...making Linux just a little more fun!
Hello, world!
(Especially that subset that contains the LG readership. 
We have a big Mailbag for you this month - we've finally caught up!
Thanks to a lot of fantastic work on Ben's part, and a lot of troubleshooting (and creative breaking) on mine, the Mailbag also has a hot new look. We'd love to hear feedback from you on your opinion of it.
-- Kat Tanaka Okopnik, Mailbag Editor
Benjamin A. Okopnik [ben at linuxgazette.net]
Thu, 12 Oct 2006 11:15:19 -0400
Hi, all -
I've just put up an "LG projects" page (it's not yet linked anywhere);
please take a look at it, let me know what you think. I've found it
tremendously useful already for "externalizing" the project ideas I've
been carrying around in my head for a long time - now, I don't have to
remember all that stuff any more (whee!!!)
[ In service to anthropology, I've added The Missing Link. -- Kat ]
http://linuxgazette.net/jobs.html
I'd appreciate any comments on improvements, changes, etc.
* Ben Okopnik * Editor-in-Chief, Linux Gazette * http://LinuxGazette.NET *
[ Discussion continued (5 messages/3.27kB) ]
Bob van der Poel [bvdp at xplornet.com]
Thu, 07 Sep 2006 19:04:47 -0700
Or maybe the subject should read "I'm cheap, I want a host, but don't want to get ripped off and feel poorly about my choice".
Seriously, I've been looking at a bunch of low-cost hosting services. There are a whole bunch in the sub-$5.00 per month range ... and they all seem to be pretty much equal. Some of the review sites even give them decent ratings.
But, for everyone which a decent rating it's not hard to find a "never, ever use this host" review.
So, any of you folks using a cheap host you're happy with?
Oh, this is just for my personal stuff. I think I need less than 100meg storage and a few gig/month bandwidth. I can register my own domain, or get the free one included in most of the packages (is this a good/bad idea).
Hopefully someone has some experience to share.
-- Bob van der Poel ** Wynndel, British Columbia, CANADA ** EMAIL: bvdp at xplornet.com WWW: http://users.xplornet.com/~bvdp
Himanshu Thappa [himanshut at KPITCummins.com]
Sat, 16 Sep 2006 02:10:33 +0530
Hi James
Plz tell me what LD_Library_path does?tel me asap.
With Regards
Himanshu Thappa Architecture Engineer KPIT Cummins GBS Ltd. Ext No. 5648 Mob. 09881407689
[ Discussion continued (12 messages/13.45kB) ]
Benjamin A. Okopnik [ben at linuxgazette.net]
Thu, 31 Aug 2006 21:16:29 -0400
[I wrote this earlier, but it didn't go out then. Posting it anyway, despite Peter having solved it, since I figure it'll be useful to our readers.]
On Thu, Aug 31, 2006 at 11:23:23AM -0700, Peter Knaggs wrote:
[ skipping the GMail question ]
> Another question: I've come across this after updating > Debian testing: I seem to be loosing fonts, or at least > the helvetica font I need for vncviewer and imagemagic: > > For example, "display image.jpg" gives me: > > display: unable to load font > `-*-helvetica-medium-r-normal--12-*-*-*-*-*-iso8859-1'. > display: unable to load font > `-*-helvetica-medium-r-normal--12-*-*-*-*-*-iso8859-1'. > > > And vncviewer gives me this: > > $ vncviewer wherever:2 > VNC server supports protocol version 3.7 (viewer 3.3) > Password: > VNC authentication succeeded > Desktop name "wherever:2 (myusername)" > Connected to VNC server, using protocol version 3.3 > VNC server default format: > 16 bits per pixel. > Least significant byte first in each pixel. > True colour: max red 31 green 63 blue 31, shift red 11 green 5 blue 0 > Warning: Cannot convert string > "-*-helvetica-bold-r-*-*-16-*-*-*-*-*-*-*" to type FontStruct > Warning: Unable to load any usable ISO8859 font > Warning: Unable to load any usable ISO8859 font > Warning: Missing charsets in String to FontSet conversion > Warning: Unable to load any usable fontset > Error: Aborting: no font found > > > I tried searching for explanations, and as far as > I can tell I've got all the font packages installed.
First, I'd suggest checking to see if you system agrees with you about that.
ben at Fenrir:~$ xlsfonts -fn "-*-helvetica-bold-r-*-*-16-*-*-*-*-*-*-*" -adobe-helvetica-bold-r-normal--16-116-100-100-p-0-iso10646-1 -adobe-helvetica-bold-r-normal--16-116-100-100-p-0-iso10646-1 -adobe-helvetica-bold-r-normal--16-116-100-100-p-0-iso10646-1 -adobe-helvetica-bold-r-normal--16-116-100-100-p-0-iso10646-1 -adobe-helvetica-bold-r-normal--16-116-100-100-p-0-iso8859-1 -adobe-helvetica-bold-r-normal--16-116-100-100-p-0-iso8859-1 -adobe-helvetica-bold-r-normal--16-116-100-100-p-0-iso8859-1 -adobe-helvetica-bold-r-normal--16-116-100-100-p-0-iso8859-1 -cronyx-helvetica-bold-r-normal--16-116-100-100-p-0-koi8-r ben at Fenrir:~$ xlsfonts -fn '-*-helvetica-medium-r-normal--12-*-*-*-*-*-iso8859-1' -adobe-helvetica-medium-r-normal--12-120-75-75-p-67-iso8859-1 -adobe-helvetica-medium-r-normal--12-120-75-75-p-67-iso8859-1 -adobe-helvetica-medium-r-normal--12-87-100-100-p-0-iso8859-1 -adobe-helvetica-medium-r-normal--12-87-100-100-p-0-iso8859-1 -adobe-helvetica-medium-r-normal--12-87-100-100-p-0-iso8859-1 -adobe-helvetica-medium-r-normal--12-87-100-100-p-0-iso8859-1Mine certainly recognizes those patterns, and can match them from the installed fonts (which is why, I suppose, I don't have that problem.
If yours can't - and I suspect that this is what you'll find - then you need to do a little investigative work to find out what's happening. First, you'll need to find out what X considers your font directories:
[ ... ]
[ Discussion continued (7 messages/13.59kB) ]
k.Ravikishore [ravikishore.k at hclsystems.in]
Sat, 23 Sep 2006 16:35:28 +0530
How to create a bash shell script that removes all files whose names end with a "~" from your home directory and subdirectories.
----------------------------- HCL Systems, Hyderabad, India
[ Discussion continued (2 messages/2.50kB) ]
Mike Orr [sluggoster at gmail.com]
Thu, 26 Oct 2006 10:11:15 -0700
[For the Mailbag, regarding my Aug 9 letter about a Nokia tablet article.]
The more I looked into the Nokia Internet Tablet 770, the more I became concerned about its speed, capacity, and cost of add-ons I considered essential. I finally ended up going to the dark side and getting a Macintosh laptop. [1] So if anybody wants to do an article on the Nokia or on Linux or Open Source use in palmtops in general, we're looking for one.
[1] Well, it's not that dark, it's only twilight compared to a
certain other OS. But it was strange reading a 6-page license
agreement when I hadn't used proprietary software for nine years. And
I still use Linux at work.
-- Mike Orr <sluggoster at gmail.com>
[ Discussion continued (4 messages/4.82kB) ]
Suramya Tomar [suramya at suramya.com]
Tue, 10 Oct 2006 17:04:22 -0400
Hey Everyone, Got the questions below via email and I was hoping one of you might have an answer for him (The stuff in brackets are my questions):
1. If /tmp partition is mounted with noexec and nosuid flags, is it not possible to run ./configure? If so how can we bypass this?
(I remember reading somewhere that mounting /tmp with noexec and nosuid is a good security precaution, but if it causes trouble with the ./configure then is it worth it?)
2. How to modify (RPM - atrpms.net) installation of FFMPEG to include the amr_nb / amr_wb fixes in order for me to be able to convert 3GPP video to FLV.
Thanks for the help.
- Suramya
-------- Original Message --------
Subject: Re: FFMPEG Installation Date: Tue, 10 Oct 2006 17:57:20 +0100 From: <markw2@fireflyuk.net> To: TAG <tag@lists.linuxgazette.net> To: Suramya Tomar <suramya at suramya.com>References: <004901c6ea0e$05b24a10$0502a8c0 at MARKDESKTOP> <452BC78B.9040008 at suramya.com>
Hi Suramya, thanks for your reply. It's really appreciated.
Please feel free to forward my e-mail to this group as it would be great to have a solution to this.
Thanks again and best regards
Mark
PS. Would you know of any guide/tutorial that explains how to create/modify RPM's, where files are stored and where spec files can be found, once they are installed on a system?
----- Original Message -----
From: "Suramya Tomar" <suramya@suramya.com> To: TAG <tag@lists.linuxgazette.net> To: <markw2 at fireflyuk.net>Sent: Tuesday, October 10, 2006 5:17 PM
Subject: Re: FFMPEG Installation
[ ... ]
[ Discussion continued (2 messages/8.07kB) ]
clarjon1 [clarjon1 at gmail.com]
Tue, 1 Aug 2006 20:50:57 -0400
Hello, gang! I've worked on my perl program a bit, and added stuff like command line switches to it. I've gotten it set up so that, if I don't enter a switch, it will display the contents of the 'calendar' file, and if there is a command line switch, it won't. Nothing fancy...
I've attatched it, because I don't want to spend a lot of time stripping out a lot of comments. Hope you don't mind. Here's what I want to do (other than update the TODO in it):
1) More interactive: Nothing like Ncurses, just something along the lines of if I add my -A switch (for Add), and I don't specify any input, that it will allow me to enter input rather than just add a blank line. 2) Make it use arrays! That is, be able to read arrays from disk. Or would I just be better off telling it to use postgres as a database? Either way, I don't know what to do. 3) Make it able to search for a specific item, and/or sort by specific items. Very useful, dunno if it's worth the time and effort, really.
That's all I can think of at the moment.
Oh yeah, the announcement!
I'm going to Los Angeles, California on the 8th this month, to attend the DCLA conference there. I'm going to be in a plane on Monday! Very nervous, I am. I believe that we will be driving a 2hr drive down to Toronto, Ontario, and then taking a flight from there all the way to LA (hope I get a window seat!!)
Any LG people in LA? Maybe we could meet (unlikely, but would be nice :D)
Apparently, the hotel is nearby the conference (a Hilton, I've heard)
* Clarjon1 at jon.clarjon1.linux goes off, being excited...
[ Discussion continued (6 messages/10.84kB) ]
Neil Youngman [ny at youngman.org.uk]
Sun, 1 Oct 2006 19:49:09 +0100
Well I've had enough of the creeping bit rot in my Mepis installation and I want to be rid of Mepis. I'm trying to go back to a plain vanilla Debian installation. I've also recently upgraded my system with a SATA conroller and a 200GB hard disk, onto which I tried to install Debian with the Debian 3.1 net installer.
The default install hung, so I went for the "expert" install and got an installation on the SATA disk. It's definitely there, I can see it, but I can't boot from it.
It's on /dev/sda5, and grub loads the kernel up, but the kernel panics because as far as it's concerned /dev/sda5 doesn't exist. I can only assume that the kernel it has installed doesn't have the right module (SiI3112) installed for the SATA controller.
Is there a way to check what modules are built into this kernel?
Is there a simple way around this?
Is it best just to build my own kernel to replace the one that has been installed?
Neil Youngman
[ Discussion continued (26 messages/45.25kB) ]
Brian Sydney Jathanna [briansydney at gmail.com]
Tue, 26 Sep 2006 14:56:13 +1000
Hi,
I am facing a problem with one of my services which needs to be constantly monitored and restarted in case it dies. I was just wondering if there is a command / program / script which can be placed in crontab to monitor a process and restart it if its dead. Thanks in advance.
Brian.
[ Discussion continued (6 messages/7.64kB) ]
Rick Moen [rick at linuxmafia.com]
Mon, 14 Aug 2006 00:56:47 -0700
Hmm, John's post got held by Mailman, claiming that SpamAssassin had marked it as "possible spam". Let's have a look at what got into Mailman and SpamAssassin's tiny little brains:
Received: from [201.245.212.45] (port=33475 helo=localhost.localdomain) by linuxmafia.com with esmtp (Exim 4.61 #1 (EximConfig 2.0)) id 1GCMEs-0005t8-Hg for <tag at lists.linuxgazette.net>; Sun, 13 Aug 2006 13:07:21 -0700 Received: by localhost.localdomain (Postfix, from userid 1000) id 371D323055; Sun, 13 Aug 2006 15:07:01 -0500 (COT) Received: from localhost (localhost [127.0.0.1]) by localhost.localdomain (Postfix) with ESMTP id 31E942303E; Sun, 13 Aug 2006 15:07:01 -0500 (COT) Date: Sun, 13 Aug 2006 15:07:01 -0500 (COT) From: John Karns <jkarns@etb.net.co> To: TAG <tag@lists.linuxgazette.net> X-X-Sender: jkarns at localhost.localdomain To: jeff at jeffroot.us cc: tag at lists.linuxgazette.net In-Reply-To: <17630.47578.208478.397536 at localhost.localdomain> Message-ID: <Pine.LNX.4.61.0608131345520.21008 at localhost.localdomain> References: <17621.16287.466717.206264 at localhost.localdomain> <20060806022547.GA3848 at linuxgazette.net> <17621.34053.297464.620391 at localhost.localdomain> <20060807030821.GA3903 at linuxgazette.net> <Pine.LNX.4.61.0608091621130.12020 at localhost.localdomain> <20060809214806.GA4892 at linuxgazette.net> <Pine.LNX.4.61.0608121407330.836 at localhost.localdomain> <17630.47578.208478.397536 at localhost.localdomain> MIME-Version: 1.0 X-SA-Do-Not-Run: Yes X-EximConfig: v2.0 on linuxmafia.com (http://www.jcdigita.com/eximconfig) X-SA-Exim-Connect-IP: 201.245.212.45 X-SA-Exim-Mail-From: jkarns at etb.net.co X-Spam-Checker-Version: SpamAssassin 3.1.1 (2006-03-10) on linuxmafia.com X-Spam-Level: * X-Spam-Status: No, score=3.5 required=4.0 tests=AWL,BAYES_00,FORGED_RCVD_HELO, RCVD_IN_DSBL,RCVD_IN_DYNABLOCK,RCVD_IN_SORBS,RCVD_IN_SORBS_DUL autolearn=no version=3.1.1 Subject: Re: [TAG] Talkback:127/howell.html Content-Type: TEXT/PLAIN; charset=US-ASCII; format=flowed X-SA-Exim-Version: 4.2.1 (built Mon, 27 Mar 2006 13:42:28 +0200) X-SA-Exim-Scanned: Yes (on linuxmafia.com)The weird thing is, it was Mailman that objected to your message and held it for my manual approval, claiming that SpamAssassin had flagged it as "possible spam" -- yet, as you can see, SA's score was 3.5, well below the 4.0 spamicity threshold I set in SpamAssassin. I'm not sure what's going on there.
In any event, spamicity = 3.5 is eyebrow-raising enough in itself, so let's see what all those failed tests in the X-Spam-Status line are:[1]
AWL: Auto-WhiteList. This is a simple "address or IP that has been heard from in the somewhat recent past" database, giving ones not heard from recently a small boost to the maybe-distrust-this spamicity score.
BAYES_00: A "Bayesian" statistical test on the body text. The "BAYES_00" result means that the Bayesian estimate of probability is that there's only a 0-1% likelihood of your post being spam, and that result actually reduces the post's spamicity score.
[ ... ]
[ Discussion continued (3 messages/9.40kB) ]
Benjamin A. Okopnik [ben at linuxgazette.net]
Mon, 4 Sep 2006 12:44:39 -0400
On Mon, Sep 04, 2006 at 02:19:37PM +0530, Kapil Hari Paranjape wrote:
> Hello, > > Some news. > > I suppose this was bound to happen sooner or later. Debian > maintainer's J. Jaspert and E. Bloch lost patience with J. Schilling > and have forked "cdrtools" to create cdrkit. Some details at > > http://debburn.alioth.debian.org/FORK > > (The forked tar.gz can be found in http://debburn.alioth.debian.org/). > Other reasons for the fork can be found on > http://bugs.debian.org/cdrecord and on the Linux Kernel mailing lists.
Good for them and everyone else, I say. I've been struggling with (and quietly cursing at) Joerg Schilling's DVD-writing software for a long time. On the one hand, it's the only DVD-writer that I could get to work on this strange DVD drive I have (Matshita DVD-RAM UJ-820S) - but it would only let me write at 1x due to nothing more than some strange conceit of the author's. As I recall from his explanation on a web page, he had decided that the Linux /dev implementation sucks, and until it was rewritten to be more like that of BSD, he wouldn't do anything to make 'cdrecord' work reasonably. Elsewhere, in every instance that I've seen him involved in a discussion about any technical issue, I was struck by his inflexibility ("bull-headedness" would be too strong of a term, since he is highly technically competent, but the stubborn refusal to even consider any viewpoint other than his own was... less than admirable.)
Now, according to the Debian bunch, he's exhibiting that same kind of intransigence and blind adherence in an area which is clearly not his strong point - licensing issues. [shrug] His right as the author, of course... but this is exactly the reason that forking is such a useful method. This is, in my opinion, as good as Open Source gets.
(BTW: has anyone else noticed that the largest, toughest, most dangerous
monster in QuakeII is called 'Jorg'? I'm just sayin'. ))
* Ben Okopnik * Editor-in-Chief, Linux Gazette * http://LinuxGazette.NET *
[ Discussion continued (2 messages/5.36kB) ]
Benjamin A. Okopnik [ben at linuxgazette.net]
Thu, 14 Sep 2006 14:53:08 -0400
Hi, Steve -
On Thu, Sep 14, 2006 at 11:04:27AM -0700, srankin wrote:
> Hi Ben > I've started using Ubuntu which is so great compared to Windoze and if I > can manage to run some navigational software I could eliminate Windoze > altogether. (It would be like getting rid of an abcessed tooth). Any > ideas? Will Wine run Nobeltec? Or do you know of any Nav software > available in open source?
I've actually posted about this on the 'origamiboats' list a while back, but I'll repeat it and expand on it a bit. If you don't mind, I'm also going to CC this exchange to The Answer Gang at the Linux Gazette; this is actually a question that I get asked on a regular basis by other sailors who use Linux, and I believe a number of people could benefit from the answer.
I've checked out a number of programs intended for navigational use under Linux; all of these have been useful to some degree, and some, like SeeMyDEnc (http://www.sevencs.com/index.php?page=123) are becoming more and more useful day by day, as NOAA and other chart-producing agencies convert more and more of their charts to the S-57 and other modern charting formats; in fact, S-57 charts and viewers have become so good that they are now treated as a legal equivalent of paper charts in commercial shipping regulations (!). These converted charts, incidentally, are available free of charge at http://chartmaker.ncd.noaa.gov/ - a service that's worth thousands of dollars to cruisers, given the average cost of paper charts.
Anyway, the two programs that I use most of all in my navigation are 'xtide' and Mayko's 'mxmap'; the former shows a list of currents and tides for any location in the world, while the latter is a very featureful chart viewer. 'mxmap' reads BSB charts, does GPS tracking, allows you to construct/follow routes, set markers, "scribble" on the charts, and do lots of other goodies. It also allows you to use, e.g., a scan of a map or a chart - you just set the lat/long of diagonally opposing corners, and away you go.
The only problem with 'mxmap' is that it is unmaintained; the developers
(Mayko), as far as anyone seems able to tell, have disappeared off the
face of the earth leaving us with this really nice piece of software.
Maybe they went cruising.
Since Ubuntu is Debian-based, you should be able to install 'xtide' via the standard installation mechanism ('apt-get install xtide' as root); "xmap" can be found at http://fresh.t-systems-sfr.com/linux/src/ (look for three files with 'xmap' in the name - one of them is a bunch of sample maps, the other two are static and dynamic versions of the program.)
* Ben Okopnik * Editor-in-Chief, Linux Gazette * http://LinuxGazette.NET *
[ Discussion continued (6 messages/6.93kB) ]
Faber J. Fedor [faber at linuxnj.com]
Wed, 6 Sep 2006 11:11:07 -0400
Ben's response to this question was published as http://linuxgazette.net/131/lg_tips.html#2-cent-tips.05 --Kat
Does anyone know of an app/script that will automagically set ID3 tags in my MP3s files using freedb?I got one of those pod thingies that are so popular with the kids these days and discovered that quite a few of my MP3s don't have ID3 tags on them. I have no idea how that happened since I've ripped every CD with grip (which means my MP3s directory hierarchy follow the standard format of artist/album/song.mp3).
Googling "mass edit mp3s" brings up mostly Windows apps. I gather most of those will let me makes changes to ID3 tags across a group of MP3s (say changing "Bush, Kate" to "Kate Bush" en masse) as opposed to what I want (look up the info on freedb and apply that info to the MP3s).
I did come across something on IBM Developer Works that uses a couple of Perl modules (we now have Ben's attention!) and freedb but I couldn't get it to work properly, meaning a) I couldn't understand the docs and b) I couldn't redirect the output to a file to see wtf it was doing.
Since I don't want to rip and encode all of those CDs again, I'll happily roll my own, but I thought I'd check with you guys to see if I've missed an existing solution.
-- Regards, Faber Fedor President Linux New Jersey, Inc. 908-320-0357 800-706-0701
[ Discussion continued (3 messages/3.26kB) ]
John Karns [johnkarns at gmail.com]
Thu, 7 Sep 2006 08:56:21 -0500
Hi All,
I'm getting lots of bounce notices regarding incoming mail from gmail. I'm baffled. Would this be generated by my host?
1) I'm popping with fetchmail.
2) Due to postfix (yuck) sending mail to the bit-bucket, I've tried bypassing it and specifying procmail as the mda in .fetchmailrc.
I don't understand why it cites failure to establish an smtp connection with jkarns at localhost:
TEMP_FAILURE: Could not initiate SMTP conversation with any hosts: [localhost (1): Connection refused]
It would make a little more sense to me to see msgs like this being generated by postfix on my host, but don't see what POPping from gmail should be related in any way to an smtp connection.
Any suggestions / help much appreciated.
Here's an example:
[ ... ]
[ Discussion continued (9 messages/19.42kB) ]
Kapil Hari Paranjape [kapil at imsc.res.in]
Sun, 10 Sep 2006 14:53:20 +0530
On Fri, 08 Sep 2006, Benjamin A. Okopnik wrote:
> On Wed, Sep 06, 2006 at 07:53:12PM -0500, John Karns wrote: > > > [1]* works wonderfully on this aging Dell I8100, best I've ever had a > > laptop run under Linux - at the end of the day I just suspend to RAM - > > haven't done a shutdown or reboot now in 14 days! Probably mostly thanks > > to the improvements in the kernel suspend code, but they seem to have the > > ACPI scripting functioning very well too. Hibernate hasn't proven to be > > quite as smooth though. > > Mine just don't work, period. Bleagh. :((( To the best of my ability to > figure it out, the ACPI on this Acer 2012 is so horrendously broken > that it's not even worth trying to fix (although I'd downloaded Intel's > ACPI compiler/decompiler, dutifully fixed all the errors, and shoved it > all back in, it didn't seem to make any difference.) Well, this laptop > is getting toward the end of its useful life... we'll see how the next > one goes.
Continuing my experiments with suspend/hibernate etc...
For 2.6.17-rc1 upwards you should try out "uswsusp" which tries to sort out problems with prior suspend(s).
My current situation is quite happy vis-a-vis both suspend to disk suspend to ram. I use the "stock" Debian linux-image-2.6.17-2-686 (version 2.6.17-8) and initramfs-tools (version 0.77b) with aforementioned uswsusp (0.2-3).
Everything "works" out of the box except for a minor hiccough with suspend-to-ram which required some hacking as follows.
a. Save current device config to disk cat /proc/bus/pci/00/02.0 > /var/lib/acpi/vid_0 cat /proc/bus/pci/00/02.1 > /var/lib/acpi/vid_1 b. Suspend-to-ram echo -n mem > /sys/power/state c. Restore device state on resume cat > /proc/bus/pci/00/02.0 < /var/lib/acpi/vid_0 cat > /proc/bus/pci/00/02.1 < /var/lib/acpi/vid_1The developers of suspend are undecided on whether they should wait for the kernel to fix this or just make the change to s2ram since the problem seems to be for specific hardware combinations like the thinkpad R51 with intel graphics (or perhaps only for that combination!).
I should perhaps also mention that suspend worked fine on my laptop with Ubuntu Dapper which I tested out.
Generally, I have found that "suspend-to-disk" works out-of-the-box with all laptops that I have come across; "suspend-to-ram" seems more tricky. Given my experience, I would say that Ben is singularly unlucky :-(
Regards,
Kapil. --
[ Discussion continued (3 messages/8.71kB) ]
barb [jojodancer1 at cox.net]
Tue, 29 Aug 2006 16:05:03 -0700
I have assigned the subject for this thread, as it came in with none. --Kat
hi, if I download a entire web site and burn it onto my cd, later on if the site is not availablecan I bring it up on my cd that I burned earlier? barb
[ Discussion continued (2 messages/2.38kB) ]
Faber Fedor [faber at linuxnj.com]
Fri, 15 Sep 2006 14:20:08 -0400
On 9/15/06, Bradley Chapman <kakadu at gmail.com> wrote:
> > Recently I decided to take the plunge and enable SSH on my firewall > machine, to allow me to get into it remotely. Having done so, I'm now > agonizing over whether or not I've configured it correctly.
Send us your IP Address and the root password and we'll let you know.
Just kidding!
Everything looks fine to me. I would suggest you move the default port to another address: something high (< 64000) and random. A cracker seeing something open on port 22 will do an SSH attack, but on port 54256 he won't know what program to use.
> So far as I can tell, I have asymmetric public-private key > authentication working correctly, but I am still asked for the account > password when I SSH into the machine.
IIUC, I think it's asking for your passphrase, the one you used to generate the key-pair, no? To get around that, you have to generate keys with no pass-phrase (which is considered A Bad Thing).
Not only that, but despite
> setting PermitRootLogin to 'no', and AllowUsers to 'user' (the name of > the account I set up), when attempting to login as either root or any > other user on the machine, the ssh client simply asks for the account > password three times and then fails, instead of failing immediately - > is it supposed to do that?
Yes, it's supposed to do that. With that behaviour (prompting for the password three times), the cracker isn't sure if A) root logins are disabled or B) he has the wrong password. If it failed immediately, he would know that A was true. Anything to slow the little buggers down.
> TIA,
HTH
--
Regards,
Faber Fedor Linux New Jersey, Inc. 908-320-0357 http://www.linuxnj.com
[ Discussion continued (5 messages/8.96kB) ]
Chanchal Mitra [ck.mitra at gmail.com]
Sun, 1 Oct 2006 22:56:16 +0530
Hi
You know what I mean. I have only one OS setup on my harddisk and I have no use for grub or lilo. How do I boot directly into linux?
I noticed in the kernel sources there is a file named bootsector. I cannot find any information on how to use it.
It must be simple to do but the question is how?
I am using fedora core 5, arch: x86_64. All updated using yum.
Thanks in advance.
Chami
[ Discussion continued (2 messages/2.30kB) ]
Bob van der Poel [bob at mellowood.ca]
Mon, 09 Oct 2006 17:19:08 -0700
Hi. I've dl'd and installed the IE6 running under Wine from http://www.tatanka.com.br/ies4linux/page/Main_Page This is useful step in testing web page development ... I don't care enough about it to actually test with a real windows machine, but if I can test locally using IE6 it is not a big deal.
Under gnome or KDe it works just fine. But, it crashed (or stalls) under icewm. I have tried to start from a terminal and from the toolbar. Under a terminal I get the Wine debug prompt, and a "loading" window. But that is about it.
I am thinking there is a path difference or something. But, I have checked and don't see and obvious differences.
I have checked on the tatanka page and don't see anything on this topic. And a request to the IceWM users list has drawn a blank as well. Maybe one of you guys has an idea on this?
-- Bob van der Poel ** Wynndel, British Columbia, CANADA ** EMAIL: bob at mellowood.ca WWW: http://www.mellowood.ca
[ Discussion continued (3 messages/3.90kB) ]
Peter Knaggs [peter.knaggs at gmail.com]
Thu, 31 Aug 2006 11:23:23 -0700
Hi All,
Has anyone else come across this gmail "spyware" page when trying to log into gmail using Firefox?
[ Snipped image ]
As you can imagine, it plays havoc with the gmail notifier extension, as well as making me doubt my ability to read, each time I try to log in. (Trying to type in the contents of the squiggly message displayed in the box seems to be a task my brain is almost incapable of handling early in the morning). So I'm wondering, is this something Firefox is doing to annoy gmail? Or just something gmail has started doing to annoy all their users?
Another question: I've come across this after updating Debian testing: I seem to be loosing fonts, or at least the helvetica font I need for vncviewer and imagemagic:
For example, "display image.jpg" gives me:
display: unable to load font `-*-helvetica-medium-r-normal--12-*-*-*-*-*-iso8859-1'. display: unable to load font `-*-helvetica-medium-r-normal--12-*-*-*-*-*-iso8859-1'.And vncviewer gives me this:
$ vncviewer wherever:2 VNC server supports protocol version 3.7 (viewer 3.3) Password: VNC authentication succeeded Desktop name "wherever:2 (myusername)" Connected to VNC server, using protocol version 3.3 VNC server default format: 16 bits per pixel. Least significant byte first in each pixel. True colour: max red 31 green 63 blue 31, shift red 11 green 5 blue 0 Warning: Cannot convert string "-*-helvetica-bold-r-*-*-16-*-*-*-*-*-*-*" to type FontStruct Warning: Unable to load any usable ISO8859 font Warning: Unable to load any usable ISO8859 font Warning: Missing charsets in String to FontSet conversion Warning: Unable to load any usable fontset Error: Aborting: no font foundI tried searching for explanations, and as far as I can tell I've got all the font packages installed. I attach the output from running
dpkg --get-selections > /tmp/dpkg--get-selections
in case it could be helpful.
[ snipped ]
I have a machine running Debian stable, and both "display" and "vncviewer" are working fine, but comparing the strace hasn't gotten me very far. I was wondering if anyone would have any hints, I've not much experience / understanding of X11 fonts.
Thanks, Peter.
[ Discussion continued (3 messages/7.60kB) ]
David Sugar [DSugar at boyslatinmd.com]
Mon, 14 Aug 2006 14:54:07 -0400
I am having an issue sending out e-mails from my linux box. Here is the issue:
I am getting the message
"host map: lookup (boyslatinmd.com): deffered"The linux machine is named reeses.boyslatinmd.com (10.1.10.65 internal address)
All mail for the boyslatinmd.com domain is handled by email.boyslatinmd.com (10.1.10.4 internal address)
I have tried setting up domain routing using sendmail and nothing seems to work using either the ip address or host name. I have even tried sending mail directly to the internal ip address and it doesn't work. Please help ASAP as I am trying to get a helpdesk server setup before the school year in about 2 weeks.
Thanks for the help.
David
David Sugar Administrative Technology Coordinator The Boys' Latin School of Maryland 822 West Lake Avenue Baltimore, MD 21211 410-377-5192 x.
[ Discussion continued (2 messages/3.66kB) ]
M.L. Morrison [mlmorrison2 at hotmail.com]
Tue, 17 Oct 2006 12:36:14 -0400
Hello,
I'm an admitted newbie and need help cresting my listing for ebay and similar type sales.
Creative writing that gets to the point and noticed is the main thing I need help with.
Please send info. Thanks so much!
[ Discussion continued (2 messages/1.80kB) ]
Ramanathan Muthaiah [rus.cahimb at gmail.com]
Wed, 18 Oct 2006 19:40:59 +0530
Hi Gang,
I could have Googl-ed to find plentiful of answers but decided otherwise to seek wisdom here.
My plans are to develop simple web-based application using Perl scripts and MySQL as back-end for data storage. Am planning to host the application using Apache http server. Am aware that Perl modules (DBI) are needed to interact with database. I have little knowledge of db design.
My question :
Am lost here, how to start this whole activity ? Reason is, am not comfortable in embedding the Perl scripts with HTML tags and regular functions for data management needs.
Intention is to keep the, scripts providing the front-end and back-end processing, separate and not mix all in the same script(s).
Looking forward to your suggestions.
/Ram
[ Discussion continued (7 messages/10.45kB) ]
Benjamin A. Okopnik [ben at linuxgazette.net]
Sun, 1 Oct 2006 13:21:10 -0400
Somebody took the audio from a Micr0s0ft Vista "we're so brilliant, we've invented all this new stuff" shill session and overlaid it on a video of themselves doing it all on their OS/X desktop - with a few additional twists. High amusement factor, including Bill G's 1977 "jailbird" photos.
http://video.google.com/videoplay?docid=-4134446112378047444
* Ben Okopnik * Editor-in-Chief, Linux Gazette * http://LinuxGazette.NET *
Mulyadi Santosa [mulyadi.santosa at gmail.com]
Fri, 20 Oct 2006 17:34:54 +0700
Dear gang...
I face a trouble here. Does anyone know the frame rate of VCD and DVD? Also, what is the fps (frame per second) of movie trailers spreading on Internet? What is the right way to calculate the fps?
My another problem is, suppose I have a video clip which has 30 fps. What should I do if I want to double the fps (i.e 60 fps)? Is there any tool available to do this?
Any hints would be greatly appreciated... Thanks in advance.
regards,
Mulyadi
[ Discussion continued (17 messages/23.68kB) ]
Ronald Nelson [rnelson at kennesaw.edu]
Thu, 28 Sep 2006 11:26:24 -0400
I am a member of the network group at a university in Atlanta Georgia, some time ago we had a minor DOS from off campus to our main DNS server, at that time we decided to only allow outside connections from our service provider (Peachnet) and block all others with our firewall. We seem now to have a problem with the root "EDU" servers.
;; AUTHORITY SECTION: edu. 172800 IN NS M3.NSTLD.COM. edu. 172800 IN NS A3.NSTLD.COM. edu. 172800 IN NS C3.NSTLD.COM. edu. 172800 IN NS D3.NSTLD.COM. edu. 172800 IN NS E3.NSTLD.COM. edu. 172800 IN NS G3.NSTLD.COM. edu. 172800 IN NS H3.NSTLD.COM. edu. 172800 IN NS L3.NSTLD.COM.They cannot resolve anything in our domain including our primary DNS server. Do we need to include these servers in our rule base ? How do we protect against a DOS attack on our DNS servers ?
thanks Ron Nelson 770 403-2135
[ Discussion continued (2 messages/6.04kB) ]
Talkback: Discuss this article with The Answer Gang
Kat likes to tell people she's one of the youngest people to have learned to program using punchcards on a mainframe (back in '83); but the truth is that since then, despite many hours in front of various computer screens, she's a computer user rather than a computer programmer.
When away from the keyboard, her hands have been found full of knitting needles, various pens, henna, red-hot welding tools, upholsterer's shears, and a pneumatic scaler.
[ In reference to More 2 Cent Tips! in LG#100 ]
Michael Pearl ([Michael.Pearl at semcoenergy.com])
Tue, 26 Sep 2006 16:27:16 -0400
I recently read a tip you submitted to linuxgazette.net back in December of 2003:
http://linuxgazette.net/100/lg_tips.html#tips.14
I'm using scponly for one of my users and recently he asked for the public key to bypass password prompt. Did you create the user as normal and then add them to scponly? Or did you add them using scponly's script (setup_chroot.sh) first?
- Michael Pearl - SEMCO Information Technology, Inc.
[ In reference to Automatic creation of an Impress presentation from a series of images in LG#116 ]
Karl-Heinz Herrmann ([kh1 at khherrmann.de])
Tue, 19 Sep 2006 23:13:28 +0200
Hi,
I've written the article: http://linuxgazette.net/116/herrmann.html
and was contacted by a reader a little while back, telling me it's not working for him. I could verify that with the current version of the perl module OpenOffice::OODoc the script indeed fails to create the slides in the odp file. It includes the pics -- you can extract them, but they are not shown on any slides, and there is only the one default slide.
I've no way of telling at what exact version my script breaks. The one its working with is version 1.309, currently CPAN is at 2.028 -- major revision 1 -> 2 is likely.
A rather simple change to the script fixes the problem:
just change: my $test= $document->appendElement ('//office:body',0,'draw:page');
into:
my $test= $document->appendElement ('//office:presentation',0,'draw:page');
and the script works again. A small caveat: I've sometimes problem with the slides beeing in the correct order (i.e. not the order in the inputfile), but I can't say under what conditions this can happen yet.
K.-H.
[ In reference to Booting Knoppix from a USB Pendrive via Floppy in LG#116 ]
Benjamin A. Okopnik ([ben at linuxgazette.net])
Fri, 1 Sep 2006 10:50:18 -0400
----- Forwarded message from Djordje Dragic <orange47 at gmail.com> -----
Hello Ben,
I have been trying to modify your script to work with latest Knoppix with no luck at all. File called 'linux' is too big to fit to floppy and besides, it seems that latest Knoppix cannot boot from diskette.
Please tell me, what is the latest Knoppix version that can work with your script? Could you please make a boot.img that would work with Knoppix V5.0.1 and put it online somewhere?
-- Best regards, Djordje mailto:orange47 at gmail.com ICQ#:308328689* Ben Okopnik * Editor-in-Chief, Linux Gazette * http://LinuxGazette.NET *
[ In reference to Build a Six-headed, Six-user Linux System in LG#124 ]
Amber Sanford ([amber at modernspaces.com])
Thu, 17 Aug 2006 11:41:25 -0700
Non-linux machines: any recommendations for this set-up though running on Windows XP?
Amber Sanford
[ In reference to With Knoppix at a HotSpot in LG#127 ]
Benjamin A. Okopnik ([ben at linuxgazette.net])
Sat, 5 Aug 2006 22:25:47 -0400
Hi, Jeff -
I'm going to CC the LG Answer Gang on my response, since this is pretty much the purpose of TAG; also, chances are that someone else may be able to cover any areas that I miss.
On Sat, Aug 05, 2006 at 07:02:23PM -0600, jeff at jeffroot.us wrote:
> Ben Okipnik;
"Okopnik", please.
> In the LG#127 article "With Knoppix at a HotSpot", you made the > comment: > > [ I do a lot of travelling, and connect to a wide variety of > strange WLANs. In my experience, at least, connecting to a > wireless LAN with Linux is usually just as simple as Edgar > describes. -- Ben ] > > Well, I have a very different experience. I have no trouble at all > connecting to a managed wifi network; at home or work, I just set > the ESSID and WEP key in /etc/network/interfaces, and "netscheme > work" does the rest. But this same machine has never managed to > connect to an open wifi network. > > Today, I visited my municipal wifi and tried to connect. I ran > Kismet to see that the ESSID was "OldTownWifi" and that wep and > encryption were both off. So I used iwconfig to set the essid and > managed mode, then ran dhclient. Nothing. No response from their > server at all. > > So how about this: you help me understand why I can see an open > hotspot with Kismet but can't seem to give the right incantation to > connect, and I'll write up a "dummy's guide" for LG.
Well, that sounds like a fair sort of deal... but I don't know that I can answer the question as posed. In my mind, at least, it comes down to "why doesn't dhcpclient work as it should?" - and I can't really tell you, since I don't use it. I suppose you could always take a look at your '/var/log/{daemon,kern}.log' or '/var/log/messages' and figure out where it's failing.
To be a bit more specific, I've tried using 'dhcpclient' in the past - I don't recall why - but it simply didn't work no matter what I tried, on a "known good" Ethernet connection which worked fine with 'pump' on a different machine. I pounded on the config file for a while, tried everything in the manpage - then gave up and installed 'pump'... and everything instantly started working - and if I recall correctly, it required no configuration on my part.
I've been using 'pump' ever since.
These days, I usually use the 'ifup/ifdown' front ends instead of using it directly (although sometimes I forget and use it directly; it works fine either way.) I never have to set the ESSID unless I'm trying to get onto a private network; the one time that I ended up wrestling with it turned out to be a case of solving the wrong problem - the responsible bit was a broken kernel module for my ipw2200, and not the client at all. As I've said, It Just Works.
[ ... ]
[ In reference to Creating a Rudimentary Kiosk System using FVWM in LG#128 ]
Thai Duong ([thaidn at yahoo.com])
Mon, 16 Oct 2006 12:04:56 -0700 (PDT)
Hi there,
I'm Thai from Vietnam. I just want to introduce you Kiosk Appliance (http://kiosk.rpath.org) which is a distro focusing on user's security and privacy inspired by your article "Creating a Rudimentary Kiosk System using FVWM". Using rPath technology, I provide 3 versions of Kiosk Appliance: a VMWare image, a LiveCD and an installable CD. Included is just enough rPath Linux and FVWM to run a locked down version of Firefox. Firefox is also pre-configured to automatically reset after each used so that personal information is never stored permanently. The current stable version is 0.2 which features:
1) Clear all personal data on exit;
2) Reset after a period of inactivity;
3) Disable form history;
4) Disable page caching;
...and much more, you can view more details at http://www.rpath.org/rbuilder/project/kiosk/release?id=5096
I've been working on Kiosk Appliance 0.3 which has many more features such as the ability to disable access to Firefox's internal URLs or dialogs, i.e about:* URL, the Firefox Preferences dialog...I hope K.A 0.3 to be released on the next few days. Many thanks to Thomas Adam for helping me to configure fvwm.
Any thought or suggestion? I'm really anxious to hear from you.
Best regards,
Thai Duong.
[ In reference to The Geekword Puzzle in LG#130 ]
Benjamin A. Okopnik ([ben at linuxgazette.net])
Mon, 4 Sep 2006 20:36:12 -0400
----- Forwarded message from Nguy?n Th?i Ng?c Duy <pclouds at gmail.com> -----
Date: Tue, 5 Sep 2006 07:10:05 +0700 From: Nguy?n Th?i Ng?c Duy <pclouds@gmail.com> To: TAG <tag@lists.linuxgazette.net> To: editor at linuxgazette.net Subject: Talkback:130/okopnik.htmlHi, Just want to shout out that the puzzle is great! I'd been a long time reader of linuxgazette (since 2001 I guess) although I lost interest in linuxgazette for a while (maybe because I'm no longer a linux newbie). Now I'm really looking for the next issue :D I noticed that the september's puzzle is harder than the august's. But I won't complain just because I couldn't complete the puzzle myself. I think puzzles are good for newbies too to examine what they learned and find some fun of it. For that, we need easier puzzles with common acronyms such as gnome, kde, and other common commands. So if you have enough manpower, two puzzles in an issue would be great (one for geeks and one for newbies). Cheers,
-- Duy
[ In reference to The Monthly Troubleshooter: Installing a Printer in LG#130 ]
Andrea Fleming ([peaclvr at gmail.com])
Thu, 5 Oct 2006 23:57:07 -0700
I have an hp 1200 and everytime I try to scan, the computer does not recognize the scanner within the printer. I have installed everything on the hp disk, but the computer doesn't see it. I can print just fine, but no scans. Help
[ In reference to Talkback in LG#130 ]
Chris Clayton ([chris_clayton at f1internet.com])
Sun, 8 Oct 2006 21:16:07 +0000
Hi,
Harring Figueiredo suggested:
Shouldn't the tests be if(buffer_... = NULL)? Probably a typo
You agreed.
In fact, shouldn't it be if(buffer_... == NULL)? (Comparison, not assignment).
Regards
Chris
[ In reference to Sharp does it once again: the SL-C3200 in LG#131 ]
jeff ([moe at blagblagblag.org])
Mon, 02 Oct 2006 15:44:34 -0300
I have a similar Zaurus 3100. I checked out both Openzaurus' OPIE & GPE. They were nice, but felt too similar to a palm pilot or a "plain" old PDA.
If you really want your Zaurus to be just like a "regular" PC running a full
blown OS, OpenBSD on the Zaurus is great. It's the full OS installation with
gcc, X windows, etc. Basically, if it compiles on OpenBSD it'll work on the
Zaurus. Completely self-hosted development--no need for cross compilers on
other boxes. Combined with a lightweight desktop such as blackbox it's amazing.
-Jeff
[ In reference to Mailbag in LG#131 ]
Ville ([v+tag at iki.fi])
Tue, 3 Oct 2006 10:27:59 +0300
On Fri, Jul 21, 2006 at 02:12:47PM +0300, I wrote:
> On Sun, Jul 16, 2006 at 09:26:31PM +0300, I wrote: > > > .... .... ...
Oh, the story hit the news . I'm sorry I wasted so many of your precious
column inches. Hopefully someone finds the thread interesting or even
useful.
[ In reference to Mailbag in LG#131 ]
Mike Orr ([sluggoster at gmail.com])
Mon, 9 Oct 2006 11:31:09 -0700
Just to clarify, Groups of Linux Users Everywhere (GLUE) was never related to Linux Gazette. Linux Gazette was hosted at SSC (linuxgazette.com) for a period of time. GLUE was a separate project (I think it was created by SSC but I don't know its origins). Because they were on the same server, SSC may have put it under the linuxgazette.com domain at some point, but it was never a part of our ezine. I made one version of GLUE and I thought it was under the linuxjournal.com domain, but that was so many years ago that I don't remember for sure.
-- Mike Orr <sluggoster at gmail.com>
[ In reference to 2-cent Tips in LG#131 ]
Richard Neill ([rn214 at hermes.cam.ac.uk])
Tue, 03 Oct 2006 00:56:29 +0100
Re file renaming (here, using "wavren", may I recommend installing the qmv and imv utilities. They are excellent. http://www.nongnu.org/renameutils/
imv filename
-> slightly faster than mv,
qmv
-> brings up an editor with columns for oldname, newname. Checks for
errors.
Best wishes,
Richard
[ In reference to On Qmail, Forged Mail, and SPF Records in LG#131 ]
Rodriguez, Candido ([Candido.Rodriguez at pearsoned.com])
Thu, 05 Oct 2006 14:16:03 -0400
Just I recommended using GMail instead of sendmail (because I read that GMAIL was secure).
The only problem is that I used my real name... ooops
Talkback: Discuss this article with The Answer Gang
Kat likes to tell people she's one of the youngest people to have learned to program using punchcards on a mainframe (back in '83); but the truth is that since then, despite many hours in front of various computer screens, she's a computer user rather than a computer programmer.
When away from the keyboard, her hands have been found full of knitting needles, various pens, henna, red-hot welding tools, upholsterer's shears, and a pneumatic scaler.
Please submit your News Bytes items in plain text; other formats may be rejected. A one- or two-paragraph summary plus a URL has a much higher chance of being published than an entire press release. Submit items to bytes@linuxgazette.net.
Intel Stakes a Claim to the Future, Shows Off Quad-Core System at IDFAt its annual developer conference and Geek-fest/Love-in, the Fall Intel Developer Forum in San Francisco, Intel gathered partners and technologists to demonstrate it leadership in a plethora of technologies. Intel showed off new graphics engines that rivaled the gaming and video features of nVidia and ATI [recently bought by its chief competitor, AMD], LAN and WiFi solutions, virtualization, experiments in solar power and fuel cells, and numerous other forward-looking research projects. Intel used the IDF conference as a springboard for new initiatives and to explain its road map in more detail than in the past.
Intel committed itself and its partners to releasing quad-core x86 chips before the end of this year, moving up its earlier 2007 release date. And prototype systems were on hand as proof from many Intel partners. To be sure, these were modified dual socket mother boards that now can take dual core chips, but these showed that most modern OSes could take advantage of the extra cores and perform reasonable job scheduling without modification.
Code-named Kentfield, the first chips will still sport the "Core 2" branding, but with be 4 cores, as in 2 dual-core chips in a single socket package. This is partly done to improve the product yields [by about 20% over the 4 cores on the same silicon wafer, according to Intel CEO Paul Ortelli]. The follow-on chip will be called Clovertown and will be in the Xeon 5300 series, a quad-core variant of Woodcrest. First out of the chute are the quad-core products aimed at the desktop, followed server editions. [see photo here: ftp://download.intel.com/pressroom/kits/idffall_2006/Intel%20Core2%20Extreme%20Quad-Core%20microprocessor.jpg ]
Patrick Patla, director for AMD's Server and Workstation Business, in Austin, Texas, was quoted in eWeek calling the Intel Quad core a "Franken-quad," and less efficient with a single memory bus than the true quad-core chip that AMD will release in early 2007.
Tera scale processorsGigabits and Gigahertz make for a massively parallel TeraScale processor. Intel's peak at the future of computing included an 80 core CPU. Seemingly one-upping the IBM-Sony Cell processor, 'Tera' is more of a design point to which Intel is applying its vast engineering resources.
Operating at 3.1 GHz, the goal of this multi-core experimental chip is to test interconnect strategies for rapidly moving terabytes of data from core to core and between cores and memory. This monster uses SRAM for speed and directly connect memory blocks to each processor. One possible design has entire RAM blocks in the core design. At 100 MB or more per core, that would be the entire system, or 8 terabytes, without a memory controller. Research efforts are aimed at trying to design DRAM to work in this manner so as to reduce power consumption. This could be a back door for Intel to re-enter the memory market.
Potential uses of the technology include high-performance devices to play photo-realistic games, share real-time video and do multimedia data mining. Intel Senior Fellow and Chief Technology Officer Justin Rattner said "When combined with our recent breakthroughs in silicon photonics, these experimental chips address the three major requirements for tera-scale computing - teraOPS of performance, terabytes-per-second of memory bandwidth, and terabits-per-second of I/O capacity."
For more info, see: www.intel.com/go/terascale and http://www.intel.com/pressroom/kits/events/idffall_2006/pdf/Intel%20Quad%20Core%20Processor%20Update%20%E2%80%93%20Sept.%202006.pdf
Eclipse Foundation Selects Black Duck's protexIP to Review Contributed CodeBlack Duck Software, a provider of software compliance management solutions, announced in September that the Eclipse Foundation has purchased and deployed Black Duck's protexIP(TM)/development platform. Eclipse uses protexIP to review software submitted by committers and ensure it is in compliance with the specific software licensing requirements of the Eclipse Foundation.
Eclipse is a community of open source projects, each comprised of its own group of independent developers. The process of open source software development regularly involves the assembly of open source code with invented and reused components, and as a result, various licenses can govern various parts of an application. The open nature of Eclipse's projects intensifies the need for Eclipse to evaluate the copyrights governing their code bases.
"Companies worldwide are capitalizing on applications developed by the Eclipse community, and many software vendors sell products that are dependent on Eclipse," said Mike Milinkovich, executive director of Eclipse Foundation. "For that reason, it is absolutely vital for us to analyze our code before we release it to our community."
protexIP compares software code to the protexIP KnowledgeBase, the most complete database of information on open source software components, code and license obligations available today. It contains information on tens of thousands of open source projects from more than 2,000 sites worldwide; and more than 650 open source and commercial licenses.
"The Eclipse Foundation represents some of the most innovative work in application development today, as teams of developers are working together to create tools and frameworks that will help build better business applications," said Douglas A. Levin, CEO of Black Duck Software. "Eclipse's purchase of protexIP makes sense given the decentralized and very successful nature of the community's process. Eclipse now has greater certainty that the licenses governing the code are in order."
Terracotta Offers Eclipse Plug-in for Point-and-Click Clustering TechnologyTerracotta, Inc., a leader in solutions for enterprise Java scalability, has announced availability of its Eclipse plug-in for Terracotta DSO, the company's enterprise-class JVM clustering technology. Bundled with Terracotta DSO, the new plug-in makes Terracotta's point-and-click clustering functionality available from within the Eclipse IDE and demonstrates the company's on-going commitment to open source integration.
"Eclipse has taken the developer world by storm and become one of the most popular open source IDEs for Java application development," said Ari Zilka, founder and chief technology officer at Terracotta. "Terracotta DSO already provides plug-in capacity and availability for Java applications running on two or more machines. This plug-in further simplifies the clustering process by automatically generating the necessary configuration files."
Terracotta DSO (Distributed Shared Objects) is a runtime solution that allows data to be shared across multiple JVMs without the need for proprietary APIs, custom code, databases, or message queues. With Terracotta DSO, objects can be clustered at runtime just by specifying them by name.
Typically, objects and data to be clustered, as well as classes to be instrumented, are manually declared in an XML configuration file. With the Eclipse plug-in, the declaration process is automated via graphical representation of classes and objects, which can be browsed and acted upon within the IDE. Right-clicking objects and selecting Terracotta options from the context menu automatically generates the XML configuration file. The point-and-click automation improves productivity and eliminates iterations.
To facilitate application testing, the Eclipse plug-in lets developers start and stop Terracotta servers and clients from within the Eclipse IDE. In addition, the plug-in provides a more intuitive, developer-friendly XML experience by replacing raw text with graphical representations of sub-declarations within the XML configuration file.
More information on Terracotta can be found at http://www.terracottatech.com.
Attendance Surpasses the 10,000 Mark for the Flagship Linux and Open Source EventIDG World Expo announced the successful completion of LinuxWorld Conference & Expo(®), held August 14-17, 2006. More than 10,000 participants from around the globe arrived at San Francisco's Moscone Center to examine the latest products and solutions, hear about emerging trends in the industry and experience new content. This year's event also paid tribute to the 15-year anniversary of the kernel with a spirited panel discussion entitled "Celebrating 20 Years of Linux" which highlighted several industry milestones while envisioning the future of Linux as if the year was 2011.
"We're extremely pleased with the results of LinuxWorld San Francisco," said Melinda Kendall, group vice president at IDG World Expo. "The exhibit hall was crowded with attendees, media coverage of the event was tremendous, the conference program was very well attended and several of our new programs including CIO Summit, Linux in the Channel Day and Healthcare Day were extremely well received."
Two key themes that resonated throughout the show were mobile Linux and virtualization. Motorola, Nokia and PalmSource, all new exhibitors at LinuxWorld San Francisco, touted their line of mobile Linux products and two keynote addresses focused on these themes: "Creating Must-Have Mobile Experiences With Linux," by Greg Bisio, Corporate Vice President of Motorola, and "Where Virtualization is Leading Your IT Department" by Peter Levine, CEO, XenSource. All of the keynote addresses from LinuxWorld can be downloaded from the LinuxWorld web site at www.linuxworldexpo.com.
"real boot" in Linux kernel 2.6.18Linus Torvalds announced the release of the 2.6.18 Linux kernel, following the previous stable kernel release by three months. With a hearty "Arrgh!," he said, "she's good to go, hoist anchor!", this being the second year in a row that a kernel release has coincided with 'Talk Like A Pirate Day' . "Here's some real booty for all you land-lubbers," Linus continued, "there's not too many changes, with t'bulk of the patch bein' defconfig updates, but the shortlog at the aft of this here email describes the details if you care, you scurvy dogs." In keeping with the theme, he signed the announcement, "Linus 'but you can call me Cap'n'".
The new kernel is here: http://www.kernel.org/pub/linux/kernel/v2.6/patch-2.6.18.gz
Ubuntu 6.10 (Edgy Eft) ReleasedThe newest stable release of Ubuntu, a popular Debian fork, was released on October 26th. Among the large number of additions and fixes included in the release, the development team seems especially proud of Tomboy, F-Spot, GNOME 2.16, Firefox 2.0, Evolution 2.8.0, and a bunch more. The server release is boasting a pre-release of the upcoming LTSP-5 (Linux Terminal Server Project), a popular server package that allows multiple thin client terminals to connect and use the server's software and hardware, only requiring the thin client to display in and out data.
Official announcement: https://wiki.ubuntu.com/EdgyAnnouncement?highlight=(edgy)
Red Hat Enterprise Linux 5 -- First BetaThe first beta of Red Hat Enterprise Linux 5, based on Fedora 5 and some early features from Fedora 6, is available since September -- if you have a Red Hat Network account -- but some reviewers are not impressed. The package management tools don't work well with RH repositories, especially the version of 'yum' included, and the management tools for the brand new Xen virtualization hypervisor have received complaints. But that's why there are beta tests.
RHEL 5 is based primarily on the 2.6.18 Linux kernel. It comes in client and server versions with optional directories for additional functionality like virtualization and clustering.
You can access the beta with a temporary subscription to RHN at the RH evaluation page: http://www.redhat.com/rhel/details/eval/ [Does not reflect the RHEL 5 beta by this issue's publication]
SimplyMEPIS 6.0-1 Live DVD Available at NewsstandsMEPIS has released the SimplyMEPIS 6.0-1 DVD Edition: an update of SimplyMEPIS 6.0, MEPIS' first Ubuntu based edition released earlier this summer. The SimplyMEPIS 6.0-1 bootable DVD not only includes hundreds of bug and security fixes, but the 1,900 packages of the three SimplyMEPIS Extras CDs, as well. Also, this Mepis edition has been cover-mounted on the October 2006 issue of Linux Magazine from Linux New Media AG available at thousands of bookstores and newsstands worldwide including Borders, Barnes & Noble, Fry's, Micro Center, Chapters, WHSmith and Eason.
Warren Woodford of MEPIS said "We enjoyed working with Linux Magazine to produce this coordinated release. The cover-mounted DVD is convenient for those who do not have the opportunity or inclination to download ISO files and burn their own CDs or DVD. By featuring our new DVD, Linux Magazine will enable thousands of dissatisfied Windows users to try and, hopefully, switch to SimplyMEPIS."
The ISO image is available for download in the 'release' subdirectory at the MEPIS Subscriber's Site and at MEPIS public mirrors. Current users of SimplyMEPIS 6.0 do not need to install 6.0-1 but can update, as usual, through the Ubuntu and MEPIS package pools.
SimplyMEPIS is a full featured desktop solution that integrates the Linux OS with hundreds of popular application packages including KDE, OpenOffice, Amarok, Firefox, and Thunderbird. Satisfied users are encouraged to help offset the costs of development by making a contribution or a purchase at the MEPIS store at www.mepis.org/store.
BeleniX 0.5A new release of BeleniX is available after some delay. This brings in several new features and software upgrades with more upgrades coming soon. The main points of this release are:
Gizmo Project Internet calling and IM software provides free calling for
Linux and Mac usersIPphone, Inc., developers of the free Gizmo Project Internet calling and IM software, today announced their All Calls Free calling plan is available for businesses worldwide, providing significant savings for small to mid-sized companies who want to enjoy free calling between co-workers and/or remote offices. Any business using the free Asterisk PBX software, or other premium PBX solutions, can also boost savings and workforce efficiency with access to high-end features previously only available to large businesses. Gizmo Project includes free conference calling, customizable voice-mail, Instant Messaging (IM) and a host of other convenient features. More information may be found at www.gizmoprojects.com/business.
Using Gizmo Project as an office softphone, workers can easily place PC-to-PC calls without the burden of special VoIP phones or the expense of traditional phone call charges. Further cost-savings occur when employees use Gizmo Project to make free calls to landlines and mobile phones of co-workers in 60 countries under the All Calls Free plan. The United States, Brazil, and most European and Asian countries are included and a full list of countries may be found at www.gizmoproject.com/free . Calls to other countries, or calls to people who do not have Gizmo Project are billed at the industry-low rates found at www.gizmoproject.com/rates.
"Large companies have been able to link offices together and use the Internet to save money on inter-company communications. Now small- and mid-size businesses can also have their employees call each other for free no matter where they are located," said Michael Robertson, chairman and CEO of SIPphone. "Companies running the Asterisk PBX or other premium PBXs also gain a new communications tool that can route calls through almost any network, allowing mobile workers to be reached anywhere as if they were physically in their office," Robertson added.
Any company can take advantage of the Gizmo Project for Business program. To get started, the free Gizmo Project software for Microsoft Windows, Apple Macintosh and Linux can be downloaded at http://www.gizmoproject.com/download.
Key features of Gizmo Project for business:
A wide variety of Asterisk PBXs, premium PBXs developed by such companies as Trixbox, SwitchVox, Epigy, webFones, and other SIP-based PBXs are supported by Gizmo Project. Workers can be called via their PBX or directly through the Gizmo network. More information about Asterisk support may be found at www.gizmoproject.com/asterisk . Specific information about setting up Asterisk for use with Gizmo Project is at www.gizmoproject.com/setupasterisk.
openQRM/Qlusters Open Source Systems Management Project to Support FreeBSD, SolarisQlusters, Inc., now has plug-ins that support FreeBSD(R), Solaris-x86(TM) and Solaris-Sparc(TM) operating systems. Until now, most systems management solutions have focused on supporting a limited number of operating systems. OpenQRM is the only open source systems management platform that provides IT professionals with a solution for managing Linux, Windows, FreeBSD and Solaris. These new tested and supported plug-ins enable the openQRM platform to quickly recognize and provision resources for FreeBSD and Solaris applications in addition to the existing support for Linux and Windows.
Additionally, these plugins provide:
Qlusters has taken steps to expand the project's presence over the last several months, recently announcing plug-ins for popular virtualization offerings from VMWare, Xen, QEMU and Linux VServer. In addition, openQRM has received accolades from leading industry sources. In July, SourceForge chose openQRM as its Project of the Month, while in August, Qlusters was named both a "Hot Open Source Company" by Red Herring as well as an "Open Source Company to Watch," by Network World.
openQRM is a leading open source systems management solution for managing enterprise data center virtual environments and for data center provisioning. openQRM has an open plug-in architecture that enables easy integration with existing data center applications, such as Nagios(TM) or VMWare(TM). For more information visit www.openqrm.org.
Avokia Claims Most Far-flung Database Cluster EverThe user, Espressocode, is running an active, load-balanced DB2 database cluster between Toronto and San Francisco: a distance of almost 2,500 miles.
http://www.eweek.com/article2/0,1895,2020321,00.asp
Torpark browser anonymizes Internet connectionsHacktivismo, an international group of tech-savvy human rights workers affiliated with the Cult of the Dead Cow [cDc], has released Torpark, an anonymous, portable Web browser based on Mozilla Firefox. Torpark comes pre-configured, requires no installation, can run off a USB memory stick, and leaves no tracks behind in the browser or computer. Torpark is a highly modified variant of Portable Firefox, that uses the TOR (The Onion Router) network to anonymize the connection between the user and the website that is being visited.
When a user logs onto the Internet, a unique IP address is assigned to manage the computer's identity. Each website the user visits can see and log the user's IP address. Hostile governments and data thieves can easily monitor this interaction to correlate activity and determine a user's identity.
Torpark causes the IP address seen by the website to change every few minutes to frustrate eavesdropping and mask the requesting source. For example, a user could be surfing the Internet from a home computer in Ghana, and it might appear to websites that the user was coming from a university computer in Germany or any other country with servers in the TOR network.
It is important to note that the data passing from the user's computer into the TOR network is encrypted. Therefore, the user's Internet Service Provider (ISP) cannot see the information that is passing through the Torpark browser, such as the websites visited, or posts the user might have made to a forum. The ISP can only see an encrypted connection to the TOR network.
But there are limitations to the anonymity: Torpark anonymizes the user's connection but not the data. Data traveling between the client and the TOR network is encrypted, but the data between the TOR network and websites is unencrypted. So a user should not use his/her username or password on websites that do not offer a secure login and session (noted by a golden padlock at the bottom of the Torpark browser screen).
Torpark is being released under the GNU General Public License and is dedicated to the Panchen Lama.
Download Torpark at: http://torpark.nfshost.com/download.html
IBM working on smart-car subsystemsIBM has inked a five-year deal with Magna Electronics, a Canadian firm that makes auto electronics. The goal of the partnership is to develop systems that protect drivers and mediate interactions with neighboring vehicles.
Part of IBM's Unstructured Information Management Architecture (UIMA), systems would be developed to analyze traffic patterns and real time performance data and react to potential problems. Beside collision avoidance, driver alertness would be monitored. Another possibility are headlights that dim for approaching cars. The technology would also include autonomic systems that could diagnose internal problems, since there would be no reliable benefit if the safety system failed when needed.
PNY MaxFile Attache 12GB Micro DrivePNY Technologies, Inc. announced its latest MaxFile(TM) Attache(R), a USB 2.0 micro hard drive with 12GB of storage space. The extra-small drive includes a Migo(TM) backup and synchronization software download, so users can sync everything from their e-mail, documents, favorites and settings wherever they go.
"MaxFile Attache provides an ideal solution for users looking for ... cost-effective, high-capacity, compact, portable storage," said Dean Delserro, senior marketing manager, flash, for PNY Technologies. "Only slightly larger than a traditional USB flash drive, MaxFile's small form factor is ideal for anyone that needs to safely carry loads of important information with them. MaxFile Attache is a perfect choice for the user that requires more storage at a lower cost per megabyte than is traditionally available on a USB Flash drive, and still wants to be able to carry it in their pocket, purse, briefcase or backpack. ...Moreover, MaxFile Attache eliminates the need to travel with a bulky laptop, particularly at a time when airline travelers need to limit their carry-on items"
With 12GB of memory, MaxFile Attache can store thousands of documents, presentations, digital photos, and songs, games - or over 25 hours of video - and features a read and write speed of up to 11MB/sec. Moreover, the device features a durable, aluminum outer casing and is self-powered by a sturdy, USB connector.
PNY's MaxFile Attache is available starting in September from retailers and e-tailers with an MSRP of $169.
Anousheh Ansari, First Female Private Space Explorer and the First Blogger
from SpaceThe X PRIZE Foundation announced that http://www.xprize.org will host the first-ever blog from space during Anousheh Ansari's historic flight to the International Space Station. The webpage was designed by the X PRIZE Foundation, a nonprofit prize institute in partnership with Prodea Systems, the home technology company that is sponsoring her journey.
"My ultimate goal is to bring this experience ... to more and more people and to inspire young woman and men to go into the fields related to space," said Anousheh Ansari during a recent interview from the Baikonur Cosmodrome in Kazakhstan. "I hope that thousands of individuals from around the world will visit the X PRIZE site to learn what its like to fly into orbit."
In addition to the first-ever blog from space, visitors will also read Ansari's life story as well as watch exclusive video and interviews from her training, preflight activities, launch and landing. Visitors will also have exclusive access to the first episodes of the X PRIZE Foundation Futurecast. This new podcast will feature visionaries and entrepreneurs from around the globe to talk about what the future holds for us. The first episodes, which can be found on the X PRIZE Foundation website and Apple's iTunes podcast directory, will be the first podcast from space.
An active proponent of world-changing technologies, Anousheh Ansari has been immersed in the space industry for years. Anousheh along with Amir Ansari, her brother-in-law, and co-founder and chief technical officer of Prodea Systems, provided the title sponsorship for the Ansari X PRIZE, a $10 million cash prize awarded to Burt Rutan in 2004, for the first non-governmental organization to launch a reusable manned spacecraft into space twice within two weeks. Anousheh Ansari is also a member of the X PRIZE Foundation Board of Trustees. Her philanthropic work through the X PRIZE Foundation has made her an integral figure in the development of the private spaceflight industry.
"The X PRIZE Foundation is very proud to host Anousheh's blog. We are a 21st century organization pushing the boundaries of technology," said Dr. Peter H. Diamandis, Chairman and CEO of the X PRIZE. "We thought blogging from space was the proper use of technology to reach today's youth. We hope millions will visit our website and learn about Anousheh's mission as well as the X PRIZE Cup in New Mexico, and our future X PRIZES for genome sequencing and hyper fuel-efficient automobiles."
On Monday September 18, 2006 Ansari is scheduled to blast off in a Russian Soyuz spacecraft from the Baikonur Cosmodrome in Kazakhstan, part of a crew-exchange flight to the International Space Station. Her journey will last for 10 days and will include a two day trip to the International Space Station on the Soyuz as well as numerous experiments and activities that she will film in order to create education programs upon landing.
In 2004, the $10 million Ansari X PRIZE proved that offering a prize is an effective, efficient and economic model for accelerating breakthroughs in science and technology. Based on that success, the X PRIZE Foundation is now expanding their efforts to offer more prizes in the space industry, as well as, in the areas of health, energy, transportation, and education.
"Multiplied" Linux Desktop Migration StrategyModern PCs spend most of the day idle. By using the Multiplied Linux Desktop Strategy, organisations can now leverage this unused computing power and connect up to 10 full-featured workstations to a SINGLE, shared SLED 10 or openSUSE 10.1 computer. For administrators, this means only one computer to install, configure, secure, backup and administer instead of 10. For users, this means a rich user experience that is indistinguishable from single-user computers for typical office applications. Ideal for Linux computer labs, Linux thin clients, Linux Internet cafés and Linux point-of-sale terminals, where users are in close physical proximity to the host machine.
Related links:
http://www.omni-ts.com/linux-desktop/linux-desktop-migration.html
State of the OnionIts been going on almost forever: Larry Wall's annual address to the Perl community called the State of the Onion. This summer was the tenth anniversary of the State of the Onion, and the full text of the 2006 address is available here: www.perl.com/pub/a/2006/09/21/onion.html.
ZeroShell Net ServicesThe 1.0.beta2 release of Fulvio Ricciardi's ZeroShell Linux server distribution is now available for download. The main new feature of this release is the ability to use ZeroShell as a Captive Portal gateway, i.e. a WiFi hotspot with web-based authentication, similar to the ones used in hotel WiFi networks and public Wi-Fi hotspots.
Other features of ZeroShell include:
The next release will include support for QoS and bandwidth limiting.
ZeroShell is available as a LiveCD or a compact flash image for embedded
devices.
http://www.zeroshell.net/eng/
StartSSL and Firefox 2.0 releaseEilat, Israel, October 23, 2006 - StartCom congratulates the Mozilla team on the successful release of the new Firefox 2.0 web browser. After one year of development since the last release, this award-winning and free web browser got even better than before. The new Firefox web browser is available for immediate download! In addition to that, StartCom is very pleased to announce the availability of the StartCom Certification Authority as an included and trusted instance for the issuance of digital certification in Mozilla software, including the new Firefox browser.
- The StartCom Certification Authority has matured a lot since the first announcement in February 2005 and offers today a range of products from free digital certification to PKI solutions for the corporate. The project started at http://cert.startcom.org with a limited wizard to create free digital certificates for web servers. Since then, StartCom developed various additional products for private and commercial use, underwent a third party audit and issued over 20,000 digital certificates. But today - with the release of the new Firefox web browser - marks the first time, that free digital certification (provided by StartCom) is supported and trusted by a major browser vendor with a significant market share. This makes it very easy for the subscribers of the certificates and the relaying parties (visitors) of digitally secured web sites (SSL) to use this free service! Also the signing and encryption of email is supported in the same manner which allows the protection of the identity and privacy of the user.
- This event is also an excellent opportunity to make another few announcements: StartSSL(™) is the new trade mark for products and solutions of the StartCom Certification Authority and is available at www.StartSSL.com. Additionally StartCom started the StartSSL™ Web-of-Trust (WoT), which is an attempt to create a community network of notaries and members, where notaries perform the verification of the fellow members. Please visit the new web sites for more information and everybody is invited to participate in the StartSSL(tm) WoT or make use of any of StartComs free or paid products and services.
Talkback: Discuss this article with The Answer Gang
Howard Dyckoff is a long term IT professional with primary experience at
Fortune 100 and 200 firms. Before his IT career, he worked for Aviation
Week and Space Technology magazine and before that used to edit SkyCom, a
newsletter for astronomers and rocketeers. He hails from the Republic of
Brooklyn [and Polytechnic Institute] and now, after several trips to
Himalayan mountain tops, resides in the SF Bay Area with a large book
collection and several pet rocks.
Benjamin A. Okopnik ([ben at linuxgazette.net])
Mon, 4 Sep 2006 15:27:16 -0400
A couple of years ago, I decided to stop wrestling with what I call
"encoding craziness" for various bits of non-English text that I have
scattered around my file system. Russian, for example, has at least four
different encodings that I've run into - and guessing which one a given
text file was written in was like a game of darts played in the dark. At
300 yards. With your hands tied behind you, so you had to use your toes.
Oh, and while you were severely drunk on Stoli vodka. UTF-8 (Unicode)
allowed me to, well, unify all of that into one single encoding that was
readable without scrambling for whichever character set I needed (and
may or may not have installed.) Better yet, Unicode usually displays
just fine in HTML browsers - no special entity encoding is required.
For some reason, though, good converters appear to be something of a black art - and finding one that works, as opposed to all those that claim to work, was rather frustrating. Therefore, I decided to write one in my favorite language, Perl - only to find that the job has already been done for me, via the 'encoding' pragma. In other words, conversion from, say, KOI8-R to UTF-8 is no more complex than this:
# Convert and write to a file perl -Mencoding=koi8r,STDOUT,utf8 -pe0 < file.koi8r > file.utf8 # Or just display it in a pager: perl -Mencoding=koi8r,STDOUT,utf8 -pe0 < file.koi8r|lessIt is literally that simple. Pretty much every encoding you can imagine is available (see 'perldoc Encode::Supported' for the naming conventions and charsets). The conversion does not have to be to UTF-8 - it'll do any of the listed charsets - but why would you care?
# Print the Kanji for 'Rakuda' (Camel) from multibyte strings:
perl -Mencoding=euc-jp,STDOUT,utf-8 -wle'print "Follow the
\xF1\xD1\xF1\xCC!"'
Follow the 駱駝!
# Or you can do it in Hiragana, but using Unicode values instead:
perl -Mencoding=shift-jis,STDOUT,utf8 -wle'print "Follow the
\x{3089}\x{304F}\x{3060}!"'
Follow the らくだ!
* Ben Okopnik * Editor-in-Chief, Linux Gazette * http://LinuxGazette.NET *
Andrew Elian ([a_elian at sympatico.ca])
Wed, 25 Oct 2006 14:18:37 -0400
Hello.
Here's a quick tidbit to help the PS1 variable do the right thing depending on the terminal - X or otherwise. I've added these lines to my .bash_profile and found them useful:
case $TERM in
xterm)
export TERM=xterm-color
export PROMPT_COMMAND='echo -ne "\033]0;${USER}:${PWD/#$HOME/~}\007"'
export PS1="$ "
;;
rxvt|Eterm)
export PROMPT_COMMAND='echo -ne "\033]0;${USER}:${PWD/#$HOME/~}\007"'
export PS1="$ "
;;
linux)
export PS1="\[\033[0;32m\]\u \[\033[1;32m\]\W]\[\033[0;32m\] "
;;
esac
Sincerely,
Andrew
Talkback: Discuss this article with The Answer Gang
Kat likes to tell people she's one of the youngest people to have learned to program using punchcards on a mainframe (back in '83); but the truth is that since then, despite many hours in front of various computer screens, she's a computer user rather than a computer programmer.
When away from the keyboard, her hands have been found full of knitting needles, various pens, henna, red-hot welding tools, upholsterer's shears, and a pneumatic scaler.
By Barrie Dempster and James Eaton-Lee
IPCop is a firewall for the Small Office/Home Office (SOHO) network, which is extremely easy to use. It provides most of the basic features that you would expect a modern firewall to have, and what is most important is that it sets this all up for you in a highly automated and simplified way. It's very easy to get an IPCop system up and running and takes hardly any time.
The four types of network interface—Green, Red, Blue, and Orange—supported by IPCop have differing levels of trust associated with them. Here is a simple table outlining what traffic is allowed to go to and from which interfaces. This table, and the knowledge contained within it, should form the basis of our planning when considering how many interfaces to use and what to use them for. This is basically the Traffic Flow diagram from the IPCop administrative guide.
| Interface From | Interface To | Status | How To Access |
|
Red Red Red Red |
Firewall Orange Blue Green |
CLOSED CLOSED CLOSED CLOSED |
External Access Port Forwarding Port Forwarding / VPN Port Forwarding / VPN |
|
Orange Orange Orange Orange |
Firewall Red Blue Green |
CLOSED OPEN CLOSED CLOSED |
DMZ Pinholes DMZ Pinholes |
|
Blue Blue Blue Blue |
Firewall Red Orange Green |
CLOSED CLOSED CLOSED CLOSED |
Blue Access Blue Access Blue Access DMZ Pinholes / VPN |
|
Green Green Green Green |
Firewall Red Orange Blue |
OPEN OPEN OPEN OPEN |
|
In visualizing the way in which traffic goes through the IPCop firewall, we can see it as a sort of giant junction with a traffic cop (literally, an IP Cop—hence the name!) in the middle of it. When a car (in network parlance, a packet of data) reaches the crossroads, the cop decides in which direction the packet should go (based on the routing tables IPCop uses), and pushes it in the appropriate direction.
In the case of a Green client accessing the Internet, we can see from the previous table that this access is OPEN, so the cop allows the traffic through. In other instances, however, this might not be the case. If a Blue client tries to access a client on the Green segment, for instance, the cop might allow the traffic through if it comes over a VPN or through DMZ pinholes—but if a client on the Blue segment has neither of these things explicitly allowing the traffic, it is stopped. The car is pulled over, the occupants victims of some virtual time in the cells!
Note that (generally) when we illustrate IPCop Configurations, the Red interface is uppermost (North), the Orange interface is to the left (West), the Blue interface is to the right (East), and the Green interface is to the bottom (South).
As with many aspects of the behavior of the IPCop firewall, it
is possible to alter the behavior of the firewalling rules in order
to customize IPCop to meet a topology un-catered for by the default
rules. Within the context of the firewall rules, IPCop has had a
file since the 1.4-series release that allows users to specifically
add their own firewall rules (/etc/rc.d/rc.firewall.local). Since
version 1.3, there have been iptables chains, CUSTOMINPUT,
CUSTOMFORWARD, etc., allowing iptables rules to be added manually.
Specifically using iptables is out of our scope here, but we
recommend that interested readers read the
Linux iptables HOWTO.
Our first topology exists as a drop-in replacement for the many NAT firewalls that exist in the market. In small offices and homes, solutions such as the embedded NAT firewalls sold by D-Link, Linksys, and friends are frequently deployed in order to provide small networks with cost-effective Internet access. Solutions such as Internet Connection Sharing, a combined NAT firewall, DNS Proxy, and DHCP Server, built into client editions of Windows since Windows 98, are also frequently used in order to allow one PC with a modem or network interface to act as a network gateway for other clients. For our purposes here, we will consider ICS, as such a topology with ICS is effectively a superset of the work required to replace a router such as a Linksys or NETGEAR model as mentioned previously. Our migration from one of these routers to IPCop would be identical save for the decommissioning of the ICS software on the client—if we remove the router, this is unnecessary and the router can be left configured as-is (and/or kept as a backup, or reused elsewhere) (See http://www.annoyances.org/exec/show/ics for more information on implementing (and consequently, decommissioning) ICS on different Windows versions). Such solutions, while cheap and convenient, are often not scalable or reliable, and provide poor security. They open workstations up to unnecessary security risks, provide limited throughput, and are often unreliable, requiring frequent reboots and locking up.
As with software firewalls, a network firewall is designed as a barrier in between your workstations and the Internet. By connecting one of your workstations directly to the Internet and using a solution like ICS, although you reduce the resources required to share the internet connection, you expose that workstation to unnecessary risk. There is also an obligation for that PC to be on all the time—compared to a low-end PC with no unnecessary components and a low-power PSU running IPCop, this may be noisier, and have a higher power consumption.
IPCop offers a cost-effective replacement in such situations, providing small businesses and home users with a powerful firewall without the need for over-complexity, and adding other features not present in embedded solutions or ICS, such as a customizable DHCP Server, Intrusion Detection, a Proxy Server, and so on.
Such a topology ensures that firewalling is done before data gets to clients, using a package designed to act as a network firewall, greatly increasing the quality of service to clients as well as the security that their network offers. In this situation, the components of IPCop in use would be:
In such a situation, a network administrator or consultant might also choose to enable any of the following pieces of functionality in order to enhance the services provided to the network:
Decommissioning of ICS in such a situation is quite simple—we would merely disable the ICS functionality, as depicted in the following screenshot (taken from the network connections property of the external, internet-facing ICS network interface). Removing ICS is as simple as deselecting the 'Allow other network users to connect through this computer's Internet connection' option. After we have done this, we should hit OK, reboot if asked to, and then we are free to disable and/or remove the external interface on the workstation (disable if we wish to leave a second network card in the machine or if it has two onboard cards, or remove if we are using an external modem or other piece of hardware we intend to remove or install in our IPCop host).
Firewall rules for this topology are simple; as the Green segment is automatically allowed to access resources on the Red interface, there is no topology-specific setup required in order to set this up. Another substantial benefit in deploying IPCop for such a small office situation is that in the event that the business is required to grow, the solution that it has is scalable. Such a business running a handful of Windows workstations in a workgroup may decide that a workgroup is insufficient for its needs and that it requires centralized management, file storage, and configuration.
IPCop, even in a pre-upgrade scenario like this, is advantageous simply because it provides a built-in, open upgrade path. There is no hardware or software upgrade required to move from simple NAT and DHCP to a network with several network segments, port forwarding, and a proxy server. If the Server already has several network cards (and with the price of these nowadays, there's no reason for it not to, if an expansion is anticipated), this can even be done with little or no noticeable interruption in service to existing clients.
In a small office situation with a growing company, the need for incoming email might force the activation of the Orange zone, and the deployment and installation of a mail server in this segment. Such a company might choose to keep its Desktop and Internal Server infrastructure within the Green network segment and put their server in the DMZ on a switch/hub, or simply attached to the Orange interface of the IPCop host using a crossover cable. As such systems are exposed to the Internet, this segmentation provides a considerable advantage by providing a 'stop line' past which it would be harder for an intruder to escalate his or her access to the network. Microsoft's Exchange mail server has for some time supported such a configuration through the use of the 'front end' and 'back end' exchange roles (although these roles will be deprecated with future Exchange releases). With a different network configuration however, such as Linux clients using a management system such as Novell's eDirectory or RedHat's Directory Server (RHDS), or a filtering appliance, a similar system with externally-facing SMTP servers (perhaps running the open-source MTA exim) would be equally beneficial.
In this topology, Clients are freely able to connect to the mail server (whether via POP, IMAP, RPC, or RPC over HTTP). In order for a mail server that exists as part of the network domain to authenticate to the directory server, we would also need to open the appropriate ports (contingent upon the directory provider) to the directory server using the DMZ Pinholes feature.
We also have a Port Forwarding rule set up from the external IP address of the IPCop firewall to port 25 on the mail server. This allows external mail servers to connect to the mail server in order to deliver email. In this topology, a compromise of the mail server (which in the Green segment could compromise the entire network segment) is controlled, as there is some level of protection provided by the firewall.
In such a topology, we use the following capabilities of the IPCop Firewall:
We might also choose to employ any of the following elements of functionality:
In a larger organization, or if the network above grew, we might choose to expand our network topology using one or more IPCop firewalls.
Several IPCop firewalls might be used by such an individual in order to separate several sites, or in order to further segregate one or more DMZs with physically distinct firewalls. It is also worth considering that IPCop is designed primarily for networks in which it is the only network firewall, in the Small and Medium Business, and Home/Home Office market. Although it is possible to set IPCop up in larger deployments, this is fairly rare, and there are other packages that are arguably more suited to such deployments. In such circumstances, the constraints of IPCop's network segmentation begin to be more burdensome than they are convenient, and the amount of work required to tailor IPCop to meet an organization's needs may exceed the work it would take to manually set up another firewall package to suit the same topology.
In this example, we will consider the broadest scope in which one IPCop box could be deployed, using all four network interfaces to protect a network with an internal (Green) network, an Internet or WAN connection (Red), a DMZ containing more than one Server (Orange), and a wireless segment (Blue) with an IPSec VPN system. In such a situation, we would almost certainly choose to deploy all of the higher-end features that IPCop contains, such as the Proxy Server and the Intrusion Detection System.
In this situation, the services we are providing for individual network interfaces are as follows: On the Red Interface, in addition to the default firewalling policy, we are invoking the Port Forwarding feature to allow connections to the mail server on port 25 in the DMZ, and also to port 443 (https) on the mail server in order to allow connections to the business webmail system. We are also allowing incoming IPSec connections to the IPCop firewall in order to allow remote access to staff who work remotely and to provide remote connectivity for support purposes for the IT Staff and third-party software and hardware vendors.
On the Blue interface, we are providing connectivity via an IPSec VPN for clients in order that they can access services run from Servers internally on the Green segment and DMZ segment. Vendors and visitors are allowed access to the Green segment through use of WPA in pre-shared key mode configured on the wireless access point.
[ When using pre-shared keys make sure you use the longest possible key combination straight from a good random source. Even WPA cannot guard against the brute-forcing of weak keys. This is also a fine reason for changing the pre-shared key periodically. -- René ]
WPA-PSK with solely an access point prevents access to the wireless segment and the Internet by unauthorized users, and is an adequate solution for most small and medium networks; use of a newer, WPA2-PSK-capable access point increases this security more for those without an access point or network infrastructure implementing RADIUS or Certificate Services. The firewalling policy and IPSec system ensures that visitors/vendors only have access to the Red zone (the Internet), and not to any of the resources on the network.
On the Orange interface, our pinholes allow the DMZ servers to connect to a directory server and Kerberos domain controller in the Green segment in order to authenticate users logging onto them via the company directory system. This ensures that the policy and configuration for these Servers is managed centrally, and that there are logs stored centrally for