May 2003, Issue 90 Published by Linux Journal
Front Page | Back Issues | FAQ | MirrorsThe Answer Gang knowledge base (your Linux questions here!)
Search (www.linuxgazette.com)
Editor: Michael Orr
Technical Editor: Heather Stern
Senior Contributing Editor: Jim Dennis
Contributing Editors: Ben Okopnik, Dan Wilder, Don Marti
![[tm]](../gx/tm.gif)
,
http://www.linuxgazette.com/
...making Linux just a little more fun! |
From The Readers of Linux Gazette |
Linux aol dial-upI have Peng client connect to AOL on RedHat 9.0. It connects to AOL alright but my system doesn't recognise the active connection. For my browser or gFTP clients do not connect to any http or ftp sites.
What do I have to do so that the system/n/w config understands the active connection
-Narendra
Well folks, it's not a late edition of a Fool's Day joke .. Peng really is intended for letting people use their AOL dialup to get what we'd consider more ordinary connectivity. Anyone out there hitting the net this way? Let us know how you do it! -- Heather
Linux InfraredHi all, I am interested to make an infrared remote for linux. I have also visited the LIRC webpage. if there is any body who has already build this remote please tell me how it is working and a little bit about the circuit & driver ,library etc u have used. please share ur experience with me.
If some one is using creative infrasuite remote (credit card size) , please let me know. does it need the separate IR receiver or the inbuilt IR in the CD Rom is enough ? I have the Panasonic Tv remote at home. so please let me know too if there is any body using this remote with LIRC.
thanks in advanced.
On a slower computer...Hello,
About 8.0 LInux installation either "stand alone"? or install with windows on a pc. can you offer tips on installing it to a 75 mhz computer. what of fdisk or other info format?
You may refer my request on to someone else in club as you desire. Thank you,for you time.
Now, small distros and distros-on-floppy we have by the dozens. But RH 8 compatible? Or kickstart floppies that chop out a bunch of that memory hogging, CPU slogging stuff? An article on keeping your Linux installers on a diet would be keen. Just in time for Summer, too. -- Heather
A Walk through Frink's ConfusionI don't understand why this:
x=`echo -e "\240"`;mkdir $x;echo "hostname -f">$x/perl;chmod +x $x/perl;export PATH=$x:$PATH;clear
combined with this:
perl -we'fqdn'
is considered an Easter Egg. How do you enter it into a bash prompt to make it an Easter Egg?
Brad
*looks for riffles, JIC*
[Ben] I don't understand your question. What Easter Egg? What the heck does "enter it into a bash prompt" mean ("enter at the command line", maybe?)
That's what I meant. Woomert's command line looked as if it was meant to be entered directly into a shell prompt. Is it meant to be entered some other way?
[Ben] Ah, OK. Yes, it's meant to be entered at the shell prompt.
What did you try? What results did you get? What did you expect to see instead? Give me some info to go on, and I might be able to help you - if I can get an idea of what you're asking for.
I tried entering the x=" line, then calling perl -we'fqdn' to see the output. That worked.
[Ben] <grin> Except... it didn't. There's no such function as "fqdn" in Perl; it's just a random string that I munged up, an abbrvtn for "fully qualified domain name."
What I was expecting was something which made perl stop working or something which would munge my command line.
[Ben] That's exactly what you've got: Perl is now "broken". No matter how you invoke it, it will now type the FQDN.
I have an idea on what this is meant to do, though:
x=`echo -e "\240"`;mkdir $x;echo "hostname -f">$x/perl;chmod +x $x/perl;export PATH=$x:$PATH;clear
echo -e "\240" : ASCII code 240 mkdir $x : create a directory with name $x
[Ben] Well, with the content of $x - which is an "invisible" ASCII character (at least with the default LOCALE), easy to miss when you do an "ls".
[Jason] Hmmm....my 'ls' shows the escape character. ("\240") That's becasue the '-b' (show escape characters) is in $LS_OPTIONS, which is used in my 'ls' alias. That's pretty neat, but I find a backspace character has more intersting effects:
~/tmp$ x=$(echo -e '\b') ~/tmp$ mkdir $x ~/tmp$ touch $x/lala ~/tmp$ ls \b/ ~/tmp$ cd ^H/ ~/tmp$ ls lala ~/tmp$ cd .. ~/tmp$
It makes it look like you don't even change directory! And the output of the 'ls' command is, of course, given the -b options via my alias. Normally, (my version of) ls outputs a '?' when there's an unprintable character.
echo "hostname -f">$x/perl : echo the hostname into a file named perl in $x
[Ben] Nope. Echo the string "hostname -f" into that file.
chmod +x $x/perl : make the perl file executable
[Ben] Thus making it an executable shell script which runs "hostname -f".
export PATH=$x:PATH;clear : adds $x to the $PATH
[Ben] Much more importantly, putting $x at the front of the PATH - meaning that the executables in there will get run instead of the others. When you type "perl", the actual Perl binary never gets executed: the shell script is now the first "perl" in the path!
Is this Easter Egg supposed to make perl act strange?
[Ben] It's not an "Easter Egg"; that term has a specific meaning (hidden feature that does something cute when you run it, like the maze in MS Excel, a mini-version of a Doom-like game in Word some years ago, etc.) That's what had me confused. It's a hack (not a software hack, either; Woomert just hacked Frink's naivete, too easy of a target by half.
As to what it does - it makes Perl go away.
[Jason] Only in UNIX can you do so much interesting stuff with a few commands. A while back I was playing with a script that would, when run, print
rm -rf /home/username.....12345K deleted
where username is your username and 12345K is however much stuff you have in your home directory. The disk churning sounds would be 'du' running to figure out how much stuff in your home directory there was. Then the tricky bit was that the script would add some commands to your .bashrc, which changes $HOME to /tmp/$RANDOM and cds to that directory, so when the user logs in again he thinks all his files are gone. I thought about uuencoding it and posting it to the TAG on April 1st, but decided not to.
[Ben] Oh, massively cute! You should, of course, set the command prompt to show that the user is still in his home directory...
[Jason] That's what setting $HOME does.
[Ben] Oh, I meant an explicit "/home/joe" rather than "~", but you're right - that's even better.
Cloning workstations articleEsteemed editor,
In your April issue of Linxu Gazette there is an an article on Cloning Workstations with Linux by Mr. Alan Ward. An article that starts with:
"Anybody who has had to install a park of 10 - 100 workstations with
exactly the same operating system and programs will have wondered if ...etc"
is able to raise my curiousity.
IMHO the best solution for a hundred or so workstations.
Kind regards,
Dirk
Please note that g4u is based on BSD, not Linux. The techniques used are, however, very similar.
Best regards,
Alan Ward
|
...making Linux just a little more fun! |
By The Readers of Linux Gazette |
linux baby clothes?gday - how'd it go with the inquiry about Linux baby clothes?
- How about this one here:
- http://www.thinkgeek.com/tshirts/kids
bookmark conversionHi,
I have a www browser bookmark conversion problem (and a partial answer
). I'm currently using Opera as a browser but I wanted to also use
Konqueror. As always, there is an issue with the bookmarks: it's
difficult to "port" them. After one hour of groping and hacking I
managed to write a little script that does the opera->konqueror port.
But it is ugly and it doesn't work in the other direction.
Do you know of such bookmark converting apps/scripts (on linux!)? Konqueror (in kde 3.0) seems to know how to import/export bookmarks to netscape and mozilla, but not more.
I hope this qualifies as a Linux question
. It's an all platform
issue, but that doesn't mean it's not linux, right ?
I included my partial-answer-script. Maybe someone can use it
. I
don't really know perl, my script is probably very ugly but it worked
for me. It's a filter, you have to use redirection and then copy the
output file to the konqueror bookmark file.
Thanks,
Miron Brezuleanu
See attached op2konq.pl
[K.-H.] Hmm... opera has some bookmark export variants too.
Like file-export-bookmarks_as_html looks like a very much universal export format if you simply load that html page and klick on the bookmark you want.
As I remember netscape bookmarks are a simple html layout as well which you can directly load as an html-page.
CupsThis is a multi-part message in MIME format.
------=_NextPart_000_0030_01C2FDD5.E597FE00 Content-Type: text/plain;
charset="iso-8859-1" Content-Transfer-Encoding: quoted-printable
I'm sure you're unaware of this, but you sent your message with extraneous MIME headers like the foregoing, and with your entire message printed a second time in HTML. Please change your mailer's settings to stop it from doing this. Instructions are here: http://expita.com/nomime.html#outlook5
For more information, please see (http://www.linuxgazette.com/tag/ask-the-gang.html#non_text)
Normally I leave this part out. However, since I note that Rick has had to utter this little macro an awful lot of times this month, I figured I'd help a few souls out there by seeing it get mentioned. The answer in this case is tiny - so this brings it up to a whole Two Cents worth :D -- Heather
How do you set printing priorities with cups?
Using the -p option:
$ /usr/bin/lp -d LaserJet -p 90 foo
...gives the job of printing file foo a priority of 90 out of 100. Default priority level is 50.
DOS functions in Linux' gcc?Respected sir/ madam ,
can i use execute interrupt 11h and 13 h as i can use in TURBO C using int86 function , plz give some inforamtion or notes how to do that in linux using gcc thanking you in advance
I'm not sure if it's possible in the same way it is in DOS, but it's definitely not the done thing. Wine (http://www.winehq.com) has code in its DOS emulation dll, which you could probably use in a similar way. Look in wine/msdos/ and wine/dlls/winedos
Int 11 is equipment check and 13 is disk services, right? For int 11, you might try using Discover (http://www.progeny.com/products/discover). For int 13, you'd need to be more specific
Internet by call in USA?In response to Help Wanted #6, Issue 89. -- Heather
Hi matthi
In US, visit the next public library - there are some PCs in every public library with which you can access internet (and therefore via webmailer your mail) for free. Also, many Hotels/Motels have free web-access by LAN or, al least, an PC with freee webaccess (motels with moderate prices too, afaik motel 8, motel 6) - you can choose your accomodation by that.
[GL] nis problemThe author here - a member of the GLUE list, contacts for "Groups of Linux Users Everywhere" - was really hoping he was wrong, but this is how the dreaded YP stuff really works. A tip for all who have to deal with NIS. -- Heather
1) I search various web-sites, but I cann't find this.my nis-server and nis-client works properly. ypbind at client detects the nis-server also. yp.conf,network files all r fully configured in client and server both. "ypcat passwd" also displays the user info in both client & server. But when I create any new user at nis-server,I can get user-info by running "ypcat passwd" only when then I execute make command in /var/yp or "ypinit -m" in /lib/usr/yp folder AGAIN.I want to know that IS it Required to execute MAKE COMMAND AGAIN & AGAIN When any New User Created ?
In a word, yes.
Pctel hsp micromodem 56 config.........RedHat 8.0Hi there,
I wonder if this would be useful to some of you out there.I had some problems configuring my Pctel PCI modem.After a lot of searching I found a driver at linmodems.org.The compilation went on perfectly but when I tried to load the modules with insmod I could not load the modules and it would display that the module is compiled with GCC 3 and hence cannot be loaded.
[Kapil] Thanks for your hints ...
Note that many distro kernels are compiled with gcc 2.95 (in fact I don't believe I have successfully compiled a kernel with gcc >= 3.0).
Thus a possibly better solution is to install gcc-2.95 and compile kernel modules using that.
An alternative is to re-compile your kernel with gcc 3 and then you can use modules compiled with gcc 3 as well.
If you are facing the same problem do this....
1.At the console type
insmod -f pctel insmod -f ptserial
(instructions on installing the modules can be found in the readme file found with the package). (If you are using the same tarball from linmodems.org i.e.,pctel-0.9.6.tar.gz you have to type commands as it is). You will see some messages but it does not matter much.
[Kapil] Generally speaking, I would do an "insmod -f" only if I was in a hurry or if I couldn't even boot-to-fix witout it. But it should never be allowed to be a "permanent" solution.
2.If you are using KPPP to connect to the internet do this..... create a new connection,fill in the connection details and other things. Then go to the modem tab and click on modem commands.In the section named initialization string 2 give the following "AT&FX1&C1" and press ok.
3.Instead of loading the modules each time the above given commands you create a script which you can execute before starting kppp. I can't assure that it is going to work,but you might as well give it a try.
Hope this will help. Vivek.
[Kapil] Me too.
Debian upgrade howtohow to upgrade the existing debian version without reinstalling ? (for an ex. potato to woody)
Debian's built-in upgrade process is controlled by the /etc/apt/sources.list file and by the apt-get package-retrieval utility. sources.list specifies where to look for new packages (Web or ftp sites, CD-ROMs, hard drive directories, etc.), and apt-get fetches both available-package catalogues and the packages themselves. Your sources.list probably looks like this:
deb http://http.us.debian.org/debian stable main non-free contrib
deb http://non-us.debian.org/debian-non-US stable/non-US main contrib non-free
deb http://security.debian.org stable/updates main contrib non-free
Notice the word "stable". At the time you installed Debian, "stable" referred to 2.2/potato. These days, "stable" has progressed to 3.0/woody: The alias name "oldstable" can still be used to refer to potato, or you can just use the name potato.
That is, if the machine you're talking about has Internet access, you can upgrade in two stages, like this.
1. Edit sources.list to refer to "potato" by name:
deb http://http.us.debian.org/debian potato main non-free contrib
deb http://non-us.debian.org/debian-non-US potato/non-US main contrib non-free
deb http://security.debian.org potato/updates main contrib non-free
As root, retrieve the latest available-packages list for potato:
# apt-get update
Now, upgrade all installed packages to the latest for the potato series:
# apt-get dist-upgrade
2. Re-edit sources.list to refer to "stable" (which is now 3.0/woody):
deb http://http.us.debian.org/debian stable main non-free contrib deb http://non-us.debian.org/debian-non-US stable/non-US main contrib non-free deb http://security.debian.org stable/updates main contrib non-free
# apt-get update
# apt-get dist-upgrade
The point of doing the upgrade in two stages is to avoid introducing dramatic version differences, all at once.
However, it may be that pulling down a hundred or so packages from the Internet isn't practical. If so, you can acquire a set of Official Debian 3.0r1 CD-ROMs. The full set is 7 CDs. (You don't need to get all seven, if you don't want to.) To register them in sources.list, first comment out any existing "deb" lines in that file, and then run the apt-cdrom utility once for each CD. Then:
# apt-get update
# apt-get dist-upgrade
That's just about all there is to it. Make sure you take note of any warnings or advisories shown to you during the upgrade process.
I was looking for this a long. and U have given me the solution.
I know that "thanks a lot" is not enough. any how wish u my best wishes -
))
more verbose and useful assert()In reference to the assert() macro that good programmers use to catch bugs that should be fixed before the user sees them -
Unfortunately, when a programmer debugs somebody else's code, an assert failure may be rather difficult to interpret. What does assert(p == NULL); failure mean? You will not know until you look at the source code at that point and try to understand what's going on. But what if the assert was changed to:
assert (p == NULL && "Please deallocate your GC handle before allocating a new one");
Now the programmer can read the message, which will be printed along with the rest of the stuff in the assert, smack himself on the forehead and shout "doh. I know where the problem is!" The assert works because the string pointer is always non-zero and if p == NULL, will not cause the assert to fail.
This seems pretty obvious, now that I have figured it out, but I have never seen this technique used in any piece of code. The effect can be achieved by using a custom assert library, but why introduce a dependency when you don't have to?
[Jimmy O'Regan] Would it not be better to use
if (!assert (p == NULL))
fprintf (stderr, "Please deallocate your GC handle before allocating a new one");
[Didier Heyden] Nope; assert() actually aborts the program if its argument is 'false.' This means that your own message would never be printed, even if the 'p' variable were NULL. Instead, you'd see something like:
PROGNAME: SOURCE.c:31415: FUNCTION: Assertion `p == NULL' failed. Aborted
then the program would terminate (and possibly dump core).
OTOH, with Mike's method you'd get a message similar to:
PROGNAME: SOURCE.c:27182: FUNCTION: Assertion `p == NULL && "Please deallocate your GC handle..."' failed. Aborted
The reason his solution works is that a string constant in C (even an "empty" one) always evaluates as a 'true' condition (a non-null memory reference indeed).
Another advantage of sticking with "simple" assert() macro calls is that you can disable all of them at once, merely by #defining the NDEBUG macro at compilation time. In that case, all assert() instructions will expand to nothing at all.
[Jimmy] (or similar, apologies for my rusty C)
[Didier] Naaah.
#/usr/bin/perl -W
using strict;
my despair = {'Why', 'the heck', 'doesn't this', 'work'}
for each (@cry in $despair) { echo @cry, " (sob) " }
(Don't laugh: it's based on countless true stories).
carrier errorsI came across your "Answer guy" site while searching for info on ifconfig errors. Unfortunately, it did not help with my problem, but since you provide an e-mail link, I'm not too proud to ask.
The question I'm trying to understand is "what are "carrier" errors. I'm getting "carrier" errors on 100% of my my TX packets and can't connect to the rest of the network, but the man pages for ifconfig don't tell me what the errors are and I'm at a loss so far to find information on this.
Carrier errors is jargonese for Cable fault. Please check the cable you are using (try a different one if you have one). Of course it could also be a loose contact problem.
Carrier = Signal Carrier = standing wave on which signals are transmitted using "modulation". That's about as much as I remember from by College course in Electronics.
The complete problem is that I'm running both WinXP and Linux (Knoppix booted from CD) on an HP notebook. Knoppix used to boot and connect to the network fine, but now it has stopped working! I'm running strictly from CD, no install or configuration information on my system, just the normal Knoppix auto- configuration that worked fine on the hardware before, yet now for reasons unknown I get these carrier errors and can not transmit anything on the network (sniffing the wire confirms that nothing is going out). Obviously I can no longer get my network settings with DHCP (which also used to work fine on my local network for this computer), but I cannot manually configure the card to work either. Do you have any insight to what might cause this?
Thanks. Unfortunately, in this case the "carrier errors" are not cable errors. Here are the details that confirm this:
The hardware works 100% correctly under WinXP, including sniffing the
cable and seeing absolutely no errors in a large number of packets.
The hardware used to work under Linux (Knoppix booted from CD) but no longer does, even with the very same bootable CD. There are no packets getting out onto the cable at all, again confirmed by sniffing the cable.
A completely different cable was also used to route the notebook computer to a separate hub where the packets could be watched by another computer. Still no packets were on the wire.
I wrote earlier: Carrier = Signal Carrier = standing wave ...
So at least I feel partially vindicated. There is no standing wave hence no signal
Apparently other Linux issues can manifest themselves as carrier errors, but I have not yet been able to determine what counts as a carrier error in Linux.
Let's apply Occam's razor here based on the fact the "it used to work with the same Knoppix CD". What could have changed?
- Not the CD. And hence not Linux or the software that comes with it.
- Not the cable (this has been checked by you).
- Not the hardware (it works under that other OS so its not critically damaged).
Thus the problem has to be with the remaining "soft" component. That is BIOS/flash settings. Some Network cards store some settings. You could examine these settings using the mii-tools. Additionally, check whether you have made some changes to the BIOS.
I just wanted to give you some feedback. Thanks very much for the reference to mii-rtools, it really helped. It looks almost certain at this point that Microsoft's "security updates" are changing NIC configuration eeproms. And, of course, Microsoft knows not to use the bad configuration and works fine with the change, but another OS like Linux that trusts that the configuration in the eeprom is what the manufacturer or user wants fails. I've found several other users that have been trying to figure out what happened, why their CD used to work fine but now fails on the same system. We all accepted Microsoft "security updates". We are now trying to get a test done with some networking tools that can watch the content of the eeprom and catch when it changes, so I expect to have evidence to support this soon.
I'm pretty sure it can - I know a dyed-in-the-wool linuxer who currently has to consider his happy little Orinoco family wireless pcmcia card a piece of junk because a "helpful" Microsoft update has put it into a state that Linux and BSD tools don't seem to be able to get it out of. Of course it works fone in the other OS. Grrr. -- Heather
architectureI have seen that different linux architecture are present based on different processor architecture. like i386, i586, i686 etc. what are these & how to know the architecture of my processor ?
JK, Linux provides an excellent facility for this sort of thing, in the form of /proc/cpuinfo. Here's the one from the server I'm mailing this from:
For those ignorant of or who simply are happy to avoid the text editor vi (or its friendlier cousin vim) :r is a command which, when issued from command mode, will read what comes after it. :r! runs a command, which can be nice for inhaling man page fragments, too. Making this a Three Cent Tip... -- Heather
:r /proc/cpuinfo processor : 0 vendor_id : GenuineIntel cpu family : 6 model : 7 model name : Pentium III (Katmai) stepping : 2 cpu MHz : 498.755 cache size : 512 KB fdiv_bug : no hlt_bug : no f00f_bug : no coma_bug : no fpu : yes fpu_exception : yes cpuid level : 2 wp : yes flags : fpu vme de pse tsc msr pae mce cx8 apic sep mtrr pge mca cmov pat pse36 mmx fxsr sse bogomips : 996.14
There. More than you really wanted to know about the host's CPU. Of course, the above gives information about the hardware. The machine's kernel may or may not have been compiled with appropriate optimistions, though that will generally be included in the output of uname -r (kernel release).
[Pradeep] i386, i586, i686 are different kind of processor architectures developed by intel. The following link has some info about this: http://www.rebourne.org/chiparch.htm
In the terminology of the hardware hackers, these are considered the same architecture (32 bit Intel, "i386" if you're looking in the kernel source tree). There are a few optimizations, but the way they think is similar. Contrast a Sparc, a Strongarm (found in many handhelds), or even Intel's own ia64 ("Itanium" if you prefer them by name). -- Heather
floppy woesI'm running SuSE 7.1 and Win98 on separate hard drives in a 900 Mhz Celeron machine. Things were working fine until recently, when I could no longer access my floppy while in SuSE. The same drive reads and writes perfectly in Win98. When attempting to mount the floppy either by clicking the desktop icon, or by typing the command in the terminal, I receive the error '/dev/fd0 is not a block device'. What could have happened to cause this, and what can I do to repair it?
Some possibilities suggest themselves.
- The device node is not properly created. Run 'ls -l /dev/fd0' and check.
- You have a modular floppy driver which is not loaded. Run '/sbin/lsmod' to check whether the driver is loaded.
[Didier Heyden] A third possibility is that your floppy disks and/or drive are actually defective. A 'mount' command issued on /dev/fd0 (assuming that this block device file and the kernel modules are all set up properly) will first try to access the disk's boot sector. If any I/O error occurs then, the 'mount' will fail with the error message you mention.
Take a look at the system log files (usually /var/log/messages, but you can also use the 'dmesg' command). Check whether errors like
[...] kernel: end_request: I/O error, dev 02:00 (floppy), sector 0
are present; if so, try to mount a few other floppy disks. If the system keeps producing an error similar to the above, chances are that you will have to replace your floppy drive very soon -- in particular if the very same diskettes are correctly mounted and read on some other (Linux) box.
There was a time when such a problem could be caused by a drive head "misalignment", but I'm not sure it's still the case these days.
I think it can be; also, depending on your console setup, you might not have to dig in the logs to see these complaints, as they might spew on your console rather vocally.
First thing I'd check is whetehr there's a file in your /dev/ area that used to be your floppy node, fd0 or any of the others starting with fd. -- Heather
I don't know much about WinXX, though I guess that that other OS either does more retries before giving up or is too lax regarding sanity checks prior to granting access to the user (I can't help favoring the latter explanation).
firewallsOn Wed, 9 Apr 2003 13:48:45 +0100 (BST), deepa lakshmi wrote:
hello
Hi,
i have a firewall machine .i also have a machine with ip 192.168.1.7 behind the firewall.
i added prerouting rules to forward incoming request to internal web servers which are behind firewall.
now i want machine with ip 192.168.1.7 to have internet access through firewall. i have tried with this rules.but no resonse fron machine rules are
-A POSTROUTING -o eth0 -j SNAT --to-source 202.54.100.54 -A FORWARD -i eth1 -j ACCEPT -A FORWARD -m state --state ESTABLISHED,RELATED -j ACCEPT
but it's not working.
before saying that. Since we have no means to guess what actually happens on your system when you try the firewall rules you mention, you cannot expect us to be able to provide much help in exchange for so little information as you've given.
For example, is the above ruleset complete, or is it (as is more likely) only a subset of the actual rules you're using? Are these rules accepted at all when you enter them on the command line? What do the log files on your firewall machine say? Did you try a packet sniffer such as "tcpdump" or "ethereal" on its network interfaces? Did you make sure all required kernel modules have been compiled, installed and are actually loaded? Is "IPv4 forwarding" enabled? etc, etc.
I'm not an "iptables" expert myself, but I think the "-t <table>" option is not an unimportant one.
Here's a precious resource about setting up a Netfilter/iptables firewall. It covers pretty much everything (including source NAT and masquerading) and has a number of useful examples:
http://iptables-tutorial.frozentux.net/iptables-tutorial.html
<solemnly>
Beware that in order to set up a firewall in the Right Way, you
must definitely know what you're doing. Help yourself. Googlesearch.
Read howtos, tutorials and examples; once you have understood them,
give them a try. Observe the results carefully. Then -- only then --
ask a precise question.
</solemnly>
[Jason Creighton] Well, a problem I see is that for the SNAT rule, you need to specify the table, like this:
-t nat -A POSTROUTING -o eth0 -j SNAT --to-source 202.54.100.54
All the NAT rules go in the (guess what?) "nat" table. The default table is 'filter', which is used when no table is specified.
Internet Cafe ?Wally Bannon wrote:
I have a client who is Aboriginal here in Northern ontario looking to
set up a Internet Cafe. There are no location in the city of Thunder Bay.
Can you direct me to where I can get info on " how to set up or
establish an Internet Cafe"
This person is a youth age 25 who can access Gov't funding for
assistance to capitalize the project
If you want to use some combination of both Linux and Windows clients controlled by a Linux server, try Zeiberbude:
http://zeiberbude.sourceforge.net
If you want Linux clients connecting to a Linux server, you could also try DireqCafe:
http://akinimod.sourceforge.net/icafereal.html
This is built for the Linux Terminal Server project:
http://www.ltsp.org
If you want Windows clients connecting to a Linux server, try Prepaid Accounting:
http://quozl.netrek.org/ppa
If you want Windows clients connecting to a Windows server, you'll have to try asking somewhere else.
[Faber Fedor] If you go to www.google.com and type in "internet cafe howto" the first link is back to us -- http://www.linuxgazette.com/issue70/tag/9.html ! There are several other good links mentioned there on google.
Making IPTABLES complain...I have a little question. I have a iptables rule set that works perfectly. The problem is that to check if it is working as it has to I have to check the long log files every some time.
I really would like my laptop to complain when some unauthorized conection is attempted in real time or when my laptop tries to connect to other host without me doing it. Much the way Zonealarm complains. I just want the system to tell me that something strange is going on without me having to see the logfiles all the time or installing a dedicated IDS (snort).
I think if I can get iptables to send all the dropped packets somewhere a normal user (not root) can read them, I can grab that data periodically and display a little alarm with it using maybe karamba?? Any sugestions??
Just a little personal firewall for my desktop, since linux is becoming a candidate for personal desktop (It is already for me) this feature would be a good add-on.
[Jason] Now, do you want the data that the packets contain, or just the packet headers? The LOG target, will, as you know (if you're reading log files) give that information. If you really need the data, look into the ULOG target. The ULOG target sends the packet through a netlink socket to any listening process in userspace, so you'll need a daemon running to "catch" all those packets. Search the web for "iptables ULOG target", I haven't done much research into that method, so I don't know how well it would work.
It sounds like you want a pop-up window every time somebody sends you a packet that iptables drops. That's tricky to implement. Here's a half-way solution:
tail -f /var/log/syslog | perl -ne 'print "\a$1\n" if (/.*?firewall: *(.*)/)'
Assuming you have the --log-prefix option that's given to the LOG target set to 'firewall:' and that the kernel messages are ending up in /var/log/syslog, this will beep and print the packet details whenever a dropped packet comes in. You could then leave this running in a terminal. You might also want to have the 'limit' match on your logging rule, for two reasons:
- Somebody who knows what packets you're logging would flood your logs by send lots of illegal packets.
- You don't want to be driven crazy by beeps if somebody starts port-scanning you.
There's probably some better solutions out there, but this works if all you want is the packet details. Also, it's probably overkill to have perl doing this.
[Matthias] You could configure your logging client to log your iptables log to a second file which is group writeable (e.g. group "log") and then parse this log file.
You should search for a /etc/syslog.conf or similar. If you have problems you may ask on the list how to configure your particular logging client (syslogd) on your distribution.
isoi have an iso image how do i burn it to auto run from cd
[Rick] You use cdrecord.
Yes, cdrecord is available for Windows, albeit usually built under cygwin, so you might need the cygwin runtime libraries. We also had a considerable discussion of many avialable types of CD burning software in a past issue: Best of ISO Burning Under Windows
I've seen that there is software to soft-mount a .iso raw CD image file as a filesystem under Windows - much like the way Linux and other UNIX users can "loopback" mount them (so they look like a real disc). Search Tucows or some other MSwin software archive to find that stuff. -- Heather
its easy cd/dvd.6
[Rick] No, when you're mailing a mailing list called linux-questions-only@ssc.com, it most definitely is not Roxio Easy CD/DVD 6 for MS-Wind*ws. It's cdrecord. Get it?
Much thrashing by the gang about whether a reader can "get" that we're going to describe free software to them when they haven't really got their hands on that first Linux CD yet, snipped. Suffice it to say we support folks escaping from addiction to the Borg's sugar cubes, but if you have proprietary software, questions about it really ought to go to its paid support staff. -- Heather
[Karl-Heinz Herrman] if it is an true and real iso9660 (plus extensions like Joliet or Rockridge) yous take it and burn as it is onto a CD. That's it.
To add some guesses myself:
- That Roxio thingy is obviously a WinXX program
- "auto run" might mean boot. But then it might mean autorun, which is an inherent feature of WinXX to execute autorun.inf on inserting a CD (and the first thing I switch off if I have to put my fingers on a Winbox).
In any case -- the bootability of a CD or the autorun.inf file are either in the iso or not. If not, it won't "auto run".
mcryptHave started to play around with mcrypt (my version 2.6.4) mostly to learn. It works fine, but have a Q:
Having an encrypted file on a (read only) CD, I would like to know
if there is any way to use the CD-file as input only and needed
working files directed to a normal (R/W) diskfile ?
Have tried redirection "mcrypt .... CD-file > HD-file" but mcrypt reports "read only media". Any tricks to do this ? Currently I have to copy the CD-file to a R/W-file and then decrypt it.
Well, running "strace" on "mcrypt" shows it acting like it left its brain in the dishwasher for too long: it tries (non-optionally) to write the encrypted file in the same place where the source file is - even if you issue the request from somewhere else. Duh! Plus, the "-F" switch that's supposed to make it go to STDOUT does exactly the same thing in the above case. The program is BAD (Broken As Designed.)
Here's a solution that works, though:
cat /mnt/cdrom/foo | mcrypt -F > foo.nc
Hi Ben,
Thanks a lot. I do recal your name, you have helped out lot in the past.
Your method "cat /.../foo | mcrypt .." works fine. NOTE that I am in a learning phase (as always). Are there better crypt applications around.
Thanks a lot.
Hans.
how to config a modem to received calli have the problem to config my modem for received login in , i ready make the test to call out the work, but i can't do for received. becouse i tried to make a login in for internet service.
You want to have a look at sendfax and mgetty: for example at: http://www.leo.org/~doering/mgetty
mgetty is a daemon which is run by init (see /etc/init.conf for configuration). It will reply to an incoming call on a modem.
K.-H.
mounting cdhi
i had problem with my unix. i would like to know how to mount cd on my system which is running redhat 7.0
thank you
1) Find out which device your CD is attached to. Try
dmesg | less
spacebar takes you forward, q to quit. Look for something in the messages about a CD. It'll probabably be attached to /dev/hdc or /dev/hdb. Unless it's something unusual like a USB or SCSI CD.
As root,
mkdir /cdrom
add a line to /etc/fstab that looks like:
/dev/hdc /cdrom iso9660 defaults,noauto,ro,user 0 0
using your favorite text editor, such as vi, emacs, nedit, kedit, pico, whatever.
If the CD is on /dev/hdd, use that in place of hdc.
As yourself, put a CD in the slot and give command
mount /cdrom
to look at files there
cd /cdrom
ls
and so on.
To unmount it,
umount /cdrom
linux S/W ? for movies[Huibert Alblas] There are some GUIs (Graphical User Interfaces available for these things too: avidemux (http://avidemux.sourceforge.net) (frontend to transcode avi->everything) DVD::RIP (http://www.exit1.org/dvdrip) (frontend for transcoding DVD->everything)
Then you are set to go:
Safest way is to demultiplex the audio and video from the 3 avi's. Then concat the 3 audio and video streams, resulting in 1 big audio and 1 big video stream.
[Ben Okopnik] I've also had good luck with "mplayer" (a wonderful all-around piece of software); just a couple of days ago, I wanted to grab the audio stream from a DVD title, so -
mplayer -dvd 12 -ao:pcm > file.wav
Of course, there's the obvious complement of "-vo" for video. For the available output formats, see
mplayer -ao help
or
mplayer -vo help
Quite an impressive list in both.
Hi all,
I have downloaded the great MPlayer & compiled it under debian. but whenever I play with
mplayer /cdrom/movie.dat
...MPlayer plays it within a very small window. maximizing the window can't change the display area. again there is a synchronization problem between the audio & video output.
[Robos] if you have xvideo support (mplayer -vo xv) try "f" during playback. Else, try -zoom and|or -fs. If you post your grafic card I can (maybe) tell you what option to use to get fullscreen.
it plays sound more quickly than the video. I have also tried with the option -autosync n (where n=1,2 etc), but result is same. could any one suggest me a solution ?
another newbie question. I have gone through the HTML doc of mencoder. still the difference between 2-pass & 3-pass method is not clear to me. *2-pass* gives better image quality. but what is the advantage of 3-pass ? is it superior to 2-pass. please let me know.
[Robos] If I understand it correctly 3 pass does mp3 separately of the video...
Anyone who has sufficient info to keep us in sync here? Maybe you could write an article for us :D -- Heather
mouse driver, rather notHello,
I tried editing the makefile in the drivers/char directory by removing busmouse.o and other other mice. I then compiled the kernel and booted using the new image. The mouse was still running after the reboot.
what does this mean? Isn't gpm an application that uses the busmouse and other mice functions? Only when i kill the gpm daemon does the mouse stop functioning.
Any information would be useful to me.
[Joel Mayes] An .o file is generally an object file, it is the result of the compilation, so removing one will generally just get it remade the next time you compile.
Also the busmouse.[c|h] files are for an old style serial busmouse driver, if you have a reasonably modern PC the chances are you have either a USB or a PS2 mouse.
If you want to remove mouse support from the kernel, rather then deleting files from the kernel source, which could have interesting results (and you might want to include that support your deleting in the futher) in "menuconfig" goto "Character Devices" -> "Mice" and disable support
[Heather] Hi Joel. Ravi, there's more to this that you haven't mentioned, so I'm going to have to fill in with some guessing.
If you didn't tell your bootloader about your new kernel (even if you succeeded at chopping the mice out, instead of merely asking the build system to ignore them) ... it's probably still booting the old kernel.
Type 'uname -a' to see your running kernel version.
When you build your kernel, go into the Makefile at the top of your sources, and add a marker of your own into the EXTRAVERSION variable. That way, if you succeed at grafting your own kernel in, then you will see your marker from the uname output. Also its modules will be seperated by the extended version, so you won't chance loading the mouse support module of a kindred kernel, at least not unless you deliberately insmod it.
I do this all the time to mention a systemname when I build kernels that are only supposed to run on a specific host. Usually it's a warning that the kernel is unlikely to boot other boxen; sometimes it's a sign that I succeeded at applying a particular patch, or have a particular list of options selected.
Then type 'make menuconfig' (not just 'menuconfig') and tweak whatever things you want or not. Note that X will be useless without some serious tweaking, e.g. maybe using a windowmanager like ratpoison which is keyboard driven, and adjusting the config so it won't die without a mouse.
It may be easier to simply adjust the sysvinit setup so it does not automatically launch gpm for you. You could directly remove the gpm package so it will stop haunting you (try as root, either 'rpm -e gpm' or 'apt-get --purge remove gpm')... or modify your init sequence so that gpm is no longer automatically invoked. Note that most distros also have helper apps to set all the right things for that too - debian has update-rc.d, SuSE has YaST, Red Hat had linuxconf and may have newer and more friendly interfaces now, etc. The ultimate arbiter of what happens during your startup though, is /etc/inittab, which is really the file that init reads when it gets started. All the other stuff is just following its instructions through a few layers of shell scripts.
root like permissionsI am setting up a few Linux machines for the development group and I don't want them to have root access, but they need to be able to install packages and whatnot. Is there a way to do this? I tried logging them in as root and the 1st thing they did was change root password - so that idea no good. Is there a way to make them a root clone but not able to mess with roots password and other such files? Similar to a Windows Power User?
[David Mandala] What you are looking for is the sudo command. You can let specific users do specific things that (a limited subset) root can do. This can be by person or groups of persons.
man sudo.
[Jason Creighton] Well......this is a tricky question, because if you set up 'sudo' to let them use 'rpm', they'll just write a clever RPM that does Bad Things(tm). So, what you could do is something like this:
- Tell them to install software in their home directories. Compile the software from source, setting the --prefix option to point to somewhere that user can write to. Then have them adjust PATH and whatnot to point to include the right directories.
- Use User Mode Linux. (http://user-mode-linux.sourceforge.net) This would set up a virtual linux machine that they could be "root" in, but wouldn't affect the rest of the machine.
With a particularlty tricksy mind, it's possible to set up a sudo to make people only have access to a command when they are using the right parameters. It could get ugly pretty quick though. I like the user mode linux plan. If you've got some developers working on the same project, you might even lock them into the same virtual machine, and let them share full ownership inside it. You will want to keep an eye on the machines for unusual behavior - defensively and in everyone's best interests, of course. -- Heather
UPS Problems..I recently got an APC SmartUPS700 for my debian server from a friend. I installed it (although without the serial connection, so the server really shouldn't know that it's there) and an hour or two later my server did something strange - it rebooted itself abruptly, on its own accord. I naturally figured this was something to do with the UPS and since it was late at night and i didn't feel like troubleshooting at the time, i took the UPS out of the picture altogether, and rebooted my server, plugged straight into the mains.
Same thing happened.
This has never happened before and I can't figure out why it's happening. At first i thought it must be a hardware problem, perhaps the UPS has somehow damaged the power supply of the server or something like that - but when I booted it into windows and left it for a few hours nothing happened. It only ever happens in linux.
I really don't know what to do to fix the problem, and it's really getting to me - i can't listen to any music, surf the web, do email (i'm rushing to get this written before the computer reboots - the time seems random, anything from 5 minutes uptime to 3 hours..) or anything else..
[Dan Wilder] Very likely hardware. Not likely anything the UPS did.
First thing to do is check memory. I recommend memtest86,
http://www.memtest86.com
If it finds problems, you certainly have a problem. If it doesn't it still doesn't mean all is well with hardware or even memory. Let it run at least four complete passes.
Also make sure your processor cooling fan is working and there's no excessive dust buildup on the processor heat sink or the motherboard chipset heat sink, if any.
[Ben] I'll strongly ditto that one. Wind0ws doesn't "work" the memory as hard as Linux does, particularly if you do something like compiling a kernel. Wind0ws also treats a number of core errors as warnings - viz. the GPFs and the BSODs ("Blue Screen of Death") - whereas Linux will dump core on pretty much any core error. That policy has lead to a kernel that is as bug-free as possible, and the process still goes on.
[Ken Dodge] I agree with Dan. I ran across a similar problem with a Win2K box I had built for my daughter (EPoX EP-8KHA, 1.4GH Athlon) that would continually reset, sometimes even before completing a boot cycle. She, too, couldn't depend on it to get anything done. I eventually found a flakey DIMM, using memtest86. All has been fine since pulling it out (well ... it IS still running Win2K, but that's another problem!)
[Jason Creighton] Yep. I had a problem once with a box crashing that looked like bad memory. Turned out that I had EDO turned on in the BIOS but I didn't had EDO RAM in the box. But in most cases it's bad memory. If you're really hard up for memory, (Just buying more memory would be much easier) you might want to patch your kernel to support "BadRAM". You can tell the kernel to not use certain parts of memory. Here's the URL for that:
http://rick.vanrein.org/linux/badram
memtest86 has an option to output patterns that BadRAM can understand.
[Dan WIlder] Also make sure your processor cooling fan is working and there's no excessive dust buildup on the processor heat sink or the motherboard chipset heat sink, if any.
[Ben Okopnik] Or in the power supply vents. Make sure that your power supply fan is running, too - I've seen that cause more reboots than I could count.
To find out what's in an RPM(see question in mailbag, Gazette 4/2003)
To emulate rpm's query on a .rpm file, just use gnu's less on it. Simple. Nice filter. It shows you the info, patches and files.
Since the source for less is available, it might give him a direction...
Gary Sears
[Jason Creighton] less doesn't do this. Look at the program named in the LESSOPEN enviromental varible. On most distos, it's a script that calls diffent programs depending on the filename. For example, if it's tag.gz or .tgz
tar -tzvvf filename.tgz
to view the contents of a tarball. Or, on my system,
rpm -qpvl filename.rpm
if it's an RPM.
[John Karns] Very cool. I had wondered how less was able to handle gzipped text files. Didn't know it (via $LESSOPEN=lesspipe.sh ... at least on SuSE 7.x) was config'd to handle rpm and some others as well.
Re: Hidden master DNS
Virtual LINUX
Greetings from Heather SternWe got a decent number of juicy Tips this month. And despite the incredible effort Dan puts into clobbering them, a record number of spams leaking through. Oh well. (Mind you, "record" is something like almost 20. This beats the crap out of the ratios we used to see... Yay for Dan!)
From a "peeves of the month" point of view though (hey, I haven't done those in a while) we also got a record number of people whose mail is quoted-printable in the text portion AND carrying useless HTML around with it. Super ouchie! Rick has long since macro'd his respone to the mime header to tell people how to undo that... I usually have some funnin' on them... such as, "Argh! I need to stomp out all these dratted =2E thingies!" You get the idea.
In the land of Linux itself - Hey, the household firewire pretty much works, USB runs great, we've got sound support coming out of... errr, into our ears... at least around my household, things are looking good. What's eating you that Linux isn't doing for you? Ask the Answer Gang - maybe it's not as hard as all that, or we can point you at who's picking up on that task.
My local Starship and free software group is running an Internet Lounge at the local science fiction convention in my area, Baycon. If you'll be in the San Jose area around the end of the month, drop on by and maybe you can meet a few us who live around here. Or just have a silly time in the 24th century.
Sorry for the short column this time folks. Have a happy.
Re: Hidden master DNSFrom Dan Wilder
How do you do the hidden master trick for DNS? In my case, my computer
is the real master and my friend runs two secondaries. However, the
registrar lists only his servers. Is that all that's needed to make
his secondary appear to be the master from the public's
perspective, or do I have to do something else too?
[Dan] First bear in mind that "master" and "slave", a relationship between servers, has nothing whatever to do with "primary" and "secondary", an arbitrary ordering of servers on a list your registrar maintains for you. Many sysadmins confuse the two, partly because similar terms are sometimes used, and much grief results.
1) List any servers you think will serve your domain with your registrar, in any order you please.
2) Set up any relationship you want between your DNS servers. The master/slave relationship is established (when using BIND) in the named.conf stanzas. For the master:
zone "mydomain.com" {
type master;
file "mydomain.com";
};
and put the "mydomain.com" zone file where the server expects to find it.
For a slave:
zone "mydomain.com" {
type slave;
masters { xxx.xxx.xxx.xxx; };
file "mydomain.com";
};
the slave will download mydomain.com from the master.
About "hidden":
You don't have to list the actual master server at all. It is sufficient that the listed servers know the IP address of the actual master. The registrar doesn't need this information. Then it's a "hidden master".
Somewhat related to this is so-called "split DNS". Use this when you have a firewalled network containing hosts known internally as a part of your domain, but which are not visible outside.
Set up a master DNS server inside and point all your hosts at it. In the "options" section:
options {
...
notify no;
allow-transfer { none; };
forward only;
forwarders {
xxx.xxx.xxx.xxx;
xxx.xxx.xxx.xxx;
xxx.xxx.xxx.xxx;
};
};
which turns off notification to anybody, allows nobody to get a copy of locally maintained zone files, and specifies a few nameservers, typically those of your ISP, as the places to query for domains the server doesn't consider itself definitive for.
Then, for your own domain, a stanza that says:
zone "mydomain.com." IN {
type master;
file "mydomain.com";
};
and the "mydomain.com" zone file contains records for internal hosts, plus all external hosts listed in the mydomain.com zone file in the outside nameserver.
All my domains are "master" in my /etc/bind/bind.conf. My friend has
who-knows-what settings to download my information to his secondary
servers. I'm not sure whether the records appear as "master" or "slave"
on his server. I want his first secondary server (the one listed first
at the registrar) to appear authoritative to the public, so that the
public won't be querying my server. Does he have to do anything else?
I asked him, but he said he thought hidden master was something I set at
my end.
"Hidden" is set at the registrar. That is, you don't register your server. That makes it hidden.
Your server has to consider itself "master" but that's already set up.
If you want your hidden master to actually control anything, your friend has to set the stanza for your domain in his named.conf file to "slave" with the ip of your machine in the "masters" keyword in the stanza. That's what makes your server a "master".
Or else he has to set his stanza to "master", and you have to send him a copy of your zone file every time you change it, and he has to put it in place. But then your machine isn't a "hidden master".
If the transfer happens on a timely basis, nobody outside cares how the zone file gets to his machine. If he'll cooperate it saves work on your part and on his.
He's already set up to automatically pull the data from my server; that
was set up years ago. I guess that means he's a "slave". But I thought
"secondary" was the term for that, and that his record would tell the
public to go to my server for the authoritative source, but I guess
that's not the case.
"Primary" and "Secondary" should be used to denote a matter of public record, the nameservers listed with a registrar for a domain. They should never be used to denote the private relationship between servers, of which the registrar knows nothing.
"Master" and "Slave" should be used to denote a privately arranged relationship between servers configured to furnish DNS information about a particular domain. This has nothing to do with the matter of public record mentioned previously.
Virtual LINUXFrom Dan Wilder
Answered By Dan Wilder, Rick Moen, Jim Dennis, Heather Stern, Huibert Alblas, Jason Creighton, Jimmy O'Regan, Ben Okopnik
>Content-Transfer-Encoding: quoted-printable
Unless, of course, you're really defending some foreign letterset from destruction by mail programs. Then it's kinda useful.
Don't do this. Here's how not to: http://expita.com/nomime.html#outlook5
Dear Sir,
I'm using Windows XP Pro on my home workstation. Which 3rd party
applications would allow loading & "running" Redhat8 from RAM as a
virtual machine? If none which 3rd party applications might emulate
Redhat8? Are any shareware (freeware)?
I'm studying network security and need to run or emulate Redhat8 on
XP (preferably without partitioning NTFS for dual boot) to pass the
tests.
They don't have their own live-CD as far as I can tell, but somebody put some extra effort into basing one off of a Red hat 7.3 distro - perhaps that will be close enough. Or maybe the live flavor isn't handy because RH just released 9, and haven't finished up a demo disk yet. Who knows. Anyways, you can try this one: http://sourceforge.net/projects/emergencycd2
If you really just need a Linux of some sort and your instructor was thinking of RedHat because it's the only distro he knows, perhaps you'd like one of the flavors which can install into your Windows disk space without repartitioning. Look at http://old.lwn.net/Distributions under the heading "DOS/Windows install".
Or, it can be noted that while RedHat really soaks up the disk space on older hardware, is someone has a paperweight computer around, you could boot it off of one of the many floppy based distros easily. Nearly all Linux flavors have similar networking abilities, though only the fancier ones will have cool stuff like samba support.
I hope the extra stuff below is helpful too, and makes your road to network techieness a little more fun.
But it'd be a lot cheaper, not to mention faster, to purchase a spare hard drive and install Red Hat on it.
(and for some repeated info, as a few of these products can live in Windows, carrying Linux on their shoulders, or the other way around.)
The company "VMware" makes a reasonably good virtual machine product. I haven't kept track of whether they can run in winXP as the host yet but it seems likely. 'Course they sell their host for Linux, as well, and you would be able to host MSwin or many other OS' under that. It may interfere with MS' nefarious plans for your computer a little, but it's really great for rolling back the damage from any virii that come after you. They do have a trial edition, at least, so I guess that counts as shareware: http://www.vmware.com
...Brief pause while I check whether winXP has joined their extensive list of OS' that can be successfully hosted this way. My own experience shows that win98 can be hosted just fine - but it runs a little slower under this emulation, than the apps themselves do under WINE's direct binary support for MSwin apps. Not that this is perfect mind you, but it's gotten pretty damn good, and there's a handful of commercial vendors helping give WINE a booster shot if you need that. http://www.winehq.com and boatloads of useful links from Rick, below.
- Oh yeah, VMWare's current Workstation product can host all that stuff:
- http://www.vmware.com/products/desktop/ws_features.html
Wow, they've got an SMP edition now too, that is, where the fake PC you get is an SMP box. Scary.
I doubt that you will be able to run VMware with a 2 Gig harddisk completely from ram, but I doubt that you meant running the _complete OS from RAM anayway.
If I believe this news item (http://www.nwfusion.com/newsletters/servers/2003/0303server2.html) then Microsoft is in the process of purchasing either Connectix, or at least its virtual machine stuff. I hope they don't screw up a decent product. It did mention one more commercial competitor though, SW-soft. Their "Virtuozzo" looks like it's on way too grand a scale for what you need to do. I doubt they have much to fear from MS: http://www.sw-soft.com/en/products/virtuozzo
However, you wanted something free as in bucks. Or cheap anyway. I can assure you these vendors have put some effort into the goodies, but let's look at that.
Frankly, TUCOWS is a much better place to look for MSwin shareware than the linux-questions-only folks: http://www.tucows.com
Normally I'd leave you to your own homework there, but I'm curious if anything new has cropped up that would let the MSwin-bound run Linux. Unfortunately surfing their site has become more painful than it used to be; I seem to recall being able to find small product blurbs, on the order of the paragraph or two found at freshmeat for projects listed there. Even one-liners would have been nice. I mourn the demise of more pleasant interfaces like the "program manager" style icon map that winfiles.com used to have before zdnet inhaled them. Hitting up Google for the "windows virtual download" idea finds me an easier to use shareware trove - maybe you'll find it handy. I didn't find more virtual machines there, but I stopped looking after awhile. At least this one's search widget looks in the descriptions as well as titles: http://www.sofotex.com
Linux, of course, is free if you want to spend some time downloading it, or pretty darn cheap if you choose the right place to buy your ISOs and don't need a manual. So perhaps we can look at virtual-machine projects under Linux.
For Linux under Linux, there's User Mode Linux, usually abbreviated to UML. A few of the folk on the lnx-bbc project use it to test the builds. Looking for it via Google! finds me both http://user-mode-linux.sourceforge.net (hey cool! It's available as debian packages
See Nick Weber's article this issue for UML. -- Heather
Wow. I didn't know there was a liveCD flavor of Linux for hosting UML sessions - the ADIOS project. That's more like it: http://dc.qut.edu.au/adios
While I'm tipping my hat to the Mac folk there's a virtual-machine for running MacOS under Linux/PPC. Basically it seems to be a shim allowing access back to the Mac hardware so you can run another OS ... even more flavors of Linux/PPC, if you like: http://www.maconlinux.org
The analogous project for the PC-compatible platform is currently named Plex86, used to be called FreeMWare. Of course GNU's savannah project is roughly similar to SourceForge, so if a project doesn't wanna make it easy to find their FAQ or other docs, you'll have to thrash around on your own. Anyways it looks like their win32 port isn't terribly useful yet: http://savannah.nongnu.org/projects/plex86
It seems likely that it would be much easier to set yourself up with a runs-from-CD setup, if you want it in RAM simply 'cuz you don't want to ruin a local hard disk while experimenting a little. Many Linux vendors offer "live CD" editions of their stuff to whet your whistle. I can't blame you for asking us, since my own quick glance around their website doesn't seem to reveal Red Hat as one of them.
I've managed to compile - with either no or minimum tweaking - stuff that K&R wrote way back (found it on the web page where one of them is reminiscing about the Good Old Days.) It's been a few years, but I still remember being pleasantly shocked.
- a project to make Unix V7 work on Linux
(Great Ghu, what a sick idea. Worse yet, there's a "teco.el" for Emacs... talk about coming full circle.)
I had to slow him down enough to say that I'd heard of it so I just wondered. I figured he probably had the originals around for old times' sake. He later made sure it got into the standard emacs distro somehow. And yes, he said... they do.
Now that is full circle. Or maybe full toroid. Hmm, donuts...
I personally think that making a teco with ANSI terminal support is cheating, robbing you of that cutting-edge ASR33 experience. (I suppose it would be arch to exclaim "curses!" at this point.)
Kids, these days! Spoiled rotten with their fancy gnome-teco contraptions, I say. The terminal that's not terminal makes you stronger.
Typically, binary-only applications have almost the same longevity of backwards compatibility, if you take care to furnish old support libs (http://linuxmafia.com/wpfaq/downloadwp8.html#FIX
And this (along with adherence to public standards and documented interfaces) is why we tell people that Linux can help them escape the forced-upgrade treadmill.
Accordingly, my stock answer to _that question follows, and you may be able to use some of its suggestions despite your through-the-looking-glass perspective on the problem. E.g., you could use the Win32 version of VMware, running RH9 within its virtual session.
The text below is cited from my WordPerfect on Linux FAQ (http://linuxmafia.com/wpfaq/future.html#ALTERNATIVESWIN32):
8.6. What alternatives to WP exist involving Win32 apps on Linux?
Such alternatives are outside the scope of this document, but include
- the numerous ways of running Win32 applications on Linux in some
%-% -) VMware, Inc.'s VMware, http://www.vmware.com (simulation in a virtual environment of a particular theoretical x86 box's hardware, which then can boot various OSes including Win9x/ME/NT/2k/XP within the emulated environment, necessitating a copy of that OS, as well),
-) NeTraverse's Win4Lin, http://www.netraverse.com (an MS-Windows 9x/ME emulation environment for x86 Linux, requiring a copy of MS-Windows 9x/ME to work)
-) WINE, http://www.winehq.com (an LGPLed library and program loader implementing on x86 Unixes the Win32 and Win16 application interfaces)
-) ReWind, http://rewind.sourceforge.net (an MIT/X11-licensed fork of an earlier WINE release),
-) CodeWeavers's Crossover Office, http://www.codeweavers.com/products/office (WINE with some extra support for MS Office applications)
-) CodeWeavers's Wine Preview, http://www.codeweavers.com/technology/wine (an MIT/X11-licensed variant of an earlier WINE release tweaked for stability, and with an improved installer)
-) CodeWeavers's Crossover Plugin, http://www.codeweavers.com/products/crossover (WINE variant for x86 Linux to support Web browser plugins such as QuickTime)
-) TransGaming Technologies, Inc.'s WineX, http://www.transgaming.com (another WINE extension for x86 Linux, with enhanced DirectX support, primarily for 3D games)
-) the Bochs Project's Bochs, http://bochs.sourceforge.net (software environment for any CPU family emulating an entire x86 CPU, common I/O devices, and BIOS),
-) and Drew Northup's Plex86, http://savannah.nongnu.org/projects/plex86 (software environment emulating on x86 a virtual x86 session),... %-%
...and
- the numerous ways of remotely running Win32 applications from
- RealVNC Limited's VNC Server, http://www.realvnc.com
- Constantin Kaplinsky's TightVNC, http://www.tightvnc.com
- Tridia Corporation's TridiaVNC, http://www.tridiavnc.com
- and Matt Chapman's rdesktop, http://www.rdesktop.org
I maintain a listing (http://linuxmafia.com/~rick/linux-info/vnc-and-alternatives) of options in the latter category.
Thank you all for your answers to my question. I actually do
appreciate the time most of you took to give me alot of information. To
answer some of your questions: Yes I do have an expensive machine. I've
an 80GB HDD partitioned NTFS so, although I have the space, I'm not
going to repartition to install LINUX nor buy another HDD. I've 512MB of
RDRAM with 566MHZ FSB & a 2.27GHz P4. (Yes, I'm a hardware geek). I can
understand your pro LINUX position but frankly, hardening the security
of a server from the command line is difficult, but you can't beat free,
now can you?
Anyway heartfelt thanks for your time and effort.
Imrahil O'Belalas
|
...making Linux just a little more fun! |
By Michael Conry |
|
Contents: |
Submitters, send your News Bytes items in PLAIN TEXT format. Other formats may be rejected without reading. You have been warned! A one- or two-paragraph summary plus URL gets you a better announcement than an entire press release. Submit items to gazette@ssc.com
May 2003 Linux Journal
![[issue 109 cover image]](misc/bytes/lj-cover109.png)
The May issue of Linux
Journal is on newsstands now.
This issue focuses on Kernel Internals. Click
here
to view the table of contents, or
here
to subscribe.
All articles older than three months are available for
public reading at
http://www.linuxjournal.com/magazine.php.
Recent articles are available on-line for subscribers only at
http://interactive.linuxjournal.com/.
The E-zine
LinuxFocus:
has for May/June the following articles:
Some tips from Linux Journal on experimenting with the 2.5 kernel.
Linux Journal report on LinuxWorld Ireland 2003.
Building a Linux Media Jukebox to handle digital photos, audio, video, DVD and TV.
Massachusetts-based Open-Pc founder/CEO Morgan Lim discusses the business he has built around Linux.
Fujitsu preps Linux-based robot. It is based on a real-time Linux running on a 700MHz Pentium III.
Some links highlighted by Linux Today:
Managing Linux releases for large numbers of installations.
Keith Parkansky's linux tips website www.aboutdebian.com has a series of "hands on" walk-throughs to help Linux beginners go from the basics to server and firewall setups while doing some fun things (like killing a telnet process to cut someone off) along the way. The material is particularly relevant to Debian users, but mostly it will be useful to anybody using GNU/Linux.
Richard Stallman on why he refused to speak at the eGovOS conference.
Using Free (Open Source) Software in a Grassroots Organisation. Reports on the use of Linux at the Low-Income Networking and Communicaitons Project of the Welfare Law Center.
Listings courtesy Linux Journal. See LJ's Events page for the latest goings-on.
|
Penguicon | May 2-4, 2003 Warren, MI http://penguicon.sourceforge.net/ |
|
USENIX First International Conference on Mobile Systems,
Applications, and Services (MobiSys) | May 5-8, 2003 San Francisco, CA http://www.usenix.org/events/ |
|
Linux Clusters Workshop in France | May 12-16, 2003 IBM Montpellier Laboratory http://www.linuxclustersinstitute.org |
|
Third Open Source Content Management Conference | May 28-30, 2003 Cambridge, MA http://www.oscom.org |
|
CeBIT America | June 18-20, 2003 New York, NY http://www.cebit-america.com/ |