1996 National Capital FreeNet Technical Report ============================================== Submitted by Roy Hooper, NCF System Administrator At the start of 1996, NCF hired on a new System Administrator, Roy Hooper, and promoted Ian D. Allen to Technical Director in preparation for the deployment of the FreePlan line of WWW based services. Up to this point NCF had been entirely text-based using the FreePort software package with many custom modifications. 1996 was a year of expansion and change for NCF's technical operations. First Quarter (January - March) ============= Keywords: training, 12000 UIDs available, news server upgrade, etherswitch, PFA system, 1gb disk donation. The first quarter of the year introduced some major changes to hardware and the addition of a second System Administrator to the NCF team. Some minor changes to software and some experimentation with various WWW related technologies was performed. Training of the new System Administrator, Roy Hooper progressed quickly, giving NCF the added value of two competent UNIX administrators doing research and development, with Ian D. Allen performing most of the research and development and Roy Hooper doing most of the day-to-day maintenance of the system. As NCF continued to grow in it's membership base, the amount of available UIDs for the registration system kept shrinking, getting dangerously close to bringing registrations to a halt. Vital changes to the accounting system were introduced that allowed NCF to use all spare UIDs below 65000, expanding the available amount of UIDs to approximately 12,000. The hardware NCF acquired from Hardware Canada in October 1995 for a news server was finally put into service just after the AGM closed, resulting in a huge performance increase for users. We also received a donation of a 1gb disk which got deployed at the same time as the news server was upgraded. NCF also received a Plaintree Etherswitch from Loran Systems which was put into service, dramatically improving network congestion. An ACC Amazon router donated by Newbridge Networks Corporation, presented during the 3rd NCF Birthday Party was received and was not deployed until July. The PFA mail alias programming was completed and activated towards end of the first quarter. This system proved to be reasonably successful, with 320 activated PFAs on Feb 14th, 1997. Ian D. Allen wrote a report on hardware use and deployment as well as future direction for the February 20th board meeting, which is available in the minutes for Feb 20th Board Meeting or via WWW at http://www.ncf.ca/ip/freenet/subs/hw-sw/hardware-9602.html. This report proved to be reasonably accurate. Second Quarter (April - June) ============== Keywords: 32mb RAM, 4gb disk, FreePlan proposal, funding calendar The second quarter showed relatively little activity on the technical side of things other than day-to-day maintenance. Only minor changes were made to the hardware and software on NCF during this period. A fair amount of research was going into the preparation of FreePlan. A status of the research and FreePlan proposal is available in the June 18th Board Minutes. This proposal was accepted by the board. In May, 32mb more RAM was added to Freenet4 in preparation for WWW development and 4gb of disk was added to Freenet1 for user disk space. The Funding Calendar was deployed mid June. Third Quarter (July - September) ============= Keywords: Sparc 5 server, Annex 4000, shadow passwords, ACC Amazon router, network filtering, unexpected delays, home pages, 9600bps modems. The third quarter resulted in the acquisition and deployment of more hardware and much preparation, research, and development for FreePlan services. NCF also adopted tighter password security. NCF also eradicated all but a few of it's 2400bps modems from service. NCF purchased and installed a new Sun Sparc 5 110mhz with 96mb of RAM and 2gb of disk space early in the quarter and set it up for use as a FreePort user machine. It hosts 65+ users simultaneously with no trouble at all. The ACC Amazon router was installed and NCF moved to our own network, further isolating our network from Carleton in preparation for WWW services. We also purchased an Annex 4000 which never got deployed as plans to increase the number of modems in our modem pool(s) never materialized. The lead time for the purchase of the Annex 4000 was more than a month. [See the operations report for details] On the side of security, NCF began using shadow passwords to help prevent the unauthorized access to the encrypted passwords, which can then be "cracked" using brute force mechanisms with well-known software. It is known that brute force methods are only successful on simple passwords, and even so, such efforts take much computational power to perform. Although no evidence exists to prove either way, it is strongly believed that an out-dated password file fell into the hands of hackers during the first couple quarters of 1996 via a loophole in the download tools. No noticeable increase in "stolen" or misused accounts has occurred. In preparation for FreePlan, we acquired an option key for our terminal servers from Xylogics (now owned by Bay Networks) to discover that the terminal servers could not handle the scale of network filtering needed in order to secure NCF's hardware while providing PPP. Alternate solutions were discussed and work began on an alternate solution, launched in the fourth quarter. Many changes to the software needed for PPP authentication and accounting were implemented. Additionally, to maintain fairness to FreePort users, software for handling PPP time-limits was developed and tested. In addition, member home pages were switched away from the non-standard "HomePage.html" scheme to the standard public_html system, and tools were created for members to manipulate their home pages. Dave Sutherland got a lead on some inexpensive 9600bps modems, giving NCF enough modems to replace it's 96 2400bps modems with 9600bps modems. The 9600bps modems turned out to give the equivalent of 1200bps throughput to anyone with a modem capable of going 1200bps or faster. These modems turned out to be a massive headache for the System Administrator and close to 50 hours of labour were lost in getting them to function reasonably. These modems and their constant troubles have affected goodwill. At year end, NCF was still experiencing difficulties with these 9600bps modems. The only 2400bps modems left in service after upgrading the 2400bps modems to 9600bps provide dial in for some of the libraries, and PAT connections. The third quarter left NCF in a situation where it was just about ready to start working on the release of the FreePlan services, however progress in the fourth quarter was plagued with unexpected problems that delayed the release of the services. Fourth Quarter (Oct - December) ============ Keywords: FreePlan launch, renewals, Netscape Enterprise Server, 14.4k modems, modem pool shuffle, memory swap, FreeWeb, FreeMail, FreeNews, Proxy WWW, 4350 UIDs, FreeMail accountability, Lynx guest mode. The fourth quarter brought in a new era for NCF, with the launch of FreePlan being completed towards the end of the quarter. The final release of FreePlan services was delayed several months due to unexpected problems with software and hardware and the quantity of research and programming required to complete the tasks. Programming for yearly renewals began at this time, but got delayed due to the amount of time spent on FreePlan issues. Ian D. Allen was also reduced to an as-needed basis for the last few months of 1996, further impacting the delivery time on renewals development. Early in the quarter, the Plexus WWW server was switched with the Netscape Enterprise server, dramatically reducing the amount of CPU needed to service WWW requests, forwarding requests for information via the Freeport gateway via the Plexus server as needed. A solution to the filtering problem experienced on the terminal servers was devised that required the use of the Sysadmin office PC. The Linux operating system was already on it at the time and the operating system had all the necessary capabilities we needed built-in. It was decided to go ahead and use this PC, and it was installed into the NCF network in preparation for PPP services. The original PC in the office was replaced with a used machine just before year end. The rearrangement of the network to install the filter put NCF back into a familiar situation where the network was highly congested once again. This congestion problem could be solved with an additional etherswitch, which was suggested would have been donated by the end of the year. This donation is still pending. [See the October 18th Network Topology Diagram] The Netscape Mail Server was installed and the databases were loaded from the NCF user database, allowing NCF to launch the FreeMail service. Reloading the database from scratch would take many hours, and as such, required that account changes including passwords, activations, and deactivations propagate to the mail server as they occurred. This programming and research took some extensive work on the part of the Technical Director while the System Administrator was busy working away implementing PPP and preparing the hardware and software necessary for the PPP services. Some research and development went into testing out the Netscape News server, and then deciding to go with the news server we already had in place. Some software was developed to perform the necessary authentication and the FreeNews service was launched. During the course of the day on October 30th, NCF was shutdown for modem pool rearrangements breaking NCF's three modem pools down into four. Our express modem pool grew by 6 modems, bring it to 15 modems. The 14.4k pool was extended to 112 modems from 64, after removing 64 9600bps modems and replacing them with 14.4k modems. And finally, a 9 modem "FreeWeb" pool was created. This modem pool remained out of service until late in the quarter because of bad modems in the shipment from US Robotics. With the assistance of Don McCallum and Colin McFadyen, all problems with the 14.4k modems were worked out and the modem pool was ready to go. Bell Canada managed to create a "not in service" message on the 14.4k modem pool, confusing users and barraging the office with phone calls. Also during the course of the day, NCF moved some memory out of freenet1 and into Freenet4 and Freenet-News which badly needed more. Freenet1 no longer needed as much memory because it was no longer hosting user sessions. Late in the evening October 30th, NCF finally opened the doors to PPP. PPP time-limits were not yet recorded, but 60 minute session limits were enforced. "FreeWeb" was not launched at this time because software was not yet available to enforce 30 minute daily limits. Proxy WWW service was also not available at this time due to lack of infrastructure to handle requests and maintain the list of sites to which members can freely access. A few other minor things happened during the quarter, making it a very busy quarter: - Some fine tuning to the account creation process was done, including moving 4350 UIDs above 60000 to allow 4350 more users to be created on NCF. A limitation in Solaris prevented users from being created above a UID of 60000. - Some accountability issues with the new FreeMail service were addressed by modifying the mail server on the filter machine to verify the user sending the mail and replace the "From" header in the outgoing email with the correct sender information to prevent forgery and prevent accounts being shared by changing the Names appearing in the From line. - In response to urging by Information providers to provide guests on NCF with a way to view information provided on NCF's WWW server, a "guestmode" lynx was provided, answering their pleas and making NCF information once again fully available to guests. Just after the end of the year, during the first week of 1997, FreeWeb was launched and PPP session time limits were activated. The Proxy WWW server was also launched at the same time. The status of the renewals and accounting systems was not available at the writing of this report. Conclusion ---------- 1996 was a year of upheaval for the technical guys at NCF where much time was spent maintaining existing services without interruption while expanding to provide new services. Due to the efforts of Ian D. Allen, Roy Hooper, and the guidance of Lisa K. Donnelly, NCF met it's technical objectives for the year. 1996 in brief ------------- - NCF hired a new Sysadmin - acquired a PC for Sysadmin's office - ended the year with approximately 4350 UIDs available for new FreePort users - installed an etherswitch - received a donation of a 1gb hard drive - setup and activated the PFA system - purchased and added 32mb more RAM to freenet4 - purchased and added 4gb of disk space to freenet1 - wrote and installed the funding calendar - purchased and installed a Sun Sparc 5 110mhz machine (freenet5) - switched to shadow passwords - bought useless IP/RT option keys for the terminal servers - used the Sysadmin's office PC instead of the IP/RT option keys - upgraded 96 2400bps modems to 14.4k - installed the Netscape Mail server - discarded the Netscape News server - installed the Netscape Enterprise server - installed the Netscape Proxy server - upgraded 64 9600bps modems to 14.4kbps and rearranged it's modem pools - moved 32mb out of freenet1 into freenet4 and freenet-news - wrote and installed a mail filter on the filter machine to force mail to come from the logged in user, preventing forgery - installed a lynx guest mode - started the renewals project - got FreePlan rolling (FreePlace, FreeMail, FreeWeb, FreeNews, Proxy server) NCF Network Topology Diagram Oct 18, 1996 Hardware/Service Overview: freenet1: Sun SparcStation 10 Model 512, dual-processor, SunOS 4.1.3_U1 - NFS server, backup NIS server, mail server, gopher, FreePort logging freenet2: Sparc 2 clone, dual-processor, SunOS 4.1.2 - approximately 40 users (capacity for 60) freenet3: Sun SparcStation 10 Model 512, dual-processor, SunOS 4.1.3_U1 - approximately 90 users (capacity for 130) freenet4: Sun SparcStation 20 clone, Solaris 2.5 - NIS server, Web servers, DNS server, Proxy server, Plexus WWW, count servers freenet5: Sun SparcServer 5, SunOS 4.1.4 - approximately 65 users freenet6: Sun SparcStation IPX, SunOS 4.1.3_U1 - approximately 35 users freenet7: Sun SparcStation IPC, SunOS 4.1.3_U1 - POP/IMAP mail server freenet-news: Sun SparcStation 10 clone, Solaris 2.5 - news server filter.ncf: 80486dx/66, Linux 2.0.22 w/2 Ethernet cards - Ethernet filter/bridge between subnets, dns, mail filter freenet-annex1: Xylogics Annex 3 w/60 ports. 54 9600bps, 5 misc freenet-annex2: Xylogics Annex 3 w/64 ports. 42 9600bps, 9 14.4k, 9 misc, 4 starmaster (9600) freenet-annex3: Xylogics Annex 3 w/64 ports. 64 14.4k. EtherSwitch from Plaintree Two 8-port Ethernet hubs Wiring previous to October 21st: (Test machine) \ `-[Filter]_ _(Freenet-annex3) (Freenet3)_ _(Freenet7) (Freenet5)_ \ / _ _ \ / _(Freenet6) (Freenet4)_ \ || / _ _ \ || / _(Freenet-annex2) (Freenet2)_ \ |||| / _ _ \ |||| / _(Freenet-annex1) \ |||||| / \ |||||| / |||||||| |||||||| [Hub 1 ]--[ Etherswitch 10BaseT ]--[Hub 2 ] (Freenet1)--[ Etherswitch 10BaseT ]--[Router ]--outside world [ ] --[ Etherswitch 100BaseT ]--(Freenet-news) --[ Etherswitch 100BaseT ]-- Network topology as of Oct 21st (approximately): _ _(Freenet-annex1) (Freenet6)_ _(Freenet2) _ \ / _(Freenet-annex2) (Freenet7)_ \ / _(Freenet3) _ \ || / _(Freenet-annex3) _ \ || / _(Freenet4) _ \ |||| / _________________.-[ Filter ]-.__________ \ |||| / _(Freenet5) \ |||||| / \ |||||| / |||||||| |||||||| [Hub 1 |||||||| [ Etherswitch 10BaseT ]--[Hub 2 ] (Freenet1)--[ Etherswitch 10BaseT ]--[Router ]--outside world [ ] --[ Etherswitch 100BaseT ]--(Freenet-news) --[ Etherswitch 100BaseT ]-- * Note that the 100BaseT card for Freenet-news is on loan from Carleton University.