LINUX GAZETTE

January 2001, Issue 61       Published by Linux Journal

Front Page  |  Back Issues  |  FAQ  |  Mirrors  |  Search

Visit Our Sponsors:

Linux NetworX
Penguin Computing
Red Hat
Tuxtops
eLinux.com
LinuxCare
LinuxMall
VMware

Table of Contents:

-------------------------------------------------------------

Linux Gazette Staff and The Answer Gang

Editor: Michael Orr
Technical Editor: Heather Stern
Senior Contributing Editor: Jim Dennis
Contributing Editors: Michael "Alex" Williams, Don Marti, Ben Okopnik

TWDT 1 (gzipped text file)
TWDT 2 (HTML file)
are files containing the entire issue: one in text format, one in HTML. They are provided strictly as a way to save the contents as one file for later printing in the format of your choice; there is no guarantee of working links in the HTML version.
Linux Gazette[tm], http://www.linuxgazette.com/
This page maintained by the Editor of Linux Gazette, gazette@ssc.com

Copyright © 1996-2001 Specialized Systems Consultants, Inc.

 The Mailbag!

Contents:

Write the Linux Gazette at gazette@ssc.com. Send technical questions to the Answer Gang at tag@ssc.com.


Help Wanted -- Article Ideas

These questions have been selected among the hundreds the Gazette recieves each month. Article submissions on these topics will be eagerly accepted at gazette@ssc.com, and posted in the next issue.

Answers to these questions should be sent directly to the e-mail address of the inquirer with or without a copy to gazette@ssc.com. Answers that are copied to LG will be printed in the next issue -- in the Tips column if simple, the Answer Gang if more complex and detailed.

Before asking a question, please check the Linux Gazette FAQ to see if it has been answered there. The AnswerGuy "past answers index" may also be helpful (if a bit dusty).



Internet Cafe Management Software

Wed, 27 Dec 2000 08:39:31 -0600 (CST)
From: Alan Pater <alan@celasmaya.edu.gt>

Hi Folks.

I've taken a quick look around the web for Linux based Internet Cafe Software, with no luck. There's a few windows based packages around, but that will just not do. What I'm looking for is something which can record when people login and logoff and calculate how much they should pay. Have you seen anything like that? Even a set of instructions on how to do it with a set of scripts would be cool.

Alan Pater

www.celasmaya.edu.gt

Can any of our fair readers find some good internet cafe or "walk in ISP" software? We can only offer the following leads:

Try looking around including the keyword Coffeenet. That was a Linux based cafe in the S.F. area; he closed shop when he had his lease end, but it was successful before that, the building owner just didn't want to renew. I'm pretty sure he open sourced the distro he created, but note, it depends on having a serious NFS server in the back.

I know the VA Linux "mail garden" machines and his, had a similar feature of cleaning up after anything local, so the machines never have any interesting leftovers from previous clients. xdm or gdm have control files for stuff to do before and after a session, so it should be possible to add accounting functions to logging in and out, and to add cleanup to logging out, quite easily. Keeping people from accessing text mode is a little more work, but I don't think Coffeenet was preventing that.

Neither of these actually kick someone out when their time is up, so you still have some work to do if your shop is too big to merely keep an eye on people and rely on a popup "you've been on for awhile" note.
-- Heather

I don't know of any scripts, but "last" gives you login/logout times by user. Should be possible to dump the output into a database via some pretty simple awk, perl, python, or even sh scripts.

Last reads wtmp, so watch out for when your wtmp gets rotated. Most log rotation scripts will move wtmp to a backup, for example wtmp.1, and "last" will take a filename as a parameter.

Sample output from "last":

[ ... ]
dlong    ttyp3        passenger.ssc.co Fri Dec  1 09:21 - 09:22  (00:00)
carrie   ttyp5        catnip.ssc.com   Fri Dec  1 08:48 - 17:04  (08:15)
fax_inc  ttyS0              +39 45 877 Fri Dec  1 08:43 - 08:44  (00:01)
annie    ttyp4        passenger.ssc.co Fri Dec  1 08:42 - 14:48  (06:06)
dlong    ttyp3        passenger.ssc.co Fri Dec  1 08:20 - 09:03  (00:42)
[ ... ]

See "man last".
-- Dan Wilder


geforce card

Mon, 25 Dec 2000 12:27:50 +1100
From: "Ron Nicholls" <nykysle@bigpond.com>

I have RH 7.0 which has XFree86 4.0.1 which does not support Geforce 2 chips yet. Is there a patch or update or howto to install the necessary support.

Regards RonN

Any developer types want to help him out here? Xfree86 4.0.2 came out, but it still has no special support for this card, so unless it works in VESA mode, he's out of luck for now...

And, we'll galdly take articles on adding support for new cards to X version 4! -- Heather


Hiding samba shares across multiple networks

Fri, 15 Dec 2000 10:07:36 -0800 (PST)
From: Faber Fedor <faberfedor@yahoo.com>

Hi guys (and Heather :-)!

I've got an interesting little problem with Samba and hiding shares when multiple networks are involved. I'm hoping one of you can help out, or maybe one of the Gentle Readers has already done this.

I have one Samba box with two network interfaces (on one NIC using virtual lans), say 192.168.1.10 and 192.168.2.10. Two companies sit on each network and can't learn about the other. Let's call them "Acme, Limited" (192.168.1.0/24) and "Coyotes-R-Us" (192.168.2.0/24). They, of course, use Another Operating System.

What I want to do is to create shares on the Samba box for Acme and Coyote to store their files. That's easy enough, the problem is in restricting what they see.

If I create Acme and Coyote as users and share the home directories via the [homes] default share, Acme will not see Coyote's share and vice versa. This is good. However, if the CEO of "Coyotes-R-Us", Mr. Wiley, logs onto the Acme network, he will see the Coyote [home] share appear on the Acme network. This is NOT a Good Thing.

(I tested this by placing a Windows box on Acme's network via a port on a Cisco switch that was set up to handle only Acme's vlan.)

If, OTOH, I set them up as separate shares and restrict them via IP addresses a la "allowed_hosts=", both companies can see the other's share, which is Not A Good Thing, even though they cannot access the other's share (always a good thing).

I've been hacking at this for several days trying to figure something out, as well as surfing Google, Deja.com, the samba mailing lists, and any other place I could think of. You are my Last Great Hope. :-)

TIA!

===== Sincerely, Faber Fedor

It looks like the Answer Gang could stand to be joined by a serious Samba expert. Anyone care to jump in?


General Mail



Thank you for your telnet logging screen article

Thu, 21 Dec 2000 17:53:00 -0500
From: chris dillon <thebin@mailandnews.com>

I scoured the net and your article gave me the answer so that might log my telnet session.

Thank you.


I've been doing a lot of abstract painting lately, extremely abstract. No brush, no paint, no canvas, I just think about it. -- Steven Wright


LG

Fri, 1 Dec 2000 18:02:15 +1100
From: "BanDiDo" <bandido@drinkordie.com>

LG is awesome, if you charged for it I would subscribe. When I get some free time one of these I hope to pen a few articles and such.

Thanks. Linux Gazette was established as a free zine and we firmly intend to keep it that way. There are already paid magazines out there (we publish one of them :), but LG fills a unique niche. No other e-zine I know of (Linux or otherwise) is read, not just through a single point of access, but in large part via mirrors or off-line (via FTP files, CD-ROMS, etc).

Also, because LG's articles are written by our readers, you (readers) are truly writing your own magazine. I only put things together and insert a few comments here and there, and occasionally write an article. If it weren't for our volunteer authors, there would be no Linux Gazette. When I first took over editing in June 1999, I used to wonder every month whether there would be enough articles. But every month my mailbox magically fills with enough articles not just for a minimal zine (5-10 technical articles), but for a robust zine with 15+ articles covering a variety of content (for newbies and oldbies, technical articles and cartoons). A year ago, we never predicted there would be cartoons in the Gazette, but the authors just wrote in and offered them, and it's been a great addition. It is truly a privilege to work with such a responsive group of readers, and years from now when I'm retired (hi, Margie!), I'm sure I will remember fondly what an opportunity it was.

Our biggest thanks go to The Answer Gang, especially Heather and Jim, who each spend 20+ hours a month unpaid compiling The Answer Gang, 2-Cent Tips and The Mailbag. This has really made things a lot easier for me.

Awwww, shux. I do get the occasional consulting lead from this, though. -- Heather

we look forward to printing some articles with your name on them. See the Author Info section at http://www.linuxgazette.com/lg_faq.html#author

And you other readers who haven't contributed anything yet, get off your asses and send something in! Write a letter for the Mailbag, answer a tech-support question, join The Answer Gang, do a translation for our foreign-language sites, or write an article. What do you wish the Gazette had more of? That's what it needs from you.

-- Mike Orr

Would be lovely if you guys established an EFNET irc channel :)
-- BanDiDo


install

Sun, 10 Dec 2000 11:10:00 -0500
From: Ben Okopnik <The Answer Gang>

On Sun, Dec 10, 2000 at 07:36:50AM -0000, <Name Snipped> wrote:

<A querent asked that we not publish his email>

If all you meant was not to publish your e-mail address, then please write back with your question and be sure to clarify that. If not, then consider this:

I can't speak for the whole Answer Gang, nor do I set Linux Gazette policy - but I, for one, have absolutely zero interest in being a free one-on-one tutor for the general public, although I'm always willing to help my friends. I enjoy the fact that the effort I expend in answering these questions goes toward helping everyone in the Linux community: even those that don't read the LG benefit from the general dispersion of good, useful Linux knowledge. This is precisely why I expend the effort, or is at least one of my major motivations for doing so.

For anyone wanting one-on-one tech support and tutoring, it's "cash on the barrel" in a "what you get is what you pay for" economy. Cash preferred, bank checks are OK, major credit cards cheerfully accepted.

Ben Okopnik


Security articles

Thu, 28 Dec 2000 09:54:31 -0800
tag@ssc.com, Kapil Sharma ,gazette@ssc.com

[A guest commentary from our News Bytes editor. I asked him to summarize the controversy on Slashdot regarding SSH/SSL vulnerabilities, and to assess whether we need an article on it. -Mike]

Date: Thu, 28 Dec 2000 16:55:56 +0000 Subject: Re: Late News Bytes additions
From: Michael Conry michael.conry@softhome.net

Hi Mike, please find attached the <A HREF="lg_bytes61.html">news bytes 61 file</A>. I did go through the SSH issues, and summarised them briefly. I kind of skirted around the SSL because it seemed less clear cut, and very much an issue of implementation and protecting users from themselves. Most discussion in the links focussed on SSH in any case.

I would recommend, not an article on Holes in SSH, but rather an article on security in general. Lots of contradictory messages on Slashdot indicate that people still don't really understand what is going on or how exactly to administer a public key system.

The issues are not new, but are inherent in public key systems. pgp,gnupg is the same (how can i be sure the key i think is yours is really yours?). The biggest issue is probably users (lusers) ignoring warning messages.

The new dsniff software is probably worth commenting on also. I included a link in my short discussion, but have not studied it. What could be very interesting would be for an article to highlight how to use tools like this to strengthen your system/network by scrutinising it and probing it. Focus tends to be on how these tools allow malicious people to break other people's systems.

bye for now
michael

[There were several other messages this month, but it's 10:45pm on New Year's Eve, and I want to publish LG and get to the club by 12. The letters will be printed next month. -Mike.]

"Linux Gazette...making Linux just a little more fun!"


News Bytes

Contents:

Selected and formatted by Michael Conry

Submitters, send your News Bytes items in PLAIN TEXT format. Other formats may be rejected without reading. You have been warned! A one- or two-paragraph summary plus URL gets you a better announcement than an entire press release.


Linux Journal 81 cover

 January 2000 Linux Journal

The January issue of Linux Journal is on newsstands now. This issue focuses on Multimedia. Click here to view the table of contents, or here to subscribe. All articles through December 1999 are available for public reading at http://www.linuxjournal.com/lj-issues/mags.html. Recent articles are available on-line for subscribers only at http://interactive.linuxjournal.com/.

Vendors: Linux Journal's 2001 Buyer's Guide wants your product listings! Listings are absolutely FREE of charge, however you must register your products by January 15, 2000. The deadline is firm so make certain to get your free listings in today. http://www.linuxjournal.com/bg/. .


Distro News


 Caldera

OREM, UT-December 19, 2000- Caldera Systems, Inc., announced that they have contracted with Richard Sharpe of the Samba team to create a client library that will make Linux and Microsoft integration easier for developers. The Caldera-funded project includes the development of library source code, associated reorganization and reuse of Samba code and documentation of the library API. The library and documentation will be available under the General Public License (GPL). Caldera's engineering group will work with the Samba team to complete the project by February 2001.

"Richard Sharpe is perfectly suited for this project," said John Terpstra, vice president of technology and Open Source strategist for Caldera Systems, "We believe this library built with Samba code will become the standard for developers writing software that integrates with Microsoft networks."

Developers interested in more technical detail on the project can visit the Samba Web page.


 Mandrake

CAMBRIDGE, MASSACHUSETTS, USA (December 4, 2000) - Integrated Computer Solutions, Inc. (ICS), the leading supplier of commercial OSF/Motif products and support, and MandrakeSoft, publisher of the Linux-Mandrake operating system, announced the immediate availability of Open Motif optimized for the Linux-Mandrake operating system. More details are available in the press release

Open Motif optimized for the Linux-Mandrake 7.2 operating system is available for free downloads at the MotifZone, ICS's Motif portal site (www.motifzone.net). Open Motif is also bundled with the Linux-Mandrake 7.2 PowerPack Deluxe.


 Red Hat

RESEARCH TRIANGLE PARK, N.C.--December 11, 2000-- Red Hat, Inc. today announced that Cradle Technologies, Inc., is leveraging a broad set of Red Hat's embedded technologies and services as part of its strategy to supply a revolutionary silicon platform for stream processing applications.

The Cradle contract includes consulting services and porting of Red Hat's GNUPro embedded development tools, eCos and embedded Linux operating systems, to Cradle's Universal Microsystem platform (UMS). Cradle's UMS platform will make it possible for new embedded systems to be developed simply by redesigning software, rather than by constantly rebuilding the entire chip hardware.


RESEARCH TRIANGLE PARK, N.C.--December 13, 2000-- In further embedded Linux developments, Red Hat announces a deal with Rymic Systems that will put Red Hat Linux (uClinux) behind as many as 50,000 Army trucks and fighting vehicles. These vehicles will run a next-generation Rymic appliance that assesses, in real time, the likelihood of vehicle failure.

The device will monitor dozens of specific variables on an array of military vehicles, and provide decision-makers with additional information when considering which forces to deploy, which fighting vehicles to pull back from the battlefield and which vehicles require immediate maintenance and repairs.

For more information on Red Hat Embedded Linux please visit www.redhat.com/embedded.


 SuSE

Oakland, Calif., USA (December 1, 2000) -- SuSE Linux announced a new strategic alliance with SGI. Under the alliance agreement, SGI will make an equity investment in SuSE Linux and will co-operate on the development, deployment and support of the Linux operating system and infrastructure code.

Earlier this year, the companies successfully introduced Linux FailSafe, a scalable and modular high-availability solution based on IRIS FailSafe system software developed for the SGI IRIX operating system. Linux FailSafe offers advanced clustering capabilities to Linux. SuSE, SGI and others also cooperated in the highly regarded IA-64 Trillian Linux effort.


SuSE have also brought it to our attention that there is integrated backward-compatible Pentium 4 recognition in the standard Linux kernel 2.2.16 included in SuSE Linux 7.0. A boot disk image of the kernel can be downloaded from their ftp site


News in General


 Upcoming conferences and events


 SSH/SSL Vulnerability

There have been a few articles going around regarding possible security risks associated with the use of SSH and SSL. Kurt Seifried has written several times on this subject, as far back as September 1999. More recently he has returned to the topic in an article on www.SecurityPortal.com, and a follow up article responding to some of the feedback he got from readers. This topic seems to have stirred up quite a reaction, and has been further discussed by the contributors to Slashdot.

Without wanting to repeat too much of the discussion that has gone before, the issue basically boil down to one of key exchange and trust. The only real risk to SSH security is in the initial contact with a machine when you do not know whether it is in fact the host you think it is. This is not an SSH problem, as such, but rather is a difficulty with any public key encryption system. The trick is to find a secure way to distribute your public key that does not inconvenience your users too much.

Also, the largest risk to security is not, in general, software problems. Many problems actually originate from users who ignore or do not understand warning signs that something is wrong. The problems with software highlighted in these articles are the extent to which they leave themselves open to poor use.

It is certainly worth pointing out that none of these links highlight any NEW flaw in the SSH/SSL system or implementation. The main reason for the recent focus on these issues is the release of a new piece of software: dsniff, which makes easy interception of SSH traffic more convenient for a wider number of people. This is not because it exploits any weakness, rather it provides some handy tools to automate the interception process. However, wide availability of these tools does increase the chance of casual attacks on systems.

The take-home message is that the best way to keep a system secure is by educating yourself your boss and your users about security. It is only by understanding what is going on that you have any chance of keeping your system healthy (hardly earth-shattering news, but true none-the-less).


 Linux Clusters Powering Genome Research

SALT LAKE CITY, UTAH, Dec. 14, 2000 - Linux NetworX, Inc., a provider of large-scale clustered computer solutions announced that the Lawrence Berkeley National Laboratory, Berkeley Calif., has selected a Linux NetworX cluster computer system for its Drosophila Genome Project.

Using the Linux NetworX cluster system with 40 processors, Berkeley Lab is analyzing and sequencing the Drosophila (fruit fly) genome. The Drosophila's 15,000 genes are similar to a human's 100,000 genes and have been used extensively in the past as a model organism for research studies.

"The Linux NetworX cluster is much more cost efficient than the systems we've used in the past," said Erwin Frise, systems manager and biomedical scientist, Lawrence Berkeley National Laboratory. Frise also explains that because clusters are highly scalable, Berkeley Lab will in the future be able to add additional compute modules to the system to keep it up to date, something not feasible with a supercomputer.


 New look for ShowMeLinux

Vancouver, British Columbia. December 1st, 2000 - LuteLinux.com, a Canadian-based Linux developer announces the unveiling of ShowMeLinux's exciting new look. LuteLinux had previously announced the addition of ShowMeLinux to their family of services, LuteLinux is hosting all future issues and has taken over as publisher of ShowMeLinux. The new look was created by Adam Puchalski, a welcomed new addition to both LuteLinux and ShowMeLinux, as their Graphic/Web designer, and co-editor of ShowMeLinux.

ShowMeLinux is published with the goal of helping readers develop an in-depth understanding of the Linux movement through rich, beginner friendly content. It explores practices for configuring, deploying and maintaining the latest Linux technology.


 HP and Sprint PCS Form Wireless Email Alliance

PALO ALTO, Calif. and KANSAS CITY, Mo., Dec. 19, 2000 -- Hewlett-Packard and Sprint PCS announced an agreement to jointly market and sell the HP Openmail Anywhere solution as part of the Sprint PCS Wireless Web for Business. The solution enables business customers to wirelessly access their corporate email on Sprint PCS Internet-ready Phones. Openmail is HP's strategic business messaging and collaboration solution for Linux and UNIX(R) systems, based on Internet standards. More information about Openmail is available at http://www.hp.com/go/openmail.


 Linux based BizRelations Inc. Announces First Fully Functional Wireless Email in time for Holidays

Dec. 14, 2000 8:30am - BizRelations Inc. ( WEB and WAP), has announced Canada's first FULLY functional and FREE Wireless Email system. From any digital mobile phone equipped with wireless internet data services users will be able to Send and Receive emails, access their wireless addressbook, check their email folders, and use the unique Quick Reply Messaging function.

BizRelations have largely based their IT infrastructure on an Open Source Linux foundation. BizRelations has successfully been using the Linux Virtual Server (LVS) along with RedHat's Piranha clustering tool to provide high availability and scalability for web, email and SQL services. Sybase ASE 11.0.3.3 for Linux was the SQL server chosen by BizRelations, while the email solution chosen was qmail Another core function is monitoring the availability of systems and networks. To fill this requirement NetSaint was used. "If there are any problems, an email gets sent to the support cellphone stating the nature of the problem." says Patrick Petersen (President of BizRelations). After running with RedHat Linux for over a year, even if Windows 2000 was a free alternative, BizRelations would willingly shell out the money for Linux.


 Linux Links

Salon take a look at free wireless TCP/IP networks in the US. The originators see it as an extension of the Open-Source/Free-Software ethos.

ZD-Net take an in-depth look at running Linux on laptops. (For anyone wanting to turn their shiny new toy into a real computer!)

Newsforge comment on Bruce Perens' move to HP as head of the company's Linux and open-source strategies. This is being touted as the first Open-Source foray into the upper echelons of Big Business

East Bay Express looks at a life in a TelCo call centre. Makes you look a bit differently at those frustrating periods on hold.

There is an interview with Eben Moglen (subtitled the "The Encryption Wars") available on immaterial.net. It is in two parts: part 1 and part 2, strangely enough.

Some links courtesy of Slashdot:

The Duke of URL has some new reviews that may be of interest to you:

The Linuxcare support Database is available online if you have some problems you need solutions for.

OS Opinion take a look at the difficulties with complicated software, in particular the ramifications of OSX's UNIX/BSD heritage.

Some highlights from Linux Weekly News:

Finally, for the fashion conscious (or cold ;-), Tuxwear has a range of Linux apparel (perfect treat to cheer one up in the post-Xmas season!).


Software Announcements


 KDE 2.0.1

KDE have announced release of KDE 2.0.1. The official announcement is available here.

There is also a KDE Beta available for download.


 XFree86 4.0.2

XFree86 have released XFree86 4.0.2, and the Duke of URL has posted a review . Highlights include ATI Radeon support.

For the official news, refer to the XFree86 news section. Before you actually download or use this you will also probably want to check out the Release Notes


 Smart Batteries

SoftTools Technology, Inc. has announced their new Linux Smart Battery System Software Suite (Linux SBS3). The Linux SBS3 is a complete software solution for Portable systems that provides support for systems that incorporate Smart Battery System components under Linux. A User Friendly applet with a GUI for multiple smart batteries and/or regular batteries that read and provide accurate information to the user is also available.


 Free Download of Configuration Management System Elego ComPact

The establishment of elego Software Solutions GmbH has been announced in Berlin. The new company specializes in software configuration management (SCM), and offers a wide range of support, service, and general consulting in the area of configuration management (CM).

Elego ComPact is a full-featured configuration management (CM) system based on the well-known and reliable version control system CVS. Elego ComPact extends CVS capabilities by adding new functions and concepts, including build management and component model. Elego ComPact may be used freely for all non-commercial purposes; commercial users must obtain a license.

Elego ComPact claims to add missing features and concepts to the basic CVS system:

You may download a current development snapshot of Elego ComPact for evaluation purposes or free private use via FTP or HTTP from their download page.

For more information see www.elego-software-solutions.com


 VMware Enters Server Market

PALO ALTO, Calif., December 5, 2000 - VMware, Inc.. For the latest VMware press releases, check out: www.vmware.com/news/.

VMware have made a number of announcements around two new server products:

Rather than give all the details here, I will point you to the news. section of VMware's website where you can get the full stories.


 WARP Aim to Improve Web Performance

NEW YORK, NY * November 1, 2000 * WARP Solutions, Inc., providers of Web infrastructure software for the area of optimum performance of Internet applications, have launched the WARP Performance Suite, initially consisting of WARP Intelligent Content Distributor, WARP Global Load Balancer and WARP Load Balancer. Additional products - - WARP Dynamic Content Director, WARP Cache Master and WARP Secure - - are being rolled out on an individual basis during the fourth quarter and early next year. This suite of modules aim to enhance web-server performance with emphasis on "performance, reliability, scalability, security, speed and interoperability". WARP's initial launch will run on Solaris, Compaq Tru64 and Linux platforms.


 ACCESS Introduces Linux-based Browser Development Kit

MILPITAS, Calif./TOKYO, Japan - December 11, 2000 - ACCESS Co., Ltd. introduced a NetFront 2.6 Linux Software Development Kit (SDK) for the worldwide market. This should speed the integration of ACCESS' popular NetFront browser into Linux-based Internet appliances and other non-PC applications.

Since its introduction in 1995, NetFront browsers have been shipped in over 18 million embedded devices from 40 manufacturers. NetFront is an ideal browser for Internet TVs, PDAs (personal digital assistants), set-top boxes, car navigation systems, smart phones, web/screen phones, vertical Internet terminals, video game consoles and Internet kiosks.

The browser kernel is less than 270 KB of code and fits in 1.3 megabytes of ROM and 2 megabytes of RAM. It supports the full HTML 3.2 specification and selected portions of HTML 4.0. It supports frames, JavaScript, cookies, web printing and multilingual capabilities.

This SDK lets developers customize the user interface to their desired look and feel and add plug-in applications tailored for specific applications. NetFront version 2.6 SDK for Linux will be available as a full source code package. The SDK includes the NetFront version 2.6 browser kernel, a sample user interface module and PIM suite, the Internet mail module, a sample library for peer interface layer and graphics layer (GTK/SDL), and documentation. An SDK with five-seat development license is available for $40,000 including three months support.


 Linux-Based Intranet Broadcast Solutions

San Jose, CA- 2netFX, a provider of streaming solutions for intranet and broadband Internet media delivery, and Zapex Technologies, Inc. an industry leader of MPEG-2 compression products, are in alliance to design and deliver innovative hardware and software broadcast solutions to be used in the IP distance learning market.

The first system offered by the alliance is a Linux-based server solution, providing users a viable means to stream broadcast-quality transmissions. It includes 2netFX's StreamRider client and ThunderCast/IP server software and Zapex's ZL-330 encoder with Dolby digital audio and MPEG-2 video. It is the first encoder of its type to achieve Dolby certification for Linux operating systems, and it eliminates inherent lip-sync issues by providing Transport Stream multiplexing within the Zapex encoder.

The ZL-330 produces high quality video images at low bit rates. "The resulting low-bandwidth video stream from the ZL-330 permits an unlimited number of users to access a multicast video," says Gary Marsh, Zapex vice president of sales and marketing. "Coupled with the 2netFX software, PC users can interactively select which programming they wish to view, then capture and store the video locally. Effectively, customers can select their own viewing schedules, depending on application."


 Linux2order.com

Eric Vogel has brought his new site Linux2Order.com to our attention. He describes it as "dedicated to offering the largest collection of Linux applications available on the Internet". A wide range of distribution methods are available. In addition to the standard free download, the user can have a custom CD burned or register for a priority download subscription.


 Fox On Linux

Fox on Linux is a commercial Linux application, providing businesses with a sophisticated, graphical software package to deal with their core financial accounting needs. Fox on Linux can be integrated with other corporate front-end applications and comes with online support and training. Flexible in its operation, multi-user, and with a 12KBS low bandwidth requirement it can be accessed over the Internet. Installation is claimed to be easy, so a system can be up and running in a very short time. For further briefing or a chance to trial Fox on Linux software go to www.foxonlinux.com.


 Other Software

Steak: the Dictionary is an English-German translation program with GUI dialogs. (GPL)
Anyone interested in Electronic Design Applications, you might like to check out yaEDA. It is available with sourcecode.
PROVEN SOFTWARE, INC. have announced the release of their new internet shopping cart for linux, eCHOICE. This new feature will allow easy integration with PROVEN CHOICE Accounting Systems. Full details are here, and an evaluation copy is also offered.


Copyright © 2000, Michael Conry and the Editors of Linux Gazette.
Copying license http://www.linuxgazette.com/copying.html
Published in Issue 61 of Linux Gazette, January 2001


(?) The Answer Gang (!)


By Jim Dennis, Ben Okopnik, Dan Wilder, Chris Giamakopolous, the Editors of Linux Gazette... and You!
Send questions (or interesting answers) to tag@ssc.com


Contents:

¶: Greetings From Heather Stern
(!)Baffled
(?)A rather unique query (I hope)
(?)info needed --or--
What is Linux?
the screensavers look great!
(?)Linux Installation question
(?)Abt.. Michael Lauzon's Q in issue 60.. --or--
Tell me about the K guys
SCI-Linux project to use multiple package types?
(?) minimum configuration Linux ? --or--
Data Recovery Vendor Seeks Linux Basics RAIDs do not guarantee safety for your data
(?)a question --or--
Linux, UNIX, what's the difference?
(?)linux question
(?)Red Hat 7.0 Crackerz!
(?)Transmitting PaperPort files with .max Definitely some Windows file format
(?)Help Me Delete Linux
(?)Removing Linux: Sacrilege!
(?)uninstall linux --or--
Another uninstall: Getting to a Root Prompt to Blow it All Away
(?)setting root password
(?)I can't seem to write to my vfat (Windoze) file system with any user other than root.
(?)For Jim Dennis...Hello from South Texas --or--
Firewall for a SOHO
Small World, isn't it?
(?)Something comparable to Services in NT
(?)Editing fstab file for tape backup
(?)Mail gets nowhere?
(!)Loading SuSE Linux 6.4 via NFS
(?)RE: classified disk
(?)multiple subnets, one DNS
(?)Linux vs. DESQview??? --or--
responding to DESQview/386 Die Hards into the Next Millennia
(?)DOS partition from Linux
(?)e-mails not getting through
(?)exit X & shutdown --or--
Exiting X and Rebooting with One Keystroke
(?)Multiplexing ppp connections
(?)[Tony@thermo-king.com: new to Linux]
(?)Trident Providia 9685
(?)The New network On The BLock
(?)Mail Daily sylog message to remote e-mail
(?)automation for minicom --or--
Scripted Serial Sessions
(?)About Epson Stilus Color 670 --or--
Setting up print filters.
(?)Xwindows
(?)diald on a smoothwall box
(?)...a bulk friendly ISP?

(¶) Greetings from Heather Stern

Hello everyone, and welcome once again to The Answer Gang. As the fog starts to lift this morning I am enjoying the fluffy greyness and savoring a good cup of coffee. I leave it entirely to your imagination whether I'm talking about the weather or my clouded thoughts.

We have some really juicy threads this month and I hope you like them. I'd like to encourage anybody who feels like asking us questions, to consider the following guidelines:

Spam seems to be down this month, and I don't think we got any non-computing questions this time around. Must be a Christmas present :)

It's a new year and I look forward to some interesting New Year's resolutions. In past years I've made selections such as 1600x1200 (the year I got the beautiful monitor I use daily) and 600 dpi (a printer, of course)...


(!) Baffled

From Patrick Green

Answered By Jim Dennis

James I am at a loss here so I thought I would give you a try. I exited out of a root session (not su) and I go back a couple hours later to login. I enter my user name and lo and behold, no password prompt. So I cold boot it (hate that) comes back up just fine, go to login ...no password prompt. Any ideas?

(!) [Jim] First you'll want to get to a shell prompt. I'd treat this as though your /etc/passwd or /bin/login files are corrupt. So, start Linux using the init=/bin/sh kernel parameter (passed from the LILO: prompt --- or LOADLIN, GRUB or whatever boot loader you're using.
If that doesn't work, get out a rescue diskette or CD. Remember Tom's (http://www.toms.net/rb).
Once you've done that try to confirm that your /etc/passwd, /etc/group and various /etc/pam.d files are sane. They should "look right" (if you've seen copies before).
If you have backups of your /etc/passwd and /etc/group files, restore them to an alternate location (/tmp) and run diff on them. See if the differences seem reasonable.
If this is an RPM based system try the rpm -Va command to verify the integrity of your /bin/login and other binaries. (If you have a full tar backup of your root and /usr filesystems you can use the 'tar df' or 'tar dzf' directives to report on differences between your current files and those in your backup.
If you're running Debian there are several ways to check the integrity of your files; none of them is as easy to explain and/or type as rpm -Va (that's one of the very few deficiencies in the apt and dpkg systems). You can run debsums or tripwire or aide if you have any of them --- but that's probably a matter of closing the barn door while the horses are already astray in this case.
There is a possibility that your /bin/login program is corrupt or that an attacker has compromised your system and attempted to replace /bin/login (or some other files) with a broken version (perhaps linked against some library you don't have even just having the wrong permissions or something like that).
Of course I'd also check the /var/log/messages and related files to see if there are any clues in there; do a fsck on your root filesystem, try to run /bin/login from a rescue shell prompt, etc. You can even temporarily replace /bin/login with a one-line wrapper script. Rename it to login.binary or some such an write a shell script like:
       #!/bin/sh
       exec /usr/sbin/strace -o /tmp/login.strace/$$.out /bin/login.binary
... then try to login (rebooting as necessary, or just start a shell on one of your virtual console with an appropriate line in your /etc/inittab files).
It's an unusual problem, but these sorts of techniques will help you narrow down what's happening.
(Obviously your kernel, your root filesystem and the init program are working. Your getty seems to be working enough to display an "issue" file and accept a username. So we've already narrowed it down to getty and login --- either getty is failing to successfully execute the login command, or the login command is failing to emit a password prompt. Since the latter is somewhat more likely we focus on it.)

(?) A rather unique query (I hope)

From Karen Gartner

Answered By Ben Okopnik, Mike Orr

Running RH 7 - Dell Precision 420, 18GB SCSI HD @ 10K rpm, 1 CD-ROM, 1 CD-RW, 19" screen w. Diamond Fire GL1 video card and therein is the start of my problem.

The latest version of the Diamond fire GL1 driver for linux will only work with kernel 2.2.14. RH 7 uses 2.2.16 so I have to backtrack to an earlier kernel in order to use Gnome & KDE (I'm stuck in consoleland right now).

(!) [Ben] Interesting. The first possibility that I would explore would be to search the web (or possibly contact the author) for a patch for the Diamond video code, rather than downgrading the kernel. Chances are relatively high that the necessary changes would be trivial (on the other hand, it may require a major code rewrite, but it wouldn't hurt to check.)

(?) Indeed I have installed the new (old?) kernel but on booting, only 1 scsi host is recognized where there should be 3, there's an IDE recognition problem, and ultimately I get the message "kernel panic: VFS: unable to mount root fs 08:02". I have checked lilo.conf and all is well there.

(!) [Ben] Well, the "kernel panic" message says that it's not finding a bootable device/useable boot record on device 08:02 (if I recall correctly, that means "device with major number 8, minor number 2", otherwise known as "/dev/sda2", the 2nd partition of your 1st SCSI HD.) Is that what your boot device is supposed to be? (side query: have you re-run "lilo"? It never hurts to do so, and if you've changed anything having to do with booting - and you have - you must do so.)
(!) [Mike] Not finding the root partition to mount. The boot sector is a different story, and if you made it this far, it's functioning correctly.
At least your panic message has the word "root" in it. When it happens to me, I get a cryptic "unable to open initial VC" (=virtual console) or something like that. Because displaying a login: prompt requires a virtual console, which requires a device in the /dev/ directory, which requires a root partition to be mounted.
(!) [Ben] If you are unable to mount the root partition (you are correct in that regard - I misspoke), I don't think that you will ever get anywhere near the login prompt; the boot will fail at that point. It is true, though, that a missing or damaged "/dev" directory will cause the "VC" message - as will a "no virtual terminals" setting in the kernel configuration.
(!) [Ben] Where did the new (old?) kernel come from? If it's a "stock" RedHat kernel, I would be rather surprised - RH compiles theirs with every bell, whistle, and gilliwhillikin included. I certainly haven't had any fail to detect SCSI hosts/devices, but that may just be because I've done only a few "RH on SCSI" installations. I certainly have not had any SCSI detection problems with Debian, even SCSI-emulation setups (that being what I have at home.)
If it's a kernel that someone else compiled, I would definitely check the configuration... scratch that. I would not use a custom-compiled kernel while bringing up a new system in the first place. I recommend that you don't either.
By the way, are you certain that you should see 3 SCSI hosts, rather than three SCSI devices? There is a difference, and it's an important one. The host adapters are interfaces between the PC and the SCSI devices; it would be exceedingly rare (if even possible) to find three of them in one system.
(!) [Mike] You should find out which device it's complaining about. Look in Documentation/devices.txt in your kernel source. Block device 8:2 is indeed /dev/sda2.
(You can also look in the /dev/MAKEDEV script, because this is the script that made all those device files. However, I find it harder to read.)
(!) [Ben] It's even easier to look in the "/dev" directory using Midnight Commander, and scroll down until you see a match for those numbers. Possibly simplest of all would be
ls /dev|grep "8, *2 "
(!) [Mike] Provided the /dev directory is there and is intact.
Note also that there are two types of devices, "block" and "character". Disk drives are block devices. The same major number may be assigned to one block device and a different character device.

(?) What I would like to do is take the config file from 2.2.16 and copy it to 2.2.14. Everything but the video card works tickety boo in 2.2.16. The problem is, where do I find the config file from 2.2.16? 2.2.14 is in usr/src/linux of course, which was created on the install, but where does the old .config file reside?

Is that even a good idea to solve the issue? Any and all help is mightily appreciated.

(!) [Ben] I would say that this is not a good idea at all. Configurations - and thus, config files - vary wildly between kernel versions. On the other hand, printing out the old configuration and walking through the new one to make sure that it's as close as possible to the original would be very useful. On my system (I'm running Debian, but I don't think it would be very different on others), the config file is in
"/usr/src/kernel-source-<version>/.config"
(!) [Mike] This is the normal Linux convention. Actually, you can place your build tree anywhere, but you should make /usr/src/linux a symlink to it so that the compiler will find the include files. (Is this still required now that glibc has its own kernel headers?)
(!) [Ben] Good luck in resolving your problem.

(?) What is Linux?

the screensavers look great!

From David Cruz

Answered By Mike Orr, Heather Stern

i live in south africa and find it hard to source help from anyone here.i recently saw a friend how is running his pc on linux software.very impressive.i myself have windows 2000,which works well but when it comes to graphics and proffessional look you're way ahead.i've been trying hard searching the net for the last week for your softwear but came up with nothing.

(!) [Mike] The following URLs contain material on what Linux is, what you can do with it, and where to find it:
http://www.linuxresources.com , sections:
http://www.linuxdoc.org/HOWTO/META-FAQ.html This is the Linux Meta-HOWTO, which gives an overview of where to find different kinds of Linux information.
http://www.linuxdoc.org Home site for Linux documentation. Click on "mirrors" and find a mirror in South Africa to read; it will be faster and cheaper than using the USA server.
http://www.linuxnewbie.org A site dedicated to helping new Linux users and those who just want to see what Linux is before deciding whether to run it.
http://www.linuxstart.com A site which tries to be a "user-friendly index of Linux information".

(?) .the one thing i found incredible was your screensavers- radar, bumps(the blue torch searching in the dark,compass

(!) [Mike] Does anybody know which programs he's talking about? Is it the standard X screensavers (xlockmore), the xscreensaver package, or something that comes with KDE or Gnome?
I don't use screensavers; I prefer to make the screen go black and switch to power-saving mode. If I want to watch "eye candy", I'll run an application which does this. Fortunately, xscreensaver screen savers can also be run as applications in their own windows, not just as screen savers.
(!) [Heather] The radar screensaver he is talking about is one of the utilities which can be used as an xscreensaver module, or simply run as a seperate app. By default it just looks cute, but it has command line options to "ping" some specified hosts your local network and thus be more realistic "sonar" for your situation. Several of the nicer toys like this need to be fetched seperately from xscreensaver package itself.
Gnome uses a GTK based front end to xscreensaver, which shows a number of these sorts of descriptions, including for the extras (it mentions their homesites, so you know where to get them from. Maybe handy even if you hate Gnome?) I have to say it was useful when I was trying to decide which modules to not bother using. I don't really like the idea of a truly random screen toy, as some of these artsy things are just plain ugly.
I don't remember what K uses. Anyways asking whether a given module is in xscreensaver or in xlockmore is a lost cause. The two are always in a race and at any given time, both have lots of cool eye candy, and a lot of it is GPL so you could port it if you felt like. You can have both installed, but only run one or the other at a time.

(?) Linux Installation question

From Layne Gossett

Answered By Mike Orr, Heather Stern

Is there an option for specifying that I would like to be prompted for all of the kernel options during installation, much like you get when building your own kernel?

(!) [Mike] I assume that by "during installation" you mean you want to customize the kernel options at each boot, not the first time you install Linux using your distribution's install program.
You cannot set the compile-time options (=the "make menuconfig" options) at boot time. However, there are lots and lots of other kernel options you can set from the LILO: promit or by adding an
append="myoption1 myoption2=myvalue1,myvalue2"
line in /etc/conf.lilo and re-running lilo. See the Bootprompt-HOWTO for all the options you can set. http://www.linuxdoc.org/HOWTO/BootPrompt-HOWTO.html
Some other options can be set at runtime via the /proc filesystem. For instance,
echo 1 >/proc/sys/net/ipv4/ip_forward
will turn on IP forwarding. Echoing a zero will turn it off. Documentation for these files is in the appropriate subsystems' docs and HOWTOs. (And actually, most are not documented very well.)

(?) Although I have read the HOWTOs on building my own kernel, I still have not been able to get it to work out yet. I've had a lot of luck installing Red Hat from the CD, but I'd like to have firewalling and IP Masq capabilities from a "clean" installation (and remove things like PCMCIA, etc.).

(!) [Mike] For masquerading, you must compile the kernel with IP forwarding and IP masquerading. Then you need to enable it in one of your boot scripts. For instance, my Debian /etc/init.d/rc.firewall contains:
/sbin/modprobe ip_masq_ftp # Only neded if masquerading non-passive FTP.
echo "1" > /proc/sys/net/ipv4/ip_forward # Turn on IP forwarding.
/sbin/ipchains -M -S 7200 10 160 # Debian default timeouts.
/sbin/ipchains -P forward DENY # Deny any other kinds of forwarding.
/sbin/ipchains -A forward -s 10.0.0.0/8 -j MASQ
# Masquerade from the 10.0.0.0 network to the outside world.
Try running these commands manually and see if you can get masquerading working with your current kernel.
For more security, you can build a more elaborate set of ipchains rules. (Note: ipchains requires a 2.2.x kernel, which I assume is what you have.)
(!) [Heather] The Debian installer does ask about these things, but just to prepare the modules listing, not to prepare a whole kernel. And its prompts are rather wimpy - you really have best luck if you already know what you are looking for.

(?) Tell me about the K guys

SCI-Linux project to use multiple package types?

From Manoj Warrier

Answered By Heather Stern, Mike Orr

Dan is right. Use one of the user friendly, mouth feeding distros and U stay a newbie unless U make a habit of reading the Linux Gazette and Linux Journal articles out of curiosity as to what happens under the hood...

But, my ears picked up at Heather's comment -> "I think the K guys have the right idea, writing a front end that deals with more than one package type". It sounds exactly like something I need. We are compiling a set of software (most of the links provided at "http://Scilinux.freeservers.com") which we think go into making an Enviornment for scientific computing on Linux. We plan to make a CDROM by April 2001 (GPL) with the sources / RPMs / other binaries and have a Tcl/Tk interface to install these on a existing Linux/GNU PC. We are still wondering if there is "a front end GUI that can deal with more than 1 pacakage type".

(!) [Heather] kpackage is allegedly able to deal with both .deb and .rpm package types. I assume that you still need the underlying libraries, so it knows what to call. It may also be strongly dependent on alien, a script which eases the conversion between package types.
If you're going to write your own GUI, definitely take a look at alien, the packaging APIs, and the apps which already exist to deal with these package types alone. Just make sure not to mix licenses in any incompatible ways...

(?) So who are this K guys? KDE develoment team? ...

(!) [Heather] Yes. The full name of KDE is "the K Desktop Environment" where according to the FAQ, K stands for Kool. But they refer throughout their docs to K, for example, the K menus, the K button, etc.
(!) [Mike] Of course, it was named after CDE, the Common Desktop Environment GUI that many commercial Unices use.

... to which Manoj replies ...

(?) Hi and thanks,

Elaborating more on my task at hand,

Work to be done -> Create a CDROM with scientific software which can be installed on a PC already running Linux.

Problem faced -> There are various distros of Linux, various versions of Linux software, therefore a binary which works on one may not work on the other.

(!) [Heather] This is more a matter of the library dependencies than the limits of any one distro. ldd <binaryname> would tell you which libraries it expects, and if those are really already present, you can force it to install, over its packagemaneger's objection, and it will work.

(?) (1) Thanks. I did not know this.

(!) [Heather] In some cases the kernel may lack something, in which case providing a usable kernel with modules would be a good idea. Don't forget pcmcia modules and setup if you want to gracefully handle laptops.

(?) Not planning on this (at least not in the pre-alpha version). Also wondering where I can keep the CDROM for free downloading (Power cuts, etc, are quiet common this place).

(?) Policy -> Do not want to creae another distro of Linux (Linux from scratch is the way to do it ... am I right??) on which we can then make pre-compiled binaries.

(!) [Heather] Sort of contrary to this, people call "Bastille Linux" a distro even though it's strictly symbiotic to RedHat. You might look at Rock Linux (designed to put the whole thing together from sources) or piggyback on Slackware (which was an early distro, and is pretty strong in the compiler department) or on debian (if it's got the packages you want already, since it has so many).

(?) Therefore plan -> Have the sources, binaries (*.rpm, slackware *.tgz, *.deb, etc..) on a CDROM and have a Tcl/Tk script to install your choice. The script would try to compile the sources for your Linux distro if none of the binaries packed with the CDROM works for you. I realise that a script that compiles from source for your distro of linux will take a loooooot of time, and it is close to impossible to make it work for all distros .. SO ANY IDEAS??

(!) [Heather] with the aid of alien I use rpm's on my debian box and .deb's on my SuSE box fairly freely. Admittedly I did grab 3 deb's to bring lynx-ssl over but it was worth it... and not very hard, debian's dependency tree was accurate.

(?) (2) Using alien seems to be a stop gap solution ( I still have to check it out ).

(!) [Heather] If you also provide the basic libraries that your packages expect, and you are really careful about adding them, you could do okay. The tricky part is things like libjpeg6a versus libjpeg6b (for example). If you get some app that really only wants a specific libary and nothing else will do, you'll have to use LD_PRELOAD variables.

(?) (3) Hopefully we will not need to use LD_PRELOAD. Providing basic libraries is most appealing (after using ldd "binaryname" to find the library dependencies for all the softwarewe plan to pack).

(!) [Heather] The point of using LD_PRELOAD would be if using this with an unknown locally installed system - if your users will be booting from your CD-ROM, then you'll know their environment is correct, and LD_PRELOAD will be unnecessary.
You can use them anyway, and keep all your known support libraries in a little link farm, or something. Probably don't even need hardlinks.

(?) Why go into it at all -> At my Institute (Insttute for plasma research, Ahmedabad, India) we have a lot of ppl using Linux and most of them do not have Octave, Scilab, Numerical libraries, yorick, xfig, lyx, AbiWord, pvm, mpich, ftncheck, etc. etc. etc... on thier Linux PCs. It would be convinient to therefore have a CDROM which would install these on thier PCs.

(!) [Heather] Just offhand I've seen most of those in a debian capt list. Make note, I do point at non-free and non-US, so you may need to do that, or fight licensing hassles, to distribute them.

(?) Never used Debian (Indian PC mags have never given a free version). Here RedHat sems to rule the roost. We get at least 2 CDROMS every year..

(?) Another problem is getting started using these new software. Detailed 100+page manuals are very useful after you get started. therefore we have plans of short getting started guides for these software. I guess there are other people who also might find such a CDROM useful. Thats why we started this.

(!) [Heather] All my best wishes go to you, the Linux world needs more documenters :)

(?) Meanwhile Ill be exploring alien and kpackage. kpackage would probably need the underlying libraries ... Not everybody has this.

(!) [Heather] There are tricks for unwrapping an rpm or a deb without having the library installed yet. The Linuxcare Bootable Business Card (BBC) does this to install ssh on-the-fly since when they began the project, the U.S. still had overly eager anti-crypto laws. (It can be argued that they're still rather crazy - see the EFF - but I'll leave that be for now.) You can get the BBC at its new site: http://open-projects.linuxcare.com/BBC

(?) Which leads me to ask -> Dont youll think fondly about the window manager which you could work on within 5 seconds of typing "startx" at your console on your 16 MB RAM 486? This could be a silly sentiment ...

(!) [Heather] I recommend looking at fvwm2, it's what I use for a lightweight setup that still offers "normal" menus. And flwm (fast light window manager) comes highly recommended from the debian-laptops mailing list.

(?) I use fvwm. flwm sounds good. Must check it out.

(!) [Heather] If you're going to write your own GUI, definitely take a look at alien, the packaging APIs, and the apps which already exist to deal with these package types alone. Just make sure not to mix licenses in any incompatible ways...

(?) and YES !! we have to check out licenses in detail (the least attractive part of the project), but I guess we might be able to distribute most of it since this is never going to be a commercial CDROM. Ill put it up for free downloading (Is there anyone who will provide this service - A mount point for a CDROM having a tar gzipped version of it?). Dont know if I can convince my Institute to CDwrite and mail the CDROM to whoever requests it and pays mailing charges. In fact dont know if anybody will want it, but we learn quiet a lot (ldd "binary name", alien, etc..) doing this.

(?) Thanks once again.

Manoj

Then there was this great - user friendly OS which overwrote your MBR whenever you installed it...

(!) [Heather] You're welcome, and good luck in your project.

(?) Data Recovery Vendor Seeks Linux Basics

RAIDs do not guarantee safety for your data

From Support

Answered By Jim Dennis, Mike Orr

I wonder if you could point me to a FAQ that would answer the following question:

We are a small company specializing in Data Recovery. HardDisk "crashes" and the like.

We have a client that used a network Disk Drive from a company called NETGEAR. It appears that they have built their product round Linux (The good news !)

(!) [Jim] Yes. I've heard that the Netgear NAS (network attached storage) products use an embedded Linux system). However I don't know any details about their configuration.
(!) [Mike] I have a bit of sympathy in my heart for data recovery companies, because we had to use one at the hospital I worked at in 1994. I was doing data entry into a FoxPro database and the Novell server crashed. To top it off, this was 3pm on Christmas Eve and most people were gone. Troubleshooting proved that the server would reliably crash when accessing the middle of certain files in the NetWare filesystem--and these were the database data files.
It took a week to recover. We were between sysadmins and didn't have a backup, because our disk capacity was 2 GB but our tape drive had not kept pace -- it was still a measly 250 MB model. A guest sysadmin from the hospital-wide pool came, did the standard bindery tests (akin to fsck), called a couple consultants who didn't help, called a CNE but didn't engage him since he wouldn't have done more than we'd already done--but would have charged $50 anyway!
We discovered that disk mirroring is not always a good thing. The mirror drive was supposed to be our backup. And it did backup well: it backed up the corrupted data!
The sysadmin noted my comments about the hard drive making noises, and wrote in a report, "It done sound like a car need bearings." We sent the drive to OnTrack; they took it apart, charged $2000, and sent back a tape containing all the files they could recover. Out of all the consultants and CNEs we called, they were the only competent ones in this whole process. They also sent back an amusing analysis report: "Severe hard drive damage. Drive should be replaced." Duh!
We replaced both drives, because the other one was acting up too. Both were part of a bad Maxtor batch that were causing problems in other parts of the hospital as well. They had 12-month warranties, and the drives were failing in the 11th or 13th months.

(?) Thus far, we have regrettably no experience of Linux. I wish to Install a minimum configuration of Linux on a Win98 test PC in order that i may copy the data on their (undamaged) harddisk to another FAT32 harddisk and thereafter backup to CD's.

Right now i'm downloading 2 * 675Mb of "Linux" in ISO format. I doubt that i need 10% of it for this task, but i have no knowledge of the required files to get a minimal system running. Is there an FAQ that would explain to a willing but uneducated guy, how to proceed.

(!) [Jim] You don't mention which ISO images you're downloading. It's probably excessive in any event. Generally you can install a fairly full Linux distribution from one CD (the second CD on many distributions contains source code and/or extra software, sometimes including shareware and other "non-free" stuff (demoware, etc)).

(?) 1. how to install a minimum version of Linux

(!) [Jim] This is a very difficult question to answer given that you haven't told me which distribution you're downloading. Distributions differ more in their installation and initial configuration than in any other regard.
It would also be difficult, even if you had provided this information, since it requires essentially a chapter length exposition.
(!) [Mike] If you want just a minimal Linux installation to just copy data off a Linux partition, consider Tom's Root Boot. It's a minimal Linux system on a bootable floppy, with the utilities needed in a typical rescue situation. Our sysadmins swear by it for all manner of workstation setup tasks.
http://www.toms.net/rb
However, I echo Jim's statement that you need to know the basics of Linux utilities in order to do an effective data transfer. Many people have had to embark on an unanticipated self-taught crash course, but it means spending a weekend with the HOWTOs and manual pages or a book.

(?) 2. how to copy files from a Linux Partition on one disk to a fat 32 partition on a second disk.

(!) [Jim] This part would be quite easy once you have Linux installed. Linux support FAT32 and MS-DOS filesystems (including the VFAT long filename support). So you'd use a command sequence something like this:
  mkdir /mnt/netgear
  mkdir /mnt/windows
  mount -t ext2 /dev/hdb1 /mnt/netgear
  mount -t vfat /dev/sda1 /mnt/windows
  cd /mnt/netgear && cp -ax . /mnt/windows
... this assumes that you have installed Linux unto your first IDE drive (the master on the primary controller) which is called /dev/hda under Linux. It therefore assumes that the hard drive which you've extracted from the Netgear NAS unit is the second IDE drive (slave on the primary IDE controller) which is called /dev/hdb under Linux. This all presumes that you made the necessary changes to the pin settings on your hard drives to get the hardware working.
I also assume that you're using a SCSI disk (though you could use a third or fourth IDE drive --- or even a fifth, sixth, etc). /dev/sda is the first SCSI hard drive on any normal Linux system (though this may change in the future, with devfs).
So, this example makes many assumptions about how you've installed Linux and what hardware you have available. There are MANY other ways to do this.
Other than that the example basically makes a pair of mountpoints (places at which filesystem can be connected), mounts the Netgear drive to one and the Win '9x drive/filesystem to another changes to the top of the netgear directory tree and copies everything on that filesystem (recursively) unto the VFAT partition.
Note: I'm also assuming that the Netgear is not functioning as a NAS and that you're removing the hard disk from it and connnecting it to one of your lab machines. That seems pretty obvious to me, since you'd just attach to it via the network directly from a Win '9x/NT box if the NAS services were working; right?
I'm also assuming that Netgear is using ext2 (the dominant Linux native filesystem). If they're using Reiserfs or some other filesystem --- then you'd have to do things a bit differently. If that is the case; you'd be best advised to use the SuSE distribution which already includes support for Reiserfs --- otherwise you'd have to patch and build your own custom kernels; which is not a task to be undertaken by novices.
(S.u.S.E. is the only major distribution that already supports Reiserfs. Netgear might have patched their system to support it given that Reiserfs' "journaling" features would be very desirable on any Linux-based headless NAS device!)

(?) 3. Am i inventing work unnecessarily. maybe there exist tools to read Linux partitions and copy DATA to Fat32. Something in the Style of Partition magic ( but to actually COPY files.)

(!) [Jim] There used to be a set of ext2 (Linux extended filesystem version 2) utilities for OS/2 and Win32 (NT and '9x). However I'm not sure that they are the best for your purposes.
It would probably be best to buy a nice large hard drive (6Gb or better), put it in one of your lab workstations, install Linux from CD (I prefer Debian; but S.u.S.E. might be more to your liking --- S.u.S.E. is the most popular distribution in Europe and has very good support for various continental languages).
Once you have Linux installed and the Netgear drive attached you can "dump" a raw (bitwise) image of the entire drive into a single Linux file using a command like:
   dd if=/dev/hdb of=/some/path/with/lots/of/free/space bs=1024k
... or you could dump each filesystem/partition by using the commands:
   fdisk -l /dev/hdb
... and then (for each of the partitions listed there: let's say it's 1, 2, 3, 5 and 6; skipping 4 since it might/would be the extended partiton container:
   for i in 1 2 3 5 6; do
      dd if=/dev/hdb$i of=/lots-of-space/netgear-image.hdb$i.bin
      done
(This last is a bit fancy for a novice. However, you can just type the commands one at a time until that little snippet of shell code makes sense). (Obviously you'll need to put in your own names in place of the of= paths that I've listed here).
NOTE: if the netgear filesystems are larger than 2Gb then you might need a very new kernel with LFS (large filesystem support) or you could use "raw" partitions (unallocated space) on your new large Linux disk.
This "dd" approach is handy if you want to preserve a full snapshot of the filesystem (in it's damaged state) before attempting data recovery. That way, if your filesystem check and repair efforts cause more damage you can always start from scratch.
In general I'd say that there is way too much about Linux to learn before you'd understand how to do filesystem or data recovery. As I'm sure you know from your experience with FAT/VFAT/FAT32 based filesystems, one must generally be expert in an OS prior to being competant at data recovery under it.

(?) I would be most grateful for any advice you could offer.

(!) [Jim] You could look for a good Linux training consultant to come in and give you're team a crash course. You'll find that Linux really is a data recovery person's dream tool suite. Although it's not "easy to use" it does offer full access to the system hardware and has very good support for the filesystems of various operating systems.

(?) My best Christmas greetings from Sweden, Tony Kvarnstrom


(?) Linux, UNIX, what's the difference?

From Alex

Answered By Heather Stern

Hi, I have a question that's been on my mind lately. I've looked around the web and gotten some roundabout answers. The question is, what is Linux?

(!) [Heather] Linux began life as a kernel that would act like Minix but run on Linus' 80386 and mount up his minix filesystems. He shared it and was encouraged by folks submitting their own patches. People just can't make their mouth say "Linus' Minix" for very long, but I can't pinpoint when it got compressed to Linux. Maybe one of our readers could :)
(!) [Mike] Vaguely I recall Lars Wirzenius mentioning the origin of the name Linux in a talk at Linux Expo 1998. I think he said something like it wasn't Linus who came up with the name. He just uploaded it to the FTP site and the FTP admin had to come up with a label for it, so he called it Linux. But I may be remembering wrong.
Where's that message where Linus recounts how his first success in building Linux was to develop a multitasker that allowed one process to write "a" repeatedly to the screen while another process wrote "b"? I think in there it mentions that one of his early names for the system, when he was in an extremely frustrated mood, was Buggix.
(!) [Heather] As time rolled on and "distributions" were gathered and sold, the press likes to call the distributions Linux too, while others argue that only the kernel is Linux and the rest is (for example) Red Hat or SuSE or whatever.

(?) The most popular answer on the net seems to be "Linux is a UNIX-like OS". Well, then what is UNIX? And why isn't Linux UNIX?

(!) [Heather] There is someone who presently administers the trademark work UNIX and they don't feel like branding Linux with it for free. FreeBSD has the same "problem" - both are at this point well established systems that people already experienced in UNIX will find comfortable features in.
The trademark began life as AT&T Bell Labs UNIX, and has been traded and sold a number of times since. For a while Novell owned it ... in fact, for a brief time it looked like Novell could become the source of a new, completely non Microsoft based system, because they had Netware, they had DR DOS, they had WordPerfect and its family of apps... but they either didn't see it or had so many internal politics they couldn't do it.
The current trademark holders are the Open Group. Their babble about rights to use their trademark is at: http://www.unix-systems.org/trademark.html
Anyways, UNIX shouldn't be used as a generic term, because that's against the principles of trademark. Let me illustrate with an example that a few more people will understand. You can't call something Coca-Cola (http://www.coca-cola.com) that's not. You're not supposed to call it Pepsi either (http://www.pepsi.com, but you can't use the site at all from lynx; try their investor relations site, http://www.pepsico.com instead) unless it's really Pepsi. But you can call it a "Coca-Cola like soda" or say something "tastes kinda like Pepsi" and you're safest with "a cola" or "a soda pop". For the curious out there, I drink either, but prefer RC (http://www.rccola.com).
So Linux is "an operating system" which only "tastes like MS Windows" if you select a window manager with a theme that tries really hard to do that, but tends to "taste like UNIX". Admittedly it tastes a bit more like these if you go the extra mile and run WINE or have the iBCS compatability module around so you could try to run the respective binaries.
(!) [Mike] Funny, just today I saw a story in Linux Weekly News where Sun claims Solaris is a version of Linux because it can run programs compiled for Linux, and maddog says this proves we've never come to a consensus on what "Linux" really means. Purists say Linux means just the kernel, but maddog cites Linus as predicting that mainframes with highly-customized kernels will also be "Linux sytems" in the future.
http://www.lwn.net/2000/1221

(?) Is AIX or Solaris or SunOS or HP-UX a UNIX?

(!) [Heather] AIX and Solaris are blessed with this trademark under "UNIX 98", HP-UX and Tru64 among others are blessed under "UNIX 95". (You can see the Open Group's Registered Product Catalog if you care: http://www.opengroup.org/regproducts/catalog.htm
I don't think SunOS ever got so blessed; it was a BSD derivitive after all. You can read some about the confusions between SunOS and Solaris in this handy note: http://www.math.umd.edu/~helpdesk/Online/GettingStarted/SunOS-Solaris.html

(?) If so, what makes them a UNIX and Linux not a UNIX? Is it kernel specific? What's the deal?

(!) [Heather] I hope this helped.

(?) linux question

From Ted Mims

Answered By Dan Wilder

I hope you can help me out. I am running a box with Linux 6.0. I had a hacker a few weeks ago that primarily set up some shielded irc channels and modified my dns for his needs (exactly what they were, I am not sure). Anyway, somehow he made it so that my securetty file is ignored. I am having no luck locking root out of telnet. securetty has the correct format and permissions and pam_securetty.so is not commented in the /etc/pam.d/login file. Do you happen to have any suggestions? All I want to do is re-restrict direct-in root access. I would greatly appreciate any elightenment you can offer. Thanks

Ted H. Mims

(!) [Dan] The executive summary: reinstall, secure the new system, copy data from the old.
Unfortunately, once a system is compromised, you can't trust the pieces. The skilful cracker, or even the less skilled in this day of script kiddees, will have replaced system binaries such as /bin/login, /bin/ls, /bin/ps, and on and on. This places you in a shifting hall of mirrors when you attempt repair on a running system. Especially if you attempt this repair while the system is connected to the network. I know very few sysadmins who would be up to this challenge, fewer still who would be assured of success, and almost none who would attempt it except on a wager or as a sport. I would be the last to suggest you attempt this based on a few pointers.
The prudent course of action is a fresh install on a new hard drive. Do this on a system without any connection to an outside network.
Upgrade named. http://www.isc.org/products/BIND is the URL. Use bind-8.2.2 patchlevel 7 for an easy upgrade from what's on most 6.0 distributions. Or, see if the ftp site for your distribution has an upgrade. Eight bugs, including one allowing remote exploit and providing the attacker with full access at whatever privilege level named runs at, have been located in older versions of bind.
Eliminate all services the system does not need, by turning them off in /etc/inetd.conf or the equivalent xinetd config files.
Establish secure passwords for all accounts.
At that point, take the hard drive from the old system and mount it for example on /mnt. Copy valuable data from the old hard drive to the new. Examine all configuration files you may copy over carefully.
Don't allow telnet from remote systems. The password is transmitted in plaintext, not a very good idea in this age of sniffers.
Consider instead installing ssh or openssh, if remote access is needed, or if you're on a LAN with more than a handful of hosts or with users who are not highly trusted employees. Be aware that even ssh is not 100% proof against "man in the middle" compromise.
<digression> That "6.0" doesn't mean much if you don't specify the distribution, for example "Red Hat" or "SuSE" Each Linux distribution maintains its own versioning system, with only very rough equivalence between distributions. </digression>

.... Ted found the breakage ...

(?) I just needed to actually pen the question to someone. I figured it out all by my lonesome. Thanks anyway. He had bypassed pam and sent it back to the login.defs file which of course did not have a CONSOLE directive.

Ted H. Mims


(?) Red Hat 7.0

Crackerz!

From George Hawthorn

Answered By Ben Okopnik, Heather Stern

Answer Guy,

I've searched every Linux site I can find to understand why after months of trouble free operation, I am unable to login to my RH 7.0 server at the terminal. Everything is working fine, web server, ftp, router but I simply cannot login as root or anybody else for that matter. I can do a 'linux single' boot but under a normal boot, when I get the login: prompt and type root, I'm back at the login prompt again. I realize this is an imposition, but I'm getting desperate.

Thanks for your time,

George Hawthorn

(!) [Ben] First, a quick possibility: Take a look at my '"Cannot execute /bin/bash: Permission denied" - solved!' article in Issue #52 of the Linux Gazette. It may contain an answer to your question. Note also that people are able to log in if your ftp, etc. services are usable - they are logging in as a very low-privilege user ("nobody", or "ftp"), but they are logging in.
(!) [Heather] Here's an even faster possibility (maybe even the same) - did you upgrade PAM recently by any chance? The default files from a PAM upgrade usually are not the same as your normal policy. One time I ended up only being able to get in via ssh ... and that, only because my key was already in place, so it wasn't dropping down to standard authentication.
(!) [Ben] Second - when you do log in via 'single', what does the system look like? Has the password file changed? (Hint: it is a Good Idea to have dated snapshots of "/etc" along with your regular backups; a tarred/gzipped archive should easily fit on a floppy.) Try making a copy of "/etc/passwd" (or "/etc/shadow" if you use shadow passwords), then edit it to remove the password hash for root -
root:1XaFDYn7EapuP:0:0:root:/root:/bin/bash
Chop out the second field:
root::0:0:root:/root:/bin/bash
When you next log in as "root", you won't need a password - just make sure to create one immediately. If you still cannot log in, then something in the system itself is giving you problems; once again, refer to the above article.
As to reasons why this happened in the first place: well, the scary-but- obvious reason could be that some "script-kiddie" got into your system and did a dance on it. Not to panic; as long as you've got good backups, the damage can be undone (and if you're running a publicly accessible server and _don't_ have backups, I'm afraid you've gone beyond any help I can give.) It could also be that some program you've installed - and I haven't heard of anything like this with progs from established distributions, whereas just slapping in a random tarball could do this - has messed up your libraries or other vital files.
In my experience with Linux, I've come to an expectation that I did not have with MS Windows or OS/2 - "stuff" doesn't just happen. There is a reason for this; whether a security problem caused by random services enabled in "/etc/inetd.conf" (I strongly suggest reading the Security-HOWTO if you have not done so previously) or a problematic program installation, you need to track it down and resolve it. Particularly in the case of a break-in, it is not something you want to happen again.
Good luck

... George adds some context ...

(?) Ben,

Thanks so much for the speedy reply. I'm going to read through your e-mail very carefully. I can tell you that I've done nothing to the server for months accept FTP files to it, Telnet to it, add a couple of users etc. It's been running perfectly since August of this year, and so I "think" I can rule out my actions as the cause. I haven't installed any additional programs. As for the security issue, this was and still is my immediate concern. I wonder if someone has got in and done "something". I did see a couple of bad login attempts using lastb. I do have copies of ALL important files, and so could simply reinstall the OS, but then I'd be no better off...just waiting for it to happen again. Thanks once again for your help. I'll let you know if I find the cause.

... then following Ben's advice, investigates more carefully ...

(?) Ben, Following your article in issue #52, I looked at /bin/login (using linux single) and noticed that it is owned by root and lp (have no idea what lp is ...sounds like a print queue).

(!) [Ben] Just to hazard a guess - since I don't know the layout of your system or anything else about it - an attacker may indeed have come in via your remote print system; there are exploits (if I remember correctly) that use it, since it requires a high level of privilege to access the hardware ports. I would at least check into security measures involving the print system - the first of which would be to make sure that I'm running "rlpr" or "lprng" for my remote services. The second would most likely be a search of COTSE <http://www.cotse.com/unix.htm>;, Insecure.org <http://www.insecure.org/sploits_linux.html>;, or NetworkICE <http://www.networkice.com/advice/Exploits>; for known exploits against whatever I am running.

(?) I booted up another pc with RH 7.0 and noticed that its /bin/login ownership is root and root. I tried chown root.root login, but get the 'permission denied response'. I also edited /etc/shadow with no luck. I agree with your theory that reinstalling teaches you nothing. My master plan was to FTP the login "program" from a working pc to the server in the hope that login is somehow corrupted on the server.

(!) [Ben] "/bin/login" and "/bin/bash" are typically good things to check when looking for intrusion "footprints", especially a "/bin/bash" that's been set SUID (this means that anyone running that shell has full root privileges!) The fact that you're unable to chown "login" means that FTPing a good "login" binary will not help - you probably won't be able to delete the old one. In fact, it's a pretty strong indicator that...

(?) I rebooted the server using the linux single command, and then SU to login as root. I was scrolling through previous commands and was surprised to see many commands that I didn't enter. Someone created a user called "Poped" as far as I can tell, and then entered commands such as

rm -f /bin/login chattr -i /bin/login

It would seem that someone gained access. What do you think?

(!) [Ben] ...somebody got in. I assume I don't need to mention that you need to immediately take your system off the network - given that he has root access, your attacker could easily wipe out your entire system.
I would guess, even though you haven't mentioned this, that they ran a "chattr +i" on the "/bin/login" that they had installed - this would be the reason that you can't delete "/bin/login". You can remove the "immutable" flag set by "chattr" by running "chattr -i /bin/login"; this should allow you to delete/replace it with a non-'rootkit' "login".
By the way - one of the ways you can usually tell the replacements is by looking at the size of the executable. The 'rootkit' types, due to the fact that they can't be dynamically linked (they have to be able to work on a system whether it has their required libraries or not), are normally much larger.
In a way, you should consider yourself lucky - a really knowledgeable cracker would have replaced your "/sbin/syslogd" and cleaned up your logfiles. You would never have known that anyone had been in there. Also, the very fact that he screwed up "login" to that degree shows him to be an amateur - a successful system crack is nowhere nearly that obvious or crude.
Once again, I strongly recommend reading the Security-HOWTO and doing some research. Leave your system off-line until you're satisfied 1) that you understand how the attacker got in, 2) have securely patched that hole, and 3) have done a general security survey of your system and are reasonably satisfied with its state. If you're setting up a publicly- accessible server and have not studied the security aspect, you're letting yourself in for a large heap of trouble - as you have found out.

(?) Thanks for any help.

P.S. so much for my firewall.

(!) [Ben] Ah, more reading to do! :) Firewall setup is not as "automatic" as a lot of folks think. Most of the time, it's not particularly difficult - but it does require attention and a bit of study. See the (are you surprised?) Firewall-HOWTO.

... George will go one better ...

(?) Ben, I'm really grateful for your excellent responses. You've been a tremendous help and I plan on taking your advice. I bought "Building Linux and Open BSD Firewalls" a few months ago and will delve more deeply into the book.

Happy Christmas, and thanks once again.

(!) [Ben] Glad I could be of help, George; sounds like you're taking an effective tack to resolve the problem. Merry Christmas to you as well, and the best of luck.

(?) Transmitting PaperPort files with .max

Definitely some Windows file format

From Elizabeth Sedgwick

Answered By Mike Orr, Heather Stern, Don Marti

Gees, I hope you can help me.

I just loaded PaperPort software for windows, which is used with a scanner for photographs, etc. onto my computer. The extension for the software is .max. When I send photographs to friends, they canít open them. Do they have to have the software on their computer to open the files?

In trying to solve this problem, I saved the photos with a .jpeg extension and am sending them this way. Some of my friends do not have .jpeg type software in their computers. Is there some way to download jpeg software from the internet if you donít have it on your computer?

Your help with be so appreciated? Elizabeth

(!) [Mike] This is Linux Gazette, not Windows Gazette. You'd get a better answer by asking a Windows group.
.max is not a normal image extension like .jpg, .gif, .png. It is very likely the recipient does not have a .max reader installed. Nowadays they probably DO have a .jpg viewer of some sort already installed. How to view the image depends totally on the recipient's mail program and other software. At worst, they can save the .jpg's as files and view them in Netscape or Internet Explorer using a URL like file:/directory/filename.jpg . (May need "\" or "\\" and a "c:" prefix under Windows?)
IF they are running Windows, it's possible something called "File Associations" has a bad configuration. This is a table that tells Windows which program to use to open a .jpg or .jpeg file when you double-click it. In Win95, it was a setting in Windows Explorer off one of the menus somewhere. In Win98/2000, I have no idea where it is.

... Great help, but Elizabeth is confused ...

(?) Thank you for your help.

When I transmitted my email, it was sent to answerguy@ssc.com. How it reached you is beyond me.

Thanks for your ideas!! You're right about jpeg.

For your info, I learned that jpeg software comes with Microsoft Explorer. I tried it, and the photos were highly enlarged at the receiver's end. It worked, but you had to look through several screens to see the whole photo. The photo was smaller than screen size when I sent it.

I did find a solution that seems to work. I use the extension of .exe and people are able to open the file without special software.

Thanks again!!!

(!) [Mike] answerguy@ssc.com was originally an alias for Jim Dennis, who answered the questions and collected the threads to publish in Linux Gazette. To ease the burden on him, we expanded it to The Answer Gang (tag@ssc.com), a mailing list with about ten subscribers. All of them see the questions and try to respond. This also improves the quality of the answers.

... Elizabeth is right to wonder ...

(?) Does tag@ssc.com answer questions about windows?

(!) [Mike] No. Sometimes we will anyway, but generally not.
I used to do Windows support at a hospital, so I remember the tricks I used then. But I haven't used Windows hardly at all since 1998.
(!) [Don] About Windows/Linux interoperability, yes. If there's no Linux in the picture at all, then no.
Any technology distinguishable from magic is insufficiently advanced.
(!) [Heather] We actually try to answer questions, but only have any interest in answering Linux questions. There are lots of sites dedicated to Windows.
Perhaps a better question would be, if one of the Gang feels inclined to answer a Windows question anyway, do we publish it? Usually not. If it involves interoperability, or it looks like Linux users might also somehow benefit from the answer, or it gives our crew an opportunity to advocate Linux a bit, then we do.

... Fair enough, but then ...

(?) Thank you for corresponding with me. Is there another web location I can contact to obtain answers to Windows questions?

(!) [Mike] Not that I know of in particular. There are USENET newsgroups (comp.os.ms-windows.* I think), which you can access at www.deja.com.
Or go to Google (http://www.google.com) and type some keywords.
(!) [Heather] There's a tips area at winfiles.com, but it's nothing like we have. Here is a real nice opportunity for one of the Windows related magazines to do a Windows Answers column like ours on their website...

(?) Help Me Delete Linux

From Antony

Answered By Mike Orr

(?) Hi, I recently attempted to install Linux Mandrake, but I did it wrong and know Windows has been deleted and linux won't work, all I want to do is Delete linux so I can reinstall Windows and be happy again, I cant even install windows at the moment because linux is taking up too much room on the hard drive. Mum is heaps annoyed as she can't use the computer so can you please help me quickly? Thanks

(!) [Mike] Hmm, three questions about uninstalling Linux in two days. I wonder what that means.
Doesn't the Windows setup program allow you to repartition your disk as part of the process? If not, that's a big omission.
Anybody here use Mandrake? Does it come with a boot floppy that can be used as a rescue disk? If so, you should be able to boot from the floppy, press Alt-F2 to go to the second virtual console, run "cfdisk" or "fdisk" and delete the Linux partitions (or all the partitions), and then reboot and run the Windows install program.

(?) Removing Linux: Sacrilege!

or: /bin/dd is your friend!

From Kevin Gray

Answered By Mike Orr, Jim Dennis

hello i was just wondering how to remove linux from my system. I have two hard drives one with linux and the other with windows 98. Everything works fine but I just never use linux and since I don't have the time or technical know how as to operate linux i would like to get my hard drive back. Is there a way to do this? Any help would be appreciated. Thank you.

Until your next letter I remain,
Sincerely Yours,
Kevin Gray

(!) [Mike] Is Linux on your primary drive or second drive? If it's on your second drive, use Windows fdisk program to delete the Linux partitions and create DOS partition(s). If you can't find a graphical fdisk program under the start menu, open a DOS box and type "fdisk". Choose the option to switch drives if necessary), then the option to print partition information. Verify which are the Linux partition(s) and delete them. Then either make one big DOS partition or several small ones. Close and reboot, open My Computer, right-click on each new partition and choose "Format" from the menu.
If Linux is on your primary drive, can you switch the drive cables and/or jumpers to make Windows the primary drive? Be warned that Windows programs tend to go into convulsions if you change drive letters on them. Windows assigns drive letters according to which partitions it finds first, so moving drives around or changing DOS partitions changes the drive letters. Use the Windows utility to make a rescue floppy first.
If you're using LILO to boot, you can eliminate it by using "fdisk /mbr", an undocumented option to Windows' fdisk program. This replaces the master boot record on the disk with Windows' default version. Note that Windows' boot loader is primitive: it won't give you a menu, it'll just boot whichever primary partition is active (on the first disk only). You must first make that partition active (=bootable) using fdisk, and ensure ONLY ONE partition is active.
(!) [Jim] Note that most versions of MS FDISK will refuse to remove non-MS-DOS partitions. You can use Linux fdisk to remove partitions or you can use dd to complete wipe out all data on the Linux disk which will make it look like it's fresh from the factory so far as MS is concerned.
Also note that swapping drive letters out from under a MS OS installation is basically guaranteed to hurt worse than backing up your data to floppies, re-installing the OS from scratch, re-installing all applications and restore copies of your data into place. (This re-installation process has the added benefit of ensure that you have backups and of cleaning out all of the cruft that tends to accumulate in Microsoft based operating systems over time).
(!) [Mike] When I use it, it just asks, "Delete non-DOS partition?" and does it.
You can use Linux fdisk to delete the partition, but be careful, because then Linux won't exist but will still be running. Do it in single-user mode (type "linux single" at the LILO prompt), then reboot immediately after exiting the program. Even better would be to boot from a Linux rescue floppy (which probably came with your distribution) so that you're not deleting the currently-running system.

... and the real nitty gritty instructions ...

(!) [Jim] Let's assume that you have two IDE drives and that you have Linux installed on what MS-DOS/MS Windows would call your "D:" drive (/dev/hdb or /dev/hdc or even possibly /dev/hdd under Linux). Obviously that could be /dev/sda if you're using a combination of IDE and SCSI or /dev/sdb if you have two SCSI drives.
So, let's assume that MS Windows is installed on /dev/hda and that Linux is on /dev/hdc (perhaps your CD-ROM drive is /dev/hdb /dev/hdd).
To remove Linux as though it had NEVER been there you can follow these steps:
      lilo -u /dev/hda
... should attempt to copy /boot/boot.0300 back into /dev/hda (that should have been the backup copy of your original master boot record --- MBR). If that does work then prepare an MS-DOS boot floppy (ask Microsoft how to do that with newer versions of Win'9x; they'll swear that Win'9x isn't really DOS anymore, but they're lying, of course).
Now to wipe out EVERYTHING from /dev/hdc.

WARNING!!!
The following will irrevocably wipe out all data on a hard drive! Mistyping it can wipe out everything on the wrong drive! IF YOU CARE ABOUT ANY OF YOUR DATA, BACK IT UP! MAKE COPIES DON'T AND DON'T COME CRYING TO US IF YOU FLUB THIS UP!!!!
WARNING!!!

     dd if=/dev/zero of=/dev/hdc bs=1024k  # DANGER! Will Robinson!
... this will scribble streams of ASCII "zeroes" (NUL characters) all over /dev/hdc --- wiping out Linux.
When you reboot Linux will be gone (the kernel and the dd program were in memory, but that's cleaned up on a system reboot).
If your system doesn't boot from its hard drive after this, then pull out that MS-DOS boot floppy. By the way, you should have one of those around for various recovery reasons --- it is a vital part of running MS-DOS and recovery from any virus that your system catches. Then run:
     FDISK /MBR
(That's a DOS command that should create a new boot record for you).
If it still doesn't come up after this than refer to the huge WARNING that precedes this dangerous command example. Sigh, re-install MS-Windows and restore from backup.

(?) Another uninstall: Getting to a Root Prompt to Blow it All Away

From Lynn Johnson

Answered By Jim Dennis

I am trying to remove linux - i logged in as root but where do I type fdisk? I don't see a place to type anything - pls help - thanks, lynn

(!) [Jim] I'm going to guess that you're logging through some graphical service (xdm, kdm, gdm, etc). That would be the most common case where you could log in as root and not see a text console and a shell prompt.
So, assuming that this is the case the question becomes:
How do I get to a root shell prompt?
There are many possibilities. X can be configured to run any of a number of GUIs (graphical user interfaces) such as KDE, GNOME, twm, fvwm, etc. Any of those can be configured to offer a very limited number of menus (possibly no menus at all).
Typically you access your GUI's menus under X by clicking on the "wall paper" (or screen "background" which is technically called the "root window" in X parlance). That will bring up the "root menu." (The windows and menus in X are thought of as a tree, just as your filesystems are trees of directories, and subdirectories (branches) and files (leaves). You might have to click with your right or middle mouse buttons. That is configurable in most X window managers. There might even be different menus that come up for each mouse button. Typically one set of them would be the main set of menu options and the other(s) would contain some special window manager features to resize, raise, lower, move and destroy windows, select "minimized" or "hidden" applications etc.
When you find the main menu tree you can search it for some entry such as "xterm" or "rxvt" or "eterm" or "kterm" or for entries that are referred to as "shells." Since X is completely configurable the labels on the menus can be anything.
All of that aside it's probably easiest to skip all of this GUI rigamarole. There are a couple of ways to do this. On most systems you could switch away from X (and/or any of the display managers -- the various graphical login tools) using the following keystrokes:
[Ctrl]+[Alt]+[F1]
(That's holding down the "control" and the "alt" keys and typing in the first function key). That should bring you to a text mode login console (which is a virtual terminal/console running any of the "getty" programs, usually mingetty under Linux.
From there you can log in as root and you should be presented with a shell prompt (usually ending in a "#" hash/pound sign which conventionally indicates a root prompt).
If that fails then you'll probably want to "break in" by rebooting. It's possible for someone to configure a Linux box such that there are no getty's running on any virtual consoles. It's even possible to configure one to run multiple different X sessions concurrently. I have a workstation at my new office which is running four different xdm sessions.
So, if you system has been configured to remove the text virtual consoles, or if you're running a distribution that only makes a GUI available by default, then you'll want to reboot.
The easiest way to reboot from a graphical session under Linux is to type:
[Ctrl]+[Alt]+[Backspace], [Ctrl]+[Alt]+[Del]
...in rapid succession. The first keystroke combination will kill the X server, the other one will signal init (the process manager under Linux) to perform a reboot.
Of course either of these features might also be disabled! If that's the case then just hit the reset button on your system, or flip the power switch (wait about 30 seconds and turn it back on) or pull the power plug.
While it's booting wait for the keyboard lights to flash a couple of times (while the system counts its memory, checks it's floppies, etc). There will probably be a LILO prompt (possibly this will be quite brief. So, as soon as you see the keyboard caps lock, scroll lock, and num lock lights flicker, turn on the caps and/or scroll lock. If they flick back off in a second, turn them back on and hold down any shift or control key.
All of these shenanigans are intended to interrupt LILO (the most popular Linux loader) and convince it to give you a prompt. At that prompt type:
	    linux init=/bin/sh rw
Actually you might have to replace the first word in that line with something else. What else? That depends. LILO can be configured to call the Linux installations or "stanzas" by any name you'd like. Also LILO can be configured not to allow any interruption or it can be configured to require a password to boot or to bypass the normal boot procedure.
However, more than 99% of all the Linux boxes in the world today will give you a root prompt if you follow this last procedure. There are only a few freaks like me that know enough about Linux to configure LILO with passwords and/or to ignore all attempts to get at a LILO prompt. (Of course there are other boot managers for Linux. In particular newer versions of Mandrake might use GRUB --- the grand unified bootloader; and I haven't studied that one at all.
In the highly unlikely event that you still can't get at a root prompt then you'll want to boot from a floppy or a CD (such as the Linuxcare bootable business card or one of its clones). I'm not going to go into the details on that for right now. If you need to know how to do that just search Google! (http://www.google.com/linux) for "recovery disk" or go to Tom Oehser's site and read about Tom's "root/boot" disk images (http://www.toms.net/rb).
Notice that most of the difficulty here is that I have no idea how your Linux system is configured, nor do I have any idea what distribution you're running. As you might have guessed from this long set of directions Linux is a bit configurable.
Obviously once you get to a root prompt you can just use the command:
        fdisk /dev/hda
... to work on the partitions on your primary IDE drive. (You can use /dev/hdb for the secondardy IDE on the first controller, /dev/hdc for the primary drive on the secondary controller, etc; and you can use /dev/sda, /dev/sdb, etc if you're using SCSI drives).

(?) setting root password

From Tom Weingarten

Answered By Ben Okopnik

I've managed to work myself into quite the dilemma. Somehow my root password has been deleted, so I can no longer enter my system except by a second login, which does not have write permissions on anything or the ability to acces linuxconf or userconf. I'm using RedHat Linux on a dual-pentium box. However, I've found that the RedHat cd is far from adequate for rescue purposes, so I created a mandrake cd, and can use it to edit files. What do you suggest I do? Thanks in advance for your time

(!) [Ben] I've found that the RedHat CD (or boot floppy) actually works reasonably well as a rescue disk - flipping to the 2nd console via "Alt-F2" and mounting the existing hard drive is the answer (RedHat tech support told me it couldn't be done and I should reinstall. <sigh> ;) Whichever you choose, fixing the root password problem is pretty easy - and before anybody starts storming about it being a HUGE security hole, remember that "physical access=root access". Period. It's the reason that locked server closets and machine rooms exist. If you want just that tiny bit of extra security (your eight-year-old computer genius has been trying random passwords against "root" or some such), disable the floppy/CD boot and password the BIOS (write your hard drive's cylinder/head/sector info on the side of the PC case and *don't* lose that password; resetting the BIOS can be a touchy business.)
So - boot your machine via a boot disk or CD. Mount the offending drive - for this example, we'll say you have it under "/mnt". Edit "/mnt/etc/passwd" (or "/mnt/etc/shadow" if you use shadow passwords) and clear out the second field in the "root" entry (fields are separated by colons) - that's the encrypted password. In other words, given an entry that looks like this:
root:2St5fADe4oOcSE:0:0:root:/root:/bin/bash
you should end up with this:
root::0:0:root:/root:/bin/bash
Save the file and reboot, this time without the boot disk. Log in as root (no password necessary) and immediately assign one using the "passwd" utility. No muss, no fuss, no greasy aftertaste. And, umm, keep a close watch on Junior: he might be reading this too... :)

... Ben's a hero! ...

(?) Thanks a million. You've saved me the fate of hundreds of users asking what the heck happened to their character files (I run an online game). Also, btw, while searching desperately for a solution, I found that if you edit /etc/pam.d/login and change everything to optional, you can login as root with the wrong password. Then you can change the password, all from the boot cd. Although, your method is infinitely simpler. :-)

Thanks again for your help. Tom


(?) I can't seem to write to my vfat (Windoze) file system with any user other than root.

From John Fox

Answered By Ben Okopnik

I currently run Red hat 7.0 and am attempting to follow the suggested procedures of not logging on as root unless I absolutely have to. When I am logged in to the system as my non-root user id, I am unable to write files to the vfat file system.

I have tried to chown the mount point, I have even gone so far as to try to chown and change the file permissions of a file on the vfat file system(to no avail). I have checked the mount and all the vfat mounts all show (rw).

The following is the error message I receive when I attempt to copy a file: cp: cannot create regular file `filename.ext': permission denied.

Does anyone have any idea?

(!) [Ben] Yep; I remember cursing and scratching my head over this one quite a while ago. You've got the right idea in looking at the permissions/ownership of the mount point - but as you've found out, you can't just change them.
Here's the solution that I've used. I like this one, since it would work well on a multiuser system as well as a regular home system. First, create a group called "msdos". Note its GID (the number associated with that group; take a look with 'vigr'.) Add yourself to that group -
adduser jfox msdos
(assuming your username is 'jfox'.) Now, in your '/etc/fstab', add the "noexec", "umask" and "gid" parameters to the appropriate partition:
/dev/hda3  /mnt/msdos  vfat  noexec,umask=003,gid=1001  0 0
Obviously, the GID would be that of the "msdos" group.
What we're doing here is mounting that partition with the appropriate group ID and setting the umask - this masks out the permissions that the mounted partition will have. The "noexec" parameter works with in concert with the other two to produce the following conditions:
Directory access under the mountpoint is allowed to members of GID 1001 All files under the mountpoint are readable and writable by GID 1001 The files are "read-only" to the other users None of the files are executable (does not apply to DOS emulation)
It takes a bit to get used to this three-parameter control system, but it is actually very flexible and can be used to set up just about any combination of permissions and directory accessibility you could want.
From this point on, if you want to give a user on your system read/write access to the files on that partition, simply add them to the "msdos" group.

... wishing the docs were better ...

(?) Ben,

Thanks for your help. That did the trick. I think they could have made it easier by putting somthing in the faq. On their site.

(!) [Ben] You're welcome - glad I could help! Just as an idea, if you perceive this as a topic that lacks coverage in the Linux community, consider writing a HOWTO - the Linux Documentation Project, under whose auspices the LG operates, is always on the lookout for more useful info that can be shared. It's yet another way to put something back in as a return for the effort that other Linux folks have put out - and this kind of feedback is precisely what allows a community to grow.

... you can do it John! ...

(?) Will do Ben,

I would be happy to contribute to the community. I thought you had to be hooked up with the right people in order to contribute. I will seriously consider writing something up. Especially considering that I am on Vacation until the end of the year and will have plenty of free time on my hands.


(?) Firewall for a SOHO

Small World, isn't it?

From Tom Bynum

Answered By Jim Dennis

Actually, hello from your mom's next door neighbor (...well....two doors...damn it...close enough...). Anyway, I was talking with her out in the cul-de-sac Sunday evening and she lent me her copy of your book to browse.

(!) [Jim] Mom mentioned that she'd been chatting with you.
(!) [Mike] Jim wrote a book?
(!) [Heather] Yeah, Linux System Administration by New Riders Publishing. purple edge stripe, "landmark" series with a view of the French river (the Seine I think) on the cover's top quarter stripe.
Wherein the first half describes policies so real decisions can be made, and the second half describes practicum, so sysadmins can Do Cool Stuff. eg. to have an awk script "vette" the logs of all the boring ordinary stuff amd leave you the stuff that looks new or weird.
It's a good thing :>
(!) [Mike] That's cool that New Riders has a Linux book. Several of us at SSC have been very impressed with the two New Riders' books on Python and PHP, so I'll have to take a look at this one. The other two books are very concise: they give you a lot of information in a small space, and answer questions you didn't think to ask, more so than books three times their size.

(?) I spend about 99.8% of my time in Windoze.......(snore.....) so please forgive some rather newbie questions, but I have an idea that incorporates Linux in a big way.

Let me give you a short Linux bio... I was first exposed to Linux back in 1997 when someone at my ISP mentioned using it for an internal mail server. I figured "...how hard can it be..". I went and bought a book which included 3 distros. I ended up using Caldera Openlinux Lite 1.0. (because it was the only one that would install) In about a week I got Sendmail to work with the ISP through a dial-up SLIP/PPP connection. At that time we only had a single company dial-up account so I had the machine using a crontab to dial-up and kick the SMTP server every 3 hours or so. The "kicking" part was something I found to make SMTP work through a dynamic dial-up account. Later I installed ISDN and a router and got a static IP so we were live and just had to turn off the crontab. I got burned on "relaying" with that server and didn't know how to turn it off so I installed Caldera OpenLinux 2.3 because it contained the new distribution of Sendmail with relaying blocked out-of-the-box.

(!) [Jim] Yes. Sendmail has a near vertical learning curve (and qmail is even more confusing for me). I actually like Postfix (now that I've tried it) but I'm NOT recommending that you switch to a new MTA (mail transport agent). You got something that works well enough. You've learned enough to get by; and if you need to hire a consultant than there are LOTS of them that know sendmail and very few who understand the corresponding intricacies of qmail, Postfix, exim or any other MTA.
There is a really cool option to consider. You could buy the commercial sendmail package and use it's little configuration system. You'd still be running the same sendmail that you are now; but you'd have a somewhat less gruesome interface for doing the basic configuration. (If you later had really special needs you could have someone start with those basic configuration files.
Look at http://www.sendmail.com for information on pricing and all of that.
As for setting the "maximum message size" limit: you should be able to edit your .../sendmail.cf file (either in /etc/ or in /etc/mail/ depending on your distribution) and find a line that looks something like:
#O MaxMessageSize=1000000
... to make that work just remove that first character (the '#' or hash sign) which "uncomments" that line. The value is in characters or octets (I'm not really sure which --- but they are the same for ASCII and I doubt that you're getting alot of Unicode or UTF8 traffic yet).
If you don't find this line then insert it somewhere in the first section of the .cf file. That means to put it before the first line that starts with a P (which looks like the following line in one of my sendmail.cf files):
Pfirst-class=0
Sendmail isn't terribly picky about what order the options appear in, but it can be picky about which "section" they're in. (In other words the options should all be grouped together near the top of the cf file, the re-writing rules should all be grouped together near the end of the file.
Note: It's better if you're using a macro config file (usually named <something>.mc). So, here's a simple sample .mc file showing a valid confMAX_MESSAGE_SIZE definition:
divert(-1)
# After the `divert(0)' all lines starting with `dnl' are
# comments until the next newline character.
include(`/usr/share/sendmail/m4/cf.m4')
divert(0)dnl
VERSIONID(`Linux Dec 19 16:43:03 PST 2000')
OSTYPE(`linux')dnl
dnl
define(`confMAX_MESSAGE_SIZE', `1234567890')dnl
define(`confPRIVACY_FLAGS', `authwarnings,novrfy,noexpn')dnl
define(`LUSER_RELAY', `local:postmaster')dnl
FEATURE(`nocanonify')dnl
FEATURE(use_cw_file)dnl
FEATURE(`always_add_domain')dnl
MASQUERADE_AS(`PUT_YOUR_DOMAIN_HERE')dnl
FEATURE(`masquerade_envelope')dnl
FEATURE(`allmasquerade')dnl
MAILER(`local')dnl
MAILER(`procmail')dnl
MAILER(`smtp')dnl
MAILER(`uucp')dnl
MAILER(`bsmtp')dnl
MAILER(`fido')dnl
dnl
LOCAL_CONFIG

Most of represents a typical sendmail .mc file. In order to use this to generate a .cf file (which is what sendmail uses) we issue a command like:
	m4 < $THIS_MC_FILE_NAME > /etc/sendmail.cf
(Note: DON'T DO THIS using the sample I've given. You'll wipe out your existing sendmail.cf file!)
The idea here is not really that complicated. sendmail uses the cf file which is in a format that's convenient for the program. For years people maintained cf files directly (using a text editor). For some of us (myself included) it is still easier to make a small change to an existing .cf file then it is figure out the corresponding .mc file directive.
However, most of the text in the .cf file looks like line noise. So mere mortals among us prefer to create shorter files that summarize what we want sendmail to do. Then we pass these shorter .mc files through a macro expansion tool (the m4 program) and they get expanded into the .cf files that sendmail uses.
But enough about sendmail. On to your question.

(?) "Whew"...all right, here I am today. The box runs, I don't screw with it. Every now and then some bozo over in drafting tries to stuff a CAD drawing in an email message, but after a little staff chastising and a re-boot, everything's back to normal. BTW, I've seen that "max message size" line in the sendmail.cf, but everytime I try and make the line active, the server issues an error when booting the sendmail daemon so I had to rem it out again...sorry, back to my point...

(!) [Jim] (See above)

(?) I want to set up a Linux box to implement Firewall and Proxy services. For you that might be straight forward, but all the information I find is sending me in mental circles...

This is what we currently have setup...Static address from ISP --> Router (with ISDN modem) using NAT --> Private address on the Lan side of the router. DHCP running on the network tells all the clients that the router address is the gateway. All works...thanks for shopping at Kmart. Not very safe...

(!) [Jim] I like to use pictures when I'm designing networks.
It sounds like you have this:
                                         * eth0
                                         v
               +---------+     +--------+     +-----+
               |   ISP   |-----| Router |--+--| LAN |
               +---------+     +--------+  |  +-----+
                              ^            |
                              * eth1       |   +-----------+
                                           +---| Linux Box |
                                               +-----------+
... but it's not clear. Clearly your Linux box cannot be receiving mail from the Internet if it's using a "private" (non-routable RFC1918) IP address. That is to say that you can't advertise a 192.168.*.*, 10.*.*.* or 172.16.*.* through 172.31.*.* address to the Internet as your MX (mail exchanger). If you did so, then no one would be able to route SMTP (or any other IP traffic) to you.
However, it's possible that you could have a feature/rule on your router such that it relayed any incoming traffic on TCP port 25 on eth1 (the outer interface) to the same port on your Linux box.
This is one way to put a "hidden" server behind a router. However, it assumes that you have a router that is capable of doing such relaying (or "transparent proxying"). There are a number of programs capable of doing this for Linux.
(Another, less interesting and less useful solution would be for your ISP to act as a your MX record AND for them to maintain their own routes to your RFC1918 network. Of course then you'd have to co-ordinate this with your ISP and they'd have to assign different RFC1918 address blocks to each of their customers that wanted this service, and you'd have to maintain split DNS, and ... anyway forget I mentioned that).
Another option would be to use the Linux box as both the router and the sendmail host. This is possible (so long as you can connect your ISDN modem or TA to your Linux box).
Yet another option would be to have your ISP give you more than one static IP address. Two would be sufficient; four would be a relatively normal subnet, though only two would be usable in that.
Note: most of these configurations are NOT recommended. They offer little or no protection for the sendmail boxes, and nothing protects your internal network from a potentially compromised sendmail box.

(?) Here's what I want. (It sounds safer....so I'm gonna try and draw you a mental picture here so bear with me...)

Static address from ISP --> Router (with ISDN modem) using NAT --> Firewall (eth1 on linux box) --> Firewall/Proxy/NAT services running inside box --> Gateway (eth0 on linux box)--> Network

(!) [Jim] It sounds like you're saying that you want something like:
               +---------+     +--------+    +-----+
               |   ISP   |-----| Router |----| LAN |
               +---------+     +---+----+    +-----+
                                   |
                                   |   +-----------+
                                   +---| Linux Box |
                                       +-----------+
This is a reasonable configuration. You still need to have some way of routing traffic to the Linux box. That can still be a TCP relay utility or feature running on the router and redirecting all inbound SMTP (TCP port 25) traffic to the Linux mail host. It could be a different DRIP (directly routable IP address) from your ISP.
It could even be a hack where all your incoming mail gets stored by your ISP and is fetched into your domain via POP or IMAP. (I suspect that this is the way you were doing it when you were in dial-up. I suppose it might be what you're still doing; it's not clear from your message). Another trick is for your ISP to be your primary MX, and for them to relay it to you via UUCP (over TCP).
I used to get my mail via UUCP, and that was only a couple years ago.

(?) Basically just insert it between the network and the router. Does that make sense? Here's the reason for the router being on the end...it has my ISDN modem built-in. It's the only device I have that can run the ISDN connection. Things are too $tight$ to get a nice connection like a T1 with expensive firewalls and such, so I'm trying to make this work cheap! I also want the logging and auditing provided by the proxy.

(!) [Jim] The problem here is getting the incoming traffic to your Linux box. I'm guessing that you might have something like a Trancell Webramp ISDN TA/router. You could replace that with an ISDN card or an external ISDN "modem" (which connects to your Linux box via a serial port).
In those cases you'd have the routing and mail services running on a single system (which is not a good security profile since a compromise of your mail host constitutes a loss of control of all of your routing).

(?) The final effect is, a second "private" network between the linux box and the router. So I will have one subnet for the LAN in general and eth0 of the box on that side. A second private address space and "subnet" available only between eth1 and the router, and then of course our static IP on the outside. To me it kind of resembles a "DMZ" which most modern routers have built in. Let's call it a poor man's "DMZ".

(!) [Jim] Oh you mean:
               +---------+     +--------+                  +-----+
               |   ISP   |-----| Router |            +-----| LAN |
               +---------+     +---+----+            |     +-----+
                                   |                 |
                                   |   +-----------+ |
                                   +---| Linux Box |-+
                                       +-----------+
... that's O.K. In this case Linux is acting as an interior router (and as a mail host). Even better would be:
               +---------+     +--------+                     +-----+
               |   ISP   |-----| Router |               +-----| LAN |
               +---------+     +---+----+               |     +-----+
                                   |                    |
                                   |   +--------------+ |
                                   +---| Linux Router |-+
                                   |   +--------------+
                                   |
                                   |   +-------------------+
                                   +---| Linux Mail Server |
                                       +-------------------+
Where you use two different Linux boxes, one as a router and the other as a mail server.
You'd still want your ISP to give you one or two more DRIP addresses (for the exterior interface on your Linux box(es)).

(?) Does this sound off the wall? Every "how-to" I find for using Linux as a firewall talks about it being the "router" at the end of the line between the LAN/WAN. I haven't heard of it being used as I have described and I'm really not sure where to go from here. It all sounds good on paper..."...Client on the net ships a packet off to the gateway (eth0)...The linux box runs it's firewall/proxy voodoo magic stuff and ships it out the other side (eth1) to the router which of course really ships it out...". But how about on the return trip? With the firewall and the router both using NAT...the router won't care, but how about inside the linux box? Will the packets still back and forth to each client OK?

(!) [Jim] Linux can be used as a border router and/or as an interior router.
An even better configuration would be:
               +---------+     +--------+                     +-----+
               |   ISP   |-----| Router |               +-----| LAN |
               +---------+     +---+----+               |     +-----+
                                   |                    |
                         Note ---> |   +--------------+ |
                                   +---| Linux Router |-+
                                       +------+-------+
                                              |
                                              |
                                       +------+-------+
                                       | Linux Server |
                                       +--------------+
... where you have three ethernet interface in your Linux Router (a three legged firewall).
Note: this could be an ether crossover cable between the ISDN router and the Linux box, or it could be a serial connection between the Linux box and an external ISDN modem/TA (terminal adapter) or the whole thing could be replaced with an internal ISDN card that's plugged into the Linux Router. (In that last case, think of this line as being the Linux Router's internal PCI or ISA bus).
The advantage here is that all traffic passes through the Linux Router (where you can do packet filtering, IP redirection, logging). However, if the Mail Server gets compromised then it can't be easily used to attack the LAN machines. (The mail server is not trusted by the LAN machines, it is only allowed to received outbound mail, and POP or other mail fetching connections from ther internal hosts.
You can also sequester other services on the Linux Server. You can put a DNS server on it, etc. Note that each service that you run on the Linux Server the greater the risk that one of those services can be used as a whole through which an attacker can compromise that machine. So, if you run mail, DNS, web and FTP all on that one Linux server, then any exploit in any one of those can affect the whole server, and thus compromise all of your DNS, mail, web, and FTP services.
That's why we don't run those services on the router. On my router at home, there are NO services running (not even ssh). I cannot access it remotely. I must sit at the keyboard and work from the console directly. In fact there are IP packet filtering rules that prevent that system from accepting any packets that are addressed to it. You can't even ping it! (It will only permit traffic that is supposed to go through it, not to it).
You could hang as many seperate Linux servers off of this eth2 interface (DMZ network segment) as you like. However, you'll either need to have separate real IP addresses (DRIPs) for each, or you'll have to configure the Linux router to do TCP and UDP redirection for each service to each server.

(?) I feel like a five year old asking why the sky is blue... I did find out one thing this past weekend...IPchains works in here somewhere...that's about all I know.

(!) [Jim] Actually your question is reasonably sophisticated, and your criticism of the HOWTOs is well taken.
The biggest issue here is that you have two different problems to solve. First you need routing to work. You need more IP addresses or you need to install some form of TCP/UDP redirect utility. Keep in mind that the TCP/UDP redirect utilities might be running as 'root' (if they are listening on "privileged" ports) and, therefore might be a security risk on the router. There's a way to use IPChains to redirect TCP traffic into a Unix domain socket and I think there should be a utility to relay connections from a Unix domain socket back to a TCP connection. However, I haven't looked for one recently and I don't remember if there was one the last time a question like this came up.
(The advantage of this approach would be that it would allow the redirection utilities to run as "nobody", or (better yet) as a set of mutually non-trusting "nobody" UIDs --- which minimizes the risk to the router).
That's why the router in a firewall is called a "bastion." You want it to be relatively simple with as few windows, doors as possible and NO ornamentation.
I currently have a block of IP addresses, so I haven't had to resort to incoming IP redirection. (Otherwise I'd tell you the name of the utility that I was using).

(?) I've said more than enough...time for a beer. Hope to hear from you soon.

(!) [Jim] I agree. I'm off to BALUG (http://www.balug.org) where I'll fill up on Tsing Tao and other chinese food.

(?) Something comparable to Services in NT

From Michael Swanson

Answered By Mike Orr

I've been playing with Linux for years, and just recently decided that I wanted to learn more about it. At this point I feel as though I know nothing. I have compiled and installed a proxy server in my Mandrake 7.1 system. But I have to log in as ROOT to run it. And I must run it everytime I reboot. I would like to have this run at start everytime. As I understand it, anything run at startup is root, and this program (squid) says it changes user after initialization. The documentation mentions how the program will respond after being automatically started, but gives no mention at all on how to achieve this.

(!) [Mike] See if Mandrake uses the System V init scheme like Red Hat and Debian do. You have one directory containing start/stop scripts, and other directories containing symlinks to those scripts. On Debian (which I'm familiar with), the script directory is /etc/init.d, and the normal symlink directory is /etc/rc2.d . In that directory, put a link called S##squid pointing to the script. (Replace "##" with a 2-digit number indicating which order to run it--lower numbers get started first.) Mandrake is probably the same but the directories may be named slightly differently.
Look for a README in the script directory, /usr/doc/sysvinit, "man init", etc. There's also a HOWTO "From Power Up to the Bash Prompt" (http://www.ssc.com/mirrors/LDP/HOWTO/From-PowerUp-To-Bash-Prompt-HOWTO.html) that explains everything that happens when the computer boots up; this is worth looking through even just to know what info is available in it.

(?) Editing fstab file for tape backup

From Michael Dodge

Answered By Mike Orr, Dan Wilder

Dear Answer Guy:

I have installed a tape drive onto a 586 intel. The tape drive is an HP SCSI drive. I had someone that I know compile the Kernel to support SCSI, but I wasn't able to mount the tape drive. I think that it is because I haven't proplerly edited the fstab file.

I reads:

/mnt/N tape

(!) [Mike] I haven't actually used a tape drive, but I've never seen any that are mountable in the way floppy disks are. So you don't need an entry in fstab. (If you did, it would be
/dev/DEVICE    /mnt/N    FILESYSTEM_TYPE   OPTIONS   0  0
) You would especially want the "noauto" option to prevent it from automatically mounting the tape at boot time. (Which would cause an unpleasant delay if there was no tape in the drive.)
But as I said, I doubt you can mount tapes at all anyway.
Normally, you must figure out which device it is, and then use that as the "filename" argument to your backup program (e.g., tar). E.g.,
tar tvf /dev/rmt8 /home/me
You use the "mt" command to skip forward or backward over one or more tarfiles on the tape, rewind the tape, retension it, etc.
There is a ftape HOWTO. Although that's not the kind of tape drive you have, section 7 ("Backing up and restoring data") may be of help.

... thanks, now to make the backup ...

(?) Tag,

Thanks for the advice. I have another question though. I use the tar command to read from the tape, but how do I write to the tape. I would greatly appreciate any advice on this matter. Thanks.

(!) [Dan] To write to tape:
  tar cf /dev/st0 files-to-tar
To read from tape:
  tar xf /dev/st0 files-to-tar
"c" means "create" archive, "x" means "extract". In this case, "/dev/st0" is your archive.
The answers to this and many other questions about "tar" are found if you type
  man tar

... kudos gang! ...

(?) I would like to thank Dan for the final piece of advice on this matter. You have helped me solve a problem that I have been working on for some time. I know that this stuff is probably cake for you guys at tag, but for someone not as experienced with LINUX (myself for example), these tips really save the day.

Sincerely,
Mike Dodge


(?) Mail gets nowhere?

From anonymous

Answered By Mike Orr

Do I ask you what does it mean when I get permanent fatal errs for

 MAILER-DAEMON@aol.com <mailto:MAILER-DAEMON@aol.com>  transcript of session
 follows while talking to yd.mx.aol.com
 RCPT to:MAILER-DAEMON@aol.com <mailto:MAILER-DAEMON@aol.com>
 <<550MAILER-DAEMON@aol.com <mailto:550MAILER-DAEMON@aol.com> >...User
 unknown
(!) [Mike] "User unknown" really does mean user unknown. aol.com has no user "MAILER-DAEMON".
If something comes "from" MAILER-DAEMON, it's an error message, probably reporting a previously-failed message.

(?) If I am asking the wrong person please direct me to the appropriate person. What prompt to e-mail MAILER-DAEMON was an user unknown message from an aol subscriber.

(!) [Mike] Then either the person's account expired or AOL is messed up. You did verify you typed the address correctly, no? If you think AOL is at fault, complain to postmaster@aol.com. (Ditto for any other site.) There's no reason to write to MAILER-DAEMON, because there's nobody there to read it.

(?) Thank you for your prompt reply.


(!) Loading SuSE Linux 6.4 via NFS

Answer By Chris Gianakopoulos

Hi all,
This weekend, I decided to load SuSE Linux 6.4 onto my son's IBM PS/ValuePoint computer.
The network configuration is illustrated below.
      -----------------------                      -------------------------
      |                     |  10Base2 Ethernet    |                       |
      |      IBM            |----------------------| Linux Machine         |
      | PS/ValuePoint       |                      | Host: stargate        |
      | Host: strikeforce   |                      | with CDROM            |
      -----------------------                      -------------------------
       Target machine for                                    NFS server for
       Linux install                                          Linux install
I have NFS running on my Linux machine, so I decided to install Linux onto the IBM machine via NFS. I installed a minimal system so that I could install user accounts in case problems occurred when I added more packages to the system.
Once I had a minimal system up and running, I decided to use YAST (the installation program) to added more packages into the system. Everything worked fine until I was prompted to install CD2 of the distribution. I was told that I was loading the wrong CD!
I investigated the problem by executing "tcpdump" on my Linux machine so that I could observe traffic over the ethernet. To my surprise, I found that the IBM machine was being denied access to CD2 (the second CD of the SuSE distribution).
I then logged in as a user (not root) and then changed myself to root with the 'su' command. This allowed me to mount remote filesystems using NFS (for example:
I decided to continue observing ethernet traffic while I manually (for example: mount -t nfs stargate:/cdrom myMountDirectory, where myMountDirectory is a local directory on host strikeforce). I now had a controlled experiment, and I was able to determine that, out of the 6 CDs supplied with SuSE 6.4, CD number 2 could not be viewed, and this was confirmed by the denied access packets observed via tcpdump on host stargate.
It turned out that, on CD number two the directory "." only had root priviledges. On the other CDs, there existed read and execute priviledge for group and world.
My solution was to copy the image of CD2 onto a top level directory of my Linux machine (host stargate), make sure that group and world had read and execute rights, and modify /etc/exports (the NFS export file which allows other users to view your filesystem) to reference the directory.
The lines in /etc/exports looks like this:
--------------------------------------- start of file ----------------
# used for all other CDs
/cdrom    strikeforce(ro)
# used for CD number 2
/test/cdrom  strikeforce(ro)
--------------------------------------- end of file ------------------
I noticed one odd thing during this exercise (installing Linux via NFS).
Even though host strikeforce had unmounted the remote filesystem on
host stargate (I confirmed this via a telnet session onto host strikeforce), I could not unmount my cdrom. In order to unmount the cdrom, I had to comment out the line, in /etc/exports, which refers to /cdrom, restart the NFS server by typing "nfsserver restart", and then typing "unmount /dev/cdrom". I could then unmount the cdrom, change the cdrom, mount the new cdrom, uncomment the abovementioned line in /etc/exports, and restart the NFS server.
Perhaps, you do not have to unmount cdroms before changing them, but, I would think that you would have to in order to maintain the proper notion of the contents of the mounted cdrom.
The bottom line: My copy of SuSE Linux 6.4 does not have group and world access rights to CD number 2, thus, you have to install from an image copied onto the hard disk of the NFS server.
Perhaps this message is too long winded (I tend to ramble) for a 2 cent tip. I'll let all of you decide if this message is worth posting. All I know is that if I did not have strong networking and protocol experience (my NFS knowledge is questionable), I wouldn't have known how to use tcpdump, and I wouldn't have solved the problem in the speedy 5 hours that it took me.
Keep up the fantastic work, and thanks for all of your hard work for this fine magazine!
Chris G.

(?) RE: classified disk

From Anonymous

Answered By Ben Okopnik, Dan Wilder

Hey there gang! I was in the Air Force for almost 21 years and worked in the intelligence career field. Depending on the level of classification the overwrite method is not always allowable. Shane Welton needs to contact his security manager for clarification. I took several computer security courses taought by the NSA (yeah, I know the None Such Agency) and they would not allow overwriting because they were able to recover all the data.

(!) [Ben] Heh. When I was in the Military Intelligence (yep, it's a non-sequitur like "giant shrimp"), we dealt with NoneSuch; their "set in stone because we say so" policies provoked a lot of comment among my fellow soldiers.
The ability to recover data through a simple format is the reason for the 7X overwrite method with random garbage. As long as 15 years ago, I remember there being a guy in California who had a SQUID (Super-Conducting Quantum Interference Detector) that could pull up a relatively high percentage of data from a hard drive that had been through six low-level formats (of course, he charged a few pennies for the privilege - $60k was the figure I heard.) Those are typically just overwrites with all zeroes, and he simply had to dig for a faint-but-present remainder of the original ones and zeroes. He would try, but did not promise anything, with a single data overwrite (I believe he was relying on the blank spots in the current data.) After seven overwrites with random bits, there's nothing of the original data left to be read - there's absolutely no way to distinguish a '1' written seven overwrites ago from a '1' two overwrites ago.
(!) [Dan] If that's true, why not just overwrite seven times with all "0" or all "1", on alternating passes? Or run "badblocks -w" which writes all 0xaa, 0x55, 0xff, then 0x00, several times? Seems like it'd be a lot faster than waiting for entropy on the /dev/*random. And, it guarantees that every bit gets flipped multiple times.
(!) [Ben] <Shrug> I always thought it would be sufficient, but the government spec requires randomness. Given that "/dev/urandom" is non-blocking, I can't see it as being much slower than any of the above, and I believe that a pseudo-random source still qualifies - but given that my familiarity with the pertinent regulations is from many years back, Your Mileage May Vary.
If a company's the security policy disallows this kind of a solution, fine; the technology is still a valid one.

... to which our spooky querent replies ...

(?) Yeah, I know what you mean. I dealt with SCI material, we couldn't even think of declassifying anything. We finally got permission for me only since in a prior life i was a machinist (my dad owned a machine shop) to be able to take a hard drive apart, chuck up the drive platter and remove the top .030 (thirty thousandths) on each side AND then we had to smash the platter. The easiest thing was to just box up any drives and have the courier take them up to Fort (Fumble) George G. Meade for them to destroy.

Hey, thanks for the trip down memory lane. Linux lives!!!


(?) multiple subnets, one DNS

From Damir Horvat

Answered By Dan Wilder

Hello!

I have one linux server and 2 subnets on private network.

I would like to have this: If the request (nslookup) come from subnet #1, DNS server would show only the subnet #1 net table. And the other way around. The two subnets should not "see" eachother.

any ideas?

kind regards,
damir horvat

(!) [Dan] A so-called "split DNS" arrangement will do that.
Each subnet runs its own DNS server, which considers itself authoritative for your domain. Each server forwards other requests to one or more third servers, possibly those of your ISP, which handle all other requests.
The server on subnet #1 has entries in its zone table only for hosts on subnet #1, and for any outside hosts belonging to your domain that need to be reachable from subnet #1. Likewise, subnet #2.
Assuming your local subnets are 192.168.1.0 and .2.0 and that your ISPs nameservers are 10.0.0.1 and 10.0.0.2, with BIND-8.2, your boot file (often /etc/named.conf), has stanzas containing:
options {
        directory "/var/named";
        allow-query { 192.168.1.0/24; 127.0.0.1; };
        notify no;
        allow-transfer { none; };
        datasize 20M;
        forward only;
        forwarders {
        10.0.0.1;
        10.0.0.2;
        };
};

zone "your.domain." IN {
        type master;
        file "your.domain.zone";
};
along with any other options and stanzas you need.
"/var/named/your.domain.zone" on each subnet lists all hosts belonging to your domain that are visible from that subnet. This includes any hosts off the subnet, as this setup will not query the third-party DNS for hosts it doesn't know about in your domain.
Substitute the proper IPs. Subnet #1 lists 192.168.1.0 network in its allow-query field; subnet #2, 192.168.2.0. Hosts on each subnet point to their own nameserver. If the subnet is large enough to warrant the effort, set up two nameservers on each subnet, the second a slave to or a mirror of the first, so the subnet won't be left without name service if you have to take the nameserver down.
If you have only one Linux server to implement this with, run two copies of BIND, each listening only on the IP connected to its respective subnet. Use the "listen-on" directive for that; for more information, see "man named.conf.5".

... Damir replies ...

(?) Hello!

Thank you. Yesterday I've done some reading myself, and successfuly setup one box with two NICs.

Kind Regards.


(?) responding to DESQview/386 Die Hards into the Next Millennia

From Jim Barnett

Answered By Heather Stern

Jim,

I'm beginning the serious stage of a large AI project. For several reasons I (naturally) looked to Linux. However, what I really need is a robust but SIMPLE multitasking OS that will juggle my ANSI C code and stay out of the way. So far it looks like it may take the rest of my life to learn Linux, all the while I make no progress on my real project.

Then I remembered DESQview.

In a previous comment,

(!) [Jim] I presume that Quarterdeck's aquisition by Symantec has spelled complete obscurity and orphanage to DV. They probably didn't even have the decency to release the sources to a "free world."

You might be far better off with a combination of Linux and its DOSEMU or VMWare. It's a pity that you'd lose DESQview's UI (I'd really like to see a Linux console manager that would match the features and feel of the DESQview popup menu system --- but add configurability like DV/X). However you gain support for modern hardware (including CD's, CD-R, CD-RW, DVD and DVD-RAM) and procotols (running DV under a TCP/IP stack used to be like waltzing with a bear in a china shop!). You also lose all problems with memory management (forget about conventional vs. EMS and "largest program size").

All that and you get the sources, too. (A feature that would be even more exciting if I were a real programmer, and not just the occasional hack).

you said it would probably not be possible to get Dv drivers for modern devices like CDROMs. Just doing some preliminary surfing today, it looks like you may be right. However, if I can find a copy of the actual program (there are tons of add-ons & utilities online), I'd like to give DESKview a shot.

Assuming I stick with Linux, do you have any suggestions for shortening my learning curve? Is there a small, non-network, non-graphics release of Linux you would recommend?

Trying not to fall down the learning curve,
Jim

(!) [Heather] Sorry to run a mite late, but you can easily consider Tom's Root Boot (it runs off a floppy, needs no graphics whatsoever, and lives in RAMdisks) or Debian base (the install is a bit annoying, tho) - I think LibraNet can give you a somewhat easier Debian setup without attempting to use graphics.
TomsRtbt is a libc5 based Linux system. Tom Oehser says he lives in it day to day, and I assume he is able to use a compiler in it, since he creates the code for new small utilities on his disk. It does have networking.
The advantage of Debian would be the ability to use their apt-get package manager to fetch new applications or languages if you need them, eg. Lisp, scheme, etc. The full-screen textmode utility 'console-apt' is also worth the time to download, since you can use that to read descriptions of packages that you're considering.

(?) DOS partition from Linux

From Rick Rodgers

Answered By Mike Orr

(?) Does anyone know how to create a bootable DOS partition on a hardisk using Linux? It seems that fdisk doesn't do it right and FreeDOS can not boot.

(!) [Mike] First, the DOS partition has to be a primary partition (one of the first four partitions). Exactly one partition should be marked 'active' using fdisk. This is the partition that will boot. If the DOS partition is active, you will boot only into DOS. If your Linux partition is active AND you set up LILO, or if you set up LILO on the master boot record, you can choose Linux or DOS from the LILO menu. See the LILO documentation in /usr/doc/lilo/ or thereabouts, and the LILO HOWTO and the other HOWTOs at www.linuxdoc.org.
Actually, there is a DOS program called loadlin that will allow you to first boot DOS, then go into Linux, but usually people use LILO instead.
I don't know about FreeDOS, but in MS-DOS or you have to copy the system files in order to make a bootable disk. You can do that when you format the disk by using the /s option to the DOS FORMAT command, or by using the DOS SYS command to copy the system files from a disk that already has then (e.g., a bootable floppy: "SYS A: C:" ;). The required files are IO.SYS, MSDOS.SYS and COMMAND.COM. IO.SYS and MSDOS.SYS are hidden files in the root of your C:directory (or A:\ on bootable floppies). COMMAND.COM is the DOS shell that gives you the C:\> prompt. Without these three files, the DOS partition is not bootable.
In Windows95, these same three files and commands are used, and bring up Win95 in MS-DOS mode (without the GUI). For the GUI, you'll have to install Windows. If you have the Windows installation files on a CD, you can copy them to the DOS partition from Linux, boot DOS somehow, and then run the Windows SETUP.EXE program. You probably won't be able to use the CD-ROM from DOS without Windows; that's why you'd need to copy the setup files to the hard drive first.
All bets are off with Windows 2000.
If this doesn't answer your question, tell us more specifically what the problem is (what error messages you're getting, what partitions you have), and that may help us give a better answer.

(?) e-mails not getting through

From DJ Bellerose

Answered By Mike Orr

Dear James,

Could you please give me some info as to why my e-mails are not being recieved by the intended recipient. After sending them I do not get them back in my own mail saying that they were undeliverable. I have on occasion gotten some back but the ones I am sending to my boyfriend are not getting to him although it says they are being sent. I have sent a few and then have gone to his place so we could see what was happening but nothing shows in his mailbox. All my other e-mails do make it to whomever I send them to. Also the e-mails I have sent to my boyfriend before have made it but for some reason in the past week and a half none of them were sent to his mailbox. I know I have the right addy as he has been here with me when we sent some. I hope you can help with this. If you need his addy or mine I will send them to you upon request. When they do come back to me it is from Mailer Daemon.

(!) [Mike] This is the biggest clue right here. It should be an error message saying (perhaps cryptically) why the mail is being returned. Also look at the headers of the original message (which the error message will hopefully include). Every mail system the message passes through will add a Received: line before the other Received: lines. Did the message go all the way to his ISP? Can you write to his ISP's tech support address or to postmaster@his-isp.com? You need to determine whether it's only his address that's failing or all addresses at his ISP.
If you are on a Linux system (which you are, right, since you wrote to Linux Gazette?), look in your mail log (in /var/log/mail or /var/log/exim, etc) to verify the message was successfully sent off your computer and where it was sent to.

(?) Exiting X and Rebooting with One Keystroke

From stefan

Answered By Ben Okopnik, Jim Dennis

i've following problem: i've set up a couple linux-pc's with X, but w/o a windowmanager, on which i run an icaclient (citrix, u know!).

(!) [Ben] I'm not familiar with Citrix/ICA client, but a quick look at their website tells me that the solution that I had in mind would work, as long as you can create either desktop or toolbar icons.

(?) now for shutting down the computer the user first has to exit X (by ctrl+alt+backspace) an can then press ctrl+alt+del.

(!) [Ben] Try creating an icon that runs "super halt". A number of people out there don't like "super", but as far as I know, its security problems (particularly the "buffer overflow" bug) have been fixed, and it is very handy for something like this. "super" allows a user to run a specific command as if they were root, which "halt" requires. When I did this myself, initially, I was concerned about some possibility of creating a problem by not exiting X directly, but then realized that it was simply an old MS-Windows mental block: after all, "Ctrl-Alt-BkSp" kills X; what can shutting down do that's any worse?
(!) [Jim] If you always want to reboot after exiting X then just start X with a script like:
#!/bin/sh
startx
exec /sbin/shutdown -r now
... so any exit from X will then execute the next line of your shell script. I'm sure there are more elegant ways. You might even want to patch the X sources to use [Ctrl]+[Alt]+[Del] as the "Zap" key instead of [Ctrl]+[Alt]+[Backspace]. I don't know of an option to configure that. However, I haven't even looked at XFree86 version 4.x yet!

(?) but this is a little to complicated (very dumb users ; )). i'm looking for a possibility to assign a key-combination (eg. ctrl+alt+f12) for shutting down X and the pc in one step.

(!) [Ben] I don't know how this would be any different from simply hitting "Ctrl-Alt-Del", unless "ica-client" intercepts that. If it doesn't, simply make sure that your "/etc/inittab" contains lines that look like this:
# What to do when CTRL-ALT-DEL is pressed.
ca:12345:ctrlaltdel:/usr/bin/super /sbin/halt
Hint: if you make "halt" an alias for "super halt", everyone who is authorized via "/etc/super.tab" will be able to shut down the machine simply by typing "halt" in an xterm.

(?) thanks, stefan

ps: sorry for my bad english.

(!) [Ben] I find that most folks who apologize for their English - and yours is fine, by the way - tend to be far more understandable (since they make an effort to be understood) than native english speakers who write in with things like "dOOdz U got 2 hepl mE My proBlM nVIDIa caRD WhaT I dO noW?????????" It's not even the kOOl or 3l33t slang, but simply the fact that they don't take the trouble to relay any useful information... oops, one of my favorite rants. I'll stop now. :)

(?) Multiplexing ppp connections

From David Hunt

Answered By Ben Okopnik

Dear Answer Gang

I have a RedHat 6.1 box that we use for dial out internet access using ppp at 19200 baud. We would like to increase our bandwidth, but according to our ISP the only way we can do this, due to their system, is to have two dial out connections and multiplex them together or have one for outgoing and the other for incoming.

Is this possible to do in linux?

Where can I find documentation about how to do this?

(!) [Ben] Oh-oh. Time for me to put on The Curmudgeon Hat. The "baud vs. bps" confusion is one of my Rant Topics (don't worry; it's a general rather than a directed rant.)
If you are indeed connecting at 19200 baud (and that is far from certain), it means absolutely nothing - unless you're doing something like packet radio stuff, in which case you'd be dealing with the raw numbers. "baud" refers to the actual switching frequency of the modem, which, given the communication protocols in use today, bears less and less relation to the bps (bytes per second) transmitted or received - the only thing that we really care about, as it is the "real" data transfer rate (barring some esoteric considerations.)
(By the way, doing a search for "bps baud confused" on Google produces over 7,000 hits. Don't feel like you're alone. :)
Let's see... by using Deep Magic, I can see that you're coming out of (or at least e-mailing from) the Great State of Texas. Chances are pretty high that the average ISP down thataway will let you connect at speeds up to 56k (nominally, that is; 53k is the actual upper limit due to phone system voltage restrictions, unless they've changed it and forgot to notify me :) If your ISP is restricting you to something below that, changing your ISP is probably the best bet.
Now, all that out of the way - if you actually do want to multiplex two modems, and your ISP supports the scheme - and according to what you've written, they do, then, yes, Linux does indeed support modem multiplexing. Take a look at the "eql" package in the distribution, as well as
"/usr/src/kernel-source-<version>/Documentation/networking/eql.txt"
in the source tree. (This assumes that you have the kernel source installed.) Note that modem multiplexing of this sort does not decrease your latency, which is an entirely different issue and has quite a lot to do with perceived "speed" of communications.
Also, check out Robert Novak's "EQL HOWTO" -
http://home.indyramp.com/masq/eql/eql.html
Pretty good stuff for load balancing info, which sounds like what you're trying to do - unless switching ISPs is a better answer.

... David responds ...

(?) Thanks very much for your quick reply. This was exactly what I was after. After hearing about EQL from you I have since found a lot of info about it.

(!) [Ben] You are certainly welcome; I'm very glad that the information was of use to you.

(?) Just to let you know why I'm after multiplexing 2 19200bps lines. Firstly we are not in the States but in the middle of Asia.

(!) [Ben] Ah. 'sil.org' is in Texas, and I gather you're posting via their web/mail interface. If your ISP is AsiaOnLine.net, you have my profound sympathy; I have several acquaintances who are vehement about calling it AphasiaOnLine (it "forgets" a high percentage of their mail) and are unanimous in cursing it to high heaven.

(?) Also there is only one ISP in our area and for some reason or another they say the max connection speed is 19200bps. One last complication is we don't have a land line but only a microwave connection to the nearest town.

(!) [Ben] Well - sounds like load-balancing experimentation is not a hobby for you but more of a necessity. I must say that I find it interesting that your ISP supports EQL; I assume you realize that it has to be supported at both ends. Since they are the ones who suggested it, they most likely do. I wish you the best of luck.

(?) [Tony@thermo-king.com: new to Linux]

From Tony Ormsby

Answered By Heather Stern

Hi;

I am currently a Windows 98ME user. I have recently started studying Linux OS at Tech. I am looking at installing Linux onto an old PC at home to start with before looking at possibly replacing my current OS later on down the track. My old PC is a i386 with 8Mb of RAM and about 250Mb of HDD space. I am about to ask some silly questions which I hope you may be able to help me with.

Firstly, for such an old system, is there a Linux OS available for it? (with or without a GUI) Secondly, I have an old Linux OS (similar to the old MS-DOS 3.3 OS) which I am playing with and am looking at writing a script which will help me to do the following:

Actually, I'm also going through some old books but they don't five examples of how these scripts should be approached. I'm hoping that if I can get an example, it will give me more of an idea on how Linux directory system operates. It does appears that the floppy drive once mounted becomes part of the root directory rather than remain a seperate drive as in MS OS .

I would like to know more about Linux. I believe that in the next few years, it will grow more competitive and become a real alternative to Windows. I also have a copy of Red Hat 6.2 which I am looking at putting onto a spare i486 with 16MB RAM which I have in pieces. I have been told however, that Mandrake 7.0 is a much easier alternative when starting out in Linux. I guess I'm looking for some help in determining which direction I'm going.

kind regards; Tony Ormsby

(!) [Heather] Debian can run easily in the limitation you described - its "base" only uses about 60 Mb or so. (might be less, I haven't really counted it). Graphical setups cost a lot more space - you should avoid using weighty applications like Emacs, the big environments like Gnome, K or the Office Suites, because they will be very slow for you, if you even get them to fit.
You probably want to investigate some of the specialty distributions listed at Linux Weekly News (www.lwn.net).
Whichever distro you use for the 386, make sure that you are fairly minimal about what you allow it to install. You might even consider calling the staff for the companies (in the case of corporate distributions like Corel or Redhat) and asking them what is the minimum space they can be installed in, and the minimum RAM that configuration will run with.
The 486 you describe has a better chance of using something fairly ordinary, though you'll probably still want to be picky about how to use your disk space. Again, 16 Mb is okay but a bit low, so the weightier apps won't be all that happy in it.
Mandrake is a nice distro (when it works at all in your system) but since it is optimized for 586 or higher-powered processors only, it won't work on either of the two systems you mentioned. Sorry.
If you have to, you can always use a much earlier distribution (though it will have the security bugs that plagued those releases) or you can use a "mini" distribution - usually optimized for running from floppies, but many of them can be carefully set up to run from hard disks as well.
Tom's root boot is a nice tiny distro (floppy based) to use to learn more about things under Linux without getting too complex. It runs from RAM so you don't have to ruin any harddisks until you decide what you want to do. Of course, its documentation is very minimal, because too much wouldn't fit on a floppy. You can find his work at http://www.toms.net/rb
Best of Luck

(?) Trident Providia 9685

From J C White

Answered By Heather Stern

Hi There,

I was told you might be able to direct me to where I can find the drivers (Win98SE) for the Trident PV 9685...I have this PCI vid card with no drivers...I also have the AGP version...again no drivers

any assistance will be greatly appreciated

J C White

(!) [Heather] The card that you have has actually come up before in The Answer Guy column, in issue 31. (www.linuxgazette.com/issue31/tag_trident.html) It's been supported in Red Hat (at least on a hardware list) since at least version 4.2. So, the card's been around awhile, and we can at least assure you that it works for Linux...
Unfortunately that's not what you've asked. Sadly, we have no particularly great idea where to find just about anything specific for Windows (any revision)... that's not the OS we write about.
However, I do find an occasional gem for Windows (when I have to go looking) at either winfiles.com, or TUCOWS. That's short for: The Ultimate Collection Of Windows Software. They've of course spread out into more OS flavors and hardware such as Palm pilots andd our fave, Linux.
Under Linux, the card you mention works under Xfree86 version 3.3.6 as well as the new, restructured to be nice and fast, 4.0. I even saw a mention of a 64-bit version of it being okay (AGP wasm't mentioned over in the list at www.xfree86.org, but I'm guessing that's what you really have). Metro-X has a commercial server for it too.
Though it's mentioned in scattered references as "unsupported" I have to add that in Linux terms, that means Trident has been worthless in helping us use their stuff, so it doesn't mean exactly that it doesn't work, it means that we probably are not making the card behave at its very best. We might be - we might even do a better job than your missing Windows drivers - but we really can't tell. Not a lot of developers will throw extra money at more pieces of unusable hardware if they should fry one while trying to code things to make it work.
To be utterly fair to Trident, there aren't that many companies that are "supported" in the sense of really giving us data that we can use for coding up new X server support. It's kind of strange that vendors won't help, even with some raw information about expected input and output signals, since they claim they want to sell hardware. Even if it would somehow reveal some great secret about their hardware (I find this difficult to believe), you don't see very many companies helping us out even with their older cards, saving juicy protectionism for the Hottest New Toy. There are a few... SuSE and Precision Insight have given a lot of extra help to the X Free86 project by helping convince and aid vendors in going our route... as for the others, too bad for them. We tend to buy what we can use, and we're really good at friendly word of mouth for helpful vendors. So if things don't work out for you (though I hope they do), allow me to recommend 3D Labs, ATI (we handle so many ATI cards I stopped counting them. Get a Rage 128 and save yourself from wondering which server entry to pick), Matrox (Milleniums are excellent), 3Dfx, or any of the other vendors who've done XFCom servers. They can use the encouragement :)
[Note] 3dfx appears to be effectively out of business since Nvidia bought them, which might not matter to you, but it seemed wise to mention, as you might not want to buy cards that have been orphaned that way.

... John went on to find the REAL answer he needed ...

(?) found ALL drivers and will forward to list...even found jumper settings to use as SVGA, S-Vid, or NtSC output in Win95 or 95; again , will send....gimme addy where to upload these gems to as well as a Trident total support page with drivers for everything they ma(de)ke!!

Thanks Again

John

(!) [Heather] You can reply to tag@ssc.com and I'll publish ... mainly because the jumper details might be useful to Linux'ers too. If you create your own web page where you're keeping track of these, you can tell us the link. And, that'd make it pretty easy for you to submit the tip to Windows related sites, as well.
I don't know if Trident maintains such a "total support page" - do they? But as time marches on, lots of companies stop maintaining details for older cards.
[Note] John didn't forward the drivers, but if anybody needs to get ahold of him for these, send a note to The Answer Gang (tag@ssc.com) and I'll forward it along to him.

(?) The New network On The BLock

From Robert Smith

Answered By Dan Wilder

Next year i'm hoping to set up a home network that will have internet connection through a firwall, then a DSL connection. With such a set up, is there any need to set up DNS services if we are to have a static IP address, or can we use the ISP's?

(!) [Dan] You can use the ISP's DNS services. Put internal hostnames in the /etc/hosts files, or equivalent for other OSs, and point all hosts to the ISPs nameservers for resolution of external hosts. On Linux, /etc/host.conf should read
order hosts,bind
multi on
and /etc/resolv.conf should have:
search your.internal.domain
nameserver IP.for.your.ISPs.nameserver
nameserver IP.for.another.of.your.ISPs.nameserver
"your.internal.domain" is whatever you call your network. No need for it to be a registered domain. "IP.for.your.ISPs.nameserver" is the IP number for your ISP's nameserver.
It becomes worthwhile to set up an internal nameserver when the internal network grows large enough to make propogating the /etc/hosts files (and equivalent) a nuisance. There are a couple of other reasons to set up internal nameservers ... consigning external banner ad servers to oblivion, for example ... but AFAIK, these are all amenities you can easily live without.

(?) Mail Daily sylog message to remote e-mail

From Ling Ling

Answered By Ben Okopnik

Hi,

I am sorry about the interruption. But I have no way to find a help except to try my luck everywhere I can (at least that's what I perceived). I have a RH 6.2 server running as FTP server. Upon customer response, I will have to send certain syslog message to their LAN account, like say admin@system.com. I have read all the manual and even posted up a question on the linux mailing list, but I have still no receiving the answer I want ... I now how to redirect to a file or a local user, but this users is not a local system users (but stay in the same domain), do you mind to guide me on this ??

(!) [Ben] I'm not exactly sure of what you're asking, but here is my best guess:
1) You have a user connecting via FTP. 2) On a response (What kind of response? What kind is possible via FTP?), you want to send e-mail to that user.
Assuming that the response - however it's done - contains the user's name and host, the answer is an easy one:
tail /var/log/messages | mail -s "Your syslog info" Username@Host
The above, for example, would send the last 10 lines of "/var/log/messages" to the specified user. You can, of course, specify whatever information you want to send, and use whatever subject you want (the '-s' switch on the above command line) - this is purely an example, since you didn't say what it is that you wanted from the syslog. Note that you may have a decision to make with regard to file permissions, as most log files are only readable by 'root'.

(?) Thank you very much.

Regards, Ling Ling

(!) [Ben] You're welcome. If I'm off in my understanding of what you're trying to do, please feel free to write back.

(?) Scripted Serial Sessions

From nir

Answered By Jim Dennis

Hellow

I am qa engineer

I want to write send and recieve file script for minicom, so i will be able to check a lot off AT commands. do you know about any tools that could help me, or examples for those scripts.

(!) [Jim] Read the man pages:
RUNSCRIPT(1)                                         RUNSCRIPT(1)

NAME
       runscript - script interpreter for minicom

SYNOPSIS
       runscript scriptname [homedir]

DESCRIPTION
       runscript  is  a  simple  script  interpreter  that can be
       called from within the minicom communications  program  to
       automate  tasks  like  logging in to a unix system or your
       favorite bbs.
runscript is a utility that comes with minicom.
Of course, I can't just leave it at that. That would be far too simple an answer. I really have to put in a plug for Kermit if you're going to be doing any serious communications scripting. Kermit is a rich programming/scripting language for automating serial and network communications. I really suggest that you try it instead of minicom's runscript.
I must admit that I usually use minicom for most of my simple interactive serial terminal needs. However that's purely born of laziness. Minicom is included with most LInux distributions while I'd have to fetch kermit and build it from sources. If it was "apt-get'able" from the Debian archive system; I'd go back in a heartbeat.
All of that aside, runscript can probably do what you need, and if that doesn't give you enough power to do the job then look at the 'expect' programming language from Don Libes. That can automate any terminal/curses appllication under Linux/UNIX and it supports the full TCL programming language. There is also an "expect.pm" module for PERL if you prefer its syntax and features.

(?) Thank you.

Kermit is very good but their is one problem, i cant put AT commands in my script. i have the same problem in minicom (it dowsnt recognize AT commands) i try even to combine the both (minicom and kermit). i think kermit is powerful and thanks to you i learn it.

thanks again!!!
Nir


(?) Setting up print filters.

From Neo

Answered By Ben Okopnik

Hi,

I'm a totally newbie about Linux, but I found it a real great OS (I normally used Win98 !!!), but I have a small problem. I have just changed my printer, a brand new Epson Stilus Color 670, but my Linux box won't use it

(!) [Ben] The main reason, Neo, is - of course - that the Matrix has you. :)
Generally, I would not respond - few people would - to a request for help that gives so little useful information. The reason that I'm answering this question at all is because printing setups can be troublesome, and what I want to do here is write a sort of a mini-troubleshooting guide. "My Linux box won't use it" is rather useless; what does that mean? Are you physically unable to connect the printer to the box? Does it not fit on the same desk as the computer? Does it print perfectly except for skipping every other comma? There is no way to tell, and most of us aren't into guessing. Please try to make yourself clearer when asking for help; there's no such thing as "too much information" when doing so.
If there's one bit of advice that I'd want to emphasize to the newcomers in the Linux community, this would be it - make yourself as clear as possible when asking for help, and include as much information as you think necessary... and then add some more.
A quick check of Epson's website didn't give me any specs on this printer, just advertising crud. I suspect, though, that it is not a WinPrinter - that's what I wanted to check up on. If it was, you'd have a bit of trouble (software is available, but it's problematic.) In any case, WinPrinters are beyond the scope of what I want to cover. We'll assume that you have a real, honest-to-goodness printer with its own brain, and go from there.
Once you have connected the parallel cable (once again, USB printers are outside the scope - look up the USB-HOWTO on the Web), powered up the machine and the printer (DO NOT connect or disconnect parallel peripherals under power: you stand a high chance of frying the peripheral and the machine), and made sure that the printer's power light is on, it's time for the basic test. Pick a text file that is about 1k in size - the default "/etc/inittab" is a pretty fair example - and shove it straight out through the parallel port:
cat /etc/inittab > /dev/lp0
This assumes two things: 1) that you are logged in as root, and 2) that the first parallel port, "lp0" (known as "LPT1:" under DOS/Windows) is where your printer is connected.
If this doesn't work, look at any error messages that may be generated: "Permission denied" probably means that you *didn't* log in as root. "Device not configured" would mean that you either don't have the "lp" module loaded (check by typing "lsmod") or do not have the kernel parallel-port driver enabled, which would be a strange thing to do (but I've seen it happen.)
If no error messages are generated and there's still no output, try assuming that it's the other parallel port - there are rarely more than two on machines today; for that matter, more than one is becoming rare. Anyway, try
cat /etc/inittab > /dev/lp1
- it can't hurt.
One rare, odd thing that can make this test fail - check the parallel port settings in your BIOS. I've seen an "ECP/EPP" setting disable a Brother printer under both Linux and Windows; all other settings allowed it to work. Yes, Brother printers are weird - but this was about as strange as snake suspenders...
If none of the above works, check the hardware by booting into DOS or Windows and printing from there. If you still can't get it to print, there's a problem with your hardware - port, cable, or printer. Curse life, weep loudly, and replace whatever is necessary.
Install "lpr" or "lprng". For a home user, it makes no difference which one you choose. Either one handles the tricky bit with the permissions - you don't have to be root to print anymore. "cupsys", available with the new version of Debian (and probably other distros) takes care of this and the next (filtering) stage. Make sure your "/etc/printcap" is correct (see "man printcap") and test the system by typing
lpr /etc/inittab
If all you were going to do is print text, you'd be done at this point. However, most folks like their graphics and want to pretty-print stuff like Web pages, etc. For this, you need a series of "translators" that accept an arbitrary file type and turn it into language that is appropriate for your printer. "magicfilter" and "apsfilter", in my experience, can both be rather fussy about installation - I've had problems with both. Test the system by printing a small graphics file, preferably something like a black 4x4 pixel GIF or JPG - if you only get a dot (the correct output), try a larger image; if the filters are messed up, you won't get more than a page of random garbage.
At this point, you're done. The next move, as the original Neo said, is up to you.

(?) Xwindows

From Wes Ragle

Answered By Mike Orr, Heather Stern

(?) Is Xwindows a generic part of Linux? All I ever see while researching the question is xfree86?

(!) [Mike] "Linux" refers only to the kernel. All Linux software comes from third parties, including stuff that's necessary to boot and produce a shell prompt. X-windows is just a protocol; Xfree86 is a concrete implementation of that protocol.
(!) [Heather] Actually strictly speaking, X is the protocol, windows are what it is about painting, and people rarely see them apart unless they are programming an X based application. Especially if they're programming a window manager; window managers (whose names often end in wm: fvwm, qvwm, twm, flwm, icewm; but not necessarily: blackbox, enlightenment, sawfish) are responsible for listening to X protocol messages like "you got clicked" or "keystroke M" or "please repaint coordinates so-and-so" and telling the right applications what to do. It's the window manager that owns the scrollbars, the title bar, and the background.
(!) [Mike] XFree86 describes itself as "a non-profit organisation which produces XFree86, a freely redistributable open-source implementation of the X Window System that runs on UNIX(R) and UNIX-like (like Linux, the BSDs, Mac OS X (aka Darwin) and Solaris x86 series) operating systems and OS/2." (http://www.xfree86.org)
Linuxers adopted Xfree86 over other versions of X-windows because (1) it runs on the x86 CPUs (a sine que non), (2) it's affordable (back when X was unusable under Linux I almost bought BSDi [another UNIX-like OS] instead, but didn't because of its price tag), and (3) meets our standards for open source (not counting a few minor squabbles along the way).
Linuxers chose X-windows over other graphical systems (e.g., MGR) because almost all the graphical applications available for UNIX are designed for X.
(!) [Heather] There are other implementations of X, also... tinyX is one. You can read far more than any of us can say here by following some of the links at Kenton Lee's site: http://www.rahul.net/kenton/xsites.html
(!) [Mike] Four other graphical "systems" to look at are the framebuffer, SVGAlib, Berlin and GGI.
The framebuffer is an optional part of the Linux kernel that runs the video card in graphics mode. This is required for non-Intel systems (which don't have a text mode, so it must be emulated). It's also useful on Intel because X-windows normally takes control of the video card itself, and because X is such a huge beast, buggy X programs and drivers can crash the X server, freezing the screen+keyboard+mouse and necessitating a reboot. But with the framebuffer, the kernel retains control of the video card and can tell the X server where to go.
SVGAlib is a library that allows non-X programs to use graphics mode.
(!) [Heather] However, there's only one fellow in charge of it and video cards keep moving onward. Last I saw, he's not adding support for new cards - although many with VESA 2.0 compatability will work.
(!) [Mike] Berlin is/was a project to make a windowing system better than X. I can't find a URL for it, so I'm not sure if it still exists. (I thought it was www.berlin.org, but that goes to www.berlin.de, which contains tourist information about the city. Google and MetaCrawler don't seem to have any links to it.)
(!) [Heather] Funny, I went to Google, typed in the keywords "berlin" and "gui" and it popped right up: http://www.berlin-consortium.org
The trick is to make sure you don't get references to the city, by putting in a more limiting keyword to go with it :) They have news as of late November, so I guess the project is still alive.
(!) [Mike] GGI ("General Graphics Interface", http://www.ggi-project.org) is a portable graphics interface of the "write once, run anywhere" variety. It can run with X and/or the framebuffer and in other combinations.

(?) Would you please straighten me out as to exactly what is involved in generating nice graphics in Linux? Does Mesa only work with drivers for a select few video chips?

(!) [Mike] I'll let others answer these since I don't know.
(!) [Heather] I don't think that is the case... although certain video chips may get a significant boost from having OpenGL support directly, Mesa is software that allows non-supporting cards to display applications designed around OpenGL. Mostly. The author is very careful to state that it is not a licensed SGI implementation of OpenGL so if something isn't a perfect match, sorry. You can read all about that at the Mesa project homesite, again not quite obvious: http://www.mesa3d.org
Anyways I hope that helps a bit. Since I don't know what kind of nice graphics you're trying to do, I don't know if any of the APIs optimized for helping gamers might help you out too. But this should be a good start.

(?) Xfree 4.0.2

Definitely worth mentioning -- Xfree86 4.0.2 just came out. Release notes:
http://www.xfree.org/4.0.2/RELNOTES.html

(?) diald on a smoothwall box

From jim watkins

Answered By Mike Orr

This may be the wrong place to ask a question! in which case please take no notice.However if not......

I just made a box running smoothwall, a sucess until....I realized it did not dial on demand...then I found diald ....to me this looks like it should achieve what I want...

(!) [Mike]
1) What are you trying to do?
2) What's smoothwall?
Diald's main use is to automatically initiate a ppp connection when there's outgoing traffic at your site but the link is down, and then to tell ppp to hang up when the outgoing traffic has been idle for a certain period of time.
For an ordinary firewall situation with ppp and an analog modem, where you want the connection to go up and down automatically as needed, yes, you would use diald.
Note that diald cannot measure incoming traffic when the link is down. This would require something like diald at the ISP's end.

(?) ...a bulk friendly ISP?

From needbulkisp

Answered By Jim Dennis

[the editor notes that the querent sent his mail as all HTML. Yuck.]

(?) Hello!

I'm trying to find a bulk friendly ISP, to host a very small website. Can you help?

OR

Can you refer me to anyone?

Thanks very much,

HAPPY NEW YEAR!

From: needbulkisp@yahoo.com

(!) [Jim] I don't know what you mean by "bulk friendly." However, you should be aware that the phrase carries very negative connotations to experience internet professionals.
To must of us that suggests that you are planning to spam (e-mail) people and you want to hook up with an ISP that will tolerate your abuse of the Internet and shield you from the wrath of the people that you offend.
Since you say it's a "very small website" I presume that you don't mean that you have a "bulk" of content that you wish to make available. Perhaps you mean that you have a small volume of content that you believe will get an immense amount of traffic. Obviously there are lots of ISP and co-location facilities out there. For commercial traffic they are very "bulk friendly" (since they charge for all the traffic --- the more traffic you generate, the more money they charge and the friendlier they get).
Anyway, I'll refrain from suggested actual companies here. Among other things I don't know enough about your needs and resources (money) to make any reasonable suggestions, and I'm not in the business of shopping for ISPs (bulk-friendly or otherwise).
However, I've left your name in this message since your e-mail address is clearly and solicitation for relevant advertising. I'm sure that "bulk friendly" ISPs will just be banging down your inbox within a few days. (Normally we filter e-mail addresses out of LG Answer Gang articles to protect or correspondents from spammers; however this appears to be a "trowaway" e-mail account which will be abandonned as soon as you've made your selection --- so I'll suggest to my editors that we make an exception in your case).

More 2¢ Tips!


Send Linux Tips and Tricks to gazette@ssc.com


Let cron put backup files into your Gnome trashcan

Sat, 30 Dec 2000 01:02:24 -0500
From: Allan Peda (tl082@yahoo.com)
Cron to put bacup files in trash (if you have a gnome desktop):
I typed this up to keep my home dir clean, it assumes backup files over 1 day old should be moved to the trashcan. I run it every 5 minutes under cron
#!/bin/sh
# script to move trash files to trash can
# use cron to run this every 5 minutes

if [ x"$HOME" = x ]; then
  echo "\$HOME not defined"
  exit 1
fi

TRASHCAN=${HOME}'/.gnome-desktop/Trash/'
if [ ! -d $TRASHCAN ]; then
  echo "Need a trash can to work"
  exit 1
fi

FARGS=' -maxdepth 1 -type f -mtime +1 '
find ~ $FARGS -name '.saves-*' -exec mv {} $TRASHCAN \;
find ~ $FARGS -name  '\#*\#'   -exec mv {} $TRASHCAN \;


Seeing what's changed since your tar backup

Fri, 29 Dec 2000 09:35:11 -0800
Jim Dennis (The Answer Guy)
(If you have a full tar backup of your root and /usr filesystems you can use the 'tar df' or 'tar dzf' directives to report on differences between your current files and those in your backup.


2cent tip: lynx mpg123 and mp3.com

Mon, 11 Dec 2000 19:58:01 -0800
From: collver@softhome.net(collver@softome.net)
mp3.com uses MIME to describe audio content to web browsers. A year or two ago, mp3.com had instructions to set up audio/mpeg and audio/mpegurl in Netscape. These MIME types no longer work because mp3.com now uses audio/x-mpeg and audio/x-mpegurl instead.
Two places to configure viewers for MIME types:
/etc/mailcap $HOME/.mailcap
I suggest editting $HOME/.mailcap as it overrides /etc/mailcap.
You might already have entries placed by Netscape. If so, they assume you only use X and they look like:
#mailcap entry added by Netscape Helper
audio/x-scpls;xmms %s
#mailcap entry added by Netscape Helper
audio/x-mpegurl;xmms %s
#mailcap entry added by Netscape Helper
audio/x-mpeg;xmms %s
If you don't want to use xmms, delete these lines. If you want to use xmms when in X, replace 'xmms %s' with 'xmms %s; test=test -n "$DISPLAY"'
Then add:
audio/x-scpls; mpg123 -@ %s
audio/x-mpegurl; mpg123 -@ %s
audio/x-mpeg; mpg123 $s


The Unattended Risk

Thu, 28 Dec 2000 18:57:54 -0800
allan

I realized the other day that locking your screen is next to useless if you start your linux box in text mode, performing a "startx &" to begin an X session, unless you Ctrl-Alt-F1 to your text virtual console and Ctrl-D logout, then you can Ctrl-Alt-F7 back to the X console, and lock the screen. Otherwise all a passerby need do is switch virtual terminals and use you account.

It's sorta obvious when you think about it. Of course an unattended Linux machine is not really secure, but still, just switching virtual consoles is a little too easy.

Allan

I've been doing "exec startx" from non-xdm machines to save myself having to log out when I quit my X session. I think it would help with this situation too. -- Don Marti
... or
startx & vlock
... to ensure that your login session will not be inadvertantly be left unlocked and unattended.
Naturally you'll also want to look at xautolock --- adding it to your .Xclients, .xsession or other windowing system start-up/configuration files as necessary.
-- Jim Dennis


Modem Question - Easy One

Sun, 17 Dec 2000 19:59:45 EST
From: Franklyn (I3utane@aol.com)

Answer Guy,

I've read an response that you posted about a win modem running in linux, it wont'. But I it was posted on Feb 22, 1999. So I was hoping that came out and gave us the source and stuff. I have a US Robotics 56k Voice Win. If they haven't, i'm out to comp usa to buy a external 3 comm (or is a internal ok?).

Be good man - thanx in advance.

Franklyn

See if http://linmodems.org or the Linmodem Mini HOWTO www.linuxdoc.org/HOWTO/Linmodem-HOWTO.html+linmodem&hl=en help.
An external modem is usually better anyway because modems generate a lot of heat, plus external modems don't have any OS-specific idiosynchracies.
-- Mike Orr


Monitor goes blank

Sun, 24 Dec 2000 15:29:28 +0200
From: Marius Andreiana

I'd like to turn off blanking of the monitor in X. After 10 min or so it goes blank, so I have to move the mouse from time to time when watching movies :)

I've tried setterm -blank 0 before starting the movie (put that in rc.local too) but no effect. setterm -blank 60 won't work either.

setterm affects only the console. My ~/.xsession has the following command:
"` xset dpms 1800 2400 3600 "'
which blanks the screen at 30 minutes, goes into power-save mode at 40 minutes, and "off" at 60 minutes. I use such a long time so it doesn't blank out when I'm moving back and forth between the computer and the kitchen.
There are also some options in XF86Config you can try. See "man 5 XF86Config-v3" or "man 5 XF86Config". You have to put in a "power_saver" option; then set the BlankTime, StandbyTime, SuspendTime, and OffTime in the Screen section. These are overridden by xset.
-- Mike Orr
You're on the right track but in the wrong lane. The setterm command only affects the (virtual) terminal settings. You want the xset command.
Try the command:
     xset s off

... from any xterm. Then start your moving, kick back, and watch the show.
-- Jim Dennis


Tips: sendmail offline

Tue, 26 Dec 2000 23:35:19 +0100 (MET)
From: Karl-Heinz Herrmann (k.-h.herrmann@fz-juelich.de)
Hi,
since I just solved a little nuisance with the newer Sendmail 8.9.3 on my system I thought it could help somebody else.
My setup: dialup connection, local sendmail is handling all outgoing e-mail and is
queuing them until online. In my ppp-start scripts sendmail will then be triggered by 'sendmail -q' to run the queue.
Now since the last upgrade this didn't always work for mails sent offline but would work for mails sent while I was online. I now found out that sendmail is keeping a persistent host status directory.
sendmail.cf says:
-------
# persistent host status directory
O HostStatusDirectory=.hoststat
[...]
O Timeout.hoststatus=60m ---------
So if a mail was undeliverable (offline) sendmail would remember that for 60m. Only then it would ever try it again even if online and 'sendmail -q' is run. This status seems to be associated with each mail, so new ones go out, old ones stay.
Possible solutions:
  1. reduce the timeout to 1m or similar.
    or
  2. run 'sendmail -bH' as well in the ppp-start script. This will purge the host status cache.
I Hope this helps others to get a similar setup working faster then me ;-)
-- Karl-Heinz Herrmann


Measure your modem connection - Bogospeed

Sat, 16 Dec 2000 11:44:11 -0500
From: Ben Okopnik (of The Answer Gang)
This one does a 'bogo-measurement' of the modem connection speed. Given that I'm in the process of playing with a rather shitful internal modem (bleagh!), it comes in very handy.
Several times, I've seen people write in to LG and ask "How can I tell how fast my modem connection is?" This little script will... well, it'll do _something_ that will at least give you an idea. :)
In the tradition of "BogoMIPS", "bogospeed" gives you a relative value of your connection speed. This means that the numbers you see do not represent the actual speed of your connection - in my experience, they are about 25% high - but give you a general idea of what you should expect. If, for example, you normally see "55000 bps" as your 'bogospeed', and you see "33000 bps" on a given connection, you'll know that the connection you've just made is about 40% slower than usual (and that you should probably try reconnecting.)
"bogospeed" normally takes about 10-15 seconds to do its stuff on a decent connection with a 56k modem, and MUCH longer on a very slow connection. To stop you from wasting your time, it prints the time that is required for the first 'ping' to reach your ISP, as well as the time that it takes to execute that ping. In my experience, if that execution time is much longer than 3 seconds, you've got a poor connection and should try redialing.
Ben Okopnik
#! /bin/bash
# Estimates connection speed to your ISP

# Be nice to MindSpring; put in your own ISP's name here
ISP="www.mindspring.com"

# Check if 'traceroute' is installed on the system
[ -z `which traceroute` ] && {
  echo "\"${0:2}\" requires 'traceroute' to be installed."
  exit
}

# Check if 'bing' is installed on the system
[ -z `which bing` ] && {
  echo "\"${0:2}\" requires 'bing' to be installed"
  exit
}

remote=`time traceroute -m 1 $ISP 2>/dev/null|awk '{gsub("\(|\)","");print $3 " " $4}'`
echo
echo -e "Ping time to ISP:" ${remote:15} "ms\nMeasuring speed...\n"
bing -c 1 -e 20 -S 1024 localhost ${remote:0:14} 2>&1|grep throughput


2-cent tip - module resource detection

Sat, 16 Dec 2000 11:19:44 -0500
From: Ben Okopnik (of The Answer Gang)
Here's a rather nifty script I've crufted. Given the number of times I've seen people have problems with loading modules, I think it would be pretty useful.
Actually, this two-cent tip is more like a dime (hey, I worked hard on this thing! :) Recently, I installed Debian 2.2 (potato). For various reasons - namely, the fact that I've got a weird soundcard and decided to play around with an internal (yechhh) PnP modem - I needed to load several modules that required various combinations of IRQs, DMAs, and I/O addresses. Having suffered with this in the past, I decided, once and for all, to resolve the mess.
If you are trying to load a module, and failing with a "Device or resource busy" error, then 'shotgun' is just what you need. It will try to load your module with permutations of the three supplied lists for the above values. It's smart enough to figure out which modules don't require any parameters, as well as warning you about modules that require other things. It will, as a last resort, try to load the module with "auto" values, and will give you good advice on what to do if everything else fails. All in all, it's a very useful tool if you're going to load modules for strange hardware. It will also let you know what the correct values are when it does succeed; this allows you to write them into "/etc/modules" and forget them: they'll be auto-loaded the next time you boot.
Happy resource hunting to all! :)
Ben Okopnik
#!/bin/bash
#
# Requires bash, basename, cat, find, grep, insmod/lsmod, strings


[ -z "$1" ] && {
  cat << @END@
* 'shotgun' - a parameter guessing routine for module loading *
*** Copyright Ben Okopnik 2000 - released under the GNU GPL ***
Syntax: `basename $0` module_name
@END@
  exit
}

# Parameter value lists - make sure the 'iolist' makes sense for your
# hardware!
#
# Note that '0' is not an actual value - it tells the module to try
# a default value. This usually works, but is not the best thing.

irqlist="3 4 5 6 7 8 9 10 11 12 13 14 15 0"
dmalist="1 2 3 4 5 6 7 0"
iolist="200 210 220 230 240 250 260 270 280 290 2a0 2b0 2c0 2d0 2e0 2f0 300 310 320 330 340 350 360 370 380 390 3a0 3b0 3c0 3d0 3e0 3f0"

# Clipping the ".o" for uniform syntax
module=${1#\.o}

fname=$(find /lib/modules -name ${module}.o)
[ -z "$fname" ] && {
  echo "No module called \"$module\" exists under /lib/modules."
  exit
}


clear
warn

parms="$(strings -a $fname|grep ^parm)"
for p in $parms
do
  par=${p#parm_}
  echo ${par%=*}
done

[ -z $par ] && {
  echo "This module does not require any parameters. Loading..."
  insmod $module && echo -e "\n$module loaded.\n"
  exit 1
} || {
  echo -e "\nPress a key to start the test process or 'Ctrl-C' to quit."
}

read

echo -e "This might take a while...\n"
echo -n "Running"

for irq in $irqlist
do
  for dma in $dmalist
  do
    for io in $iolist
    do
    echo -n "."
    result="$(insmod $module irq=$irq dma=$dma io=0x$io 2>/dev/null)"
    invalid=$(echo "$result"|grep -c invalid)
    unresolved=$(echo "$result"|grep -c unresolved)
    if [ $(($invalid+$unresolved)) -eq 0 ]
    then
      out=$(lsmod|grep ^$module)
      echo
      echo
      if [ -z "$out" ]
      then
        badnews
      else
        echo "If the module loaded successfully, you should see"
        echo "its name on the following line:"
        echo ${out% *}
        echo
        echo "The parameter values were: irq=$irq dma=$dma io=0x$io"
        echo
        exit
      fi
    fi
    done
  done
done

function badnews()
{
clear
cat << @END@
Oops. It didn't load. OK, try typing "insmod $module" and see what it
says - if you get a whole bunch of 'unresolved symbol' messages, that
means there's another module that needs to be loaded before this one;
take a look in "/lib/modules/<version>/modules.dep" to find out what
that might be. Other than that, here are a few things to try:


1) Modify the values in the parameter lists at the beginning of this
script: the IRQ and the DMA ranges are probably OK, but the IOs can vary
widely - make sure they make some kind of sense for your module. This
might mean looking at the paperwork that came with your hardware or
starting up Windows to see what I/O address it's been assigned there.

2) Load the values manually. The module you're trying to load may
require more than just IRQ, DMA, and IO - the parameter list at the
start of this program will show you all the possibilities.

3) Do some more research on what the appropriate value ranges for your
module might be. Search the Web for your hardware name plus "linux" - I've
usually had good success with Google and AltaVista's "advanced" search.

4) Often, reading the appropriate part of the kernel source - even if
you are not a programmer - can be very helpful. As a good example,
reading the source for the SoundBlaster/ESS module - 'sb_ess.c' in the
'/usr/src/kernel-source-<version>/drivers/sound/' directory - enabled me
to get my WAV files to play at normal speed, by using the "esstype=1688"
parameter; it was explained in the comments near the top of the file.
The source files tend to be about half code and half comments: the good
folks that write them *want* you to understand.

Good luck!
@END@
  exit
}


function warn()
{
cat << @END@
NOTE: The following is a list of parameters your module can accept; usually,
most of these are not required. Most often, 'irq', 'io', and 'dma' are all
that are necessary; this script will try to load your module with various
values of those parameters.

If after pressing a key you do not see all three of these - 'irq', 'dma',
_and_ 'io' - on the list, you should probably quit the script by pressing
'Control-C', as the module will almost certainly fail to load despite the
lack of error messages. If the module takes no parameters, the script
will notify you of that and load it properly.

* Press 'Enter' to see the parameter list *
@END@
  read
}


Backup via shell script

Thu, 14 Dec 2000 11:27:58 -0600
From: Michael Williams (not from the answer gang)

How do you back up your home file system to a remote system using shell script

If the computers are connected via TCP/IP and you have rsync and ssh installed on both machines, do:
#!/bin/sh
# backup.sh

rsync -av --delete -e ssh /local/dir/ user@remote_computer:/remote/dir
Put a slash at the end of the first argument but not on the second argument. Try it first running rsync on the command line with option -n added, to see what it would do. Otherwise you may discover you're specifying the wrong directory and deleting stuff you don't want to delete.
You will have to configure ssh to let your script login without a password. If you don't have an ssh public key yet, run "ssh-keygen". Then copy your local ~/.ssh/identity.pub to the remote ~/.ssh/authorized_keys . (Or append to authorized_keys if you already have some entries in it).
-- Mike Orr


devices list

Thu, 14 Dec 2000 12:15:11 +0100
From: Monserrat Seisdedos NuŮez

Hello those in the gazette:

My question is :

there is any /dev/devices list where it is pointed out which device belongs to??? that is
hdx--> hard disks
fdx--> floppy disks
etc...

Download the kernel source (any version) and look at Documentation/devices.txt .
-- Mike Orr


Linux core files

Wed, 13 Dec 2000 15:10:02 -0500
From: ken ramseyer

I read your article in http://www.ibiblio.org/mdw/LDP/LG/issue41/tag/4.html which talks about Linux core files.

Do you know of any reasons why a core file would go to a directory other than the current working directory (cwd)?

I thought core files always went to the current directory. Meaning, the current directory of the process that was killed.

Do you know if there is a way to tell the Linux kernel where to put core files?

Not that I know of.
I have "ulimit -c 0" in my .zshrc to prevent core files from being written at all. That affects the shell process and all its descendants. Since I'm not (much of) a C programmer, core files are useless to me.
Initscript(5) says that if you have a shell script called /etc/initscript, init will use it for every process it spawns. "This script can be used to set things like ulimit and umask default values for every process." Since init is the anscestor of everything, this would be a way to stamp out all core files at once.
-- Mike Orr


linux login problem

Wed, 27 Dec 2000 15:57:40 -0800
From: Joseph Cheek to Howard Hsu...

I have found posts of yours which seem to relate to a problem I am currently having. Any help which you might provide would be greatly appreciated.

We are having trouble logging into our linux server via the console or telnet, but are able to login using the same l/p for ftp.

what are the permissions on /etc/securetty?


networked machine goes to sleep?

Sun, 03 Dec 2000 18:41:56 -0500
From: Christopher Curtis
This problem exists, or used to exist, for several people, including myself. The concensus is that the problem has to do with a cisco router: The router expects chatty windows machines that crash - if your Linux box just sits around not saying anything, cisco assumes it's dead and stops routing traffic towards it. There's a config option in the router that can turn this 'feature' off, but, as for myself, I cron a ping since I can't access the router.
Christopher


NT Log on a Linux Box

Wed, 13 Dec 2000 11:15:27 -0600
From: Jonathan Hutchins
Boy, talk about "think outside the box...". [Cesar] complained that he couldn't cron the dumpel.com program to dump the NT Event Log to a flat file for viewing on Linux. While it isn't called cron, NT does have a scheduler. The command line interface is "at", and a GUI interface comes with the Resource Kit. Yes, he needs admin privileges on NT to schedule it, but he'd need root if he were trying the same thing on a Linux box.
There are also various programs to give you a remote virtual console from an NT box. We use PCAnywhere within Windows environments, but the VNC project might be very useful... http://www.uk.research.att.com/vnc


Graphics Programming for Printing / Faxing (Issue 60)

Tue, 5 Dec 2000 01:50:32 -0500 (EST)
From: Anthony E. Greene <agreene@pobox.com>
The quick and easy way for a Perl programmer to do convert data to faxable invoices/reports is to output the data as HTML, convert it to Postscript using html2ps <http://www.tdb.uu.se/~jan/html2ps.html>;, then fax the result using efax or mgetty+sendfax.
-- Tony


About RS422

Fri, 1 Dec 2000 16:46:54 +0800
From: Elijah Pau (e.pau@tct.com.hk)
Hi James,
Stumble across you page while looking for some info on RS422 product. Sorry to say that you may be answering the wrong question. As far as I know, RS422 is a hardware spec. i.e., it's about how hardware talk amongst themselves. The original question seems to be about how Linux (software) talk to the adaptor card. The representative for the card would probably be a UART. Identify that, and you are almost home.
Just my 2cents.
Cheers, and keep the helping out spirit going.
=== Elijah Pau


x-base languages for Linux

Mon, 04 Dec 2000 22:55:06 -0500
From: Hiram & Patti Rosenberg
Dear Mr. Answer Guy,
I do not know if this is the correct venue for writing to you in relation to the Linux Gazette column, so please do not throw any brickbats my way. I just wanted to add one piece of knowledge to the puzzle raised by a Michael "Mookie" Kepler's inquiry from back in 1998. I've been programming in Recital, a 4GL xbase product that runs over our Sun Solaris network. They have a product for Linux; I can not recall the price but a developer kit was only a 3 digit number as I recall. I work in the tech pubs section of a major world-class helicopter factory and we use their Unix product as the backbone of the publication production and illustration tracking system.
Recital is in Danvers, MA, just north of Boston.
Hi Rosenberg


NT Event Reporting in Unix/Linux

Fri, 1 Dec 2000 13:58:37 -0500
From: Sheldon Dubrowin (sdubrowin@ibasis.net)
I was looking for something like this also and found an article in the September 2000 issue of SysAdmin Magazine (www.sysadminmag.com). In that article, they talk about a Perl Script that can be run on the NT box that will format NT Event Log messages in a syslog format and send them to a Unix/Linux syslog server. The article is by Joe Aguiar, I haven't tried this technique yet, but I will be looking into trying this out, just not yet. Anyways, I thought you might be interested in this article.
Sheldon M Dubrowin


Need info

Tue, 12 Dec 2000 12:26:11 +0200
From: Dori Adler

Hi

I don't know if this is the appropriate email address if not I'm truly sorry.

Question: Is there a MS Exchange Server Emulator for Linux?

We were given a Tip about Tradewinds in the last month or two. Not being Windows users ourselves, we don't know how good it is. But you can try it, and if it works for you, you could write an article for us.

I need to get MS Outlook Clients with MS Exchange server Services (Only) to connect to the linus server , do you know how / where?

Normal Linux mail servers are POP3 ... IMAP is a bit less common but certainly available. So if you are more concerned about the mail than about other Exchange features, MS Outlook should already work.

Thanks and sorry again Dori

Best of luck -- Heather


Fat 32 Linux instillation

Sat, 16 Dec 2000 01:25:47 -0600
From: (tomvanberkel@mindspring.com)

Can I install Linux on a FAT 32 partition with a dual boot configuration including windows ME on the primary partition? Thanks, TVB

Yeah, there's a handful of distros aimed at living on a FAT filesystem. You can find a bunch of them listed on Linux Weekly News (www.lwn.net) - Zipslack and PhatLinux have been around a while, with new ones like Lin4Win popping up occasionally.
-- Heather


Available spcae avail on Hd!

Tue, 12 Dec 2000 09:14:44 -0800
The Chief

Hi:Iam Newbie with Linux How do I find out how much space avail on Hd! My system I have mandrake 7.1 installed on my 3Gig Hd!

The "df" command shows the amount of free space on each filesystem.
% df
Filesystem           1k-blocks      Used Available Use% Mounted on
/dev/hda5              1981000   1620129    258459  87% /
/dev/hda1                 7746      5141      2205  70% /boot
My total amount of free space is 258459 + 2205 = 260664 KB (260 MB).
Extra hint: to see how much space a particular directory and all its subdirectories use, run "du DIRECTORY". This lists each subdirectory separately and then a total at the bottom. To get just the total, run "du -s DIRECTORY".

"Linux Gazette...making Linux just a little more fun!"


Linux On Your Desktop

- setting up GNOME -

By Marius Andreiana


First of all, a Happy New Year! If you don't use Linux at home yet, you'll learn now more about it and you will have a happier year!

Why would one use Linux on the desktop ? Isn't Linux an operating system for servers ? It was designed for multi-user, networked environments, but it's stability pushed it on the desktop too (if you are on the desktop, doesn't mean you can afford you can boot from time to time).

Okay than, it's stable, but you still like MS Windows because you don't want to type commands, and MS Windows is so easy to use! Easier and more user-friendly than Linux ? Don't think so! Sometimes I use MS Windows machines and it's quite frustrating. Illegal operations, Explorer not responding and popups from shareware applications. No thanks! Let's give Linux a try!

Get a recent Linux distribution (I recommend Red Hat Linux 7.0 or Debian 2.2) and install it (see the instalation manual included for details). You don't need to delete Windows (yet :-), just make sure you have a 1G+ partition available.

I assume at this point you have it installed Linux, created an user (during instalation) to login with (don't use the special user root, which has complete powers over all system, unless you need it) and installed the GNOME desktop environment (being by far my favourite), which I'll focus on. Remember this article expresses my personal preferences, which may not suit you.

Login at the graphical promt and let's start! If English isn't your native language, you can select yours at login time. After logging in, you see a panel and the default desktop launchers (shortcuts).

The panel hosts the main menu, applets and launchers. You can have more panels, but we'll stick to one for now. Applets are small applications embedded in the panel, such as task list (all open windows have buttons with their title and icon) and clock. You can remove/add applets easily by right-clicking them or right-clicking the panel, and selecting Panel -> Add to panel -> Applet and the applet you want. Right-click on the clock now, Remove from panel, then add Applet -> Clocks -> After Step Clock. Right click on it again, select Move and put it where you like. Feel free to experiment with the applets. It's nice to have the Multimedia -> Mixer applet for sound card volume.

There's also the Desk Guide applet, which shows a list of desktops. What's that ? Well, you can have more desktops, unlike MS WIndows, where there is only one. If you open lots of applications, it's getting hard to navigate through them. I like to use a desktop for terminals, one for editing, one for internet browsing, and so on. You can flip through them clicking in the Desk Guide applet or pressing ALT+F1, ALT+F2, etc. (note: this is the default on the Sawfish window manager. ALT is also called Meta).

Before going to the window manager, let's work a little more on the panel. I like it clean, so I remove the After Step clock, add back the simple clock. RIght click the panel, select Panel -> Properties -> All properties, and choose the Tiny size. Notice how the mixer applet changed, moving to the horizontal position to fit the panel size. You can add launchers to panel, I'll let you figure out how (no need to read the manual for that :).

The window manager manages windows (surprise!). Moving a window, the title bar and all window-related operations is its job. Sawfish is very nice. Go to Control Center, and after experimenting with different settings, try Sawfish window manager -> Shortcuts. (M stands for Meta, which is the ALT key). I like start Netscape by pressing Ctrl+Meta+N, instead of selecting it from the menu or panel launcher. To do that, choose Insert, Run Shell Command, type the command (netscape) and Grab the key shortcut.
I have lots of keyboard shortcuts, and don't use desktop launchers at all (to double click one, you need to minimize all open windows, or move to a unused desktop). Other shortcuts I use is Ctrl+Meta+M for maximizing window, Ctrl+Meta+D to delete it (close). Windows have gravity, meaning when you open a new window, it will be posistioned in the place where it has the most unoccupied space available.

Some quick tips:

.

Here is a screenshot of my desktop :

Marius' Desktop

Don't like how it looks ? Change it! Use themes, both for GTK (Gimp Toolkit, such as buttons, labels...) and Sawfish. Visit themes.org to see more themes than included ones. Now how about this (older screenshot):

Marius' Desktop - Star Trek theme

Next, you'll see how to manage your system. If this would have been about MS Windows, I would have talked about using several shareware anti-virus programs, using Defrag, purchasing and using Norton Utilities, provide links to several sites with shareware software, learn to install & remove them, cleaning up after them, making backups of your registry, and tips about how to reboot faster.
Fortunalley, this is Linux, so managing your system means installing and removing applications! :-) An application comes usually in a package (.rpm for Red Hat, .deb for Debian). Using Red Hat Linux, I'll focus on RPM.

Open GnoRPM (Main menu -> Programs -> System). If you want to install/remove packages, you'll need to enter root password. Look around to see what you have installed now. To find out more about a package, Query it.
You can search for software at freshmeat. For example, get the Bluefish HTML editor, which I've used to write this article. Download it, then in GnoRPM use Install.

I update my packages quite often, software evolving pretty fast, being free open-source software. If you use Red Hat Linux 7.0, visit http://www.redhat.com/support/errata/rh7-errata-bugfixes.html and update glibc libraries to version 2.2.

A quick note about accesing your CD-ROM : in GNOME, when you enter a CD, a file-manager window opens. What happens it that it's also automatically mounted. To access a storage device in Linux (CD-ROM, floppy, hard-disk), you have to mount it in a directory. There are no letters for it (like A:, C:, D: etc). The CD-ROM is mounted by default in /mnt/cdrom.
The easiest way to use Windows-formatted floppies is with a text terminal, with commands such as mdir a:, mcopy file.txt a:, mformat a:.
Please read the distribution manual for more details.

That's it for this month. Please have a look at the Getting Started manual and GNOME manual (skim through them to see what they talk about, and return later when you need something).

Experiment & learn more about Linux; once you get used to it, you'll love it. Don't use root if you don't know what you do.

Keep your files organized. I've had more partitions, but always I was running out of space on one of them, so now I have one big partition (10G). I've created two directories in / : /opt and /my. As the Linux Filesystem Hierarchy Standard says, /opt is reserved for the installation of add-on application software packages; large applications, such as Open Office, can keep all their files together. But I also store there files already saved on CDs, like mp3s and documentation.

/my isn't a standard, but I've found it to be a convenient location for files I need to save when I make backup, such as my work or documentation. /home is a symlink to /my/home. If you have a web site or MySQL databases, you may want to symlink /var/www and /var/lib/mysql into /my as well. You'll also need to back up /etc and /boot too. (You could symlink these into /my as well but you probably shouldn't, since the machine won't boot if these directories get erased or anything funny happens to the symlink.)

To learn more, visit linuxdoc.org. There you'll find, among others, HOWTOs, short documents which talk about a specific thing. If you want to learn more about your computer & Linux, you can! Unlike MS Windows, Linux is an open operating system, with lots of features and documentation.

Some interesting sites to visit regularily are Linux Weekly News, Linux Today, Slashdot and Freshmeat.

Next month we'll talk about how to play mp3s cross-fading them, divx movies and more! Until then, happy Linuxing!


Copyright © 2000, Marius Andreiana.
Copying license http://www.linuxgazette.com/copying.html
Published in Issue 61 of Linux Gazette, January 2001

"Linux Gazette...making Linux just a little more fun!"


HelpDex

By Shane Collinge


touchtype.jpg
faxvoice.jpg
msmodem.jpg
fiftyeight.jpg
popular.jpg
bzzt.jpg
restored.jpg
insidious.jpg
os2.jpg
redhat7.jpg

Courtesy Linux Today, where you can read all the latest Help Dex cartoons.

[Shane invites your suggestions for future HelpDex cartoons. What do you think is funny about the Linux world? Send him your ideas and let him expand on them. His address is shane_collinge@yahoo.com Suggesters will be acknowledged in the cartoon unless you request not to be. -Mike.]


Copyright © 2000, Shane Collinge.
Copying license http://www.linuxgazette.com/copying.html
Published in Issue 60 of Linux Gazette, December 2000

"Linux Gazette...making Linux just a little more fun!"


Using ssh

By Matteo Dell'Omodarme


Every time we telnet into a remote machine the connection data will cross the local network, giving an eventual intruder the possibility to spy the connection and eventually insert some malicious commands into the data flux. The use of some strong cryptography systems will allow an enormous improvement in the security of the net.

From the manual page of ssh we can learn that: "Ssh (Secure Shell) is a program for logging into a remote machine and executing commands in a remote machine. It is intended to replace rlogin and rsh, and provide secure encrypted communications between two untrusted hosts over an insecure network. X11 connections and arbitrary TCP/IP ports can also be forwarded over the secure channel". It is a powerful, very easy-to-use program that uses strong cryptography for protecting all transmitted confidential data, including passwords.

At present time there are two SSH protocol, referred as SSH2 and SSH1, the first one being an improvement of the SSH1 protocol. SSH2 now supports other key-exchange methods besides double-encrypting RSA key exchange. The current distribution comes with Diffie-Hellman key exchange and has support for DSA and other public key algorithms besides RSA.

SSH2 can be compatible with SSH1, but it is not compatible by default; the SSH2 server alone can't manage a SSH1 connection and a SSH1 server must be in place in order to do that.

Obtaining and installing SSH

You can obtain SSH2 & SSH1 clients and servers from the master FTP server, or from its mirrors. The last version of SSH1 protocol is ssh-1.2.30.tar.gz, while for SSH2 you can download ssh-2.3.0.tar.gz.

The installation process is really easy. The first step is unpack your SSH1 sources:

tar -zxf ssh-1.2.30.tar.gz

This will create a directory ssh-1.2.30. Now go into that directory and start the configuration process:

cd ssh-1.2.30
./configure

The configure script carries out all the configuration needed in the compiling stage, searching the system for the required library and programs. When the scripts end its job you can start the compilation:

make

After the compilation stage, become super-user and install binaries, configuration files, and hostkey by typing:

make install

This will normally install clients (scp1, ssh-add1, ssh-agent1, ssh-askpass1, ssh-keygen1, ssh1) to /usr/local/bin, and a server (sshd1) to /usr/local/sbin. Notice that, in /usr/local/bin there are also symbolic link (without the trailing "1") to the real executables.

The next step is to install SSH2. The operations needed are the same required by SSH1:

tar -zxf ssh-2.3.0.tar.gz cd ssh-2.3.0 ./configure make
and as a super-user:
make install

Compatibility SSH1 - SSH2

In the following part we suppose you have either SSH1 and SSH2 installed.
In order to make the SSH2 server able to manage a SSH1 connection you should edit SSH2's configuration files, which are normally placed in the directory /etc/ssh2/.
In that directory edit the file sshd2_config, the configuration file for sshd2 (Secure Shell Daemon) which is the daemon program for ssh2. Add the lines:

Ssh1Compatibility yes Sshd1Path /usr/local/sbin/sshd1

Obviously modify the information /usr/local/sbin/sshd1 to agree with your sshd1 installation directory. With this configuration, sshd2 server will forward requests from SSH1 client to sshd1.

Then add two lines to the file ssh2_config, placed in the same directory:

Ssh1Compatibility yes Ssh1Path /usr/local/bin/ssh1

now ssh2 client will invoke ssh1 client when contacting a SSH1 server.

Starting SSH

There are mainly two different techniques to start sshd at boot time.

Establish a SSH connection

Once sshd is running on your machine you can test your configuration trying to login into it using the ssh client. Let's suppose that you machine is named host1 and your login name is myname. To start a ssh connection use the command:

ssh -l myname host1

In such a way ssh2 client (default client) tries to connect to host1 port 22 (default port). sshd2 daemon, running on host1, catches the request and asks for the myname password. If the password is correct it allows the login and open a shell.

Generating and managing ssh keys

Ssh allows another authentication mechanism, based upon authentication keys, a public key cryptography method. Each user wishing to use ssh with public key authentication must runs ssh-keygen command (without any option) to create authentication keys. The command starts the generation of the keys pair (public and private) and ask for a passphrase in order to protect them.
Two file are created in the $HOME/.ssh2/ directory: id_dsa_1024_a and id_dsa_1024_a.pub, the user private and public key.

Let's suppose that we have two accounts, myname1 on host1 and myname2 on host2. We want to login from host1 to host2 using ssh public key authentication. In order to do that four steps are required:

  1. On host1 generate the key pair using ssh-keygen command, and choose a passphrase to protect it.

  2. Login into host2, using ssh password authentication, and repeat the previous operation. Then change directory to $HOME/.ssh2 and create a file, named identification, containing the following lines:
    # identification
    IdKey  id_dsa_1024_a
    

    This file is used by sshd to identify the key pair to be used during connections.

  3. From host2, get the ssh host1 public key and rename it in a suitable way (e.g. host1.pub):

    ftp host1
    [...]
    cd .ssh2
    get id_dsa_1024_a.pub host1.pub
    

    At the end of ftp process a copy of host1 public key, named host1.pub, resides in host2 $HOME/.ssh2 directory.

  4. Create the file authorization containing the following lines:
    # authorization
    Key     host1.pub
    

    This file lists all trusted ssh public keys placed in $HOME/.ssh2 directory. When a ssh connection is started from a user whom public key matches one of the entry of authorization file the public key authentication scheme starts.

In order to test the previous configuration, you could try to connect from host1 to host2 using ssh. Sshd must reply asking for a passphrase, otherwise, if password is requested, some mistakes occurred in the configuration process and you must check carefully steps 1 to 4.
The passphrase required is your LOCAL passphrase (i.e. passphrase protecting host1 public key).

Coming next...

The next article will present other programs and facilities from ssh suite: ssh-agent and ssh-add (two useful passphrase management programs), and sftp and scp (a secure way to transfer files across the net).


Copyright © 2000, Matteo Dell'Omodarme.
Copying license http://www.linuxgazette.com/copying.html
Published in Issue 61 of Linux Gazette, January 2001
Emelfm vers. 0.9.2

Emelfm 0.9.2

After migrating from the Amiga to the original Slackware distribution of Linux, I spent several years searching out a replacement for Directory Opus. Now, a 'file manager' means different things to different people. Some simply want to copy, move, rename files etc. Others want to be able to operate on those files in esoteric ways. At whim. Configurably. As you may have guessed, I'm one of the latter.

I tried everything that came along, whether they claimed to be clones of Dopus or just great file managers. All fell short in some way. Some were too slow, others were fast, but not configurable enough. Still others had both, but configuring them was difficult.

In the mean time, I used the venerable Midnight Commander (good ol' mc). You can do anything with mc - you just have to configure it, but it's still console based and a lot of basic operations are more easily done from a gui. New problem: after six years of using mc, I had added the desire for a Linux Dopus that behaved like mc. Great. Now I wanted superb keyboard navigation and key-mapping and mousing and configurable button banks. Prospects were looking pretty grim

And then Michael Clark came along and wrote emelfm.

emelfm full screen

emelfm has all these - and more.



Overview

As a graphical file manager, emelfm has no peer. Any file operation imaginable may be carried out using emelfm. It has all the functionality of a modern gui based file manager, yet at the same time mirrors the functionality of mc, including the ctrl+o shell. In addition, emelfm allows you to easily construct shell scripts of a few lines and put them on a button - or in a context menu. Yes, you could put these in a shell script or an alias (and, of course, you still can), but there's something just so very nice about drag-selecting a few files and then clicking one button which performs magic on them.

I'm always a little at a loss when the "GUI vs. Console" wars break out. I like and use both when I find it appropriate. Thus far, there is no simple, intuitive way to provide point and click access to all the power the command line has to offer and I'm the first to dive in there when the need arises (or even just for sport). Now then, just suppose I'd delved into the manual for mpage and written 'mpage -P -m50lb20t20r -j 1%2'. Yes, I needed the command line. Yes, it's very useful to me. No, I won't remember it past my next cup of tea. Solution: add it to the context menu for .txt files in emelfm - or put it on a button. The above example is quite trivial compared to what's really possible with emelfm. It simply serves to underline the point that emelfm actually bridges between your work on the command line and your use of the gui.


Nearly all gui file managers allow for some default action when you double-click on a file. emelfm goes beyond that. If you right click over the same file you'll be able to select from a list of alternative actions. Two things to note: 1) you've got more options and 2) it's context sensitive, i.e. you only see choices related to that particular file-type. For example, in my own case, if I were to double-click an htm,html,shtm or shtml file I would be reading it in kless via w3m. However, if I right click the same file a whole range of options open up to me. As if that's not enough, there's always the "open with" item, so I can type in a command on the fly.

an emelfm context menu
one of emelfm's file-type dialogs

Also included in the emelfm repertoire are a 'vfs' for diving into tarballs and zip files, a pack plugin for making archives (with an elegant, intuitive interface), an easy to use 'for each', a rename by extension (pattern really - much better) and many more.

Here's some other stuff in no particular order:

  • very simple configuration for unknown file-types
  • configurable coloured highlighting of file types
  • drag and drop internally and between other gtk apps
  • configurable fonts
  • plugins and a reference manual for writing your own
  • one-click access to your home directory
  • cloning of a file to the same dir under a different name
  • verbose file listings
  • various sorting methods via a single click
  • bookmarks
  • default startup dirs
  • capture of command output
  • more. I forget till I need it.....


Installation

Even if you've never compiled a program before, emelfm will be trivial to compile.

  • Download the tarball and unpack it somewhere.
  • Pop a shell and cd into the same directory and type 'make'.
  • Then 'su' to root and type 'make install'.

You're done! Ctrl+d to get out of root and run emelfm by typing its name. That's all there is to it.
Now, you can make an icon for emelfm or add it to your menu structure. It happens that I use KDE, so I used khotkeys and assigned emelfm to ctrl+esc for quick access.


Navigation

As detailed above, part of our shopping list was keyboard navigation and emelfm works out of the box. Up and down cursor keys respond predictably. Left cursor moves you up a directory and right cursor on a directory moves you down into that directory. Tab or space will toggle the active pane. Return or right arrow on a file will run the default command on that file.

If you press the shift key while moving up or down, you will highlight a range of files. Like mc, you can also use the 'insert' key to tag files.

Here's a list of default keybindings. These are just a beginning. You can easily map all the default mc keys into emelfm. Then add all your own personal keybindings. As you can see by the screen shot, the configuration is pretty paul-proof.

emelfm keys dialog

Of course, navigating with the mouse is the same as the keyboard and it's intuitive enough that I don't feel I need to go into it. Double-clicking performs the default action and Ctrl+click allows spot selection etcetera. One thing I need to mention is that 'drag and drop' is performed using the middle mouse button.

Usage

Where do I begin? You can configure everything from the key bindings to what's shown in the columns. There are so many ways to configure emelfm, I'll just give you a few thoughts:

  • Some misc. tips available from the readme are here.
  • configure a button like 'kdesu -c emelfm'. We all su to root sometimes. We have to... Now, tell emelfm to show dirs in red, that way you'll know you're running as root. Also, resist changing the default config for root's emelfm - the less at home you are the better and - the sooner you'll leave.
  • Make a button for xterm as root and another for xterm as user. The nice part is they alway open in the target directory
  • Almost completely unrelated timesavers: create aliases for cf='./configure', mk='make' and only in root, mi='make install'
  • both df and du work nicer with the '-h' (human) option
  • Read the whole Readme it's worth it!


Summary

This program is not only the equal of 'Dopus' it's actually better. Before you flame me, I used Amigas since 1986 and had thousands of lines of rexx hanging off of dopus. Now I have (so far) a few hundred lines of perl and bash hanging off of emelfm. That, and a lot of ELF binaries.

No single program pleases everyone, but I know both ex-Amigoids and new Penguinistas who have and use emelfm. If you're looking for something that most resembles Dopus visually, you should try Worker by Ralf Hoffmann. There's also an article about "Worker" here. For a reliance on file magic give gentoo by Emil Brink a download. For built-in ftp, Henrik Harmsen wrote filerunner. I think emelfm probably owes the most to "filerunner" in terms of look and feel.

Wish list

  • Right-click alternatives and "dog-ears" for command buttons
  • du of selected files
  • Colouring of buttons etc.
  • CD-RW plugin
  • ftp

I know the author is seriously considering at least the first four.

In sum, it's guys like Michael Clark that keep guys like me from having to learn 'C'. :-)

You will find Mr. Clark both helpfull and responsive to bug reports and requests for features.

"Linux Gazette...making Linux just a little more fun!"


Tuxedo Tails

By Eric Kasten


holiday.png


servdali.png
[Eric also draws the Sun Puppy comic strip at http://www.sunpuppy.com. -Ed.]


Copyright © 2000, Eric Kasten.
Copying license http://www.linuxgazette.com/copying.html
Published in Issue 60 of Linux Gazette, December 2000

"Linux Gazette...making Linux just a little more fun!"


Using the Wireless Modem Ricochet

By Mark Nielsen


  1. References
  2. Introduction
  3. Getting Ricochet
  4. Installing the Ricochet modem
  5. Setting up a firewall for your network
  6. Why use the Ricochet modem?
  7. Conclusion

References

  1. Metricom modems support in Linux. This is the only place I found that explained how to install the faster modems.
  2. If this article changes, it will available at GNUJobs.com.
  3. LG index which has many articles on networking and firewalls. You may also want to look at Linux.org to find documentation on how to setup a firewall.

Introduction

The Ricochet modems are wireless modems that let you connect your computer to the internet through an ISP provider that is hooked up to the wireless network. It is only available in certain areas.

None of the ISPs support Linux. They officially only support crappy horrible operating systems are not good for a technical person or a real programmer. Naturally, Linux, FreeBSD, and other good quality operating systems are ignored. It makes sense from profit point of view. Call the ISPs and let me know you want them to support real operating systems.

The modems will connect at 80 Kbps with a serial port and 128 Kbps for a USB connection. I only use the serial port connection, for now, and it seems faster and more stable compared to a normal dial-up over the phone. Sometimes it crawls, but overall, I am very happy with the modem.

Getting Ricochet

None of the ISPs support Linux. Wireless Web Connect seems to be more liberal, so I choose them. All the other service providers seemed to have staff that had no clue what Linux was and they had a big corporate feel, which I usually try to avoid. I bought my modem through the service provider for around $100, which apparently was a special price, but I have noticed that special prices tend to become the normal prices over time in the ISP market.

Installing the Ricochet modem

Installing the modem was really easy after I found the right webpage. Metricom modems support in Linux.

It was this simple on a RedHat 6.2 system (when am I going to switch to Debian for good?),

  1. Start the control panel with the command "control-panel" in Xwindows.
  2. Click on the Network Configurator.
  3. Click on the "Interfaces" button.
  4. Click "Add".
  5. Choose the PPP option and continue.
  6. Type in "3333" for the phone number, and the username and password. Select the PAP option.
  7. After you have added the ppp interface, click on the interface, click on the Edit button and type in "noipdefault" where it says "PPP Options". Then click on "Done".
  8. Save and quit the control-panel.
Now you need to follow the specific instructions the above article talks about. You need to modify /etc/resolv.conf for the DNS and edit /etc/ppp/pap-secrets as described in the article.

Overall, it was simple once I knew what to do.

If you have tried to figure out how to setup the modem, and you cannot, and you have read this article and the other article mentioned above, then send email to GNUJobs.com at articles@gnujobs.com and perhaps I can point you in the right direction. If you attend the SVLUG meetings in the Bay Area, bring your laptop and send me email when you are attending the next meeting, and I can help out.

Setting up a firewall for your network

I have a desktop computer and a laptop. I don't like using the touchpad on my laptop, and since I have to use the serial port for my external mouse, I can't use the Ricochet modem (unless I use the touchpad). Thus, I use my desktop computer as a firewall. I connect the desktop computer and laptop to a 100 mbit hub. Then I connect the Ricochet modem to the desktop computer.

The desktop becomes my firewall. I don't have any services running on it except for ssh. All the other ports are closed. Please use the program nmap to scan your computers to find out which ports are open. I would also disable the root account from logging in with ssh.

If you wish to know how to setup a firewall, I 9have written many old articles for the Linux Gazette about networking and firewalls. There are lots of resources out there. Try linux.org also with their HOWTOS.

Why do this stuff?

As an independent consultant, having the ability to go anywhere and be connected is nice. Not having to pay startup costs every time you want to get a 2nd phone line in an apartment is nice. I really loathe the local phone companies for hitting businesses with high phone bills. The wireless modem ends up paying for itself after you combine a phone bill and an ISP bill.

It isn't super fast, but for my needs it is just fine. I am still going to get a DSL hookup. This will provide me with two alternate ways of connecting to the internet should one route die for a day. That can be very bad for an independent consultant, so two routes are a must.

I leave the modem on all day and the firewall on all day. It is nice that it doesn't tie up a phone line and it is also nice that I don't have wires all over the place. When I had to move to a different room because the guy who was assembling my furniture kicked me out of my office, it was nice that I could take the laptop with the Ricochet modem to another room.

Conclusion

The Ricochet modem is good for connecting to the internet and is a must for a traveling independent consultant. I don't work for or get paid by Ricochet or the service providers for Ricochet, so my opinion isn't skewed. It is easy to setup, with just a few modifications. If you cannot afford it as a business expense, don't do it and get a DSL line instead for personal use because it is not going to be as fast as DSL and it can be more expensive than DSL. There are bonuses and negatives to getting the Ricochet modem. If we ever get to the point where the speed gets upto 500 Kbps, then DSL has no real advantage for me (except in the Bay Area getting a fixed ip address with DSL seems to be $30 more a month which is a lot cheaper than what I paid for to get a fixed ip address using Cable Modems in Columbus, Ohio).

Mark works as an independent consultant donating time to causes like GNUJobs.com, writing articles, and writing free software.


Copyright © 2000, Mark Nielsen.
Copying license http://www.linuxgazette.com/copying.html
Published in Issue 61 of Linux Gazette, January 2001

"Linux Gazette...making Linux just a little more fun!"


When Apache Redirect Doesn't Work the First Time

By Mark Nielsen


  1. References
  2. Introduction
  3. The Problem with Redirect
  4. Using a Perl script
  5. Using the mod_rewrite module for Apache
  6. Using Redirect with Virtual Host
  7. Conclusion

References