Get news? 2011 | 2010 | 2009 | 2008 | 2007 | 2006 | 2005 | 2004 | 2003 | 2002 | 2001 | 2000 | 1999 | 1998 | 1997 | About | Contact Want to help?

Linux-Kongress 2004
11th International Linux System Technology Conference
September 7-10, 2004 in Erlangen, Germany

Home | Program | Abstracts | Tutorials | Fees | Registration | Location | Sponsors | Call for Papers


Tutorials deliver in-depth information by experts on their subject. They are a great chance to learn something new, quite often from the developers themselves. You are treated to an afternoon of intense learning and will come away with a good understanding of the subject.

There are two tutorial days, Tuesday, September 7 and Wednesday, September 8. One tutorial is two days long - the others are one day long. So, you can participate in either one one-day tutorial, two one-day tutorials or one two-day tutorial. The tutorials start at 10:00 and end at 18:00, there will be two coffee-breaks (about 11:30-12:00 and 16:00-16:30) and one lunch break (about 13:30-14:30). For information about prices take a look onto the fees page.

All tutorials are presented in English.

The following tutorial takes place on Tuesday, September 7 and Wednesday, September 8 (10:00-18:00), but is already alread fully booked:

Please note that the SELinux 101-tutorial had to be cancelled! We are planning to offer both the IPv6- and the SELinux 101-tutorial over a weekend in September/October. Please send a short to email to if you are interested in participating.

The following one-day tutorials take place on Tuesday, September 7 (10:00-18:00):

The following one-day tutorials take place on Wednesday, September 8 (10:00-18:00):

TT1: IPv6 with Linux: An Introduction by Benedikt Stockebrand Tuesday 10:00-18:00 and
Wednesday 10:00-18:00

The tutorial intends to create a self-supporting IPv6 network from scratch using the participants own (Linux) computers.

The topics covered in-depth during the first part of the tutorial are: how to activate IPv6 support in the OS; the structure and notation of IPv6 addresses; fundamental differences between IPv4 and IPv6; neighbor discovery and duplicate address detection; static address configuration as a last resort; stateless address autoconfiguration; IPv6-related DNS extensions; host-driven dynamic DNS updates; IPv6 support of various essential services, including SSH, NTP, SMTP, (x)inetd and HTTP; static routing configuration; dynamic routing with RIPng; dual-stack configurations; how to provide links between the IPv4 and IPv6 worlds through application gateways.

Once the network has reached an operational state we discuss current security issues and then present ways to connect to the "Internet6".

The tutorial closes with an overview of the new features IPv6 has to offer, including quality of service, tunneling techniques, IPsec and mobile IPv6.

Basic IPv4 networking operation and configuration experience is needed but IPv6 knowledge is not. Bringing your own (Linux) computer, notebook or otherwise, is also important but not mandatory. If at all possible, pick a Linux distribution you feel personally comfortable with.

Due to the lab-style nature of the tutorial a maximum number of twelve participants has to be imposed.

Benedikt Stockebrand

About the speaker:

Benedikt Stockebrand is freelance IT system architect and trainer with a strong background in Unix (including, but not limited to, Linux) and TCP/IP networking.

For a long time his personal areas of interest have been efficient, scalable and reliable system designs. His current work focus however is IPv6 in general and the deployment of IPv6 in Unix environments in particular.

He is "Diplom-Informatiker", the German equivalent of a MSc in Computer Science.

You can contact him via e-mail as or through his home page at

TT3: Recovering from Hard Drive Disasters by Theodore Ts'o Tuesday 10:00-18:00

Ever had a hard drive fail? Ever kick yourself because you didn't keep backups of critical files, or you discovered that your regularly nightly backup didn't? (Of course not, you keep regular backups and verify them frequently to make sure they are successful.) For those of you who don't, this tutorial will discuss ways of recovering from hardware or software disasters. Topics covered will include a basic introduction to how hard drives works, filesystems, logical volume managers, and software raid on Linux. Specific low-level techniques to prevent data loss will include recovering from a corrupted partition table, using e2image to back up critical ext2/3 filesystem metadata, using e2fsck and debugfs to sift through a corrupted filesystem, and finally some measures to avoid needing heroic measures to recover your data in the first place.

Theodore Ts'o

About the speaker:

Theodore Ts'o has been a C/Unix developer since 1987, and has been a Linux kernel developer since September 1991. He led the development of Kerberos V5 at MIT for seven years, and is the primary author and maintainer of the ext2/ext3 filesystem utilities. Theodore currently serves on the board of the Free Standards Group and contributes to the development of the Linux Standard Base. He currently is a Senior Technical Staff Member with the IBM Linux Technology Center.

TT4: Rule Set Based Access Control (RSBAC) by Amon Ott Tuesday 10:00-18:00

RSBAC is a flexible, powerful and fast open source access control framework for current Linux kernels, which has been in stable production use since January 2000 (version 1.0.9a). Due to a powerful infrastructure, many different security policies can easily be implemented as a decision module. RSBAC is also part of the Adamantix Secure Linux distribution.

The current version 1.2.3 includes a wide range of modules, which control almost every access to local or remote resources. The ability to find, choose and combine those security models, which best fit your own needs and way of thinking, is one of the most important strengths of the system.

This tutorial will present an overview of the RSBAC system and its modules. It will teach the consequent use of RSBAC to secure your system from compromised services and malicious users.

A balanced combination of short lectures and hands-on training is desired, depending on the experience and the amount of available Laptops in the audience. Certainly, all practical examples can also be centrally demonstrated by the tutor.

The planned topics are:

  1. Introduction
  2. Generic Overview of RSBAC
  3. Technical Overview
  4. Installation
  5. Configuration Tools
  6. How to Identify Security Requirements on a Server
  7. Selecting a Security Model Combination
  8. Breaking the Requirements into Model Specific Designs
  9. Sample Configuration
  10. Improvement Discussion
  11. Ending It Up

Attendees should have a good Linux administration background. Basic knowledge about Linux security and RSBAC or similar solutions (LIDS, GRSecurity, SELinux etc.) is helpful, but not required.

Amon Ott

About the speaker:

Amon Ott was born in 1970 near Hamburg, Germany. He is the main author of the RSBAC project, which he started in 1996 for his Diploma thesis in Informatics at Hamburg University. After his degree he received more and more positive feedback on the RSBAC system, so he continued his work and eventually started writing his dissertation on the topic.

From 1992 to 2003 he was working as an independent consultant. Since January 2004 he has been working full-time for his partly owned company m-privacy GmbH in Berlin, which also organizes the funding of further RSBAC development. He still lives in Hamburg with his wife and two small children.

TT5: Setting up networked printing with CUPS, Foomatic and Samba by Kurt Pfeifle and Till Kamppeter Tuesday 10:00-18:00

Printing is a stepchild in most networked IT environments. Often the setup reminds of a jungle: different protocols, printer languages and networking protocols, central spooling and peer-to-peer printing co-exist side by side -- but mostly not very peacefully. Admin time is often eaten by debugging a users' print problems. The overall costs of the undertaking is seldomly tracked and often not known at all.

Recently we see a tendency to migrate network printing (alongside other services) over to Linux-based servers (even where the clients remain with Microsoft operating systems), with CUPS at the head of the migration movement. CUPS works very closely with Samba to extend its hand to Windows-based clients.

CUPS offers some unique features no other spooling system can offer:

  • It is a network-transparent PostScript-RIP in software,
  • It allows all clients to consolidate on PostScript drivers (even if the target printer is a non-Postscript inkjet).
  • Based on the new IETF standard for network printing, IPP (Internet Printing Protocol), it is designed to replace the venerable, but "kludgy" LPD.

CUPS offers all clients the full feature and finishing set of the printers (various resolutions, duplex, stapling, punching, coversheets or folding) through its support and extension of the PPD quasi-standard (PostScript Printer Descriptions). It ships now as the default printing system on most Linux distros; it is the printing system for Mac OS X; it is easy to install on all commercial UNIXes and there is now evenn a Windows-client available.

Native clients benefit from an automatic, zero-configuration setup. It enables them to discover available printers and drivers through the network, avoiding any specific admin or user interventions on the clients if there are reconfigurations or printer additions and deletions on the servers.

Windows clients may get their drivers downloaded and installed automatically with the help of Samba'a "point and print" support.

CUPS is able to provide accounting about every job (logging the number of pages, usernames, printername, time of print etc.) to provide a means of control and financial planning for the efficient distribution of ressources. It supports other established internet standards, such as SLP (Service Location Protocol), LDAP (Lightweight Directory Access Protocol), TLS (Transport Layer Security), and others.

This tutorial will show how to set up a print server with CUPS, Foomatic, and Samba:

  • How to set up the printing infrastructure on the Linux server with CUPS
  • Host-based PostScript for non-PostScript printers: GhostScript and Foomatic
  • Which printer to buy: Inkjet? Laser? Others? Which brands and models do really work?
  • How to configure Samba to share CUPS print queues with Windows clients (the old "LanMan" method and the new "Point and Print").
  • How to understand and use CUPS as a network PostScript RIP(PostScript drivers on clients, even for non-PostScript target devices)
  • How to create and install your own CUPS filters for file formats not supported yet, watermarks, ...
  • CUPS server security: Allowing and denying access to clients, authentification...
  • Page Accounting with PyKota
  • Where to find "migration tools" which automate the tedious task to transfer 100s of printer drivers and printqueus from an NT print server to a new Samba print server (achieving in minutes what would take days if done the traditional way)
  • Debugging CUPS if there are problems

One other main item is to thoroughly discuss the CUPS filtering system and its ability to autodetect MIME types of printjobs and autoconstruct an appropriate filtering chain to produce the right format for the target printer:

  • how does autotyping MIME types work?
  • which configuration files determine the filtering chain construction?
  • how can we write our own filters?
  • how can we write our own backends?
  • how can we use our own banner pages?
  • how do we make CUPS use our self-written filters and backends?

We will write some simple and some advanced CUPS filters, and we will edit some PPD files to change their effects and operation. Amongst the filters discussed are:

  • one filter that adds a customized watermark to each page ("watermark" filter)
  • one filter that merges 2 PostScript files into one before it goes to the final print device ("psmerge" filter)
  • and some more....

Amongst the backends discussed are:

  • one that "prints to PDF" and writes the job to a PDF file ("pdf" backend)
  • one that multiplies the job and sends it to different printers at once ("fan-out" backend)
  • one that compresses all files before sending them to a remote CUPS server ("gzip" backend)
  • and some more....

And all this will not only be explained in theory, but accompanied by many live demonstrations.

The approach to the workshop is flexible. Participants will be able to ask for emphasis on certain topics at the beginning of the session. They might even bring their laptops and get help to setup their printing system or troubleshoot some weird problem....

Target audience: Everybody -- experienced network administrators as well as "home-only" users.

Required skills: None -- but danger! Your knowledge about traditional Unix printing might look very obsolete after attending this session... You will really learn to appreciate the flexibility of CUPS and know how to use it for your printing needs.

Kurt Pfeifle

About the speakers:

Kurt is working as a system engineer at Danka Deutschland GmbH. His job includes consulting and training related to network printing, IPP (Internet Printing Protocol), migrating heterogeneous networks to Linux print servers (with the help of CUPS and Samba).

He has been helping with both the and the KDEPrint websites and with user support in various newsgroups. He writes documentation related to printing and works as a beta tester for CUPS and KDE printing stuff. He also wrote most of the Documentation of the Samba HOWTO Collection dealing with printing. In various newsgroups he is actively helping users to solve their printing problems, minor and major ones.

Currently he is busy with a book about CUPS (dealing with printing on Linux, Unix, Mac OS X and MS Windows).

Till Kamppeter

Till holds a PhD in Theoretical Physics. While he made his PhD he was system administrator for Unix and GNU/Linux in the physics department. As system administrator he got to the free software with contributions to X-CD-Roast. Later XPP was his first own project. XPP lead him to MandrakeSoft in Paris in August 2000, where he now is responsible for the printing and digital imaging in MandrakeLinux.

His main project now is maintaining the web site with its printer database and the Foomatic software. He improved this system substatially. Currently Foomatic is the standard for printer driver intergration in most major GNU/Linux distribution. He is also in the Open Printing Group of In the past he has given several talks and presentations on free-software-related events and written several articles in free software magazines.

TW3: Inside the Linux Kernel by Theodore Tso Wednesday 10:00-18:00

This tutorial will give you an introduction to the structure of the Linux kernel, the basic features it provides, and the most important algorithms it employs.

The Linux kernel aims to achieve conformance with existing standards and compatibility with existing operating systems; however, it is not a reworking of existing UNIX kernel code. The Linux kernel was written from scratch to provide both standard and novel features, and it takes advantage of the best practice of existing UNIX kernel designs.

Although the material will focus on the latest release version of the Linux kernel (v. 2.6), it will also address aspects of the development kernel codebase (v. 2.7) where its substance differs from 2.6. It will not contain any detailed examination of the source code but will, rather, offer an overview and roadmap of the kernel's design and functionality.

Topics covered include:

  • How the kernel is organized (scheduler, virtual memory system, filesystem layers, device driver layers, networking stacks)
    • The interface between each module and the rest of the kernel
    • Kernel support functions and algorithms used by each module
    • How modules provide for multiple implementations of similar functionality
  • Ground rules of kernel programming (races, deadlock conditions)
  • Implementation and properties of the most important algorithms
    • Portability
    • Performance
    • Functionality
  • Comparison between Linux and UNIX kernels, with emphasis on differences in algorithms
  • Details of the Linux scheduler
    • Its VM system
    • The ext2fs filesystem
  • The requirements for portability between architectures

Theodore Ts'o

About the speaker:

Theodore Ts'o has been a Linux kernel developer since almost the very beginnings of Linux; he implemented POSIX job control in the 0.10 Linux kernel. He is the maintainer and author for the Linux COM serial port driver and the Comtrol Rocketport driver. He architected and implemented Linux's tty layer. Outside of the kernel, he is also the maintainer of the e2fsck filesystem consistency checker. Ted is a Senior Technical Staff Member of IBM's Linux Technology Center.

TW4: Introduction to Adamantix by Peter Busser Wednesday 10:00-18:00

Adamantix is a security oriented Linux distribution formerly known as Trusted Debian. It focuses on a high level of security, but without making the system unusable. The most notable features are:

  • Enhanced access control through RSBAC. RSBAC is a general security framework based on research by the famous security researches LaPadula and Adams in the early '90s. On top of this framework, a number of modules is implemented. These modules can be combined in a way which makes the total greater than the sum of the parts.
  • Enhanced memory protection through PaX. PaX is a kernel patch which provides guaranteed protection against a number of memory corruption attacks. To make full use of this patch, binaries and libraries must be rebuilt in a special way. Adamantix was the first distribution to do this.
  • Stack Smashing Protector, a patch for GCC which protects against a number of stack smashing attacks. It puts booby traps on the stack, it tries to place dangerous data closer to the booby traps (to increase the chance of triggering the booby trap) and it tries to be smart to decrease the impact it has on the performance.

In this tutorial, the attendees learn more about the philosophy behind the Adamantix project, about the working of the above mentioned security tools and how to effectively use them.

Basic knowledge about Linux system administration and programming (in C) is required. Knowledge of RSBAC is not needed. This tutorial will only explain the basics of RSBAC and how it is used in Adamantix.

About the speaker:

Peter Busser lives in Germany, but was born in the Netherlands. Everyone knows about the national obsession of the Dutch, which is keeping the water out. Most notably by putting a finger in a dyke. When Peter started to play with electronic calculators, he discovered that toys with keys are fun. Also that more keys means more fun, and started playing with computers. When security problems seemed to start to flood everyone, the Dutch instinct of putting a finger in the dyke was triggered. Finally the national obsession could be combined with Peter's obession for computers and that is how the Adamantix project came to life.

TW5: Building Portable Linux Applications using the LSB by Mats Wichmann Wednesday 10:00-18:00

The LSB project states this goal: "To develop and promote a set of standards that will increase compatibility among Linux distributions and enable software applications to run on any compliant system". The LSB specification requires conforming systems provide to provide a set of libraries, interfaces, and commands that work in a known and tested way. Most of the important Linux distributions are now LSB conforming, so that applications finally have a portability target to conform to. The LSB also describes rules about delivery of an application (packaging, filesystem locations). While the LSB is primarly a binary standard, the process of bringing an application into conformance also helps produce more portable source code, improving buildability on Linux systems and also on other POSIX-conforming systems. This tutorial will explore the process of producing and packaging a conforming program. It will show how to examine an existing non-LSB program binary and evaluate it for LSB portability problems; install and configure the LSB build environment; and port, build, check and package the resulting program. Coverage for building shared libraries for use by LSB programs is also included. Attendees are encouraged to bring a laptop and follow along on the provided Knoppix-hosted LSB build environment.

Mats Wichmann

About the speaker:

Mats Wichmann is employed as a senior staff engineer with Intel Corporation where he works primarily on community projects such as the Linux Standard Base and OSDL's Data Center Linux. A core member of the LSB project since 2001, Mats was elected project chairman at the start of this year. He has been a Linux and earlier UNIX developer since 1981. Prior to joining Intel in 2001, he spent a few years years as a professional trainer and has developed Linux and Python courseware.

TW6: Analyzing TCP performance by Stephen Hemminger Wednesday 10:00-18:00

This talk walks through my experiences benchmarking TCP on 2.6. Rather than focusing just on the TCP benchmarking and tuning parameters, it provides a process for capturing TCP traces and interpreting the result to show bottlenecks. Using this information a developer or administrator can adjust the application and kernel tuning for better performance. Examples include sender and receiver interface problems, TCP window issues, and TCP congestion.

Stephen Hemminger

About the speaker:

Stephen Hemminger is a Sr. Staff Engineer at the Open Source Development Lab (OSDL) in Beaverton, Oregon USA. As well as being the maintainer for Ethernet Bridging, Iproute2 tools, and IPV6 DHCP; he is a frequent contributor to Linux on networking device issues.

Comments or Questions? Mail to Last change: 2005-09-17