendung werden.\n\nÜber den Autor Dr. Johannes Loxen:  Dr. Johannes Loxen is founder and managing director of SerNet - the leading company working on Samba and network security. Born 40 years ago he spent the last 20 with development of software and system integration. In 1999 he founded Germany's first embedded linux company - emlix GmbH - that is now another source of free software in Göttingen. A more detailed bio in german and english can be found at SerNet's home page. You may contact Johannes Loxen via email: JL [at] SerNet.DE","original_language":"deu","persons":["Dr. Johannes Loxen (SerNet GmbH)"],"tags":["linuxtag06","374"],"view_count":49,"promoted":false,"date":"2006-05-03T00:00:00.000+02:00","release_date":"2018-06-25T02:00:00.000+02:00","updated_at":"2026-02-28T12:00:05.272+01:00","length":2420,"duration":2420,"thumb_url":"https://static.media.ccc.de/media/events/linuxtag/2006/374-sd.jpg","poster_url":"https://static.media.ccc.de/media/events/linuxtag/2006/374-sd_preview.jpg","timeline_url":"https://static.media.ccc.de/media/events/linuxtag/2006/be647aba-f085-5c12-a3a0-f70c4253c80d-timeline.jpg","thumbnails_url":"https://static.media.ccc.de/media/events/linuxtag/2006/be647aba-f085-5c12-a3a0-f70c4253c80d-thumbnails.vtt","frontend_link":"https://media.ccc.de/v/linuxtag06-374-samba_opening_windows","url":"https://api.media.ccc.de/public/events/be647aba-f085-5c12-a3a0-f70c4253c80d","conference_title":"Linuxtag 2006","conference_url":"https://api.media.ccc.de/public/conferences/linuxtag06","related":[{"event_id":586,"event_guid":"import-6a0417ffa9c7ad0c52","weight":1},{"event_id":1057,"event_guid":"import-d93f6f776ff5e0bf3d","weight":1},{"event_id":1993,"event_guid":"H9oyfDzQNwJdvP6ZNeK8aA","weight":1},{"event_id":2043,"event_guid":"2hQwDwzZa8XpndyZAZyD1Q","weight":1},{"event_id":4230,"event_guid":"2764cdfd-49ab-4463-a809-198dec7abdf6","weight":1},{"event_id":5280,"event_guid":"2fb00fb8-016b-42a0-a2db-742b6fc2dc80","weight":1},{"event_id":5292,"event_guid":"0bf761ab-9746-44c3-8bd0-a1239da75c17","weight":1},{"event_id":5617,"event_guid":"952292a6-923e-534a-a4ae-9522777f092c","weight":1},{"event_id":5626,"event_guid":"2a8358b0-2f22-5f3e-9b5e-58f06a4b3b6c","weight":1},{"event_id":5633,"event_guid":"86cb2960-b074-55f3-9416-89ba072a84e5","weight":1},{"event_id":5636,"event_guid":"ba118e5f-1c35-585c-91f6-9477b0c64897","weight":2}]},{"guid":"6c03170f-fc25-55f7-801b-587e5336145c","title":"Secure Internet Telephony","subtitle":null,"slug":"linuxtag06-269-secure_internet_telephony","link":"https://c3voc.de","description":"Internet Telephony has become extremely popular. Unfortunately many users are either not aware of the fact or simply do not care enough that their calls are transported over the Internet without any protection against eavesdropping and abuse.  In a first part the talk will show in a practical demonstration the vulnerable nature of Internet phone calls. The network analyzer \"Ethereal\" can be used to register a call setup based on the IETF Session Initiation Protocol (SIP), record both sides of the ensuing conversation and store the session stream as an audio file that can then be reproduced on any multimedia player.  In a second part we will present the easy-to-use security mechanisms developed in 2005 by Silvan Geser and Christian Höhn from the University of Applied Sciences Rapperswil in Switzerland for the popular Kphone VoIP client (http://www.wirlab.net/kphone). The two diploma students first brought strong encryption and authentication of the multimedia streams to the kphone-4.2 release by integrating the Secure Real-time Transport Protocol (SRTP, RFC 3711) available as a library from http://srtp.sourceforge.net/srtp.htm and by adding a new KPhone SRTP configuration option that allowed the definition of a secret session key.  Since pre-shared secrets do no scale well, the students then implemented the powerful Multimedia Internet Keying protocol (MIKEY, RFC 3830) that allows a real-time end-to-end key establishment between any two VoIP peers, thus making it impossible for an unauthorized third party to listen in to the conversation. The key exchange and the mutual authentication of the clients is based on the well-known RSA public key algorithm. Since many users are frightened by the complexity of setting up a full-blown Public Key Infrastructure (PKI), the DNS-based DomainKeys scheme initially proposed by Yahoo! to identify email senders is used to distribute the public keys of the VoIP participants on a global scale. Using a single OpenSSL command each Kphone user can generate a personal RSA key pair and a simple copy-and-paste operation will create the required DNS TXT record containing the public key in the standardized DomainKeys format.  By enabling the MIKEY feature in Kphone, the public key of the peer will automatically be fetched via the Domain Name System during the call setup phase based on the SIP URI of the peer. No active user intervention will be required. The DomainKeys based peer authentication will also effectively thwart any SPAM-over-Internet-Telephony (SPIT) attacks that are expected to become a nuisance in the not too distant future.\n\nÜber den Autor Andreas Steffen:  Andreas Steffen is currently professor for Security in Communications at the Rapperswil University of Applied Sciences in Switzerland where he is heading the Institute of Internet Technologies and Applications.  From 1998 to 2004 he was a professor at the Zurich University of Applied Sciences in Winterthur where he developed the popular X.509 patch for Linux FreeS/WAN in collaboration with his students. After the demise of the FreeS/WAN project in March 2004 he forked off the Linux strongSwan project which he is still actively maintaining.  Andreas Steffen received both his Master's degree in Electrical Engineering in 1982 and his Ph.D. in 1991 from the Swiss Federal Institute of Technology in Zurich (ETHZ). From 1982 until 1998 he was an R\u0026D engineer with Siemens Switzerland where he worked in such diverse areas as RF circuit design for RADAR and medical Magnetic Resonance Imaging systems as well as Integrated Circuit design for broadband multiplexers. In his last position with Siemes he was head of the R\u0026D department \"Wireless Systems\" where he was responsible for one of the first Wireless LAN products.  Andreas Steffen has a long-standing interest in computing and cryptology. He teaches and does active research and development in the area of network security. He was a speaker at the IPsec Global Summit 2002 in Paris and the DFN Arbeitstagungen für Kommunikationsnetze in 2003, 2004, and 2005 in Düsseldorf. At the LinuxTag 2005 he presented the advanced features of the strongSwan VPN software. He was an invited speaker at several VPN seminars organized by NetworkWorld, LANline and the German Telekom. Lately he's been giving talks on VoIP security. He has also published several articles in the popular c't computer magazine. ","original_language":"eng","persons":["Andreas Steffen (Institute of Internet Technologies and Applications","Hochschule für Technik Rapperswil)"],"tags":["linuxtag06","269"],"view_count":65,"promoted":false,"date":"2006-05-04T00:00:00.000+02:00","release_date":"2018-06-25T02:00:00.000+02:00","updated_at":"2026-01-20T23:00:12.031+01:00","length":2864,"duration":2864,"thumb_url":"https://static.media.ccc.de/media/events/linuxtag/2006/269-sd.jpg","poster_url":"https://static.media.ccc.de/media/events/linuxtag/2006/269-sd_preview.jpg","timeline_url":"https://static.media.ccc.de/media/events/linuxtag/2006/6c03170f-fc25-55f7-801b-587e5336145c-timeline.jpg","thumbnails_url":"https://static.media.ccc.de/media/events/linuxtag/2006/6c03170f-fc25-55f7-801b-587e5336145c-thumbnails.vtt","frontend_link":"https://media.ccc.de/v/linuxtag06-269-secure_internet_telephony","url":"https://api.media.ccc.de/public/events/6c03170f-fc25-55f7-801b-587e5336145c","conference_title":"Linuxtag 2006","conference_url":"https://api.media.ccc.de/public/conferences/linuxtag06","related":[{"event_id":406,"event_guid":"import-e053b6572092de17d3","weight":1},{"event_id":694,"event_guid":"import-c9d167889047eb37bb","weight":1},{"event_id":957,"event_guid":"import-fa398718f4c3eec297","weight":1},{"event_id":1134,"event_guid":"import-1c9d472a2babaafdf2","weight":1},{"event_id":1535,"event_guid":"import-e66c577d6e35b88f0c","weight":1},{"event_id":2230,"event_guid":"5gpaE5FLmfxMjTlbSDJkWw","weight":1},{"event_id":2502,"event_guid":"a707951f-7f9c-4c8e-8f4f-b837f3581b7b","weight":1},{"event_id":3852,"event_guid":"6c673b80-3f20-11e7-81b0-83993a7ef3dd","weight":1},{"event_id":5288,"event_guid":"37531db5-97a0-4e99-8907-16133274b221","weight":1},{"event_id":5681,"event_guid":"5b3a9f31-41e6-5581-9a4e-30e33af8bc2f","weight":1},{"event_id":5848,"event_guid":"a633920f-8aed-5526-948a-271c48183e5a","weight":1}]},{"guid":"7beb02b1-cc01-573b-8d74-4dd50e3c01d2","title":"Keynote: Areas for Improvement in the 2.6 Kernel Development Process","subtitle":null,"slug":"linuxtag06-287-keynote_areas_for_improvement_in_the_2_6_kernel_development_process","link":"https://c3voc.de","description":"Recent years have seen a large increase in the change pressure upon the Linux kernel. Increased commercial interest, increased involvement from IT corporations and increased usage of Linux have brought in many more kernel developers, and the productivity of the developers is increasing.  The kernel team have adapted to this increased pressure by making significant changes to the manner in which the public kernel is developed, tested and distributed.  In this session we will review those process changes and the reasons for making them. We will spend some time understanding how the kernel team is presently operating. Especial attention will be paid to shortcomings in the current development process and in the manner in which we implement it.\n\nÜber den Autor Andrew Morton:  Andrew Morton is the lead maintainer for the Linux® public production kernel. His work is supported by OSDL. Andrew works with Linux creator Linus Torvalds, the kernel subsystem maintainers, Linux distribution companies, hardware vendors and other interested parties to ensure that the public production kernel meets their needs. He is the final arbitrator on determining what code is accepted into the Linux production kernel.  Andrew has worked in software development for more than 20 years. As principal engineer at Digeo, he was responsible for the base operating system in the company's broadband digital home entertainment products. Prior to Digeo, he was product development manager for Nortel Networks Australian R\u0026D labs. Previously Andrew served as managing director of an Australia-based personal computer firm and also worked as a hardware engineer for an Australian maker of digital gaming equipment.","original_language":"eng","persons":["Andrew Morton (OSDL)"],"tags":["linuxtag06","287"],"view_count":15,"promoted":false,"date":"2006-05-05T00:00:00.000+02:00","release_date":"2018-06-25T02:00:00.000+02:00","updated_at":"2026-01-02T18:00:24.367+01:00","length":5072,"duration":5072,"thumb_url":"https://static.media.ccc.de/media/events/linuxtag/2006/287-sd.jpg","poster_url":"https://static.media.ccc.de/media/events/linuxtag/2006/287-sd_preview.jpg","timeline_url":"https://static.media.ccc.de/media/events/linuxtag/2006/7beb02b1-cc01-573b-8d74-4dd50e3c01d2-timeline.jpg","thumbnails_url":"https://static.media.ccc.de/media/events/linuxtag/2006/7beb02b1-cc01-573b-8d74-4dd50e3c01d2-thumbnails.vtt","frontend_link":"https://media.ccc.de/v/linuxtag06-287-keynote_areas_for_improvement_in_the_2_6_kernel_development_process","url":"https://api.media.ccc.de/public/events/7beb02b1-cc01-573b-8d74-4dd50e3c01d2","conference_title":"Linuxtag 2006","conference_url":"https://api.media.ccc.de/public/conferences/linuxtag06","related":[{"event_id":3982,"event_guid":"fcc2ffca-3079-5b55-ba27-a676c7b5e8c7","weight":1},{"event_id":5632,"event_guid":"5d94dbe5-fdee-5b1c-9a8a-459b1bbeef27","weight":1},{"event_id":5635,"event_guid":"0cb16633-a722-5977-817e-5ead93caa0e7","weight":1},{"event_id":7462,"event_guid":"bc0ea171-a661-56f9-a518-e32c84bbcf8b","weight":1},{"event_id":7650,"event_guid":"eb077a88-d0d1-5a87-bc50-68bacdeaf135","weight":1},{"event_id":7653,"event_guid":"2f97a6f3-e441-505a-8be2-e95554c44430","weight":1},{"event_id":7817,"event_guid":"2966fdbd-20be-5871-9fa1-c2f5065fd701","weight":1}]},{"guid":"732a3378-feed-52ff-b8b3-899549842eb4","title":"Root and Proof (C++ scripting interface and parallel data analysis)","subtitle":null,"slug":"linuxtag06-305-root_and_proof_c_scripting_interface_and_parallel_data_analysis","link":"https://c3voc.de","description":"ROOT (== ROOT Object Oriented Toolkit) is an Open Source analysis environment developed at the European Center for Nuclear Research CERN in Geneva. It is based on a C++ interpreter - cint - which is versatile enough to be used as an extension module for compiled programs and which can itself be extended with compiled libraries. With a few million lines of code it is also one of the largest Open Source projects available. PROOF (the Parallel ROOT Facility) allows to do distributed analysis of (very) large datasets in a Grid environment, using ROOT.\n\nÜber den Autor Ruediger Berlich:  Dr. Ruediger Berlich has studied physics at the University of Bochum in Germany. Until 2001 he was a member of SuSE Linux AG, then Europe's leading Linux distributor. Among other duties, he has served as Technical Manager (Support) of SuSE's US office in Oakland/California and as founder and Managing Director of SuSE's UK office SuSE Linux Ltd. near London/UK. In January 2004, he finished a PHD at Bochum University, relating to particle physics and distributed computing. Since then he has been active in the field of Grid Computing at Forschungszentrum Karlsruhe, Germany's largest independent research institution. Apart from his research activities, he is responsible for the work areas \"training\" and \"dissemination and outreach\" of the largest EU Grid initiative, EGEE (\"Enabling Grids for E-SciencE\"), on behalf of the German/Swiss EGEE federation.","original_language":"eng","persons":["Ruediger Berlich (Forschungszentrum Karlsruhe)"],"tags":["linuxtag06","305"],"view_count":28,"promoted":false,"date":"2006-05-06T00:00:00.000+02:00","release_date":"2018-06-25T02:00:00.000+02:00","updated_at":"2024-08-09T08:30:02.412+02:00","length":3010,"duration":3010,"thumb_url":"https://static.media.ccc.de/media/events/linuxtag/2006/305-sd.jpg","poster_url":"https://static.media.ccc.de/media/events/linuxtag/2006/305-sd_preview.jpg","timeline_url":"https://static.media.ccc.de/media/events/linuxtag/2006/732a3378-feed-52ff-b8b3-899549842eb4-timeline.jpg","thumbnails_url":"https://static.media.ccc.de/media/events/linuxtag/2006/732a3378-feed-52ff-b8b3-899549842eb4-thumbnails.vtt","frontend_link":"https://media.ccc.de/v/linuxtag06-305-root_and_proof_c_scripting_interface_and_parallel_data_analysis","url":"https://api.media.ccc.de/public/events/732a3378-feed-52ff-b8b3-899549842eb4","conference_title":"Linuxtag 2006","conference_url":"https://api.media.ccc.de/public/conferences/linuxtag06","related":[{"event_id":2073,"event_guid":"4rOepRrO3-15F25YRbZPOQ","weight":1},{"event_id":3355,"event_guid":"1b0f7a57-4f8e-5897-855a-a1e0fe4a8de5","weight":1},{"event_id":3640,"event_guid":"700a07e7-a9c4-437b-a4c5-4491b23a9b4a","weight":1},{"event_id":3648,"event_guid":"8aaa55ad-b426-4d7a-8d46-f4b34a906eda","weight":1},{"event_id":3986,"event_guid":"ff2bf44f-3417-5914-a017-9777087662f7","weight":1},{"event_id":5254,"event_guid":"83235eb6-ce2d-4f4d-8124-1d38010a2076","weight":1},{"event_id":5256,"event_guid":"c2474049-40f0-4d92-935e-e22090e3d343","weight":2},{"event_id":5262,"event_guid":"1e7ca9c3-609b-4c73-bf25-60501cba6791","weight":2},{"event_id":5271,"event_guid":"3af88c8a-b051-4691-9c3e-f518f42ca5d3","weight":1},{"event_id":5273,"event_guid":"065e78a2-c020-4199-ad38-4bea1e62eb15","weight":1},{"event_id":5274,"event_guid":"c38c514b-99f4-4906-a0e5-189df72dbd9e","weight":1},{"event_id":5280,"event_guid":"2fb00fb8-016b-42a0-a2db-742b6fc2dc80","weight":1},{"event_id":5393,"event_guid":"faea7134-21b2-5264-9e02-a8706b63e7fc","weight":1},{"event_id":5618,"event_guid":"bac51d24-c529-5d9e-81c9-73a5c09e81ac","weight":1},{"event_id":5637,"event_guid":"d9898c2f-fd78-4d04-b5d3-683df6895fa3","weight":1},{"event_id":5638,"event_guid":"bc119064-0b23-443b-82d4-55719d478151","weight":1},{"event_id":5960,"event_guid":"541dc917-721a-59c3-b4eb-371a7e8acc3e","weight":1},{"event_id":6380,"event_guid":"e9095f5f-a38a-48da-b3d7-20da141b8b14","weight":1},{"event_id":6434,"event_guid":"6beabddc-2dd6-43d2-9936-618d41d42cde","weight":1},{"event_id":6866,"event_guid":"892b81d8-3262-51b3-b5cd-a75aabc862fc","weight":1},{"event_id":7004,"event_guid":"d738e0f8-7937-5871-8e5f-d7fcd799c37b","weight":1},{"event_id":7016,"event_guid":"1ef521cc-4b8f-590c-8738-15bea2657941","weight":1}]},{"guid":"0f74ae28-15c4-5f97-8c6f-dc90619ac30d","title":"An insider's guide to Linux Logical Volume Management with LVM2","subtitle":null,"slug":"linuxtag06-285-an_insider_s_guide_to_linux_logical_volume_management_with_lvm2","link":"https://c3voc.de","description":"LVM2 is the default disk volume manager in modern distributions based on the linux 2.6 kernel. While remaining backwards-compatible with the original version of LVM it offers a wide variety of new features including support for clustering.  After introducing LVM2 concepts and terminology, this presentation will show you how to create and manipulate logical volumes. It will teach you how to avoid common pitfalls when performing operations such as resizing logical volumes, moving data between disks (pvmove), and moving disks containing logical volumes from one machine to another.  The presentation will go on to describe the layout of LVM2 metadata and how the tools manipulate it and then show you some troubleshooting techniques.\n\nÜber den Autor Alasdair G. Kergon:  Alasdair Kergon has worked on linux logical volume management since joining Sistina Software in 2001. Now employed by Red Hat in Surrey, UK, he is responsible for the development and maintenance of LVM2 and device-mapper.  Since 1999 Alasdair has helped to organise the UK Unix User Group's highly-successful annual Linux Developer Conferences, including this year's in Brighton (29th June - 2nd July).","original_language":"eng","persons":["Alasdair G. Kergon (Red Hat)"],"tags":["linuxtag06","285"],"view_count":104,"promoted":false,"date":"2006-05-05T00:00:00.000+02:00","release_date":"2018-06-25T02:00:00.000+02:00","updated_at":"2026-01-25T02:30:07.192+01:00","length":3405,"duration":3405,"thumb_url":"https://static.media.ccc.de/media/events/linuxtag/2006/285-sd.jpg","poster_url":"https://static.media.ccc.de/media/events/linuxtag/2006/285-sd_preview.jpg","timeline_url":"https://static.media.ccc.de/media/events/linuxtag/2006/0f74ae28-15c4-5f97-8c6f-dc90619ac30d-timeline.jpg","thumbnails_url":"https://static.media.ccc.de/media/events/linuxtag/2006/0f74ae28-15c4-5f97-8c6f-dc90619ac30d-thumbnails.vtt","frontend_link":"https://media.ccc.de/v/linuxtag06-285-an_insider_s_guide_to_linux_logical_volume_management_with_lvm2","url":"https://api.media.ccc.de/public/events/0f74ae28-15c4-5f97-8c6f-dc90619ac30d","conference_title":"Linuxtag 2006","conference_url":"https://api.media.ccc.de/public/conferences/linuxtag06","related":[{"event_id":3065,"event_guid":"161c6568-b7ae-41af-b20e-05d375872e66","weight":1},{"event_id":3986,"event_guid":"ff2bf44f-3417-5914-a017-9777087662f7","weight":1},{"event_id":4410,"event_guid":"26c1f7b1-3859-4ce3-a837-664a1bcb735d","weight":1},{"event_id":4455,"event_guid":"fcf36749-0953-4524-825c-e89b52fd756e","weight":1},{"event_id":4646,"event_guid":"3e4263fb-2d17-486b-8f41-24b19ef64ffb","weight":1},{"event_id":4673,"event_guid":"dc224041-cb12-4890-bbb5-f7931e2f21d8","weight":2},{"event_id":4841,"event_guid":"c38ddf1b-10d7-462c-a934-e69e9259ab19","weight":1},{"event_id":4924,"event_guid":"51b646f8-7afc-46be-8f77-50f7787c1f5d","weight":1},{"event_id":5256,"event_guid":"c2474049-40f0-4d92-935e-e22090e3d343","weight":1},{"event_id":5473,"event_guid":"7b23facb-2220-517b-b467-855b10983849","weight":1},{"event_id":5616,"event_guid":"a44b9b1c-4839-5d07-9f44-166a59cb6dda","weight":1},{"event_id":5617,"event_guid":"952292a6-923e-534a-a4ae-9522777f092c","weight":1},{"event_id":5618,"event_guid":"bac51d24-c529-5d9e-81c9-73a5c09e81ac","weight":1},{"event_id":5620,"event_guid":"0b0db69d-bda6-567e-9c5a-9fea99e86404","weight":1},{"event_id":5624,"event_guid":"de905f06-a3a5-593c-a862-95969b167793","weight":1},{"event_id":5628,"event_guid":"480aa632-0d92-5b04-9af0-30df192e5ebe","weight":1},{"event_id":5636,"event_guid":"ba118e5f-1c35-585c-91f6-9477b0c64897","weight":1},{"event_id":6078,"event_guid":"8a3c7006-ba7f-451c-a555-3a9ca4af5f2f","weight":1},{"event_id":6247,"event_guid":"74f91f9e-dc11-4af0-b393-69ebb684e9e9","weight":1},{"event_id":6248,"event_guid":"a142251b-81f2-4195-95ba-c0f3818ce884","weight":1},{"event_id":6477,"event_guid":"c85de43e-107e-4247-b550-946f376e2ec4","weight":1}]},{"guid":"c3a28747-c7b9-5500-8eb3-bc40e5df3b88","title":"Prozessunterstützung bei der Deutschen WertpapierService Bank AG mit OTRS","subtitle":null,"slug":"linuxtag06-376-prozessunterstuetzung_bei_der_deutschen_wertpapierservice_bank_ag_mit_otrs","link":"https://c3voc.de","description":"Die Deutsche WertpapierService Bank AG ist Deutschlands größte Wertpapier Bank. Im Beitrag wird der Einsatz des OTRS - Open Ticket Request System nach einer Migration von ARS Remedy seit 2003 beschrieben. Zu den technologischen Highlights zählen der Webserver und die Datenbank in einer Clusterumgebung auf RedHat Enterprise Server. Kunden und Agenten werden in einem zentralen LDAP-Verzeichnis gehalten.  Die dwpbank nutzt OTRS zur Abwicklung ihrer Kerngeschäfte im First- und Secondlevel-Support für die externen Finanzinstitute, außerdem im internen Helpdesk. Auch das Kundeninterface wird für Realtimezugriffe genutzt. Dort kann sich ein berechtigter Kunde, das heißt ein Mitarbeiter der verbundenen Mandanten, am OTRS-System anmelden. Er kann neue Tickets direkt im System generieren, Ergänzungen zu vorhandenen Tickets schreiben und sich die komplette Historie und den Bearbeitungsstatus ansehen. Wenn es die Situation erfordert, ist der Kunde auch in der Lage, bereits geschlossene Tickets wieder zu öffnen. Und weil ein Kunde alle Tickets seines Hauses sieht, wird die mehrfache Erstellung von Tickets zum gleichen Problem vermieden.  Externe Kundenanfragen per Telefon oder Kundeninterface werden dabei entweder direkt von der dwpbank-Kundenbetreuung namens \"ServiceLine\" beantwortet (First Level) oder zur Weiterbearbeitung in die entsprechenden Fachbereiche geroutet (SecondLevel). Dabei werden die externen Kunden, also Mitarbeiter der angeschlossenen Finanzinstitute, über automatisch versandte Mails oder das Kundeninterface ständig über den aktuellen Stand des Tickets informieren. Die Historie des Tickets, von der Erstellung bis zur Lösung, ist jederzeit nachvollziehbar.  Ebenso komfortabel läuft parallel dazu die interne Ticketbearbeitung: Supportanfragen werden innerhalb der Bank von Fachbereichen im OTRS aufgegeben und zur Bearbeitung inklusive aller notwendigen Management-Funktionen in die DV Abteilungen geroutet. Durch die Möglichkeit, beide Bereiche innerhalb OTRS sauber zu trennen, wurde außerdem die geforderte interne Leistungsverrechnung möglich. Hier bot die Software geeignete Tools und vor allem den nötigen Spielraum, um ein individuelles Berechtigungskonzept zu entwickeln. Heute besteht eine klare Trennung zwischen fachlichem und EDV-Bereich.  Mit der Zeit wurde OTRS zum zentralen Tool, mit dem jeder Schritt einer Problemlösung in dwpbank-Projekten verfolgt wird. Durch das Gruppen-/Berechtigungskonzept ist es möglich, auch externe Mitarbeiter im System arbeiten zu lassen, ohne dass sie interne Tickets sehen können - ein weiterer Grund dafür, dass OTRS zur Kommunikationszentrale in den Projekten geworden ist. Ein umfangreiches Berichtwesen innerhalb der Software ermöglicht darüber hinaus die Überprüfung von SLAs (Service Level Agreements) und gibt den Teamleitern immer eine aktuelle Übersicht zu den jeweils in Ihrem Fachbereich kursierenden Tickets. Keine Frage, dass die ausgedruckten OTRS-Statistiken und Reporte Grundlage vieler Meetings sind.  Zusätzlich zu den erwähnten Funktionen entwickeln die TTS-Experten der dwpbank derzeit auf Basis OTRS ein Beschwerdemanagement, das ebenso wie das Berichtswesen der Einhaltung von SLAs genügen muss. Außerdem soll mit der Abbildung von Anforderungen eines CallCenters mit schnellem Zugriff auf die FAQ der First Level Support weiter optimiert werden. Darüber hinaus wollen die Service Management-Verantwortlichen in Zukunft auch ein externes Reporting für die dwpbank-Mandanten einrichten. \n\nÜber den Autor Martin Edenhofer:  Martin Edenhofer (28) gehört zu den Linux-Pionieren und den Erfindern quelloffener Software in Deutschland. Edenhofer ist Erfinder und Gründer des OTRS.org Projekts und hat an der Entwicklung des Trouble Ticket Systems OTRS maßgeblichen Anteil. Als Projektleiter und Entwickler war er bei der SuSE Linux AG für das STTS (das SuSE-eigene Trouble Ticket System) verantwortlich. 2001 wechselte Edenhofer von Nürnberg nach Frankfurt am Main zu Lufthansa Systems.","original_language":"deu","persons":["Martin Edenhofer (OTRS GmbH)"],"tags":["linuxtag06","376"],"view_count":21,"promoted":false,"date":"2006-05-03T00:00:00.000+02:00","release_date":"2018-06-25T02:00:00.000+02:00","updated_at":"2025-07-04T11:45:06.353+02:00","length":1895,"duration":1895,"thumb_url":"https://static.media.ccc.de/media/events/linuxtag/2006/376-sd.jpg","poster_url":"https://static.media.ccc.de/media/events/linuxtag/2006/376-sd_preview.jpg","timeline_url":"https://static.media.ccc.de/media/events/linuxtag/2006/c3a28747-c7b9-5500-8eb3-bc40e5df3b88-timeline.jpg","thumbnails_url":"https://static.media.ccc.de/media/events/linuxtag/2006/c3a28747-c7b9-5500-8eb3-bc40e5df3b88-thumbnails.vtt","frontend_link":"https://media.ccc.de/v/linuxtag06-376-prozessunterstuetzung_bei_der_deutschen_wertpapierservice_bank_ag_mit_otrs","url":"https://api.media.ccc.de/public/events/c3a28747-c7b9-5500-8eb3-bc40e5df3b88","conference_title":"Linuxtag 2006","conference_url":"https://api.media.ccc.de/public/conferences/linuxtag06","related":[{"event_id":2826,"event_guid":"9ab1407a-126f-48d9-898d-eae7974324e9","weight":1},{"event_id":5254,"event_guid":"83235eb6-ce2d-4f4d-8124-1d38010a2076","weight":1},{"event_id":5795,"event_guid":"d3821dc9-94af-438a-af6a-d4f79df43a2f","weight":1},{"event_id":5802,"event_guid":"281464f3-4783-4c82-8e55-709b6ccee776","weight":1}]},{"guid":"88a9da4b-80b4-5e2f-ba57-85fdfea7bcd4","title":"Edubuntu","subtitle":null,"slug":"linuxtag06-356-edubuntu","link":"https://c3voc.de","description":"Opensource im Klassenzimmer mit Edubuntu. Was genau ist Edubuntu, wie spart es kosten, was sind die Ziele und wie wird es gebaut.  Dieser Vortrag stellt Edubuntu und seine möglichkeiten im Klassenzimmer vor, gibt einblick in existierende Projekte die Edubuntu nutzen und beshreibt kurz wie ein Ubuntu derivat entsteht.  Es wird auch eine kurze Einführung in die funktionsweise der neuen Ubuntu LTSP Implementierung stattfinden die ein kernbestandteil von Edubuntu ist.\n\nÜber den Autor Oliver Grawert:  - Geb. 1970 in hannover - Nach der Schule 10 jahre ambulante Behinderten- und Sterbebetreuung - 1996 1/2 Jahr Job bei ISP ping Netzwersysteme in Hannover - 1996-'97 selbständigkeit Webdesign/Hosting - 1997-'98 Grefik Designer bei Atelier Kamp in Uetze bi Celle - 1999 wieder 1/2 Jahr ping Netzwersysteme - 1999 abt. leitung der IT bei phoenics GIS/Photogrammetrie GmbH - 2001 1 Jahr Consulting bei Kabel NRW/ish GmbH in Köln, aufbau des Kable Internet - 2002-'03 Leitung des internet Testbed/Installer Helpdesk ish GmbH - 2003-'04 Wechsel zu Abt. Reporting als Spezialist Informationsmanagement - 2004- Anfang 2005 Wechsel zu Abt. digitalTV als Spezialist f. Settopboxen - Anfang 2005 bis dato Canonical LTD. Projektleitung edubuntu","original_language":"deu","persons":["Oliver Grawert (Canonical LTD.)"],"tags":["linuxtag06","356"],"view_count":57,"promoted":false,"date":"2006-05-06T00:00:00.000+02:00","release_date":"2018-06-25T02:00:00.000+02:00","updated_at":"2025-09-20T14:45:03.953+02:00","length":3475,"duration":3475,"thumb_url":"https://static.media.ccc.de/media/events/linuxtag/2006/356-sd.jpg","poster_url":"https://static.media.ccc.de/media/events/linuxtag/2006/356-sd_preview.jpg","timeline_url":"https://static.media.ccc.de/media/events/linuxtag/2006/88a9da4b-80b4-5e2f-ba57-85fdfea7bcd4-timeline.jpg","thumbnails_url":"https://static.media.ccc.de/media/events/linuxtag/2006/88a9da4b-80b4-5e2f-ba57-85fdfea7bcd4-thumbnails.vtt","frontend_link":"https://media.ccc.de/v/linuxtag06-356-edubuntu","url":"https://api.media.ccc.de/public/events/88a9da4b-80b4-5e2f-ba57-85fdfea7bcd4","conference_title":"Linuxtag 2006","conference_url":"https://api.media.ccc.de/public/conferences/linuxtag06","related":[{"event_id":1057,"event_guid":"import-d93f6f776ff5e0bf3d","weight":1},{"event_id":4690,"event_guid":"9c7834b9-816d-4c56-b242-53d37af3741b","weight":1},{"event_id":4826,"event_guid":"16645200-2036-4a3c-a44d-a5ff44ac2991","weight":1},{"event_id":5271,"event_guid":"3af88c8a-b051-4691-9c3e-f518f42ca5d3","weight":1},{"event_id":5325,"event_guid":"dda720ca-f11b-5ef5-beeb-5e33d2ed3e53","weight":1},{"event_id":5329,"event_guid":"33c0a435-974b-5a65-9798-81ee2bfb925b","weight":1},{"event_id":5354,"event_guid":"bc2263a7-7870-55d5-9458-63c8d51c2036","weight":1},{"event_id":5355,"event_guid":"8afc16c2-d76a-53f6-85e4-90494665835d","weight":1},{"event_id":5415,"event_guid":"b2851deb-e603-46d5-84a7-218904638a7a","weight":1},{"event_id":5577,"event_guid":"f6286be9-0708-5bc9-b669-5d783e2516e6","weight":1},{"event_id":5609,"event_guid":"02b0ad5d-58d9-59e0-a443-19d33ce729b7","weight":1},{"event_id":5610,"event_guid":"456fb60c-5ce7-11e8-be47-1fb2912eb889","weight":1},{"event_id":5613,"event_guid":"1a145dde-fc10-5e84-b37f-f712aa0897d8","weight":1},{"event_id":5615,"event_guid":"6809c89b-899e-529f-a651-1d0c19d2421e","weight":1},{"event_id":5617,"event_guid":"952292a6-923e-534a-a4ae-9522777f092c","weight":1},{"event_id":5628,"event_guid":"480aa632-0d92-5b04-9af0-30df192e5ebe","weight":3},{"event_id":5636,"event_guid":"ba118e5f-1c35-585c-91f6-9477b0c64897","weight":2},{"event_id":5637,"event_guid":"d9898c2f-fd78-4d04-b5d3-683df6895fa3","weight":2},{"event_id":5638,"event_guid":"bc119064-0b23-443b-82d4-55719d478151","weight":1}]},{"guid":"a2690ffd-d1c2-53f3-8af7-5d79e5b947a9","title":"Trusted Computing und Digital Rights Management unter Linux - ein Update","subtitle":null,"slug":"linuxtag06-999-trusted_computing_und_digital_rights_management_unter_linux_ein_update","link":"https://c3voc.de","description":"Über den Ansatz zum Trusted Computing der Trusted Computing Platform Alliance (TCPA) bzw. deren Nachfolger der Trusted Computing Group (TCG) wurde in den letzten Jahren viel Richtiges aber sicher auch genauso viel Falsches geschrieben. Fakt ist, dass fundierte Aussagen über die Sicherheitsimplikationen der spezifizierten Hardware (dem Trusted Platform Module, TPM) mangels breiter Unterstützung durch Applikationen oder Betriebssysteme weiterhin schwierig sind.  Hinter den Kulissen haben sich in der letzten Zeit einige Änderungen an den Standards und den Plänen der beteiligten Parteien ergeben. Teilweise wurden hierbei sogar die Anregungen der Kritiker berücksichtigt, teilweise gibt es in den Spezifikationen nach wie vor grobe Ungereimtheiten. Nach einer kurzen technischen Betrachtung des TPM, werden relevante Projekte der letzten Jahre vorgestellt die auf die Funktionalitäten des TPMs aufbauen und Sicherheits- bzw. DRM-Funktionalitäten zur Verfügung stellen.  Interessanterweise gibt es gerade unter Linux eine brauchbare Kernelunterstützung sowie einige viel versprechende (Forschungs)Projekte die es sich zum Ziel gemacht haben die Sicherheit des Systems und des Anwenders zu erhöhen.  Der Vortrag richtet sich an Personen die sich über die Möglichkeiten und den Status Quo von Trusted Computing und DRM im Jahr 2006 informieren möchten um sich so ein eigenes Bild von den Gefahren und den Chancen zu machen.\n\nÜber den Autor Wilhelm Dolle:  Wilhelm Dolle (http://www.dolle.net) ist als Mitglied der Geschäftsleitung der interActive Systems GmbH für den Bereich Information Technology und IT-Security verantwortlich. Er ist CISA, CISSP sowie beim BSI lizensierter IT-Grundschutz-Auditor, beschäftigt sich seit den 80er Jahren mit vernetzten Systemen und deren Sicherheit, hält regelmäßig Vorträge zu IT- bzw. Security-Themen und hat eine Vielzahl an Publikationen in diesem Gebiet veröffentlicht. Daneben arbeitet er als Gutachter bei verschiedenen Verlagen und unterrichtet an einer Berufsakademie das Fach Netzwerksicherheit.","original_language":"deu","persons":["Wilhelm Dolle (interActive Systems GmbH)"],"tags":["linuxtag06","999"],"view_count":26,"promoted":false,"date":"2006-05-04T00:00:00.000+02:00","release_date":"2018-06-25T02:00:00.000+02:00","updated_at":"2025-06-10T14:15:06.342+02:00","length":1889,"duration":1889,"thumb_url":"https://static.media.ccc.de/media/events/linuxtag/2006/999-sd.jpg","poster_url":"https://static.media.ccc.de/media/events/linuxtag/2006/999-sd_preview.jpg","timeline_url":"https://static.media.ccc.de/media/events/linuxtag/2006/a2690ffd-d1c2-53f3-8af7-5d79e5b947a9-timeline.jpg","thumbnails_url":"https://static.media.ccc.de/media/events/linuxtag/2006/a2690ffd-d1c2-53f3-8af7-5d79e5b947a9-thumbnails.vtt","frontend_link":"https://media.ccc.de/v/linuxtag06-999-trusted_computing_und_digital_rights_management_unter_linux_ein_update","url":"https://api.media.ccc.de/public/events/a2690ffd-d1c2-53f3-8af7-5d79e5b947a9","conference_title":"Linuxtag 2006","conference_url":"https://api.media.ccc.de/public/conferences/linuxtag06","related":[{"event_id":1048,"event_guid":"import-63b6e70b859a1b152d","weight":1},{"event_id":3427,"event_guid":"8d656de7-3b04-4e71-bd77-fd8fc494bc43","weight":1},{"event_id":4681,"event_guid":"fa595475-4159-438a-aa03-735331373a15","weight":1},{"event_id":4856,"event_guid":"c5bfac96-8290-438a-a47a-ebdbf0ab5365","weight":1}]},{"guid":"0cb16633-a722-5977-817e-5ead93caa0e7","title":"The OSDL/freedesktop.org Portland project explained","subtitle":null,"slug":"linuxtag06-357-the_osdl_freedesktop_org_portland_project_explained","link":"https://c3voc.de","description":"Application developers targetting the Linux Desktop are confronted with a wide range of different desktop configuration which makes it difficult to integrate their applications with the desktop environment of their user's choice. The Portland project set out to create a common set of high-level desktop integration APIs that application developers can depend on regardless of the environment that the user is running.  Portland is focused around two set of interfaces. One set is based on command line tools that provide a single way to install menu items, add icons to the desktop, open files or URLs in the application of the user's choice, activate a mail composer or ask the user for permission to run a command as root. The other set of interfaces is based on a library that applications can link with to get access to similar functionality as well as more demanding tasks such as keyring management and addressbook lookups.  In this presentation Waldo Bastian will give an update on the latest status of the portland project and looks ahead on the challlenges ahead. \n\nÜber den Autor Waldo Bastian:  Waldo Bastian is chairman of the technical board of the OSDL Desktop Linux workgroup. Waldo works for Intel Corporation as Linux Client Architect in the Channel Platform Solutions Group. Before joining Intel in 2005 he worked for SUSE/Novell were he led the Desktop team within SUSE Labs. As a long time contributor to the KDE project Waldo has been involved with desktop Linux for more than 7 years. Currently Waldo is involved in the OSDL/freedesktop.org Portland project which is defining a set of high-level APIs that allows applications to integrate more easily with the Linux desktop. Waldo is also a member of the OASIS OpenDocument TC. ","original_language":"eng","persons":["Waldo Bastian (Intel Corporation)"],"tags":["linuxtag06","357"],"view_count":22,"promoted":false,"date":"2006-05-06T00:00:00.000+02:00","release_date":"2018-06-25T02:00:00.000+02:00","updated_at":"2025-10-04T05:15:02.564+02:00","length":2634,"duration":2634,"thumb_url":"https://static.media.ccc.de/media/events/linuxtag/2006/357-sd.jpg","poster_url":"https://static.media.ccc.de/media/events/linuxtag/2006/357-sd_preview.jpg","timeline_url":"https://static.media.ccc.de/media/events/linuxtag/2006/0cb16633-a722-5977-817e-5ead93caa0e7-timeline.jpg","thumbnails_url":"https://static.media.ccc.de/media/events/linuxtag/2006/0cb16633-a722-5977-817e-5ead93caa0e7-thumbnails.vtt","frontend_link":"https://media.ccc.de/v/linuxtag06-357-the_osdl_freedesktop_org_portland_project_explained","url":"https://api.media.ccc.de/public/events/0cb16633-a722-5977-817e-5ead93caa0e7","conference_title":"Linuxtag 2006","conference_url":"https://api.media.ccc.de/public/conferences/linuxtag06","related":[{"event_id":3104,"event_guid":"b2bc162c-1745-4f45-ba56-766b4174095b","weight":1},{"event_id":3982,"event_guid":"fcc2ffca-3079-5b55-ba27-a676c7b5e8c7","weight":1},{"event_id":4759,"event_guid":"119d0188-df86-11e7-a509-670931c02efc","weight":1},{"event_id":4840,"event_guid":"21127aeb-fe1f-4506-a3f0-d747e20419a5","weight":1},{"event_id":4942,"event_guid":"684c65c0-f61d-11e7-a1a3-57c648cc8333","weight":1},{"event_id":5613,"event_guid":"1a145dde-fc10-5e84-b37f-f712aa0897d8","weight":1},{"event_id":5625,"event_guid":"7beb02b1-cc01-573b-8d74-4dd50e3c01d2","weight":1},{"event_id":5632,"event_guid":"5d94dbe5-fdee-5b1c-9a8a-459b1bbeef27","weight":1}]},{"guid":"e44d5aed-d062-54d8-aa4d-ae401fcdca64","title":"OpenTC: An Open Approach to Trusted Virtualization","subtitle":null,"slug":"linuxtag06-266-opentc_an_open_approach_to_trusted_virtualization","link":"https://c3voc.de","description":"\nOpenTC – an Open Approach to Trusted Virtualization Dirk Kuhlmann, Hewlett Packard Laboratories [1] dirk.kuhlmann@hp.com  Purpose : Submitted as abstract for a presentation at LinuxTag 2006 in Wiesbaden Date : January 15., 2006  The advent of 'trusted computing' (TC) technology as specified by the Trusted Computing Group has not met much enthusiasm by the Free/Open Source Software (FOSS) and LINUX communities so far. Despite this fact, FOSS based systems have become the preferred vehicle for much of the academic and industrial research on Trusted Computing. In parallel, a lively public discussion between proponents and critics of TC has dealt with the question whether the technology and concepts put forward by the TCG are compatible, complementary or potentially detrimental to the prospects of open software development models and products.  Common misconceptions of TC technology are that it implies or favors closed and proprietary systems, reduces options of using arbitrary software, or allows to remotely control what users can and can't do on their computer. It has long been argued, though, that these and similar undesirable effects are by no means unavoidable, if only because the underlying technology is passive and neutral with regard to specific policies. It has also been established that features displayed by TC equipped platforms will almost exclusively be determined by the design of OS and software running on top of it. Given appropriate design, implementation and validation of trusted software components, and using contractual models of negotiating policies, negative effects can be circumvented while improving the system's trust and security properties. This is the intellectual starting point of the EU-supported [2], collaborative OpenTC [3] research and development project that began in November 2006.  Combining FOSS and TC Technology  OpenTC aims to demonstrate that a combination of TC technology and FOSS has several inherent advantages that are hard to meet by any proprietary approach. Since TC protected software components are protected from inspection during runtime, it is highly desirable that their design documents and source code are available for inspection and validation. Enhanced security at the technical level tends to come at the expense of constraining user options, and the discursive nature of FOSS-development and testing could help to get the balance right. Finally, any attempts to introduce TC technology are likely to fail without the buy-in of its intended users, and openness could prove to be the most important factor for user acceptance.  OpenTC sets out to produce building blocks for cooperative security models that can be based on platform properties without having to assume the identifiability, personal accountability and reputation of platform owners or users. For reasons of privacy and efficiency, such models could be preferable to those starting from adversarial behavior.. A policy model based on platform properties, however, requires reliable audit facilities and the trustworthy reporting of platform states to both local users and remote peers. The security architecture put forward by the TCG supplies these functions, including a stepwise verification of platform components with an integral, hardware-assisted auditing facility at its root. In the OpenTC architecture, this will be used as a basic building block  Technical Approach: Trusted Virtualization  We chose (para-)virtualization as the underlying architecture for a trusted system architecture. In doing this, OpenTC addresses a major concern raised with regard to TC: namely, that trusted computing will dictate to exclusively employ components whose trustworthiness has to be vetted by third parties. Virtualization permits to simultaneously run standard OS distributions and application alongside others that have been locked down for specific purposes. By combining TC and virtualization, it is possible to attest – either to a local user or a remote peer – that the core platform is configured in a way that inhibits privilege escalation or that applications and services are executed in a safe environment shielding them from unauthorized intervention.  OpenTC explores this idea for two (para)virtualization approaches: XEN and L4. Both projects that have long since reached out beyond their academic roots by making their systems available under FOSS licenses and are boosted by active developer and user communities. So far, both engines can host multiple customized Linux instances in parallel. The development teams currently are working on integrating hardware-based virtualization support as offered by AMD's and INTEL's new CPU generations. Prototypic results have demonstrated that this will allow to host unmodified OS versions as well [4].  The new CPU features will offers to choose between hard- or software based isolation mechanisms to arrive at required strength of protection and security. In combination with TC technologies, additional features will support establishing trusted paths between software components and I/O devices such as keyboard, mouse and graphics controller and help to counter attacks such as keyboard logging and window spoofing, another long-standing class of problem.  The virtualization engines will be initialized in a known-good state by means of boot-chain verification. The TPM and BIOS state is measured and logged into the Trusted Computing module. The BIOS checks and log the contents of the master boot record before loading it into memory. The MBR is part of a modified version of GRUB with a software routine to measure and log the rest of the boot loader code prior to passing control to it. The loader measures and log the components of the virtualization layer.  Protected Execution Environments  We do not claim originality for the architecture and the policy models implemented, since we are heavily borrowing from research on trusted operating systems that goes back as far as 30 years. The underlying principles – isolation and controlled information flow – are already implemented on some FOSS based systems. Compartmentalization as offered by several security hardened versions of Linux can be used to this end, and it has been demonstrated that such systems can be integrated with TC technology [5]. However, the size and complexity of these implementations is an almost unsurmountable obstacle for any attempt to seriously evaluate their actual security properties. Furthermore, the limited size of developer communities, difficulties of understanding and complexity of managing configurations and policies continue to be road blocks for deployment of trusted platforms ans systems on a wider scale.  Compared to a fully fledged OS, the tasks of virtualization layers are very much reduced, so we anticipate to arrive at a much reduced size of the Trusted Computing Base for the OpenTC architecture. Due to the reduction in size, we expect the approach to be applicable across different types of platforms, including mobile ones. The architecture separates management and driver environments from the core system and hosted OS instances, thereby reducing the risk of the platform being subverted by rogue kernel components. Both drivers and management components can either be hosted under stripped-down Linux instances, or they can run as generic hypervisor tasks (in order to reduce the TCB size, the second alternative is preferable). The policy enforced by the monitors is separated from decision and enforcement mechanisms. It is human readable and can therefore be subjected to prior negotiations and explicit agreement.  The goal of the OpenTC architecture is to provide execution environments for whole instances of guest operating systems that communicate to the outside world through reference monitors guarding their information flow properties. The monitor kick into action as soon as an OS instance is started. Typically, the policy enforced by it should be immutable during the lifetime of the instance: it can neither be changed through actions initiated by the hosted OS nor overridden by system management facilities.  In the simplest case, this architecture will allow to run two independent OS instances with different grades of security lock-down on an end user system [6]. Clearly, more complex configurations are possible (as frequently needed in server scenarios).  From Trusted to Trustworthy Computing  TCG technology can not magically turn an ordinary computing platform into a more secure one. It offers little more than basic mechanisms to record and report the startup and runtime state of a platform in an extremely compressed and non-forgeable manner. A platform state is represented by a set of hash values that refer to binaries and configuration files constituting the platform's Trusted Computing base. Someone (an organization or individual) has to vouch (prove and attest) that a particular set of hashes is equivalent to a system configuration with a desired behavior (for example, that policies can not be changed in an arbitrary fashion). This attestation will, in turn, be based on atomic ones referring to properties of each relevant component. But unless the end users personally validate each components, their reasons to believe such statements, however, will ultimately stem from social trust, be it in statements from specific brands, certified public bodies, or peers groups.  A much discussed dilemma arises if in order to achieve a desired goal, a user has no choice but to employ components that are suspicious to him but mandatory part of a configuration that is considered 'trusted' by a peer. This problem becomes worse if named components come as binaries only and do not allow for analysis. As the recent history of DRM technology has shown, this can easily be used to insert trojans under the guise of legitimate policy enforcement modules into the user's system. Allowing providers to enforce DRM on a specific piece of content I acquired from them does not imply a permission for this very mechanism to sift through my hard disk and report back on other content. This illustrates to an important principle for components that deserve the label 'trusted': at least in principle, it should be possible to investigate their actual trustworthiness. A clearly stated description of their function and expected behavior should be an integral part of their distribution, and it must be possible to establish that they do not display behavior other than that stated in their description – at compile time, runtime, or both.  The TCG specification is silent on procedures or credentials that may be required before a software component can be called 'trusted'. OpenTC works on the assumption that we need defined methodologies, tools, and processes to describe goals and expected behavior of software components. On this basis, checks whether their implementation reflects (and is constrained to) this description can be performed. Independent replication of tests may be required to arrive at a commonly accepted view of a component's trustworthiness which in turn requires accessibility of code, design, test plans and environments for the components under scrutiny. A socially acceptable approach to trusted computing is likely to require a fair amount of transparency and open processes, and in this respect, a FOSS approach looks promising. It may turn into a crucial competitive advantage.  Trust, Risk, and Freedom  As it stands, most of us have little choice but to trust systems where more and more things can go wrong. At the same time, our insight in what is actually happening on our machines gets smaller by the day. This very much reduces the chances of estimating the risk and success probabilities for interactions. The risk becomes close to unmanageable if one has to account for the peer's unconstrained freedom, that is, for his ability to change the rules of the interaction by executing 'full control' over his platform.  At worst, insistence on 'full control' displays ignorance of the technological evolution: most IT experts would readily admit that they do not actually understand any more what is going on here and now on their machines. At best, it is an elitist position of IT cognoscenti who forget that most computer systems are owned and operated by ordinary citizens. It is neither the job of these individuals to understand the guts of IT to a point where they can estimate the risk of an interaction, nor should it be their obligation. However, they are facing the absurd situation having to bear full legal responsibility for actions initiated on their machines while lacking the knowledge, tools and support to keep these systems in a state fit for purpose.  What we need are reliable indicators whether it is safe to enter a remote transaction and mechanisms proving that due diligence has been performed. To answer the question of whether it is desirable or permissible to perform a specific action on a platform, there is no alternative to basing our decision on mechanisms that monitor and report the current state of the execution environment. This consequence follows necessarily from the ever growing complexity of IT.  OpenTC assumes that the mutual attestation of the platform's 'fitness for purpose' will be required for proprietary systems as well as FOSS based ones. Enhanced protection, security and isolation features based on TCG technology will become standard elements of proprietary operating systems and software in due time. This evolution is largely independent of whether FOSS communities endorse or reject this technology. Lack of availability of comparable protection mechanisms for non-proprietary operating or software systems will immediately create problems for important segments of professional Linux users.  It is therefore with some concern that we follow discussions on parts of GPL v3 that might regulate how Free Software and Trusted Computing technology can be combined. As a matter of principle, the question of whether software is secure and trustworthy is not only completely orthogonal to a licensing policy, not least because any responsibility on this matter is excluded in the GPL. Secondly, TC does not constrain the freedom of modifying and recompiling GPL'ed code, but taking the liberty of arbitrary modifications to a software component will necessarily invalidate security assurances for the unmodified one. A re-evaluation can establish that the original assurances still hole, but until a re-evaluation has taken place, the security properties of the modified versions are undefined. This is by no means specific to the TC approach, but is equally applicable e.g. to the Linux server distribution that have been evaluated according to the Common Criteria. A change to any of the evaluated component results in losing the certificate.  Many commercial, public or governmental entities have chosen non-proprietary software for reasons of transparency and security. These organizations are typically subjected to stringent regulations requiring state-of-the-art protection mechanisms for their IT. If FOSS solutions do not support these mechanisms, the organizations could eventually be forced to replace them with proprietary ones. This situation would be highly undesirable for customers as well as providers of professional FOSS-based solutions, and to help avoiding such a situation to occur, a number of important industrial FOSS providers and contributors are participating in the OpenTC effort. OpenTC will help to keep the option open to choose between proprietary and FOSS solutions, and it will demonstrate in a practical way that Free/Open source based systems can benefit from Trusted Computing Technology.  Footnotes / Links  [1] The content of this paper is published under the sole responsibility of the author. It does not necessarily reflect the position of HP Laboratories or other OpenTC members.  [2] Project Nr. 027635  [3] http://www.opentc.net  [4] Stephen Shankland: XEN passes Windows Milestone http://news.com.com/Xen+passes+Windows+milestone/2100-7344_3-5842265.html  [5] See e.g. Maruyama et al: Linux with TCPA Integrity Measurement. IBM Research Report RT0575, January 2003 http://www.research.ibm.com/trl/people/munetoh/RT0507.pdf  [6] E.g, Butler Lampson's model with an uncons\nrained 'green' environment for web browsing, software download / installation and a tightly guarded 'red' side for tax record, banking communications etc. See IEEE Security\u0026Privacy, Vol 3, Nr 6, Nov/Dec 2006, p3\n        \n\nÜber den Autor Dirk Kuhlmann:  Dirk Kuhlmann works as a senior research engineer for the Trusted Systems group of Hewlett Packard's European Laboratories in Bristol, UK. He joined HP Lab's security research team ten years ago after having received his degrees in Computer Science from Technical University Berlin. His past activities include work on financial protocols, secure distributed transactions, and platform security.  For a number of years now, Dirk's main research interest are the conditions and requirements of using Open Source software for IT security solutions. In this context, he has analyzed the complementarity of Trusted Computing Technology and Open Source based software in multiple publications.  Dirk currently acts as the technical lead of the EC-funded, integrated project OpenTC. This project aims using Open Source based, trusted virtualization layers as central building block for security enhanced platforms and systems.","original_language":"eng","persons":["Dirk Kuhlmann (European HP Laboratories. Bristol)"],"tags":["linuxtag06-fixup","266","2006"],"view_count":46,"promoted":false,"date":"2006-05-04T00:00:00.000+02:00","release_date":"2019-02-17T01:00:00.000+01:00","updated_at":"2025-11-22T15:00:04.593+01:00","length":3404,"duration":3404,"thumb_url":"https://static.media.ccc.de/media/events/linuxtag/2006/266-sd.jpg","poster_url":"https://static.media.ccc.de/media/events/linuxtag/2006/266-sd_preview.jpg","timeline_url":"https://static.media.ccc.de/media/events/linuxtag/2006/266-sd.timeline.jpg","thumbnails_url":"https://static.media.ccc.de/media/events/linuxtag/2006/266-sd.thumbnails.vtt","frontend_link":"https://media.ccc.de/v/linuxtag06-266-opentc_an_open_approach_to_trusted_virtualization","url":"https://api.media.ccc.de/public/events/e44d5aed-d062-54d8-aa4d-ae401fcdca64","conference_title":"Linuxtag 2006","conference_url":"https://api.media.ccc.de/public/conferences/linuxtag06","related":[{"event_id":2871,"event_guid":"74515f8e-a752-4cbb-b407-3a70fca5b0b3","weight":1},{"event_id":2933,"event_guid":"c50c5193-7389-4858-9352-14ea6d74b77a","weight":1},{"event_id":5987,"event_guid":"2fdcdadb-0575-5a47-a59f-8376db33f0a6","weight":1},{"event_id":6268,"event_guid":"78bd6474-f587-44f2-b1b7-17cb02882be8","weight":1},{"event_id":6459,"event_guid":"41e36295-68d2-5c2b-add5-d6b6b58df605","weight":2},{"event_id":6748,"event_guid":"b3fe7f83-cdd3-436a-91db-56c13b2aeb3a","weight":2},{"event_id":6749,"event_guid":"c0d2491d-5f01-4c12-bffd-37cb7b813f29","weight":1},{"event_id":6755,"event_guid":"e1844070-a145-4e59-aa90-2ab14f791a2d","weight":1},{"event_id":6758,"event_guid":"8c7fcb7a-e250-5af0-8da3-f5f4c0845895","weight":2},{"event_id":6774,"event_guid":"d9d8ab96-d460-49bc-bfe5-f29a4c8998fe","weight":1}]},{"guid":"86cb2960-b074-55f3-9416-89ba072a84e5","title":"Kubuntu","subtitle":null,"slug":"linuxtag06-355-kubuntu","link":"https://c3voc.de","description":"Kubuntu is a powerful desktop-oriented distribution using KDE on top of Ubuntu.  Ubuntu is a rock solid distribution based on Debian-based. It follows a 6 months release schedule, with an install/live CD. The Kubuntu install CD will be shipped for free in the next released through the Shipit system, that has already proven useful with Ubuntu. Ubuntu is committed to always be Free and Open-Source software.  The KDE Desktop, on which Kubuntu is based, is a Free Desktop environment. It is also a powerful development platform using Trolltech's Qt API. It features lots of great interactive programs such as Amarok, K3B, Konqueror, Scribus, and Krita. The future of KDE is KDE4. This version has been entirely redone on top of the new Qt4. As parts of the Appeal Project, it features a new Desktop, called Plasma, and new multimedia system - Phonon - and a lot of other improvements.  The next Kubuntu version, numbered 6.06, is to be released on the 1st of June 2006, under the codename « Dapper Drake ». Among the main improvements in this version are the inclusion of KDE 3.5.2, great changes in the Adept package manager and in System Settings with the Guidance modules, the introduction of the Ubiquity live installer, a better wifi support with Network-Manager, a simplified use and default profile, and the implementation of CJK support with skim.\n\nÜber den Autor Raphaël Pinson:  A former student of ENSMA, a French Mechanical and Aeronautical Engineering school, Raphaël Pinson is a now a core developer for the Ubuntu Linux distribution. He focuses on Kubuntu, the KDE-centered version of Ubuntu.  He is also the creator of the Ichthux project, which aims to provide a desktop-oriented free and open-source operating system for Christian users and community, based on the Debian operating system.","original_language":"eng","persons":["Raphaël Pinson (Ubuntu)"],"tags":["linuxtag06","355"],"view_count":38,"promoted":false,"date":"2006-05-06T00:00:00.000+02:00","release_date":"2018-06-25T02:00:00.000+02:00","updated_at":"2023-10-20T14:00:02.711+02:00","length":1917,"duration":1917,"thumb_url":"https://static.media.ccc.de/media/events/linuxtag/2006/355-sd.jpg","poster_url":"https://static.media.ccc.de/media/events/linuxtag/2006/355-sd_preview.jpg","timeline_url":"https://static.media.ccc.de/media/events/linuxtag/2006/86cb2960-b074-55f3-9416-89ba072a84e5-timeline.jpg","thumbnails_url":"https://static.media.ccc.de/media/events/linuxtag/2006/86cb2960-b074-55f3-9416-89ba072a84e5-thumbnails.vtt","frontend_link":"https://media.ccc.de/v/linuxtag06-355-kubuntu","url":"https://api.media.ccc.de/public/events/86cb2960-b074-55f3-9416-89ba072a84e5","conference_title":"Linuxtag 2006","conference_url":"https://api.media.ccc.de/public/conferences/linuxtag06","related":[{"event_id":553,"event_guid":"import-1642ac54dd91815d89","weight":1},{"event_id":710,"event_guid":"import-996ee6767784dc2e88","weight":1},{"event_id":1901,"event_guid":"84b91188f373df58","weight":1},{"event_id":1975,"event_guid":"1d9f168fd259ff3d","weight":1},{"event_id":1976,"event_guid":"b0167f2efcd6a228","weight":1},{"event_id":1977,"event_guid":"3e784e740c1ac605","weight":1},{"event_id":2085,"event_guid":"0Yrjp9uKurxoSYw0p2pNdA","weight":1},{"event_id":2122,"event_guid":"DlJOnpxxq4REaMhvquDWSw","weight":1},{"event_id":2362,"event_guid":"7f0d54a2-31fa-4039-ae84-a1686922e387","weight":1},{"event_id":2363,"event_guid":"52af7df6-796f-41ed-ada8-289a8b87667e","weight":1},{"event_id":2366,"event_guid":"4e275f5e-32b6-492a-90d1-d3b92a15a9ec","weight":1},{"event_id":2422,"event_guid":"03553ade-bec3-4833-8210-6ac0983bb0c0","weight":1},{"event_id":2446,"event_guid":"725d37fb-0e6c-4ac0-9106-4cefa8e898ea","weight":1},{"event_id":2611,"event_guid":"9e751b76-c81d-4778-af01-4d795403f946","weight":1},{"event_id":2621,"event_guid":"13a682be-a221-44de-a1a3-9231f23aadd6","weight":1},{"event_id":3231,"event_guid":"ZailH5jsKoZjybdb_srn9A","weight":1},{"event_id":3615,"event_guid":"74783236-46f4-493c-9574-1b27a44847b7","weight":2},{"event_id":3935,"event_guid":"MyOZv8w2nxuAu-7rgmsPnw","weight":1},{"event_id":3948,"event_guid":"SUeG0aQcZ5L0C_WLvXetgA","weight":1},{"event_id":3968,"event_guid":"24923407-2fd3-4042-bc94-dd42083d5c1a","weight":1},{"event_id":3981,"event_guid":"9e99459c-f603-5799-bda3-78b831bc64d7","weight":1},{"event_id":4088,"event_guid":"448bb3d1-e38f-5599-9959-4b30deb93314","weight":2},{"event_id":4092,"event_guid":"2dce8843-ff60-5d6e-8118-595df0d67b7f","weight":1},{"event_id":4095,"event_guid":"5a032505-3b50-5e50-b434-504c20dc8d76","weight":1},{"event_id":4096,"event_guid":"ed4cdf43-f868-5350-991d-1ffe5ac4bca1","weight":1},{"event_id":4102,"event_guid":"6dbfc9fe-3e76-5397-9305-6daa428dada7","weight":1},{"event_id":4104,"event_guid":"be21ba43-d19d-5bc3-a550-b286614e6875","weight":1},{"event_id":4589,"event_guid":"d13d0904-92a4-11e7-be40-5373c2f92fbe","weight":1},{"event_id":4826,"event_guid":"16645200-2036-4a3c-a44d-a5ff44ac2991","weight":1},{"event_id":5008,"event_guid":"e5a54f6e-71cc-461e-91d5-5a1c0e3f316f","weight":1},{"event_id":5260,"event_guid":"5c28a69e-02ed-4e3e-bf26-9046cf5fde11","weight":1},{"event_id":5270,"event_guid":"5ae52c55-6447-45f8-9d13-36d15303fffe","weight":1},{"event_id":5274,"event_guid":"c38c514b-99f4-4906-a0e5-189df72dbd9e","weight":1},{"event_id":5286,"event_guid":"d120538e-817a-420b-9be2-a5088429f439","weight":2},{"event_id":5521,"event_guid":"c3dbbb23-45de-421a-89bf-74ba5f0607e8","weight":1},{"event_id":5612,"event_guid":"be647aba-f085-5c12-a3a0-f70c4253c80d","weight":1},{"event_id":5617,"event_guid":"952292a6-923e-534a-a4ae-9522777f092c","weight":1},{"event_id":5626,"event_guid":"2a8358b0-2f22-5f3e-9b5e-58f06a4b3b6c","weight":1},{"event_id":5632,"event_guid":"5d94dbe5-fdee-5b1c-9a8a-459b1bbeef27","weight":1},{"event_id":5636,"event_guid":"ba118e5f-1c35-585c-91f6-9477b0c64897","weight":1},{"event_id":5734,"event_guid":"adde2800-ffa1-44c4-aafd-c4928ee5378d","weight":1},{"event_id":6047,"event_guid":"e83405c6-2a35-4834-a462-5da4fe10652e","weight":1},{"event_id":6058,"event_guid":"7fe2a84b-bbed-4a4e-80fb-85b581c14b13","weight":1},{"event_id":6078,"event_guid":"8a3c7006-ba7f-451c-a555-3a9ca4af5f2f","weight":2},{"event_id":6115,"event_guid":"93b7d8a6-345b-405a-a3f2-0dc09ddd2e28","weight":1},{"event_id":6153,"event_guid":"53beeb85-7ec9-591d-1482-a276b1ccdd96","weight":1},{"event_id":6588,"event_guid":"f106b309-ffa8-5800-b9bf-00acb573e48c","weight":1},{"event_id":7085,"event_guid":"XiMGzrAdPuzVluYhoPCNzA","weight":1}]},{"guid":"0a76260e-2335-5459-b65a-60ce06dc7210","title":"dm-raid45 - A Device-Mapper target for RAID4 and RAID5 mappings","subtitle":null,"slug":"linuxtag06-284-dm_raid45_a_device_mapper_target_for_raid4_and_raid5_mappings","link":"https://c3voc.de","description":"Device-Mapper, the Linux 2.6 kernel generic device-mapping facility, is capable of mapping block devices in various ways (eg. linear, striped, mirrored). The mappings are implemented in runtime loadable plugins called mapping targets, which take a logical device address and sector and remap it to one or more underlying (logical) device(s).  Targets can be implemented to support arbitrary software RAID solutions on Linux 2.6, such as RAID4 and RAID5.  dm-raid45 is a new device-mapper target (i.e. a mapping plugin) to drive RAID (Redundant Array of independant disks) sets.  RAID level 4 with a dedicated parity drive and RAID level 5 with rotating parity are both supported by this target. It is capable of doing background synchronization of sets utilizing a dirty-log, which keeps track of dirtied regions (i.e. those with writes in flight).  At set activation, the dirty-log is questioned and resynchronization is started for any dirty regions one-by-one in order to regain the consistency of the RAID set i.e. after a system crash.  The same mechanism is used to set a new RAID set up by dirtying all regions and activating the set, hence causing resynchronization of all regions of the new set.  Full read/write access is possible to the whole RAID set during resynchronization.  In case one disk fails within a set, the set will be degraded and access to all data is still possible. The defective drive can be replaced and dm-raid45 be configured to resynchronize the new drive.  My talk will give a short device-mapper architecture/feature overview and elaborate on the dm-raid45 target feature set.\n\nÜber den Autor Heinz Mauelshagen:  1980 - 86 Studium Elektrotechnik FH Aachen 1986 - 90 Entwicklung verteilter Applikationen bei der DBP zur berechnung des ISDN Netzwerkes 1990 - 2000 UNIX-Systemmanagement von UNIX-Systemumgebungen unter SunOS, Solaris, HP-UX, Sinix, Windows NT und Linux in einem Entwicklungszentrum der T-Systems 1997 - Start LVM1 Entwicklung und Linux-Kernel-/Distributions-Integration (ab SuSE 6.3) 2000 - 2003 LVM Development Engineer bei Sistina; Start LVM2 Projekt 2004 - Consulting Development Engineer bei Red Hat","original_language":"eng","persons":["Heinz Mauelshagen (Red Hat GmbH)"],"tags":["linuxtag06","284"],"view_count":57,"promoted":false,"date":"2006-05-05T00:00:00.000+02:00","release_date":"2018-06-25T02:00:00.000+02:00","updated_at":"2026-03-29T01:30:05.022+01:00","length":2989,"duration":2989,"thumb_url":"https://static.media.ccc.de/media/events/linuxtag/2006/284-sd.jpg","poster_url":"https://static.media.ccc.de/media/events/linuxtag/2006/284-sd_preview.jpg","timeline_url":"https://static.media.ccc.de/media/events/linuxtag/2006/0a76260e-2335-5459-b65a-60ce06dc7210-timeline.jpg","thumbnails_url":"https://static.media.ccc.de/media/events/linuxtag/2006/0a76260e-2335-5459-b65a-60ce06dc7210-thumbnails.vtt","frontend_link":"https://media.ccc.de/v/linuxtag06-284-dm_raid45_a_device_mapper_target_for_raid4_and_raid5_mappings","url":"https://api.media.ccc.de/public/events/0a76260e-2335-5459-b65a-60ce06dc7210","conference_title":"Linuxtag 2006","conference_url":"https://api.media.ccc.de/public/conferences/linuxtag06","related":[]},{"guid":"ba118e5f-1c35-585c-91f6-9477b0c64897","title":"Neue Trends im Webhacking","subtitle":"","slug":"linuxtag06-263-neue_trends_im_webhacking","link":"https://c3voc.de","description":"\u003cp\u003eDas Jahr 2005 war ein Jahr voller neuer Entwicklungen f\u0026uuml;r PHP, aber auch f\u0026uuml;r die Security-Szene. Neben altbekannten L\u0026uuml;cken wie Cross-Site-Scripting und SQL-Injection sind weniger verbreitete Probleme wie XSRF, HTTP-Response-Splitting und Session-Fixation aufgetaucht. Zuvor noch als sicher geltende Applikationen weisen v\u0026ouml;llig neue L\u0026uuml;cken auf, die teilweise be\u0026auml;ngstigend leicht ausgenutzt werden k\u0026ouml;nnen. Die Autoren zeigen auf wie diese neuen Angriffstechniken funktionieren und wie man sich und seine Webapplikation davor sch\u0026uuml;tzen kann. Die Angriffe werden anhand von einfach zu verstehenden Praxisbeispielen erl\u0026auml;utert und L\u0026ouml;sungen aus der Praxis aufgezeigt. \u0026Uuml;ber den Autor Peter Prochaska: Peter Prochaska ist Security-Berater bei der DATEV in N\u0026uuml;rnberg. Nebenbei ist er in ganz Deutschland unterwegs und h\u0026auml;lt Vortr\u0026auml;ge auf verschiedenen Konferenzen (PHP Conference, GUUG Fr\u0026uuml;hjahrsfachgespr\u0026auml;ch,...) zu Themen wie PHP, Sicherheit und dem Hardened-Patch. Er schreibt zusammen mit Christopher Kunz eine monatliche Kolumne f\u0026uuml;r das PHP-Magazin. Weiterhin sind sie Autoren des Buches \"PHP-Sicherheit\", welches im Januar 2006 beim dpunkt-Verlag erscheinen wird. Peter Prochaska ist Mitglied im Hardened-PHP-Project und ist dort f\u0026uuml;r die Firmenkundenbetreuung und Security Audits zust\u0026auml;ndig. \u0026Uuml;ber den Autor Peter Prochaska:\u003c/p\u003e","original_language":"deu","persons":["Peter Prochaska (Hardened-PHP-Project)"],"tags":["linuxtag06","263"],"view_count":146,"promoted":false,"date":"2006-06-04T00:00:00.000+02:00","release_date":"2018-06-25T02:00:00.000+02:00","updated_at":"2025-11-29T17:45:03.421+01:00","length":2450,"duration":2450,"thumb_url":"https://static.media.ccc.de/media/events/linuxtag/2006/263-sd.jpg","poster_url":"https://static.media.ccc.de/media/events/linuxtag/2006/263-sd_preview.jpg","timeline_url":"https://static.media.ccc.de/media/events/linuxtag/2006/ba118e5f-1c35-585c-91f6-9477b0c64897-timeline.jpg","thumbnails_url":"https://static.media.ccc.de/media/events/linuxtag/2006/ba118e5f-1c35-585c-91f6-9477b0c64897-thumbnails.vtt","frontend_link":"https://media.ccc.de/v/linuxtag06-263-neue_trends_im_webhacking","url":"https://api.media.ccc.de/public/events/ba118e5f-1c35-585c-91f6-9477b0c64897","conference_title":"Linuxtag 2006","conference_url":"https://api.media.ccc.de/public/conferences/linuxtag06","related":[{"event_id":1057,"event_guid":"import-d93f6f776ff5e0bf3d","weight":3},{"event_id":1530,"event_guid":"import-6fdeaba494d8699165","weight":3},{"event_id":2291,"event_guid":"2f68e356-6c3f-4034-9640-c06d717ed96b","weight":3},{"event_id":2967,"event_guid":"cabf79b8-cadc-45ef-89c8-c3c877baf379","weight":1},{"event_id":3601,"event_guid":"5a517be2-220b-4eb6-88c3-e7ef08c98ace","weight":1},{"event_id":3695,"event_guid":"c300b194-2a85-4705-92aa-b4e789882303","weight":3},{"event_id":3701,"event_guid":"155a622a-196e-4e05-a262-88f3a7726bbe","weight":1},{"event_id":3726,"event_guid":"7c3a4ac8-1925-4459-bdd8-b9d9e18a6cfa","weight":1},{"event_id":3853,"event_guid":"efeeaebc-3f29-11e7-9ba7-2f214305c877","weight":2},{"event_id":3968,"event_guid":"24923407-2fd3-4042-bc94-dd42083d5c1a","weight":2},{"event_id":4656,"event_guid":"ad460eb9-229b-4396-aa73-b64530c37183","weight":1},{"event_id":4770,"event_guid":"a890dbd3-8859-4788-a72f-ded5c5c08e5f","weight":2},{"event_id":5065,"event_guid":"b13b7d07-a781-4777-ac11-c331a204e710","weight":2},{"event_id":5380,"event_guid":"acc35999-4707-5ef9-a8af-f3b197f09704","weight":2},{"event_id":5569,"event_guid":"d37bc91e-f1dd-4fbb-b793-c08b2436eecb","weight":3},{"event_id":5609,"event_guid":"02b0ad5d-58d9-59e0-a443-19d33ce729b7","weight":2},{"event_id":5612,"event_guid":"be647aba-f085-5c12-a3a0-f70c4253c80d","weight":2},{"event_id":5617,"event_guid":"952292a6-923e-534a-a4ae-9522777f092c","weight":1},{"event_id":5618,"event_guid":"bac51d24-c529-5d9e-81c9-73a5c09e81ac","weight":3},{"event_id":5620,"event_guid":"0b0db69d-bda6-567e-9c5a-9fea99e86404","weight":1},{"event_id":5623,"event_guid":"0f74ae28-15c4-5f97-8c6f-dc90619ac30d","weight":1},{"event_id":5628,"event_guid":"480aa632-0d92-5b04-9af0-30df192e5ebe","weight":2},{"event_id":5634,"event_guid":"88a9da4b-80b4-5e2f-ba57-85fdfea7bcd4","weight":2},{"event_id":5637,"event_guid":"d9898c2f-fd78-4d04-b5d3-683df6895fa3","weight":3},{"event_id":5638,"event_guid":"bc119064-0b23-443b-82d4-55719d478151","weight":8}]},{"guid":"8c7fcb7a-e250-5af0-8da3-f5f4c0845895","title":"Design and Implementation of a Secure Linux Device Encryption Architecture","subtitle":null,"slug":"linuxtag06-268-design_and_implementation_of_a_secure_linux_device_encryption_architecture","link":"https://c3voc.de","description":"\n1 Introduction  Today, increasingly more sensitive data is stored on private and business devices such as PC's, Laptops and PDAs. The security critical data include business plans, authorization secrets, and email correspondence. In case the device is stolen or lost this data may be compromised.  An approved security mechanism to mitigate this risk is to encrypt the data. There exist several software-based encryption systems. Some of them are shipped together with the operating system. One example is Linux and its dm_crypt, which allows dierent encryption algorithms to plug in and use them for encrypting le systems.  Unfortunately, most software-based hard-disk encryption products suer from insecure storage and usage capabilities for security-critical cryptographic keys and operations. The underlying operating systems (OS) that control all data storage mechanisms, i.e. hard-disk, memory, USB, I/O etc., cannot prevent other (potentially malicious) applications from gaining access to the critical key data. This can be seen by the huge number of exploits and continuous security updates. The reasons are due to various conceptual weaknesses of common computing platforms, in particular due to the monolithic OS kernel architecture and thus increased complexity. This concerns Windows-based operating systems as well as Linux-based ones. A large part of the operating system and supporting processes are executed in a privileged mode, the so called kernel mode, which allows them to directly access the hardware and all other software processes. User applications are usually executed in a non-privileged mode, the so called user mode. Thus, the risk of security weaknesses is higher because of the huge amount of code executed in privileged mode. If such a process can be exploited it is possible to gain access to all kernel data, including the encryption keys used for the hard-disk encryption. An attacker may readout the encryption key from kernel memory or simply deactivate the encryption system by exploiting a common security hole. Runtime protections such as access control and user authentication may be easily circumvented by booting an alternate operating system. Furthermore, an untrusted system administrator usually has full access to all system resources including the cryptographic keys of the users. Countermeasures such as mandatory rolebased access control (e.g. SELinux) protect this information from a \"root spy\" but are much too complicated to maintain and evaluate [8].  We propose a solution to this problem by providing a security archtitecture that allows secure, reliable and user-friendly device encryption. The security architecture strongly isolates the secret key information and all related security-critical operations from the Linux operating system. This is similar to a hardware based solution but far more cost-eective. Moreover, the architecture is capable of using Trusted Computing (TC) functionalities (based on [13]) to protect the cryptographic keys and to assure software integrity during the booting process of the system.  2 Related Work  The are a number of software device encryption systems available today. However, most of them either do not oer essential security properties such as isolation (of the encryption keys and operations from the operating system), or they are not open source and not being subject of public analysis.  2.1 Commercial Products Examples of commercial software device encryption systems available at the market are [1, 10, 11, 14]. These products oer variety of features.1 In this context some products already use the interfaces to Trusted Platform Module (TPM) to bind encryption keys to hardware and/or software components and for secure random number generation (partially).  A further product is Microsoft's Secure Startup - Full Volume Encryption which will be integrated into the upcoming client version release of Microsoft's Windows Operating System (\"Windows Vista\") [10]. This encryption feature encrypts the entire Windows volume and uses a Trusted Platform Module (TPM) 1.2 to bind the encryption key to the boot stack, thus ensuring that system les have not been tampered with while the system was oine. However, it does not use TPM authentication mechanisms but relies on conventional OS authentication after the system integrity has been verified.  2.2 Enforcer Project The Enforcer [7, 8, 9] is a Linux Security Module (LSM) that binds the cryptographic key for an encrypted le system to long-lived system components, such as the Linux kernel, the boot stack, the Enforcer LSM, and the public key of a so-called \"security admin\". The security admin issues and digitally signs a list of le hashes. This security conguration is used by the Enforcer LSM to check the integrity of the applications before execution.  The Enforcer even provides a mechanism to guarantee the freshness of a security conguration. To verify the integrity of the long-lived components the Enforcer enhances the LILO boot loader with TPM support. However, the encryption key information is still located within the Linux kernel since the Enforcer LSM itself is executed in the Linux kernel. Thus, a isolation of encryption keys and operations from the operating system is not supported.  2.3 Device Mapper Crypt Target The Device Mapper is a Linux 2.6 kernel feature that allows to create a virtual block device whose sectors are mapped to sectors on a physical block device, e.g. a hard-disk or USB device. Available mapping types include encryption. Thus data written to the virtual device is transparently encrypted and passed on to the physical device (and vice versa). The crypt target (dm_crypt) uses the Linux 2.6 Cryptographic API which provides stateof-the-art symmetric ciphers and hash computation algorithms such as AES and SHA-256.  However, since the crypt target is a kernel feature, the encryption keys and operations are located within the kernel and there is no isolation from the operating system. Futhermore, there are no measures for checking the system integrity before execution.  3 The EMSCB Project  The European Multilaterally Secure Computing Base (EMSCB) project aims at developing a trustworthy computing platform, based on open standards and open source, that solves many security problems of conventional platforms [3]. The platform deploys * hardware functionalities provided by Trusted Computing, * a security kernel and * an efficient migration of existing operating systems.  The EMSCB platform allows, in the sense of multilateral security, the enforcement of security policies of dierent parties, i.e., end-users as well as industry. This is viatal property required for secure execution of a variety of distributed applications. Consequently, the platform enables the realization of various innovative business models, also in the area of Digital Rights Management, while averting the potential risks of Trusted Computing platforms concerning privacy issues. The source code of the EMSCB platform will be published under an opensource license, e.g., the GPL. The platform can be freely used as basis for application development. The EMSCB project is partly funded by the German Federal Ministry of Economics and Technology. Project partners include several universities and industry organizations. This consortium is lead by Ruhr-University Bochum (Applied Data Security Group).  4 Basic System Architecture  One main design goal of EMSCB is the realization of a minimal and therefore manageable, stable and evaluable security kernel for conventional hardware platforms such as IBM-PCs, servers, embedded systems, and mobile devices like PDAs and smartphones. This requirement is fullled by extracting security-critical operations and data and integrate them into the security kernel [12].  The security kernel is composed of a Resource Management Layer, which runs on top of the hardware, and a Trusted Software Layer. The hardware may provide Trusted Computing functionality, e.g., based on TPM. The main task of the Resource Management is the provision of an abstract interface of the underlying hardware resources like interrupts, memory and hard-disk drives. Moreover, this layer allows to share these resources and can realize access control enforcement on the object types known to this layer. This layer can be implemented using a microkernel (e.g. [6]) or a hypervisor virtualization (e.g. [2]) approach.  The Trusted Software Layer combines the services provided by the hardware layer and the resource management. It extends the interfaces of the underlying services with security properties and ensures isolation of the applications executed on top of this layer.  On top of the Trusted Software Layer, security-critical and non-critical applications are executed in parallel. Legacy operating systems can be executed as isolated applications on top of the Trusted Software Layer to provide end-users a common user interface and a backward-compatible application binary interface (ABI) and allows application providers to reuse existing non-critical applications and components.  To obtain full user transparency the encryption system has to be completely integrated into the security kernel, i.e., the Trusted Software Layer.  5 Secure Linux Device Encryption  The Secure Linux Device Encryption is based on the microkernel-based EMSCB security kernel. The Linux operating system is executed as a separate EMSCB application. This allows an architecture where the key critical information of a device encryption system is stored and handled in a special EMSCB service outside of Linux but within the Trusted Software Layer. This special service is the EMSCB HDD-Encrypter.  All key critical information is handled by this EMSCB service, that itself is fully independent from Linux. After a successful authentication process against the HDD-Encrypter, a Linux function that handles the device encryption just sends the plain text to the HDD-Encrypter service and receives the cipher text afterwards and vice versa without having access to the secret key information. We use the dm_crypt interface of Linux so that the device mapper support can be used transparently within Linux.  The authentication process simply authenticates a qualied user, i.e. the data owner, and then provides access to the data to all applications of the respective user. The authentication is performed by providing a password, which is then used to derive an encryption key. Without the correct password the correct encryption key will not be accessible and hence condentiality is preserved.  We use AES as a fast symmetric encryption algorithm in our implementation. We derive the key from a given password using a cryptographic hash function.  The EMSCB HDD-Encrypter can be run in three operational modes: * Single-user mode (without Trusted GUI) * Single-user mode (with Trusted GUI) * Multi-user mode (with Trusted GUI)  In single-user mode all encrypted devices are encrypted with one single key, which is derived from the single user's password. In multi-user mode every encrypted device has its own individual encryption key. The user's password is used to derive another encryption key, which is used to encrypt/decrypt the encryption key of the device. This allows multiple users to share a common encrypted device but having not to share a common password.  In multi-user mode it is necessary to dene keys and user accounts. If users want to have access to certain encrypted devices their access rights to these resources, i.e., the cryptographic keys, must be specied. Thus, there is a need for user management, which is handled by the HDD-Encrypter as well.  Trusted GUI  When using the Trusted GUI, Linux runs in an extra window. The password and administration dialogs for accessing the device encryption keys or changing the conguration are displayed in a separated dialog box. On the one hand, the user can recognize that the password or administration dialog does not belong to any potentially malicious application inside the Linux operating system (trusted path to application). On the other hand, Linux is not able to access or manipulate these dialogs, either.  For our prototype implementation we used a special GUI system [5] that provides a virtual framebuer to the Linux system. Linux applications draw their graphical user interface elements within this framebuffer. Security-critical applications, like the HDD-Encrypter conguration management console, have separated GUI windows that are isolated from the Linux system. Currently, this system is going to be improved to provide a secure GUI [4].  In single-user mode we do not need a special trusted GUI since the bootloader will already ask for the password that is used for key derivation. The bootloader will automatically pass the password to the EMSCB HDD-Encrypter service. After the system is booted there is no need to ask for the password again. All devices will be encrypted/decrypted with the key derived from the given password. Thus, Linux can be executed in full-screen mode in this case.  TPM Support  Our proposed system is able to bind device encryption keys to a user authorization secret, hardware components or the trusted software modules. Binding to hardware and/or software components requires a trusted hardware component. Our architecture deploys TPM sealing functionalities for this purpose. However, the architecture is not restricted to using the TPM and can oer the corresponding interfaces of any other hardware platform.  The TPM uses on-chip registers (Platform Conguration Registers, PCRs) to securely store measurements (i.e., hash values) of hardware and software components. The TPM sealing command subsequently binds data to these PCRs. The resulting binary data is then stored persistently.  For our application certain PCRs should reect the integrity of the trusted components. This can be achieved as follows: 1. A TPM-aware (trusted) BIOS measures the MBR (Mater Boot Record) before execution. 2. The bootloader measures each boot stage before execution. 3. The bootloader is completely loaded. The PCRs now reect the integrity of the boot process (authenticated boot). 4. The trusted software components are digitally signed. The bootloader checks their signatures before execution. The corresponding public key is hard-coded into the bootloader. If a signature check fails the PCR values are invalidated and the user is requested for interaction (secure boot).  The alternation of authenticated and secure boot allows secure updating of system components without resealing of secrets [8, 9].  6 Conclusion and Outlook  We have introduced the EMSCB Security Architecture which is used as a trustworthy basis for implementation of secure distributed applications. Within the EMSCB project several application prototypes are being designed and developed.  In this paper we introduce the prototype for a device encryption system based on the EMSCB security kernel. We are currently completing and improving the implementation with respect to system integrity protection and TPM integration. Furthermore, we are working on new improvements of the trusted GUI to provide user-friendly easy-to-use and secure user interfaces.  References  [1] SafeBoot Device Encryption for PC. http://www.safeboot.de/products/deviceencryption/pc/, 2005.  [2] Barham, P., Dragovic, B., Fraser, K., Hand, S., Harris, T., Ho, A., and Neugebauer, R. Xen and the art of virtualization.  [3] EMSCB Project Consortium. The EMSCB project. http://www.emscb.org.  [4] Feske, N., and Helmuth, C. A Nitpicker`s guide to a minimal-complexity secure GUI. In Proceedings of the 21st Annual Computer Security Applications Conference (ACSAC 2005) (2005).  [5] Feske, N., and Härtig, H. Demonstration of DOpE - a Window Server for Real-time and Embedded Systems. In Proceedings of the 24th IEEE Real-Time Systems Symposium (RTSS 2003) (2003).  [6] Liedke, J. On microkernel construction. In Proceedings of the 15th ACM Symposium on Operating Systems Principles (SOSP'95) (Copper Mountain Resort, Colorado, Dec. 1995). Appeared as ACM Operating Systems Review 29.5.  [7] MacDonald, R., Smith, S., Marchesini, J., and Wild, O. Bear: An open-source virtual secure coprocessor based on TCPA. Tech. Rep. TR2003-471, Department of Computer Science, Dartmouth College, 2003.  [8] Marche\nini, J., Smith, S., Wild, O., Barsamian, A., and Stabiner, J. Opensource applications of TCPA hardware. In 20th Annual Computer Security Applications Conference (Dec. 2004), ACM.  [9] Marchesini, J., Smith, S. W., Wild, O., and MacDonald, R. Experimenting with TCPA/TCG hardware, or: How I learned to stop worrying and love the bear. Tech. Rep. TR2003-476, Department of Computer Science, Dartmouth College, 2003.  [10] Microsoft Corp. Secure Startup - Full Volume Encryption: Technical Overview, April 2005.  [11] PGP Corporation. PGP Whole Disk Encryption for Enterprises Data Sheet, 2005.  [12] Sadeghi, A.-R., Pohlmann, N., Stüble, C., European multilateral secure computing base - open trusted computing for you and me. Datenschutz und Datensicherheit DuD, Verlag Friedrich Vieweg \u0026 Sohn, Wiesbaden 28, 9 (2004), 548554.  [13] Trusted Computing Group. TPM main specication. Main Specication Version 1.2 In Proceedings of the 19th ACM Symposium rev. 85, Trusted Computing Group, Feb. 2005. on Operating Systems Principles (SOSP'03) (Bolton Landing, NY, USA, Oct. 2003), ACM,  [14] Utimaco Safeware. SafeGuard Easy Technical Whitepaper, April 2005. pp. 164177. \n        \n\nÜber den Autor Christian Stüble:  Dipl.-Inform. Christian Stüble arbeitet seit 1998 im Bereich IT-Sicherheit mit den Schwerpunkten Sichere Betriebssysteme, Vertrauenswürdige Endbenutzergeräte und Trusted Computing. Nach dem Studium der Informatik in Hildesheim und Dortmund schloss er Mitte 2000 dieses mit einer Diplomarbeit über sichere mobile Endbenutzergeräte ab und leitete seitdem an der Universität des Saarlandes am Lehrstuhl für Sicherheit und Kryptographie das PERSEUS Projekt. Seit 2004 ist Herr Stüble Mitglied der Forschergruppe \"Applied Data Security\" am Europäischen Zentrum für IT-Sicherheit (eurobits) der Ruhr-Universität Bochum. Dort setzt er die Entwicklung des PERSEUS Forschungsprojektes fort. Weiterhin ist er Technischer Leiter des vom BMWA geförterten Projektes \"EMSCB\" zum Thema Open Trusted Computing. Über den Autor Marcel Winandy:  Marcel Winandy is Research Assistant at Horst Görtz Institute for IT Security at Ruhr-University Bochum, Germany. He is involved within the European Multilaterally Secure Computing Base (EMSCB) project. Marcel Winandy studied Computer Science with emphasis on computer security and software technology at the University of Bonn, Germany, and got his diploma degree in 2004. From 2004 to 2005 he worked as Research Assistant at the same university, where he did research on the security of adaptive mobile applications. In 2005 he joined the Applied Data Security Group at Ruhr-University Bochum. His main research interests are secure operating systems and trusted computing. Über den Autor Ahmad-Reza Sadeghi:  Ahmad-Reza Sadeghi is a Professor at Horst Görtz Institute for IT Security at Ruhr-University Bochum, Germany. He received his PhD in Computer Science from Saarland University in Saarbrücken, Germany. Prior to academia he has been working in Research and Development Department of several IT enterprises. Currently, he is leading the research group for Applied Data Security and a number of research and development projects in the area of cryptography, multimedia security, and design and implementation of trustworthy computing platforms including the EMSCB project. His research interests are privacy enhancing cryptographic systems, security architectures, Trusted Computing, and multimedia security. Über den Autor Michael Scheibel:  Michael Scheibel works as a security systems architect at Sirrix Security Technologies AG in Bochum and is an external PhD student at the Applied Data Security Group at Ruhr-University Bochum. His research and development activities currently focus on modern operating system design and trusted computing technology with an emphasis on integrity measurement and validation. He is actively involved in the EMSCB project.","original_language":"eng","persons":["Christian Stüble (Ruhr-Universität Bochum)","Marcel Winandy (Ruhr-Universität Bochum)","Ahmad-Reza Sadeghi (Ruhr-Universität Bochum)","Michael Scheibel (Sirrix Security Technologies AG)"],"tags":["linuxtag06-fixup","268","2006"],"view_count":129,"promoted":false,"date":"2006-05-04T00:00:00.000+02:00","release_date":"2019-02-17T01:00:00.000+01:00","updated_at":"2026-02-20T13:15:09.272+01:00","length":3161,"duration":3161,"thumb_url":"https://static.media.ccc.de/media/events/linuxtag/2006/268-sd.jpg","poster_url":"https://static.media.ccc.de/media/events/linuxtag/2006/268-sd_preview.jpg","timeline_url":"https://static.media.ccc.de/media/events/linuxtag/2006/268-sd.timeline.jpg","thumbnails_url":"https://static.media.ccc.de/media/events/linuxtag/2006/268-sd.thumbnails.vtt","frontend_link":"https://media.ccc.de/v/linuxtag06-268-design_and_implementation_of_a_secure_linux_device_encryption_architecture","url":"https://api.media.ccc.de/public/events/8c7fcb7a-e250-5af0-8da3-f5f4c0845895","conference_title":"Linuxtag 2006","conference_url":"https://api.media.ccc.de/public/conferences/linuxtag06","related":[{"event_id":2451,"event_guid":"746c83c2-b29b-41e7-be5b-fafdfe923a5a","weight":2},{"event_id":6547,"event_guid":"089b7fec-3ee1-493c-9b90-782c0514ffb4","weight":2},{"event_id":6748,"event_guid":"b3fe7f83-cdd3-436a-91db-56c13b2aeb3a","weight":2},{"event_id":6749,"event_guid":"c0d2491d-5f01-4c12-bffd-37cb7b813f29","weight":5},{"event_id":6751,"event_guid":"d686cd55-7ee3-4e8d-ab3b-dac247c7879f","weight":5},{"event_id":6753,"event_guid":"7fb7e9a0-0bcd-4500-a0e5-5a99614a192c","weight":1},{"event_id":6756,"event_guid":"456fb60c-5ce7-11e8-be47-1fb2912eb897","weight":5},{"event_id":6757,"event_guid":"e44d5aed-d062-54d8-aa4d-ae401fcdca64","weight":2},{"event_id":6761,"event_guid":"fe35e706-2204-5740-a646-53064ee1a53e","weight":3},{"event_id":6763,"event_guid":"c7788f24-1c2c-46b6-8e7b-dbd53dc47979","weight":4},{"event_id":6774,"event_guid":"d9d8ab96-d460-49bc-bfe5-f29a4c8998fe","weight":2}]},{"guid":"a44b9b1c-4839-5d07-9f44-166a59cb6dda","title":"Business-Intelligence und Data-Warehousing mit Kettle","subtitle":null,"slug":"linuxtag06-378-business_intelligence_und_data_warehousing_mit_kettle","link":"https://c3voc.de","description":"Im Dezember 2005 stellte Matt Casters 158.000 Zeilen Java-Code seines ETL-Tool Kettle (Extraktion, Transformation \u0026 Laden) als Open-Source-Lizenz (LGPL) zur Verfügung. Die Entwicklung wurde vor über 4 Jahren begonnen und entstanden ist ein ausgesprochen benutzerfreundliches und umfassendes ETL-Tool. In diesem Vortrag wird ein Überblick über einige Open-Source-Projekte im Business-Intelligence-Bereich und eine Demonstration von Kettle zum Aufbau eines Data Warehouse gegeben. Kettle enthält derzeit vier Module: Spoon (grafische Benutzeroberfläche zum Erstellen komplexer Transformationen), Pan (Ausführung von Transformationen im Batch), Chef (grafische Benutzeroberfläche, um komplexe Jobs zu entwerfen), Kitchen (Ausführung von Batch-Jobs). Weitere Details: Transformationen und Jobs werden komplett als Metadaten abgespeichert. Diese Metadaten werden von Kettle analysiert und ausgeführt, es ist keine Code-Generierung notwendig. Derzeit gibt es ca. 35 verschiedene Transformationsschritte und 10 Jobtypen. Nahezu jede gebräuchliche Datenbank wird unterstützt, inklusive MySQL, SQL Server, Oracle, DB2, PostgreSQL, MS Access, Sybase, Informix, MaxDB, Firebird, AS/400, Ingres, Caché u.v.m. Kettle kann zu diversen Datentransformationen eingesetzt werden, der Haupteinsatz aber ist das Erstellen und Verteilen von Data-Warehouses. Deshalb werden auch sog. Slowly Changing Dimensions (Kimbal Types I, II and III) und Junk Dimensions in einem Transformationsschritt unterstützt. Zahlreiche optimierte Methoden werden verwendet, um beispielsweise das Einfügen von Datensätzen oder Batch-Updates zu beschleunigen. Kettle unterstützt einen sog. Plugin-Mechanismus, mit dem es möglich ist, eigene Transformationsschritte oder Datenanbindungen zu erstellen. Hierfür hat die Firma Proratio in Mainz ein Plugin zur Anbindung eines SAP R/3 Systems entwickelt. Neben dem Support der Proratio hat kürzlich Pentaho als Anbieter von professionellen Open-Source-Produkten im Business-Intelligence-Bereich die Integration und den Support von Kettle bekanntgegeben. Das Tool wird derzeit pro Monat ca. 2000 mal heruntergeladen und ist bereits in vielen Firmen jeder Größenordnung im professionellen Einsatz. Dem Projekt gehören aktuell 24 Entwickler an, die über 1000 Erweiterungen und Änderungen beigetragen haben. Die Vortragenden werden neben der Programmdemonstration über die weiteren Entwicklungsschritte des Projekts und die Integration in Pentaho berichten. Der Vortrag richtet sich an Entscheider und Entwickler gleichermaßen. \n\nÜber den Autor Jens Bleuel:  Jens Bleuel is software developer and project leader at PRORATIO Systeme und Beratung GmbH. His main business is Data Warehousing and the architecture, design and development of user friendly tools. He studied business economics, was on a grammar school for electronics and programmed in a wide area of environments, e.g. Assembler, C, Visual Basic, Delphi, .Net and these days mainly in Java. His customer focus is on the wholesale market and consumer goods industries. The latest development was a plug in for the ETL tool Kettle so data warehouses can be filled easily from SAP R/3 systems (ProSAPCONN). Jens is 36 years old and lives with his wife and two boys (Theodor, 5 years old and Johannes, 3 years old) in Mainz, Germany (at the nice Rhine river). In his spare time he practices Tai Chi and takes photographs. Über den Autor Matt Casters:  Matt Casters is founder and primary sponsor of the Kettle project. Matt has more than 12 years experience in data warehousing and business intelligence. His background as a Unix support professional, a programmer, and a database consultant, combined with the business knowledge he gained from leading BI implementations lead him to the create the Kettle software platform.  Matt is 37 years old, maried with 2 children Sam (19 months old) and Hannelore (1,5 months old) and lives 20km to the north of Brussels.  Matt has been involved in Linux since the kernel version 0.98 series and currently runs SuSE Linux 10.1 Beta 8 on his l33t Acer 8104 laptop.","original_language":"deu","persons":["Jens Bleuel (PRORATIO Systeme und Beratung GmbH)","Matt Casters (Kettle)"],"tags":["linuxtag06","378"],"view_count":33,"promoted":false,"date":"2006-05-03T00:00:00.000+02:00","release_date":"2018-06-25T02:00:00.000+02:00","updated_at":"2026-04-01T00:30:05.514+02:00","length":2619,"duration":2619,"thumb_url":"https://static.media.ccc.de/media/events/linuxtag/2006/378-sd.jpg","poster_url":"https://static.media.ccc.de/media/events/linuxtag/2006/378-sd_preview.jpg","timeline_url":"https://static.media.ccc.de/media/events/linuxtag/2006/a44b9b1c-4839-5d07-9f44-166a59cb6dda-timeline.jpg","thumbnails_url":"https://static.media.ccc.de/media/events/linuxtag/2006/a44b9b1c-4839-5d07-9f44-166a59cb6dda-thumbnails.vtt","frontend_link":"https://media.ccc.de/v/linuxtag06-378-business_intelligence_und_data_warehousing_mit_kettle","url":"https://api.media.ccc.de/public/events/a44b9b1c-4839-5d07-9f44-166a59cb6dda","conference_title":"Linuxtag 2006","conference_url":"https://api.media.ccc.de/public/conferences/linuxtag06","related":[{"event_id":2074,"event_guid":"Gv2W9O5Y0KYXXWnaC2IYXw","weight":1},{"event_id":5623,"event_guid":"0f74ae28-15c4-5f97-8c6f-dc90619ac30d","weight":1},{"event_id":5624,"event_guid":"de905f06-a3a5-593c-a862-95969b167793","weight":1},{"event_id":6247,"event_guid":"74f91f9e-dc11-4af0-b393-69ebb684e9e9","weight":1},{"event_id":6248,"event_guid":"a142251b-81f2-4195-95ba-c0f3818ce884","weight":1},{"event_id":6307,"event_guid":"68c4a471-12ae-4b1a-b4e6-a54528f5377a","weight":1},{"event_id":6720,"event_guid":"0401b381-51f1-5e0b-aa93-b24aba39a2d8","weight":1}]},{"guid":"21bf8bef-026f-54bc-a0c9-815d0b018f44","title":"High availability clustering of virtual machines ? possibilities and pitfalls","subtitle":null,"slug":"linuxtag06-306-high_availability_clustering_of_virtual_machines_possibilities_and_pitfalls","link":"https://c3voc.de","description":" Virtualization techniques get more and more popular. They allow to run multiple virtual servers on a single physical machine. Todays powerful machines allow to consolidate multiple old physical servers to a single new physical server. With the help of virtualization, these old physical servers can be run as dedicated virtual servers on this single hardware. So far, so good.  But there is another difference, too. In the past a hardware outage led to the outage of a single server. Today tens of virtual servers are down, if the hardware of the underlying machine fails. So far, so bad.  Isn't it possible to simply implement a HA cluster to get rid of this problem? Well, yeah, but it depends... There are different virtualization techniques available, e.g.: hardware-virtualization (like VMware), para-virtualisation (like Xen), and OS-virtualization (like OpenVZ or Linux-Vserver). Depending on the virtualization technique, the way how the cluster can be implemented differs. You can cluster the underlying host system, or build the cluster between two virtual servers running on different hardware nodes. It's even possible to build clusters between a node running on a physical server, and another node running on a virtual server. You can also choose to use shared storage, or to use storage replication like DRBD.  This talk gives an overview about the different possibilities of high availability clustering in virtual environments, their respective advantages and drawbacks, and possible pitfalls. The discussed virtual environments include OpenVZ (http://www.openvz.org), Linux-Vserver (http://linux-vserver.org/), Xen (http://www.cl.cam.ac.uk/Research/SRG/netos/xen/), and User Mode Linux (http://user-mode-linux.sourceforge.net/). One example of host operating system clustering, using OpenVZ, Heartbeat, and DRBD will be explained in detail. Some people already begun to cluster virtual environments. You can find some of their experiences at the following URLs: http://linux-vserver.org/Vserver+DRBD, http://dash.ionblast.net/xen/cluster.html, http://people.redhat.com/pcaulfie/docs/xencluster.html \n\nÜber den Autor Werner Fischer:  Werner Fischer is working for Thomas-Krenn.AG in the development team for a bundled cluster solution based on Heartbeat, DRBD, and Virtuozzo. At Universitiy he built his first Linux HA cluster, which he presented at the IBM Linuxkongress 2003 in Hagenberg. Werner spent one year at IBM Mainz, testing different Linux cluster solutions in SAN environments and writing his thesis. Together with other IBMers he wrote two IBM Redbooks in the HA and storage area. Until August 2005 he worked for IBM Global Services ITS in Austria. Werner holds a graduate degree in computer and media security from the University of Applied Sciences of Upper Austria in Hagenberg where he now also teaches as assistant lecturer. Über den Autor Christoph Mitasch:  Christoph Mitasch started to study at the University of Applied Sciences Hagenberg (Austria) in the diploma course Computer- and Mediasecurity. After a studies project related to Linux High Availability (HA), the first results where presented at the IBM Linuxkongress 2003 in Hagenberg. Next, a half year internship at IBM Linz about Linux HA followed in autumn 2003. In spring 2004 Christoph Mitasch started to write his diploma thesis titled \"Server-Based Wide-Area Data Replication for Disaster Recovery\" for IBM. In June 2004 graduaded at University of Applied Sciences Hagenberg. From March 2004 to September 2005 Christoph Mitasch worked for IBM Global Services in Linz, Austria. In September 2005 he joined the Thomas-Krenn.AG and is since then working in the development team for a bundled cluster solution based on Heartbeat, DRBD and Virtuozzo. Christoph Mitasch also teaches as a assistant lecturer at University of Applied Sciences for course of studies Computer- and Mediasecurity and Mobile Computing. Beside working with computers, Christoph Mitasch enjoys running and juggling, where he currently is holding a world record in club passing.","original_language":"eng","persons":["Werner Fischer (Thomas-Krenn.AG)","Christoph Mitasch (Thomas-Krenn.AG)"],"tags":["linuxtag06","306"],"view_count":42,"promoted":false,"date":"2006-05-06T00:00:00.000+02:00","release_date":"2018-06-25T02:00:00.000+02:00","updated_at":"2024-02-05T15:15:08.018+01:00","length":2937,"duration":2937,"thumb_url":"https://static.media.ccc.de/media/events/linuxtag/2006/306-sd.jpg","poster_url":"https://static.media.ccc.de/media/events/linuxtag/2006/306-sd_preview.jpg","timeline_url":"https://static.media.ccc.de/media/events/linuxtag/2006/21bf8bef-026f-54bc-a0c9-815d0b018f44-timeline.jpg","thumbnails_url":"https://static.media.ccc.de/media/events/linuxtag/2006/21bf8bef-026f-54bc-a0c9-815d0b018f44-thumbnails.vtt","frontend_link":"https://media.ccc.de/v/linuxtag06-306-high_availability_clustering_of_virtual_machines_possibilities_and_pitfalls","url":"https://api.media.ccc.de/public/events/21bf8bef-026f-54bc-a0c9-815d0b018f44","conference_title":"Linuxtag 2006","conference_url":"https://api.media.ccc.de/public/conferences/linuxtag06","related":[{"event_id":298,"event_guid":"import-7c2ae6208f3c3d0507","weight":1},{"event_id":2938,"event_guid":"03c8501f-d327-4228-a9fe-2635370d25d2","weight":1},{"event_id":3972,"event_guid":"f1ce0b2e-36c7-52e8-9bb2-b81773f0c210","weight":1},{"event_id":4358,"event_guid":"cb846c22-e62f-457d-b37d-ae97f795d215","weight":1},{"event_id":5446,"event_guid":"0f2f3643-570b-5e82-ae4d-0104af27867c","weight":1},{"event_id":5606,"event_guid":"0cebf60f-0411-5ac1-a647-945f42c793fe","weight":1},{"event_id":5607,"event_guid":"d360b86d-4efa-5caa-a6a3-87fde4b48cdf","weight":1},{"event_id":5613,"event_guid":"1a145dde-fc10-5e84-b37f-f712aa0897d8","weight":1},{"event_id":5637,"event_guid":"d9898c2f-fd78-4d04-b5d3-683df6895fa3","weight":1},{"event_id":5794,"event_guid":"1963b747-4067-4b34-9c45-debd2f020fef","weight":1},{"event_id":5810,"event_guid":"291fe17d-80ca-46a9-9978-c61509a4f9c9","weight":1},{"event_id":6339,"event_guid":"e323a8be-0bc6-553f-b54b-2ffc0b226c12","weight":2},{"event_id":6419,"event_guid":"96d10915-cc4b-42ca-ad75-15205db70d0b","weight":1}]},{"guid":"19791402-c9fd-55f5-9c5b-e9a0e006f51c","title":"Towards Better Memory Management in Hosted Linux Systems","subtitle":null,"slug":"linuxtag06-307-towards_better_memory_management_in_hosted_linux_systems","link":"https://c3voc.de","description":"Hubertus Franke, Martin Schwidefsky, Ray Mansell, Himanshu Raj, Damian Osisek, JongHuyk Choi  IBM Corporation  In this presentation we will introduce a novel collaborative memory management (CMM) for Linux when run virtualized in a hosted environment. CMM targets hosted environments where significant memory over-commitment is desired. Traditionally, in hosted/hypervised systems, like VMWare and XEN, this problem has been solved by dynamically adjusting the effective real memory sizes of the Linux guests through memory ballooning. However, this approach requires working set size estimations for each guest OS as well as frequent interactions with the guest OS to trigger changes and assert pressure on the guest to run its page eviction algorithms (LRUs). In systems where the host supports paging (VMWare, zSerie’s zVM), the host can utilize paging to provide the over-commitment of memory to its guests. In over-committed memory scenarios, both approaches can introduce significant overhead. Ballooning does not scale well with the number of guests, while host paging can introduce significant I/O activity.  With host paging, the host deploys its own global host page eviction algorithm (LRU). The overhead origins from the fact that the host does not have any knowledge about the utilization of a guest page and as a result it must save the content of a guest page to the host swap area. CMM provides a facility that enables guest operating systems and hosts to share page usage and status information. This information is used by both, the host and the guest, to coordinate and optimize their paging behavior. The primary target is to help identify pages that are either unused (free) or that have a backing on storage and that can be reread by Linux (e.g. read only file pages). Such pages can simply be discarded by the host without the need to swap them out and without any involvement by the guest. When these pages are subsequently addressed again by the guest, a special page fault is sent to the guest to reload the content of the page from the backing storage. This reduces the delays a guest will experience due to host paging and it also reduces host paging activity.  CMM has been prototyped for IBM's newest z/Architecture mainframe z9 virtualization stack, i.e. it's zVM hypervisor/host operating system and the Linux guest operating system. The page status information sharing is implemented as a z/Architecture millicode instruction. Linux was modified to track and communicate all its page state changes using said instruction to z/VM, which utilizes state information during its paging operation. We will show that under tight memory constraints this approach improves overall system performance.\n\nÜber den Autor Hubertus Franke:  Dr. Hubertus Franke is a Research Staff Member at the IBM T.J.Watson Research Center, Yorktown Heights NY, where he currently manages the Enterprise Linux Group. His groups primary objectives is to drive enterprise level functionality towards the linux kernel. His technical interests are Operating Systems, Computer Architecture and distributed systems. In previous assignments at IBM research he contributed to the IBM SP2 supercomputer system through the implementation of the MPI message passing layer and the gang scheduling system. He received a Diplom Informatik degree from the Technical University of Karlsruhe in 1987 and a Ph.D. in Electrical Engineering from Vanderbilt in 1992.","original_language":"eng","persons":["Hubertus Franke (IBM T.J. Watson Research Center)"],"tags":["linuxtag06","307"],"view_count":17,"promoted":false,"date":"2006-05-06T00:00:00.000+02:00","release_date":"2018-06-25T02:00:00.000+02:00","updated_at":"2021-07-22T11:30:04.337+02:00","length":3060,"duration":3060,"thumb_url":"https://static.media.ccc.de/media/events/linuxtag/2006/307-sd.jpg","poster_url":"https://static.media.ccc.de/media/events/linuxtag/2006/307-sd_preview.jpg","timeline_url":"https://static.media.ccc.de/media/events/linuxtag/2006/19791402-c9fd-55f5-9c5b-e9a0e006f51c-timeline.jpg","thumbnails_url":"https://static.media.ccc.de/media/events/linuxtag/2006/19791402-c9fd-55f5-9c5b-e9a0e006f51c-thumbnails.vtt","frontend_link":"https://media.ccc.de/v/linuxtag06-307-towards_better_memory_management_in_hosted_linux_systems","url":"https://api.media.ccc.de/public/events/19791402-c9fd-55f5-9c5b-e9a0e006f51c","conference_title":"Linuxtag 2006","conference_url":"https://api.media.ccc.de/public/conferences/linuxtag06","related":[{"event_id":682,"event_guid":"import-a459e40d704e748d02","weight":2}]}]}