Check out the new USENIX Web site.
18th Large
 Installation System Administration Conference, November 14-19, Atlanta,
LISA '04 Home            USENIX Home            Events            Publications            Membership
Register  |  Organizers  |   Invitation  |   At a Glance  |  Training  |  Tech Sessions  |  WIPs
BOFs  |  Workshops  |  Exhibition  |  Sponsors  |  Social Activities  |  Hotel/Travel  |  Students
Questions?  |  Help Promote!  |  Call for Papers  |  Past Proceedings

Technical Sessions: Wednesday, November 17 | Thursday, November 18 | Friday, November 19 | All in one file

Wednesday, November 17, 2004
8:45 a.m.–10:30 a.m. Wednesday
Opening Remarks, Awards, Keynote
Marquis I & II

Keynote Address
Going Digital at CNN

Howard Ginsberg, CNN

MP3 IconListen in MP3 format

View Presentation Slides (PDF)

CNN has long utilized digital non-linear editing of video on a large scale in post-production. In the late 90's, as part of a technology plan for the new century, the decision was made to bring the advantages of digital video to the production process by replacing most of the videotape-based operations with server-based video storage.

In advance of new technologies that would enhance news gathering and transmission to CNN Center in Atlanta, the technology plan included server-based recording, editing, and playback. File-based, faster-than-realtime video transfer significantly reduces time-to-air for CNN's newsgathering operations around the world and substantially improves access to archived footage.

CNN is currently deploying large-scale systems in Atlanta and New York that will support its very large recording and editing operations. Ultimately, these will replace most of the videotape-based operations in both cities. There are some significant technical challenges these systems must meet, especially in the areas of capacity, bandwidth, and reliability.

In Atlanta, CNN is installing a fully redundant 2 x 20TB system to host approximately 2,000 hours of MPEG-2 broadcast quality video & audio and MPEG-1 proxy/desktop-quality video & audio.

The New York bureau has just begun using a fully redundant 2 x 14TB system to host approximately 1,500 hours of MPEG-2 broadcast-quality video & audio and MPEG-1 proxy/desktop-quality video & audio.

The Atlanta video archive currently consists of a huge collection of videotapes, some of which have deteriorated so badly that they can only be played one more time. The digital successor for this archive will consist of a large hierarchical storage installation. It needs to be capable of ingesting 200 hours of video per day and transferring an estimated 280 gigabytes of data every hour. Storage requirements for this archive are in excess of a petabyte.

This presentation will discuss the new digital installation and the task of migrating from existing systems.

10:30 a.m.–11:00 a.m.   Break  
11:00 a.m.–12:30 p.m. Wednesday
Marquis III


Session Chair: Rudi Van Drunen, Leiden Pathology and Cytology Labs, Leiden, The Netherlands

Awarded Best Paper!
Scalable Centralized Bayesian Spam Mitigation with Bogofilter

Jeremy Blosser and David Josephsen, VHA Inc.

DIGIMIMIR: A Tool for Rapid Situation Analysis of Helpdesk and Support Email
Nils Einar Eide, Andreas N. Blaafadt, Baard H. Rehn Johansen, and Frode Eika Sandnes, Oslo University College

Gatekeeper: Monitoring Auto-Start Extensibility Points (ASEPs) for Spyware Management
Yi-Min Wang, Roussi Roussev, Chad Verbowski, and Aaron Johnson, Microsoft Research; Ming-Wei Wu, Yennun Huang, and Sy-Yen Kuo, National Taiwan University

Marquis I

Session Chair: Æleen Frisch, Exponential Consulting

What Is This Thing Called System Configuration?
Speaker: Alva Couch, Tufts University

View Presentation Slides: HTML | PDF

Over the last few years, there has been considerable development in theoretical work on system configuration, but no mainstream production tools have incorporated the results of this work. This talk will show how an understanding of some basic principles of system configuration can help to insure the best possible practices and utilization of current technologies. It will also indicate how some current research areas may influence the next generation of tools.

Anomaly Detection: Whatever Happened to Computer Immunology?
Speaker: Mark Burgess, Oslo University College

Anomaly detection is about finding behavior in systems that is unusual by some criterion. It has been applied to spam detection, security breach monitoring, and resource management amongst other things. In 1998, Mark suggested a generic form of anomaly detection and repair as a model of system administration, called Computer Immunology.

Detecting anomalies is easy—actually too easy. The problem lies in finding out which of them are interesting. How do we find signal in the noise? How do we formulate a policy for which are interesting?

In this talk Mark explains some of the state-of-the-art principles of anomaly detection—how events can be observed and patterned for machine analysis. Should we centralize anomaly detection? Can we define a language for anomalies (and is it just grep)?

In Mark's usual style, this talk is about understanding core principles and looking toward future technologies that employ them.

Marquis II

Session Chair: Esther Filderman, The OpenAFS Project

What Information Security Laws Mean For You
Speaker: John Nicholson, Shaw Pittman

View Presentation Slides

The good is also the bad news—people (including the government) are realizing how important information security is. The purpose of this presentation is to give you an overview of the laws impacting security, both in general and on a daily basis. The presentation will cover laws such as FISA, HIPAA, GLBA, the Patriot Act, and laws related to monitoring and searches. In addition, we will discuss searches, incident response, and current theories regarding liability for failure to implement security.

Marquis IV

Gerald Carter, Samba Team/Hewlett-Packard

Gerald Carter has been a member of the Samba Development Team since 1998 and is now helping to coordinate the project's release process. He has published articles with various Web-based magazines and teaches instructional courses as a consultant for multiple companies. Currently employed by Hewlett-Packard as a Samba developer, Gerald has also written books for both SAMS and O'Reilly Publishing.

12:30 p.m.–2:00 p.m.   Lunch (on your own)
2:00 p.m.–3:30 p.m. Wednesday
Marquis III

Intrusion and Vulnerability Detection
Session Chair: Yi-Min Wang, Microsoft Research

A Machine-Oriented Vulnerability Database for Automated Vulnerability Detection and Processing
Sufatrio, Temasek Laboratories, National University of Singapore; Roland H. C. Yap, School of Computing, National University of Singapore; Liming Zhong, Quantiq International

DigSig: Runtime Authentication of Binaries at Kernel Level
Axelle Apvrille, Trusted Logic; David Gordon, Ericsson; Serge Hallyn, IBM LTC; Makan Pourzandi and Vincent Roy, Ericsson

I3FS: An In-Kernel Integrity Checker and Intrusion Detection File System
Swapnil Patil, Anand Kashyap, Gopalan Sivathanu, and Erez Zadok, Stony Brook University

Marquis I

Session Chair: Esther Filderman, The OpenAFS Project

LiveJournal's Backend and memcached: Past, Present, and Future
Speakers: Lisa Phillips, Brad Fitzpatrick

View Presentation Slides (PDF)

Blogging before blogging was a word, started off as a hobby project for Fitzpatrick and some friends and is now home to well over 4,000,000 accounts, over half of which are in active use.

With a built-in social networking system, per-journal-entry security, message boards, a LJ/RSS/Atom news aggregator, support for 20+ languages, a technical support system, and more, is a beast of an open source project, addictive to both users and developers. What's just as interesting, however, is how it all runs.

Come learn about's backend, past, present, and future. Discussion will include:

The site's history: how it's gone from one server to over sixty, adapting both its code and architecture to fit each other as the site grows.

Load balancing: commercial vs. open source vs. home-grown open source. When to use each, and how to use them effectively together.

MySQL tricks and replication: when and how to use MyISAM, when to use InnoDB, partitioning your data across clusters, moving users around clusters, replication topologies, for high-availability and easy maintenance, the DBI::Role library for load balancing and role-based handle acquisition.

Memcached, the site's distributed caching daemon and client libraries, originally built for LiveJournal, but in the last year now in use by Slashdot, Wikipedia, and others. Learn how memcached was used to make things really fast and avoid hitting the database. Learn why memcached works so well with lots of machines compared to local caching, and what been done to make the protocol, server, and memory allocator so fast.

And, of course, audience questions and comments will round out this session.

Marquis II

Session Chair: Lee Damon, University of Washington

NFS, Its Applications and Future
Speaker: Brian Pawlowski, Network Appliance

View Presentation Slides:

NFS has evolved since its inception at Sun in 1984 to provide a robust, heterogeneous, and scalable storage networking solution for many applications.

Its evolution is now managed within the NFS Version 4 working group in the IETF, with initial versions of the latest protocol available from a few vendors now.

This talk will take a deep and detailed plunge into the current state of NFS, the new features of Version 4, and the work facing the community in the future. Technology directions of iWARP (RDMA), hardware accelerations, exploiting high performance networks, and addressing security concerns are on the agenda for this segment.

A special highlight will be a focus on the relationship of Linux and NFS. Scalable compute clusters based on Linux have been a driving force in a lot of the performance work and future direction of NFS, where it provides a matching scalable storage infrastructure to match the emerging application architectures. This section will be framed in terms of a template for deployment and a description of best practices.

Marquis IV

Mac OS X
Michael Bartosh, Consultant

Michael Bartosh is an author, consultant, and trainer specializing in Mac OS X and Mac OS X Server in the context of cross-platform directory services and server infrastructures. A frequent speaker at technical conferences, Michael focuses on solutions that minimize impact on existing infrastructures. His Essential Mac OS X Server Administration (O'Reilly) is due out in February of 2005. Originally from Texas, he now resides in downtown Denver, CO, with his wife, Amber.

3:30 p.m.–4:00 p.m.   Break
4:00 p.m.–5:30 p.m. Wednesday
Marquis III

Configuration Management
Session Chair: Jon Finke, RPI

Nix: A Safe and Policy-Free System for Software Deployment
Eelco Dolstra, Merijn de Jonge, and Eelco Visser, Utrecht University

Auto-configuration by File Construction: Configuration Management with newfig
William LeFebvre and David Snyder, CNN Internet Technologies

AIS: A Fast, Disk Space Efficient "Adaptable Installation System" Supporting Multitudes of Diverse Software Configurations
Sergei Mikhailov and Jonathan Stanton, George Washington University

Marquis I

Session Chair: Esther Filderman, Pittsburgh Supercomputing Center

Speaker: Mike Ciavarella, University of Melbourne

Marquis II

Session Chair: Adam S. Moskowitz, Menlo Computing

The Security Role of Linguistic Content Analysis
Speaker: Jim Nisbet, President & CEO, Tablus, Inc.

View Presentation Slides:

Computational linguistics is not a technology usually associated with networking devices such as firewalls and packet monitors, but this technology offers some powerful new capabilities. The premise is that if we want to look for high-value information leaving the company, then we need to look to the same kind of linguistic categorization technologies software companies have historically used. This talk principally explores content analysis techniques, ranging from regular expression pattern matching to latent semantic analysis, that can be used to identify content characteristics reliably enough that policies can be defined based on the content itself.

Marquis IV

Bdale Garbee, HP Linux CTO/Debian

Bdale, a former Debian Project Leader, currently works at HP helping to make sure Linux will work well on future HP systems. His background includes many years on both UNIX internals and embedded systems. He helped jump-start ports of Debian GNU/Linux to 5 architectures other than i386. When Bdale isn't busy keeping his basement computer farm full of oddball systems running Linux, working, he's busy with amateur radio, most likely building amateur satellites.

?Need help? Use our Contacts page.

Last changed: 19 Oct. 2007 ac