File: issue36.html

package info (click to toggle)
lg-issue36 2-4
links: PTS
area: main
in suites: woody
size: 2,920 kB
ctags: 242
sloc: makefile: 36; sh: 4
file content (19548 lines) | stat: -rw-r--r-- 763,371 bytes
parent folder | download | duplicates (2)
<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 3.2//EN">
<HTML>
<HEAD>
<TITLE> Linux Gazette Index Page </TITLE>
</HEAD>

<BODY BGCOLOR="#FFFFFF" TEXT="#000000" LINK="#0000FF" VLINK="#A000A0"
ALINK="#FF0000" >
<center><H2><IMG SRC="../gx/newlogo.jpg" 
ALT="Linux Gazette... making Linux just a little more fun!">
</H2>

<H5>Copyright &copy; 1996-98 Specialized Systems Consultants, Inc.</H5>
</center>

<P> <HR> <P> 
<!--==================================================================-->
<center>
<H1><A HREF="http://www.linuxgazette.com/">Welcome to Linux Gazette!</A><img src="../gx/tm.gif" alt="(tm)"></H1>
</center>
<P> <HR> <P> 
<!--==================================================================-->
<H1>Published by:</H1>
<center>
<H1><A HREF="http://www.ssc.com/lj/">
        <img src="../gx/ljtop.gif" alt="Linux Journal" border=0></A></H1>
</center>
<P><HR> <P>
<H1>Sponsored by:</H1>
<table>
<tr>
<td><H1><A HREF="http://www.infomagic.com/"><img ALIGN="bottom" HSPACE="50" src=../gx/infologo.gif alt="InfoMagic" border=0></A></H1></td>
<td>
<H1><A HREF="http://www.suse.com/"><img ALIGN="bottom" src=../gx/suse.gif alt="S.u.S.E." border=0></A></H1></td>
<td>
<H1><A HREF="http://www.redhat.com/"><img HSPACE="50" src=../gx/redhat.gif alt="Red Hat" border=0></A></H1></td>
</tr>
<tr>
<td><H1><A HREF="http://www.LinuxMall.com/"><img ALIGN="bottom" HSPACE="50" src=../gx/linuxmall.gif alt="LinuxMall" border=0></A></H1></td>
<td><H1><A HREF="http://www.linuxresources.com/"><img ALIGN="bottom" src=../gx/linux6.gif alt="Linux Resources" border=0></A></H1></td>
<td><H1><A HREF="http://www.cyclades.com/"><img HSPACE="50" src=../gx/cyclades.gif alt="cyclades" border=0></A></H1></td>
</tr>
<tr>
<td><H1><A HREF="http://www.stalker.com/ads/cg-lgp.html"><img ALIGN="bottom" HSPACE="50" src=../gx/stalker.gif alt="stalker" border=0></A></H1></td>
<td><H1><img ALIGN="bottom" src=../gx/blank.gif alt="" border=0></A></H1></td>
<td><H1><A HREF="http://www.linuxtoday.com/"><img HSPACE="50" src=../gx/lt-lg.gif alt="LinuxToday" border=0></A></H1></td>
</tr>
</table>

<P> 
Our sponsors make financial contributions toward the costs of
publishing <I>Linux Gazette</I>. If you would like to become a sponsor
of <I>LG</I>, e-mail us at <A
HREF="mailto:sponsor@ssc.com">sponsor@ssc.com</A>.

<P> 
<I>Linux Gazette</I> is a non-commercial, freely available publication and will
remain that way. Show your support by using the products of our sponsors
and publisher.

<P> <HR> <P> 
<!--=================================================================-->
<H1 align="center">Table of Contents <BR>January 1999 Issue #36</H1>

<P> <HR> <P>
<table><tr>
<td rowspan=4>
<UL>
<LI><A HREF="../lg_frontpage.html">The Front Page</A> 
<LI><A HREF="./lg_mail36.html">The MailBag</A> 
<ul>
<li><a HREF="./lg_mail36.html#help">Help Wanted--Article Ideas</a>
<li><a HREF="./lg_mail36.html#gen">General Mail</a>
</ul>
<LI><A HREF="./lg_tips36.html">More 2 Cent Tips</A>
<LI><A HREF="./lg_bytes36.html">News Bytes</A>  
<ul>
<li><a HREF="./lg_bytes36.html#general">News in General</a>
<li><a HREF="./lg_bytes36.html#software">Software Announcements</a>
</ul>
<LI><A HREF="./lg_answer36.html">The Answer Guy</A>, by James T. Dennis
<LI><A HREF="./larriera.html">Booting Linux with the NT Loader</a>, by
Gustavo Larriera
<LI><A HREF="./defurne1.html">Defining a Linux-based Production System</a>, by
Jurgen Defurne
<LI><A HREF="./marsden.html">EMACSulation</a>, by Eric Marsden
<LI><A HREF="./defurne2.html">Evaluating postgreSQL for a Production
Environment</a>, by Jurgen Defurne
<LI><A HREF="./blair.html">Introducing Samba</a>, by John Blair
<LI><A HREF="./jenkins5.html">Linux Installation Primer, Part 5</a>, by Ron
Jenkins
<LI><A HREF="./haldar.html">Linux on a Shoestring</a>, by Vivek Haldar
<LI><A HREF="./coleman.html">The Linux User</a>, by Bryan Patrick Coleman
<LI>New Release Reviews, by Larry Ayers
<ul>
<li><A HREF="./ayers.html">Kernel 2.2's Frame-buffer Option</a>
</ul>
<LI><A HREF="./merlino.html">Running Your Own Domain Over a Part Time
Dialup</a>, by Joe Merlino
<li><A HREF="./ali.html">Setting Up a PPP/POP Dial-in Server USING Red
Hat Linux 5.1</A>, by Hassan Ali
<LI><A HREF="./bennetjan.html">Touchpad Cures Inflammation</a>, by Bill
Bennet
<LI><A HREF="./kuethe.html">Through the Looking Glass: Finding Evidence of
Your Cracker</a>, by Chris Kuethe
<LI><A HREF="./lussier.html">USENIX LISA Vendor Exhibit Trip Report</a>, by
Paul L. Lussier
<LI><A HREF="./cooper.html">X Windows versus Windows 95/98/NT: No
Contest</a>, by Paul Gregory Cooper
<LI><A HREF="./richardson.html">Announcements by Sun and Troll Tech</A> by
Marjorie Richardson
<LI><A HREF="./lg_backpage36.html">The Back Page</A> 
<ul>
<li><a HREF="./lg_backpage36.html#authors">About This Month's Authors</a>
<li><a HREF="./lg_backpage36.html#notlinux">Not Linux</a>
</UL>
</UL>
</td>
</tr><tr>
<td align=center>
<A HREF="lg_answer36.html"> 
<img src="../gx/dennis/answerwiz-255.gif" border=0 alt=""></a><BR> 
<A HREF="lg_answer36.html"><i>The Answer Guy</i></a>  
</td>
</tr><tr>
<td align=center>
<IMG SRC="../gx/hammel/banner-3.gif" border=0 alt=""><BR> 
The Graphics Muse will return next month.
</td>
</tr>
</table> 

<P> <HR><P>

<!--=============================================================-->
<A HREF="./issue36.txt">TWDT 1 (text)</A><BR>
<A HREF="./issue36.html">TWDT 2 (HTML)</A><BR>
are files containing the entire issue: one in text format, one in HTML. 
They are provided 
strictly as a way to save the contents as one file for later printing in
the format of your choice; 
there is no guarantee of working links in the HTML version.
 
<!--=============================================================-->
<P> <HR><P> 
Got any <I>great</I> ideas for improvements?  Send your
<A HREF="mailto:gazette@ssc.com">comments, criticisms, suggestions
and ideas.</A>

<P><hr><p>
This page written and maintained by the Editor of <I>Linux Gazette</I>,
<A HREF="mailto: gazette@ssc.com">gazette@ssc.com</A>
<P><hr><p>
<H4>"Linux Gazette...<I>making Linux just a little more fun!</I>"</H4>  
<HR> 
<center>
<table width="100%" cellpadding=7><tr><td>
<H2><a NAME="mail"><IMG SRC="../gx/mailbox.gif" ALIGN=MIDDLE ALT=" ">
The Mailbag!</a> </H2>
Write the Gazette at <A HREF="mailto:gazette@ssc.com"> gazette@ssc.com</A>
</td><td>
<H3>Contents:</H3>
<ul>
<li><a HREF="./lg_mail36.html#help">Help Wanted -- Article Ideas</a>
<li><a HREF="./lg_mail36.html#gen">General Mail</a>
</ul>
</td></tr></table>
</center>

<a name="help"></a>
<p><hr><p>
<!-- =================================================================== -->
<center><H3><font color="maroon">Help Wanted -- Article Ideas</font></H3></center>

<P> <HR> <P> 
<!--====================================================================-->
<IMG ALT=" " SRC="../gx/envelope.gif">
Date: Wed, 30 Dec 1998 05:04:56 -0800<BR> 
From: "Fields, Aubrey", <A HREF="mailto:Aubrey.Fields@PSS.Boeing.com">
Aubrey.Fields@PSS.Boeing.com</A> <BR> 
Subject: <B>I have two ideas for articles.</B> 
<P>
I am a new user to the Linux community. I have two ideas for articles that I would read, print, and distribute to the other Linux newbees that I know.
<P>
1. PPP using minicom. I have read several articles on using PPP, pppd, minicom and other dialup and networking issues. Being a new, however, I would find it very valuable to read "the definitive new users guide to configuring PPP on Linux". I've gotten a lot of pointers and some advanced tips, but what I'd like to see is how to setup a stand alone Linux 2.0.x machine (Red Hat v4 in my case) for dialing up via PPP using minicom with dhcp and dns provided by an ISP.
<P>
2. basic xfree86 / fvwm95 config tricks. For example, how to change the word "start" on the menu button at the bottom of fvwm95 to ANYTHING else! I kick Bill Gate off my PC for a reason! I don't find it cute, funny, nor reassuring to see the "I want to be windows95 'Start'" button on my Linux machine. 
<P>
also, how to use icons, get rid of the "virtual" desktop so that I can see my entire window without scrolling.
<P>
Thank you very much, the Linux Gazette has proven to be a valuable resource!
<P> 
--<BR> 
Aubrey 

<P> <HR> <P> 
<!--====================================================================-->
<IMG ALT=" " SRC="../gx/envelope.gif">
Date: Wed, 02 Dec 1998 13:33:11 PST<BR> 
From: David Camara, <A
HREF="mailto:cpdj2@hotmail.com">cpdj2@hotmail.com</A> <BR> 
Subject: <B>connecting to novell 3.12 servers...</B> 
<P>
Hi, I'm trying to connect to netware 3.12 servers.  I am using the
IPX module and ncpfs 2.2.0.7-1 (for Debian 2.0).  Now, I don't use
the auto_primary and auto_interface since a number of old posts
recommend adding the ipx interface manually.
<P>
I use:
<PRE> 
ipx_interface add -p eth0 802.3 xxxxxxxx
</PRE> 
When I cat /proc/net/ipx_interface:
<PRE> 
Network    Node_Address   Primary   Device    Frame_Type
xxxxxxxx   yyyyyyyyyyyy   Yes       eth0      802.3
</PRE> 
When I try to slist, I get:
<PRE> 
slist: No server found in ncp_open
</PRE> 
When I try to mount a Novell volume using:
<PRE> 
ncpmount -S <I>server_name</I> -U <I>user_name</I> -V sys /mnt/ncp
</PRE> 
I get:
<PRE> 
ncpmount: No server found when trying to find <I>server_name</I>
</PRE> 
All this as su root...  Any ideas?  Thanks!
<P>
--<BR> 
David

<P> <HR> <P> 
<!--====================================================================-->
<IMG ALT=" " SRC="../gx/envelope.gif">
Date: Tue, 8 Dec 1998 12:16:20 -0500 <BR> 
From: Blazek, Daniel, <A HREF="mailto:blazek@globalserve.net">
blazek@globalserve.net</A> <BR> 
Subject: <B>Ethernet</B> 
<P>
	Which Ethernet cards are compatible with Linux with minimum ease of
installation, also does the make/model of the hub matter?
<P>
--<BR> 
Dan

<P> <HR> <P> 
<!--====================================================================-->
<IMG ALT=" " SRC="../gx/envelope.gif">
Date: Tue, 15 Dec 1998 12:29:37 +0000<BR> 
From: Tomos Llewelyn, <A HREF="mailto:tml@aber.ac.uk">
tml@aber.ac.uk</A> <BR> 
Subject: <B>"Unable to open console..." Why?</B> 
<P>
Can anyone tell me why I'm getting this message?
<P>
Trying to boot a 2.0.36 kernel on a PII350 with an ATI Xpert@Play 8Mb
AGP card.  Should I be tweaking the video mode?
<P>
--<BR> 
Tom Llewelyn

<P> <HR> <P> 
<!--====================================================================-->
<IMG ALT=" " SRC="../gx/envelope.gif">
Date: Mon, 14 Dec 1998 12:46:57 -0500<BR> 
From: Michael Bright <A HREF="mailto:mabright@us.ibm.com">mabright@us.ibm.com</A> <BR> 
Subject: <B>Token Ring Errors with SuSE 5.3</B> 
<P>
Hi, I would seriously appreciate any help you can give. I had the
evaluation copy of SuSE 5.3 running fine on this machine. I loaded the full
version of SuSE 5.3 and the Token ring went south. During install
everything went fine, including loading the token ring module. I have
replaced the ibmtr.o module file from a working machine with  _no_  change
in the error. I also checked the /etc/conf.modules file to make sure the
alias is defined right ( alias tr0 ibmtr.o ) and the options line is right
( options ibmtr io=0xa20 ). At this point I see two options, reload the
machine with the eval copy and do an upgrade or recompile the kernel and
hope for the best.
<PRE>
initialising tr0
general protection: 0000
CPU:    0
EIP:    0010:[<02816961>]
EFLAGS: 00010212
eax: 00000003   ebx: 0009e658   ecx: fffffff7   edx: 00000000
esi: f000f84d   edi: 00000003   ebp: 00000000   esp: 019b7e0c
ds: 0018   es: 0018   fs: 002b   gs: 002b   ss: 0018
Process insmod (pid: 66, process nr: 16, stackpage=019b7000)
Stack: 0009e658 00000000 00000003 019b7e4c 00000008 0010ca1c 00000003
00000000
       019b7e4c 019b7e4c 00000003 00000000 0009e658 0010bae1 00000003
019b7e4c
       001f9b7c fffffff7 00108e00 00000003 00000000 0009e658 ffffff50
00000018
Call Trace: [<0010ca1c>] [<0010bae1>] [<0010cb9d>] [<0281694c>]
[<0010cc10>] [<028183d8>] [<0281668b>]
       [<0281694c>] [<02817bca>] [<028183d8>] [<028178bd>] [<001be7fb>]
[<028183d8>] [<02818304>] [<028183d3>]
       [<028178ca>] [<028183d8>] [<00115c3c>] [<02817868>] [<028178f0>]
[<00111748>] [<0011162c>] [<0010a950>]
       [<0010a7c5>]
Code: 0f b6 56 2f 83 fa 01 0f 84 9e 07 00 00 83 fa 02 0f 85 a9 07
Aiee, killing interrupt handler
</PRE>
OS: SuSE 5.3
Hardware: IBM ISA Auto 16/4 Tokenring adapter.
<P>
Thanks,<BR> 
--<BR> 
Michael

<P> <HR> <P> 
<!--====================================================================-->
<IMG ALT=" " SRC="../gx/envelope.gif">
Date: Wed, 16 Dec 1998 14:33:55 -0600<BR> 
From: David Caliguire, <A HREF="mailto:djc@sgi.com">djc@sgi.com</A> <BR> 
Subject: <B>Driver for Netflex III card on Linux</B> 
<P>
I noticed a question posed to the Gazette about drivers for
Netflex 3 cards on Compaq on Linux.  I have a Compaq with this
card and would like to know where I could get a driver for this
card for Linux.......
<P>
Thanks<BR> 
--<BR> 
Dave

<P> <HR> <P> 
<!--====================================================================-->
<IMG ALT=" " SRC="../gx/envelope.gif">
Date: Wed, 16 Dec 1998 16:06:42 -0300<BR> 
From: Saltiel, Hernan Claudio, <A HREF="mailto:hsaltiel@infovia.com.ar">
hsaltiel@infovia.com.ar</A> <BR> 
Subject: <B>Help Wanted!!!</B> 
<P>
I have a Linux box, with S.u.S.E., and a Lotus Notes server.
I want to e-mail the status of my workstation to another user that belongs to
the Notes Network.
Does anybody know how to do that, or just the concepts to do this?
<P>
--<BR> 
Hern&acute;n Claudio Saltiel

<P> <HR> <P> 
<!--====================================================================-->
<IMG ALT=" " SRC="../gx/envelope.gif">
Date: Sun, 13 Dec 1998 14:35:20 -0500<BR> 
From: John, <A HREF="mailto:john@maxom.com">john@maxom.com</A> <BR> 
Subject: <B>Accounting</B> 
<P>
I am looking for some inexpensive Accounting w/Inventory Software that
will
run on Linux .
If you could point me in the right direction I would be greatly thankful
<P>
Thank You<BR> 
--<BR> 
John Nelson

<P> <HR> <P> 
<!--====================================================================-->
<IMG ALT=" " SRC="../gx/envelope.gif">
Date: Thu, 24 Dec 1998 14:47:09 +0200<BR> 
From: "tdk001", <A HREF="mailto:tdk001@mweb.co.za">tdk001@mweb.co.za</A>
<BR> 
Subject: <B>Linux and UNIX</B> 
<P>
I am a 2nd year computer science student.
I have looked everywhere for the answer and found only basic answers.
My question is what exactly is the difference between Linux and UNIX,
excluding size and speed.
I would appreciate it if you could just send me a few of the differences.
<P>
Thank you<BR> 
--<BR> 
Frans

<P> <HR> <P> 
<!--====================================================================-->
<IMG ALT=" " SRC="../gx/envelope.gif">
Date: Tue, 22 Dec 1998 12:33:42 -0000<BR> 
From: "James Jackson", <A HREF="mailto:james.jackson@3f.co.uk">
james.jackson@3f.co.uk</A> <BR> 
Subject: <B>Intellimouse</B> 
<P>
Does anybody know how to enable the wheel on an Intellimouse under Linux?
(Red Hat 5.2)
<P>
--<BR> 
James

<P> <HR> <P> 
<!--====================================================================-->
<IMG ALT=" " SRC="../gx/envelope.gif">
Date: Sat, 19 Dec 1998 13:53:33 PST<BR> 
From: "Thomas Smith", <A HREF="mailto:highminded015@hotmail.com">
highminded015@hotmail.com</A> <BR> 
Subject: <B>Upgrading Red Hat</B> 
<P>
I just installed Red Hat 5.0 and I hear about the newer versions out 
there and I want to upgrade but I don't want to buy a brand new CD or 
download everything and then re-install.  I have been to a couple of 
sites and I have found no real help for this at any of them, so could 
you please help me out.
Thank you.
<P>
--<BR> 
Thomas

<P> <HR> <P> 
<!--====================================================================-->
<IMG ALT=" " SRC="../gx/envelope.gif">
Date: Fri, 18 Dec 1998 23:20:12 -0800<BR> 
From: Taro Fukunaga, <A HREF="mailto:tarozax@earthlink.net">
tarozax@earthlink.net</A> <BR> 
Subject: <B>How to get CPU info</B> 
<P>
I am writing a Tcl/Tk program that prints info about the CPU, memory
usage, processes, and disk usage of a Linux computer. On problem I have
is in getting info about the CPU. Because the contents (ie field names)
of /proc/cpuinfo may vary from one machine (perhaps kernel build is the
right answer) to the next, I decided to use the program uname. However,
this also doesn't work well, and simply lists my processor as "unknown".
I looked at the source code, and "unknown" is the default value for the
CPU!
<P>
So my question is, is there any way to write a program that can get the
type of CPU on any Linux computer? 
<P>
Thank you, anyone.
<P>
--<BR> 
Taro 

<P> <HR> <P> 
<!--====================================================================-->
<IMG ALT=" " SRC="../gx/envelope.gif">
Date: Thu, 31 Dec 1998 21:19:48 -0600<BR> 
From: <A HREF="mailto:dcramer@midusa.net">dcramer@midusa.net</A> <BR> 
Subject: <B>Does Linux have multimedia support?</B> 
<P>
I just finished reading Marjorie Richardson's comments about Linux in
the January '99
issue of Computer Shopper, and I was wondering if Linux now has, or will
support
any of the multimedia formats supported by Windows, such as AVI, JPG,
WAV, MOV,
etc?  I have looked into some of the basics of the OS, but I have not
tried to install it.
Thank you.
<P>
--<BR>
Don Cramer

<P> <HR> <P> 
<!--====================================================================-->
<IMG ALT=" " SRC="../gx/envelope.gif">
Date: Wed, 30 Dec 1998 14:03:42 -0500<BR> 
From: Soraia Paz, <A HREF="mailto:spaz@rens.com">spaz@rens.com</A> <BR> 
Subject: <B>LILO Problems</B> 
<P>
I originally had Windows NT on my PC with some room left for Linux. I
installed Linux and I set up LILO to boot
both operating systems. I got into Linux fine but when I tried to get into
NT it kept on crashing. I tried
using DOS's fdisk to get rid of Linux but LILO is still there. How can I get
rid of it?
<P>
--<BR> 
Soraia

<P> <HR> <P> 
<!--====================================================================-->
<IMG ALT=" " SRC="../gx/envelope.gif">
Date: Wed, 30 Dec 1998 09:42:23 -0600<BR> 
From: Bill McConnaughey, <A HREF="mailto:mcconnau@biochem.wustl.edu">
mcconnau@biochem.wustl.edu</A> <BR> 
Subject: <B>DB9 serial port</B> 
<P>
I degraded my floppy disk drive, apparently by doing fdformat with
inappropriate parameters and/or media.  In order to back up my work, I want
to use minicom or seyon to transfer files over the DB-9 serial port.  I can
get the computers to type to each other, but file transfer protocols
(xmodem and ymodem) don't work.  There is no Kermit in my installation and
I don't know where to get it.  What is the correct wiring for a direct
connection of the DB-9 com ports on two pc's?  How can I transfer files?
<P> 
--<BR> 
Bill

<P> <HR> <P> 
<!--====================================================================-->
<IMG ALT=" " SRC="../gx/envelope.gif">
Date: Tue, 29 Dec 1998 10:40:15 -0500 (EST)<BR> 
From: <A HREF="mailto:ive.db@usa.com">ive.db@usa.com</A> <BR> 
Subject: <B>HELP</B> 
<P>
I have a jamicon 36X cd player.
<P>
It doesn't work under Linux.
I tried to install Linux but I failed.
<P>
Could you please help me with this.
I also need to say that you can set my cd-player master,slave and CSEL with a jumper.

<P> <HR> <P> 
<!--====================================================================-->
<IMG ALT=" " SRC="../gx/envelope.gif">
Date: Mon, 28 Dec 1998 03:49:21 -0500<BR> 
From: "david marcelle", <A HREF="mailto: marcelle@avana.net">
marcelle@avana.net</A> <BR> 
Subject: <B>Audio-Only CDRs</B> 
<P>
Do you have for sale or do you know where I can purchase audio-only blank
CDRs (for my phillips CD recorder) for $4.00 each or less?
<P>
Thanks<BR> 
--<BR> 
David

<P> <HR> <P> 
<!--====================================================================-->
<IMG ALT=" " SRC="../gx/envelope.gif">
Date: Mon, 28 Dec 1998 02:15:26 -0500<BR> 
From: "Clayton J. Ramseyer", <A HREF="mailto:cyberzard@earthlink.net">
cyberzard@earthlink.net</A> <BR> 
Subject: <B>IP Masquerading and related</B> 
<P>
I am writing this message to you, because I am new to Linux.  (I love it
by the way)  Anyway, I have a small LAN setup at home and would like to
provide access to the Internet for my other machine.
<P>
The HOWTO is a bit confusing when it comes to setting this up.
<P>
If someone could write me with a possible offer for help, I'd surely
appreciate it.
<P>
The commands I have are probably correct.  Yet the HOWTOs don't mention
which machine these commands are entered on.
<P>
I assume it would be the machine connected to the net.
<P>
By the way, I connect with a USR 56K v.90 compatible modem.
My service provider is earthlink.
<P>
I look forward to your responses.
<P>
Thanks,<BR> 
--<BR> 
CJ

<P> <HR> <P> 
<!--====================================================================-->
<IMG ALT=" " SRC="../gx/envelope.gif">
Date: Sat, 2 Jan 1999 23:05:13 +0530<BR> 
From: "L.V.Gandhi", <A HREF="mailto:lvgandhi@vsnl.com">
lvgandhi@vsnl.com</A> <BR> 
Subject: <B>Netscape help</B> 
<P> 
I have installed NC4.5 for Linux. I could edit preferences both as root and
an user. Once closed and then restarted I am unable to do that. I am not
sure from when it happened. It
may be due improper shutdown due to power outage or hanging of nc after many
windows are open. I have system PII with 780MB partition for Linux with 64
MB swap space, 32 MB ram.  Is there any easy way to remove an installed
software and reinstall it in Linux?
<P> 
--<BR> 
L.V.Gandhi

<P> <HR> <P> 
<!--====================================================================-->
<IMG ALT=" " SRC="../gx/envelope.gif">
Date: Sat, 2 Jan 1999 23:03:35 +0530<BR> 
From: "L.V.Gandhi", <A HREF="mailto:lvgandhi@vsnl.com">
lvgandhi@vsnl.com</A> <BR> 
Subject:  <B>help for microsoft intellimouse</B> 
<P> 
I have installed RH5.0 and upgraded to 5.1. I have Microsoft intellimouse
and logitech super mouse. when I configure mi, the same is not recognized by
Linux and xserver. The same is recognized in win98. But logi mouse is
recognized in both. Any solutions welcome.
<P> 
--<BR> 
L.V.Gandhi

<a name="gen"></a>
<P> <hr> <P> 
<!-- =================================================================== -->
<center><H3><font color="maroon">General Mail</font></H3></center>

<P> <HR> <P> 
<!--====================================================================-->
<IMG ALT=" " SRC="../gx/envelope.gif">
Date: Tue, 1 Dec 1998 13:39:58 -0500<BR> 
From: Brad Gerrard, <A HREF="mailto:bradgerrard@x-stream.co.uk">
bradgerrard@x-stream.co.uk</A> <BR> 
Subject: <B>The Future Of Artificial Intelligence and Linux</B> 
<P>
Can you imagine, 'eureka' you've done it, you're going to make millions
neigh billions, you've created a programme that gives a computer the
seeming ability to think.
<P>
There it is flashing away 'walking the walk', bezazz it thinks.
<P>
Hold on a moment the operating system, no the skeleton of this thinking
machine has crashed.
<P>
What say you, shall we change the operating system? Not arf we will.
<P>
How about something a little more stable, how about an operating system
that will go for at least a year. Is that to much to ask?  One might
well wonder were we not acquainted with the genie in the bottle, yes
'Linux'.
<P>
Linux is gaining in popularity, that makes it commercial, that means
money, and money means more thinkers are turning their attention towards
it as a viable alternative to some of it's less exciting competition.
Linux is a stable operating system, freely available, an operating
system for Man All Born Equal as written in the American constitution,
yes could this operating system level out the playing field.
<P>
Artificial Intelligence requires a very stable platform, and I believe
that given the limitations of  present day hardware, AI requires an
operating system with a small foot print in order to possibly tackle the
problem of achieving any potential of new thought, which could possibly
be termed artificial intelligence in it's true sense. Linux is a Unix
operating system, it can be and usually is networked, this is a plus
when it comes to composing an AI operating programme.
<P>
The very makeup and variable structure lends it's self to AI.
<P>
Yes I believe that Linux is an operating system with a bright future.
<P>
--<BR> 
Brad 

<P> <HR> <P> 
<!--====================================================================-->
<IMG ALT=" " SRC="../gx/envelope.gif">
Date: Tue, 1 Dec 1998 13:39:58 -0500<BR> 
From: "Serge E. Hallyn", <A HREF="mailto:hallyn@CS.WM.EDU">
hallyn@CS.WM.EDU</A> <BR> 
Subject: <B>happy hacking keyboard</B> 
<P>
wow.  $140 for a keyboard because it has fewer keys?  I simply don't think the
arguments in favor make sense - namely that you don't have to reach for any
keys, because you should never need to with other normal keyboards either.
Let's see:
<ul>
<li>control not being next to A should never be a problem for anyone who'd dare
call him/herself a hacker, happy or otherwise - if you can't figure out how to
remap caps lock,...
<li>escape should not be a problem, since any self-respecting vi user uses
ctrl-[ anyway
<li>backspace: ctrl-h  (well, OK, emacs users are out of luck :)
<li>tab, if it's a really weird keyboard, ctrl-i, though i seldom do that
</ul>
<P>
$140.  ridiculous.
<P>
--<BR> 
serge

<P> <HR> <P> 
<!--====================================================================-->
<IMG ALT=" " SRC="../gx/envelope.gif">
Date: Tue, 01 Dec 1998 12:28:06 -0600<BR> 
From: Tim Kelley, <A HREF="mailto:tpkelley@winkinc.com">
tpkelley@winkinc.com</A> <BR> 
Subject: <B>Jeremy Dinsel's review of keyboard ...</B> 
<P>
He did not mention something which many people would be very interested
in knowing - is it a clicking, spring action style keyboard or a
membrane (mushy) style keyboard?
<P>
At that price (~$150), I can't believe it's one of those cheap membrane
things, but one can never be sure.  Actually, at that price, I can't
believe anyone would buy it, but whatever.
<P>
-- <BR> 
Tim 

<P> <HR> <P> 
<!--====================================================================-->
<IMG ALT=" " SRC="../gx/envelope.gif">
Date: Wed, 2 Dec 1998 01:32:06 +1000 (GMT)<BR> 
From: Norman Widders <A HREF="mailto:winspace@paladincorp.com.au">
winspace@paladincorp.com.au</A> <BR> 
Subject: <B>Linux Gazette</B> 
<P>
I just read David Jao's article in Linux Gazette #35 and enjoyed it. He had one 
fact wrong though, he mentioned:
<blockquote> <font color="navy">
Currently, a limitation of the UW IMAP server is that a folder cannot 
contain both messages and subfolders.
</font></blockquote> 
This is not a limitation of the UOW server. It is a limitation of the 
default UNIX mail files... There are other available mailbox types 
available on the UNIX platform that will allow UOW to create 
subfolders... see the release notes with UOW for more info :) 
<P>
--<BR> 
Norman 

<P> <HR> <P> 
<!--====================================================================-->
<IMG ALT=" " SRC="../gx/envelope.gif">
Date: Tue, 1 Dec 1998 08:24:43 -0500 (EST)<BR> 
From: Walt Taninatz, <A HREF="mailto:waldo@voicenet.com">
waldo@voicenet.com</A> <BR> 
Subject: <B>Re: Linux Gazette #35</B> 
<P>
Thank you for the reminders and for making such a great magazine. The
content is always useful, interesting and well written.
<P>
Best Regards,<BR> 
--<BR> 
Walter 

<P> <HR> <P> 
<!--====================================================================-->
<IMG ALT=" " SRC="../gx/envelope.gif">
Date: Thu, 03 Dec 1998 13:52:14 -0800<BR> 
From: Jauder Ho, <A HREF="mailto:jauderho@transmeta.com">
jauderho@transmeta.com</A> <BR> 
Subject: <B>Re: IMAP on Linux: A Practical Guide </B> 
<P>
I have some comments on the article written by David Jao. There are some
inaccuracies that I need to correct. We use IMAP here and it is indeed
excellent technology.
<ul>
<li>NS 4.08 is out. NS 4.5 is actually pretty stable when it comes to IMAP
based
mail, we have no problems using it.
<li>By default, imapd uses UNIX spool. This is horrendously inefficient.
So I am not
surprised by it crashing over 1000 messages. HOWEVER, if you change the
mailbox format to something like mbx (Modify the Makefile, change
unixproto to mbxproto), it can easily handle much more messages and
allow concurrent access. I have users with
8000 messages in their in box with not problem. 
<li>Netscape is now beta testing Linux versions of their Messaging and
Directory servers.
<li>There is one more way to do IMAP securely and that is to use stunnel
under IMAP.
</ul>
More information about what we do site specific can be found at
http://www.carumba.com/imap/
<P>
--<BR> 
Jauder

<P> <HR> <P> 
<!--====================================================================-->
<IMG ALT=" " SRC="../gx/envelope.gif">
Date: Wed, 02 Dec 1998 08:46:18 +0100<BR> 
From: "Thomas Diehl", <A HREF="mailto:th.diehl@dtp-service.com">
th.diehl@dtp-service.com</A> <BR> 
Subject: <B>Editor's Choice Awards: Most Desired Port?</B> 
<P>
This is on your "Editor's Choice Awards", esp. the following from your
article "Most Desired Port--QuarkXPress":
<blockquote><font color="navy">
For layout, we must have an MS Windows 95 machine in order to run
QuarkXPress... We are more than ready to be rid of this albatross and
have a total Linux shop. Next, like everyone else, we'd like Adobe to
port all its products to Linux. 
</font></blockquote> 

I'm a professional DTPer and a Linux user myself. So I would certainly
like to see the whole Acrobat suite for Linux as well as good font and
printing solutions from Adobe. And, of course, I don't have anything
against porting PM, Frame, PShop, Illustrator, or XPress to the penguin
platform. No doubt about it.
<P>
I find it problematic, however, that hardly anybody in the DTP area
seems to do justice to the fact that there is a complete suite for our
kind of work coming up just NOW: Corel promised repeatedly to port
_all_ their DTP programs to Linux: Ventura, Draw, PhotoPaint as well as
a lot of helpful apps like WordPerfect and their whole Office suite.
(See eg www.zdnet.co.uk/news/1998/45/ns-6073.html)
<P>
This would be an incredible step forward for Linux -- but somehow
nobody in DTP seems to care. I wonder why?
<P>
Of course, I'm fully aware of the bad reputation Corel software has
among DTPers (and also how much of this they deserved). But I can
assure you and everybody from daily, first hand experience that the
situation has incredibly improved over the last years. Today the Corel
DTP apps brings a wealth of functionality to the users that, as a whole,
is unmatched by anything I know in this area.
<P>
I'm also aware that this will not be enough to make XPress users
really consider a switch and that they have perfectly good reasons for
this attitude. But, nevertheless, I would appreciate it VERY much if
the Corel announcements would at least be taken into account when
talking about this area. If Corel keep their promise there will be a
complete publishing suite for Linux very soon. And I would ask
everybody to spread the good news, esp. those who may be held "opinion
leaders" by many people out there. I'm sure it would be a real loss for
everybody if Corel would get second thoughts about their plans because
of apparent "lack of demand" among professional DTPers.
<P>
Just in case you are prepared to look a little more at this I'm
attaching some more material on the aptness of Corel DTP software.
<P>
Kind regards,<BR> 
--<BR> 
Thomas
<blockquote> <I> 
We use many of Corel's products including Ventura (for book layout).
Editor's choice is after all my opinion only, but I do know that many
magazines besides <I>Linux Journal</I> use QuarkXPress for layout.
--Editor </I> </blockquote> 

<P> <HR> <P> 
<!--====================================================================-->
<IMG ALT=" " SRC="../gx/envelope.gif">
Date: Tue, 8 Dec 1998 16:30:53 -0500 <BR> 
From: "Adams, Ranald", <A HREF="mailto:Ranald.Adams@ctny.com">
Ranald.Adams@ctny.com</A> <BR> 
Subject: <B>Compaq</B> 
<P>
There's a lot of this sort of thing on Compaq's forum.  Please publish to
interested parties so that they can become subject to the
appropriate level of ridicule (in a caring, motivationally productive kind
of way).
<blockquote> <font color="navy">
Topic: Servers - Banyan-Unix Subject: Linux and Compaq Servers From: COMPAQ
- Robert G 
05/11/98 09:10:13 Compaq now or in the future will not be providing Linux
drivers. This is because the Linux operating system is a public domain OS.
There is not a single source of ownership to go to when trying to resolve OS
issues like there is for SCO Unix and other versions of Unix on the market.
Because there is no single source for the compiled binary code required to
install and run the OS there is no way to guarantee driver compatibility
with all the flavors of Linux. 
</font></blockquote> 
<blockquote> <font color="navy">
Compaq Engineering has decided that they will not provide or release
hardware drivers unless they can be fully certified and supported. Since
Linux does not have a single source manufacture, this is not possible with
Linux. But you can by all means make a formal request in writing to Compaq
Engineering concerning your need for Linux drivers. The address is: 
</font></blockquote> 
<blockquote> <font color="navy">
Compaq Computer Corp. <BR> 
Attn. Engineering Dept. <BR> 
MS. 050702 <BR> 
20555 State Hwy. 249 <BR> 
Houston, TX 77070 b4 
</font></blockquote> 

<P> <HR> <P> 
<!--====================================================================-->
<IMG ALT=" " SRC="../gx/envelope.gif">
Date: Sat, 5 Dec 1998 10:53:00 -0800<BR> 
From: Mike Wiley, <A HREF="mailto:npg@integrityonline.com">
npg@integrityonline.com</A> <BR> 
Subject: <B>Corel Ventura would be best DTP port</B> 
<P>
I agree that Linux needs a DTP program, but the one which should be
desired is Corel Ventura Publisher, not Quark. CVP version 8 is at least
one generation ahead of Quark and include many features which we use
regularly =97 features which are completely absent from Quark. It is
more powerful and easier to use. From my perspective, Quark shows all
the signs of product arrogance which arises from having a monopoly, or
near monopoly, in a field.
<P>
Another point: Corel Corp has made a commitment to Linux. Adobe and
Quark, to my knowledge have not. Why not support those who support you,
especially when those who support you have the best product?
<P>
Just a couple of thoughts...
<P>
Sincerely,
<P>
--<BR> 
Mike 
<blockquote> <I> 
We support Corel in every way we can, but Quark is more
suited for our purposes in printing the magazine than is Ventura. Corel's
NetWinder will be featured on the April <I>Linux Journal</I> cover. --Editor
</I> </blockquote> 

<P> <HR> <P> 
<!--====================================================================-->
<IMG ALT=" " SRC="../gx/envelope.gif">
Date: Fri, 11 Dec 1998 14:19:43 -0500<BR> 
From: "Nils Lohner", <A
HREF="mailto:lohner@debian.org">lohner@debian.org</A> <BR> 
Subject: <B>Debian Powers 512 Node Cluster into Book of Records</B> 
<P>
Over 512 computers were assembled for the CLOWN (CLuster Of Working Nodes) 
system that ran on the night of December 5-6.  This cluster used a modified 
version of the Debian GNU/Linux distribution (reduced in size to a mere 16 
MB, and boot script modifications) to run a combination of PVM (Parallel 
Virtual Machine) and several application programs.  These programs included 
povray (a ray tracing program used to calculate frames for a film), Cactus, 
a program that solves the Einstein Equations, which are ten non-linear joint 
hyperbolic-elliptical partial differential equations.  These are used to 
describe Black Holes, Neutron Stars, etc. and are among the most complex in 
the field of mathematical Physics.
<P>
For more information, please visit the following sites (mostly in German):
<P>
http://www.ccnacht.de/<BR> 
http://www.linux-magazin.de/cluster/<BR> 
http://www.heise.de/ix/artikel/1999/01/010/<BR> 
http://europium.oc2.uni-duesseldorf.de/cluster/tech.html
<P>
-- <BR> 
Nils 

<P> <HR> <P> 
<!--====================================================================-->
<IMG ALT=" " SRC="../gx/envelope.gif">
Date: Fri, 11 Dec 1998 02:31:14 -0500<BR> 
From: Paul Iadonisi, <A HREF="mailto:iadonisi@colltech.com">
iadonisi@colltech.com</A> <BR> 
Subject: <B>Re: USENIX LISA Vendor Exhibit trip report</B> 
<blockquote> <font color="navy">
There were a lot of what I call "Want-Ad" booths to.  Collective
Technologies (formerly Pencom System Administration), Sprint
Paranet, Fidelity, and several other companies there for sole reason
of trying to recruit people.
</font></blockquote> 
  Hmmm.  I take exception to this.  We (Collective Technologies) have many
reasons for being at LISA.  Like any business, we work to get name
recognition.  We want people to know who we are.  But we also seek to
educate our members (look in the rear of the Attendee List for the list by
company and you will see how many of us went -- I think we have the largest
number of attendees) and give back to the System Administration community at
large.  Take a look at the Technical Talks and BoFs and you will find four
events each sponsored by a Collective Technologies member.  Five of our
members also wrote summaries for SANS in the August issue of ;login:.
<P> 
  I hope no one sees this as a marketing message and my intention is not to
try to sell my company on a Linux mailing list.  The point is that we do
all of this without tootin' our own horn that much.  I think reducing our
booth to a "Want-Ad" type booth is a little unfair.  I normally wouldn't
post a message like this on this list, but couldn't let the '...there for
sole reason of trying to recruit people...' comment pass, especially since
we were the first company listed.  No ill will, I just wanted to clear that
up.
<P> 
-- <BR> 
Paul Iadonisi
<blockquote> <I>
You must be clairvoyant! :-) That article is just being posted in this issue. Of
course, it's on Paul's web site, but to know to send a copy of your letter to me. Wow!
--Editor </I> </blockquote> 

<P> <HR> <P> 
<!--====================================================================-->
<IMG ALT=" " SRC="../gx/envelope.gif">
Date: Fri, 11 Dec 1998 20:09:57 -0500<BR> 
From: Kevin Forge, <A HREF="mailto:forgeltd@usa.net">forgeltd@usa.net</A>
<BR> 
Subject: <B>Quark</B> 
<P>
 Most Desired Port--QuarkXPress
<P>
Hate to say it but "BUY A MAC".
Mind you I don't like the Mac.  I don't use a Mac.  I don't even
like the few occasions when I must attempt to repair a Mac ( often
it's cheaper to ditch it than buy parts ).
<P>
All this considered even Microsoft uses Quark on a Mac to do it's 
manuals and stuff.  As far as I know a Mac used in this post may
never crash.  Sure Mac OS isn't Linux quality in terms of 
stability but it beets NT.
<P>
In the mean time whine for a port ... It may never happen though 
since even the windows port is 1/2 harted, unstable and not
quite what the printers want ( they all use Macs. )
<P>
--<BR> 
Kevin
<blockquote> <I>
We started out with a Mac but at that time it wasn't as easy to network a Mac
with Linux as it now is with Netatalk. So the decision was made to go with
Windows. It happens. --Editor
</I> </blockquote> 

<P> <HR> <P> 
<!--====================================================================-->
<IMG ALT=" " SRC="../gx/envelope.gif">
Date: Tue, 22 Dec 1998 21:13:56 -0600<BR> 
From: Sam, <A HREF="mailto:myoldkh@earthlink.net">
myoldkh@earthlink.net</A> <BR> 
Subject: <B>Sponsorship</B> 
<pre>
gts global &gt;&gt;myoldkh&lt;&lt; 12-22-98     09:15:32 PM:
</pre>
You will be very pleased to know that yesterday I made a credit card order 
on the Web for a copy of the Linux OS from one of your sponsors - Red 
Hat Software.  
<P>
I support quality web sites and their sponsors!  (I am also sick and 
tired of MS Windows crashing my computer all of the time - I think that 
Microsoft writes software about the same way that GM builds cars - I 
know cause I drive a Pontiac lemon!)
<P>
--<BR> 
Sam

<P> <HR> <P> 
<!--====================================================================-->
<IMG ALT=" " SRC="../gx/envelope.gif">
Date: Thu, 17 Dec 1998 19:46:04 -0600 (EST)<BR> 
From: "Michael J. Hammel", <A HREF="mailto:mjhammel@graphics-muse.org">
mjhammel@graphics-muse.org</A> <BR> 
Subject: <B>Logo</B> 
<P>
<blockquote> <font color="navy">
From <I>LG</I> Editor:<BR> 
I get at least one letter a month asking that we change the quote in the
logo to be attributed directly to Gandhi rather than a movie actor, as
well as ones requesting that the graphic be made smaller.
What do you think? Is it time to make either of these changes?
</font></blockquote> 
<P>
I'll look at making the image smaller, but it may not be till next month.
I'm still getting things back together at home.  
<P>
As to the quote, I'll stick to the attribution until someone provides a
definitive resource that attributes it to Gandhi.  I'm fairly certain he
would have said it, but I don't want to give him the attribution unless I
can find some other resource to back it up.  After all, I only know about
it because of a movie.
<P>
I have no objection to changing it - I just need some other
definitive attribution to do so.
<P> 
-- <BR> 
Michael

<P> <HR> <P> 
<!--====================================================================-->
<IMG ALT=" " SRC="../gx/envelope.gif">
Date: Mon, 28 Dec 1998 16:46:13 -0800<BR> 
From: Randy Herrick, <A HREF="mailto:HERRICK@PACBELL.NET">
HERRICK@PACBELL.NET</A> <BR> 
Subject: <B>graphics  on  title  page</B> 
<P>
Great site, just one thing, I think Tux needs to look like, well, the 
real Tux, in real Tux colors. In the beginning there were several kinds
of birds from seagulls to penguins, but I think nowadays most everyone 
has adopted the standard Tux penguin that is siting down (looking happy
from eating herring-as Linus Torvald's put it )in the black and white 
and yellow colors. We need to have a standard logo for Linux, don't you 
think? Thanks for your time. :)
<P> 
--<BR> 
Randy 
<blockquote> <I> 
As far as graphics go, I trust Michael's judgment in all things--even the
way Tux is drawn. --Editor
</I> </blockquote> 

<P> <HR> <P> 
<!--====================================================================-->
<IMG ALT=" " SRC="../gx/envelope.gif">
Date: Sun, 27 Dec 1998 13:38:52 -0600<BR> 
From: Lyno Sullivan, <A HREF="mailto:lls@freedomain.org">
lls@freedomain.org</A> <BR> 
Subject: <B>MPDN - Minnesota Public Digital Network</B> 
<P>
I would appreciate your support of the following
initiative.  Specifically, I will need the help of
the free software community during discussions of
item 4 and the excerpt listed below:

December 27, 1998<BR>
The full MPDN announcement may be viewed at:
http://www.freedomain.org/^lls/free-mn/19981222-mpdn.html
<P>
This post constitutes an invitation to join discussions
concerning the MPDN. Beginning in January, 1999, I will
present each goal of the MPDN for discussion within
the MN-NETGOV listserv.  If you are a stake holder to
these goals, please join the listserv.
<P>
Anyone can join that listserv by sending an email to
<P>
	 mailto:mn-netgov-subscribe@egroups.com
<P>
Members may view past messages, calendars, and other group
features at:
<P>
     http://www.egroups.com/list/mn-netgov/
<P>
ABSTRACT
<P>
In preparation for my requesting Legislative hearings
in 1999, this article explains my vision of the
Minnesota Public Digital Network (MPDN), which is:
<P>
1) to provide every Minnesota citizen with a
secure and authenticated email address within
the mn.us hierarchy,
<P>
2) to assure that every citizen can use email
to dialogue with the elected and the appointed
offices of government,
<P>
3) to assure that every local community has a
high speed digital network and a repository for
the creative works and letters of the Minnesota
people, and
<P>
4) to collect the free software tools necessary
to attain these goals, within the Government
Information Freedom Toolbox (the GIFT), which will
be created as a byproduct of Minnesota State
government's conversion to free software.
<P>
EXCERPT
<P>
GOAL 1) Effective immediately, freeze (at current
levels or lower) all spending for non-free, closed
source, software. Establish a Legislative audit to
determine the Total Cost of Operation (TCO) costs
of non-free server and desktop software. Establish
a cost reduction plan that will result in the
elimination of spending on non-free software.
Collect all those monies, identified by the TCO
analysis, together into a revolving Software
Freedom Fund, to be administered by the Office
of Technology.  Require that all further purchases
and upgrades of non-free, closed source server and
desktop software must be approved by the Minnesota
Office of Technology's, Information Policy Council
(IPC).  The IPC will be charged to develop a
statewide model of the MPDN.  The IPC will be
charged to connect every public sector worker in
Minnesota to the MPDN.   Savings within the
Software Freedom Fund may be spent on writing free
software.  Revenues of the Software Freedom Fund
must be spent, to endow the creation of free software
and free content, all of which, must be licensed
under the GNU General Public License (GPL) or a
suitable copyleft license.
<P>
-- <BR> 
Lyno Sullivan


<P> <hr> <P> 
<!--================================================================-->
<center>Published in <i>Linux Gazette</i> Issue 36, January 1999</center>
<!--====================================================================-->
<P> <hr> <P> 
<A HREF="./lg_toc36.html"><IMG SRC="../gx/indexnew.gif" ALT="[ TABLE OF 
CONTENTS ]"></A>
<A HREF="../index.html"><IMG SRC="../gx/homenew.gif" ALT="[ FRONT 
PAGE ]"></A> 
<A HREF="./lg_tips36.html"><IMG SRC="../gx/fwd.gif" ALT=" Next "></A>
<P>
<h5>This page written and maintained by the Editor of <I>Linux Gazette</I>,
<A HREF="mailto: gazette@ssc.com">gazette@ssc.com</A><BR> 
Copyright &copy; 1999 Specialized Systems Consultants, Inc. </H5> 
<P> 
<P><hr><p>
<H4>"Linux Gazette...<I>making Linux just a little more fun!</I>"
</H4>
<P> <hr> <P> 

<!-- QUICK TIPS SECTION ==================================================  -->
<center>
<H1><A NAME="tips"><IMG ALIGN=MIDDLE ALT="" SRC="../gx/twocent.gif">
More 2&#162; Tips!</A></H1> <BR>
Send Linux Tips and Tricks to <A HREF="mailto:gazette@ssc.com">
gazette@ssc.com
</A></center>

<p><hr><p>
<H3>Contents:</H3>
<ul>
<li><a HREF="./lg_tips36.html#dahlgren">
Forcing fsck on Red Hat 5.1
</a>
<li><a HREF="./lg_tips36.html#peters">
Personal Listserver
</a>
<li><a HREF="./lg_tips36.html#buchanan">
Re: Back Ups
</a>
<li><a HREF="./lg_tips36.html#brower">
ANSWER: Your Supra Internal Modem Problems
</a>
<li><a HREF="./lg_tips36.html#leyba">
ANSWER: Single Floppy Linux
</a>
<li><a HREF="./lg_tips36.html#hughes">
ANSWER: Re: scsi + ide; boot ide
</a>
<li><a HREF="./lg_tips36.html#stevenson">
ANSWER: Numlock at startup
</a>
<li><a HREF="./lg_tips36.html#enrique">
ANSWER: Re: graphics for disabled
</a>
<li><a HREF="./lg_tips36.html#milgram">
ANSWER: BTS: GNU wget for updating web site
</a>
<li><a HREF="./lg_tips36.html#carr">
ANSWER: Linux Boot-Root
</a>
<li><a HREF="./lg_tips36.html#sergio">
Replies to My Questions in Nov. 98 <I>Linux Gazette</I>
</a>
</ul>

<P> <hr> <P> 
<!--================================================================-->

<a name="dahlgren"></a>
<H3><IMG ALIGN=BOTTOM ALT="" SRC="../gx/lil2cent.gif">
<font color="navy">Forcing fsck on Red Hat 5.1</font>
</H3>
Date: Tue, 08 Dec 1998 18:20:28 -0500<BR>
From: James Dahlgren, <A HREF="mailto:jdahlgren@netreach.net">
jdahlgren@netreach.net</A> 
<P> 
I don't know if this is a 2 cent tip or what, and since it's
distribution specific, it's applicability is limited, but I still
thought it was worth sharing.
<P> 
The shutdown command accepts a -F switch to force a fsck when the system
is rebooted. This switch just writes a flag file /forcefsck, it is up to
the initialization scripts do do something about it. In Red Hat 5.1 ( I
don't know about 5.2 ) the rc.sysinit script uses a different method to
force a fsck.
<P> 
It checks for the existence of /fsckoptions and if it exists uses it's
contents as a switch when calling fsck. The command "echo -n '-f' >
/fsckoptions" will create a file, /fsckoptions, with "-f" in it and will
force a fsck the next time the system is booted. The rc.sysinit script
removes the /fsckoptions file after remounting the drive read-write, so
that the fsck won't be forced every time the system is booted.
<P> 
If you want the -F switch from the shutdown command to work, a little
editing of the /etc/rc.d/rc.sysinit file will do it.
<P> 
near the beginning of the rc.sysinit file is the following:
<PRE> 
if [ -f /fsckoptions ]; then
        fsckoptions=`cat /fsckoptions`
else
        fsckoptions=''
fi                        
</PRE> 
This is where it checks for the /fsckoptions file and reads its contents
into a variable for later use. We add an elif to check for the
/forcefsck file and set the variable accordingly:
<PRE> 
if [ -f /fsckoptions ]; then
        fsckoptions=`cat /fsckoptions`
elif [ -f /forcefsck ]; then
        fsckoptions='-f'
else
        fsckoptions=''
fi
</PRE> 
Now the /forcefsck flag file created by using the -F switch with
shutdown will force a fsck on reboot. Now we need to get rid of the
/forcefsck file, or it will force the check every time the system is
started. Further down in the rc.sysinit file, after the disk is
remounted read-write, is the following line which removes any existing
/fsckoptions file:
<PRE> 
rm -f /etc/mtab~ /fastboot /fsckoptions 
</PRE> 
We just add /forcefsck to the list of files to delete:
<PRE> 
rm -f /etc/mtab~ /fastboot /fsckoptions /forcefsck
</PRE> 
Now we have two ways to force the fsck, we can use the -F switch when
running shutdown, or we can put specific flags in a /fsckoptions file.
<P> 
CAUTION!<BR> 
The rc.sysinit file is critical to system startup. A silly typo in it
can make the system hang when it boots. ( I've been there! ) Make a
backup before you edit it. Edit it carefully. If you do blotch it, you
can recover by rebooting and using the -b switch after the image name on
the lilo command line. This brings you up in maintenance mode without
running the rc.sysininit script. The disk is in read-only mode.
<PRE> 
mount -n -o remount,rw /
</PRE> 
will get you to read-write mode so you can fix the problem.
<PRE> 
mount -n -o remount,ro /
</PRE> 
after fixing the problem to prepare the system for continuing startup.
<P> 
exit or ctl-d to exit the maintenance shell and continue on to the
default runlevel.
<P> 
Hope this is of some use to someone.
<P> 
--<BR> 
Jim

<P> <hr> <P> 
<!--================================================================-->

<a name="peters"></a>
<H3><IMG ALIGN=BOTTOM ALT="" SRC="../gx/lil2cent.gif">
<font color="navy">Personal Listserver</font>
</H3>
Date: Mon, 07 Dec 1998 01:59:48 +0100<BR> 
From: "Soenke J. Peters", <A HREF="mailto:peters@simprovement.com">
peters@simprovement.com</A> 
<P> 
An often unused feature of "sendmail" is it's "plussed user feature"
which makes mails to "user+testlist@localhost" match "user@localhost".
I will show you how to use this to implement personal mailing lists.
<P> 
First, you have to set up "procmail" to act as a filter on your incoming
mails. This could be done inside sendmail by setting it up as your local
mailer, or simply via your "~/.forward" file.
<P> 
Now, you should get a mailing list program. I prefer BeroList, because
it's easy to configure. Compile it (don't forget to adjust the paths!)
and install it somewhere in your home directory.
<P> 
Done that, you have to tell procmail what mails are to be passed to the
mailing list program. This is done inside "~/.procmailrc" and should
contain something like the following for every list (in this example,
the list is called "testlist", the mailname of the user is "username"):
<PRE> 
:0
* ^To:.*username\+testlist
| path/to/the/listprogram testlist
</PRE> 
The last step is to prepare the configuration files for the mailing
list. As this is specific to the program you use, I can't tell you here.
<P> 
For a german description see:<BR> 
http://www.simprovement.com/linux/listserver.html
<P> 
--<BR> 
Soenke Jan  Peters

<P> <hr> <P> 
<!--================================================================-->

<a name="buchanan"></a>
<H3><IMG ALIGN=BOTTOM ALT="" SRC="../gx/lil2cent.gif">
<font color="navy">Re: Back Ups</font>
</H3>
Date: Tue, 1 Dec 1998 10:07:46 -0500 (EST)<BR> 
From: Jim Buchanan, <A HREF="mailto:c22jrb@koptsv01.delcoelect.com">
c22jrb@koptsv01.delcoelect.com</A>
<blockquote> <font color="navy">
From: Anthony Baldwin:<BR> 
Disk space is relatively cheap, so why not buy a small drive say
500Meg which is used for holding just the root /lib /bin /sbin
directories. Then setup a job to automatically back this up to another
drive using "cp -ax" (and possibly pipe it through gzip and tar). This
way when the unthinkable happens and you loose something vital, all
you have to do is boot from floppy mount the 2 drives and do a
copy. This has just saved my bacon while installing gnu-libc2
</font></blockquote> 
A good idea as far as it goes, but there is one gotcha. If lightning
or some other power surge takes out one drive, it might take out the
on-line backup as well.
<P> 
I use a very similar method where each night, on each machine, I have
a cron job back up vital information to another HD in another machine
on my home network.
<P> 
In addition to the nightly back-ups, I do a weekly backup to removable
media, which I keep in a separate building (my workshop at the back of
my lot). That way if lightning takes out everything on the network, I
have lost a weeks or less work. The separate building part might be
paranoia, but I really recommend at least weekly off-line back ups.
<P> 
-- <BR> 
Jim Buchanan


<P> <hr> <P> 
<!--================================================================-->
<H4><font color="maroon">
Tips in the following section are answers to questions printed in the Mail
Bag column of previous issues.
</font></H4> 

<P> <hr> <P> 
<!--================================================================-->

<a name="brower"></a>
<H3><IMG ALIGN=BOTTOM ALT="" SRC="../gx/lil2cent.gif">
ANSWER: <font color="navy">Your Supra Internal Modem Problems</font>
</H3>
Date: Tue, 1 Dec 1998 09:48:10 -0500 
From: "Brower, William" wbrower@indiana.edu
<P> 
<blockquote> <font color="navy">
Richard wrote:<BR> 
I have a PII (350MHz) running with an AGP ATI 3DRage graphics
card (which works fine) and a Sound Blaster 16 PnP (which also works fine).
But, I can't get my internal SupraExpress 56k modem to
work.
</font></blockquote> 
Your modem sounded familiar from a past search I had done, so I went to
Red Hat's www site (http://www.redhat.com/) and followed the support |
hardware link. You will find this reference in the modem category:
<P> 
Modems that require software drivers for compression, error correction,
high-speed operation, etc. <BR> 
PCI Memory Mapped Modems (these do not act like serial ports) <BR> 
Internal SupraExpress 56k & also the Internal SupraSonic 56k 
<P> 
It appears that your modem is inherently not compatible with Linux.
I use an inexpensive clone modem called the E-Tech Bullet, pc336rvp model -
paid $28 for it and it operates with no problems at all.
Good luck in finding a compatible modem!
<P> 
--<BR> 
Bill 

<P> <hr> <P> 
<!--================================================================-->

<a name="leyba"></a>
<H3><IMG ALIGN=BOTTOM ALT="" SRC="../gx/lil2cent.gif">
ANSWER: <font color="navy">Single Floppy Linux</font>
</H3>
Date: Tue, 01 Dec 1998 22:05:59 -0800<BR> 
From: Ken Leyba, <A HREF="mailto:kleyba@pacbell.net">
kleyba@pacbell.net</A> <BR> 
<P> 
To: roberto.urban@uk.symbol.com<BR> 
There are a few choices for a single floppy Linux (O.K. some are more
than one floppy).  I haven't tried them, but I will be doing a Unix
presentation next month and plan to demo and handout a single or double
floppy sets for hands-on.
<P> 
muLinux (micro linux):<BR> 
http://www4.pisoft.it/~andreoli/mulinux.html
<P> 
tomsrtbt:<BR> 
http://www.toms.net/rb/
<P> 
Linux Router Project:<BR> 
http://www.linuxrouter.org/
<P> 
Trinux:<BR> 
http://www.trinux.org/
<P> 
Good Luck,<BR> 
--<BR> 
Ken

<P> <hr> <P> 
<!--================================================================-->

<a name="hughes"></a>
<H3><IMG ALIGN=BOTTOM ALT="" SRC="../gx/lil2cent.gif">
ANSWER: <font color="navy">Re: scsi + ide; boot ide</font>
</H3>
Date: Sun, 29 Nov 1998 07:42:29 -0800 (PST)<BR> 
From: Phil Hughes, <A HREF="mailto:fyl@ssc.com">fyl@ssc.com</A>
<blockquote> <font color="navy">
The amazing Al Goldstein wrote:<BR> 
I have only linux on a scsi disk. I want to add an ide disk and want to
continue to boot from the scsi which has scsi id=0. Redhat installation
says this is possible. Is that true? If so how is it done?
</font></blockquote> 
First, you should be able to tell your BIOS where to boot from.  Just set
it to SCSI first and all should be ok.
<P> 
If that isn't an option, just configure LILO (/etc/lilo.conf) so that it
resides on the MBR of the IDE disk (probably /dev/hda) but boots Linux
from where it lives on the SCSI disk.
<P> 
-- <BR> 
Phil

<P> <hr> <P> 
<!--================================================================-->

<a name="stevenson"></a>
<H3><IMG ALIGN=BOTTOM ALT="" SRC="../gx/lil2cent.gif">
ANSWER: <font color="navy">Numlock at startup</font>
</H3>
Date: Thu, 03 Dec 1998 21:51:08 -0800<BR> 
From: "D. Cooper Stevenson", <A HREF="mailto:coopers@proaxis.com">
coopers@proaxis.com</A>
<blockquote> <font color="navy">
To: bmtrapp@acsu.buffalo.edu
</font></blockquote> 
Here's a bit of code I found while searching the documentation for
"numlock" It turns numlock on for all terminals at startup! The bolded
code is the added code in the /etc/rc.d/rc file of my Redhat 5.1 Linux:
<PRE> 
 Is there an rc directory for this new runlevel?
if [ -d /etc/rc.d/rc$runlevel.d ]; then
        # First, run the KILL scripts.
        for i in /etc/rc.d/rc$runlevel.d/K*; do
                # Check if the script is there.
                [ ! -f $i ] && continue

                # Check if the subsystem is already up.
                subsys=${i#/etc/rc.d/rc$runlevel.d/K??}
                [ ! -f /var/lock/subsys/$subsys ] && \
                    [ ! -f /var/lock/subsys/${subsys}.init ] && continue

                # Bring the subsystem down.
                $i stop
        done

        # Now run the START scripts.
        for i in /etc/rc.d/rc$runlevel.d/S*; do
                # Check if the script is there.
                [ ! -f $i ] && continue

                # Check if the subsystem is already up.
                subsys=${i#/etc/rc.d/rc$runlevel.d/S??}
                [ -f /var/lock/subsys/$subsys ] || \
                    [ -f /var/lock/subsys/${subsys}.init ] && continue

                # Bring the subsystem up.
                $i start
        done

        # Turn the NumLock key on at startup
        INITTY=/dev/tty[1-8]
        for tty in $INITTY; do
             setleds -D +num < $tty
        done
fi
</PRE> 

<P> <hr> <P> 
<!--================================================================-->

<a name="enrique"></a>
<H3><IMG ALIGN=BOTTOM ALT="" SRC="../gx/lil2cent.gif">
ANSWER: <font color="navy">Re: graphics for disabled</font>
</H3>
Date: Wed, 16 Dec 1998 00:13:19 GMT<BR> 
From: Enrique I.R., <A HREF="mailto:esoft@arrakis.es">
esoft@arrakis.es</A>

<blockquote> <font color="navy">
In a previous message, Pierre LAURIER says:
- control of the pointer device with the keyboard 
</font></blockquote> 
You can do it with any windowmanager. It's a XFree86 feature (v3.2, don't know
of older versions). You only have to use the XKB extension. You enable it hiting
the Control+Shift+NumLock. You should hear a beep here. Now you use the
numerical keypad to:
<PRE> 
Numbers (cursors) -&gt; Move pointer.
/,*,- -&gt; l,r&m buttons.
5 -&gt; Click selected button.
+ -&gt; Doubleclick selected button.
0(ins) -&gt; Click&Hold selected button.
.(del) -&gt; Release holded button.
</PRE> 
Read the XFree86 docs to get details.
<P> 
--<BR> 
Enrique I.R.

<P> <hr> <P> 
<!--================================================================-->

<a name="milgram"></a>
<H3><IMG ALIGN=BOTTOM ALT="" SRC="../gx/lil2cent.gif">
ANSWER: <font color="navy">BTS: GNU wget for updating web site</font>
</H3>
Date: Thu, 24 Dec 1998 03:15:16 -0500<BR> 
From: "J. Milgram", <A HREF="mailto:milgram@cgpp.com">
milgram@cgpp.com</A> 

<blockquote> <font color="navy">
Re. the question "Updating Web Site" in the Jan 1999 <I>Linux Journal</I>,
p. 61 ...
</font></blockquote> 
Haven't tried the mirror package - might be good, but you can also use
GNU wget (prep.ai.mit.edu). Below is the script I use to keep the
University of Maryland LUG's Slackware mirror up-to-date. "Crude but
effective".
<PRE> 
#!/bin/bash
#
#  Update slackware
#
#  JM 7/1998  

# usage:   slackware.wget [anything]
# any argument at all skips mirroring, moves right to cleanup.

site=ftp://sunsite.unc.edu
sitedir=pub/Linux/distributions/slackware-3.6; cutdirs=3
localdir=`basename $sitedir`
log=slackware.log
excludes=""
for exclude in bootdsks.12 source slaktest live kernels; do
  [ "$excludes" ] && excludes="${excludes},"
  excludes="${excludes}${sitedir}/${exclude}"
done

# Do the mirroring:

if [ ! "$*" ]; then
 echo -n "Mirroring from $site (see $log) ... "
 wget -w 5 --mirror $site/$sitedir -o $log -nH --cut-dirs=$cutdirs -X"$excludes"
 echo "done."
fi

# Remove old stuff
# (important, but wipes out extra stuff you might have added)

echo "Removing old stuff ..."
for d in `find $localdir -depth -type d`; do
  pushd $d > /dev/null
  for f in *; do
     grep -q "$f" .listing || { rm -rf "$f" && echo $d/$f; }
  done
  popd > /dev/null
done
echo "Done."

</PRE>
--<BR>  
Judah 

<P> <hr> <P> 
<!--================================================================-->

<a name="carr"></a>
<H3><IMG ALIGN=BOTTOM ALT="" SRC="../gx/lil2cent.gif">
ANSWER: <font color="navy">Linux Boot-Root</font>
</H3>
Date: Mon, 7 Dec 1998 12:57:34 +0100<BR> 
From: Ian Carr-de Avelon, <A HREF="mailto:ian@emit.pl">
ian@emit.pl</A> 
<P>
This is an answer to one of the letters in the December '98 issue.
<blockquote> <font color="navy">
   Date: Wed, 04 Nov 1998 19:01:02 +0000
   From: Roberto Urban, roberto.urban@uk.symbol.com
   Subject: Help Wanted - Installation On Single Floppy
</font></blockquote> 
<blockquote> <font color="navy">
   My problem seems to be very simple yet I am struggling to solve it. I
   am trying to have a very basic installation of Linux on a single
   1.44MB floppy disk and I cannot find any documents on how to do that.
   My goal is to have just one floppy with the kernel, TCP/IP, network
   driver for 3COM PCMCIA card, Telnet daemon, so I could demonstrate our
   RF products (which have a wireless Ethernet interface - 802.11 in case
   you are interested) with just a laptop PC and this floppy. I have
   found several suggestions on how to create a compressed image on a
   diskette but the problem is how to create and install a _working_
   system on the same diskette, either through a RAM disk or an unused
   partition. The distribution I am currently using is Slackware 3.5.
</font></blockquote> 
Making a "boot-root" disk is not too difficult and there is information
and and examples available:
http://metalab.unc.edu/LDP/HOWTO/Bootdisk-HOWTO.html
http://www.linuxrouter.org/
<P> 
Maybe the new LDP site should have a link from every page of Linux Gazett:
http://metalab.unc.edu/LDP/ 
<P> 
I build boot-root disks quite regularly and they have lots of uses Eg:
<ol>
<li>change an old PC into a dial on demand router for a net.
<li>Give clients and emergency disk which will ring in to us so we can 
log in and fix things. (Even if the main  OS on the machine is not
Linux)
<li>Turn any Windows PC on the net into a terminal, or testbed for 
network hardware.
<li>Clients often bring laptops for installations with no easy way of 
connecting them to the net. A bootroot disk and a PLIP cable gives
me a simple way to get the laptop to let me telnet to it and ftp files
across.
</ol>
Basicly it is just a matter of reducing what you are trying to something
which will fit on the floppy and following the HOWTO. If you are short of
space you can usually gain a little by using older versions.
<P> 
Having said that you are putting yourself up against some additional 
problems here.  Laptops are notorious for being only PC compatable
with drivers which are only available for Windows. Even here there
is some support:
http://www.cs.utexas.edu/users/kharker/linux-laptop/
but you should realise that not all PCMCIA chip sets are supported 
and that is before you get onto support for the card itself. Obvioulsy
if the card is your own product you have some advantages as far as getting
access to technical information :-) but in general if the laptop and
card manufacturers are unwilling to give information you can end up
wasting a lot of time on reverse engineering and sometimes still fail.
<P> 
--<BR> 
Ian

<P> <hr> <P> 
<!--================================================================-->

<a name="sergio"></a>
<H3><IMG ALIGN=BOTTOM ALT="" SRC="../gx/lil2cent.gif">
<font color="navy">Replies to My Questions in Nov. 98 <I>Linux
Gazette</I></font>
</H3>
Date: Tue, 15 Dec 1998 20:23:48 -0800<BR> 
From: Sergio Martinez, <A HREF="mailto:sergiomart@csi.com">
sergiomart@csi.com</A> 
<P> 
Last month, Ms. Richardson published a short letter I wrote
that asked some questions about the differences among the
terminology of GUIs, window managers, desktops, interfaces,
and a bit about the differences among GNOME, KDE, and Windows.
These matters came to mind as I switched from Windows 95 to
Linux, with its multiple choices of window managers.
<P> 
Several people were kind enough to send long replies. I'm
forwarding them to you in case you would like to consider using
one as an article, or editing them into one. I suppose the title
could be something like "A Vocabulary Primer to GUI's, Window
Managers, Desktops, Interfaces, and All That".
<P> 
I'm leaving all this to your judgment. It would be an article
for newbies, but I found most of the replies very informative
for this migrant from Windows 95.
<P> 
--<BR> 
Sergio E. Martinez
<P> <center>--------------------------------------------------------------</center>
Date: Tue, 1 Dec 1998 13:44:20 -0500 <BR> 
From: Moore, Tim, <A HREF="mailto:Tim.Moore@ThomsonConsulting.com">
Tim.Moore@ThomsonConsulting.com</A> 
<P> 
I don't have time to write a full article, but I can answer your questions.
Unfortunately, I'm using MS Outlook to do so (I'm at work and I have to )-:
) so sorry if this comes out formatted funny in your mailer.
<P> 
<blockquote><font color="navy">
Terminology: The differences (if any) among a GUI, a window manager, a
desktop, and an interface. How do they differ from X windows? 
</font></blockquote> 
In the X world, things tend to be split up into multiple components, whereas
in other systems, everything is just part of the "OS". Here are some
definitions:
<P> 
Interface is a general term which really just means a connection between two
somewhat independent components -- a bridge. It is often used to mean "user
interface" which is just the component of a computer system which interacts
with the user.
<P> 
GUI is another general term, and stands for graphical user interface.  It's
pretty much just what it sounds like; a user interface that is primarily
graphical in nature.  Mac OS and Windows are both GUIs.  In fact, pretty
much everything intended for desktop machines is these days.
<P> 
On Mac OS and Windows, capabilities for building a graphical interface are
built into the OS, and you just use those.  It's pretty simple that way, but
not very flexible.  Unix and Unix-like OSes don't have these built in
capabilities -- to use a GUI, you have to have a "windowing system."  X is
one of them -- the only one that sees much use these days.
<P> 
All X provides is a way to make boxes on the screen (windows) and draw stuff
in them.  It doesn't provide a) ways to move windows around, resize them, or
close them, b) standard controls like buttons and menus, c) standards or
guidelines for designing user interfaces for programs, or for interoperating
between programs (e.g., via drag and drop or a standard help system).
<P> 
A window manager is a program which lets you move windows around and resize
them.  It also usually provides a way to shrink a window into an icon or a
taskbar, and often has some kind of a program launcher.  The user can use
any window manager that he or she wants -- any X application is supposed to
work with any window manager, but you can only run one at a time.  That is,
you can switch between window managers as much as you want, but at most one
can be running at a time, and all programs on screen are managed by
whichever one is running (if any).
<P> 
A widget set is a library of routines that programmers can use to make
standard controls like buttons and menus (which are called widgets by X
programmers).  The widget set that an application uses is chosen by the
*programmer* (not the user).  Most people have multiple widget sets
installed, and can run multiple programs using different widget sets at the
same time.
<P> 
Finally, there's the desktop environment.  This is the newest and most
nebulous X term.  It basically means "the things that the Mac OS and Windows
GUIs have that X doesn't but should" which generally consists a set of
interacting applications with a common look and feel, and libraries and
guidelines for creating new applications that "fit in" with the rest of the
environment.  For example, all KDE applications use the same widget set (Qt)
and help program, and you can drag and drop between them.  You can have
multiple desktop environments installed at the same time, and you can run
programs written for a different environment than the one you're running
without having to switch, as long as you have it installed.  That is, if you
use GNOME, but like the KDE word processor KLyX, you can run KLyX without
running any other KDE programs, but it won't necessarily interoperate well
with your GNOME programs.  You can even run the GNOME core programs and the
KDE core programs at the same time, thought it doesn't really make much
sense to, as you would just end up with two file managers, two panels, etc.

<blockquote><font color="navy">
Do all window managers (like GNOME or KDE or FVWM95) run on top of X
windows? 
</font></blockquote> 
Yes, though GNOME and KDE aren't window managers (they're desktop
environments).  KDE comes with a windowmanager (called KWM).  GNOME doesn't
come with a window manager -- you can use whichever one you want, though
some have been specifically written to interoperate well with GNOME programs
(Enlightenment being the furthest along).  But yes, they all require X to be
running.

<blockquote><font color="navy">
What exactly does it mean for an application to be GNOME or KDE aware? What
happens if it's not? Can you still run it? 
</font></blockquote> 
It just means that it was written using the GNOME or KDE libraries.  This
means a few things: 1) programs will probably *not* be both GNOME *and* KDE
aware, 2) you have to have the GNOME libraries installed to run GNOME-aware
applications, 3) you can run GNOME applications and KDE applications
side-by-side, and to answer your question, 4) you can always run non-aware
applications if you use either environment.

<blockquote><font color="navy">
What exactly do the GTK+ (for GNOME) or Troll (for KDE) libraries do? 
</font></blockquote> 
GTK+ and Qt (which is the name of the product by Troll Tech that KDE uses)
are both widget sets.  That is, they provide buttons, menus, scrollbars, and
that sort of thing to application developers.  Note that applications can
use GTK+ or Qt without being GNOME or KDE aware, but *all* GNOME apps use
GTK+ and *all* KDE apps use Qt.

<blockquote><font color="navy">
How does the history of Linux (or UNIX) window managers compare to that of
say, the desktop given to Win98/95 users? How, specifically, does Microsoft
limit consumer's choices by giving them just one kind of desktop, supposedly
one designed for ease of use? 
</font></blockquote> 
This is a much more complicated question.  In essence, Windows provides a
built in windowing system, window manager, widget set, and desktop
environment, so everybody uses those instead of being able to chose the one
they like.

<blockquote><font color="navy">
What's happening with Common Desktop Environment? Is it correct that it's
not widely adopted among Linux users because it's a resource hog, or not
open source? 
</font></blockquote> 
Yes.  Also, it costs a lot of money.  You can get it from Red Hat, though.
<P> 
--<BR> 
Tim
<P> <center>--------------------------------------------------------------</center>
Date: Wed, 2 Dec 1998 00:34:46 +0100 (AMT)<BR> 
From: Hans Nieuwenhuis, <A HREF="mailto:niha@ing.hj.se">
niha@ing.hj.se</A> 
<P> 
I read your mail today in the Linux Gazette and decided to answer (or try
to) your questions.
<P> 
Here it goes:
<P> 
X-Windows is designed as a client-server system. Advantage is that you can
run the server on another machine then the machine your monitor is
connected to. Then you need a client. This can be a program or a window
manager. A window manager communicates with the server by asking it to
create a window. When the server fullfilled the requests the windowmanager
ads a nice titlebar to it and lets the application create its interface.
Basicly the window manager stand between the server and the application,
but that is not necessary. It is possible to run an application on a X
server without a window manager but the only thing you are able to do is
run that specific application, close it and kill the X server.
<P> 
A GUI is a Graphical User Interface, which means all of the information
presented on the screen is done by windows, menus, buttons etc... Just
like Windows. Also all the interaction, the interface is based upon those
windows and buttons. The main goal of a GUI is to provide a uniform system
of presenting windows and gathering information. A good example in MS
Windows is the Alt+F4 keystroke, with this keystroke you can close any
window on your screen. 
A window manager can be part of this system. This is what happens with
KDE and CDE. They both feature their own window manager and then you are
able to bring this same uniformity to your desktop. Basicly what I see as 
a desktop is the set of applications which are availeble on a certain
system. A uniform GUI can bring also features like drag and drop and
"point and shoot", associate applications to a certain filetype.
One question you ask about the awareness for GNOME or KDE, this means,
that a program that is designed for those environment is (or should be)
able to communicate with other programs that are designed for those
environments. This brings you for example drag and drop. Some programs can
indeed not run without the desktop environment for which they are
designed, but some can. For example I use KDE programs, but I do not like
their window manager so I use Window Maker, which is not designed for use
in the KDE environment, therefore I have to lack some features.
<P> 
The libraries: GTK+ and Qt (Troll, as you mentioned it) are toolkits. What
they basicly do is draw windows, buttons and menus. These are tour Legos
with which you build your interface. And yes, if you want to run
applications designed for a specif environment, say GNOME, you need
atleast the GNOME libaries, like GTK+ and a few others.
<P> 
As I mentioned before, the client-server design of X-Windows gives the
user the flexibility to choose a window manager they like, but basicly
they do the same as the win95/98 system. Win95/98 limits you to one look
and feel (yeah you can change the color of your background, but that is
about it), but manages also windows. But it does not give the user the
freedom to experiment with other looks and feels. Most modern window
managers permits you to define other keybindings and such. And if you
don't like GNOME you can use KDE and vice versa (there are a few others
btw).
<P> 
All I know about CDE is that it is based on the Motif toolkit (compare
GTK+ and Qt) and this toolkit is not free (better say GPLed software)  
like GTK+. I think that is the main reason why it is not used very much on
Linux. But if it is a resource hog I do not know. Personally the main
reason why I will not use it is because it looks ugly :-)
<P> 
Well that is about it, I hope this information is a bit usefull. If you
have questions, do not hesitate...
<P> 
--<BR> 
Hans Nieuwenhuis

<P> <center>--------------------------------------------------------------</center>
Date: Sat, 05 Dec 1998 00:29:34 -0500<BR> 
From: sottek, <A HREF="mailto:sottek@quiknet.com">
sottek@quiknet.com</A>
<P> 
  I thought I would take the time to send you some
information about the questions you have posted
on Linux Gazette. From your question I can tell
that even though you are new to Linux you have seen
some of the fundamental differences in the interface
workings. I currently work for Intel where I
administrate Unix Cad tools, and am having to
explain these differences to management everyday...
I think you will understand far better than they
do :)

<blockquote><font color="navy">
1.Terminology: The differences (if any) among a GUI, a window manager, a
desktop, and an interface. How do they differ from X windows? 
</font></blockquote> 
X windows is a method by which things get drawn on
your screen. All x windows clients (the part drawing
in front of you) have to know how to respond to
certain commands, like 'draw a green box', 'Draw a
pixel' allocate memory for client images... This
in itself is NOT what you think of as "Windows". All
applications send these commands to your client.
This is done through tcp/ip, even if your
application and your client are both on the machine
in front of you.  This is VERY VERY important. The
#1 design flaw in MS Windows is the lack of this
network layer in the windows system. Every X
application (any window... xterm netscape xclock)
looks at your "DISPLAY" environment variable to
find out who it should tell to draw itself. IF
your DISPLAY is set to computer1:0.0 and you are
on computer2 and you type 'xterm' it will pop up
on computer1's screen (Provided you have permission)
This is why on my computer at work I have windows
open from HP's RS6000's Sun's... Linux(when I'm
sneeky) and they all work just fine together.
<blockquote><font color="navy">
2.Do all window managers (like GNOME or KDE or FVWM95) run on top of X
windows? 
</font></blockquote> 
 Well, yes. Given the above you should now know
that X is the thing that draws. Anything that needs
to draw has to run "on" X.
<P> 
  BUT, we need to get a better understanding of the
window manager because I didn't tel you about that
yet. In MS Windows when a program hangs it sits
on your screen until you can kill it. There is
usually no way to move it, or minimize it. This is
design flaw #2 in windows. Every MS Windows program
has to have some code for the title bar, close,
maximize, and minimize buttons. This code is in
shared libs so you don't have to write it yourself
but never the less it IS there. In X windows the
program knows nothing about its titlebar, or the
buttons on it. The program just keeps telling X
to draw whatever it needs. Another program, the
window manager does those things (It 'Manages
windows') The window manager draws the title bars
and the buttons. The window manager also 'hides'
a window from you when it is minimized and replaces
it with an icon. The program has NO say so in the
matter. This means that even is a program is totally
locked up it can be moved, minimized, and killed.
(Sometimes not killed unless you window manager
is set to send a kill -9)
<P> 
  That being said here is the bad news. KDE and
gnome and NOT window managers. They do not draw
title bars, allow you to resize windows and stuff
like that. They are just a program that does things
like provide a button bar (which some window
managers do too) and the stuff like telling programs
how they should look.

<blockquote><font color="navy">
3.What exactly does it mean for an application to be GNOME or KDE aware?
What happens if it's not? Can you still run it? 
</font></blockquote> 
 gnome aware applications do what I was just about
to mention. They pay attention to gnome when it
tells them how to look and act. If gnome says 'you
should have a red background' they do it. Also
there will be some advanced things like an app can
ask gnome if it can have a spell checker and gnome
can supply it with one (See CORBA stuff) KDE is
the same way minus the CORBA (I think)

<blockquote><font color="navy">
4.What exactly do the GTK+ (for GNOME) or Troll (for KDE) libraries do? 
</font></blockquote> 

  This is a hidden layer called widgets. It allows
you do say 'draw a button' rather than 'draw a box,
draw an edge on that box so it looks 3d, put some
text in that box, make sure this box looks for 
mouse clicks, if a click happens remove that 3d
stuff and put it back pretty quick'.  It would not
be a good idea to try to program complex things
without a widget set.

<blockquote><font color="navy">
5.How does the history of Linux (or UNIX) window managers compare to
that of say, the desktop given to Win98/95 users? How, specifically,
does Microsoft limit
     consumer's choices by giving them just one kind of desktop,
supposedly one designed for ease of use?
</font></blockquote> 
 
 I think you can get this from the other answers.
really the limit are...
<ol>
<li>You have to run the program on the same machine
where you want to see it.
<li>You can't choose another window manager if you
don't like the way windows works.
<li>No matter how configurable windows is, if there
is just 1 thing you need that it doesn't have built
in , there is no way to get it. With X you just
use a different wm,desktop,widget set, whatever.
</ol>
<blockquote><font color="navy">
6.What's happening with Common Desktop Environment? Is it correct that
it's not widely adopted among Linux users because it's a resource hog,
or not open
     source? 
</font></blockquote> 
 CDE what a thing driven by big Unix verdors for
their own needs. Things that start that way
get re-invented to suit everyones needs, hence
Gnome and KDE.
<P> 
  Well, when I get going I can sure waste some time.
I hope I haven't taken up too much of you time
with this. I'll leave you with just 1 thing.
<P> 
 I know hundreds of world class programmers, and
administrators who are gods on BOTH NT and Unix.
I know not a single one who prefers NT. Keep
learning until you agree, I know you will.
<P> 
--<BR> 
SOTTEK

<P> <center>--------------------------------------------------------------</center>
Date: Sat, 5 Dec 1998 09:48:43 -0600<BR> 
From: Dustin Puryear, <A HREF="mailto:dpuryear@usa.net">
dpuryear@usa.net</A> 
<blockquote><font color="navy">
desktop, and an interface. How do they differ from X windows? 
</font></blockquote> 

X windows is what sits behind it all. More or less, it controls the access to
your hardware and provides the basic functionality that is needed by the wm.
The wm controls windows, and how the user interacts with them. A desktop, such
as KDE or GNOME, provides more services than a wm. For instance, drag 'n drop
is a feature of a desktop, not a wm.

<blockquote><font color="navy">
Do all window managers (like GNOME or KDE or FVWM95) run on top of X
windows?      
</font></blockquote> 

Yes.

<blockquote><font color="navy">
What exactly does it mean for an application to be GNOME or KDE aware? What
happens if it's not? Can you still run it?      
</font></blockquote> 

They use the functions provided by GNOME or KDE, not just X.

<blockquote><font color="navy">
What exactly do the GTK+ (for GNOME) or Troll (for KDE) libraries do?     
</font></blockquote> 

GTK+ and Qt (KDE) provide the basic foundation for the desktops. For instance,
Qt provides the code to actually create a ListBox (a list of items a user can
choose). KDE just uses this code to do it's thing. Note that Qt can be used for
console apps just as well as for X apps. I'm not familiar with GTK+, so I can't
comment.

<blockquote><font color="navy">
What's happening with Common Desktop Environment? Is it correct that it's not
widely adopted among Linux users because it's a resource hog, or not open
source? 
</font></blockquote> 

Well, Red Hat used CDE for a while (I think). However, they could not actually
fix anything with it since it's was closed source. They have since moved to
GNOME. However, there are some CDE clones out there.
<P> 
--<BR> 
Dustin 

<P> <center>--------------------------------------------------------------</center>
Date: Sat, 05 Dec 1998 19:45:34 +0000<BR> 
From: "Richard J. Moore", <A HREF="mailto:moorer@cs.man.ac.uk">
moorer@cs.man.ac.uk</A> 
<P> 
Hope this helps:

<blockquote><font color="navy">
1.Terminology: The differences (if any) among a GUI, a window manager, a desktop, and an interface. How do they differ from X windows? 
</font></blockquote> 

A GUI (Graphical User Interface) is a general term that refers to the
basic
idea of using a graphical representation to communicate with the user
(as
opposed to a text based interface such as the command line).
<P> 
A window manager is an idea that is really specific to X windows. In X
windows the policy for how windows are arranged and controlled is
separated
from the core system, the window manager is a special program that does
this.
This allows people to choose a window manager that has a policy that is
good 
for them, and allows new window managers to be created that have
different
policies. The window manager draws window borders, minimise/maximise
buttons etc.
You can mix and match window managers, but most GUI toolkits for UNIX
will
provide one as standard.
<P> 
A desktop is a metaphor used by many GUIs it is basically an attempt to
make computers fit in with the way people would work in an office. The
hope
is that this will make it easy for people to operate the system. The
term is
also used more generally to refer to a combination of window manager,
toolkit
(the box of parts used by the programmers of the system), and other
'standard'
applications. If a set of tools is referred to as a desktop, it
generally means
that it will provide all of these things, and that they will be designed
to
work together in an integrated fashion. An example would be KDE
(http://www.kde.org/).
<P> 
An 'interface' is just an abbreviation for a user interface. This is the
view that a program presents to the user, and (for a graphical user
interface)
is usually composed of widgets such as menus, checkboxes, push buttons
etc.
<P> 
Finally X windows is a toolkit for actually getting all of the widgets
etc.
onto your screen. It provides routines for drawing lines, circles etc.
and
these are used to draw everything you see. X windows is a lot more
complicated
and powerful than this really, but it would take a book to explain why.
If you
want this level of detail then look at the O'Reilly X windows
programming series.

<blockquote><font color="navy">
2.Do all window managers (like GNOME or KDE or FVWM95) run on top of X windows? 
</font></blockquote> 

Yes, though neither Gnome nor KDE is a window manager. Both of these are
complete
desktops and though they provide window managers, there is much more to
them than
just that. The window manager in KDE is called kwm.

<blockquote><font color="navy">
    3.What exactly does it mean for an application to be GNOME or KDE aware? What happens if it's not? Can you still run it? 
</font></blockquote> 

It means the app will talk to the window manager to get support for
special
features of that environment, and that it will use the standard look and
feel
of the desktop. If the app is not compliant then it should still work
fine,
but the special features will be unavailable. The other situation is
using
a compliant app with a nonstandard window manager, in this case too the
app
should work fine (but some feature may be unavailable). It is possible
for
window managers other than the standard ones to be compliant, for
example
there is now a KDE-Compliant version of the BlackBox WM.

<blockquote><font color="navy">
    4.What exactly do the GTK+ (for GNOME) or Troll (for KDE) libraries do? 
</font></blockquote> 

They provide tools such as edit widgets, menus etc. in a form that makes
them
easy to reuse. The library used by KDE (called Qt, see
http://www.troll.no/qt)
is written in a language called C++ and also provides tools for
programmers such
as routines for platform independent access to files and directories
etc. GTK+
is similar though it has narrower scope and is written in C.

<blockquote><font color="navy">
    5.How does the history of Linux (or UNIX) window managers compare to that of say, the desktop given to Win98/95 users? 
</font></blockquote> 

Badly :-(

<blockquote><font color="navy">
     How, specifically, does Microsoft limit consumer's choices by giving them just one kind of desktop, supposedly one designed for ease of use? 
</font></blockquote> 

They restrict the system to a single view which may not be the best one
for the
job. Allowing people the choice means people can choose the best for
them, even
if it is nonstandard. The downside of this is that if everyone uses a
different
window manager then supporting and managing the system becomes
difficult. In
between these two options is the choice made by most UNIX toolkits -
have a
standard window window manager, but allow people to use another if they
want.

<blockquote><font color="navy">
    6.What's happening with Common Desktop Environment? Is it correct that it's not widely adopted among Linux users because it's a resource hog, or not open
      source? 
</font></blockquote> 

CDE is based on Motif which is an old C toolkit that is (IMHO) looking
rather
dated. Motif is very slow, and as you say is very resource hungry. In
the
past linux versions have often been buggy, though this situation may
have
improved. I found CDE itself to be quite poor, it works fine if you
spend
all your time in a single application (such as emacs), but using the
drag
and drop, and some of the built in tools was generally problematic. IMHO
It is unlikely to take off on linux because it it pricey and of lower
quality than the free alternatives.
<P> 
--<BR> 
Rich



<P> <hr> <P> 
<!--================================================================-->
<center>Published in <I>Linux Gazette</I> Issue 36, January 1999</center>
<P> <hr> <P> 
<!--================================================================-->
<A HREF="./lg_toc36.html"><IMG SRC="../gx/indexnew.gif" ALT="[ TABLE OF 
CONTENTS ]"></A> <A HREF="../index.html"><IMG SRC="../gx/homenew.gif" 
ALT="[ FRONT PAGE ]"></A> <A HREF="./lg_mail36.html"><IMG SRC="../gx/back2.gif" ALT=" Back "></A>
<A HREF="./lg_bytes36.html"><IMG SRC="../gx/fwd.gif" ALT=" Next "></A>

<P> <hr> <P>
<h5>This page maintained by the Editor of <I>Linux Gazette</I>,
<A HREF="mailto: gazette@ssc.com">gazette@ssc.com</A><BR> 
Copyright &copy; 1999 Specialized Systems Consultants, Inc. </H5> 
<P> 
<P><hr><p>
<H4>"Linux Gazette...<I>making Linux just a little more fun!</I>"</H4>
<HR>
<center>
<table cellpadding=7><tr><td>
<IMG SRC="../gx/bytes.gif" border=1  ALT="News Bytes">
</td><td>
<H3>Contents:</H3>
<ul>
<li><a HREF="./lg_bytes36.html#general">News in General</a>
<li><a HREF="./lg_bytes36.html#software">Software Announcements</a>
</ul>
</td></tr></table>
</center>

<a name="general"></a>
<p><hr><p>
<!-- =================================================================== -->
<center><H3><font color="green">News in General</font></H3></center>

<P> <hr> <P> 
<!-- =================================================================== -->

<center><IMG ALT=" "   SRC="./gx/cover58.jpg"></center>
<H3><IMG ALT=" "   SRC="../gx/bolt.gif">
<font color="green">
February 1999 <I>Linux Journal</I>
</font>
</H3>
<P> 
The February issue of <A HREF="http://www.linuxjournal.com/"><I>Linux
Journal</I></A> will be hitting the newsstands January 11.
This issue focuses on Cutting Edge Linux with an article on wearable
computers by Dr. Steve Mann. Also, featured are articles on COAS, Csound,
VNC, KDE and GNOME.
Check out the Table of Contents at
<A HREF="http://www.linuxjournal.com/issue58/index.html">
http://www.linuxjournal.com/issue58/index.html</A>.
To subscribe to <I>Linux Journal</I>, go to <A
HREF="http://www.linuxjournal.com/ljsubsorder.html">
http://www.linuxjournal.com/ljsubsorder.html</A>.


<P> <hr> <P> 
<!-- =================================================================== -->

<H3><IMG ALT=" "   SRC="../gx/bolt.gif">
<font color="green">
Open Source Petition
</font>
</H3> 
<P> 
Date: Sat, 05 Dec 1998 15:20:19 -0500<BR> 
A petition has recently been launched asking the General Services
Administration of the US Government to evaluate Open Source software
(OSS) alongside commercial software whenever it buys or upgrades
computers. The goal of the petition, written by Prof. Clay Shirky and
sponsored by the Open Source Iniative and O'Reilly and Associates, and
hosted on www.e-thepeople.com, is to point out that OSS has reached a
level of quality, reliability and support that makes it competitive with
existing commercial products. 
<P> 
The ultimate hope is to get vendors of Open Source software included
in contract bids for Federal Government work.
<P> 
If you are interested in this petition, there are three things you can
do:
<ul>
<li>Sign it:
<A
HREF="http://www.ethepeople.com/etp/affiliates/national/fullview.cfm?ETPID=0&PETID=74386&ETPDIR=affiliates/national/">
http://www.ethepeople.com/etp/affiliates/national/fullview.cfm?ETPID=0&PETID=74386&ETPDIR=affiliates/national/</A> 

<li>Post the press release URL on sites or in other forums whose members
  might be interested in such a thing:
<A HREF="http://www.shirky.com/opensource/petition.html">
http://www.shirky.com/opensource/petition.html</A> 

<li>Pass this message on.
</ul>
For more information:<BR> 
Clay Shirky, <A HREF="mailto:clay@shirky.com">clay@shirky.com</A> 

<P> <hr> <P> 
<!-- =================================================================== -->

<H3><IMG ALT=" "   SRC="../gx/bolt.gif">
<font color="green">
LinuxWorld Conference & Expo - March 1999
</font>
</H3> 
<P> 
IDG World Expo, the world's
leading producer of IT-focused conferences and expositions, will produce
LinuxWorld Conference & Expo, the first international exposition addressing
the business and technology issues of the Linux operating environment.
<P> 
Addressing the needs of both the Linux business and development
communities, LinuxWorld Conference and Expo, headed by Charles Greco,
President of IDG World Expo, features a high-level, technical conference
program led by industry luminaries offering advice and solutions on the
industry's fastest growing operating systems technology.  An exhibit floor
highlighting leading service providers, solutions integrators, and
development organizations -- Pacific HiTech, Enchanced Software, <I>Linux
Journal</I>, Knock Software, and Oracle among others -- will also include
customized event areas such as Start-up City, Developer Central and
Developer Greenhouse, which will spotlight the latest developments and
emerging companies in the Linux arena.
<P> 
The first LinuxWorld Conference and Expo will be held March 1-4, 1999 in
San Jose, California at
the San Jose Convention Center.  The target audience
includes Linux developers, Fortune 1000 business leaders, enterprise
managers, CIOs, service providers, system administrators, software solution
providers, computer consultants, and solutions
integrators.
<P> 
Dr. Michael
Cowpland, President and CEO, Corel Corporation, Mark Jarvis, Senior Vice
President of World Wide Marketing, Oracle and Linus Torvalds, Creator of
Linux, the open source operating system, will be the featured keynote
speakers on Tuesday, March 2.  Keynotes are open to all registered
attendees.
<P> 
For more information:<BR> 
<A HREF="http://www.linuxworldexpo.com/">http://www.linuxworldexpo.com/</A> 

<P> <hr> <P> 
<!-- =================================================================== -->

<H3><IMG ALT=" "   SRC="../gx/bolt.gif">
<font color="green">
Debian Project Adopts a Constitution
</font>
</H3> 
<P> 
December 14, 1998<BR> 
The Debian Project adopted a constitution which can be viewed at 
<A HREF="http://www.debian.org/devel/constitution/">
http://www.debian.org/devel/constitution/</A>.  The highlights of the 
constitution include the creation of the Technical Committee, the Project 
Leader postion, the Project Secretary position, Leader Delegate positions 
and a voting proceedure.  The constitution was proposed in September 1998, 
and after a discussion period the vote took place in December 1998.  It was 
virtually unanimously in favor with 86 valid votes.
<P> 
The discussion about the constitution began in early 1998 and was carried 
out on the Debian mailing lists.  Most of the discussion can be found in the 
archives of the debian-devel mailing list at http://www.debian.org/Lists-Ar
chives/.  Details of the vote can be found at http://www.debian.org/vote/19
99/vote_0000.
<P> 
The constitution describes the organisational structure for formal 
decisionmaking within the Debian Project.  As Debian continues to grow, this 
will be a valuable document to ensure that Debian continues to evolve and 
grow with the input and contributions from its membership.
<P> 
For more information:<BR> 
<A HREF="http://www.debian.org/">http://www.debian.org/</A> 

<P> <hr> <P> 
<!-- =================================================================== -->

<H3><IMG ALT=" "   SRC="../gx/bolt.gif">
<font color="green">
Linux Links
</font>
</H3> 
<P> 
Linux is the cover story of December Network Magazine:
<A
HREF="http://www.networkmagazine.com/">http://www.networkmagazine.com/</A> 
<P> 
Perl Web site at The Mining Co.: 
<A HREF="http://perl.miningco.com/">http://perl.miningco.com/</A> 
<P>  
LinuxCAD review: 
<A HREF="http://pw2.netcom.com/~rwuest/linuxcadreview.html">
http://pw2.netcom.com/~rwuest/linuxcadreview.html</A> 
<P> 
Comdex and the Linux pavilion:
<A HREF="http://marc.merlins.org/linux/comdex98/">
http://marc.merlins.org/linux/comdex98/</A> 
<P> 
Tea Party:
<A HREF="http://marc.merlins.org/linux/teaparty/">
http://marc.merlins.org/linux/teaparty/</A> 
<P> 
The Internet an International Public Treasure: A Proposal:
<A HREF="http://firstmonday.dk/issues/issue3_10/hauben/index.html">
http://firstmonday.dk/issues/issue3_10/hauben/index.html</A> 
<P> 
Linux and Apple:
<A HREF="http://www.techweb.com/wire/story/TWB19981215S0011">
http://www.techweb.com/wire/story/TWB19981215S0011</A> 
<P> 
"The money's too good": <A
HREF="http://www.salonmagazine.com/21st/rose/1998/10/23straight.html">
http://www.salonmagazine.com/21st/rose/1998/10/23straight.html</A> 


<a name="software"></a>
<P> <hr> <P> 
<!-- =================================================================== -->
<center><H3><font color="green">Software Announcements</font></H3></center>

<P> <hr> <P> 
<!-- =================================================================== -->

<H3><IMG ALT=" "   SRC="../gx/bolt.gif">
<font color="green">
Applix Adds Applixware for Linux On Compaq Alpha
</font>
</H3> 
<P>
Date: Fri, 4 Dec 1998 18:28:28 -0500<BR> 
<P>
WESTBORO, Mass.--Dec. 1, 1998--Applix, Inc.
announced today the release of Applixware 4.4.1 for Linux
running on COMPAQ's Alpha processor.
<P>
Applixware includes Applix Words, Spreadsheets, Graphics, Presents, HTML
Author and Applix Data which provides database connectivity to Oracle,
Informix, Sybase and other Linux databases. Applix Builder, a graphical,
object oriented development tool with CORBA connectivity is also included in
the suite. Microsoft Office 97 document interchange is provided through an
Applix developed set of filters for Word, Excel and PowerPoint.
<P>
For more information:<BR> 
Applix, Inc., Richard Manly, <A HREF="mailto:rmanly@applix.com">
rmanly@applix.com</A> <BR> 
<A HREF="http://linux.applixware.com/">http://linux.applixware.com/</A> 

<P> <hr> <P> 
<!-- =================================================================== -->

<H3><IMG ALT=" "   SRC="../gx/bolt.gif">
<font color="green">
NetBeans Announces Support for the Java Development Kit 1.2
</font>
</H3> 
<P>
New York, Java Business Expo, December 8, 1998 - NetBeans today announced
that its Java(tm) IDE, NetBeans DeveloperX2, supports and runs on Sun
Microsystems, Inc.'s Java Development Kit (JDK version 1.2).  This
latest release of the JDK provides a rich feature set of new class
libraries and tools, making it easier than ever for developers to create
portable, distributed, enterprise-class applications.  Sun's announcement
of the availability of the next version of the JDK was made today during
the Java Business Expo in New York.  NetBeans Developer X2 2.1
(beta) supports JDK 1.2 and uses it internally.  It is available to
NetBeans' Early Access Program participants. 
<P>
In addition to overall performance improvements, Sun's new version of the
JDK enhances the NetBeans IDE by offering features such as drag 'n drop,
Beans enhancements, collections, JDBC 2.0, and Swing 1.1.  Among other new
features, NetBeans DeveloperX2 will utilize the new APIs for grouping
and manipulating objects of different types and for extending server
functionality.  JDK 1.2 will also strengthen NetBeans users' ability to
design more user-friendly interfaces, process images, address multilingual
requirements, use stylized text, and print.
<P>
The final release of NetBeans DeveloperX2 2.1 will be available in
January, 1999.  NetBeans Developer will also be available in a concurrent
version, which will continue to support JDK 1.1.x.  NetBeans Enterprise,
a multi-user edition of the IDE due in Beta version in January, 1999, will
support JDK 1.2.  The full release of this edition of the IDE is due in
Spring, '99. 
<P>
For more information:<BR> 
<A HREF="http://www.netbeans.com/">http://www.netbeans.com/ </A>  <BR> 
Helena Stolka, <A HREF="mailto:helena.stolka@netbeans.com">
helena.stolka@netbeans.com</A> 

<P> <hr> <P> 
<!-- =================================================================== -->

<H3><IMG ALT=" "   SRC="../gx/bolt.gif">
<font color="green">
Zope Goes Open Source
</font>
</H3> 
<P>
Date: Sat,  5 Dec 1998 06:19:32 -0500 (EST)<BR> 
Just in case you missed this in LWN, http://www.zope.org/ just went
online.  It's a really nice product for developing web sites.  The
company that created it gave a talk at the DCLUG meeting a few months
back.  They dropped are strong Linux supporters.  It's there principal 
platform in house.
<P> 
For more information:<BR> 
<A HREF="http://www.zope.org">http://www.zope.org/</A> 

<P> <hr> <P> 
<!-- =================================================================== -->

<H3><IMG ALT=" "   SRC="../gx/bolt.gif">
<font color="green">
KDE on Corel's Netwinder
</font>
</H3> 
<P>
Ottawa, Canada--November 25, 1998--<BR> 
Corel Computer and the KDE project today announced a technology relationship
that will bring the K Desktop Environment (KDE), a sophisticated graphical
user environment for Linux and UNIX, to future desktop versions of the
NetWinder family of Linux-based thin-clients and thin-servers. A graphical
user interface is a necessary element for Corel Computer to create a family of
highly reliable, easy-to-use, easy-to-manage desktop computers. The alliance
between Corel Computer and KDE, a non-commercial association of Open Source
programmers, provides NetWinder users a sophisticated front-end to Linux,
a stable and robust Unix-like operating system.
<P>
Corel Computer has shipped a number of NetWinder DM, or development
machines, to KDE developers who are helping to port the desktop environment.
Additionally, NetWinder.Org developers, Raffaele Saena and John Olson,
were responsible for championing development of KDE on the NetWinder. Corel
Computer plans to announce the availability of desktop versions of the
NetWinder running KDE beginning in early 1999. Early demonstrations of
the port, such as the one shown at the Open Systems fair in Wiesbaden,
Germany, in September, have been enthusiastically received by potential
customers.
<P>
Based on the Open Source model, Corel Computer is devoting internal
development resources to the improvement of the KDE project including rigorous
testing of the environment on the NetWinder. As a developing partner, Corel
Computer will release its work back to the KDE development community.
<P>
For more information:<BR> 
<A HREF="http://www.corelcomputer.com/">http://www.corelcomputer.com/</A>
<BR> 
<A HREF="http://www.kde.org/">htt://www.kde.org/</A> 
         
<P> <hr> <P> 
<!-- =================================================================== -->

<H3><IMG ALT=" "   SRC="../gx/bolt.gif">
<font color="green">
New Perl Module Enables Application Developers to Use XML
</font>
</H3> 
<P>
Date: Wed, 25 Nov 1998 06:36:08 -0800 (PST)<BR> 
Sebastopol, CA--Perl is the language operating behind the scenes of
most dynamic Web sites. XML (Extensible Markup Language) is emerging as
a core standard for Web development. Now a new Perl module (or
extension) known as XML::Parser allows Perl programmers building
applications to use XML, and provides an efficient, easy way to parse
(break down and process) XML document parts.
<P>
Perl is renowned for its superior text processing capabilities; XML is
text that contains markup tags and structures. Thus Perl's support for
XML offers a natural expansion of the capabilities of both.
<P>
XML::Parser is built upon a C library, expat, that is very fast and
robust. Perl, expat and XML::Parser are all Unicode-aware; that is,
they read encoding declarations and perform necessary conversions into
Unicode, a system for "the interchange, processing, and display of the
written texts of the diverse languages of the modern world"
(http://www.unicode.org/). Thus a single XML document written in Perl
can now contain Greek, Hebrew, Chinese and Russian in their proper
scripts. Expat was authored by James Clark, a highly respected leader
in the SGML/XML community.
<P>
For more information:<BR> 
<A HREF="http://www.perl.com/">http://www.perl.com/</A> <BR> 
<A HREF="http://www.oreilly.com/">http://www.oreilly.com/</A> <BR> 
<A HREF="http://perl.oreilly.com/">http://perl.oreilly.com/</A> 

<P> <hr> <P> 
<!-- =================================================================== -->

<H3><IMG ALT=" "   SRC="../gx/bolt.gif">
<font color="green">
QLM for IT Reduces Cost & Guarantees Certainty of Application Development
</font>
</H3> 
<P>
Newton, Mass., December 9, 1998 - Kalman Saffran Associates, Inc. 
(KSA), a leading developer of state-of-the-art products and complex 
IT systems for data communications, telecommunications, financial, 
and interactive/CATV industries, today announced the availability 
of its new Quantum Leap Methodology (QLM(tm) ) for IT.  QLM for IT 
is an innovative process for information technology organizations 
looking to decrease expense and speed application development.  
Using QLM for IT, KSA increases productivity and certainty by 
pre-empting the mistakes that have historically created barriers to IT 
project success.  Successful application of QLM for IT allows upper 
management to refocus on strategic planning and IT objectives, and 
away from budget and schedule overruns.  At the same time the 
methodology sharpens an organization's focus on assessment, 
implementation, verification, customization and quantification. This 
approach allows KSA to guarantee speedy results and high quality. 
<P>
The QLM for IT offering is available starting at $20,000.  Companies 
interested in QLM for IT analysis and recommendations or learning more 
about KSA's comprehensive training program should call 1.888.597.9284
For more information:<BR> 
<A HREF="mailto:kalsaf@email.msn.com">kalsaf@email.msn.com</A> 

<P> <hr> <P> 
<!-- =================================================================== -->

<H3><IMG ALT=" "   SRC="../gx/bolt.gif">
<font color="green">
Spectra Logic Announces Alex 4.50, Has Linux Support
</font>
</H3> 
<P>
BOULDER, Colo., Dec. 15, 1998 - Spectra Logic Corp. today announced the
availability of Version 4.50 of its award winning Alexandria Backup and
Archival Librarian software. Alexandria 4.50 adds a number of
significant new features to provide users with greater functionality,
reliability, and ease-of-use for backup and recovery of large distributed
databases and data center applications.  
<P> 
Alexandria 4.50 has been
ported to Red Hat and Slackware Linux OSes, and additional ports are being
developed for Linux OSes from SuSE, Caldera, and TurboLinux. Alexandria
Linux support is available on the Red Hat distribution CD or from Spectra
Logic's website at www.spectralogic.com/linux/index.htm
http://www.spectralogic.com/linux/index.htm. 
<P> 
For more information:<BR> 
<A HREF="http://www.spectralogic.com/">http://www.spectralogic.com/</A> 

<P> <hr> <P> 
<!-- =================================================================== -->

<H3><IMG ALT=" "   SRC="../gx/bolt.gif">
<font color="green">
WebMaker
</font>
</H3> 
<P> 
Date: Thu, 10 Dec 1998 21:22:25 GMT<BR> 
WebMaker, an HTML Editor for UNIX, version 0.6 is out now.
(Copyright - GPL)
<P> 
Main features:
<ul>
<li>nice GUI interface; 
<li>menus, toolbar and dialogs for tag editing - like HomeSite and
   asWedit; 
<li>HTML 4.0 support; 
<li>preview for &lt;IMG&gt; tag (see screenshot); 
<li>color selectors for bgcolor and other color attributes; 
<li>color syntax highlighting; 
<li>preview with external browser (Netscape); 
<li>ability to filter editor content through any external program that
   support stdin/stdout interface; 
<li>KDE integration. 
</ul>
<P>
For more information:<BR> 
<A HREF="http://www.services.ru/linux/webmaker/">
http://www.services.ru/linux/webmaker/</A> 
	

<P> <hr> <P> 
<!--================================================================-->
<center>Published in <i>Linux Gazette</i> Issue 36, January 1999</center>
<P> <HR> <P>
<!-- =================================================================== -->
<A HREF="./lg_toc36.html"><IMG SRC="../gx/indexnew.gif" ALT="[ TABLE OF 
CONTENTS ]"></A>
<A HREF="../index.html"><IMG SRC="../gx/homenew.gif" ALT="[ FRONT 
PAGE ]"></A> 
<A HREF="./lg_tips36.html"><IMG SRC="../gx/back2.gif" ALT=" Back "></A>
<A HREF="./lg_answer36.html"><IMG SRC="../gx/fwd.gif" ALT=" Next "></A>

<P><HR><P>
<h5>This page written and maintained by the Editor of <I>Linux Gazette</I>,
<A HREF="mailto: gazette@ssc.com">gazette@ssc.com</A><BR> 
Copyright &copy; 1999 Specialized Systems Consultants, Inc. </H5> 
<P> 
<!-- ::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::: -->
<H4>"The Linux Gazette...<I>making Linux just a little more fun!</I>"</H4>
<P> <hr> <P>
<!-- ::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::: -->
<center>
<H1><A NAME="answer">
	<img src="../gx/dennis/qbubble.gif" alt="(?)" border="0" align="middle">
	<font color="#B03060">The Answer Guy</font>
	<img src="../gx/dennis/bbubble.gif" alt="(!)" border="0" align="middle">
</A></H1> 
<BR>
<H4>By James T. Dennis,
	<a href="mailto:answerguy@ssc.com">answerguy@ssc.com</a><BR>
	Starshine Technical Services,
	<A HREF="http://www.starshine.org/">http://www.starshine.org/</A> 
</H4>
</center>

<p><hr><p>
<!-- ::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::: -->
<H3>Contents:</H3>
<p><a href="#tag/greeting"
	><img src="../gx/dennis/bbub.gif" alt="(!)" border="0" 
	align="middle">Greetings From Jim Dennis</A></p>

<DL>
<!-- index_text begins -->
<dt><A HREF="#tag/a"
	><img src="../gx/dennis/qbub.gif" height="28" width="50"
	  alt="(?)" border="0"
	><strong>Routing and Subnetting 101</strong></a>
<dt><A HREF="#tag/b"
	><img src="../gx/dennis/qbub.gif" height="28" width="50"
	  alt="(?)" border="0"
	><strong>No STREAMS Error while Installing Netware 
		for Linux</strong></a>
<dt><A HREF="#tag/c"
	><img src="../gx/dennis/qbub.gif" height="28" width="50"
	  alt="(?)" border="0"
	><strong>More than 8 loopfs Mounts?</strong></a>
<dt><A HREF="#tag/1"
	><img src="../gx/dennis/qbub.gif" height="28" width="50"
	  alt="(?)" border="0"
	></a>eql dual line ppp --or--
<dd><A HREF="#tag/1"
	><strong>
EQL Serial Line "Load Balancing"
</strong></a>
<dt><A HREF="#tag/2"
	><img src="../gx/dennis/qbub.gif" height="28" width="50"
	  alt="(?)" border="0"
	></a>who to report gcc bug to? --or--
<dd><A HREF="#tag/2"
	><strong>
Where to Report Bugs and Send Patches
</strong></a>
<dt><A HREF="#tag/3"
	><img src="../gx/dennis/qbub.gif" height="28" width="50"
	  alt="(?)" border="0"
	></a>RedHat Linux (5.1) and Brand X --or--
<dd><A HREF="#tag/3"
	><strong>
How to "get into" an Linux system from a Microsoft client
</strong></a>
<dt><A HREF="#tag/4"
	><img src="../gx/dennis/qbub.gif" height="28" width="50"
	  alt="(?)" border="0"
	></a>Linux File System recommendations --or--
<dd><A HREF="#tag/4"
	><strong>
Where to Put New and Supplemental Packages
</strong></a>
<dt><A HREF="#tag/5"
	><img src="../gx/dennis/qbub.gif" height="28" width="50"
	  alt="(?)" border="0"
	></a>Your book --or--
<dd><A HREF="#tag/5"
	><strong>
Book: Linux Systems Administration
</strong></a>
<dt><A HREF="#tag/6"
	><img src="../gx/dennis/qbub.gif" height="28" width="50"
	  alt="(?)" border="0"
	></a>FTP Site... --or--
<dd><A HREF="#tag/6"
	><strong>
'ls' Doesn't work for FTP Site
</strong></a>
<dt><A HREF="#tag/7"
	><img src="../gx/dennis/qbub.gif" height="28" width="50"
	  alt="(?)" border="0"
	></a>very general process question --or--
<dd><A HREF="#tag/7"
	><strong>
An Anthropologist Asks About the Linux "Process"
</strong></a>
<dt><A HREF="#tag/9"
	><img src="../gx/dennis/qbub.gif" height="28" width="50"
	  alt="(?)" border="0"
	></a>Locating AV Research --or--
<dd><A HREF="#tag/9"
	><strong>
Looking for a Hardware Vendor: In all the Wrong Places
</strong></a>
<dt><A HREF="#tag/10"
	><img src="../gx/dennis/qbub.gif" height="28" width="50"
	  alt="(?)" border="0"
	></a>question for answerguy --or--
<dd><A HREF="#tag/10"
	><strong>
Letting Those Transfers Run Unattended
</strong></a>
<dt><A HREF="#tag/11"
	><img src="../gx/dennis/qbub.gif" height="28" width="50"
	  alt="(?)" border="0"
	></a>where can i find information about LOFS, TFS --or--
<dd><A HREF="#tag/11"
	><strong>
Translucent, Overlay, Loop, and Union Filesystems
</strong></a>
<dt><A HREF="#tag/12"
	><img src="../gx/dennis/qbub.gif" height="28" width="50"
	  alt="(?)" border="0"
	><strong>Modem dial out</strong></a>
<dt><A HREF="#tag/13"
	><img src="../gx/dennis/qbub.gif" height="28" width="50"
	  alt="(?)" border="0"
	></a>Linux Gazette --or--
<dd><A HREF="#tag/13"
	><strong>Mea Culpea</strong></a>
<dt><A HREF="#tag/15"
	><img src="../gx/dennis/qbub.gif" height="28" width="50"
	  alt="(?)" border="0"
	></a>PAM & chroot (fwd) --or--
<dd><A HREF="#tag/15"
	><strong>
'chroot()' Jails or Cardboard Boxes
</strong></a>
<dt><A HREF="#tag/16"
	><img src="../gx/dennis/qbub.gif" height="28" width="50"
	  alt="(?)" border="0"
	></a>The Linux Swap File --or--
<dd><A HREF="#tag/16"
	><strong>
Swap file on a RAM Disk
</strong></a>
<dt><A HREF="#tag/18"
	><img src="../gx/dennis/qbub.gif" height="28" width="50"
	  alt="(?)" border="0"
	></a>RedHat Linux (5.1) and Brand X --or--
<dd><A HREF="#tag/18"
	><strong>
How to "get into" an Linux system from a Microsoft client
</strong></a>
<dt><A HREF="#tag/19"
	><img src="../gx/dennis/qbub.gif" height="28" width="50"
	  alt="(?)" border="0"
	><strong>Dynamic IP Address Publishing Hack</strong></a>
<dt><A HREF="#tag/20"
	><img src="../gx/dennis/qbub.gif" height="28" width="50"
	  alt="(?)" border="0"
	><strong>Why 40-second delay in sending mail to 
		SMTP server?</strong></a>
<dt><A HREF="#tag/21"
	><img src="../gx/dennis/qbub.gif" height="28" width="50"
	  alt="(?)" border="0"
	></a>how to install two ethernet cards for proxy server for red hat linux --or--
<dd><A HREF="#tag/21"
	><strong>
Linux as Router and Proxy Server: HOWTO?
</strong></a>
<dt><A HREF="#tag/22"
	><img src="../gx/dennis/qbub.gif" height="28" width="50"
	  alt="(?)" border="0"
	></a>ey answer guy! answer this! --or--
<dd><A HREF="#tag/22"
	><strong>
PostScript to GIF
</strong></a>
<dt><A HREF="#tag/23"
	><img src="../gx/dennis/qbub.gif" height="28" width="50"
	  alt="(?)" border="0"
	><strong>troubleshooting</strong></a>
<dt><A HREF="#tag/24"
	><img src="../gx/dennis/qbub.gif" height="28" width="50"
	  alt="(?)" border="0"
	><strong>More on: &quot;Remote Login as root&quot;</strong></a>
<dt><A HREF="#tag/25"
	><img src="../gx/dennis/qbub.gif" height="28" width="50"
	  alt="(?)" border="0"
	></a>Thank You --or--
<dd><A HREF="#tag/25"
	><strong>
Kudos
</strong></a>
<dt><A HREF="#tag/26"
	><img src="../gx/dennis/qbub.gif" height="28" width="50"
	  alt="(?)" border="0"
	></a>Question --or--
<dd><A HREF="#tag/26"
	><strong>
Linux Support for Intel Pentium II Xeon CPU's and Chipsets
</strong></a>
<dt><A HREF="#tag/27"
	><img src="../gx/dennis/qbub.gif" height="28" width="50"
	  alt="(?)" border="0"
	></a>isp --or--
<dd><A HREF="#tag/27"
	><strong>
Linux Friendly ISP's: SF Bay Area
</strong></a>
<dt><A HREF="#tag/28"
	><img src="../gx/dennis/qbub.gif" height="28" width="50"
	  alt="(?)" border="0"
	></a>Hello I need some help --or--
<dd><A HREF="#tag/28"
	><strong>
Eight Character login Name Limit
</strong></a>
<dt><A HREF="#tag/29"
	><img src="../gx/dennis/qbub.gif" height="28" width="50"
	  alt="(?)" border="0"
	><strong>Locked Out of His Mailserver</strong></a>
<dt><A HREF="#tag/31"
	><img src="../gx/dennis/qbub.gif" height="28" width="50"
	  alt="(?)" border="0"
	></a>Changing the color depth for your x-server? --or--
<dd><A HREF="#tag/31"
	><strong>
Changing the X Server's Default Color Depth
</strong></a>
<dt><A HREF="#tag/32"
	><img src="../gx/dennis/qbub.gif" height="28" width="50"
	  alt="(?)" border="0"
	></a>Num Lock and X apps --or--
<dd><A HREF="#tag/32"
	><strong>
NumLock and X Problems
</strong></a>
<dt><A HREF="#tag/33"
	><img src="../gx/dennis/qbub.gif" height="28" width="50"
	  alt="(?)" border="0"
	></a>NE2000 "clones" --- not "cloney" enough! --or--
<dd><A HREF="#tag/33"
	><strong>
Expansion on NE-2000 Cards: Some PCI models &quot;okay&quot;
</strong></a>
<dt><A HREF="#tag/34"
	><img src="../gx/dennis/qbub.gif" height="28" width="50"
	  alt="(?)" border="0"
	></a>MySql --or--
<dd><A HREF="#tag/34"
	><strong>
Finding info on MySqL?
</strong></a>
<dt><A HREF="#tag/35"
	><img src="../gx/dennis/qbub.gif" height="28" width="50"
	  alt="(?)" border="0"
	></a>read please very important --or--
<dd><A HREF="#tag/35"
	><strong>
Spying: (AOL Instant Messenger or ICQ): No Joy!
</strong></a>
<dt><A HREF="#tag/36"
	><img src="../gx/dennis/qbub.gif" height="28" width="50"
	  alt="(?)" border="0"
	></a>Tuning monitors for use with X --or--
<dd><A HREF="#tag/36"
	><strong>
Fraser Valley LUG's Monitor DB
</strong></a>
<dt><A HREF="#tag/37"
	><img src="../gx/dennis/qbub.gif" height="28" width="50"
	  alt="(?)" border="0"
	></a>chattr =u and then what? --or--
<dd><A HREF="#tag/37"
	><strong>
ext2fs &quot;Undeletable&quot; Attribute
</strong></a>
<dt><A HREF="#tag/38"
	><img src="../gx/dennis/qbub.gif" height="28" width="50"
	  alt="(?)" border="0"
	><strong>How to Install Linux on an RS6000?</strong></a>
<dt><A HREF="#tag/39"
	><img src="../gx/dennis/qbub.gif" height="28" width="50"
	  alt="(?)" border="0"
	></a>Real PS Printing --or--
<dd><A HREF="#tag/39"
	><strong>
Advanced Printer Support: 800x600 dpi + 11x17" Paper
</strong></a>
<dt><A HREF="#tag/40"
	><img src="../gx/dennis/qbub.gif" height="28" width="50"
	  alt="(?)" border="0"
	><strong>TAG suggestions</strong></a>
<dt><A HREF="#tag/41"
	><img src="../gx/dennis/qbub.gif" height="28" width="50"
	  alt="(?)" border="0"
	></a>password change --or--
<dd><A HREF="#tag/41"
	><strong>
CGI Driven Password Changes
</strong></a>
<dt><A HREF="#tag/42"
	><img src="../gx/dennis/qbub.gif" height="28" width="50"
	  alt="(?)" border="0"
	><strong>ifconfig reports TX errors on v2.1.x kernels</strong></a>
<dt><A HREF="#tag/44"
	><img src="../gx/dennis/qbub.gif" height="28" width="50"
	  alt="(?)" border="0"
	></a>Trident 9685 tv --or--
<dd><A HREF="#tag/44"
	><strong>
Support for Trident Video/Television Adapter
</strong></a>
<dt><A HREF="#tag/45"
	><img src="../gx/dennis/qbub.gif" height="28" width="50"
	  alt="(?)" border="0"
	></a>Looking for info on BIOS setup --or--
<dd><A HREF="#tag/45"
	><strong>
Plug and Pray Problems
</strong></a>
<dt><A HREF="#tag/46"
	><img src="../gx/dennis/qbub.gif" height="28" width="50"
	  alt="(?)" border="0"
	></a>Mount linux drives from win9x/nt? password encryption seems to be a problem... --or--
<dd><A HREF="#tag/46"
	><strong>
Sharing/Exporting Linux Directories to Windows '9x/NT
</strong></a>
<dt><A HREF="#tag/47"
	><img src="../gx/dennis/qbub.gif" height="28" width="50"
	  alt="(?)" border="0"
	><strong>Mail processing</strong></a>
<dt><A HREF="#tag/48"
	><img src="../gx/dennis/qbub.gif" height="28" width="50"
	  alt="(?)" border="0"
	></a>Printing question --or--
<dd><A HREF="#tag/48"
	><strong>
Extra Formfeed from Windows '95
</strong></a>
<dt><A HREF="#tag/49"
	><img src="../gx/dennis/qbub.gif" height="28" width="50"
	  alt="(?)" border="0"
	></a>Root password --or--
<dd><A HREF="#tag/49"
	><strong>
Can't Login in as Root
</strong></a>
<dt><A HREF="#tag/50"
	><img src="../gx/dennis/qbub.gif" height="28" width="50"
	  alt="(?)" border="0"
	></a>Alternate root-password recovery option --or--
<dd><A HREF="#tag/50"
	><strong>
Alternative Method for Recovering from Root Password Loss
</strong></a>
<dt><A HREF="#tag/51"
	><img src="../gx/dennis/qbub.gif" height="28" width="50"
	  alt="(?)" border="0"
	></a>Journal File Support and Tarantella? --or--
<dd><A HREF="#tag/51"
	><strong>
SCOldies Bragging Rights
</strong></a>
<dt><A HREF="#tag/52"
	><img src="../gx/dennis/qbub.gif" height="28" width="50"
	  alt="(?)" border="0"
	></a>Remote tape access, using local CPU --or--
<dd><A HREF="#tag/52"
	><strong>
Application Direct Access to Remote Tape Drive
</strong></a>
<dt><A HREF="#tag/53"
	><img src="../gx/dennis/qbub.gif" height="28" width="50"
	  alt="(?)" border="0"
	></a>Mounting CD Drives from SoundCard --or--
<dd><A HREF="#tag/53"
	><strong>
Mounting multiple CD's
</strong></a>
<dt><A HREF="#tag/54"
	><img src="../gx/dennis/qbub.gif" height="28" width="50"
	  alt="(?)" border="0"
	></a>Re: leafnode-1.7 -- news server for small sites --or--
<dd><A HREF="#tag/54"
	><strong>
More on Multi-Feed Netnews (leafnode)
</strong></a>
<dt><A HREF="#tag/55"
	><img src="../gx/dennis/qbub.gif" height="28" width="50"
	  alt="(?)" border="0"
	></a>rsh config --or--
<dd><A HREF="#tag/55"
	><strong>
Getting 'rsh' to work
</strong></a>
<dt><A HREF="#tag/56"
	><img src="../gx/dennis/qbub.gif" height="28" width="50"
	  alt="(?)" border="0"
	></a>update on your answer - netware clients --or--
<dd><A HREF="#tag/56"
	><strong>
Linux as a Netware Client
</strong></a>
<dt><A HREF="#tag/57"
	><img src="../gx/dennis/qbub.gif" height="28" width="50"
	  alt="(?)" border="0"
	><strong>LILO Default</strong></a>
<dt><A HREF="#tag/61"
	><img src="../gx/dennis/qbub.gif" height="28" width="50"
	  alt="(?)" border="0"
	></a>uninstall help --or--
<dd><A HREF="#tag/61"
	><strong>
Uninstalling Linux
</strong></a>
<dt><A HREF="#tag/62"
	><img src="../gx/dennis/qbub.gif" height="28" width="50"
	  alt="(?)" border="0"
	></a>Compiling kernel --or--
<dd><A HREF="#tag/62"
	><strong>
Making a Kernel Requires 'make'
</strong></a>
<dt><A HREF="#tag/63"
	><img src="../gx/dennis/qbub.gif" height="28" width="50"
	  alt="(?)" border="0"
	></a>memory usage --or--
<dd><A HREF="#tag/63"
	><strong>
Using only 64Mb out of 128Mb Available
</strong></a>
<dt><A HREF="#tag/64"
	><img src="../gx/dennis/qbub.gif" height="28" width="50"
	  alt="(?)" border="0"
	><strong>Manipulating Clusters on a Floppy ...</strong></a>
<dt><A HREF="#tag/65"
	><img src="../gx/dennis/qbub.gif" height="28" width="50"
	  alt="(?)" border="0"
	><strong>Setting up ircd</strong></a>
<dt><A HREF="#tag/66"
	><img src="../gx/dennis/qbub.gif" height="28" width="50"
	  alt="(?)" border="0"
	><strong>Sendmail on private net with UUCP link to Internet</strong></a>
<dt><A HREF="#tag/67"
	><img src="../gx/dennis/qbub.gif" height="28" width="50"
	  alt="(?)" border="0"
	></a>Linux in general --or--
<dd><A HREF="#tag/67"
	><strong>
Complaint Department:
</strong></a>
<dt><A HREF="#tag/69"
	><img src="../gx/dennis/qbub.gif" height="28" width="50"
	  alt="(?)" border="0"
	></a>A Dual Modem configuration... how do I get it to work? --or--
<dd><A HREF="#tag/69"
	><strong>
eql Not Working
</strong></a>
<dt><A HREF="#tag/76"
	><img src="../gx/dennis/qbub.gif" height="28" width="50"
	  alt="(?)" border="0"
	></a>HELP: fetchmail dies after RH 5.2 upgrade --or--
<dd><A HREF="#tag/76"
	><strong>
 Upgrade Kills Name Server
</strong></a>
<dt><A HREF="#tag/77"
	><img src="../gx/dennis/qbub.gif" height="28" width="50"
	  alt="(?)" border="0"
	></a>Question (what else?) --or--
<dd><A HREF="#tag/77"
	><strong>
MS Applications Support For Linux
</strong></a>
<dt><A HREF="#tag/78"
	><img src="../gx/dennis/qbub.gif" height="28" width="50"
	  alt="(?)" border="0"
	><strong>Linux as a Home Internet Gateway and Server</strong></a>
<dt><A HREF="#tag/79"
	><img src="../gx/dennis/qbub.gif" height="28" width="50"
	  alt="(?)" border="0"
	></a>lilo --or--
<dd><A HREF="#tag/79"
	><strong>
Persistent Boot Sector
</strong></a>
<dt><A HREF="#tag/80"
	><img src="../gx/dennis/qbub.gif" height="28" width="50"
	  alt="(?)" border="0"
	></a>preference=20 --or--
<dd><A HREF="#tag/80"
	><strong>
Secondary MX Records: How and Why
</strong></a>
<dt><A HREF="#tag/81"
	><img src="../gx/dennis/qbub.gif" height="28" width="50"
	  alt="(?)" border="0"
	></a>LPD forks and hangs/Linux --or--
<dd><A HREF="#tag/81"
	><strong>
'lpd' Bug: "restricted service" option; Hangs Printer Daemon
</strong></a>
<dt><A HREF="#tag/82"
	><img src="../gx/dennis/qbub.gif" height="28" width="50"
	  alt="(?)" border="0"
	></a>Dual booting NT or Win9x with Linux (Red Hat 5.2) --or--
<dd><A HREF="#tag/82"
	><strong>
Dual Boot Configurations
</strong></a>
<dt><A HREF="#tag/84"
	><img src="../gx/dennis/qbub.gif" height="28" width="50"
	  alt="(?)" border="0"
	></a>Can you give me a Suggestion?/ --or--
<dd><A HREF="#tag/84"
	><strong>
Microtek Scanner Support:  Alejandro's Tale
</strong></a>
<dt><A HREF="#tag/85"
	><img src="../gx/dennis/qbub.gif" height="28" width="50"
	  alt="(?)" border="0"
	></a>Offer to make available Winmodem interface spec --or--
<dd><A HREF="#tag/85"
	><strong>
Modem HOWTO Author Gets Offer RE: WinModems
</strong></a>
<dt><A HREF="#tag/86"
	><img src="../gx/dennis/qbub.gif" height="28" width="50"
	  alt="(?)" border="0"
	></a>I do know i am boring (ma windows fa veramente cagare) --or--
<dd><A HREF="#tag/86"
	><strong>
Condolences to Another Victim of the "LoseModem" Conspiracy
</strong></a>
<dt><A HREF="#tag/87"
	><img src="../gx/dennis/qbub.gif" height="28" width="50"
	  alt="(?)" border="0"
	></a>Kai Makisara: Re: audio-DAT on SCSI streamer? --or--
<dd><A HREF="#tag/87"
	><strong>
More on: Reading Audio Tapes using HP-DAT Drive
</strong></a>
<dt><A HREF="#tag/91"
	><img src="../gx/dennis/qbub.gif" height="28" width="50"
	  alt="(?)" border="0"
	></a>Just a sugestion... --or--
<dd><A HREF="#tag/91"
	><strong>
Best of Answer Guy:  A Volunteer?
</strong></a>
<dt><A HREF="#tag/94"
	><img src="../gx/dennis/qbub.gif" height="28" width="50"
	  alt="(?)" border="0"
	></a>more on keybindings --or--
<dd><A HREF="#tag/94"
	><strong>
termcap/terminfo Oddities to Remotely Run SCO App
</strong></a>
<dt><A HREF="#tag/95"
	><img src="../gx/dennis/qbub.gif" height="28" width="50"
	  alt="(?)" border="0"
	></a>Arabic? --or--
<dd><A HREF="#tag/95"
	><strong>
Arabic BiDi Support for Linux
</strong></a>
<dt><A HREF="#tag/96"
	><img src="../gx/dennis/qbub.gif" height="28" width="50"
	  alt="(?)" border="0"
	></a>Updates: Risks and rewards --or--
<dd><A HREF="#tag/96"
	><strong>
Automated Updates
</strong></a>
<dt><A HREF="#tag/97"
	><img src="../gx/dennis/qbub.gif" height="28" width="50"
	  alt="(?)" border="0"
	><strong>Liam Greenwood: Your XDM question</strong></a>
<dt><A HREF="#tag/98"
	><img src="../gx/dennis/qbub.gif" height="28" width="50"
	  alt="(?)" border="0"
	></a>rsh on 2.0.34 --or--
<dd><A HREF="#tag/98"
	><strong>
'rsh' as 'root' Denied
</strong></a>
<!-- index_text ends -->
</DL>
<!--     .~~.~~.~~.~~.~~.~~.~~.~~.~~.~~.~~.~~.~~.~~.~~.~~.~~.~~.     -->
<A NAME="tag/greeting"><HR WIDTH="75%" ALIGN="center"></A>
<H3 align="left"><img src="../gx/dennis/bbubble.gif" height="50" width="60"
	  alt="(!) " border="0">Greetings from Jim Dennis</H3>
<!-- begin greeting -->
<p>Happy New Year everybody.  I would say more, but I think I've said
   enough for this month...</p>
<!-- end greeting -->
<!--     .~~.~~.~~.~~.~~.~~.~~.~~.~~.~~.~~.~~.~~.~~.~~.~~.~~.~~.     -->
<A NAME="tag/a"><HR WIDTH="75%" ALIGN="center"></A>

<H3 align="left"><img src="../gx/dennis/qbubble.gif" height="50" width="60"
	  alt="(?) " border="0">Routing and Subnetting 101</H3>

<p><strong>From pashah on Wed, 18 Nov 1998  
	on the L.U.S.T List</strong></p>
<!-- begin 35.26 -->
<P><STRONG>
Hullo list,
</STRONG></P>
<P><STRONG>
what is the way to devide a net into subnets according to
bits bourder?
</STRONG></P>
<BLOCKQUOTE><IMG SRC="../gx/dennis/bbub.gif" alt="(!)"
	HEIGHT="28" WIDTH="50" BORDER="0"
	>
This is a very large subject --- and your question
isn't sufficiently detailed to offer much of a clue as
to how much background you really need.
</BLOCKQUOTE>
<BLOCKQUOTE>
However, I'm writing a book on Linux Systems
Administration, and I have to put some discussion of
this somewhere in around chapter 12, so I might as
well try here.
</BLOCKQUOTE>
<BLOCKQUOTE>
"subnetting" is a means of dividing a block of IP
addresses into separately routable groups.  If you
are assigned a class C address block (255 addresses)
it often makes sense to subnet those in some way
that's appropriate to your LAN layout.
</BLOCKQUOTE>

<!-- interject 35.24 -->
<font color="#000066">
<BLOCKQUOTE><IMG SRC="../gx/dennis/bbub.gif" alt="(!)"
	HEIGHT="28" WIDTH="50" BORDER="0"
	>[Paul Anderson]
Also known as a <TT>/24</TT>, IIRC.  TTYL!
</BLOCKQUOTE>
<BLOCKQUOTE><em>Paul Anderson - Self-employed Megalomaniac
<br>Member of the Sarnia Linux User's Group
<A HREF="http://www.sar-net.com/slug">http://www.sar-net.com/slug</A>
</em></BLOCKQUOTE>
</font>
<!-- end interject 35.24 -->

<BLOCKQUOTE>
For example you might split the block (lets say it's
192.168.200.*) into two subnets of 126 hosts each.
We might assign half of them to an "external" or
"perimeter" segment (an ethernet segment that
contains all of our Internet visible hosts) while we
assign the other addresses to our "internal" LAN.
</BLOCKQUOTE>
<BLOCKQUOTE>
(Actually there are better ways to do that --- where
we use "private net" (RFC1918) addresses on all of our
internal LAN's --- and masquerading and/or proxying
for all Internet access and internetwork routing.
However, we'll ignore those methods for now).
</BLOCKQUOTE>
<BLOCKQUOTE>
To do this we use a "netmask" option on the 'ifconfig'
commands for each of the interfaces on our network.
We'll have to put a router between our two segments.
Conventionally primary routers are assigned the first
available address on their subnets.  So we'd assume
that we're using a Linux system with two ethernet
cards as our router.  This would use the following
commands to configure those two addresses:
</BLOCKQUOTE>
<blockquote><pre>		ifconfig  eth0 192.168.200.1 \
			netmask 255.255.255.128 \
			broadcast 192.168.200.127

		ifconfig  eth1 192.168.200.129 \
			netmask 255.255.255.128 \
			broadcast 192.168.200.255
</pre></blockquote><BLOCKQUOTE>
... note that the 129 address in our original block
becomes the first address in our upper subnet.  We
have subnetted into two blocks.  (None of this makes
sense unless you look at these numbers in binary).
</BLOCKQUOTE>
<BLOCKQUOTE>
For this to work we'll also have to configure
corresponding routes.  In the 2.0 kernels and earlier
it is/was necessary to do this as a separate
operation. In the 2.1 kernel a route is automatically
added for each 'ifconfig' command.  For our example
the routes would look like:
</BLOCKQUOTE>
<blockquote><pre>		route add -net 192.168.200.0 eth0
		route add -net 192.168.200.120 eth1
</pre></blockquote><BLOCKQUOTE>
... I'm assuming, in this case, that we also have an
ISP that has assigned this address block.  Actually my
examples are using addresses from RFC1918, these are
reserved for "private" or "non-Internet" use --- and
would never actually be issued by an ISP.  However,
they'll serve for our purposes.  Let's assume that you
had a simple PPP link to your ISP (or to some external
ISDN, xDSL, CSU/DSU or other ISP provided device which
is your connection point to them).  They might have
assigned one of their addresses to your border router,
or they might expect that you'll assign your .1
address to it.  Somewhere on their end they'll have a
route that looks something like:
</BLOCKQUOTE>
<blockquote><pre>		route add -net 192.168.200.0 gw 192.168.200.1
</pre></blockquote><BLOCKQUOTE>
This says that your router (.1) is the gateway (gw)
for that network (192.168.200.*).  Note that <EM>their</EM>
netmask for you is 255.255.255.0 --- their's differs
from your idea of your netmask.  That's because your
router will handle the routing internal to your LAN.
</BLOCKQUOTE>
<BLOCKQUOTE>
It might be the case that you have to assign your .1
address to your ppp0 interface, and perhaps your .2
address to eth0.  That won't affect any of what I've
said so far (other than the one digit in one of our
'ifconfig' commands).  All of our routes are the same.
</BLOCKQUOTE>
<BLOCKQUOTE>
In any event we'll want a default route to be active
on our router anytime our connection to the Internet
is up.  The hosts on either of our subnets can all
declare our router as their default route.  Thus all
of the hosts on the 192.168.200 subnet (2 through 126)
can use a command like:
</BLOCKQUOTE>
<blockquote><pre>		route add default gw 102.168.200.1
</pre></blockquote><BLOCKQUOTE>
... while all of the hosts on our upper subnet
(192.168.200.128 --- 129 through 254) would use:
</BLOCKQUOTE>
<blockquote><pre>		route add default gw 102.168.200.1
</pre></blockquote><BLOCKQUOTE>
Note that we can't use hosts numbered ...127 and
...255 in this example.  For each subnet we create we
"lose" two IP addresses.  One is for the "network
number" (offset zero from our subnet) and the other is
for the broadcast address (the last offset from our
network number for our subnet).
</BLOCKQUOTE>
<BLOCKQUOTE>
We can have routes to gateways other than our
"default."  For example if I had a more complicated
internetwork with a set of machines with addresses of
the form 172.16.*.* (another RFC1918 reserved block) I
could use a command like:
</BLOCKQUOTE>
<blockquote><pre>		route add -net 172.16.0.0 gw 192.168.200.5
</pre></blockquote><BLOCKQUOTE>
... to declare my local system (....5) as the gateway
to that whole block of Class B addresses.  Locally I
don't care how the 172.16.*.* addresses are subnetted
on their end.  I just send all of their packets to
their routers and those routers figure out the
details.  Of course if our .1/.129 router (from our
earlier examples) has this route, than all of our
other client systems on both 192.168.200 subnets could
just use their default route.  This might result in an
extra hope for the systems on the 192.168.200.0 lower
network (one to the .1 router, and another from there
to the .5 router).  However, it does centralize the
administration of our locate routing tables.
</BLOCKQUOTE>
<BLOCKQUOTE>
All of the routing that I've been describing is
"static" (I've using the 'route' command to establish
all of the routes).  Another option for larger and
more complicated networks is to use a dynamic routing
protocol, such as RIP.  To do that, we have to run the
'routed' or (better) the 'gated' command on each of
our routers.
</BLOCKQUOTE>
<BLOCKQUOTE>
In a typical leaf site (a LAN with only one router,
therefore only one route in or out) we only run
'routed' or 'gated' on the router.  All nonlocal
traffic has to go to that one router anyway.  In many
cases we want our routers to be "quiet" (to listen to
our routes, but not advertise any of their own).
There are options to the 'routed' and 'gated' commands
to do this.  As you get into the intricacies of
routing in larger environments, and of dynamically
maintaining routes (like ISP's must do for their
customers) you enter into some pretty specialized and
rarefied territory (and will fly past my level of
expertise).
</BLOCKQUOTE>
<BLOCKQUOTE>
Routing on the Internet is currently managed through
the BGP4 protocols, as implemented in 'gated' and
various dedicated router products like Cisco's IOS.
</BLOCKQUOTE>
<BLOCKQUOTE>
More about ' <TT>gated</TT> 'can be found at the Merit site:
</BLOCKQUOTE>
<BLOCKQUOTE>
<A HREF="http://www.gated.merit.edu/~gated">http://www.gated.merit.edu/~gated</A>
</BLOCKQUOTE>
<BLOCKQUOTE>
In order to participate in routing on the Internet (to
be a first tier ISP like UUNet, PSInet, etc) or to be
a truly "multi-homed" site (to optimally use feeds
from multiple ISP's concurrently) you'd have get an AS
(autonomous systems) number and "peer" with your
ISP's.  Because any mistake on your part can propaget
bogus routes to your peers --- which can cause
considerable disruption across the net --- this is all
way beyond the typical network administrator.
</BLOCKQUOTE>
<BLOCKQUOTE>
* (I'm told that the routing infrastructure
</BLOCKQUOTE>
<BLOCKQUOTE>
has been tightened up quite a bit in the
last of years.  Some of the great Internet
"blackouts" from '96 and '97 were caused
by erroneous route propations across the
backbone peers.  So now most of these sites
have configured their routers to only
accept appropriate routes from each peer.)
</BLOCKQUOTE>
<BLOCKQUOTE>
The subnet I've been describing is a "1-bit" subnet.
That is that we're only masking off one extra bit from
the default for our addressing class.  In other words,
the default mask for a Class C network block is
255.255.255.0 --- which is a decimal representation of
a 32-bit field where the first 24 bits are set to "1"
our subnet mask, represented in binary, would have the
first 25 bits set.  The next legal subnet would have
the first 26 bits set (which divides a Class C into
four subnets of 62 hosts each).  Beyond that we can
subnet to 27 bits (eight subnets of 30 hosts each), 28
bits (16 subnets of 14 hosts each), 29 bits (32
subnets of 6 each) and even 30 bits (64 subnets of 2
each).
</BLOCKQUOTE>
<BLOCKQUOTE>
So far as I know a 31 bit mask is useless.  A 32 bit
mask defines a point-to-point route.
</BLOCKQUOTE>
<BLOCKQUOTE>
Ultimately all these masks and subnets are used for
all routing decisions.  In a typical host with only
one interface the subnet mask is used only to
distinguish between "local" and "non-local" addresses.
</BLOCKQUOTE>
<BLOCKQUOTE>
For any destination IP address the host "masks off"
the trailing bits, and then compares the result to the
"masked off" versions of each local interface address.
If the the masks match then the address is local, and
the kernel (or other routing code) looks for a MAC
(media access control) or lower level (framing)
address.  If one isn't found an ARP (address
resolution protocol) transaction is performed where
the host broadcasts a message to the local LAN to ask
where it should set a locally destined packet.
</BLOCKQUOTE>
<BLOCKQUOTE>
If you have a bad subnet set on a host one of two
things can happen.  It might be unable to communicate
with the hosts on any other subnets (it thinks those
are local addresses and tries to do ARP's to find them
--- then it figures they must be down since there's
now response to the ARP requests).  It might also send
locally destined packets to the router (which should
bounce them back to the local net --- if the router is
properly configured).  Of course that might only work
if the bad subnet mask doesn't interfere with the
host's ability to get packets to it's gateway/router.
Obviously it's better to have your subnet masks
properly defined throughout.
</BLOCKQUOTE>
<BLOCKQUOTE>
If the address isn't local to any interface than the
routing code searches through its list of routes to
look for the "most specific" or "best" match.  If
there is a default route (pointing to a gateway) then
anything with no other match will get sent to that.
</BLOCKQUOTE>
<BLOCKQUOTE>
Obviously one of the constraints posed by this classic
routing and subnetting model is that you can only
subnet to a few even sized blocks.  We can't define
one block of 14 or 30 addresses (for our perimeter
net) have all of the rest routed to our larger
internal LAN segment.  Actually it is possible, with
some equipment, to do this.  That's called "variable
length subnetting" or VLSN sometimes called VLSM's for
VLS "masks").
</BLOCKQUOTE>
<BLOCKQUOTE>
RIP and the other old routing protocols (EGP, IGRP,
etc) don't support VLSN (from what I've read in the
Cisco FAQ).  However, the modern OSPF, BGP4, and EIGRP
protocols do.  Each routing table entry has it's own
independent mask or "prefix" number.
</BLOCKQUOTE>
<BLOCKQUOTE>
It appears that Linux can handle VLSN by simply
over-riding the netmask for a given network when
defining static routes.  Presumably packages like
'gated' can also provide the appropriate arguments
when updating the kernel's routing table, so long as
the route exchange protocol can provide it with the
requisite extra information.
</BLOCKQUOTE>
<BLOCKQUOTE>
Thus, going back to our example, you might configure
your 192.168.200 network into a block of 30 addresses
for the perimeter network (one eth0 in our example)
and put the rest unto the interior net (using eth0).
I'm just guesing here --- since I haven't actually
done this, but I guess that you'd define the netmasks
in the ifconfig command to be "255.255.255.0" (24
bit), while over-riding it in the routes with commands
like:
</BLOCKQUOTE>
<blockquote><pre>		route add -net 192.168.200.0 \
			netmask 255.255.255.224  eth0
		route add -net 192.168.200.0 \
			netmask 255.255.255.0	eth1
</pre></blockquote><BLOCKQUOTE>
At a glance this would appear to be ambiguous.  There
would seem to be two possible routes for some
addresses.  However, the routing rules handle it just
find.  One of the masks is longer than the other ---
and the "most specific" (longest mask) wins.
</BLOCKQUOTE>
<BLOCKQUOTE>
That's why we can have a host route (one without the
"-net" option) that over-rides any of our network
routes.  (It's mask is 32 bits long).  Note: although
I've shown these in order, most specific towards least
so --- it shouldn't matter what order you add the
routes in.
</BLOCKQUOTE>
<BLOCKQUOTE>
It's also possible for us to have these two subnets
separated from one another by intervening networks.  I
should be able to define a gateway to a subnet with a
command like:
</BLOCKQUOTE>
<blockquote><pre>		route add -net 192.168.200.0 \
			netmask 255.255.255.0 gw 172.17.2.1
</pre></blockquote><BLOCKQUOTE>
... where 172.17.2.1 is some host, somewhere, to which
I do have a valid route.
</BLOCKQUOTE>
<BLOCKQUOTE>
In any event I did hit Yahoo! to try and confirm that
Linux supports VLSN's.  I found a message from a
frustrated network manager who had prototyped a whole
network, testing it with Linux and depending on VLSN
support --- and then finding that Solaris 2.5 didn't
support them.  (That was in early '97 --- allegedly
2.6 has added this support and presumably the new
Solaris 7 also supports them).  I also know that the
route commands will actually add entries to your
routing table (I created some bogus routes on another
VC while I was writing this).  However, I don't have
time to set up a proper experiment to prove the point.
It appears that Linux has supported VLSN's for some
time.
</BLOCKQUOTE>
<BLOCKQUOTE>
Throughout this message I've talked about "classes" of
addresses.  These were classic categories into which
IPv4 addresses are cast which define the default
netmasks and addressing blocks for them.  For example
10.*.*.* is a Class A network.  (In fact it is the one
Class A address block that is reserved for private
network use in RFC1918 et al).  56.*.*.* is the Class
A network assigned to the United States Postal
Service, and 17.*.*.* is reserved for Apple Computing
Inc.  However, these classes are being phased out of
the Internet routing infrastructure through a process
called "supernetting" or CIDR (classless Internet
domain routing). Support for VLSN is a requirement for
CIDR. (That's a matter for your ISP or your ISP's NAP
-- network access point --- to worry about).
</BLOCKQUOTE>
<BLOCKQUOTE>
In the old days if you got a block of addresses and
you changed ISP's you'd take your addresses with you.
You new ISP would add your block of addresses to his
routing tables and propagate this route to his peers
and so on through the Internet routing chain.  The
problem was that this isn't scaleable.  The routing
tables were getting so big that the first tier routers
couldn't handle them.
</BLOCKQUOTE>
<BLOCKQUOTE>
So we started using CIDR. CIDR block is a large chunk
of addresses (32 Class C's minimum).  These are given
to NAP's and ISP's, and a single route, for the whole
block, is added to the top level routers.  The ISP
then subnets those and handles the routing locally.
Although addresses are now routed in a "classless"
manner --- we still talk about the addressing classes
in networking discussions.  It's convenient, though
sometimes not technically precise.
</BLOCKQUOTE>
<BLOCKQUOTE>
The main implication of this for most of us is that
you don't get "take your addresses with you" if you
change ISP's.  You can keep your domain name, of
course.  That's completely independent of the routing.
(Theoretically it's always been possible to have a
block of addresses with no associated DNS at all.  I
don't know anyone that does that --- but there isn't
any rule against it).
</BLOCKQUOTE>
<BLOCKQUOTE>
I said earlier that the "better" solution to your
internal network addressing is to use private network
addresses (per RFC1918) and use IP masquerading, NAT
(network address translation) or applications level
proxies at your borders for all of your client
Internet access.
</BLOCKQUOTE>
<BLOCKQUOTE>
In this model you only assign "real" IP addresses to
your publicly accessible servers.
</BLOCKQUOTE>
<BLOCKQUOTE>
This is "better" for several reasons.  First, you
conserve addresses.  You can have thousands of hosts
on your network and they can all access the Internet
using only one or a few "real" IP addresses.
</BLOCKQUOTE>
<BLOCKQUOTE>
This is particularly handy these days since ISP's
(feeling a bit of an addressing crunch themselves)
often charge premium rates for larger subnets. In the
"old days" you got a Class C or larger address block
for any dedicated Internet connection that you
established.  Now you usually get a subnet.  For the
xDSL line I just got into my office/home I got a
subnet of 30 addresses (255.255.255.224, or 27 bits
for the netmask).
</BLOCKQUOTE>
<BLOCKQUOTE>
So, you can use 192.168.x.* addresses for all/most of
your clients and reserve your "real" IP's for your
router, and your mail, web, FTP, DNS, proxy and other
servers (including any old-fashioned virtual web
hosting; newer HTTP 1.1 style web hosting doesn't
require an extra IP address and IP aliasing but
"virtual hosting" for most other protocols and
services does).
</BLOCKQUOTE>
<BLOCKQUOTE>
If you're really ambitous you could probably configure
a server with 'ipportfw' and/or 'ipautofw' (or
'ipmasqadm') to redirect each service on this list
through a masquerade to its own dedicated server(s).
I've heard that there's even a "load balancing" patch
to one of these port forwarders.  That would conserve
more addresses by making one system appear to be
running many services --- while allowing you to
isolate those services on their own systems for
security or load management reasons.
</BLOCKQUOTE>
<BLOCKQUOTE>
Another advantage of this model is that you can change
ISP's more readily.  For any network of more than
about five IP hosts, address renumbering is difficult
and expensive.  You want to avoid it.  Of course you
can use DHCP to make that easier --- but then you have
to carry around your DHCP infrasture, and you can only
imagine the disruption that this might still cause for
your internal servers.  I've known companies that were
very unhappy with their ISP but not quite mad enough
to shutdown their network for a week to renumber
(large novice userbase, small IS staff, mostly Windows
clients --- it's a real concern).
</BLOCKQUOTE>
<BLOCKQUOTE>
Yet another advantage relates to your network
security.  It is easier to enforce your network
policies and protect your internal systems if you
prevent direct routing into your internal LAN.  It is
much easier to ensure that a few machines (your
routers, proxy servers, and publicly accessible hosts)
are secure from known attacks (source routing, "ping
of death" and various things like nestea, boink,
land/latierra, etc) than to apply those patches to
<EM>every host on your network</EM>. (Indeed in many cases it
is not possible to apply necessary patches to some of
those hosts because they are running proprietary, or
"closed source" operating systems --- and you have to
wait for your vendor to make <EM>correct</EM> patches or
"service packs" available).
</BLOCKQUOTE>
<BLOCKQUOTE>
It is folly to think that no new attacks of this sort
will be discovered.  It is also usually futile to have
an unenforced policy that no insecure services be
allowed on internal systems.
</BLOCKQUOTE>
<BLOCKQUOTE>
So you should use IP masquerading and/or applications
proxying for most hosts on most networks.  Of course
you can use "real" IP addresses and still "hide" them
behind a firewall (any combination of packet filters,
and proxying can be called a 'firewall').  However,
there's no reason (at that point) to do so.
</BLOCKQUOTE>
<BLOCKQUOTE>
It should be noted that use of masquerading and/or
proxying will not inherently improve your security
overall security.  These are not a panacea.  If an
attacker can gain sufficient access to any of the
hosts that do have a valid route into your internal
LAN (such as the interior routers and/or proxy hosts)
or trick any such system into routing packets for them
(with source routing, for example) or embed hostile
code into any of the data streams that will be
executed by any of your systems ... if they can do any
of that then the firewall will just be a minor
nuisance to their other mischief.
</BLOCKQUOTE>
<BLOCKQUOTE>
Indeed using masquerading and proxying is a bit of a
nuisance.  It's an extra step in configuring your
systems, and you'll probably still occasionally bump
into some new or obscure protocol that can't be easily
proxied or masqueraded.  Luckily, as the number of
sites that <EM>must</EM> use firewalls increases (the
percentage of "directly routable clients" decreases)
the programmers and groups that design these protocols
and tools becomes more aware of the problem and less
likely to implement them in problematic ways.
</BLOCKQUOTE>
<BLOCKQUOTE>
One aspect of this that is a bit confusing is that you
can put multiple subnets and IP address blocks on a
single ethernet segment.
</BLOCKQUOTE>
<BLOCKQUOTE>
For example, a few years ago I was the admin of a
large site which had established permanent connections
to three ISP's.  They had not yet applied for an AS
number and were not "peering" with those ISP's.  So
they were assigning addresses to different groups of
computers from all three ISP's (about eight different
Class C addresses).  However, they used a VLAN
architecture internally.  (That --- and the fact that
they were using direct routing to clients --- was
counter to my recommendations; but I was just a lowly
"junior" netadmin, so they didn't listen, until much
later --- after I'd left).
</BLOCKQUOTE>
<BLOCKQUOTE>
So they had a flat internal topology and some routing
problems (their senior netadmin didn't know how to
trick the Ciscos into this using static routes and we
didn't use IP RIP or anything like internally).  I
used IP aliases on a Linux box and defined the static
routes there.  Under current versions of Linux you can
use IP aliases in your route commands:
</BLOCKQUOTE>
<blockquote><pre>		ifconfig  eth0 192.168.200.1 \
			netmask 255.255.255.0

		ifconfig  eth0:1 192.168.100.1 \
			netmask 255.255.255.0

		route add -net 192.168.200.0 eth0
		route add -net 192.168.100.0 eth0:1
</pre></blockquote><BLOCKQUOTE>
... here I've route the 200 net to eth0, the 100 net
to eth0:1 (a "sub-interface" or IP alias), and added
routes to each.
</BLOCKQUOTE>
<BLOCKQUOTE>
Under the newer (2.1.x) kernels this works a little
differently --- you just use the device name without
the aliasing suffix in the route command.  In other
words the ifconfig commands would the be same, the
first route command would be unecessary (its added
automatically) and the second route command would just
refer to eth0 --- not eth0:1.
</BLOCKQUOTE>
<BLOCKQUOTE>
This may look a bit odd.  (It certainly did to me at
the time).  You clients on the 100 network are sending
their 200-net destined packets to this host which is
then resending them over the same LAN segments back to
destinations on the 200 net and vice versa.  I still
think its a stupid way to do it --- but it worked.  I
personally think that VLAN's are a bad idea --- and
they seem to have been a kludge to deal with overgrown
clusters of NetBIOS/NetBEUI (MS Windows) boxes that
were too braindead to talk IP.
</BLOCKQUOTE>
<BLOCKQUOTE>
One thing I haven't covered in this (extremely long)
discussion is "proxyarp."  This is a technique to
allow one system to accept IP packets for other
systems without changing the subnet masks and/or
routes for the rest of the segment.  It's most often
used with PPP or SLIP dial-up lines --- though I've
seen examples posted to newsgroups that were done
between ethernet segments.
</BLOCKQUOTE>
<BLOCKQUOTE>
Basically, the proxyarp host will respond to ARP
requests IP addresses that are not assigned to any of
it's interfaces, and.  The proxyarp host needs a valid
route to the proxied IP address --- but other systems
will consider it to be a "local" address (local to
their LAN segment).  Obviously the address to be
proxied must be valid for one of the subnet masks on
the "local side."
</BLOCKQUOTE>
<BLOCKQUOTE>
I'm sure this is all very confusing.  So I'll give a
simple example:
</BLOCKQUOTE>
<BLOCKQUOTE>
I might have a host on 192.168.200 net with its own
address of 192.168.200.13 (eth0).  I might also have a
system connected to that system's ppp0 port --- and
that might be configured to use 192.168.200.44.  When
any of the systems on my LAN (eth0) have packets for
192.168.200.44 (which is local to them according to
their subnet masks and routing tables) they perform an
ARP (or search their ARP cache, of cours).  My system
(listening on 192.168.200.13) responds with its
ethernet MAC address.  So the localhost hosts and
routers send those packets to me.  (So far as they are
concerned that's just another IP alias of mine).
</BLOCKQUOTE>
<BLOCKQUOTE>
When I (.13) get this packet I find that it is NOT an
alias of mine, but I have a valid route to it (over my
ppp0 interface) so I forward it.  The .44 system
presumably has it's ppp0 interface configured as the
default route and certainly has 192.168.200.0 routed
to it's ppp0 --- so any packets to my (.13's) ethernet
LAN get routed, too.  Note that I (the .13 host) don't
have to publish routes to .44.  The routers and other
hosts on the 200 LAN don't know or care whether I
really <EM>am</EM> .44 --- just that IP packets for .44 can
be encapsulated in data frames addressed to my
ethernet card, where I'll deal with them <EM>as though</EM>
it were my address (so far as they know).
</BLOCKQUOTE>
<BLOCKQUOTE>
I realize it's a bit confusing.  I've probably
over-simplified in a few areas and probably gotten
some of this completely wrong (corrections gratefully
accepted).  However, that's the basics of routing and
subnetting.
</BLOCKQUOTE>
<BLOCKQUOTE>
One of these days I really should read Comer's
&quot;Internetworking With Tcp/Ip : Principles, Protocols,
and Architecture Vol 1&quot; which I've heard is
essentially the TCP/IP bible.  However, I've had
Christian Huitema's &quot;Routing in the Internet" (a 300
page text book on routing) sitting next to my desk for
about a year --- and Comer's book is much larger and
not to hand.
</BLOCKQUOTE>
<BLOCKQUOTE>
So, in answer to your original question:
</BLOCKQUOTE>
<BLOCKQUOTE>
You divide a group of systems into subnets by
assigning them addresses that lie within valid
groupings of your address blocks, and creating routes
to those blocks.  Most of this is done with the
'ifconfig' command's "netmask" option and with
appropriate 'route' commands (if you're using static
routes).
</BLOCKQUOTE>
<BLOCKQUOTE>
(Any other readers want to tell me how 'routed' and
'gated' get their routes?  I guess that you still add
static routes for your local nets and the local daemon
picks them up and publishes/propagates them via
broadcasts and their own router discovery mechanisms).
</BLOCKQUOTE>

<!-- end 35.26 -->

<hr width="40%" align="center">

<H3 align="left"><img src="../gx/dennis/qbubble.gif" height="50" width="60"
	  alt="(?) " border="0">Subnetting and Routing 101 (continued)</H3>
<H4 ALIGN="center">Some examples and tables</H4>


<p><strong>From Pavel Plankov on Fri, 20 Nov 1998  
	L.U.S.T List </strong></p>
<!-- begin 35.21 -->
<P><STRONG><IMG SRC="../gx/dennis/qbub.gif" ALT="(?)"
	HEIGHT="28" WIDTH="50" BORDER="0"
	>
Thank you, that was very informative, but could you be more
specific about "masking off" For example I have a 62.200.34 net,
how can I subnet it?
</STRONG></P>
<P><STRONG>
...the only thing I am sure about is that 62.200.34.0/24 - is the
C subnet.  the quote at the bottom sounds rather vague %)
</STRONG></P>
<BLOCKQUOTE><IMG SRC="../gx/dennis/bbub.gif" alt="(!)"
	HEIGHT="28" WIDTH="50" BORDER="0"
	>
The subnet I've been describing is a "1-bit" subnet.
That is that we're only masking off one extra bit from
the default for our addressing class.  In other words,
the default mask for a Class C network block is
255.255.255.0 --- which is a decimal representation of
a 32-bit field where the first 24 bits are set to "1"
our subnet mask, represented in binary, would have the
first 25 bits set.  The next legal subnet would have
the first 26 bits set (which divides a Class C into
four subnets of 62 hosts each).  Beyond that we can
subnet to 27 bits (eight subnets of 30 hosts each), 28
bits (16 subnets of 14 hosts each), 29 bits (32
subnets of 6 each) and even 30 bits (64 subnets of 2
each).
</BLOCKQUOTE>
<BLOCKQUOTE>
Any Class C (or 8 bit network) can be subnet
into the following combinations:
</BLOCKQUOTE>
<blockquote><pre>	    1  subnetwork of    254 hosts	(255.255.255.0)/24
	    2  subnetworks of   126 hosts each  (255.255.255.128)/25
	    4  subnetworks of    62 hosts each  (255.255.255.192)/26
	    8  subnetworks of    30 hosts each  (255.255.255.224)/27
	   16  subnetworks of    14 hosts each  (255.255.255.240)/28
	   32  subnetworks of     6 hosts each  (255.255.255.248)/29
	   64  subnetworks of     2 hosts each  (255.255.255.252)/30
</pre></blockquote><BLOCKQUOTE>
... or (from what I gather) it can be treated as a set
of 254 separate point-to-point links.  A subnet
consisting of a network number and a broadcast
address is absurd -- so we don't have "128 nets of 0
hosts each" with a mask ending it 254).
</BLOCKQUOTE>
<BLOCKQUOTE>
Notice that I've specified the netmask and the
number of network bits in the last column of this
table.
</BLOCKQUOTE>
<BLOCKQUOTE>
So.  Let's say I didn't have this table.  (I didn't
when I started this message).  So I want to find all of
the valid netmasks on an eight bit network.  I start
the 'bc' command (big calculator --- it's a multi-precision
"calculations shell" and scripting language that's included
with most versions of Unix and Linux).  I issue the
following commands:
</BLOCKQUOTE>
<blockquote><pre>		ibase=2
		10000000
		11000000
		11100000
		11110000
		11111000
		11111100
</pre></blockquote><BLOCKQUOTE>
This sets the input base to 2 (binary), leaving the
output base at the default (decimal).  Then, entering
each of these binary numbers (note that this is
every combination of 8 bits with anywhere from one to
six leading one's and a corresponding number of
trailing zeros.  All (modern) legal netmasks have this
property.  As each of these numbers is entered, 'bc'
spits out the decimal equivalent:
</BLOCKQUOTE>
<blockquote><pre>		128 192 224 240 248 252
</pre></blockquote><BLOCKQUOTE>
... which matches my table -- these are the valid
ways to subnet on 8 bits.  (Actually I memorized those
along time ago --- but hopefully this makes it clear
where they came from).
</BLOCKQUOTE>
<BLOCKQUOTE>
For "classic" subnetting, you pick any one of these
entries.  You then divide your network that number of
segments (2, 4, 8, etc) with up to the corresponding
hosts per segment (126, 62, 30, etc), and you use the
corresponding netmask in the 'ifconfig' commands for
<EM>all</EM> hosts on that network.  'route add -net' commands
will default to following the chosen netmask.
</BLOCKQUOTE>
<BLOCKQUOTE>
VSLN (variable length subnetting) is a little more
confusing, so we won't cover it at this point.
</BLOCKQUOTE>
<BLOCKQUOTE>
Given that we've chosen a subnetting paradigm (one
line from this table) we now have to figure out what
the valid network number, broadcast addresses, and
range of host IP addresses are within each subnet.
</BLOCKQUOTE>
<BLOCKQUOTE>
We could have a table for each of these.  This would
take too much space (actually it's about 128 lines
long plus headers, etc).  So, I'll give an example
of the .224 netmask used to created 8 subnets.
</BLOCKQUOTE>
<BLOCKQUOTE>
For all of these the netmask would be 255.255.255.224 (as
listed in our previous table).  The three prefix octets would
be same in all cases (62.200.34 in your example).
</BLOCKQUOTE>
<BLOCKQUOTE>
Here's our networks:
</BLOCKQUOTE>
<blockquote><pre>	    8  subnetworks of    30 hosts each  (255.255.255.224)

	   net#		broadcast	Hosts:	low	high
	     0		   31			  1	 30
	    32		   63			 33	 62
	    64		   95			 65	 94
	    96		  127			 97	126
	   128		  159			129	158
	   160		  191			161	190
	   192		  223			193	222
	   224		  255			225	254
</pre></blockquote><BLOCKQUOTE>
... I think I got all those right (I just made up that
table).  It should be fairly obvious that the networks
begin every 32 IP's between 0 and 256.   The rest of the
table is constructed by adding or subtracting one from
the current or next network number or the by subtracting
one from the broacast address.
</BLOCKQUOTE>
<BLOCKQUOTE>
The lowest permitted host number in every subnet
is that network's number <EM>plus</EM> one.
</BLOCKQUOTE>
<BLOCKQUOTE>
The broadcast address for any subnet is the network
number of the NEXT network <EM>minus</EM> one.
</BLOCKQUOTE>
<BLOCKQUOTE>
The highest allowed host address on a subnet is
the broadcast number <EM>minus</EM> one.
</BLOCKQUOTE>
<BLOCKQUOTE>
So, your fourth subnet on this table would be
62.200.34.96/27.  You're netmask would be
255.255.255.224 (as I said before), and the
broadcast for <EM>this</EM> subnet would be 62.200.34.127.
</BLOCKQUOTE>
<BLOCKQUOTE>
In other words, all of the hosts from 62.200.34.97
through 62.200.34.126 would use the 62.200.34.127
address for ARP requests and other broadcasts.
Those from ...161 to ...190 would use the .191
address for their broadcasts.  They'd be on the
...160 subnet.
</BLOCKQUOTE>
<BLOCKQUOTE>
I'll do another one for comparison:
</BLOCKQUOTE>
<blockquote><pre>	   16  subnetworks of    14 hosts each  (255.255.255.240)/28

	   net#		broadcast	Hosts:	low	high
	     0		   15			  1	 14
	    16		   31			 17	 30
	    32		   47			 33	 46
	    48		   63			 49	 62
	    64		   79			 65	 78
	    80		   95			 81	 94
	    96		  111			 97	110
	   112		  127			113	126
	   128		  143			129	142
	   144		  159			145	158
	   160		  175			161	174
	   176		  191			177	190
	   192		  207			193	206
	   208		  223			209	222
	   224		  239			225	238
	   240		  255			241	254
</pre></blockquote><BLOCKQUOTE>
... That table is twice as long (obviously) and the number is it
"look weird" However, it should be obvious where these number
came from.  Start with zero can keep adding 16 until we get to
256 to get the first column.  Those are the network numbers.
256 can't <EM>be</EM> a network number.  To get the second column we
add fifteen to the network number (or we subtract one from the
next network's number -- which is the network number on the
<EM>next</EM> line).  To get the third column we add one to the network
number.  To get the last column we subtract one from the
broadcast number (the second column).
</BLOCKQUOTE>
<BLOCKQUOTE>
I'll include one last table because it's shorter than
the others:
</BLOCKQUOTE>
<blockquote><pre>	    4  subnetworks of    62 hosts each  (255.255.255.192)/26

	   net#		broadcast	Hosts:	low	high
	     0		   63			  1	 62
	    64		  127			 65	126
	   128		  191			129	190
	   192		  255			193	254
</pre></blockquote><BLOCKQUOTE>
... I really hope this one comes as no surprise.
</BLOCKQUOTE>
<BLOCKQUOTE>
From here I would hope that you'd be able to generate the larger
tables of 32 and 64 subnets if you were insane enough to use
those.  (The only organizations I know of that subnet that way
are ISP's).  I could write a perl script to generate subnet
tables like these in far less time than this message took to
write.
</BLOCKQUOTE>
<BLOCKQUOTE>
Now, if you wanted to use VLSN, to create one small subnet and
one larger one, I guess you'd pick a block of addresses,
suitable for any of these subnets --- reserving the whole block
(from the network# through the broadcast) and only assigning
those in the range (from the low to high numbers).  Those would
be a subnet.  You'd construct your route for that subnet, and
put one of those addresses (the low or the high usually) unto
one of your interfaces, and point your route (with its
netmask override) to that interface.  You'd put the rest of
your network unto another interface with a broader route
(one with fewer network bits in the netmask) to that.
</BLOCKQUOTE>
<BLOCKQUOTE>
Example:
</BLOCKQUOTE>
<BLOCKQUOTE>
Let's put a 14 host subnet on our perimeter
and hide the rest of our hosts behind our
router (with packet filters):
</BLOCKQUOTE>
<BLOCKQUOTE>
We'll arbitrarily choose the first available
14 host subnet (from our table above).  This
should make it easier to remember which
hosts are "outside" and which ones are
available for assignment "inside"
</BLOCKQUOTE>
<BLOCKQUOTE>
So we assign eth1 an address of 14 (the
highest available address in this block ---
I'm assuming that .1 is already in use by
another router on that subnet, and we give
eth0 (the interface to our internal network)
an address of .17 (the first available
address that's <EM>after</EM> our subnet).  Then
we set that up like so:
</BLOCKQUOTE>
<blockquote><pre>		  ifconfig eth1 62.200.34.14 \
		     netmask 255.255.255.240 broadcast 62.200.34.15

		   route add -net 62.200.34.0 \
			netmask 255.255.255.240   eth1

		   ifconfig eth0 62.200.34.17 \
		      netmask 255.255.255.0 broadcast 62.200.34.255

		   route add -net 62.200.34.0 \
			netmask 255.255.255.0   eth0
</pre></blockquote><BLOCKQUOTE>
I haven't actually done VLSN.  However I think this
would work.  One important consideration about this
would be that every internal system would have to
know about this first route (the one with the .240
netmask).
</BLOCKQUOTE>
<BLOCKQUOTE>
They could have this as a static route, or it could
be propagated to them via some routing protocol (I'm
not sure if RIP can handle that --- I think there
was a RIPv2 that could --- while RIP would have to
propagate this as a list of 14 host routes rather
than a subnet route --- or some silly thing like
that).
</BLOCKQUOTE>
<BLOCKQUOTE>
The other thing that we'd have to be sure of is that
we didn't use any of these subnet addresses inside
of our domain.  That includes the network number and
the broadcast address.  By choosing the <EM>first</EM>
subnet for my example I cheated.  You'd never try to
assign the .0 address <EM>anyway</EM>.  However, if you'd
picked a subnet from somewhere in the middle of your
address range --- everything should work.  It
would just be more confusing.
</BLOCKQUOTE>
<BLOCKQUOTE>
Notice that I also skipped .16 (which would be the
"next" network number if we were to use two of these
subnets --- while leaving the rest on one segment.
This should be unnecessary.  However, I'd avoid
assigning it an address just in case I need to add
the additional small subnet later.
</BLOCKQUOTE>
<BLOCKQUOTE>
Actually if you wanted to use a sophisticated
address allocation strategy, to minimize the
disruption that would be caused by most future
subnetting strategies you could limit yourself
to assigning addresses from the following groups:
</BLOCKQUOTE>
<BLOCKQUOTE>
1-14, 17-30, 33-46, 49-62, 65-78, 81-94, 97-110,
113-126, 129-142, 145-158, 161-174, 177-190,
193-206, 209-222, 225-238, 241-254
</BLOCKQUOTE>
<BLOCKQUOTE>
... or better yet:
</BLOCKQUOTE>
<BLOCKQUOTE>
2-13, 18-29, 34-45, 50-61, 66-77, 82-93, 98-109, etc
</BLOCKQUOTE>
<BLOCKQUOTE>
... so that you're not issuing the possible network
numbers, broadcast numbers, and first or last
addresses in each of your possible subnets.
</BLOCKQUOTE>
<BLOCKQUOTE>
Using this strategy you could start with a flat
topology and later break it into anywhere from two
to sixteen classic subnets or split off VLSN's (and
add/propagate appropriate routes to them).
</BLOCKQUOTE>
<BLOCKQUOTE>
As I've said, this sort of obtuse allocation
strategy isn't necessary for most of us these days
because we can use private net (RFC1918) addresses
for our internal networks.
</BLOCKQUOTE>
<BLOCKQUOTE>
However, if you're going to use direct routable
addresses in your domain --- following this
allocation schedule might actually help (and can't
really hurt if you simply prepare the list ahead of
time).
</BLOCKQUOTE>
<BLOCKQUOTE>
It's possible to define some netmasks that aren't on
even octet boundaries.  For example the RFC1918 group
of Class B addresses is 172.16.*.* through 172.31.*.*.
That can be described with the address/mask 172.16.0.0/12
(which you could then then subnet into various ways).
</BLOCKQUOTE>
<BLOCKQUOTE>
Most sane people reduce that ugliness to a "known"
problem for which we've already described a solution.
They treat these as a large group of Class C addresses
and do all their network design based on those.  The
RFC1918 addresses: 192.168.x.* (for x from 0 to 255) is
usually described as 255 contiguous class C address blocks.
However, there is nothing prevent us from using this as a
single 16-bit network (192.168.0.0/16).
</BLOCKQUOTE>
<BLOCKQUOTE>
The only case where I've used these notations is when I'm
writing a set of packet filters.  I customary add the
following four address masks to the source deny lists
on perimeter routers:
</BLOCKQUOTE>
<BLOCKQUOTE>
10.0.0.0/8
127.0.0.0/8
172.16.0.0/12
192.168.0.0/16
</BLOCKQUOTE>
<BLOCKQUOTE>
These are denied in both directions.
</BLOCKQUOTE>
<BLOCKQUOTE>
The outbound denials are "anti-leakage."  We shouldn't be
sending any packets onto the Internet which claim to be from
these IP addresses.  They are "non-routable" on the open
Internet.  So, any that "try" to get out are either a
mistake (they were supposed to go through masquerading or
network address translations --- NAT), or they are hostile
actions possibly by users on our networks or by some
subverted services or hosts (something's been "tricked" into
it).
</BLOCKQUOTE>
<BLOCKQUOTE>
The inbound denials are part of an anti-spoofing screen.
No legal packet should get to us from any of these addresses
(there should be no legal route back to any such host over
the Internet).
</BLOCKQUOTE>
<BLOCKQUOTE>
The 127.* filtering is also interesting.  If I actually
allowed packets through my router that claimed to be
from "localhost" I might find that some services on some
hosts could be exploited using it.
</BLOCKQUOTE>
<BLOCKQUOTE>
I've heard of such packets being referred to as "martians."
However, I'm not sure if the term is supposed to apply just
to packets that claim a 127.* source address or to any
of these "bad boys."
</BLOCKQUOTE>
<BLOCKQUOTE>
To complete our anti-spoofing we also want to deny any
inbound packets that claim to be from any of our real IP
addresses.  Thus you'd want to add a rule to deny
62.200.34.0/24.  All of the hosts which are legitimately
assigned any of those IP addresses should already be inside
your network perimeter --- none should be traversing the
inbound interface on any of your border routers.  I might
add a rule to block:  214.185.47.32/27 if I was given
the second 30 host subnet on the 214.185.47.0 network (for
example).
</BLOCKQUOTE>
<BLOCKQUOTE>
Anti-spoofing gives us considerable protection from
a variety of exploits.  It really doesn't leave us
"secure" --- IP ADDRESSES AND DNS HOSTNAMES ARE NOT
AUTHENTICATION CREDENTIALS!  However it limits the
exploits that can be mounted from outside of our
network.  That's why you should ideal have sets of
anti-spoofing packet filters at your border (between
the Internet and your perimeter network) and at your
interior router (between your internal and your
permimeter networks).
</BLOCKQUOTE>
<BLOCKQUOTE>
In some organizations you may also want to have
anti-spoofing between your internal client networks
and your "sanctum" of servers.
</BLOCKQUOTE>
<BLOCKQUOTE>
In addition to the anti-spoofing rules it's a good
idea to add a couple of rules to limit some
known-to-be-bogus <EM>destinations</EM> (Thus far we've
only been discussing packet filtering policies based
on source addresses).
</BLOCKQUOTE>
<BLOCKQUOTE>
I suggest that any of your local "real" IP addresses
that translate into network or broadcast numbers for
your network topology should be forbidden as
destinations.  These extra rules may seem
unnecessary --- but there have been "denial of
service" exploits that used these sorts of addresses
to create packet storms and disrupt your networks.
(A few broadcast packets that get in can cause
reponses from all or most of your active hosts).
</BLOCKQUOTE>
<BLOCKQUOTE>
So you should at least add: $YOURNET.0 and
$YOURNET.255 to your denied destinations list (where
these are the network number and broadcast for your
block of assigned addresses.
</BLOCKQUOTE>
<BLOCKQUOTE>
No one outside your domain has any business
addressing packets to your whole network.  If you
are subnetted in other ways --- you'd face the
possibility that some attacker might try sending to
$YOURSUBNET.31, etc.  However, this is probably just
not such a big problem.  If you use IP masquerading
and/or proxying for all or most of your client hosts
(as I recommended in my last post) you won't see any
of that anyway.  Meanwhile, how much do you need to
subnet your banks of servers (in most cases, not
much).
</BLOCKQUOTE>
<P><STRONG><IMG SRC="../gx/dennis/qbub.gif" ALT="(?)"
	HEIGHT="28" WIDTH="50" BORDER="0"
	>
Thanx in advance.
<br>Pavel Piankov
</STRONG></P>
<BLOCKQUOTE><IMG SRC="../gx/dennis/bbub.gif" alt="(!)"
	HEIGHT="28" WIDTH="50" BORDER="0"
	>
Gosh I hope that helps.  I also hope I haven't bored the
rest of the list too much with this.  I simply don't
know of a way to describe subnetting and routing more
concisely than this.  If you really understand what I've
written in these two messages --- you can probably get a
job as a junior netadmin.
</BLOCKQUOTE>

<!-- end 35.21 -->
<!--     .~~.~~.~~.~~.~~.~~.~~.~~.~~.~~.~~.~~.~~.~~.~~.~~.~~.~~.     -->
<A NAME="tag/b"><HR WIDTH="75%" ALIGN="center"></A>

<H3 align="left"><img src="../gx/dennis/qbubble.gif" height="50" width="60"
	  alt="(?) " border="0">No STREAMS Error while Installing Netware for Linux</H3>


<p><strong>From Sean McMurray  on Tue, 17 Nov 1998  
</strong></p>
<!-- begin 35.20 -->
<P><STRONG>
I'm trying to install <A HREF="http://www.caldera.com/">Caldera</A> Netware for Linux on Redhat 5.1.
Following the instructions from
<A HREF="ftp://ftp.caldea.com/pub/netware/INSTALL.redhat">ftp://ftp.caldea.com/pub/netware/INSTALL.redhat</A>,
I get to Step 5 under "Downloading the Files."
</STRONG></P>
<BLOCKQUOTE><IMG SRC="../gx/dennis/bbub.gif" alt="(!)"
	HEIGHT="28" WIDTH="50" BORDER="0"
	>
Well, I haven't played with this yet, since I don't
have any Netware client systems around here.  (Maybe
one of these days I'll fire up one of my old XT's to
use for clients).
</BLOCKQUOTE>
<P><STRONG><IMG SRC="../gx/dennis/qbub.gif" ALT="(?)"
	HEIGHT="28" WIDTH="50" BORDER="0"
	>
When I type in rpm -i kernel-2_0_35-1nw_i386.rpm, I get the
following error:
</STRONG></P>
<P><STRONG>
ln: boot/vmlinuz-2.0.35-1nw-streams: No such file or directory
</STRONG></P>
<P><STRONG>
Can you tell me why? More importantly, can you tell me how to fix it?
</STRONG></P>
<BLOCKQUOTE><IMG SRC="../gx/dennis/bbub.gif" alt="(!)"
	HEIGHT="28" WIDTH="50" BORDER="0"
	>
Well, the Netware for Linux requires a kernel with
STREAMS and IPX patches built into it.
</BLOCKQUOTE>
<BLOCKQUOTE>
STREAMS is an alternative to BSD sockets.  It's a
programming model for communications within a Unix or
other kernel --- between the applications interfaces
and the devices.  The Linux kernel core team has soundly
reject suggestions that Linux adopt a STREAMS networking
model for its native internal interfaces and we won't
go into their reasoning here.  (I'm inclined to agree with
them on this issue in any event.)
</BLOCKQUOTE>
<BLOCKQUOTE>
So, this error suggests that the 'ln' command (creates
hard and symbolic links) can't find the '<TT>/boot/vmlinuz...</TT>'
files to which it refers.
</BLOCKQUOTE>
<BLOCKQUOTE>
One trick to try is to view the contents of the rpm
file using 'mc' (Midnight Commander).  Just bring up
'mc', select the RPM file with your cursor keys and
highlight bar, and hit [Enter].  That will treat the
RPM file as a "virtual directory" and allow you to
view and manually extract the contents.  Look in
RPM:/boot for the kernel file --- also look for the
README files.
</BLOCKQUOTE>
<BLOCKQUOTE>
I've occasionally manually extracted the files from
an RPM and just put them in place myself.  Then I read
through any scripts that and docs contained therein
to see what <EM>should have been done</EM> by the rpm system.
(Usually this sort of dodge is only necessary when
doing piecemeal upgrades to the rpm package itself).
</BLOCKQUOTE>
<BLOCKQUOTE>
There are other times when I have to resort to
'rpm -i --force --nodeps ...' to get things to work.
</BLOCKQUOTE>
<BLOCKQUOTE>
Note that this kernel may not support you hardware
configuration (that's one reason why many Linux users
build custom kernels).  So you may have to find and
install the kernel source patches and build your own
--- or at least build a set of modules that match
that version.
</BLOCKQUOTE>
<BLOCKQUOTE>
Probably your best bet would be to subscribe to the
caldera-netware mailing list.  Look to Liszt to
help find specific mailing lists and newsgroups:
</BLOCKQUOTE>
<blockquote><pre>    Liszt: caldera-netware
    http://www.liszt.com/cgi-bin\
	/start.lcgi?list=caldera-netware&amp;server=majordomo@rim.caldera.com
</pre></blockquote>
<!-- end 35.20 -->

<hr width="40%" align="center">

<H3 align="left"><img src="../gx/dennis/qbubble.gif" height="50" width="60"
	  alt="(?) " border="0">No STREAMS Error while Installing Netware for Linux</H3>


<p><strong>From Sean McMurray  on Wed, 18 Nov 1998  
</strong></p>
<!-- begin 35.25 -->
<P><STRONG>
Jim Dennis wrote:
</STRONG></P>
<P><STRONG><FONT COLOR="#000099"><EM>
<BR>&gt;When I type in rpm -i kernel-2_0_35-1nw_i386.rpm, I get the
<BR>&gt;following error:
<BR>&gt;ln: boot/vmlinuz-2.0.35-1nw-streams: No such file or directory
<BR>&gt;Can you tell me why? More importantly, can you tell me how to fix it?
</EM></FONT></STRONG></P>
<P><STRONG><FONT COLOR="#000066"><EM>
Well, the Netware for Linux requires a kernel with
STREAMS and IPX patches built into it.
</EM></FONT></STRONG></P>
<P><STRONG>
Shouldn't it be included in <A HREF="http://www.caldera.com/">Caldera</A>'s RPMs then. It seems that the first they
their install does is try to build a new kernel.Also, does the fact that
ncpfs is built in indicate that the STREAMS and IPX patches already exist -
the IPX patches, anyway?&lt;clipped&gt;
</STRONG></P>
<BLOCKQUOTE><IMG SRC="../gx/dennis/bbub.gif" alt="(!)"
	HEIGHT="28" WIDTH="50" BORDER="0"
	>
It is.  That's what that kernel is saying.
However it seems that the <TT>/boot</TT> directory isn't there
(my to 'mkdir' that) and, for some reason, your 'rpm'
command isn't or can't make it.  (If you do have a
<TT>/boot</TT> directory --- maybe you've used 'chattr +i' to
make it immutable.  Maybe you have a file named <TT>/boot</TT>
so that a directory can't be made by that name.  Who
knows?).
</BLOCKQUOTE>
<P><STRONG><IMG SRC="../gx/dennis/qbub.gif" ALT="(?)"
	HEIGHT="28" WIDTH="50" BORDER="0"
	>
Midnight Commander won't open the RPMs on my system, but I
executed rpm -qpl kernel-2_0_35-1nw_i386.rpm &gt; dump.txt
to get a listing. The <TT>/boot</TT> files are:
/boot/WHATSIN-2.0.35-1nw
/boot/vmlinuz-2.0.35-1nw
</STRONG></P>
<P><STRONG>
The only files with the word stream in the title is
/lib/modules/2.0.35-1nw/misc/streams.o
</STRONG></P>
<BLOCKQUOTE><IMG SRC="../gx/dennis/bbub.gif" alt="(!)"
	HEIGHT="28" WIDTH="50" BORDER="0"
	>
... that would be the STREAMS loadable kernel module.
The other support and IPX patches are compiled into that
kernel, and the FAQ tells you how to build a kernel to match
the shipping one (close enough to load the requisite modules
and route/utilize the IPX protocols anyway).
</BLOCKQUOTE>
<P><STRONG><FONT COLOR="#000066"><EM><IMG SRC="../gx/dennis/qbub.gif" ALT="(?)"
	HEIGHT="28" WIDTH="50" BORDER="0"
	>
There are other times when I have to resort to
'rpm -i --force --nodeps ...' to get things to work.
</EM></FONT></STRONG></P>
<P><STRONG>
I tried to rpm -e kernel-2_0_35-1nw_i386.rpm, but rpm says that it
isn't installed.
</STRONG></P>
<BLOCKQUOTE><IMG SRC="../gx/dennis/bbub.gif" alt="(!)"
	HEIGHT="28" WIDTH="50" BORDER="0"
	>
That tries to "erase" (uninstall) that package --- except
that you have to use the package's name not the package
*file's* name.  kernel-2.0.35-1nw is probably the package
name.  The filename is independent of that, though it
is conventionally similar.
</BLOCKQUOTE>
<BLOCKQUOTE>
You can use the 'rpm -qpi' command to extract information
about the RPM file including the package name.
</BLOCKQUOTE>
<BLOCKQUOTE>
In general the -i and -p options to 'rpm' refer to
<EM>file</EM> while others refer to "packages."
</BLOCKQUOTE>
<BLOCKQUOTE>
If you issued the command 'rpm -ql foo-1.2.3-bang'
RPM would list all of the files that are "owned by" the
foo-1.2.3-bang package.  If you issue the command
'rpm -qpl foo-1.2.3-bang.i386.rpm' then the command would
list all of the file in that package <EM>file</EM>.  If (by some
chance) you had a different implementation of the same
package these two lists might differ.
</BLOCKQUOTE>
<BLOCKQUOTE>
(That's a minor problem with the RPM system --- there's no
central naming authority on package naming and versioning so
you can have differences between, for example, the
<A HREF="http://www.suse.com/">S.u.S.E.</A> and <A HREF="http://www.redhat.com/">Red Hat</A> packages, with some differences in
dependencies --- etc.  Actually it's a rather major pain in
the patootie when you're a S.u.S.E. user and you keep
getting packages that are contributed to the Red Hat site.
However, it's still usually easier than building them from
tarballs and the "right" answer for me is probably for me to
learn enough about <EM>building</EM> my own RPM's that I can grap
the source RPM packages and modify them to fit.  The "right"
answer for Red Hat and S.u.S.E. and Caldera is to make their
packages as compatable with one another as possible ---
particularly with regards to dependences and provision
identification).
</BLOCKQUOTE>
<P><STRONG><IMG SRC="../gx/dennis/qbub.gif" ALT="(?)"
	HEIGHT="28" WIDTH="50" BORDER="0"
	>
So I tried to rpm -e kernel-2_0_35-1nw_i386.rpm again, but rpm says it's
already installed
</STRONG></P>
<BLOCKQUOTE><IMG SRC="../gx/dennis/bbub.gif" alt="(!)"
	HEIGHT="28" WIDTH="50" BORDER="0"
	>
That sounds wrong.  Are you sure you typed exactly that?
</BLOCKQUOTE>
<P><STRONG><IMG SRC="../gx/dennis/qbub.gif" ALT="(?)"
	HEIGHT="28" WIDTH="50" BORDER="0"
	>
I don't know rpm (or Linux) well enough to trust not hosing my
kernel. I guess it's not that big of deal. I can just re-install
RH5.1 from scratch.
</STRONG></P>
<BLOCKQUOTE><IMG SRC="../gx/dennis/bbub.gif" alt="(!)"
	HEIGHT="28" WIDTH="50" BORDER="0"
	>
After awhile building and installing new kernels will seem
as routine and editing an old DOS CONFIG.SYS file (though
you probably won't do anywhere near as often.
</BLOCKQUOTE>
<P><STRONG><FONT COLOR="#000066"><EM><IMG SRC="../gx/dennis/qbub.gif" ALT="(?)"
	HEIGHT="28" WIDTH="50" BORDER="0"
	>
Probably your best bet would be to subscribe to the
caldera-netware mailing list.
</EM></FONT></STRONG></P>
<P><STRONG>
I'm subscribed, but impatient.
Thank you for your help.
</STRONG></P>
<BLOCKQUOTE><IMG SRC="../gx/dennis/bbub.gif" alt="(!)"
	HEIGHT="28" WIDTH="50" BORDER="0"
	>
I'd manually extract the kernel file from that RPM
file, put it in the <TT>/boot/</TT> directory, edit your
<TT>/etc/lilo.conf</TT> file, run the <TT>/sbin/lilo</TT> command and
try to reboot.  Search through the old back issues
of LG to read many messages about how LILO works --
or just read the HOWTO at:
</BLOCKQUOTE>
<BLOCKQUOTE>
<A HREF="http://www.ssc.com/linux/LDP/HOWTO/mini/LILO.html">http://www.ssc.com/linux/LDP/HOWTO/mini/LILO.html</A>
</BLOCKQUOTE>
<BLOCKQUOTE>
(... and other LDP mirrors all over).
</BLOCKQUOTE>
<BLOCKQUOTE>
Naturally you'll want to leave an entry for your existing
(working) kernel so that you can reboot into that if this
Caldera supplied kernel is inappropriate for your system.
You'll also want to prepare a boot/root (rescue) diskette.
Although one (image) comes with each Red Hat distribution
I personally prefer Tom Oehser's "rtbt" (a full mini
distribution on a single floppy --- with a suite of Unix
tools sufficient to do most networking and rescue
operations).  You can find that at:
</BLOCKQUOTE>
<BLOCKQUOTE>
<A HREF="http://www.toms.net/rb">http://www.toms.net/rb</A>
</BLOCKQUOTE>

<!-- end 35.25 -->
<!--     .~~.~~.~~.~~.~~.~~.~~.~~.~~.~~.~~.~~.~~.~~.~~.~~.~~.~~.     -->
<A NAME="tag/c"><HR WIDTH="75%" ALIGN="center"></A>
<H3 align="left"><img src="../gx/dennis/qbubble.gif" height="50" width="60"
	  alt="(?) " border="0">More than 8 loopfs Mounts?</H3>


<p><strong>From Philippe Thibault  on Fri, 20 Nov 1998  
</strong></p>
<!-- begin 35.22 -->
<P><STRONG>
I've setup an image easily enough and mounted it with the iso9660 file
system and asigned it to one of my loop devices. It works fine. What I
was wondering was, can I add more than the eight loops devices in my dev
directory and how so. What I'm trying to do is share these CD images
through SMB services to a group of Win 95 machines.
Is what I'm trying to do feasable or possible.
</STRONG></P>
<BLOCKQUOTE><IMG SRC="../gx/dennis/bbub.gif" alt="(!)"
	HEIGHT="28" WIDTH="50" BORDER="0"
	>
Good question.  You probably need to patch the kernel in
addition to making the additional block device nodes.
So my first stab is, look in:
</BLOCKQUOTE>
<BLOCKQUOTE><BLOCKQUOTE><code>
/usr/src/linux/drivers/block/loop.c
</code></BLOCKQUOTE></BLOCKQUOTE>
<BLOCKQUOTE>
There I find a <tt>#define</tt> around line 50 that looks like:
</BLOCKQUOTE>
<blockquote><pre>		#define MAX_LOOP 8
</pre></blockquote><BLOCKQUOTE>
.... (lucky guess, with filename completion to help).
</BLOCKQUOTE>
<BLOCKQUOTE>
So, the obvious first experiment is to bump that up,
recompile, make some additional <TT>loop*</TT> nodes under
the <TT>/dev/</TT> directory and try to use them.
</BLOCKQUOTE>
<BLOCKQUOTE>
To make the additional nodes just use:
</BLOCKQUOTE>
<blockquote><pre>		for i in 8 9 10 11 12 13 14 15; do
			mknod  /dev/loop$i b 7 $i; done
</pre></blockquote><BLOCKQUOTE>
I don't know if there are any interdependencies between the
MAX_LOOP limit and any other kernel structures or variables.
However, it's fairly unlikely (Ted T'so, the author of
'<tt>loop.c</tt>' hopefully would have commented on such a thing).
It's easier to do the experiment than to fuss over the
possibility.
</BLOCKQUOTE>
<BLOCKQUOTE>
In any event I doubt you'd want to push that value much
beyond 16 or 32 (I don't know what the '<tt>mount</tt>' maximums are
--- and I don't feel like digging those up too).  However,
doing a test with that set to 60 or 100 is still a pretty
low-risk and inexpensive affair (on a non-production server,
or over a weekend when you're sure you have a good backup
and plenty of time).
</BLOCKQUOTE>
<BLOCKQUOTE>
So, try that and let us know how it goes.  (Ain't 
<a href="http://www.opensource.org/">open source (tm)</a> great!)
</BLOCKQUOTE>
<BLOCKQUOTE>
Of course you might find that a couple of SCSI controllers
and about 15 or 30 SCSI CD-ROM drives (mostly in external
SCSI cases) could be built for about what you'd be spending
in the 16 Gig of diskspace that you're devoting to this.
(Especially if you can find a cachet of old 2X CD drives for
sale somewhere).
</BLOCKQUOTE>

<!-- end 35.22 -->
<!--     .~~.~~.~~.~~.~~.~~.~~.~~.~~.~~.~~.~~.~~.~~.~~.~~.~~.~~.     -->
<A NAME="tag/1"><HR WIDTH="75%" ALIGN="center"></A>
<!-- begin 1 -->
<H3 align="left"><img src="../gx/dennis/qbubble.gif" height="50" width="60"
	  alt="(?) " border="0">
EQL Serial Line "Load Balancing"
</H3>


<p><strong>From Jim Kjorlaug  on Mon, 30 Nov 1998  
</strong></p>
<!-- ::
EQL Serial Line "Load Balancing"
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
:: -->
<BLOCKQUOTE>

</BLOCKQUOTE>
<P><STRONG><IMG SRC="../gx/dennis/qbub.gif" ALT="(?)"
	HEIGHT="28" WIDTH="50" BORDER="0"
	>
I live in an area where ISDN services have been promised but no
delivered.  I had read a howto for EQL but can no longer find the
documention on this method of ganging two modems together.  Can
you please let me know where I can find the source for this and
the howto.
</STRONG></P>
<P><STRONG>
Thanks for any help you can offer.
<br>Jim Kjorlaug
</STRONG></P>
<P><STRONG>

</STRONG></P>
<BLOCKQUOTE><IMG SRC="../gx/dennis/bbub.gif" alt="(!)"
	HEIGHT="28" WIDTH="50" BORDER="0"
	>
The README.eql (EQL Driver: Serial IP Load Balancing HOWTO)
by Simon "Guru Aleph-Null" Janes 
(<A HREF="mailto:simon@ncm.com">simon@ncm.com</A>)
doesn't seem to be in the LDP HOWTO Index.  However it
is included with the Linux kernel sources under
</BLOCKQUOTE>
<BLOCKQUOTE><BLOCKQUOTE><CODE>
.../drivers/net/README.eql
</CODE></BLOCKQUOTE></BLOCKQUOTE>
<BLOCKQUOTE>
... so that's probably your best bet.  Naturally
the sources to the driver are also included
therein.  This README doesn't appear to have been
updated since 1995.
</BLOCKQUOTE>
<BLOCKQUOTE>
Note that this requires support from your ISP.  In
other words, to use EQL to effectively double you
bandwidth, you need support for the same version of
EQL load balancing at each end of the connection.
Most ISP's are likely to be somewhat averse to this
prospect (or to charge extra) since you'll be taking
up two of their modems while connected over EQL.
</BLOCKQUOTE>
<BLOCKQUOTE>
Another thing to consider is the difference between
latency and bandwidth.  Bandwidth refers to the
amount of data that can be transmitted over a communications
channel in a given amount of time.  Latency refers to
the propagation delay --- the amount of time before
the first bits get to one end or the other of the channel.
</BLOCKQUOTE>
<BLOCKQUOTE>
EQL can provide more bandwidth.  However modem latency
is pretty high and nothing can improve that within
the constraints of the current standards.
</BLOCKQUOTE>
<!-- sig -->

<!-- end 1 -->
<!--     .~~.~~.~~.~~.~~.~~.~~.~~.~~.~~.~~.~~.~~.~~.~~.~~.~~.~~.     -->
<A NAME="tag/2"><HR WIDTH="75%" ALIGN="center"></A>
<!-- begin 2 -->
<H3 align="left"><img src="../gx/dennis/qbubble.gif" height="50" width="60"
	  alt="(?) " border="0">
Where to Report Bugs and Send Patches
</H3>


<p><strong>From Elwood C. Downey  on Mon, 30 Nov 1998  
</strong></p>
<!-- ::
Where to Report Bugs and Send Patches
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
:: -->
<P><STRONG><IMG SRC="../gx/dennis/qbub.gif" ALT="(?)"
	HEIGHT="28" WIDTH="50" BORDER="0"
	>
Hello,
</STRONG></P>
<P><STRONG>
I have found (and believe fixed) a bug in gcc libc, version
2.7.2.3 related to handling of daylight savings time and
timezones. I would like to know exactly to whom I should send the
report so it gets into the correct hands asap. Part of my
confusion is gcc vs the new egcs (or whatever the new one is). I
happen to be running <A HREF="http://www.redhat.com/">Red Hat</A> 5.1 
if that matters.
</STRONG></P>
<P><STRONG>
Thanks,
<br>Elwood Downey
<br>President/Chief Programmer
<br>Clear Sky Institute, Inc.
</STRONG></P>

<BLOCKQUOTE><IMG SRC="../gx/dennis/bbub.gif" alt="(!)"
	HEIGHT="28" WIDTH="50" BORDER="0"
	>
One of the &quot;dirty little secrets&quot; of FSF/GNU documentation
is that "they" have an official bias against 'man' pages.
If you look at the 'gcc' man pages you'll find that they
refer you to the "Info" (or "Texinfo" pages) and list
the man pages as non-authoritative, deprecated, unmaintained
etc.
</BLOCKQUOTE>
<BLOCKQUOTE>
'Info' is a hypertext documentation system which is
<EM>nothing</EM> like HTML.  The easiest way to access them for
this case would be to issue the command:
</BLOCKQUOTE>

<BLOCKQUOTE> <BLOCKQUOTE> <CODE>
info gcc
</CODE> </BLOCKQUOTE> </BLOCKQUOTE>

<BLOCKQUOTE>
There we'll find a node/link labeled "Bugs::" and
following that will provide us with some guidelines
for reporting problems.  I'll refer you to those
pages so that you'll get the full details rather
than just an @ddress.
</BLOCKQUOTE>
<BLOCKQUOTE>
Since 2.8.1 is the current version from the
Free Software Foundation 
(<A HREF="http://www.gnu.org">http://www.gnu.org</A>) you
might encounter some resistance to accepting patches
for 2.7.x at this point.   Their maintainers
may refer you to the more recent version.  You might
want to try the <A HREF="http://www.debian.org/">Debian</A> package, 
which might include patches that update the GNU version.
</BLOCKQUOTE>
<BLOCKQUOTE>
According to the Debian site 
(<A HREF="http://www.debian.org">http://www.debian.org</A>)
the maintainer for the Debian GCC package
is Galen Hazelwood.  You can use '<tt>alien</tt>' to
to convert among RPM (Red Hat et al), Debian, SLP
(Stampede Linux Packages) and Slackage package formats.
</BLOCKQUOTE>
<BLOCKQUOTE>
Note that <tt>egcs</tt> is a spinoff of the GCC development.
</BLOCKQUOTE>

<!-- sig -->

<!-- end 2 -->
<!--     .~~.~~.~~.~~.~~.~~.~~.~~.~~.~~.~~.~~.~~.~~.~~.~~.~~.~~.     -->
<A NAME="tag/3"><HR WIDTH="75%" ALIGN="center"></A>
<!-- begin 3 -->
<H3 align="left"><img src="../gx/dennis/qbubble.gif" height="50" width="60"
	  alt="(?) " border="0">
How to "get into" an Linux system from a Microsoft client
</H3>


<p><strong>From WRB  on Mon, 30 Nov 1998  
</strong></p>
<!-- ::
How to "get into" an Linux system from a Microsoft client
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
:: -->
<BLOCKQUOTE>

</BLOCKQUOTE>
<P><STRONG><IMG SRC="../gx/dennis/qbub.gif" ALT="(?)"
	HEIGHT="28" WIDTH="50" BORDER="0"
	>
I know you don't like questions concerning Brand X (w95 and nt40),
however, I am a NEWBEEEEE to RedHat Linux (5.1) and I don't know
where to go for this answer.  Over my internal network, when I try
to get into the RedHat (5.1) machine using Brand X (nt40 SP4), I
get the message "\\computer4 is not accessible" "the account is
not authorized to log in from this station" I don't have a problem
with the other Brand X product (W95 OSR2.1), it goes right in.  I
have no problems with FTP or TELNET with either of the Brand X
machines.  Without getting tooooo condescending, is this a Brand X
problem or is it a RedHat (5.1) issue?
</STRONG></P>

<P><STRONG>
Thanks for your help
<br>Ron Botzen
</STRONG></P>
<BLOCKQUOTE><IMG SRC="../gx/dennis/bbub.gif" alt="(!)"
	HEIGHT="28" WIDTH="50" BORDER="0"
	>
The big problem here is with the phrase "get into."
</BLOCKQUOTE>
<BLOCKQUOTE>
By this you seem to mean "share files on my 
<A HREF="http://www.redhat.com/">Red Hat</A>
(Linux) system from on of my MS Windows clients"
or "make my Linux system a file server to my MS Windows
clients."
</BLOCKQUOTE>
<BLOCKQUOTE>
My clue that this is your intent is from the syntax
&quot;\\computer4&quot; is an SMB UNC (so-called "universal naming
convention") designation which is used for file and
print services over the SMB protocols (server message
block).
</BLOCKQUOTE>
<BLOCKQUOTE>
Samba is the Unix/Linux package that provides SMB
services to your MS Windows, OS/2, and similar clients.
Also Linux supports an '<tt>smbfs</tt>' module and '<tt>smbmount</tt>'
command to allow it to act as a client in an SMB network.
</BLOCKQUOTE>
<BLOCKQUOTE>
So, install the Samba package from your RH CD set,
and read the docs therefrom.  For the latest information
on Samba go to:
</BLOCKQUOTE>

<BLOCKQUOTE> <BLOCKQUOTE> <CODE>
<A HREF="http://samba.anu.edu.au/samba/samba.html"
	>http://samba.anu.edu.au/samba/samba.html</A>
</CODE> </BLOCKQUOTE> </BLOCKQUOTE>

<BLOCKQUOTE>
(or one of its mirrors).
</BLOCKQUOTE>

<!-- sig -->

<!-- end 3 -->
<!--     .~~.~~.~~.~~.~~.~~.~~.~~.~~.~~.~~.~~.~~.~~.~~.~~.~~.~~.     -->
<A NAME="tag/4"><HR WIDTH="75%" ALIGN="center"></A>
<!-- begin 4 -->
<H3 align="left"><img src="../gx/dennis/qbubble.gif" height="50" width="60"
	  alt="(?) " border="0">
Where to Put New and Supplemental Packages
</H3>


<p><strong>From Lew Pitcher  on Tue, 01 Dec 1998  
</strong></p>
<!-- ::
Where to Put New and Supplemental Packages
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
:: -->
<P><STRONG><IMG SRC="../gx/dennis/qbub.gif" ALT="(?)"
	HEIGHT="28" WIDTH="50" BORDER="0"
	>
Hello from the Great White North.
</STRONG></P>
<P><STRONG>
A few months ago, I installed the <A HREF="http://www.slackware.org/">Slackware</A> 3.3 distribution on a
second-hand 486 system, and upgraded the kernel to the (then current)
2.0.35 level.
</STRONG></P>
<P><STRONG>
I've been slowly accumulating packages (like Smail and iBCS) that I'd
like to put up on this machine, and have a question about the placement
of package installs. Given that I've acquired a system-level package
with source code, where in the file system should I install it?
</STRONG></P>
<P><STRONG>
From inspection, it looks like I've got several alternatives...
<TT>/usr/src</TT> looks like the obvious place to start, but <TT>/usr/local</TT>
also looks good. Do the Linux FileSystem Standards specify a place
to put packages? If not, do you have a recommendation in this regard?
</STRONG></P>
<P><STRONG>

</STRONG></P>
<BLOCKQUOTE><IMG SRC="../gx/dennis/bbub.gif" alt="(!)"
	HEIGHT="28" WIDTH="50" BORDER="0"
	>
The Linux FHS (File Hierarchy Standard --- the descendent
of the FSSTND --- filesystem standard) does have guidelines
for system administrators and distribution developers and
maintainers.
</BLOCKQUOTE>
<BLOCKQUOTE>
I would say that the latter groups (those who produce and
maintain general purpose distributions and packages) should
be strongly encouraged (nigh on required) to follow these
conventions.  Sysadmins should be encouraged to follow them
to the degree that makes sense for their site.  Home users
can do whatever the heck they like.
</BLOCKQUOTE>
<BLOCKQUOTE>
I suggest '<TT>/usr/local/</TT>' for normal freeware packages that
I install from tarball and compile myself.  For commercial
packages that are distributed as binaries I recommend
'<TT>/opt</TT>' (which is, in my case, a link to '<TT>/usr/local/opt</TT>').
</BLOCKQUOTE>
<BLOCKQUOTE>
One of my continuing gripes about <A HREF="http://www.redhat.com/">Red Hat</A> and <A HREF="http://www.debian.org/">Debian</A> is
that there is no easy way for me to "partition" my
packages such that all packages installed or updated
after the initial OS/program load (IPL) default to
installation on '<TT>/usr/local</TT>'.  This, and the fact that
I sometimes have a perfectly legitimate reason for
concurrently maintaining two or more versions of a given
package are my main gripes about those package management
tools.
</BLOCKQUOTE>
<BLOCKQUOTE>
The canonical home of the FHS seems to be:
</BLOCKQUOTE>

<BLOCKQUOTE>
<DL><DT>Filesystem Hierarchy Standard
  <DD><A HREF="http://www.pathname.com/fhs">http://www.pathname.com/fhs</A>
</DL>
</BLOCKQUOTE>

<P><STRONG><IMG SRC="../gx/dennis/qbub.gif" ALT="(?)"
	HEIGHT="28" WIDTH="50" BORDER="0"
	>
Thanks in advance for the advice.
</STRONG></P>
<BLOCKQUOTE><IMG SRC="../gx/dennis/bbub.gif" alt="(!)"
	HEIGHT="28" WIDTH="50" BORDER="0"
	>
You're welcome.
</BLOCKQUOTE>
<BLOCKQUOTE>

</BLOCKQUOTE>
<P><STRONG><IMG SRC="../gx/dennis/qbub.gif" ALT="(?)"
	HEIGHT="28" WIDTH="50" BORDER="0"
	>
Lew Pitcher        
<br>Joat-in-training   
<br><em>If everyone has an angle, why are most of them so obtuse?</em>
</STRONG></P>
<BLOCKQUOTE><IMG SRC="../gx/dennis/bbub.gif" alt="(!)"
	HEIGHT="28" WIDTH="50" BORDER="0"
	>
Shouldn't that be JOAT (jack of all trades)?
</BLOCKQUOTE>
<BLOCKQUOTE>

</BLOCKQUOTE>
<!-- sig --><BLOCKQUOTE>

</BLOCKQUOTE>

<!-- end 4 -->
<!--     .~~.~~.~~.~~.~~.~~.~~.~~.~~.~~.~~.~~.~~.~~.~~.~~.~~.~~.     -->
<A NAME="tag/5"><HR WIDTH="75%" ALIGN="center"></A>
<!-- begin 5 -->
<H3 align="left"><img src="../gx/dennis/qbubble.gif" height="50" width="60"
	  alt="(?) " border="0">
Book: Linux Systems Administration
</H3>


<p><strong>From Jim Buchanan  on Tue, 01 Dec 1998  
</strong></p>
<!-- ::
Book: Linux Systems Administration
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
:: -->
<P><STRONG><FONT COLOR="#000066"><EM><IMG SRC="../gx/dennis/qbub.gif" ALT="(?)"
	HEIGHT="28" WIDTH="50" BORDER="0"
	>
I hope to finish my book real soon now.
</EM></FONT></STRONG></P>
<P><STRONG>
Let us know when it's done. I'll surely order a copy.
</STRONG></P>
<BLOCKQUOTE><IMG SRC="../gx/dennis/bbub.gif" alt="(!)"
	HEIGHT="28" WIDTH="50" BORDER="0"
	>
I'll do my best to promote it without getting crass.
</BLOCKQUOTE>
<P><STRONG><FONT COLOR="#000066"><EM><IMG SRC="../gx/dennis/qbub.gif" ALT="(?)"
	HEIGHT="28" WIDTH="50" BORDER="0"
	>
Aeleen Frisch's </em>Essential System Administration<em>
<br></em>Unix System Administrator's Handbook<em> by Evi Nemeth et al
</EM></FONT></STRONG></P>

<P><STRONG>
Some real competition. I certainly wish you well, such a book would be
a valuable addition to the many other Linux books available.
</STRONG></P>
<BLOCKQUOTE><IMG SRC="../gx/dennis/bbub.gif" alt="(!)"
	HEIGHT="28" WIDTH="50" BORDER="0"
	>
I'm focusing a bit more on "soft skills" like
requirements analysis, recovery and capacity planning,
the view that security considerations permeate all
aspects of professional systems administration, and
the design of whole networks rather than isolated
hosts.
</BLOCKQUOTE>
<BLOCKQUOTE>
These are elements that seem to be missing from the existing
literature.
</BLOCKQUOTE>
<P><STRONG><FONT COLOR="#000066"><EM><IMG SRC="../gx/dennis/qbub.gif" ALT="(?)"
	HEIGHT="28" WIDTH="50" BORDER="0"
	>
Macmillan Computer Publishing:
</EM></FONT></STRONG></P>
<P><STRONG>
The Macmillan folks are really nice people. They host our local LUG,
INLUC (Indiana Linux Users Consortium, <A HREF="http://inluc.tctc.com">http://inluc.tctc.com</A>)
</STRONG></P>
<BLOCKQUOTE><IMG SRC="../gx/dennis/bbub.gif" alt="(!)"
	HEIGHT="28" WIDTH="50" BORDER="0"
	>
My editor mentioned something along those lines.
</BLOCKQUOTE>
<P><STRONG><IMG SRC="../gx/dennis/qbub.gif" ALT="(?)"
	HEIGHT="28" WIDTH="50" BORDER="0"
	>
If you ever make a trip to the Indiana Macmillan offices, maybe we can
arrange the date so that you can come to one of our meetings, which
are usually held on the third Wednesday of the month.
</STRONG></P>
<P><STRONG>
Jim Buchanan
</STRONG></P>
<BLOCKQUOTE><IMG SRC="../gx/dennis/bbub.gif" alt="(!)"
	HEIGHT="28" WIDTH="50" BORDER="0"
	>
If I can afford it I'll do a full tour.
</BLOCKQUOTE>
<BLOCKQUOTE>
Thanks for your supportive comments.  Now all I have to
do is get the thing done!
</BLOCKQUOTE>
<!-- sig -->
<!-- end 5 -->
<!--     .~~.~~.~~.~~.~~.~~.~~.~~.~~.~~.~~.~~.~~.~~.~~.~~.~~.~~.     -->
<A NAME="tag/6"><HR WIDTH="75%" ALIGN="center"></A>
<!-- begin 6 -->
<H3 align="left"><img src="../gx/dennis/qbubble.gif" height="50" width="60"
	  alt="(?) " border="0">
'ls' Doesn't work for FTP Site
</H3>


<p><strong>From Reuel Q. Salamatin  on Tue, 01 Dec 1998  
</strong></p>
<!-- ::
'ls' Doesn't work for FTP Site
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
:: -->
<P><STRONG><IMG SRC="../gx/dennis/qbub.gif" ALT="(?)"
	HEIGHT="28" WIDTH="50" BORDER="0"
	>
Mr. James T. Dennis,
</STRONG></P>

<P><STRONG>
I am so happy to have known that you are available to anwer
Linux questions.  I have tried emailing persons I found
from how-to files and documentations about ftp, but as of
yet, got no answers.
</STRONG></P>
<P><STRONG>
Here's my problem.  Our ftp site doesn't seem to support the
ls command.
</STRONG></P>

<P><STRONG>
Usually, upon log-in, or with a browser it should display
directory listings. Now it worked just like that before.  But now,
it doesn't.  I don't actually remember how it came about to be
like that.
</STRONG></P>

<P><STRONG>
I have followed instructions listed on the ftpd man page,
about making a copy of the ls command on the bin directory of
ftp home.  I did just that but still no directory listing
output.  I was wondering what else could have gone wrong.
</STRONG></P>
<P><STRONG>
Thank you even now in anticipation of your response.
</STRONG></P>

<P><STRONG>
Sincerely yours,
<br>Mr. Roland Reuel Q. Salamatin
</STRONG></P>

<BLOCKQUOTE><IMG SRC="../gx/dennis/bbub.gif" alt="(!)"
	HEIGHT="28" WIDTH="50" BORDER="0"
	>
Assuming that you're using one of the traditional FTP
servers (daemons) such as the BSD derived one, or
WU-FTPD (which has been the default on most Linux
distributions for several years), this probably
relates to one of three problems.  All have to do
with the 'chroot' jail in which anonymous FTP (and
the "guestgroups" from WU-FTP) operate.
</BLOCKQUOTE>
<BLOCKQUOTE>
The idea here is that we've tried to minimize the risks to
your system that are associated with having untrusted
parties (anonymous and guest FTP users) accessing your
directories.  So we set up a psuedo "root" directory and
issue the '<tt>chroot()</tt>' system call to "lock the 
process into a directory."
</BLOCKQUOTE>
<BLOCKQUOTE>
On problem with this approach is that most Unix/Linux
programs need access to files like '<TT>/etc/passwd</TT>' and
'<TT>/etc/group</TT>' (to map the numeric ownership codes that are
stored in the inodes of file and directories to the
associated names and groups.  Also most modern programs
(dynamically linked ELF binaries) require access to
'<TT>/dev/zero</TT>' (a psuedo-device) for fairly obtuse reasons that
amount to "because that's the way they work."
</BLOCKQUOTE>
<BLOCKQUOTE>
So we need to build a skeletal copy/shadow of the system's
directory structure to support this.  That must contain
at least the following files:
</BLOCKQUOTE>

<BLOCKQUOTE>
<ul>
<li>'ls' binary in the [chroot]/usr/bin
<li>Fake 'passwd' and 'group' files for [chroot]/etc
<li>A copy of (or hard link to) <TT>/dev/zero</TT> and <TT>/dev/null</TT>
under [chroot]/dev/
<li>(Possibly) copies of any shared libraries to
which your copy of 'ls' is linked.
</ul>
</BLOCKQUOTE>

<BLOCKQUOTE>
(You can compile a statically linked '<TT>ls</TT>' or you
can use the '<tt>ldd</tt>' command to get a list of
the required shared libraries).
</BLOCKQUOTE>

<BLOCKQUOTE>
Another option is to replace the BSD or WU ftp daemon with
Mike Gleason's '<tt>ncftpd</tt>', or with ProFTPD which both have
built-in static '<tt>ls</tt>' support.
</BLOCKQUOTE>
<BLOCKQUOTE>
'<tt>ncftpd</tt>' is not free.  It is shareware and can be registered
for about $200 for a high volume server (more than 50
concurrent users) or ~$40 for a smaller server.  Mike
Gleason continues to support and release the best FTP
<EM>client</EM> for free. There is also a free "personal use"
option (upto 3 concurrent users).  You can find out more:
</BLOCKQUOTE>

<BLOCKQUOTE> <BLOCKQUOTE> <CODE>
<A HREF="http://www.ncftp.com">http://www.ncftp.com</A>
</CODE> </BLOCKQUOTE> </BLOCKQUOTE>

<BLOCKQUOTE>
Of the FTP daemons that I've tried, '<tt>ncftpd</tt>' was the easiest
to set up and definitely the easiest to configure.  It also
supports "virtual FTP hosting" (where one host appears to be
several different FTP servers, each with different directory
structures and separate user lists).  My only
complaint was that this server doesn't seem to like being
dynamically loaded from '<tt>inetd</tt>' (unlike the normal ftp
daemons --- but more like '<tt>sendmail</tt>' and most web servers).
</BLOCKQUOTE>
<BLOCKQUOTE>
ProFTPD is under the GPL.  I know know the author's name
and it may be a whole team that's worked on it.
</BLOCKQUOTE>

<BLOCKQUOTE> <BLOCKQUOTE> <CODE>
<A HREF="http://www.proftpd.org">http://www.proftpd.org</A>
</CODE> </BLOCKQUOTE> </BLOCKQUOTE>

<BLOCKQUOTE>
I have yet to try this one.  However it looks very ambitious
--- and might appeal to <A HREF="http://www.apache.org/">Apache</A> 
webmasters in particular.  The configuration files and directives are 
intentionally set to match or resemble Apache configuration options
wherever possible.
</BLOCKQUOTE>
<BLOCKQUOTE>
From what I've read the original author started working on a
security audit and patch set to WU-FTPD and gave up.  He
then wrote the whole thing from scratch.
</BLOCKQUOTE>
<BLOCKQUOTE>
So, I hope that helps.  Naturally you could just fuss with
the existing ftp daemon and "get it to work."  Alternatively
either of these replacements might be much better for your
needs --- and considerably easier, as well.
</BLOCKQUOTE>
<BLOCKQUOTE>
If not then there are a few other choices:
</BLOCKQUOTE>

<BLOCKQUOTE>
<DL><DT>BeroFTPD:
   <DD><tt><A HREF="ftp://ftp.aachen.linux.de/pub/BeroFTPD"
		>ftp://ftp.aachen.linux.de/pub/BeroFTPD</A></tt>
	<br>This is a WU-FTPD derivative.

   <DT>Troll Tech FTP Daemon:
   <DD><tt><A HREF="http://www.troll.no/freebies/ftpd.html"
		>http://www.troll.no/freebies/ftpd.html</A></tt>
	<br>Troll Tech is the publisher of the Qt libraries on which 
		<A HREF="http://www.kde.org/">KDE</A> is built.

   <DT>anonftpd
   <DD><tt><A HREF="ftp://koobera.math.uic.edu/www/anonftpd.html"
		>ftp://koobera.math.uic.edu/www/anonftpd.html</A></tt>
	<br>by D.J Bernstein (author of qmail) --- very
		lightweight FTP daemon, purely for read-only
		anonymous access.  (Doesn't support normal user
		or "guest" accounts).  Main focus is on security
		and low memory footprint.
</dl>
</BLOCKQUOTE>
<BLOCKQUOTE>
... and I'm sure we could find many others.
</BLOCKQUOTE>

<!-- sig -->

<!-- end 6 -->
<!--     .~~.~~.~~.~~.~~.~~.~~.~~.~~.~~.~~.~~.~~.~~.~~.~~.~~.~~.     -->
<A NAME="tag/7"><HR WIDTH="75%" ALIGN="center"></A>
<!-- begin 7 -->
<H3 align="left"><img src="../gx/dennis/qbubble.gif" height="50" width="60"
	  alt="(?) " border="0">
An Anthropologist Asks About the Linux "Process"
</H3>


<p><strong>From donald.braman on Mon, 23 Nov 1998  
</strong></p>
<!-- ::
An Anthropologist Asks About the Linux "Process"
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
:: -->
<P><STRONG><IMG SRC="../gx/dennis/qbub.gif" ALT="(?)"
	HEIGHT="28" WIDTH="50" BORDER="0"
	>
I don't know if you cover non-technical questions, but here goes...
</STRONG></P>
<BLOCKQUOTE><IMG SRC="../gx/dennis/bbub.gif" alt="(!)"
	HEIGHT="28" WIDTH="50" BORDER="0"
	>
Then you haven't read enough of the back issues.
</BLOCKQUOTE>
<BLOCKQUOTE>
I babble about all sorts of things and have even been
know to respond to questions that have NOTHING to do
with Linux.  (Usually those responses are less than
cordial --- but hey, you can have answers that are
good, courteous, quick, and/or free (pick any three)).
</BLOCKQUOTE>
<BLOCKQUOTE>

</BLOCKQUOTE>
<P><STRONG><IMG SRC="../gx/dennis/qbub.gif" ALT="(?)"
	HEIGHT="28" WIDTH="50" BORDER="0"
	>
I'm interested in finding a summary of the process by which LINUX
is maintained and updated.
</STRONG></P>
<P><STRONG>
Where is Linus in the LINUX community and loose organizational
structure, and how does he decide what to do with all of the stuff
he get? (I always see "Linus just released kernel 2.xxx"
messages.)
</STRONG></P>
<P><STRONG>

</STRONG></P>
<BLOCKQUOTE><IMG SRC="../gx/dennis/bbub.gif" alt="(!)"
	HEIGHT="28" WIDTH="50" BORDER="0"
	>
Linus "owns" the kernel.  He primarily focuses his
work on the developmental kernels (2.1.x right now ---
will probably be 2.3.x within a month or so).  The
stable kernels (2.0 currently) are largely maintained by
Alan Cox, though they are still sent to Linus for final
approval and official release.
</BLOCKQUOTE>
<BLOCKQUOTE>
When Linus decides that the work is complete on the
2.1 series he'll declare it to be "2.2" --- then
he'll start a 2.3 series (and there will be a quick
flood of patches posted to that, since we've been in
"feature freeze" for a couple of months and there are
people who have been privately working on some
new features in anticipation of the next development
cycle.
</BLOCKQUOTE>
<BLOCKQUOTE>
I've heard that Linus plans to turn the maintenance of
2.2 immediately over to Alan and Stephen Tweedie.  That
will allow him to focus on the next version exclusively.
</BLOCKQUOTE>
<BLOCKQUOTE>
Although there has been some effort to minimize the number
of bugs that will be in the 2.2 release --- it is almost
certain that we'll have at least a few 2.2.x releases within
the first few months.  Many of these will account for bugs
that only affect a small subset of the available hardware
configurations (one user in 10,000 or less).  For the 1.0
series we had about nine releases to the stable kernel set.
For the 1.2 series we had about 13 or so.  In 2.0 we have
had 36 (the versioning skipped from 1.3 to 2.x due major
structural changes in the kernel).  Don't just graph that
to project an estimate --- unless you also scale the graph
over the time frames involved.  Even than you'd find some
anomalies --- the differences between 1.2 and 2.0 are as
great as the versions numbers suggest.
</BLOCKQUOTE>
<BLOCKQUOTE>
As for how Linus decides what to incorporate and what to
ignore or kick back ... that's one of the mysteries to
which mere acolytes and initiates such as myself are not
privvy.
</BLOCKQUOTE>
<BLOCKQUOTE>
Linus is swamped.  He gets direct e-mailed patches from
countless programmers and programming students around the
world.  (The Savvy ones actually read the FAQ at
<A HREF="http://www.tux.org/lkml">http://www.tux.org/lkml</A> 
before trying to contribute to the Linux kernel).
</BLOCKQUOTE>
<BLOCKQUOTE>
See below for more on that.
</BLOCKQUOTE>
<P><STRONG><IMG SRC="../gx/dennis/qbub.gif" ALT="(?)"
	HEIGHT="28" WIDTH="50" BORDER="0"
	>
What if, no offense intended, Linus died tomorrow?
</STRONG></P>
<P><STRONG>

</STRONG></P>
<BLOCKQUOTE><IMG SRC="../gx/dennis/bbub.gif" alt="(!)"
	HEIGHT="28" WIDTH="50" BORDER="0"
	>
This class of events has been discussed (usually in less
morbid terms --- using the term "retiring" rather than
references to "expiriing").
</BLOCKQUOTE>
<BLOCKQUOTE>
This would be a great loss to the Linux community.
</BLOCKQUOTE>
<BLOCKQUOTE>
However, the sources are out there under a license that
ensure that they will remain freely available and "alive"
(able and likely to be upgraded, ported to new platforms,
and generally improved upon).
</BLOCKQUOTE>
<BLOCKQUOTE>
The great advantage that Linux has had over 
<A HREF="http://www.freebsd.org/">FreeBSD</A>, (and
it's brethren) has been Linus.  He focuses on the kernel,
and on code and quality, and almost completely eschews
politics.  He let's others deal with "user space" issues
(libraries, compilers, and all of the suites of utilities
and applications that go into any Linux distribution).
</BLOCKQUOTE>
<BLOCKQUOTE>
We've benefitted immensely from our "benign dictactor" model
--- we accepted Linus as "the Linux kernel God" (we hold
none before him and we're monotheistic in this regard).
</BLOCKQUOTE>
<BLOCKQUOTE>
When Linus eventually retires, moves on to other conquests,
or whatever (may it happen long after my own demise), then
the hope among the Linux kernel developers is that we'll be
able to adopt, appoint, agree upon a successor --- a new
benign dictator.  That might be someone like Alan Cox, or
Stephen Tweedie, or it might be just about anyone who's
name appears regularly enough on the Linux-kernel mailing
list  (I don't know enough to say).
</BLOCKQUOTE>
<BLOCKQUOTE>
Linus as jokingly referred to his daughters and Linus 2.0
and 3.0 (we could make it a heriditary oligarchy, if
they take the interest and aquire the proficiency).  Check
back in with us in about 15 years on that.
</BLOCKQUOTE>
<BLOCKQUOTE>

</BLOCKQUOTE>
<P><STRONG><IMG SRC="../gx/dennis/qbub.gif" ALT="(?)"
	HEIGHT="28" WIDTH="50" BORDER="0"
	>
Further, I'd like to find a place where (tentative) plans for
future releases are discussed, and even a vague timeline is
given. In short, is there a project management site/organization
that contains a summary of (debates about) where LINUX is going
and how it's going to get there?
</STRONG></P>
<P><STRONG>

</STRONG></P>
<BLOCKQUOTE><IMG SRC="../gx/dennis/bbub.gif" alt="(!)"
	HEIGHT="28" WIDTH="50" BORDER="0"
	>
Here's the real fun question.  Anyone who's seriously
involved in Linux kernel development is subscribed to the
Linux-kernel mailing list hosted by Rutgers University (Read
the FAQ listed above for exact instructions on how to
subscribe, where to find archives and how to search through
them).
</BLOCKQUOTE>
<BLOCKQUOTE>
linux-kernel is a very busy mailing list.  I've received
well over nine thousand pieces of e-mail on that list in
just the last few months.  It gets close to a hundred items
per day.  (The only Internet mailing list that I've been on
that seemed busier was the old cypherpunks list when it was
hosted at Toad Hall --- and maybe the Firewalls list that
was started by Brent Chapman at Great Circle Associates).
</BLOCKQUOTE>
<BLOCKQUOTE>
With that volume of traffic, you can be sure that many busy
developers (such as Linus) don't get to read everything.
(Linus has a family life and a full-time job --- mostly in
addition to his kernel work; although Transmeta apparently
does provide him with some work time to devote to Linux ---
as per his contract with them).
</BLOCKQUOTE>
<BLOCKQUOTE>
Of course, the best way for you to learn about the
social dynamics of the Linux kernel developers is to
immerse yourself in it for awhile.  Start with some
research (read the FAQ, and a month or two's worth of
the archives), then subscribe to the list and lurk
(read and don't post) for a month.
</BLOCKQUOTE>
<BLOCKQUOTE>
If you're doing research on us --- please let us know
where we can read any papers that you put together.  We
have one participant (esr, or Eric S. Raymond who has
referred to himself as the Linux community's
"anthropologist" but it might be interested to have an
alternative set of opinions from a more "objective" source).
</BLOCKQUOTE>
<BLOCKQUOTE>
(Eric has been a hacker since before Linux was developed.
He helped to compile and publish the &quot;New Hacker's
Dictionary&quot; --- which is also a pretty good source of
background if you want to understand the Linux community
as a subculture.  Take it with a grain of salt, of course
--- but read it anyway).
</BLOCKQUOTE>
<BLOCKQUOTE>

</BLOCKQUOTE>
<P><STRONG><IMG SRC="../gx/dennis/qbub.gif" ALT="(?)"
	HEIGHT="28" WIDTH="50" BORDER="0"
	>
Donald Braman
<br>Yale Anthropology
</STRONG></P>

<!-- sig -->

<!-- end 7 -->
<!--     .~~.~~.~~.~~.~~.~~.~~.~~.~~.~~.~~.~~.~~.~~.~~.~~.~~.~~.     -->
<A NAME="tag/9"><HR WIDTH="75%" ALIGN="center"></A>
<!-- begin 9 -->
<H3 align="left"><img src="../gx/dennis/qbubble.gif" height="50" width="60"
	  alt="(?) " border="0">
Looking for a Hardware Vendor: In all the Wrong Places
</H3>


<p><strong>From Scott Tubbesing  on Thu, 03 Dec 1998  
</strong></p>
<!-- ::
Looking for a Hardware Vendor: In all the Wrong Places
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
:: -->
<P><STRONG><IMG SRC="../gx/dennis/qbub.gif" ALT="(?)"
	HEIGHT="28" WIDTH="50" BORDER="0"
	>
Mr. Dennis,
</STRONG></P>
<P><STRONG>
My name is Scott Tubbesing and I am just starting to support Linux on my
new job. I read "The Answer Guy" in The Linux Gazette for the first time.
</STRONG></P>
<P><STRONG>
My employer is in the process of purchasing a Linux server.  You
mentioned AV Research as a possible and recommended vendor.  I couldn't
find a WEB page on this company and wonder how to contact them.
Appreciate your article and your assistance.
</STRONG></P>
<P><STRONG>
Have a good day.
</STRONG></P>
<P><STRONG>
Communication is the secret to success...Pass it on.
</STRONG></P>
<P><STRONG>
Scott Tubbesing
</STRONG></P>
<P><STRONG>

</STRONG></P>
<BLOCKQUOTE><IMG SRC="../gx/dennis/bbub.gif" alt="(!)"
	HEIGHT="28" WIDTH="50" BORDER="0"
	>
That's VA Research (initials VAR, as in value-added
reseller).  They're at <A HREF="http://www.varesearch.com"
	>http://www.varesearch.com</A>
</BLOCKQUOTE>
<BLOCKQUOTE>
You can find a whole list of other Linux friendly
hardware vendors at Linux International:
</BLOCKQUOTE>
<BLOCKQUOTE> <BLOCKQUOTE> <CODE>
<A HREF="http://www.linux.org/hardware">http://www.linux.org/hardware</A>
</CODE> </BLOCKQUOTE> </BLOCKQUOTE>
<BLOCKQUOTE>
Hope that helps.
</BLOCKQUOTE>

<!-- sig -->

<!-- end 9 -->
<!--     .~~.~~.~~.~~.~~.~~.~~.~~.~~.~~.~~.~~.~~.~~.~~.~~.~~.~~.     -->
<A NAME="tag/10"><HR WIDTH="75%" ALIGN="center"></A>
<!-- begin 10 -->
<H3 align="left"><img src="../gx/dennis/qbubble.gif" height="50" width="60"
	  alt="(?) " border="0">
Letting Those Transfers Run Unattended
</H3>


<p><strong>From Terry Singleton on Wed, 02 Dec 1998  
</strong></p>
<!-- ::
Letting Those Transfers Run Unattended
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
:: -->
<BLOCKQUOTE>

</BLOCKQUOTE>
<P><STRONG><IMG SRC="../gx/dennis/qbub.gif" ALT="(?)"
	HEIGHT="28" WIDTH="50" BORDER="0"
	>
While at home, dialed into work with my 56Kb modem, I sometimes
run across very large interesting looking applications. I often
wish that there were a way for me to telnet to my Linux box at
work and start the download. When I got to work the next day the
download would have hopefully completed.
</STRONG></P>
<P><STRONG>
Question: Is there a way for me to start my download remotely,
disconnect from the Linux server and have the server continue to
download the file(s)??
</STRONG></P>
<P><STRONG>

</STRONG></P>
<BLOCKQUOTE><IMG SRC="../gx/dennis/bbub.gif" alt="(!)"
	HEIGHT="28" WIDTH="50" BORDER="0"
	>
Yes.  The most obvious is to use '<tt>screen</tt>' - this will
let you start interactive processes over a dialup or
telnet connect (or within an xterm, on a VC), then
you can "multiplex" multiple interactive programs
and you can "detach" the whole session from your
terminal/connection.
</BLOCKQUOTE>
<BLOCKQUOTE>
Later, when you reconnect you can re-attach to your
'screen' session using the command:
</BLOCKQUOTE>
<BLOCKQUOTE><BLOCKQUOTE><CODE>
screen -r
</CODE></BLOCKQUOTE></BLOCKQUOTE>

<BLOCKQUOTE>
... assuming that you only have one of them
going.  If you've started multiple 'screen' sessions you
can select the one to which you want to re-attach using
additional command switches (read the man page for that).
</BLOCKQUOTE>
<BLOCKQUOTE>
I routinely use 'screen' (I'm using from a virtual console
right now).  If I leave this session like this and connect
from my terminal in the living from (to watch a little
CNN or "Law &amp; Order" as I work) I just use the command:
</BLOCKQUOTE>
<BLOCKQUOTE><BLOCKQUOTE><CODE>
screen -r -d
</CODE></BLOCKQUOTE></BLOCKQUOTE>

<BLOCKQUOTE>
... to simultaneously detach and reattach my screen session
--- to effectively "yank it over to my terminal."
</BLOCKQUOTE>
<BLOCKQUOTE>
Another advantage of using 'screen' is that my session
is preserved if I get disconnected.  (There's an
"auto-detach" feature).  So, you can leave the same
session saving state in up to ten programs for weeks, even
months at a time.  (I have three copies of xemacs, a
copy of lynx and a couple of shell prompts to the local
and some of the other hosts on my net open as I type this).
</BLOCKQUOTE>
<BLOCKQUOTE>
I do try to force myself to drop out of my screen session at
least once a month.
</BLOCKQUOTE>
<BLOCKQUOTE>
If you're using FTP to get these files you can also
use the '<tt>ncftp</tt>' command line features, including a "re-dial"
which will keep trying to get to that busy FTP site
until it gets your files.  There's also a program called
'<tt>lftp</tt>' that is a "command line driven, script friendly"
FTP client.
</BLOCKQUOTE>
<BLOCKQUOTE>
Another approach would be to use '<tt>expect</tt>' and/or Kermit
scripts which you start at the remote and run
"asynchronously" (in the background by slapping an
'<tt>&amp;</tt>' ampersand on the end of the command or by
hitting [Ctrl]+[Z] to "suspend" the job and issuing
the 'bg' command to restart it as though you'd put
the '<tt>&amp;</tt>' on it to begin with.
</BLOCKQUOTE>
<BLOCKQUOTE>
Note that this "job control" feature (the [Ctrl]+[Z]
and '<tt>bg</tt>' stuff) only works with non-interactive programs.
Interactive programs are likely to stop with a "waiting
on terminal input" message.  '<tt>screen</tt>' and any properly
written '<tt>expect</tt>' script will cope with those because they
set up a Unix domain socket as a sort of "virtual" terminal
to control the interactive software.
</BLOCKQUOTE>
<BLOCKQUOTE>

</BLOCKQUOTE>
<P><STRONG><IMG SRC="../gx/dennis/qbub.gif" ALT="(?)"
	HEIGHT="28" WIDTH="50" BORDER="0"
	>
Regards,
<br>Terry Singleton
<br>Canadore College, Network Analyst
</STRONG></P>

<!-- sig -->

<!-- end 10 -->

<hr width="40%" align="center">

<!-- begin 92 -->
<H3 align="left"><img src="../gx/dennis/qbubble.gif" height="50" width="60"
	  alt="(?) " border="0">
Letting Those Transfers Run Unattended
</H3>

<p><strong>From Terry Singleton on Fri, 25 Dec 1998  
</strong></p>
<!-- ::
More on:
Letting Those Transfers Run Unattended
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
:: -->

<P><STRONG><IMG SRC="../gx/dennis/qbub.gif" ALT="(?)"
	HEIGHT="28" WIDTH="50" BORDER="0"
	>
Where do I find <EM>screen</EM> I searched my system and www.freshmeat.net but
could not find the app you mentioned. I am running RedHat 5.1 and I believe
installed almost everything.
</STRONG></P>
<P><STRONG>
thanks.
</STRONG></P>

<BLOCKQUOTE><IMG SRC="../gx/dennis/bbub.gif" alt="(!)"
	HEIGHT="28" WIDTH="50" BORDER="0"
	>
That's odd.  When I use freshmeat's "Quickfinder" it's
the first entry that shows up.  (Maybe the older version
wasn't listed.  A new version was just released recently
--- after you sent me this message I think).
</BLOCKQUOTE>
<BLOCKQUOTE>
Here's the Freshmeat "AppIndex" URL:
</BLOCKQUOTE>

<BLOCKQUOTE><dl>
<dt>( freshmeat ) - ( details of "screen" )
<dd><tt><A HREF="http://appindex.freshmeat.net/view/913939067"
		>http://appindex.freshmeat.net/view/913939067</A></tt>
</dl></BLOCKQUOTE>
<BLOCKQUOTE>
... and here's the main web page:
</BLOCKQUOTE>

<BLOCKQUOTE><dl>
<dt>screen - GNU Project - Free Software Foundation (FSF)
<dd><tt><A HREF="http://www.gnu.org/software/screen"
		>http://www.gnu.org/software/screen</A></tt>
</dl></BLOCKQUOTE>

<BLOCKQUOTE>
It's also easy to find at the Filewatcher site
(<A HREF="http://filewatcher.org">http://filewatcher.org</A> 
<EM>formerly</EM> lfw.linuxhq.com) and
at the Linux Archive Search (<A HREF="http://las.ml.org"
					>http://las.ml.org</A>).
</BLOCKQUOTE>
<BLOCKQUOTE>
However, Freshmeat returned the most recent version and
the canonical web site, while the others showed dozens
of links to older versions and other packages (with the
string 'screen' in their names) and no information about
the package.  So Freshmeat's my first choice at this point.
</BLOCKQUOTE>

<!-- sig -->

<!-- end 92 -->
<!--     .~~.~~.~~.~~.~~.~~.~~.~~.~~.~~.~~.~~.~~.~~.~~.~~.~~.~~.     -->
<A NAME="tag/11"><HR WIDTH="75%" ALIGN="center"></A>
<!-- begin 11 -->
<H3 align="left"><img src="../gx/dennis/qbubble.gif" height="50" width="60"
	  alt="(?) " border="0">
Translucent, Overlay, Loop, and Union Filesystems
</H3>


<p><strong>From c17h21no4 on Wed, 02 Dec 1998  
</strong></p>
<!-- ::
Translucent, Overlay, Loop, and Union Filesystems
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
:: -->
<BLOCKQUOTE>

</BLOCKQUOTE>
<P><STRONG><IMG SRC="../gx/dennis/qbub.gif" ALT="(?)"
	HEIGHT="28" WIDTH="50" BORDER="0"
	>
Where can i find information/documentation about the loopback
filesystem and the translucent file sytstem under linux.  From
what i see on the mail lists there is support but the links are
old or outdated (Ben's link) and i seem to not be finding any info
on it.
</STRONG></P>
<BLOCKQUOTE><IMG SRC="../gx/dennis/bbub.gif" alt="(!)"
	HEIGHT="28" WIDTH="50" BORDER="0"
	>
According to an old version of the CD-ROM Howto:
</BLOCKQUOTE>
<BLOCKQUOTE>
Once upon a time there was an IFS (inheriting filesystem).
This was written by Werner Almesberger for Linux version
0.99p11 was similar in principle to the "translucent fs"
from Sun.  This was a "copy-on-write" system, sometimes
referred to as an "overlay" or "union" fs.
</BLOCKQUOTE>
<BLOCKQUOTE>
All of these are different terms for the same concept,
you mount two (or possibly more) filesystems on the same
point.  Accessing  files under these mount points is
presents files from one of the underlying filesystems.
</BLOCKQUOTE>
<BLOCKQUOTE>
The most common case would be to lay a CD-ROM fs over a
normal (ext2, minix, xiafs) filesystem.  Any files on
the "normal" (read-write) fs take precedence over any
file with a colliding name on the CD-ROM.  Any write
attempt of a file results in a copy (or possibly a
"diff" on a log-structured fs).  Later access to such
files will refer to the copy rather than the original.
</BLOCKQUOTE>
<BLOCKQUOTE>
An early version of the Yggdrasil Plug-n-Play Linux (*)
distribution supported this (IFS) as an installation
method, if I recall correctly.
</BLOCKQUOTE>

<BLOCKQUOTE><ul>
<li>(the first CD-ROM distribution ever released
as far as I know)
</ul></BLOCKQUOTE>

<BLOCKQUOTE>
As far as I know Werner's IFS hasn't been updated in years
and there isn't any support for any of these union/translucent
etc fs variants in the standard kernel.  I did find on
pretty obscure set of patches that <EM>appear</EM> to provide
"overlay" filesystem support for 2.0.31 kernels at:
</BLOCKQUOTE>

<BLOCKQUOTE><dl>
<dt>LOFS Patches for Linux:
<dd><tt><A HREF="http://www.kvack.org/~blah/lofs"
		>http://www.kvack.org/~blah/lofs</A></tt>
</dl></BLOCKQUOTE>

<BLOCKQUOTE>
... this has no README files or other documentation
so my guess about their intent is purely from reading the
patches.    I think "Blah" in this URL refers to Mr.
Benjamin LaHaise who apparently wrote the following to
the Linux-Kernel mailing list in May of 1997:
</BLOCKQUOTE>

<blockquote><blockquote><font color="#000066"><em>
	   &gt; Now is a very good time to tell me if
	<br>&gt; someone else has already got a working lofs 
		<img src="../gx/dennis/smily.gif" alt=":-)">
</em></font></blockquote></blockquote>

<blockquote><blockquote><font color="#000099"><em>
		I wrote one quite some time ago, and finally made
		patches against 2.0.30 last week.  They're at
		ftp://dot.superaje.com/pub/linux/lofs-2.0.30.diff
		It's not perfect, but it works. (I do have a fancier
		2.1.x version, but it'll be a while before i get
		anymore work done on it.)
</em></font></blockquote></blockquote>

<BLOCKQUOTE>
This was in response to a Mr. Jon Peatfield's query.
(The ftp link therein does not work). He mentioned some
additional work on his 'lofs' as late as August of '97
--- quoted in a response by Linus regarding some
VFS semantics.
</BLOCKQUOTE>
<BLOCKQUOTE>
I presume this is the "Ben" to which you are referring.
I've blind copied his last known @ddresses. (Sorry if you
get three copies of this).
</BLOCKQUOTE>
<BLOCKQUOTE>
There's a similar concept called a "cachefs" and there's a
couple somewhat different concepts called "loop" filesystems.
</BLOCKQUOTE>
<BLOCKQUOTE>
A Linux "loop" or "loopback" filesystem allows one to
mount a regular file as a filesystem.  This only works
if the file is an <EM>image</EM> of a supported filesystem.  Thus,
if you have a boot diskette image you can mount it on
<TT>/dev/loop0</TT>, '<tt>cd</tt>' into the mount point and view the
contents.
</BLOCKQUOTE>
<BLOCKQUOTE>
I've leard of another interpretation of the phrase "loop
back filesystem" that involves remounting the same
filesystem with different option at different mount
points. Thus you might mount one at <TT>/usr</TT> with "read-only"
options and somewhere else with read-write and no-exec"
However, I don't know which versions of Unix use this and it
doesn't seem to match the Linux implemtation <EM>at all</EM>.
</BLOCKQUOTE>
<BLOCKQUOTE>
It is possible to enable encryption on your loop devices
using the '<tt>losetup</tt>' command (see the man page in section
8).   However, this is more of a proof of concept than a
real utility.  See my column last month for pointers to some
real cryptography packages, or look at the "privacy protected
disk driver" (ppdd) which is one I forgot to mention
last month.
</BLOCKQUOTE>
<BLOCKQUOTE>
'<tt>cachefs</tt>' and '<tt>tmpfs</tt>' are filesystems that 
are supported by Solaris.
</BLOCKQUOTE>
<BLOCKQUOTE>
The CODA  project at <A HREF="http://coda.cs.cmu.edu"
	>http://coda.cs.cmu.edu</A> also has some
interesting replication and caching features.
</BLOCKQUOTE>
<BLOCKQUOTE>
Obviously when we start talking about specialized
filesystems we see myriad terminology collisions and
ambiguities.
</BLOCKQUOTE>
<BLOCKQUOTE>
For now I'd say that Linux LOFS/Translucent filesystems are
not "ready for prime time."  However, if you're interested
in working on the code --- go for it!
</BLOCKQUOTE>

<!-- sig -->

<!-- end 11 -->
<!--     .~~.~~.~~.~~.~~.~~.~~.~~.~~.~~.~~.~~.~~.~~.~~.~~.~~.~~.     -->
<A NAME="tag/12"><HR WIDTH="75%" ALIGN="center"></A>
<!-- begin 12 -->
<H3 align="left"><img src="../gx/dennis/qbubble.gif" height="50" width="60"
	  alt="(?) " border="0">Modem dial out</H3>


<p><strong>From Infinite Loop  on Wed, 02 Dec 1998  
</strong></p>
<P><STRONG>
Hi Jim,
</STRONG></P>
<P><STRONG>
How are you? I'm want to write a program that enables my Linux
system to dial a page to my beeper, this function to be activated
upon certain events. I am learning C. I came across a system call
ioctl that is supposed to let me control the devices, but I cannot
find further information on it's usage. Or is there other
programs/functions that you can advise me to work on to achieve
the result?
</STRONG></P>
<P><STRONG>
Thanks.
</STRONG></P>
<P><STRONG>

</STRONG></P>
<BLOCKQUOTE><IMG SRC="../gx/dennis/bbub.gif" alt="(!)"
	HEIGHT="28" WIDTH="50" BORDER="0"
	>
You might want to try the Linux Gazette "Search"
feature.  I wrote a fairly extensive piece on this
back in May.
</BLOCKQUOTE>
<BLOCKQUOTE>
Using the search phrase &quot;<tt>pager software</tt>&quot;
at <A HREF="http://www.linuxgazette.com"
	>http://www.linuxgazette.com</A> the following
was the fourth hit:
</BLOCKQUOTE>

<BLOCKQUOTE><dl>
<dt>The Answer Guy 28: Email Alpha-Paging software
<dd><tt><A HREF="http://www.ssc.com/lg/issue28/tag_paging.html"
	>http://www.ssc.com/lg/issue28/tag_paging.html</A></tt>
</dl></BLOCKQUOTE>

<BLOCKQUOTE>
Granted I wasn't able to find it so easily using
Yahoo! and Alta Vista.  When I elaborated on the
phrase to include:
</BLOCKQUOTE>
<BLOCKQUOTE> <BLOCKQUOTE> <CODE>
pager software linux source code
</CODE> </BLOCKQUOTE> </BLOCKQUOTE>
<BLOCKQUOTE>
... I got a surprise:
</BLOCKQUOTE>

<BLOCKQUOTE><dl>
<dt><A HREF="http://www.debian.org/">Debian</A> Package - hylafax-doc 4.0.2-5
<dt><tt><A HREF="http://cgi.debian.org/www-master/debian.org/Packages/stable/comm/hylafax-client.html"
	>http://cgi.debian.org/www-master/debian.org/Packages/stable/comm/hylafax-client.html</A></tt>
</dl></BLOCKQUOTE>

<blockquote><pre>	  HylaFAX support [sic] the sending and receiving of
	  facsimiles, the polled retrieval of facsimiles and
	  the send [sic] of alphanumeric pages.
          ^^^^^^^^^^^^^~~~~~~~~~~~~~~~~~~~~~~~
</pre></blockquote>
<BLOCKQUOTE>
(emphasis mine).
</BLOCKQUOTE>

<P><STRONG><IMG SRC="../gx/dennis/qbub.gif" ALT="(?)"
	HEIGHT="28" WIDTH="50" BORDER="0"
	>
Regards,
Joseph Ang
</STRONG></P>

<BLOCKQUOTE><IMG SRC="../gx/dennis/bbub.gif" alt="(!)"
	HEIGHT="28" WIDTH="50" BORDER="0"
	>
I'd get those packages and read through their sources
a bit.
</BLOCKQUOTE>

<!-- sig -->

<!-- end 12 -->

<hr width="40%" align="center">

<!-- begin 8 -->
<H3 align="left"><img src="../gx/dennis/qbubble.gif" height="50" width="60"
	  alt="(?) " border="0">
Promptness: It's Just a Lucky Shot
</H3>


<p><strong>From Infinite Loop  on Fri, 04 Dec 1998  
</strong></p>
<!-- ::
Promptness: It's Just a Lucky Shot
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
:: -->
<P><STRONG><IMG SRC="../gx/dennis/qbub.gif" ALT="(?)"
	HEIGHT="28" WIDTH="50" BORDER="0"
	>
Hi Jim,
</STRONG></P>
<P><STRONG>
Thanks for your prompt reply! I'm very surprised to receive your
reply in just a day! Really, really appreciate that 
<IMG SRC="<TT>../gx/dennis/smily.gif</TT>" ALT=":)" height="24" width="20" align="middle">
</STRONG></P>
<P><STRONG>
Best regards,
Joseph Ang
</STRONG></P>

<BLOCKQUOTE><IMG SRC="../gx/dennis/bbub.gif" alt="(!)"
	HEIGHT="28" WIDTH="50" BORDER="0"
	>
You were just lucky.  The question was easy and
appealed to me.
</BLOCKQUOTE>
<BLOCKQUOTE>
Unfortunately there are many questions that I just
don't "get to."  Especially since I'm getting about
five times more TAG traffic this month then last.
</BLOCKQUOTE>

<!-- sig -->

<!-- end 8 -->
<!--     .~~.~~.~~.~~.~~.~~.~~.~~.~~.~~.~~.~~.~~.~~.~~.~~.~~.~~.     -->
<A NAME="tag/15"><HR WIDTH="75%" ALIGN="center"></A>
<!-- begin 15 -->
<H3 align="left"><img src="../gx/dennis/qbubble.gif" height="50" width="60"
	  alt="(?) " border="0">
'chroot()' Jails or Cardboard Boxes
</H3>


<p><strong>From Clifton Flynt sometime before Wed, 02 Dec 1998  
</strong></p>
<!-- ::
'chroot()' Jails or Cardboard Boxes
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
:: -->
<P><STRONG>
Hi,
You recently stated:
</STRONG></P>
<P><STRONG>

</STRONG></P>
<P><STRONG><FONT COLOR="#000066"><EM>
You can set up inetd.conf to call simple chroot call to a
jail before launching ftpd -- which will automatically use
the <TT>/etc/passwd</TT> that's relative to the chroot directory.  The
You can even use shadow passwords in the chroot.
</EM></FONT></STRONG></P>
<P><STRONG><FONT COLOR="#000066"><EM>
It does take a bit of tweaking -- but it can be done.
</EM></FONT></STRONG></P>
<P><STRONG><FONT COLOR="#000066"><EM>

</EM></FONT></STRONG></P>
<P><STRONG>
Could you point me to a FAQ or HowTo for this?
</STRONG></P>
<P><STRONG>
I'm upgrading a 4.2 based firewall system to 5.1, and already tried
the obvious tricks of copying the <TT>/lib/security</TT> and 
<TT>/etc/pam.d</TT> directories to the playground/jail directory.
</STRONG></P>

<P><STRONG>
Thanks,
<br>Clif
</STRONG></P>

<BLOCKQUOTE><IMG SRC="../gx/dennis/bbub.gif" alt="(!)"
	HEIGHT="28" WIDTH="50" BORDER="0"
	>
I don't know of an FAQ or HOWTO on this.  I haven't
had time to write one myself.
</BLOCKQUOTE>
<BLOCKQUOTE>
One trick is to use the '<tt>ldd</tt>' command extensively to identify
shared libraries that must be copied into the 'chroot()'
jail.  Another is to use '<tt>strace</tt>' to capture system call
traces of each program (particularly those that fail
to run properly in the jail) and compare the calls to
'<tt>open()</tt>' between the version run in the jail and the one
that works normally within your normal environment.
</BLOCKQUOTE>
<BLOCKQUOTE>
The brute force method is to simply install a whole
distribution unto another filesystem.  Mount that as
the jail and trim out everything you don't need.
</BLOCKQUOTE>
<BLOCKQUOTE>
It should be noted that '<tt>chroot()</tt>' jails are not "root safe"
under normal implementations of Unix and Linux.  If an
attacker does successfully gain '<tt>root</tt>' privileges with the
jail it is a simple matter to "break out."
</BLOCKQUOTE>
<BLOCKQUOTE>
'<tt>securelevel</tt>' is a set of features in BSD (Free|Net|Open and
BSDI/OS) to minimize the <EM>persistence</EM> of such compromise.
These try to prevent root from exercising various privileges
while the system is in "server" or "production" or "secure" mode.
</BLOCKQUOTE>
<BLOCKQUOTE>
There were some patches for '<tt>securelevel</tt>' that were under
development for Linux.  However, Linus rejected them and has
accepted an alternative that may offer more flexibility,
finer grained control and still allow for relatively easy
"securelevel emulation."
</BLOCKQUOTE>
<BLOCKQUOTE>
These features (what POSIX.1e refers to as "capabilities
lists" but which are better described as "VMS like
privileges") are built in the 2.1.x kernels and will almost
certainly be part of 2.2.   In addition to the possibility
that these will allow us to "emulate 'securelevel'" these
may also prevent many forms of process subversion that
lead to '<tt>root</tt>' compromise.
</BLOCKQUOTE>
<BLOCKQUOTE>
Normal '<tt>securelevel</tt>' does <EM>nothing</EM> to prevent 
the attacker from gaining root.  It doesn't very little to limit 
what the attacker can do with that privilege during the session in
which it is obtained.  In other words the successful
attacker still has control of the system.  '<tt>securelevel</tt>'
primarily prevents persistent changes to the filesystems (no
changing immutable flags to mutable and "append-only" files
to random access read/write, no remounting read-only
filesystems in read/write mode, etc).  Some other
securelevel features prevent loading of kernel modules and
access to <TT>/dev/kmem</TT> (<tt>/proc/kmem</tt> for Linux users).
</BLOCKQUOTE>
<BLOCKQUOTE>
This doesn't address the mechanism by which the attacker
gained '<tt>root</tt>' and only places relatively minor limitations
on what '<tt>root</tt>' can do to the state of the system.  Those
limitations mostly prevent sniffing on other processes,
hiding the attacker tracks, and leaving '<tt>rootkits</tt>' laying
around.
</BLOCKQUOTE>
<BLOCKQUOTE>
With the "privs" features the Linux kernel add more
fine-grained delegation and limitation semantics.  One
can provide a process (and its descendents) with the
ability to open a "privileged" TCP port (below the
conventional Unix 1024 watermark) and/or with just read-only
access to <EM>all</EM> files, without allowing that process to
write to, change the ownership or permissions/mode or
filesystem dependent attributes/flags on them, etc).
</BLOCKQUOTE>
<BLOCKQUOTE>
Basically these "privileges" split the implications of
"SUID root" into separately maskable and delegateable items.
Instead of one "god flag" we have a whole pantheon of them,
each with its own sphere of influence.
</BLOCKQUOTE>
<BLOCKQUOTE>
The kernel support for this is just the tip of the iceberg.
Consequently we probably won't see effective use of this
for several month after Linux ships and it will be much
longer until we have "full" support for this security model.
</BLOCKQUOTE>
<BLOCKQUOTE>
Currently the only way to use these features with 2.1
kernels would be to write wrapper programs that set/mask the
privilege sets (there are "allowed, effective, and
inheritable" sets; the "inheritable" set is a mask which
strips these privs from children).  These wrapper/launchers
could then start processes with small lists of required
privileges and some (small?) assurance that these processes
couldn't perform some forms of mischief directly.
</BLOCKQUOTE>
<BLOCKQUOTE>
To emulate '<tt>securelevel</tt>' you'd write wrappers that started
'<tt>init</tt>' and/or '<tt>inetd</tt>' and various daemons like 
'<tt>sendmail</tt>' and your web server with a set of privileges masked off.
These processes and their children would be unable to
exercise certain sorts of system calls (possibly including the
equivalent of '<tt>chroot(..)</tt>' to chdir/chroot <EM>out of</EM> a jail)
and file operations.  They would not be able to inherit
these privileges even from an SUID '<tt>root</tt>' program --- such
programs would only be able to exercise the subset of
privileges that were inherited and allowed. (*)
</BLOCKQUOTE>

<BLOCKQUOTE><ul>
<li>(The attack vector would then have to be
via subversion of some running process that
retained its privileges i.e. via some form of
interprocess communication rather than by direct
execution.  If '<tt>init</tt>' was stripped of its
"<tt>chatter +i</tt>" priv then <EM>no</EM> process on the system
could make immutable files mutable.  Naturally
you'd construct the wrapper or patches to '<tt>init</tt>'
such that these features would be enabled at
specific runlevels or disabled with certain
boot-time parameters).
</ul></BLOCKQUOTE>

<BLOCKQUOTE>
Later it will be possible to store these privilege sets
as attributes of executable files.   Thus the '<tt>rsh</tt>' and
'<tt>rlogin</tt>' commands would have their "bind to privileged
IP port" bit set, and all others would be unset.  (Note
we're not <EM>masking off</EM> the other privs, we're merely
not <EM>granting</EM> them).  Thus the reason why these two
command are "SUID 'root'" is accounted for, without
giving these programs a host of other system privileges
that are not <EM>required</EM> for their proper operation.
</BLOCKQUOTE>
<BLOCKQUOTE>
The filesystem support for these features will presumably
be added in the 2.3 kernel series.
</BLOCKQUOTE>
<BLOCKQUOTE>
It looks like Linux 2.3 will mostly be about filesystems,
"large" file support, ACL's, logging/journaling, b-tree
directory structuring, and other features of that sort.
</BLOCKQUOTE>
<BLOCKQUOTE>
It's not clear whether these will be rolled into ext2 or
whether they will be incorporated into a new ext3.
</BLOCKQUOTE>
<BLOCKQUOTE>
If this whole "privs" security model seems complex and
difficult to administer and audit, then you're reading me
loud and clear.
</BLOCKQUOTE>
<BLOCKQUOTE>
Determining the precise set of requisite flags for each
program and process will be a monumental pain.  It is
unclear how effective these efforts will eventually be.  VMS
has had these sorts of features since its inception, and
they are similar to features in MLS/CMW (multi-level
security for compartmented mode workstations) versions of
Unix (usually billed/sold as the B2 Security Package,
Option, or Version --- and generally only used by the
U.S. military or similar organizations).
</BLOCKQUOTE>
<BLOCKQUOTE>
Personally I would like to see a "true capabilities"
subsystem implemented.  This is a completely different
security model that is so much unlike Unix, NT, and
other identity/ACL based systems that you may have to
spend a year or two <EM>unlearning</EM> what you know about
operating systems design before you "get it."  (It took
me about two --- but I'm unusually stubborn).
</BLOCKQUOTE>
<BLOCKQUOTE>
I've talked about this security model in this column
before. Do a keyword search on EROS (extremely reliable
OS) and/or KeyKOS to find some links about it. Ironically
I've never used a system that incorporated "capabilities."
However, I've grudgingly come to the conclusion that they
represent a better security model than the ones we use
in all major software today.
</BLOCKQUOTE>
<BLOCKQUOTE>
The catch is that programs would have to be significantly
retooled to work under such a system.  There's also been
almost no interest in this from the programmers that I've
talked to.  (That would suggest that I'm just a ranting
crackpot --- since I'm not a programmer myself).
</BLOCKQUOTE>
<BLOCKQUOTE>
In any event, hopefully these "privileges" will make
your system somewhat more secure and make a <tt>chroot()</tt>
jail more than just a cardboard box.
</BLOCKQUOTE>
<BLOCKQUOTE>
If security is not your primary concern -- if all you want
is to provide virtual FTP hosting, just look at <tt>ncftpd</tt>
and or ProFTPD.
</BLOCKQUOTE>

<!-- sig -->

<!-- end 15 -->
<!--     .~~.~~.~~.~~.~~.~~.~~.~~.~~.~~.~~.~~.~~.~~.~~.~~.~~.~~.     -->
<A NAME="tag/16"><HR WIDTH="75%" ALIGN="center"></A>
<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 3.2//EN">
<html>
<head>
<META NAME="generator" CONTENT="lgazmail v1.1G.e">
<TITLE>The Answer Guy 36: 
Swap file on a RAM Disk
</TITLE>
</HEAD><BODY BGCOLOR="#FFFFFF" TEXT="#000000"
	LINK="#3366FF" VLINK="#A000A0">
<!-- ::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::: -->
<H4>"The Linux Gazette...<I>making Linux just a little more fun!</I>"</H4>
<P> <hr> <P>
<!-- ::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::: -->
<center>
<H1><A NAME="answer">
	<img src="../gx/dennis/qbubble.gif" alt="(?)" border="0" align="middle">
	<font color="#B03060">The Answer Guy</font>
	<img src="../gx/dennis/bbubble.gif" alt="(!)" border="0" align="middle">
</A></H1> 
<BR>
<H4>By James T. Dennis,
	<a href="mailto:answerguy@ssc.com">answerguy@ssc.com</a><BR>
	Starshine Technical Services,
	<A HREF="http://www.starshine.org/">http://www.starshine.org/</A> 
</H4>
</center>

<p><hr><p>
<!-- ::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::: -->
<!-- begin 16 -->
<H3 align="left"><img src="../gx/dennis/qbubble.gif" height="50" width="60"
	  alt="(?) " border="0">
Swap file on a RAM Disk
</H3>


<p><strong>From Mathieu Bouchard  on Wed, 02 Dec 1998  
</strong></p>
<!-- ::
Swap file on a RAM Disk
~~~~~~~~~~~~~~~~~~~~~~~
:: -->
<P><STRONG><IMG SRC="../gx/dennis/qbub.gif" ALT="(?)"
	HEIGHT="28" WIDTH="50" BORDER="0"
	>
Hi,
</STRONG></P>
<P><STRONG><FONT COLOR="#000066"><EM>
Some have even reported that using 100 or 200K RAM disk with a swap file
on it will dramatically improve the performance over using all of your
memory as straight RAM.
</EM></FONT></STRONG></P>
<P><STRONG>
Do you have any rational explication to this? I'm not a kernel expert, but
it makes no sense -- especially because AFAIK, Linux RAM disks are
swappable (and lazily-allocated), and mutual containment (in this context)
makes no sense;
</STRONG></P>
<BLOCKQUOTE><IMG SRC="../gx/dennis/bbub.gif" alt="(!)"
	HEIGHT="28" WIDTH="50" BORDER="0"
	>
No.  I don't have a rational explication or explanation
for this.
</BLOCKQUOTE>
<P><STRONG><IMG SRC="../gx/dennis/qbub.gif" ALT="(?)"
	HEIGHT="28" WIDTH="50" BORDER="0"
	>
but in the event that a RAM disk wouldn't be swappable, then, swapping
from RAM to RAM isn't anything more than a CPU hog and unnecessary
complexity -- it's a kind of Alice in Wonderland to me. It would make
sense if some compression was done while swapping, which would look like a
Macintosh RAMdoubler. But Linux has no such feature -- six months ago I
asked the Linux guys and they said that they didn't like the idea.
</STRONG></P>
<P><STRONG>
Is it possible that such a report would be gibberish? in which case I
would like you to get the precise facts and publish them. I think that
even though it is a detail, the Linux community doesn't deserve to have
anything done wrong. I'm not [bf]laming, I just want to correct a
situation.
</STRONG></P>
<P><STRONG>
matju
</STRONG></P>
<BLOCKQUOTE><IMG SRC="../gx/dennis/bbub.gif" alt="(!)"
	HEIGHT="28" WIDTH="50" BORDER="0"
	>
However, I can make a guess.  Many of the memory management
code paths may have to special case the situation where no
swap/paging space is available.  The routines invoked to
handle this special case may result in a slow down when
no swap is available.
</BLOCKQUOTE>
<BLOCKQUOTE>
You're welcome to search the Linux-Kernel mailing list
archives yourself.  You can also just try it (run some
tests with no swap space "mounted" and then run them
again with just a small swap file located on a small
RAM disk. I haven't actually tried this experiment,
so I made an effort to identify my statement as hearsay.
</BLOCKQUOTE>
<BLOCKQUOTE>
If you'd like to so some research on it --- you could
publish your results (probably in LG --- perhaps as a
2-cent tip or as a full article).
</BLOCKQUOTE>
<!-- sig -->
<!-- end 16 -->
<!--     .~~.~~.~~.~~.~~.~~.~~.~~.~~.~~.~~.~~.~~.~~.~~.~~.~~.~~.     -->
<A NAME="tag/18"><HR WIDTH="75%" ALIGN="center"></A>
<!-- begin 18 -->
<H3 align="left"><img src="../gx/dennis/qbubble.gif" height="50" width="60"
	  alt="(?) " border="0">
How to "get into" an Linux system from a Microsoft client
</H3>


<p><strong>From WRB  on Wed, 02 Dec 1998  
</strong></p>

<!-- ::
More on:
How to "get into" an Linux system from a Microsoft client
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
:: -->

<P><STRONG><IMG SRC="../gx/dennis/qbub.gif" ALT="(?)"
	HEIGHT="28" WIDTH="50" BORDER="0"
	>
Jim, thanks for the samba reference, I'm going to spend some time
there.
</STRONG></P>
<P><STRONG>
By the way, it appears I did not give you enough information the
first time around. When I mentioned "get into" I meant from the
NT40 explorer window, network neighborhood. I can see the Linux
machine (computer4) shown there, but when I try to "click" on it
and log in (YYYYYYYY4 with password XXXXXXX), that's when I get
the message. This happens with NT40 only.
</STRONG></P>

<BLOCKQUOTE><IMG SRC="../gx/dennis/bbub.gif" alt="(!)"
	HEIGHT="28" WIDTH="50" BORDER="0"
	>
That is what I'd guessed.  You're trying to share
files that are on the Linux system.  Those must be
exported/published to you via Samba.
</BLOCKQUOTE>
<BLOCKQUOTE>
By the way, I've blotted out the computer name and
password that you included in your text.  Please
don't include any password or other private information
in posting to any stranger on the net.  Particularly one
like me, that publishes such messages in a widely read
monthly webazine.
</BLOCKQUOTE>

<P><STRONG><IMG SRC="../gx/dennis/qbub.gif" ALT="(?)"
	HEIGHT="28" WIDTH="50" BORDER="0"
	>
When I do the same thing with W95 explorer window, network
neighborhood (click on computer4), I go right to the directory I
assigned to the W95 computer (/home/computer1). I set up a link
from there (/home/computer1) to <TT>/</TT> and now I can browse all over
the Linux machine - using W95.
</STRONG></P>

<P><STRONG>
I just can't find the right "trick" to do the same thing with NT40.
</STRONG></P>

<BLOCKQUOTE><IMG SRC="../gx/dennis/bbub.gif" alt="(!)"
	HEIGHT="28" WIDTH="50" BORDER="0"
	>
You'll want to read the Samba FAQ.  This is one of the
situations they cover therein.  Basically there is a
difference between the way that your Win '9x and NT 4.0
clients are attempting to authenticate to the Linux system.
</BLOCKQUOTE>

<BLOCKQUOTE><dl>
<dt>Samba FAQ
<dd><tt><A HREF="http://us1.samba.org/samba/docs/FAQ"
		>http://us1.samba.org/samba/docs/FAQ</A></tt>
</dl></BLOCKQUOTE>

<BLOCKQUOTE>
Search on the string "nt4" to jump to the first
relevant paragraph.  However, I'd suggest reading
the whole FAQ.  Then you'll know more about Samba
then I currently do.  (I hardly ever use it).
</BLOCKQUOTE>

<P><STRONG><IMG SRC="../gx/dennis/qbub.gif" ALT="(?)"
	HEIGHT="28" WIDTH="50" BORDER="0"
	>
Thanks again for your time
<br>Ron Botzen
</STRONG></P>

<!-- sig -->

<!-- end 18 -->
<!--     .~~.~~.~~.~~.~~.~~.~~.~~.~~.~~.~~.~~.~~.~~.~~.~~.~~.~~.     -->
<A NAME="tag/19"><HR WIDTH="75%" ALIGN="center"></A>
<!-- begin 19 -->
<H3 align="left"><img src="../gx/dennis/qbubble.gif" height="50" width="60"
	  alt="(?) " border="0">
Dynamic IP Address Publishing Hack
</H3>


<p><strong>From Ronald Kuetemeier  on Sat, 05 Dec 1998  
</strong></p>
<!-- ::
Dynamic IP Address Publishing Hack
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
:: -->
<BLOCKQUOTE>

</BLOCKQUOTE>
<P><STRONG><IMG SRC="../gx/dennis/qbub.gif" ALT="(?)"
	HEIGHT="28" WIDTH="50" BORDER="0"
	>
Here is an expect script that you might find useful for your article.
It keeps a connection to the internet up and running with a
dynamically assigned ip address.
It updates html file(s) with the assigned ip address and ftps it to a
well known server on the internet.
Ronald
</STRONG></P>

<pre><strong>&gt; =====================================================================
 #!/usr/bin/expect -f

 #expect script to keep a www server connected to the internet over
 #dynamically assigned ip address
 #Ronald Kuetemeier 11/1/1998 dket@mail.saber.net
 #Replace all xxxx with your values

 #initial ppp server address to see if we are already up
 #change this to your ftp server ip addr.
 set server xxx.xxx.xxx.xxx

 #use of ppp script to make sure ppp is down and can be restarted
 #change this to your local ppp up/down script
 proc logon {} {
  system xxxx stop
  close
  wait
  sleep 10
  system xxxx start
  close
  wait
  sleep 35
  ping 1
 }

 #get ip's from ifconfig
 proc getip {} {
  spawn ifconfig
  expect -re "P-t-P:\[0-9\]+.\[0-9\]+.\[0-9\]+.\[0-9]+"

   close
   wait
   setip $expect_out(buffer)
  }

 }

 #find local ip and remote server ip address from ifconfig
 proc setip {out} {
  global server
  set ips [string range $out [string first "Point-to-Point" $out]
 [string length $out]]
  regexp  P-t-P:\[0-9\]+.\[0-9\]+.\[0-9\]+.\[0-9]+  $ips server_1
  regexp  addr:\[0-9\]+.\[0-9\]+.\[0-9\]+.\[0-9]+  $ips client_1
  regexp \[0-9\]+.\[0-9\]+.\[0-9\]+.\[0-9\]+ $server_1 server
  regexp \[0-9\]+.\[0-9\]+.\[0-9\]+.\[0-9\]+ $client_1 client
  changeaddr $client
 }

 #ping to see if connection is still up
 proc ping {i} {
  global server
  while {1} {
   if {$i == 6} {
    logon
    getip
    set $i 0
   }
   spawn ping -c 1 -n $server
   expect {
    "bytes from" break
    "100% packet loss" close
    ret=-1 close
   }
   wait
   incr i
   puts $i
   sleep 3
  }
   close
   wait
 }

 #change to your local userid and passwd and file transfer
 proc ftp {} {
 #change to your ftp server
  spawn ftp xxx.xxx.xxx
  expect "Name*:"
  send "xxxx\r"
  expect "Password:"
  send "xxxx\r"
  expect "ftp&gt;"
 #change to your ftp server directory,i.e public_html
  send "cd xxxxx\r"
  expect {
 #change file to transfer             [file]
                "2*ftp&gt;" [send "put xxxx.xxxx\r"]
                 "550*ftp&gt;" ftp_error
  }
  expect {
 #change or delete file 2 transfer    [file 2]
                "2*ftp&gt;" [send "put xxxx.xxxx\r"]
                "No such file" ftp_error
  }
  close
  wait
 }

 proc ftp_error {} {
  puts "FTP ERROR\n"
  close
  wait
 }

 # use sed to replace unique name with ip addr in a file
 proc changeaddr {client} {
 #change file names and local dns name
 #                     [DNS]              [in.file]   [out file]
  system sed 's/xxxx.xxxxxxx.xxx/$client/' xxx.xxxx &gt; xxxx.xxxx
  close
  wait
 #change file names and local dns name or delete this
 #                      [DNS]               [in.file]   [out file]
  system sed 's/xxxx.xxxxxx.xxxx/$client/' xxxx.xxxx &gt; xxxx.xxxx
  close
  wait
  ftp
 }


 ping 6

 while {1} {
  puts "Main loop\n"
  ping 1
  sleep 9
 }

</strong></pre>

<BLOCKQUOTE><IMG SRC="../gx/dennis/bbub.gif" alt="(!)"
	HEIGHT="28" WIDTH="50" BORDER="0"
	>
I'll just leave this as is.  However, I'd suggest
that the '<tt>pppup</tt>' script documented in the '<tt>pppd</tt>' man
pages would provide some of the IP addresses that you
are laboriously extracting from spawn command outputs
using regexes.
</BLOCKQUOTE>
<BLOCKQUOTE>
Also It would make a lot of sense to write up an
article around this script and publish that in LG yourself.
</BLOCKQUOTE>

<!-- sig -->

<!-- end 19 -->
<!--     .~~.~~.~~.~~.~~.~~.~~.~~.~~.~~.~~.~~.~~.~~.~~.~~.~~.~~.     -->
<A NAME="tag/20"><HR WIDTH="75%" ALIGN="center"></A>
<!-- begin 20 -->
<H3 align="left"><img src="../gx/dennis/qbubble.gif" height="50" width="60"
	  alt="(?) " border="0">
Why 40-second delay in sending mail to SMTP server?
</H3>


<p><strong>From Steve Snyder  on Sat, 05 Dec 1998  
</strong></p>
<!-- ::
Why 40-second delay in sending mail to SMTP server?
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
:: -->
<BLOCKQUOTE>

</BLOCKQUOTE>
<P><STRONG><IMG SRC="../gx/dennis/qbub.gif" ALT="(?)"
	HEIGHT="28" WIDTH="50" BORDER="0"
	>
On my LAN, when my (Win95- and OS/2-based) mail clients retrieve
mail from my (RedHat v4.2) Linux server, it is all but instant.
When <EM>sending</EM> mail to the server, there is a 40 - 45 second delay
before the sent mail is accepted.  Mail retrieval by the clients
are done via POP3; mail is sent via SMTP.
</STRONG></P>
<BLOCKQUOTE><IMG SRC="../gx/dennis/bbub.gif" alt="(!)"
	HEIGHT="28" WIDTH="50" BORDER="0"
	>
Sounds like attempts at reverse DNS and/or '<TT>ident</TT>'
</BLOCKQUOTE>
<BLOCKQUOTE>

</BLOCKQUOTE>
<P><STRONG><IMG SRC="../gx/dennis/qbub.gif" ALT="(?)"
	HEIGHT="28" WIDTH="50" BORDER="0"
	>
These are the relevant lines from my <TT>/var/log/maillog.</TT>  These
lines are the result of sending mail from mercury.snyder.net
(client running OS/2) to solar.snyder.net (server running Linux).
Note that the second line contains the text "<tt>delay=00:00:40</tt>".
Hmm.
</STRONG></P>

<pre><strong>&gt; Dec  2 09:12:05 solar sendmail[21694]: JAA21694:\
&gt;	from=&lt;steve@solar.snyder.net&gt;, size=403, class=0, pri=30403,\
&gt;	nrcpts=1, msgid=&lt;199812021411.JAA21694@solar.snyder.net&gt;,\
&gt;	proto=SMTP, relay=mercury [192.168.0.2]
&gt; Dec  2 09:12:05 solar sendmail[21724]: JAA21694:\
&gt;	 to=&lt;steve@solar.snyder.net&gt;, ctladdr=&lt;steve@solar.snyder.net&gt;\
&gt;	 (500/500), delay=00:00:40, xdelay=00:00:00,
&gt;	mailer=local, stat=Sent
</strong></pre><P><STRONG>
I should also note that I don't use DNS on my LAN.  Name
resolution is done via a hosts file on each machine.
</STRONG></P>
<P><STRONG>
I haven't done any tweaking of (version 8.8.5) sendmail.  It is
pretty much as-is from the RedHat installation.  In case it isn't
already obvious, I'm a newbie at mail configuration issues.
</STRONG></P>
<P><STRONG>
Any advice on how to eliminate this delay in sending mail from my
client machines?
</STRONG></P>
<P><STRONG>
Thank you.
<br>*** Steve Snyder ***
</STRONG></P>

<BLOCKQUOTE><IMG SRC="../gx/dennis/bbub.gif" alt="(!)"
	HEIGHT="28" WIDTH="50" BORDER="0"
	>
Newer versions of '<tt>sendmail</tt>' have features that are
intended to minimize abuse by spammers and miscreants.
Some of these involve doing doubled reverse DNS lookups
to check that the forward and reverse names are consistent.
</BLOCKQUOTE>
<BLOCKQUOTE>
Sendmail normally will not use the <TT>/etc/hosts</TT> file
to map host names to IP addresses.  This is because
the standards call for it to look up DNS MX records
in preference to other types of address records.
</BLOCKQUOTE>
<BLOCKQUOTE>
In other issues I've described how I get around that
on my private LAN (which also doesn't use DNS for
mail routing or internal host resolution).
</BLOCKQUOTE>

<blockquote><em>
	[ Jim has at several points in the past revealed fragments
	  of our main control file, <tt>sendmail.cf</tt>, so  
	  the Linux Gazette search box should be able to reveal
          it pretty easily if you use that filename as a keyword. 
	  --&nbsp;Heather&nbsp;]
</em></blockquote>

<!-- sig -->

<!-- end 20 -->
<!--     .~~.~~.~~.~~.~~.~~.~~.~~.~~.~~.~~.~~.~~.~~.~~.~~.~~.~~.     -->
<A NAME="tag/21"><HR WIDTH="75%" ALIGN="center"></A>
<!-- begin 21 -->
<H3 align="left"><img src="../gx/dennis/qbubble.gif" height="50" width="60"
	  alt="(?) " border="0">
Linux as Router and Proxy Server: HOWTO?
</H3>

<p><strong>From kdeshpande on Sat, 05 Dec 1998  
</strong></p>
<!-- ::
Linux as Router and Proxy Server: HOWTO?
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
:: -->

<P><STRONG><IMG SRC="../gx/dennis/qbub.gif" ALT="(?)"
	HEIGHT="28" WIDTH="50" BORDER="0"
	>
we want to setup linux server as a proxy server with two ethernet cards.
kindly guide me for installtion process.
</STRONG></P>
<P><STRONG>
i am ms win 95 user and does not know any thing about unix <TT>/</TT> linus
pl. reply on [another mail address].
</STRONG></P>
<P><STRONG>

</STRONG></P>
<BLOCKQUOTE><IMG SRC="../gx/dennis/bbub.gif" alt="(!)"
	HEIGHT="28" WIDTH="50" BORDER="0"
	>
You'll want to start with the &quot;Linux Installation and Getting
Started.&quot;  That's an LDP guide that's often included with
Linux distributions in the <TT>/usr/doc</TT> directory and is
available on-line at any mirror of the LDP.   That covers the
basics of Linux (although it is getting a bit long in the tooth).
</BLOCKQUOTE>
<BLOCKQUOTE>
Configuring a proxy server and router is a fairly advanced
process and will involve a considerable understanding
of Unix and of TCP/IP concepts.  It sounds like your
skills in English may make some of my explanation inaccessible
to you.   Hopefully the guide to routing that I've also
written for this month's LG article (should appear for the
January 1999 issue) will help.
</BLOCKQUOTE>
<BLOCKQUOTE>
There are a couple of other HOW-TO documents written
on using Linux as a "Firewall" (proxies are often a
component in a firewall).  Many of these have been
translated into various languages.  You'll want to see if
there's one in your native language.
</BLOCKQUOTE>
<BLOCKQUOTE>
Personally I'd suggest that you get a consultant to come
in and configure it for you.  That is likely to be far easier
and less of a hassle than trying to do it yourself.
</BLOCKQUOTE>
<BLOCKQUOTE>
Now, with all of those disclaimers out of the way here's
a simple configuration:
</BLOCKQUOTE>

<blockquote><pre>
                                    _________
		192.168.1.x  -------| proxy |------ the Internet
                                    ^^^^^^^^^
</pre></blockquote>
<BLOCKQUOTE>
In order to have a proxy system, you have to have a
"multi-homed host" (a system with two interfaces in it).
</BLOCKQUOTE>
<BLOCKQUOTE>
In this case you've specified that you want to have two
ethernet cards.  So, first you install those.  Be sure
to set their IRQ's and I/O base address settings to
non-conflicting values.  The exact process varies greatly
from one card to another.  With the 3c5x9 and 3c900 cards
you use a program to set them (3C5X9CFG.EXE under MS-DOS,
or the appropriate utility that was written for Linux ---
I found a copy at the VAResearch ftp site: 
<a href="ftp://ftp.varesearch.com"
	>ftp.varesearch.com</a>
under a relatively obvious name).
</BLOCKQUOTE>
<BLOCKQUOTE>
Let's say that you have one of them set to IRQ 10, I/O 300
and the other set to IRQ 11, I/O 330  (make sure that these
don't conflict with any SCSI, sound or other cards that you have
installed).  Typically you'll also want to disable any "Plug &amp;
Play" support on your motherboard since these features may
change the settings on your ethernet card while you boot, causing
you no end of consternation later.
</BLOCKQUOTE>
<BLOCKQUOTE>
You'll also have to make sure that the appropriate driver is linked 
into your kernel, or that you've built the appropriate modules.
</BLOCKQUOTE>
<BLOCKQUOTE>
It is also common for the Linux kernel to require that you
provide it with a hint that there are multiple ethernet
cards to initialize.  You just provide the kernel with a
boot parameter (read the 'bootparam(7)' man page and/or
the &quot;Boot Parameter HOWTO&quot; for details).  The HOWTO
has an example at:
</BLOCKQUOTE>
<BLOCKQUOTE>
<BLOCKQUOTE>
<CODE>
<A HREF="http://metalab.unc.edu/LDP/HOWTO/BootPrompt-HOWTO-7.html#ss7.1"
	>http://metalab.unc.edu/LDP/HOWTO/BootPrompt-HOWTO-7.html#ss7.1</A>
</CODE> </BLOCKQUOTE> </BLOCKQUOTE>
<BLOCKQUOTE>
... showing the command case using:
</BLOCKQUOTE>
<BLOCKQUOTE> <BLOCKQUOTE> <CODE>
ether=0,0,ether1
</CODE> </BLOCKQUOTE> </BLOCKQUOTE>

<BLOCKQUOTE>
... (no spaces --- and don't change the case of any
letters).
</BLOCKQUOTE>
<BLOCKQUOTE>
This option is passed to the kernel by typing it in at
the LILO boot prompt, or adding an append directive
to your <TT>/etc/lilo.conf</TT> like:
</BLOCKQUOTE>
<BLOCKQUOTE> <BLOCKQUOTE> <CODE>
append="ether=0,0,ether1"
</CODE> </BLOCKQUOTE> </BLOCKQUOTE>
<BLOCKQUOTE>
...(the double quotes are required).
</BLOCKQUOTE>
<BLOCKQUOTE>
This option forces the kernel to look for a second ethernet
adapter (the first ethernet adapter is labelled as '<tt>ether0</tt>'
and will normally be detected automatically).  The <tt>0,0</tt>
forces it to search for the IRQ and I/O base addresses
automatically.  If that's not successful, or you want to
be conservative, you can just provide the information manually.
</BLOCKQUOTE>
<BLOCKQUOTE>
This is extensively documented in the &quot;Ethernet HOWTO&quot; at:
</BLOCKQUOTE>
<BLOCKQUOTE> <BLOCKQUOTE> <CODE>
<A HREF="http://metalab.unc.edu/LDP/HOWTO/Ethernet-HOWTO-10.html#ss10.1"
	>http://metalab.unc.edu/LDP/HOWTO/Ethernet-HOWTO-10.html#ss10.1</A>
</CODE> </BLOCKQUOTE> </BLOCKQUOTE>

<BLOCKQUOTE>
You should see boot time message indicated that the
ethernet cards have been found.  You can use the
'dmesg' command to review those after the system is finished
booting and you've logged in.
</BLOCKQUOTE>
<BLOCKQUOTE>
The last step in the hardware/driver layer is to issue
'<tt>ifconfig</tt>' command for each of these interfaces.
</BLOCKQUOTE>
<BLOCKQUOTE>
Let's say your ISP router (cable modem, ISDN or DSL
gizmo, whatever) is using address 172.17.100.1 on
your ethernet (that's a private net address from RFC1918
--- but let's pretend is was your real address).
</BLOCKQUOTE>
<BLOCKQUOTE>
Let's fill in our diagram a bit more:
</BLOCKQUOTE>

<blockquote><pre>
                              _________      __________
          192.168.1.x  -------| proxy |------| router | -- Internet
                              ^^^^^^^^^      ^^^^^^^^^^
                            eth0     eth1    ^-------- 172.17.100.1
                       192.168.1.1   172.17.100.2

</pre></blockquote>
<BLOCKQUOTE>
Here we see a private network (all of <tt>192.168.1.*</tt>), our
proxy servier with two ethernet interfaces, with <tt>eth0</tt>
on our "inside LAN" (taking up the conventional <tt>.1</tt> address
for a router --- it is the router to the outside/perimeter
segment.  <tt>eth1</tt> is the proxy host's interface on the
"perimeter" or "exposed" segment (outside of our LAN).
</BLOCKQUOTE>
<BLOCKQUOTE>
There is a small perimeter segment in this case.  In many
organizations it will be populated with web servers, DNS and
mail servers and other systems that are intended to be
publicly visible.
</BLOCKQUOTE>
<BLOCKQUOTE>
Obviously each of the systems that are shown on this
segment (the proxy and the router) need their own IP
address.  I've assigned 172...2 to the proxy since I
said that 172...1 was the border router's inside
address.  The border router would also have some sort
of link (usually a point-to-point (PPP) link over a
modem, ISDN, frame relay FRAD, CSU/DSU codec, DSL
ATM or other device --- the telephony is not my
specialty they hand me a "black box" and I plug
the wires into the little tabs where they fit).
</BLOCKQUOTE>
<BLOCKQUOTE>
For our example we don't care what the IP addresses
over the PPP link are.  all we care about is that
our ISP gets packets to and from the 172...* network or
subnet.  They have to have routes to us.
</BLOCKQUOTE>
<BLOCKQUOTE>
This example will work with any subnet mask --- we'll
assume that we have a whole class C range, from <tt>172.17.100.1</tt>
through <tt>172.17.100.254</tt> for simplicity's sake (read all
about subnetting and proxyarp for gory details on those scenarios).
</BLOCKQUOTE>
<BLOCKQUOTE>
So, on our Linux proxy server we use the following commands
to configure our interfaces:
</BLOCKQUOTE>

<BLOCKQUOTE> <BLOCKQUOTE> <CODE>
    ifconfig eth0 192.168.1.1  netmask 255.255.255.0
<br>ifconfig eth1 172.17.100.2 netmask 255.255.255.0
</CODE> </BLOCKQUOTE> </BLOCKQUOTE>

<BLOCKQUOTE>
... we could leave the netmask option off the first
command since it will default to this mask due to the
address class.  With most modern ISP's we'll have to
use some other netmask for the second case --- unless
we're paying for a whole Class C block.  We might need
to anyway (our ISP might have a Class B address block
and be subnetting it into Class C chunks).  We'll just
assume that we need it on both of them.
</BLOCKQUOTE>
<BLOCKQUOTE>
We can optionally specify the broadcast addresses for these
--- however it shouldn't be necessary if we're following
normal conventions.  It will default to the last valid
number in the address range  (<tt>192.168.1.255</tt> for the
first case and <tt>172.17.100.255</tt> in the other).
</BLOCKQUOTE>

<BLOCKQUOTE><ul>
 <li>(If we'd had a netmask of 255.255.255.240
in the first case then our broadcast
address would be 172.17.100.15, if our
addresses had been 172...33 and 172...34
with that netmask our broadcast would
have been 172...47 --- again these are
just examples; the explanation is a bit
involved.)
</ul></BLOCKQUOTE>

<BLOCKQUOTE>
So we have IP addresses on each interface.  Now
we need routes.  In the newer 2.1.x kernels (and presumably
in the 2.2 kernels and later) the '<tt>ifconfig</tt>' operation
automatically results in an addition to the routing table.
This is more like the way Solaris works.  Under earlier
kernels you have to add routes with commands like:
</BLOCKQUOTE>

<BLOCKQUOTE> <BLOCKQUOTE> <CODE>
route add -net 192.168.1.0 eth0
<br>route add -net 172.17.100.0 eth1
</CODE> </BLOCKQUOTE> </BLOCKQUOTE>

<BLOCKQUOTE>
... this defines routes to the two local segments
(one on the inside, and one on the outside).  Again,
newer kernels may not require this entry.
</BLOCKQUOTE>
<BLOCKQUOTE>
Now, for our proxy to reach the Internet we'll have
to set a "default route" like:
</BLOCKQUOTE>
<BLOCKQUOTE> <BLOCKQUOTE> <CODE>
route add default gw 172.17.100.1
</CODE> </BLOCKQUOTE> </BLOCKQUOTE>

<BLOCKQUOTE>
If we have other networks that must be accessed
through our LAN (something like a <tt>10.*.*.*</tt> network
in the back office or for our server room) we may
also want to add other "static" routes to this
list.  Let's say that <tt>192.168.1.17</tt> was a router between
our desktop LAN and our 10-net server segment.  We'd
add a command like:
</BLOCKQUOTE>
<BLOCKQUOTE> <BLOCKQUOTE> <CODE>
route add 10.0.0.0 gw 192.168.1.17
</CODE> </BLOCKQUOTE> </BLOCKQUOTE>

<BLOCKQUOTE>
Notice that we are <EM>not</EM> forwarding packets
between our interior LAN and the outside world.  If we
did the routers on the Internet will not have any valid
routes back to us (that's what these <tt>192.168.*.*</tt> and
<tt>10.*.*.*</tt> addresses are all about.  Read RFC 1918 for
details on that).  <tt>172.16.*.*</tt> through <tt>172.31.*.*</tt> 
addresses (16 Class B blocks) are also reserved for this use ---
but we're "pretending" that <tt>172.17.100.*</tt> is a "real address"
for these examples.
</BLOCKQUOTE>
<BLOCKQUOTE>
So now we need to enable our interior systems to
access the outside world.  We can use IP Masquerading
and/or proxying to accomplish this.  Masquerading is
a bit easier than proxying under Linux since the
support is compiled into most kernels.
</BLOCKQUOTE>
<BLOCKQUOTE>
Masquerading is a process by which we make a group
of systems (our internal clients) look like one
very busy system (our proxy).  We do this by re-writing
the "source" addresses on each package as we route it
--- and by patching the TCP port numbers.
</BLOCKQUOTE>
<BLOCKQUOTE>
TCP "port" numbers allow a host to determine which
process on a system is to receive a given packet.
This is why two users on one system can telnet to
another system without there being ambiguity.
</BLOCKQUOTE>
<BLOCKQUOTE>
Using masquerading all of the connections that are
being handled at any given modem essentially look
like "processes" or "sockets" on the proxy server.
</BLOCKQUOTE>
<BLOCKQUOTE>
Thus IP masquerading is "network layer proxying."
</BLOCKQUOTE>
<BLOCKQUOTE>
Do do this under Linux 2.0.x and earlier (back to the
1.3.x series) we could simply use a command like:
</BLOCKQUOTE>
<BLOCKQUOTE><BLOCKQUOTE><CODE>
ipfwadm -F -m -a accept -S 192.168.0.0/16 -D 0.0.0.0/0
</CODE></BLOCKQUOTE></BLOCKQUOTE>

<BLOCKQUOTE>
... which adds (<tt>-a</tt>) a masquerading (<tt>-m</tt>) 
rule to accept packets from any source address matching 
<tt>192.168.*.*</tt> (16 bits of the address are the 
"network part" --- that's equivalent to a netmask of 
<tt>255.255.0.0</tt>) and whose destination is "anywhere."  
This rule must be added to the "forwarding" (<tt>-F</tt>) 
set of packet filters.
</BLOCKQUOTE>
<BLOCKQUOTE>
The Linux 2.0.x IP packet filtering subsystem (kernel
features)  maintain four sets of rules (tables):
Accounting, Input, Forwarding, Output
</BLOCKQUOTE>
<BLOCKQUOTE>
... we only care about the "forwarding" rule in this case.
</BLOCKQUOTE>
<BLOCKQUOTE>
With all recent Linux kernels we also have to issue
a command like:
</BLOCKQUOTE>
<BLOCKQUOTE> <BLOCKQUOTE> <CODE>
echo 1 &gt; <TT>/proc/sys/net/ipv4/ip_forward</TT>
</CODE> </BLOCKQUOTE> </BLOCKQUOTE>

<BLOCKQUOTE>
... to enable the kernel's forwarding code.  These kernels
default to ignoring packets that aren't destined to
them for security reasons (this and a TCP/IP "option"
called "source routing" have been used to trick systems
into providing inappropriate access to systems --- so it is
better for systems to leave these features disabled by
default).  Older versions of Unix and Linux were more
"promiscuous" -- they would forward any packet that
"landed on them" so long as the could find a valid route.
</BLOCKQUOTE>
<BLOCKQUOTE>
Lastly we'd just configure our client systems with
IP addresses in the range <tt>192.168.1.2</tt> through 192...254
and cofigure them to treat 192.168.1 as <EM>their</EM> default
route.  Packets will get to the proxy from any of these,
be re-written to look like they came from some socket
on the 172...2 interface and forwarded out to the
Internet.  Returning packets will come in on the socket
which will provide the kernel with an index into a table
that stores the <tt>192.168.*.*</tt> owner of this connection,
and the return packet will be re-written and forwarded
accordingly (back into the internal network).
</BLOCKQUOTE>
<BLOCKQUOTE>
That's how masquerading works.
</BLOCKQUOTE>
<BLOCKQUOTE>
Applications layer proxying is actually a bit easier than
this.  You install packages like SOCKS, Delegate, the FWTK
(firewall toolkit), and a Squid or 
<A HREF="http://www.apache.org/">Apache</A> caching web server
unto the proxy system.  These listen for connections on the
inside interface (<tt>192.168.1.1</tt>).  Proxy aware software (or
users) on the internal system direct their connections to
the proxy server (on port 1080 for SOCKS and Delegate)
and then relay the real destination address and service
to the proxy server.  The proxy server, in turn, opens
up its own connection to the intended server, makes the
requests (according to the type of service requested, and
relays the information back to the client).
</BLOCKQUOTE>
<BLOCKQUOTE>
In addition to the basically relaying a good proxy server
can provide caching (some multiple requests for the
same static resource are handled locally --- saving
time and conserving bandwidthy), additional logging
(so big brother can tell who's been bad), and can
enforce various access control policies (no FTP to
popular mirror sites in the middle of the day, all users
must be Kerberos authenticated in order to access
the Internet, whatever).
</BLOCKQUOTE>
<BLOCKQUOTE>
The main disadvantage to applications layer proxying is
that the proxy clients must be "socksified" or proxy
aware.  Either that, or with some of them (FWTK and
optionally DeleGate) the user of a normal client
(such as FTP) can manually connect to the proxy server
and use some special command (login sequence) to
provide the proxy with the information about the real
destination and user/account info.  (Almost needless
to say that a compromised proxy host is a great
place to put password grabbing trojan horses!)
</BLOCKQUOTE>
<BLOCKQUOTE>
However, one of the major advantages of the proxy
system is that it can support strange protocols
--- like "active FTP" which involves two co-ordinated
IP connections, one outbound control connection and
one inbound data channel.  There are other protocols
that connection pass information "in band" and make
masquerading more difficult and sometimes unreliable.
</BLOCKQUOTE>
<BLOCKQUOTE>
It's possible to use both, even concurrently with
just one host acting in both roles.
</BLOCKQUOTE>
<BLOCKQUOTE>
So far my favorite applications proxy package is
&quot;DeleGate&quot; by Yutaka Sato, of the Electrotechnical
Laboratory (ETL) in Japan.  You can find it at:
</BLOCKQUOTE>
<BLOCKQUOTE> <BLOCKQUOTE> <CODE>
<A HREF="http://wall.etl.go.jp/delegate">http://wall.etl.go.jp/delegate</A>
</CODE> </BLOCKQUOTE> </BLOCKQUOTE>

<BLOCKQUOTE>
... it's easy to compile and configure and it's
available under a very liberal license (very BSD'ish
but less wordy).
</BLOCKQUOTE>
<BLOCKQUOTE>
DeleGate can be used as a SOCKS compatible server
(i.e. SOCKSified client software will work with
DeleGate); and it can be "manually operated" as
well.
</BLOCKQUOTE>
<BLOCKQUOTE>
My only complaint about DeleGate is that the
English documentation can be a bit sparse (and my
paltry studies of Japanese are nowhere near the task
of reading the native docs).
</BLOCKQUOTE>
<BLOCKQUOTE>
The easiest way to install SOCKS clients on your
Linux systems is to just grab the RPM's from any
<A HREF="http://www.redhat.com/">Red Hat</A> "contrib" 
mirror.  That's also the easiest
way to install a SOCKS server.
</BLOCKQUOTE>
<BLOCKQUOTE>
To configure the clients for use with the SOCKS5
libraries you have to create a file, <TT>/etc/libsocks5.conf</TT>,
to contain something like:
</BLOCKQUOTE>

<blockquote><pre>socks5          -       -       -            -          192.168.1.1
noproxy         -       192.168.1.           -
</pre></blockquote>
<BLOCKQUOTE>
... note that the "noproxy" line ends with a "<tt>.</tt>" to
specify that this apples to the whole <tt>192.168.1.*</tt> address range.
</BLOCKQUOTE>
<BLOCKQUOTE>
configuring the socks server you need to create a
file, <TT>/etc/socks5.conf</TT> and put it at least something like:
</BLOCKQUOTE>

<blockquote><pre>route   192.168.1.      -       eth1
permit  -       -       -       -       -       -
</pre></blockquote>
<BLOCKQUOTE>
... and you might have to change that inferface
for our example (I don't remember but I think it's
"destination addresses and <EM>target</EM> interface).
</BLOCKQUOTE>
<BLOCKQUOTE>
Naturally the docs on these are abysmal.  However,
I did eventually get this setup working when I
last tried it.
</BLOCKQUOTE>

<!-- sig -->

<!-- end 21 -->
<!--     .~~.~~.~~.~~.~~.~~.~~.~~.~~.~~.~~.~~.~~.~~.~~.~~.~~.~~.     -->
<A NAME="tag/22"><HR WIDTH="75%" ALIGN="center"></A>
<!-- begin 22 -->
<H3 align="left"><img src="../gx/dennis/qbubble.gif" height="50" width="60"
	  alt="(?) " border="0">
PostScript to GIF
</H3>


<p><strong>From Jamie Orzechowski  on Fri, 05 Jun 1998  
</strong></p>
<!-- ::
PostScript to GIF
~~~~~~~~~~~~~~~~~
:: -->
<BLOCKQUOTE>

</BLOCKQUOTE>
<P><STRONG><IMG SRC="../gx/dennis/qbub.gif" ALT="(?)"
	HEIGHT="28" WIDTH="50" BORDER="0"
	>
Hi There .. I am trying to convert a .PS to .GIF .... no luck so far
... I got the progrma ppmtogif but it WILL NOT compile ... can;t get
it working at all ... I was wondering if you had the binary to
ppmtogif (linux redhat) or know where I can get a source distribution
that will compile ... or any other program that will convert ps to gif
... thanks!
</STRONG></P>
<P><STRONG>

</STRONG></P>
<BLOCKQUOTE><IMG SRC="../gx/dennis/bbub.gif" alt="(!)"
	HEIGHT="28" WIDTH="50" BORDER="0"
	>
You could use the pstogif perl script by Nikos Drakos of
Leeds University. It apparently accompanies the LaTeX2HTML
package.
</BLOCKQUOTE>
<BLOCKQUOTE>
I discovered that by simply switching to a shell prompt
and typing "ps{TAB}{TAB}" and looking that the list of
utilities that bash' command completion offered me.  Then
I look for a man page and then just looked that the file
itself.
</BLOCKQUOTE>
<BLOCKQUOTE>
Running the '<tt>rpm -qf</tt>' command to see which package included
this '<tt>pstogif</tt>' file I found that it came with 
"<tt>l2h-96.1.h-5.rpm</tt>" on the 'Canopus'  and with 
"<tt>xemacs-19.15p2-2.rpm</tt>" on 'Antares'
(A couple of my machines here).
</BLOCKQUOTE>
<BLOCKQUOTE>
There are a dizzying array of pbm, ppm, and pgm conversion
filters.  The three formats seem to be very similar (for
"portable bitmap,"  "portable pixmap," and "portable graymap"
respectively).  So, like you, my first thought would have
been to  use one of them.
</BLOCKQUOTE>
<BLOCKQUOTE>
In all honesty I avoid graphics files as much as possible
so I don't have an easy answer to this.
</BLOCKQUOTE>
<BLOCKQUOTE>
(Incidentally this is an old message.  I'm trying to
clear out my old drafts folder by the end of the year).
</BLOCKQUOTE>

<!-- sig -->

<!-- end 22 -->
<!--     .~~.~~.~~.~~.~~.~~.~~.~~.~~.~~.~~.~~.~~.~~.~~.~~.~~.~~.     -->
<A NAME="tag/23"><HR WIDTH="75%" ALIGN="center"></A>
<!-- begin 23 -->
<H3 align="left"><img src="../gx/dennis/qbubble.gif" height="50" width="60"
	  alt="(?) " border="0">troubleshooting</H3>


<p><strong>From Matthew Easton on Wed, 06 May 1998  
</strong></p>
<P><STRONG><IMG SRC="../gx/dennis/qbub.gif" ALT="(?)"
	HEIGHT="28" WIDTH="50" BORDER="0"
	>
One thing I notice as I try to learn more about Linux, is that much of the
information I come across is very specific to a particular situation or a
particular piece of software.  I'd like to get away from the 'step by step
instructions for software x'  and construct a "bag of tricks"  that will
allow me to solve problems myself.
</STRONG></P>
<P><STRONG>
To explain:  In my job I troubleshoot Macintosh hardware and software.  If
you had a problem with a Mac I could tell you some things to check and
several procedures to try-- and even if I was unfamiliar with the
particular application that was failing you, chances are pretty good that
things would be functioning in the end.
</STRONG></P>
<BLOCKQUOTE><IMG SRC="../gx/dennis/bbub.gif" alt="(!)"
	HEIGHT="28" WIDTH="50" BORDER="0"
	>
That is why we have professional technical support, system
administration, help desk, repair technicians etc.
</BLOCKQUOTE>
<BLOCKQUOTE>
The issue is similar for a number of trades and professions.
</BLOCKQUOTE>
<BLOCKQUOTE>
Even the Mac for all its vaunted "easy of use" and consistency
really requires a significant acculturation to a large number
of assumptions.  I know this from very recent first hand
experience since I gave my mother her very first computer
earlier this year  --- it was a Mac Performa.
</BLOCKQUOTE>
<P><STRONG><IMG SRC="../gx/dennis/qbub.gif" ALT="(?)"
	HEIGHT="28" WIDTH="50" BORDER="0"
	>
Granted the user interface is greatly simplified under Macintosh compared
to Linux, but are there any general principles or things to look for, or
standard procedures for troubleshooting software under Linux, or tools?
</STRONG></P>

<BLOCKQUOTE><IMG SRC="../gx/dennis/bbub.gif" alt="(!)"
	HEIGHT="28" WIDTH="50" BORDER="0"
	>
The simplicity of Macs and Windows can largely be summed up
as:
</BLOCKQUOTE>

<BLOCKQUOTE>
If you don't see a menu option, button or dialog for
it --- you probably can't do it.
</BLOCKQUOTE>
<BLOCKQUOTE>
(I realize this is a bit of an over simplication --- there are
whole books of Mac and Windows "tricks" that are slowly gleaned
over time).
</BLOCKQUOTE>
<BLOCKQUOTE>
These system make a reasonable subset of their functionality
available on their face (through full-screen menu driven user
interfaces).  That whole issue of "icons" and "GUI's" is
completely a red herring since they really are just menus
under all the hype.  I have a friend who said that the easiest
system she'd ever worked on was an AS/400 (running OS/400
naturally enough).  She described (even showed me, once) the
interface and it did sound pretty handy.
</BLOCKQUOTE>
<BLOCKQUOTE>
Unix is usually described as a "toolbox."  The analogy is
reasonable.  If I handed you a real box full of hammers,
screwdrivers, nail guns, pliers, drills, saws, wrenches
sockets, and similar physical tools it wouldn't help you
build or rewire your house, fix your car or anything ---
until you learned the appropriate construction and mechanical
trades that use these tools.
</BLOCKQUOTE>
<BLOCKQUOTE>
Similarly we find that some programmers under Unix can
be just as confused and incapacitated when faced with
system or technical administrative issues as an auto mechanic
might be when faced with a plumbing problem.  Naturally
a plumber or mechanic is more likely to successfully take
on other "handyperson" repairs than someone with <EM>no</EM> related
experience.
</BLOCKQUOTE>
<BLOCKQUOTE>
Another way of thinking about these OS' is in terms of
culture and language.  Natural language (including idiom)
is entwined with many cultural assumptions.  Unix/Linux
conventions can be seen as a "language" for expressing demands
of your computer (via the shell, through myriad configuration
files, even in the Motif, <A HREF="http://www.kde.org/">KDE</A>, 
OpenLook and other GUI's that we encounter).
</BLOCKQUOTE>
<BLOCKQUOTE>
The advantage of this "linguistic" point of view is that
it approaches the level of complexity of a Unix system.
When I was an electrician I doubt I encountered more than
two hundred different tools, and probably less than two
thousand different components (connectors, fittings, brackets,
etc). (Thousands of sizes and minor differences --- but not
different in terms of usage semantics).
</BLOCKQUOTE>
<BLOCKQUOTE>
On this Linux box if I switch to a bash shell prompt and
double tap on the "Tab" key on a blank line (forcing it to
try command completion) it warns me that I have over
2300 commands available to me.  Many of these are full
programming languages or environments like awk, perl, and
emacs (elisp).  Similarly I once determined that my
copy of emacs (or was it xemacs) had about 1500 interactively
accessible functions built into it.  (If I installed the
emacs '<tt>calc</tt>' (a large mathematics package) that 
would probably double.
</BLOCKQUOTE>
<BLOCKQUOTE>
So there's quite a bit of depth and breadth available.
</BLOCKQUOTE>

<P><STRONG><IMG SRC="../gx/dennis/qbub.gif" ALT="(?)"
	HEIGHT="28" WIDTH="50" BORDER="0"
	>
For example:  How do I deal with a segmentation fault?  Or, if an
application installs broken and reinstalling the RPM package still does not
work, is there a way to get Linux to tell me what is missing or corrupted?
And what can I do about a program that (under X windows) briefly appears
and then dies without error messages?
</STRONG></P>
<P><STRONG>

</STRONG></P>
<BLOCKQUOTE><IMG SRC="../gx/dennis/bbub.gif" alt="(!)"
	HEIGHT="28" WIDTH="50" BORDER="0"
	>
In many cases these can be tracked down using '<tt>strace</tt>'
(the system call tracer).
</BLOCKQUOTE>
<BLOCKQUOTE>
Any segmentation fault is a bug in the program (or
corruption in its binaries or libraries).  Robust programs
should handle bad data, corrupted configuration files, etc,
gracefully.
</BLOCKQUOTE>
<BLOCKQUOTE>
Packages that fail to operate as expected might be buggy,
or they migh have inadequate documentation.  I personally
like to see programs that have some sort of "diagnostics"
or "check option" to help me track down problems with them.
</BLOCKQUOTE>
<BLOCKQUOTE>
('<tt>sendmail</tt>' and '<tt>named</tt>' are notable culprits 
in this case).
</BLOCKQUOTE>

<P><STRONG><IMG SRC="../gx/dennis/qbub.gif" ALT="(?)"
	HEIGHT="28" WIDTH="50" BORDER="0"
	>
Thanks for any clarification on these or any other mysteries. . .
<br>Matt Easton
</STRONG></P>
<BLOCKQUOTE><IMG SRC="../gx/dennis/bbub.gif" alt="(!)"
	HEIGHT="28" WIDTH="50" BORDER="0"
	>
That will take an entire book.
</BLOCKQUOTE>
<BLOCKQUOTE>
(Incidentally I found this message languishing in an
old drafts folder and decided to finish it up and
send it off.  I really wanted to say much more on this
topic --- but I decided to write a book instead.
</BLOCKQUOTE>

<!-- sig -->

<!-- end 23 -->
<!--     .~~.~~.~~.~~.~~.~~.~~.~~.~~.~~.~~.~~.~~.~~.~~.~~.~~.~~.     -->
<A NAME="tag/24"><HR WIDTH="75%" ALIGN="center"></A>
<!-- begin 24 -->
<H3 align="left"><img src="../gx/dennis/qbubble.gif" height="50" width="60"
	  alt="(?) " border="0">
More on: &quot;Remote Login as root&quot;
</H3>


<p><strong>From Eric Freden  on Fri, 04 Dec 1998  
</strong></p>
<!-- ::
More on: &quot;Remote Login as root&quot;
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
:: -->
<P><STRONG><IMG SRC="../gx/dennis/qbub.gif" ALT="(?)"
	HEIGHT="28" WIDTH="50" BORDER="0"
	>
Here is a legitimate use for remote login as root:
</STRONG></P>
<P><STRONG>
My kid plays some svga game on my console and
locks the keyboard (for instance). I want to telnet
in and   <TT>/sbin/shutdown -r now</TT>
</STRONG></P>
<P><STRONG>

</STRONG></P>
<BLOCKQUOTE><IMG SRC="../gx/dennis/bbub.gif" alt="(!)"
	HEIGHT="28" WIDTH="50" BORDER="0"
	>
Actually you can often recover from this without
a shutdown.  But its a trick.  Eventually we
might have something like KGI/GGI to provide
more robust SVGAlib support.
</BLOCKQUOTE>
<BLOCKQUOTE>
(The trick is to start X from your telnet/terminal
session.  This usually does a complete video
system reset as a side effect.  WARNING!:
This might hang the system --- so close any
running text mode apps, save any accessible
documents and issue a few calls to '<tt>sync</tt>' before
trying it).
</BLOCKQUOTE>
<BLOCKQUOTE>

</BLOCKQUOTE>
<P><STRONG><IMG SRC="../gx/dennis/qbub.gif" ALT="(?)"
	HEIGHT="28" WIDTH="50" BORDER="0"
	>
For RedHat 5.0 (and all other RedHat versions I've
used) only root can do this. Changing to su
and executing shutdown won't reboot! Perhaps
you could find a workaraound for this scenario?
</STRONG></P>
<P><STRONG>
Eric Freden
</STRONG></P>

<BLOCKQUOTE><IMG SRC="../gx/dennis/bbub.gif" alt="(!)"
	HEIGHT="28" WIDTH="50" BORDER="0"
	>
If that's your experience then something is
wrong with your '<tt>su</tt>' command!
</BLOCKQUOTE>
<BLOCKQUOTE>
Did you issue '<tt>su -</tt>' (the dash is pretty important
--- as it forces the '<tt>su</tt>' command to run your
<tt>.login</tt>/<tt>.profile</tt> scripts and initialize root
environment (and shell variables, etc).
</BLOCKQUOTE>
<BLOCKQUOTE>
Another approach is to tweak the permissions
on '<tt>shutdown</tt>'  Here's the recommended method:
</BLOCKQUOTE>

<BLOCKQUOTE>
Create a group such as "shutdown"
or use the "wheel" group.
</BLOCKQUOTE>
<BLOCKQUOTE>
Add your regular user account (and mom's?) to that group.
</BLOCKQUOTE>
<BLOCKQUOTE>
Issue a command like:
</BLOCKQUOTE>
<BLOCKQUOTE> <BLOCKQUOTE> <CODE>
chown root.$GROUP  $(which shutdown)
</CODE> </BLOCKQUOTE> </BLOCKQUOTE>

<BLOCKQUOTE>
... to set the file group association
appropriately.  You could also use
'<tt>chown</tt>' then '<tt>chgrp</tt>' seperately, of course.
</BLOCKQUOTE>
<BLOCKQUOTE>
Make it SUID with a command like:
</BLOCKQUOTE>
<BLOCKQUOTE> <BLOCKQUOTE> <CODE>
chgrp 4550 $(which shutdown)
</CODE> </BLOCKQUOTE> </BLOCKQUOTE>

<BLOCKQUOTE>
N.B.  I set the execute bit for owner and group
but <EM>not</EM> for "other/world"
</BLOCKQUOTE>
<BLOCKQUOTE>
This allows people in the associated group to issue
the '<tt>shutdown</tt>' command.  That command will run with
root' privileges.  The 0 permissions for "other" prevent
"others" from executing this command at all.  (Other
users have no valid reason to issue a shutdown command).
</BLOCKQUOTE>
<BLOCKQUOTE>
Setting binaries to be SUID always has implications for
system security.  However, it is one of the primary forms
of authority delegation available in Unix/Linux.
</BLOCKQUOTE>
<BLOCKQUOTE>
In this case we minimize the risk by limiting the number
of accounts that can access the command.
</BLOCKQUOTE>
<BLOCKQUOTE>
This technique is generally useful and should be considered
for all Unix/Linux SUID commands.
</BLOCKQUOTE>

<!-- sig -->

<!-- end 24 -->
<!--     .~~.~~.~~.~~.~~.~~.~~.~~.~~.~~.~~.~~.~~.~~.~~.~~.~~.~~.     -->
<A NAME="tag/25"><HR WIDTH="75%" ALIGN="center"></A>
<!-- begin 25 -->
<H3 align="left"><img src="../gx/dennis/qbubble.gif" height="50" width="60"
	  alt="(?) " border="0">
Kudos
</H3>


<p><strong>From Gray, Robert C  on Fri, 04 Dec 1998  
</strong></p>
<!-- ::
Kudos
~~~~~
:: -->
<BLOCKQUOTE>

</BLOCKQUOTE>
<P><STRONG><IMG SRC="../gx/dennis/qbub.gif" ALT="(?)"
	HEIGHT="28" WIDTH="50" BORDER="0"
	>
Answer Guy I have been reading your column in the Linux Gazette for
four months (I've also gone to the archives and read several past articles).
I am very new to Linux, I installed Redhat 5.0 in July '98' and built a new
Kernel on 2.0.34 after that. In any one column that you have written I find
more information than I can possibly absorb. Though I can't give a specific
example the information you provide has helped me through some small
problems and increased my knowledge of how Linux works by an unbelievable
amount. Despite the fact I generally suffer from information overload before
I finish your column or the Gazette THANK YOU and the Gazette for that
information and please keep it up.
</STRONG></P>
<P><STRONG>
Robert Gray
<br>Novice Linux user.
</STRONG></P>
<P><STRONG><em>
"The word bipartisan usually means some larger-than-usual
deception is being carried out"
George Carlin
</em></STRONG></P>
<BLOCKQUOTE><IMG SRC="../gx/dennis/bbub.gif" alt="(!)"
	HEIGHT="28" WIDTH="50" BORDER="0"
	>
Thanks for the kudos and encouragement.
</BLOCKQUOTE>
<BLOCKQUOTE>
I like the .sig quote.
</BLOCKQUOTE>

<!-- sig -->

<!-- end 25 -->
<!--     .~~.~~.~~.~~.~~.~~.~~.~~.~~.~~.~~.~~.~~.~~.~~.~~.~~.~~.     -->
<A NAME="tag/26"><HR WIDTH="75%" ALIGN="center"></A>
<!-- begin 26 -->
<H3 align="left"><img src="../gx/dennis/qbubble.gif" height="50" width="60"
	  alt="(?) " border="0">
Linux Support for Intel Pentium II Xeon CPU's and Chipsets
</H3>


<p><strong>From mpasadas on Fri, 04 Dec 1998  
</strong></p>
<!-- ::
Linux Support for Intel Pentium II Xeon CPU's and Chipsets
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
:: -->
<P><STRONG><IMG SRC="../gx/dennis/qbub.gif" ALT="(?)"
	HEIGHT="28" WIDTH="50" BORDER="0"
	>
Hello!
</STRONG></P>

<P><STRONG>
I have a little technical question, because revising the information
about the subject it is not clear at all if the several versions of
Linux disponible at this moment can run without problems on the very new
Pentium II Xeon microprocessor of Intel.
</STRONG></P>

<P><STRONG>
If you have the answer to this question, please send it to me
via e-mail, at the following address [snipped for privacy]
</STRONG></P>

<BLOCKQUOTE><IMG SRC="../gx/dennis/bbub.gif" alt="(!)"
	HEIGHT="28" WIDTH="50" BORDER="0"
	>
VA Research  
(<A HREF="http://www.varesearch.com">http://www.varesearch.com</A>), a fairly
well-known Linux friendly hardware vendor, offers
Xeon based systems with Linux pre-installed.
PenguinComputing (<A HREF="http://www.penguincomputing.com"
		>http://www.penguincomputing.com</A>)
also offers quad and dual Xeon based Linux systems
and I'm sure other HW vendors do as well.
</BLOCKQUOTE>

<BLOCKQUOTE>
(Disclaimer, the principles of VA Research
and PenguinComputing are friends of mine
--- though I get no compensation for
mentioning them.  Darn!).
</BLOCKQUOTE>

<BLOCKQUOTE>
If I recall correctly VA Research demonstrated
a 4-way SMP Xeon system "The Future of Linux"
meeting  that was jointly sponsored and organized
by SVLUG (<A HREF="http://www.svlug.org">http://www.svlug.org</A>) 
and Taos Mountain
(<A HREF="http://www.taos.com">http://www.taos.com</A>) last summer.
</BLOCKQUOTE>
<BLOCKQUOTE>
That event was reviewed in LG:
<A HREF="http://www.linuxgazette.com/issue31/roelofs.html"
	>http://www.linuxgazette.com/issue31/roelofs.html</A>
</BLOCKQUOTE>

<BLOCKQUOTE>
So, I don't know of any problem with this, and a quick
Yahoo!/AltaVista search didn't reveal any problems either.
</BLOCKQUOTE>

<!-- sig -->

<!-- end 26 -->
<!--     .~~.~~.~~.~~.~~.~~.~~.~~.~~.~~.~~.~~.~~.~~.~~.~~.~~.~~.     -->
<A NAME="tag/27"><HR WIDTH="75%" ALIGN="center"></A>
<!-- begin 27 -->
<H3 align="left"><img src="../gx/dennis/qbubble.gif" height="50" width="60"
	  alt="(?) " border="0">
Linux Friendly ISP's: SF Bay Area
</H3>


<p><strong>From Cdoutri on Fri, 04 Dec 1998  
</strong></p>
<!-- ::
Linux Friendly ISP's: SF Bay Area
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
:: -->
<P><STRONG><IMG SRC="../gx/dennis/qbub.gif" ALT="(?)"
	HEIGHT="28" WIDTH="50" BORDER="0"
	>
Hi,
</STRONG></P>
<P><STRONG>
I'm looking for some Internet Service Providers in San Francisco
that would have a connection software working under Linux, can you
help me with that ?
</STRONG></P>
<P><STRONG>
Many thanks,
C.
</STRONG></P>
<P><STRONG>

</STRONG></P>
<BLOCKQUOTE><IMG SRC="../gx/dennis/bbub.gif" alt="(!)"
	HEIGHT="28" WIDTH="50" BORDER="0"
	>
Many ISP's are "Linux" and "Unix" friendly.  I personally
have accounts with a2i (<A HREF="http://www.rahul.net">http://www.rahul.net</A>) and Idiom
(<A HREF="http://www.idiom.com">http://www.idiom.com</A> run by David Muir Sharnoff).
</BLOCKQUOTE>
<BLOCKQUOTE>
I also know people at Best (<A HREF="http://www.best.com">http://www.best.com</A>).
</BLOCKQUOTE>
<BLOCKQUOTE>
a2i uses Solaris, the other two use <A HREF="http://www.freebsd.org/">FreeBSD</A>. However, all
are friendly to Linux users.
</BLOCKQUOTE>
<BLOCKQUOTE>
This is one nice thing about the Silicon Valley and SF Bay
areas --- they are such strongholds of Unix that most of the
local businesses and techies speak the same language.  I
hear that life it somewhat harder in other parts of the
country.  Many ISP's that run Unix or Linux on their own
servers (over 70% run some form of Unix on most of their
customer server systems) will refuse to support its use by
the customers.
</BLOCKQUOTE>
<BLOCKQUOTE>
The only reasonable response to that is "vote with your
feet."  There are plenty of ISP's out there, pick one that
meets your needs rather than dictates your software choices.
</BLOCKQUOTE>
<BLOCKQUOTE>
The whole point to standardized protocols (particularly
networking protocols) is to allow customers and users
<EM>choice</EM> (FREEDOM) in selecting their clients and their
servers.  That's what the client/server paradigm is all
about!
</BLOCKQUOTE>
<BLOCKQUOTE>
The best resource I ever found for comparison shopping
of ISP's is at:
</BLOCKQUOTE>
<BLOCKQUOTE> <BLOCKQUOTE> <CODE>
<A HREF="http://thelist.iworld.com">http://thelist.iworld.com</A>
</CODE> </BLOCKQUOTE> </BLOCKQUOTE>

<BLOCKQUOTE>
... (which I guess used to be run by Boardwatch Magazine,
which is now owned by Mecklermedia).
</BLOCKQUOTE>
<BLOCKQUOTE>
Oddly enough a2i Communications (operated by Rahul Dhesi)
is not on this list.
</BLOCKQUOTE>
<BLOCKQUOTE>
Hope that helps.
</BLOCKQUOTE>

<!-- sig -->

<!-- end 27 -->
<!--     .~~.~~.~~.~~.~~.~~.~~.~~.~~.~~.~~.~~.~~.~~.~~.~~.~~.~~.     -->
<A NAME="tag/28"><HR WIDTH="75%" ALIGN="center"></A>
<!-- begin 28 -->
<H3 align="left"><img src="../gx/dennis/qbubble.gif" height="50" width="60"
	  alt="(?) " border="0">
Eight Character login Name Limit
</H3>


<p><strong>From CHOSICA on Fri, 04 Dec 1998  
</strong></p>
<!-- ::
Eight Character login Name Limit
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
:: -->
<BLOCKQUOTE>

</BLOCKQUOTE>
<P><STRONG><IMG SRC="../gx/dennis/qbub.gif" ALT="(?)"
	HEIGHT="28" WIDTH="50" BORDER="0"
	>
My name is Felix. I am new using linux.  I just saw your web pages
after making a search on altavista. I have set up my mail server
on Linux 2.0.29 and I am only able to create accounts with a
maximun of 8 character. I was trying to create an account call
<A HREF="mailto:webmaster@myname.com">webmaster@myname.com</A> and it does not make it . The server only
creates accounts with 8 character or less than 8 characters. Do
you know a way to increase the characters, so I can create account
with 9 or 10 characters.  There should be a way I do not know how?
If you can help me I would really appreciate. Thanks in advance.
</STRONG></P>
<P><STRONG>
Felix
</STRONG></P>
<P><STRONG>

</STRONG></P>
<BLOCKQUOTE><IMG SRC="../gx/dennis/bbub.gif" alt="(!)"
	HEIGHT="28" WIDTH="50" BORDER="0"
	>
This is a common limitation in many versions of Unix.
It is determined by the libraries (primarily 'libc' the
set of libraries that are compiled into virtually all
Unix programs).
</BLOCKQUOTE>
<BLOCKQUOTE>
Using glibc 2.x (a.k.a. Linux libc 6) it is possible to
create longer login names (up to 31 characters).  So, you
could just install a newer copy of <A HREF="http://www.redhat.com/">Red Hat</A>, Mandrake,
<A HREF="http://www.debian.org/">Debian</A> or any other glibc based Linux distribution.
</BLOCKQUOTE>
<BLOCKQUOTE>
However, you should consider the issue carefully before
using this feature.  You'll want to ensure that <EM>all</EM> of
your binaries are able to cope with the longer login
names.  Also if there's any chance that you'll want or
have to share account information across multiple versions
of Unix it's a bad idea to take this chance.  (I think that
newer versions of Solaris and HP-UX support longer login
names as well.  I don't know about AIX, SCO ODT, or any
others).
</BLOCKQUOTE>
<BLOCKQUOTE>
I'd suggest using the name:  'webman' or 'www' for
your "webmaster" or "web manager" account.  You can easily
configure your mail system to route mail addressed to
"webmaster" to 'webman' (just us an aliase) and you can
even configure your 'sendmail' to re-write outgoing mail
from 'webman' such that it appears to come from "webmaster"
(that would be in the generics, virtuser, or userdb
FEATURES() in your sendmail .mc file).
</BLOCKQUOTE>
<BLOCKQUOTE>
So, if the only reason you want the long name is for
e-mail addressing --- just use a short name and let the
MTA (mail transport agent) do the work.
</BLOCKQUOTE>
<BLOCKQUOTE>

</BLOCKQUOTE>
<!-- sig --><BLOCKQUOTE>

</BLOCKQUOTE>

<!-- end 28 -->
<!--     .~~.~~.~~.~~.~~.~~.~~.~~.~~.~~.~~.~~.~~.~~.~~.~~.~~.~~.     -->
<A NAME="tag/29"><HR WIDTH="75%" ALIGN="center"></A>
<!-- begin 29 -->
<H3 align="left"><img src="../gx/dennis/qbubble.gif" height="50" width="60"
	  alt="(?) " border="0">
Locked Out of His Mailserver
</H3>


<p><strong>From Henry A. Lee  on Fri, 04 Dec 1998  
</strong></p>
<!-- ::
Locked Out of His Mailserver
~~~~~~~~~~~~~~~~~~~~~~~~~~~~
:: -->
<BLOCKQUOTE>

</BLOCKQUOTE>
<P><STRONG><IMG SRC="../gx/dennis/qbub.gif" ALT="(?)"
	HEIGHT="28" WIDTH="50" BORDER="0"
	>
I am having trouble logging into my Linux mailserver, as any of my
users or as ROOT.  All passwords are incorrect.  I had to bring
all my users up on WinNT <TT>/</TT> Exchange box yesterday to get the email
rolling again.  Do you know of ANY way to hack the box?
</STRONG></P>
<P><STRONG>
I have about 15 hours of mail that I need to get off the box, and
without being able to login, I can't forward it to the new server.
</STRONG></P>
<P><STRONG>
I can't login at the server itself, can't telnet into it, but I
can FTP SOME files from it and can maybe get some files back to
it.  Looking at the PASSWD and PASSWD- files in a text editor,
seem fine.  Any suggestions would be immensely appreciated.
</STRONG></P>
<P><STRONG>
Thanks for your time,
<br>Henry
</STRONG></P>
<P><STRONG>

</STRONG></P>
<BLOCKQUOTE><IMG SRC="../gx/dennis/bbub.gif" alt="(!)"
	HEIGHT="28" WIDTH="50" BORDER="0"
	>
I don't know what's caused your inability to log
in.  It sounds like your <TT>/etc/passwd</TT> file might have been
converted to shadow format ('<tt>pwconv</tt>' or similar utility)
while your authenticating utilities and services aren't
shadow capable.  However that is only one of several
possibilities (the passwd file could be corrupt, it's
permissions could be wrong, you might have missing or
corrupt PAM modules, etc).
</BLOCKQUOTE>

<blockquote><em>
	[ I've seen corrupted shadow-passwd files prevent
	logins before; in both cases, there was the wrong 
	number of colons (:) on a line, and everyone after
	that couldn't get in.  If you managed to break the
	first line, that would prevent root getting in.
	--&nbsp;Heather&nbsp;]
</em></blockquote>

<BLOCKQUOTE>
As for fixing the problem or "hacking the box" as you
put it.  If you have physical access to the system
it is trivial to "hack into" it.  Normally this can be
done by using the [Ctrl]+[Alt]+[Del] (PC "nerve pinch"
or "three finger salute"), to reboot the system (most
Linux systems have an entry in their <TT>/etc/inittab</TT> that
looks something like:
</BLOCKQUOTE>

<BLOCKQUOTE><BLOCKQUOTE><CODE>
<BR># what to do when CTRL-ALT-DEL is pressed
<BR>ca::ctrlaltdel:/sbin/shutdown -r -t 4 now
</CODE></BLOCKQUOTE></BLOCKQUOTE>

<BLOCKQUOTE>
... which allows the 'init' process (the grandfather of
all processes) to respond to this console event.
</BLOCKQUOTE>
<BLOCKQUOTE>
Failing that you can wait for a bit while there is
minimal disk activity and reset or power cycle the
system.
</BLOCKQUOTE>
<BLOCKQUOTE>
As you reboot you wait until the LILO boot load prompt
is display and type in a command like:
</BLOCKQUOTE>
<BLOCKQUOTE> <BLOCKQUOTE> <CODE>
linux	init=/bin/sh
</CODE> </BLOCKQUOTE> </BLOCKQUOTE>

<BLOCKQUOTE>
... (assuming that you have a boot stanza named "<tt>linux</tt>"
--- hit the [Tab] key at that prompt for a list of those).
</BLOCKQUOTE>
<BLOCKQUOTE>
This passes a parameter to the kernel which forces it to
use an alternative to the '<tt>init</tt>' program (a copy of the
shell in this case).  From there you might need to mount the
<TT>/usr</TT> filesystem (assuming that the system follows
professional conventions rather than common Linux
installation defaults).  Then you can issue the
'<TT>/usr/bin/passwd</TT>' command to set a new root password.
</BLOCKQUOTE>
<BLOCKQUOTE>
If that doesn't solve the problem you can edit the passwd
file. if necessary remove everything <EM>but</EM> the entry for
root --- don't put any comments or blank lines in this file!
(Obviously you should save a copy if you're going to try
that).
</BLOCKQUOTE>
<BLOCKQUOTE>
If that still doesn't work, and if there are no clues
in your logs (look at <TT>/var/log/messages</TT> for hints), then
you have some other troubleshooting to do.
</BLOCKQUOTE>
<BLOCKQUOTE>
At that point it might be best to just call a consultant for
some voice support.  You don't provide enough information
for me to explain the next troubleshooting without writing a
whole book (and I'm already working on one).
</BLOCKQUOTE>
<BLOCKQUOTE>
I can do phone support or you can look for anyone in the
Consultants HOWTO.  (Considering that you have data on
this system that you don't want to lose, and that it sounds
like you don't have any backups, I wouldn't suggest too
much experimentation and learning curve climbing while
trying to recover from this situation).
</BLOCKQUOTE>
<BLOCKQUOTE>
If you have another Linux or Unix system anywhere else
on your network --- one with 'sendmail' properly installed
(assuming that the affected system was also running
'sendmail') it's possible to copy all of the files from
<TT>/var/spool/mqueue</TT> to some arbitrary directory on the
working system (from the ailing one, obviously).  Then
you can run a command like:
</BLOCKQUOTE>
<BLOCKQUOTE><BLOCKQUOTE><CODE>
<TT>/usr/lib/sendmail</TT> -v -q -O QueueDirectory=/tmp/q
</CODE></BLOCKQUOTE></BLOCKQUOTE>
<BLOCKQUOTE>

</BLOCKQUOTE>
<BLOCKQUOTE>
... to tell sendmail to verbosely (-v) make a
processing pass through the queue (-q) with the option
(-O) to over-ride the QueueDirectory set to some place
like <TT>/tmp/q</TT> (or where ever you ftp'd those df<EM> and qf</EM>
files to).
</BLOCKQUOTE>
<BLOCKQUOTE>
As for the user mail that's already been delivered to
"mbox" files under <TT>/var/spool/mail</TT>, you can copy those
to another system and append them to file under the
<TT>/var/spool/mail</TT> on the new system.  To avoid possible
corruption you'd want to disable the sendmail and popd
(etc) processing on the new system before trying this.
</BLOCKQUOTE>
<BLOCKQUOTE>
The easiest way to do that is to shut the system down
to single user mode after you've copied (ftp'd) all of
the mbox files (inbox folders) to the system.
</BLOCKQUOTE>
<BLOCKQUOTE>
Naturally you'll need to create user accounts that
correspond to each of these users from the old system,
and you'll need to ensure that the ownership and permissions
of each mbox file are set properly.
</BLOCKQUOTE>
<BLOCKQUOTE>
There are other ways to do this.  However they depend
on the situation and/or involve some more complicated
command lines then I'd want you to try without a thorough
understanding of how they work.
</BLOCKQUOTE>
<BLOCKQUOTE>
In the '<tt>procmail</tt>' man pages there is an example
of a script to "postprocess" an mbox.  It would be
possible to use something like that to "break apart"
each mbox file and resend it to the original recipient.
</BLOCKQUOTE>
<BLOCKQUOTE>
If your users were using MH, '<tt>elm</tt>' or '<tt>pine</tt>' (or
most any Unix/Linux mail reading package) they could
copy an mbox file to any convenient place and either
treat it as a folder ('<tt>elm -f</tt>') or "incorporate" it
into their MH folders using the '<tt>inc</tt>' command.  These
users should either know how to do that, or read the
man pages for their favorite mail user agent for details.
</BLOCKQUOTE>
<BLOCKQUOTE>
If you do hire a consultant, look for one that will
provide you with some good tutorial/mentorship on Linux
and consider having him or her help you prepare a
comprehensive "Recovery Plan and Disaster Procedures"
package.   This will be vital to your company's IS/IT
regardless of what OS or platform you choose for your
future needs.
</BLOCKQUOTE>
<BLOCKQUOTE>
My phone number can be found on my web pages:
</BLOCKQUOTE>

<BLOCKQUOTE><dl>
<dt>Starshine Technical Services
<dd><A HREF="http://www.starshine.org">http://www.starshine.org</A>
</dl></BLOCKQUOTE>

<BLOCKQUOTE>
... I normally don't advertise my consulting services
in this column, and I don't plan to do so often.  However,
there are situations where the most prudent advice
I can give is:  "Call someone to walk you through this."
</BLOCKQUOTE>
<BLOCKQUOTE>
As I say, you are encouraged to find a Linux consultant
that is local to you.  Look in the Consultant's HOWTO at:
</BLOCKQUOTE>
<BLOCKQUOTE> <BLOCKQUOTE> <CODE>
<A HREF="http://metalab.unc.edu/LDP/HOWTO/Consultants-HOWTO.html"
	>http://metalab.unc.edu/LDP/HOWTO/Consultants-HOWTO.html</A>
</CODE> </BLOCKQUOTE> </BLOCKQUOTE>

<BLOCKQUOTE>
... You can also find a wealth of help at any Linux Users
Group (LUG) and there are a couple of "Lists of LUG's" that
I've listed in previous columns.  There's even a Users Group
HOWTO at:
</BLOCKQUOTE>
<BLOCKQUOTE> <BLOCKQUOTE> <CODE>
<A HREF="http://metalab.unc.edu/LDP/HOWTO/User-Group-HOWTO.html"
	>http://metalab.unc.edu/LDP/HOWTO/User-Group-HOWTO.html</A>
</CODE> </BLOCKQUOTE> </BLOCKQUOTE>

<BLOCKQUOTE>
... which includes links to the three biggest lists of LUG's.
</BLOCKQUOTE>
<BLOCKQUOTE>
I wish I could say: "Look for the union label" when considering
entrusting your system's integrity to a consultant or volunteer.
However, there is no widely recognized certification for
sysadmin's <EM>yet</EM>.  There isn't even a "better business bureau"
of sysadmins and/or consultants.  As a member of 
<a href="http://www.usenix.org/sage/">SAGE</a> (the
SysAdmin's Guild) I'm involved in an ongoing effort to provide
some such process.  However it's a contentious issues, and Unix
sysadmins are a contentious lot(*). I'll be continuing this work
while I'm in Boston next week at the annual LISA conference.
</BLOCKQUOTE>

<BLOCKQUOTE><ul>
<li>(Certainly your chances of getting a
competent and experienced sysadmin are
better if you find someone who went to the
effort to join SAGE, or at least has
cogent reasons for <EM>not</EM> doing so; and
they are drastically diminished if you're
talking about someone who's never heard of
<a href="http://www.usenix.org/">USENIX</a> or SAGE).
</ul></BLOCKQUOTE>
<BLOCKQUOTE>
Good luck.
</BLOCKQUOTE>

<!-- sig -->

<!-- end 29 -->
<!--     .~~.~~.~~.~~.~~.~~.~~.~~.~~.~~.~~.~~.~~.~~.~~.~~.~~.~~.     -->
<A NAME="tag/31"><HR WIDTH="75%" ALIGN="center"></A>
<!-- begin 31 -->
<H3 align="left"><img src="../gx/dennis/qbubble.gif" height="50" width="60"
	  alt="(?) " border="0">
Changing the X Server's Default Color Depth
</H3>


<p><strong>From Peter Waltman  on Wed, 02 Dec 1998  
</strong></p>
<!-- ::
More on:
Changing the X Server's Default Color Depth
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
:: -->

<P><STRONG><IMG SRC="../gx/dennis/qbub.gif" ALT="(?)"
	HEIGHT="28" WIDTH="50" BORDER="0"
	>
I'm using redhat v.5.1 and have just installed it, so I have not
made too many modifications yet.  The default window manager rh
5.1 uses is fvwm2.  I have been trying to figure out how to
configure these window managers (fvwm and fvwm2) for some time
now, when I realized I guess that rh 5.1 is using FvwmM4 to parse
the rc files.  I've looked through those, as well as the FvwmM4
man page to figure out how to change the color depth.  I think it
has to do with the Color PANEL setting or the RGB_PIXELS setting,
but I'm not sure where or how to set it.  In the XF86Config file?
One of the of the <tt>fvwm2rc.*</tt> files provided by rh?.  The FvwmM4 man
page says that you can define these settings, but have I tried to
do this without much success.  Any help or links to info on how to
modify rh window manager would be GREATLY appreciated.
</STRONG></P>

<BLOCKQUOTE><IMG SRC="../gx/dennis/bbub.gif" alt="(!)"
	HEIGHT="28" WIDTH="50" BORDER="0"
	>
Window Managers have nothing to do with setting your X
server's color depth.  A window manager is an X client
--- it talks to the server.  By the time any clients are
being loaded and issuing X protocol requests of the server
(to draw windows on your display, or recieve mouse and
keyboard events, for example) it is too late to change
the color depth.
</BLOCKQUOTE>
<BLOCKQUOTE>
You are correct regarding M4.  Some window managers use
'<tt>cpp</tt>' or '<tt>m4</tt>' (macro preprocessor utilitiies) to expand
your configuration files into their internal configuration language.
</BLOCKQUOTE>
<BLOCKQUOTE>
I pointed out in my other response that you can
change this setting in your XF86Config file.  In my
discussion of modifying the xdm Xservers file I forgot
to mention that any error can cause your system to appear
hung.  (You might have to log in via telnet or a serial
terminal to kill the X server if you make a syntactical
mistake in that file).
</BLOCKQUOTE>
<BLOCKQUOTE>
As for broader advice on X Windows configuration,
read the XFree86 FAQ (as I listed in my other response)
and browse through some resources that are devoted to
X.  Some very extensive link lists are at:
</BLOCKQUOTE>

<BLOCKQUOTE><dl>
<dt>Kenton Lee's:
<br>Technical X Window System and Motif WWW Sites
<dd><tt><A HREF="http://www.rahul.net/kenton/xsites.html"
	>http://www.rahul.net/kenton/xsites.html</A></tt>
</dl></BLOCKQUOTE>
<BLOCKQUOTE>
... and one of my favorites listed there is:
</BLOCKQUOTE>

<BLOCKQUOTE><dl>
<dt>Brandon Harris':
	<br>X: End of Story
<dd><tt><A HREF="http://www.gaijin.com/X">http://www.gaijin.com/X</A></tt>
</dl></BLOCKQUOTE>

<!-- sig -->

<!-- end 31 -->
<hr width="40%" align="center">
<!--                 ==========================                      -->
<!-- begin 14 -->
<H3 align="left"><img src="../gx/dennis/qbubble.gif" height="50" width="60"
	  alt="(?) " border="0">
Changing color depth for xdm?
</H3>

<p><strong>From Peter Waltman  on Wed, 02 Dec 1998  
</strong></p>
<!-- ::
Changing the X Server's Default Color Depth
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
:: -->
<BLOCKQUOTE>

</BLOCKQUOTE>
<P><STRONG><IMG SRC="../gx/dennis/qbub.gif" ALT="(?)"
	HEIGHT="28" WIDTH="50" BORDER="0"
	>
I just checked out the 2 cent tips, which have a page describing
how to change and set up multiple x servers for differing color
depths.  the only thing is that this describes how to change the
startx script, whereas I am using xdm when I boot up.  I don't
think modifying the strartx script would have any effect for xdm.
Am I wrong in this? If not, how/what would I modify to change the
color depth for xdm?
</STRONG></P>
<P><STRONG>

</STRONG></P>
<BLOCKQUOTE><IMG SRC="../gx/dennis/bbub.gif" alt="(!)"
	HEIGHT="28" WIDTH="50" BORDER="0"
	>
Add the following entry to the active "Screen" section
of your XF86Config file:
</BLOCKQUOTE>
<BLOCKQUOTE><BLOCKQUOTE><CODE>
DefaultColorDepth  XX
</CODE></BLOCKQUOTE></BLOCKQUOTE>
<BLOCKQUOTE>
... where XX is the desired depth (8, 16, 24, or 32).
</BLOCKQUOTE>
<BLOCKQUOTE>
Another way to do this is to edit the
'<TT>/usr/X11R6/lib/X11/xdm/Xservers</TT>' file and add the
<tt>-bpp</tt> parameter to the <tt>:0</tt> (and possibly any 
<tt>:1</tt> and other similar lines) therein.
</BLOCKQUOTE>
<BLOCKQUOTE>
xdm reads the 'Xservers' file to find the command line
with which it can invoke an X server.  There should a
a line something like:
</BLOCKQUOTE>
<BLOCKQUOTE>

</BLOCKQUOTE>
<blockquote><pre>		:0 local /usr/X11R6/bin/X :0 vt07 -quiet
</pre></blockquote>
<BLOCKQUOTE>
... in there.  You can change that to something like:
</BLOCKQUOTE>

<blockquote><pre>		:0 local /usr/X11R6/bin/X :0 vt07 -quiet -bpp 16
</pre></blockquote>

<P><STRONG><IMG SRC="../gx/dennis/qbub.gif" ALT="(?)"
	HEIGHT="28" WIDTH="50" BORDER="0"
	>
again, thank you very much
<br>Peter Waltman
</STRONG></P>

<BLOCKQUOTE><IMG SRC="../gx/dennis/bbub.gif" alt="(!)"
	HEIGHT="28" WIDTH="50" BORDER="0"
	>
That should do the trick.  Oddly enough this is not in the
FAQ at <A HREF="http://www.XFree86.org">http://www.XFree86.org</A>, 
though I've copied the maintainer of that document since I've seen 
the question several times.
</BLOCKQUOTE>
<BLOCKQUOTE>
Hopefully he'll add it.  Meanwhile, remember to
check in the XFree86 FAQ for questions about that package.
</BLOCKQUOTE>

<!-- sig -->

<!-- end 14 -->
<!--     .~~.~~.~~.~~.~~.~~.~~.~~.~~.~~.~~.~~.~~.~~.~~.~~.~~.~~.     -->
<A NAME="tag/32"><HR WIDTH="75%" ALIGN="center"></A>
<!-- begin 32 -->
<H3 align="left"><img src="../gx/dennis/qbubble.gif" height="50" width="60"
	  alt="(?) " border="0">
NumLock and X Problems
</H3>


<p><strong>From Alan Shutko  on Thu, 26 Nov 1998  
</strong></p>
<BLOCKQUOTE>
More Expansions and Corrections:
</BLOCKQUOTE>
<!-- ::
NumLock and X Problems
~~~~~~~~~~~~~~~~~~~~~~
:: -->
<BLOCKQUOTE>

</BLOCKQUOTE>
<P><STRONG><IMG SRC="../gx/dennis/qbub.gif" ALT="(?)"
	HEIGHT="28" WIDTH="50" BORDER="0"
	>
Re Victor J. McCoy message on 11 Oct 1998, here's a possible
explanation.
</STRONG></P>
<P><STRONG>
It seems that Victor is using an X button to start up PPP.  And the
button (and lots of other things) don't work when the numlock key is
on.  That's because somewhere along the line (X11R6 I think), the
handling of numlock changed from a server-handled thing to acting as a
modifier.
</STRONG></P>
<P><STRONG>
Many programs which don't handle this new modifier will fail to
display menus, let buttons work, etc, when numlock is on.  Certain key
bindings won't work.  The solution is to turn off numlock.  If that
doesn't work, it's a different problem.
</STRONG></P>
<P><STRONG>
Alan Shutko
</STRONG></P>
<P><STRONG>

</STRONG></P>
<BLOCKQUOTE><IMG SRC="../gx/dennis/bbub.gif" alt="(!)"
	HEIGHT="28" WIDTH="50" BORDER="0"
	>
I'll let this speak for itself.  Maybe the new
XFree86 3.3.3 fixes this.
</BLOCKQUOTE>
<BLOCKQUOTE>

</BLOCKQUOTE>
<!-- sig --><BLOCKQUOTE>

</BLOCKQUOTE>

<!-- end 32 -->
<!--     .~~.~~.~~.~~.~~.~~.~~.~~.~~.~~.~~.~~.~~.~~.~~.~~.~~.~~.     -->
<A NAME="tag/33"><HR WIDTH="75%" ALIGN="center"></A>
<!-- begin 33 -->
<H3 align="left"><img src="../gx/dennis/qbubble.gif" height="50" width="60"
	  alt="(?) " border="0">
Expansion on NE-2000 Cards: Some PCI models &quot;okay&quot;
</H3>

<p><strong>From Kenneth.Scharf on Thu, 26 Nov 1998  
</strong></p>
<!-- ::
Expansion on NE-2000 Cards: Some PCI models &quot;okay&quot;
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
:: -->

<P><STRONG><IMG SRC="../gx/dennis/qbub.gif" ALT="(?)"
	HEIGHT="28" WIDTH="50" BORDER="0"
	>
In general your answer is correct.  There are however a breed of
PCI ne-2000 cards based on the Real-Tek chip that do work fine
under Linux.  I bought two of these cards for less that $15.  They
came with drivers for Windows (3.1, 95), os2, even sco unix.  I
tried to get these cards to work under windows 95 and failed!
Both and early version on win95, and osr2B failed to work with
these cards.  The Linux ne2k driver (both the old isa driver and
the new pci specific driver) work very well with these cards and
required no special parameters.  They autodetected just fine.  I
did have to re-set the bios in my computer to perform a fresh pnp
cycle in order to get the interrupts correct, but after a single
re-boot all was well forever.  My computer is a K6-233 on an Intel
TX (triton2) chipset based motherboard (made by AZZA).
</STRONG></P>
<P><STRONG>
I agree that there are much better ethernet cards than these
Real-Tek ne2000 el-cheapos, but they work fine in my home lan with
one linux machine and two windows machines.  (the windows machines
have 3c509 isa cards in them).  The network is thin-net coax, and
is used to share the internet connection with the modem on the
linux machine.  It will also provide shared printer service and
file backup.
</STRONG></P>

<BLOCKQUOTE><IMG SRC="../gx/dennis/bbub.gif" alt="(!)"
	HEIGHT="28" WIDTH="50" BORDER="0"
	>
It sounds like damning with faint praise here.
I wish the DEC Tulip chipset was staying in production
--- since the $29(US) Netgear cards using those
are rock solid 10/100Mbps PCI adapters.   They are my
favorite and I only have a couple left unopened.
</BLOCKQUOTE>
<BLOCKQUOTE>
The newer Netgear cards (same model) seem to be "okay"
as well (actually <EM>much</EM> better than these Real-Teks
that you're talking bout).
</BLOCKQUOTE>
<BLOCKQUOTE><em>
	[ What I miss about those marvelous DEC Tulip chips
	is that the drivers just plain work - both in Linux, and
	in Windows... because there is only one MS Windows driver
	for them! With some other "plug and play" cards there
	are several drivers available, and if you pick the wrong
	one, your net is flaky or worse.  But, enough said about
	Brand X for now. --&nbsp;Heather&nbsp;]
</em></BLOCKQUOTE>
<!-- sig -->

<!-- end 33 -->
<!--     .~~.~~.~~.~~.~~.~~.~~.~~.~~.~~.~~.~~.~~.~~.~~.~~.~~.~~.     -->
<A NAME="tag/34"><HR WIDTH="75%" ALIGN="center"></A>
<!-- begin 34 -->
<H3 align="left"><img src="../gx/dennis/qbubble.gif" height="50" width="60"
	  alt="(?) " border="0">
Finding info on MySqL?
</H3>


<p><strong>From Minh La on Thu, 26 Nov 1998  
</strong></p>
<!-- ::
Finding info on MySqL?
~~~~~~~~~~~~~~~~~~~~~~
:: -->

<P><STRONG><IMG SRC="../gx/dennis/qbub.gif" ALT="(?)"
	HEIGHT="28" WIDTH="50" BORDER="0"
	>
Where can I get more info on MySqL?
Thanks.
</STRONG></P>
<BLOCKQUOTE><IMG SRC="../gx/dennis/bbub.gif" alt="(!)"
	HEIGHT="28" WIDTH="50" BORDER="0"
	>
I guess the publisher is from Sweden:
</BLOCKQUOTE>

<BLOCKQUOTE><dl>
<dt>MySQL by T.c.X. DataKonsultAB
<dd><tt><A HREF="http://www.tcx.se">http://www.tcx.se</A></tt>
</dl></BLOCKQUOTE>

<!-- sig -->

<!-- end 34 -->
<!--     .~~.~~.~~.~~.~~.~~.~~.~~.~~.~~.~~.~~.~~.~~.~~.~~.~~.~~.     -->
<A NAME="tag/35"><HR WIDTH="75%" ALIGN="center"></A>
<!-- begin 35 -->
<H3 align="left"><img src="../gx/dennis/qbubble.gif" height="50" width="60"
	  alt="(?) " border="0">
Spying: (AOL Instant Messenger or ICQ): No Joy!
</H3>


<p><strong>From ONeillDD on Thu, 26 Nov 1998  
</strong></p>
<!-- ::
Spying: (AOL Instant Messenger or ICQ): No Joy!
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
:: -->
<BLOCKQUOTE>

</BLOCKQUOTE>
<P><STRONG><IMG SRC="../gx/dennis/qbub.gif" ALT="(?)"
	HEIGHT="28" WIDTH="50" BORDER="0"
	>
hey I really need to know if you could tell me how I could go
about reading instant messages from and by other people. If you
know what I mean some people call it spying. This is very
important so if you please contact me A.S.A.P.
</STRONG></P>
<P><STRONG>
THANK YOU
</STRONG></P>
<P><STRONG>

</STRONG></P>
<BLOCKQUOTE><IMG SRC="../gx/dennis/bbub.gif" alt="(!)"
	HEIGHT="28" WIDTH="50" BORDER="0"
	>
I presume this question was about AOL or ICQ
messaging.  I know nothing about these protocols
though I suspect that a straight network sniffer
strategic place on some multiple access medium
(ethernet) between the person on whom you are trying
to spy would do the trick.
</BLOCKQUOTE>
<BLOCKQUOTE>
Sorry to take so long on the response.  I've been
pretty busy so Turkey Day has been my first chance
to really clean out my inbox in a few months.
</BLOCKQUOTE>
<BLOCKQUOTE>

</BLOCKQUOTE>
<!-- sig --><BLOCKQUOTE>

</BLOCKQUOTE>

<!-- end 35 -->
<!--     .~~.~~.~~.~~.~~.~~.~~.~~.~~.~~.~~.~~.~~.~~.~~.~~.~~.~~.     -->
<A NAME="tag/36"><HR WIDTH="75%" ALIGN="center"></A>
<!-- begin 36 -->
<H3 align="left"><img src="../gx/dennis/qbubble.gif" height="50" width="60"
	  alt="(?) " border="0">
Fraser Valley LUG's Monitor DB
</H3>


<p><strong>From Ruth Milne  on Thu, 26 Nov 1998  
</strong></p>
<!-- ::
Fraser Valley LUG's Monitor DB
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
:: -->
<BLOCKQUOTE>

</BLOCKQUOTE>
<BLOCKQUOTE>
This is more of a "2-cent Tips" entry but here's
a reader comment:
</BLOCKQUOTE>
<BLOCKQUOTE>

</BLOCKQUOTE>
<P><STRONG><IMG SRC="../gx/dennis/qbub.gif" ALT="(?)"
	HEIGHT="28" WIDTH="50" BORDER="0"
	>
The Fraser Valley LUG at <A HREF="http://www.netmaster.ca/LUG">http://www.netmaster.ca/LUG</A> have a monitor
database that accepts a monitor make and model and spits out a working
descriptor text for X setup.
</STRONG></P>
<P><STRONG>
Dave Stevens
</STRONG></P>
<P><STRONG>

</STRONG></P>
<!-- sig --><BLOCKQUOTE>

</BLOCKQUOTE>

<!-- end 36 -->
<!--     .~~.~~.~~.~~.~~.~~.~~.~~.~~.~~.~~.~~.~~.~~.~~.~~.~~.~~.     -->
<A NAME="tag/37"><HR WIDTH="75%" ALIGN="center"></A>
<!-- begin 37 -->
<H3 align="left"><img src="../gx/dennis/qbubble.gif" height="50" width="60"
	  alt="(?) " border="0">
ext2fs &quot;Undeletable&quot; Attribute
</H3>


<p><strong>From J.S. Moore  on Wed, 26 Aug 1998  
</strong></p>
<!-- ::
ext2fs &quot;Undeletable&quot; Attribute
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
:: -->
<BLOCKQUOTE>
(An old AG that I never answered)
</BLOCKQUOTE>

<P><STRONG><IMG SRC="../gx/dennis/qbub.gif" ALT="(?)"
	HEIGHT="28" WIDTH="50" BORDER="0"
	>
Hello.
<br>The manpages indicate that a file with the <tt>u</tt> option 
set is undeleteable, but it doesn't say how.
</STRONG></P>
<P><STRONG>
Any ideas?
<tt>J.S. Moore
</STRONG></P>

<BLOCKQUOTE><IMG SRC="../gx/dennis/bbub.gif" alt="(!)"
	HEIGHT="28" WIDTH="50" BORDER="0"
	>
I think this bit was reserved for future use and
that it would/will require a userspace program
(or use of an API by programs like '<tt>mc</tt>' and
other file managers) to actually browse and
recover "deleted" files.
</BLOCKQUOTE>
<BLOCKQUOTE>
I think the current feeling in the development
community is to implement a new filesystem or
some new extensions to ext2 that would allow
full versioning support.  However, I don't
know the real skinny on it.
</BLOCKQUOTE>

<!-- sig -->

<!-- end 37 -->
<!--     .~~.~~.~~.~~.~~.~~.~~.~~.~~.~~.~~.~~.~~.~~.~~.~~.~~.~~.     -->
<A NAME="tag/38"><HR WIDTH="75%" ALIGN="center"></A>
<!-- begin 38 -->
<H3 align="left"><img src="../gx/dennis/qbubble.gif" height="50" width="60"
	  alt="(?) " border="0">How to Install Linux on an RS6000?</H3>


<p><strong>From ESPEJEL GOMEZ ERIKA PAOLA  on Thu, 26 Nov 1998  
</strong></p>

<P><STRONG><IMG SRC="../gx/dennis/qbub.gif" ALT="(?)"
	HEIGHT="28" WIDTH="50" BORDER="0"
	>
My question is
How install linux in a workstation (RS6000)?
Thank you for your help.
</STRONG></P>

<BLOCKQUOTE><IMG SRC="../gx/dennis/bbub.gif" alt="(!)"
	HEIGHT="28" WIDTH="50" BORDER="0"
	>
Newer RS/6000's are built around PowerPC CPU's.  I've heard
of some people running LinuxPPC and MkLinux on some RS/6000
systems, but I'm not sure that there's enough support
(device drivers, etc) to make this more than a curiosity.
</BLOCKQUOTE>
<BLOCKQUOTE>
The place to start looking for answers to these questions
would be at the LinuxPPC and MkLinux web sites:
</BLOCKQUOTE>

<BLOCKQUOTE><dl>
<dt>LinuxPPC: Linux for PowerPC Systems
<dd><tt><A HREF="http://www.linuxppc.org">http://www.linuxppc.org</A></tt>
</dl></BLOCKQUOTE>
<BLOCKQUOTE><dl>
<dt>MkLinux: Mach Microkernel with a Linux Server/Personality
<dd><tt><A HREF="http://www.mklinux.apple.com"
		>http://www.mklinux.apple.com</A></tt>
</dl></BLOCKQUOTE>

<BLOCKQUOTE>
... There's recently been alot more activity on the
Linux-PPC mailing lists so I know that active development
is going on.  In fact they have recently released
BootX which is a package for MacOS that allows one to
boot LinuxPPC without adjusting the OpenFirmware settings
on your system.  This is akin to LOADLIN.EXE for MS-DOS,
but more important since Apple and the MacOS clone
manufacturers didn't quite "get it" when it comes to
implementing OpenFirmware/OpenBoot support.  (Many models
of PowerMac and their clones don't support manual console
operation of the OF command prompt and many options
don't seem to be supported or documented).
</BLOCKQUOTE>
<BLOCKQUOTE>
When I talked to a couple of IBM researchers at ONE ISPCon
a few months ago one of them expressed some interest in
porting mkLinux or LinuxPPC in house, and having some
of his team contribute some drivers to it.  So, this
may get some support "from the source" at some point.
</BLOCKQUOTE>
<BLOCKQUOTE>
However, for now, it would be a hacker's project.
It's not suitable for immediate production deployment
from what I've heard.
</BLOCKQUOTE>

<!-- sig -->

<!-- end 38 -->
<!--     .~~.~~.~~.~~.~~.~~.~~.~~.~~.~~.~~.~~.~~.~~.~~.~~.~~.~~.     -->
<A NAME="tag/39"><HR WIDTH="75%" ALIGN="center"></A>
<!-- begin 39 -->
<H3 align="left"><img src="../gx/dennis/qbubble.gif" height="50" width="60"
	  alt="(?) " border="0">
Advanced Printer Support: 800x600 dpi + 11x17" Paper
</H3>


<p><strong>From Karl Raffelsieper  on Thu, 26 Nov 1998  
</strong></p>

<!-- ::
More on:
Advanced Printer Support: 800x600 dpi + 11x17" Paper
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
:: -->

<P><STRONG><FONT COLOR="#000099"><EM>
<BR>&gt;I am running <A HREF="http://www.caldera.com/">Caldera</A> 1.3 
	on my small networked P75 with 40MB Ram and
<BR>&gt;Several SCSI drives and Scanner, attached to the Parallel port is my
<BR>&gt;Xerox 4520 PostScript printer. I wish to have the P75 act as a print
<BR>&gt;server to the other PCs (running 
	<A HREF="http://www.suse.com/">S.u.S.E.</A> 5.1) This all works find, 
	Here's
<BR>&gt;the problem.
</EM></FONT></STRONG></P>
<P><STRONG><FONT COLOR="#000066"><EM>
Is this a real PostScript printer, with a PostScript
interpreter and a full CPU built into it?
</EM></FONT></STRONG></P>
<P><STRONG><FONT COLOR="#000066"><EM>
Is your print server passing the raw print jobs to the
printer or is it passing them through it's own 'gs'
(ghostscript), aps, nenscript, or other filters?
</EM></FONT></STRONG></P>
<HR width="10%" align="left">
<P><STRONG>
Yes this is a genuine Adobe Level 2 PostScript 20 Megs of RAM built in
--
RISC processor, 24 page/min screamer of a network printer, (less the
network card) and you can drop the raw PS data to it without ghostscript
or other filters. (This is Xerox's answer to the HP 5si)
</STRONG></P>
<P><STRONG>
This is were I am having my trouble. The driver installed is a generic
Post Script driver, and it does not seem to make all the printer
capabilities available. Even locally on the server. How can I make
configuration modifications to all workstations so when Star Office 5.0
(as an example) is aware of the printers paper sizes. My limited
understanding of the Post Script language is all the page definition,
font info, formatting, etc. is actually written into the document. Thus
so long as the data is sent raw to the server and it will send it raw to
the PS printer the Adobe chips in the printer will do the rest. But I
suspect I must report the printer capabilities to the OS some place. I
started at <TT>/etc/printcap</TT> but it didn't seem obvious to me 
where to make the changes.
</STRONG></P>

<BLOCKQUOTE><IMG SRC="../gx/dennis/bbub.gif" alt="(!)"
	HEIGHT="28" WIDTH="50" BORDER="0"
	>
What applications are you running?  (In other words,
what applications are generating the PostScript).
</BLOCKQUOTE>
<BLOCKQUOTE>
If they only use a subset of the PostScript supported by
your printer then they have to be updated to generate
more advanced PostScript.  If you are dropping/sending
raw PostScript to your printer then Linux isn't
involved at all.  It's between your applications and
your printer.
</BLOCKQUOTE>
<BLOCKQUOTE>
If you have Something like <tt>apsfilter</tt> (ASCII/text to
PostScript) or <tt>nenscript</tt> (New "enscripting") listed
in your <TT>/etc/printcap</TT> entry to transform text into
PostScript that that's where you'd need to make
the changes (though that should affect pages produced
through Applixware, StarOffice, xfig, TeX/LaTeX/LyX etc
since those are producing their own PostScript or
their own .dvi or raw printer files).
</BLOCKQUOTE>
<BLOCKQUOTE>
In the cases where TeX/LaTeX and/or LyX are involved
the applications generate a .dvi file.  This can be
converted to PostScript using the 'dvips' command,
or they can be used directly by any of the printer
specific dvi drivers (called &quot;dviware&quot; by TeXnophiles).
</BLOCKQUOTE>
<BLOCKQUOTE>
That's why I suggested calling Xerox to ask if they have
or know of dviware for your printer.
</BLOCKQUOTE>

<!-- sig -->

<!-- end 39 -->
<!--     .~~.~~.~~.~~.~~.~~.~~.~~.~~.~~.~~.~~.~~.~~.~~.~~.~~.~~.     -->
<A NAME="tag/40"><HR WIDTH="75%" ALIGN="center"></A>
<!-- begin 40 -->
<H3 align="left"><img src="../gx/dennis/qbubble.gif" height="50" width="60"
	  alt="(?) " border="0">TAG suggestions</H3>


<p><strong>From john  on Thu, 26 Nov 1998  
</strong></p>

<P><STRONG><IMG SRC="../gx/dennis/qbub.gif" ALT="(?)"
	HEIGHT="28" WIDTH="50" BORDER="0"
	>
I think that the way you are laying out TAG right now makes it a little
hard to navigate. It would almost be better if you ran them all together
on one big page, a la $.02 tips. The one word descriptions of other
solutions at the bottom of each page are also pretty tough to figure
out. How about an onMouseOver window.status() description for each, or
something to the same effect? Great job, by the way!
<br>--
<br>John
</STRONG></P>
<BLOCKQUOTE><IMG SRC="../gx/dennis/bbub.gif" alt="(!)"
	HEIGHT="28" WIDTH="50" BORDER="0"
	>
Heather (my wife) does all of the markup.
</BLOCKQUOTE>
<BLOCKQUOTE>
She's spent many hours, for the last several months refining
a script that does the bulk of the conversion from e-mail
(adjusted for the quirks of how I format my responses) to
HTML.
</BLOCKQUOTE>
<BLOCKQUOTE>
However, one of the things that we both refuse to do is to
rely about non-standard, browser dependent, and particularly
upon JavaScript, features.
</BLOCKQUOTE>

<blockquote><em>
	[ Actually, this is not specifically because I have anything 
	  against javascript, though the abuse of certain features
	  on the open web does annoy me considerably;  nor because
	  I don't write usable javascript code, for there's certainly
	  a world of tested scripts at 
<a href="http://www.developer.com/">http://www.developer.com/</a>
	  to go with the old Gamelon archives of Java applets;  but
	  rather, because I have no interest in making the folks
	  with "modern" browsers lose more memory to a feature that
	  they probably won't use.
</em></blockquote>
<blockquote><em>
	  and the very idea of shipping someone 90+ full titles of
	  messages, every time they read one of them, is insane.  
	  Don't even go there. I'm getting off this soapbox before
	  I scorch it. --&nbsp;Heather&nbsp;]
</em></blockquote>

<BLOCKQUOTE>
Originally all I wanted was for the URL's that I embed in my
text to be wrapped with anchors.  However, Heather and
Marjorie (my editors) like to have the TAG messages split
and like to over some navigation between them.  Heather
doesn't like sites that only offer "up, next, previous"
options in their page footers, so she's implemented the
scheme that you're describing.
</BLOCKQUOTE>

<blockquote><em>
	[ Also, at least one querent begged to be able to go to
	  seperate messages without having to go back up to the
	  index.  Others thanked us for switching to an indexed
	  format, as it was much easier to read the index alone
	  and decide what messages they wanted to read.  
</em></blockquote>

<blockquote><em>
	  As for the "tough little words"... I thought it would
	  be nicer than numbers, which is what my script
	  actually generates.  The good thing is that they can
	  be figured out at all.  They are short so that I can
	  format the table at the bottom so it doesn't look
	  lame and cost more space than the message bodies.
	  As it is, there's so many this time, they're staying
	  numbers.  They'll probably go back to words next
	  month, but I won't say for sure. --&nbsp;Heather&nbsp;]
</em></blockquote>

<BLOCKQUOTE>
One problem I used encounter when TAG was "all one big page"
was with search engines.  I'd get a new question that
correlated a couple of different concepts (IMAP plus
Netscape Navigator/Communicator) and I'd get all sorts of
spurious hits pointing to my own previous TAG articles.
</BLOCKQUOTE>
<BLOCKQUOTE>
So I'm glad that we don't still smash all my articles into
one page.
</BLOCKQUOTE>

<blockquote><em>
	[ However, masochists are encouraged to read 'The
	  Whole Damn Thing'... the streamed version of the
	  Linux Gazette.  And if I see more than this one
	  request, I may link 'The Whole Damn Answer Guy'
	  (that is, the version I turn in to our Overseer
	  for inclusion to TWDT) as an option off the 
	  Answer Guy index.  But we're certainly not going
	  back to the old format.  Too many people like
	  it, and I've put too much effort into the scripts
	  I use to convert it, to go back.
		--&nbsp;Heather&nbsp;]
</em></blockquote>

<BLOCKQUOTE>
However, Heather and Marjorie will see this message (along
with other LG readers).  I leave the details of formatting
for publication entire up to them.  Indeed when I first
started answer these questions I didn't even know that
they'd be published.  (I just offered to take on technical
questions that were misdirected to the editors).  So, I'll
focus on providing technical answers and commentary.
</BLOCKQUOTE>

<blockquote><em>
	[ I make a sincere effort to keep the resulting message 
	  looking as close as HTML allows to what the email looks like.  
	  When you only see it on the web, it could be hard to recall 
	  that it was a plain slice of mail.  I feel it's important to
	  keep that feeling.  Real people use this software,
	  real people have ordinary problems with it, and real
	  people give a shot at answering them.  
</em></blockquote>

<blockquote><em>
	  Which is the last tack in the coffin of using browser-specific
	  features... real people aren't going to change browsers
	  just to read a webazine, and they're not gonna be happy
	  if it crashes their browser because someone went a bit
	  overboard on the HTML.
</em></blockquote>
	  
<blockquote><em>
	  So, I've kept changes minimal.   I did all the graphics you 
	  see here, but except for color, and the split messages, I 
	  feel it's still pretty close to the original effort.   (The
	  astute reader, or especially the reader without color support,
	  will note that I use EM and STRONG to support color usage,
	  so the color is gratuitous, but does make for more comfortable
	  reading if you have it and there's a lot of quoting.)
	  You can look at the older Gazettes if you'd like to see what 
	  they used to look like... I think they look a lot better,
	  but I'm biased <img src="../gx/dennis/smily.gif" alt=";)"> 
	  Still, if Jim keeps getting messages about the formatting that 
	  I'm really responsible for, I'm gonna have to draw my own speak 
	  bubble.  I still have the blank bubble so it'll be easy.  Gimp 
	  is cool, when it doesn't crash. Maybe some month when the load 
	  isn't too high I'll write an article about the script and how I 
	  did the gifs. 
--&nbsp;<a href="mailto:star+tag@starshine.org">Heather</a>&nbsp;]
</em></blockquote>

<BLOCKQUOTE>
(Personally when I'm browsing through a series of related
pages I prefer to bounce back up to the upper/dispatch
page and then down to the next.  This keeps my current
"depth" a bit shorter when I want to back out of my browser
completely.   (Since I get interrupted and sidetracked
frequently while browsing I like to make sure
that I'm "done" with each page that's still on the "stack"
by backing completely out to the "first document").
</BLOCKQUOTE>

<!-- sig -->

<!-- end 40 -->
<!--     .~~.~~.~~.~~.~~.~~.~~.~~.~~.~~.~~.~~.~~.~~.~~.~~.~~.~~.     -->
<A NAME="tag/41"><HR WIDTH="75%" ALIGN="center"></A>
<!-- begin 41 -->
<H3 align="left"><img src="../gx/dennis/qbubble.gif" height="50" width="60"
	  alt="(?) " border="0">
CGI Driven Password Changes
</H3>


<p><strong>From Terry Singleton on Sat, 05 Dec 1998  
</strong></p>
<!-- ::
CGI Driven Password Changes
~~~~~~~~~~~~~~~~~~~~~~~~~~~
:: -->
<P><STRONG><IMG SRC="../gx/dennis/qbub.gif" ALT="(?)"
	HEIGHT="28" WIDTH="50" BORDER="0"
	>
Hi there,
</STRONG></P>
<P><STRONG>
We recently installed a LINUX box that runs sendmail 8.9.1, we need
someway for a user to be able to change their own password, most
ISP's have a html form that allows them to do this.
</STRONG></P>
<P><STRONG>
I know this can be done with CGI and Perl, question is does anyone
have anything or know of anywhere I can find something that will do
the trick..
</STRONG></P>
<P><STRONG>
I just bought a perl/cgi so I am working in that direction, we need
something asap though. I would even pay for something.
</STRONG></P>
<P><STRONG>
Regards,
<br>Terry Singleton
<br>Network Analyst
</STRONG></P>

<BLOCKQUOTE><IMG SRC="../gx/dennis/bbub.gif" alt="(!)"
	HEIGHT="28" WIDTH="50" BORDER="0"
	>
I once wrote a prototype for such a CGI script.  It
wasn't fancy but it used the following basic method:
</BLOCKQUOTE>
<BLOCKQUOTE>
The form has the following fields:
</BLOCKQUOTE>

<BLOCKQUOTE> <BLOCKQUOTE> <CODE>
    userid (login name):
<br>current/old password:
<br>(repeated):
<br>new password:
<br>(repeasted):
</CODE> </BLOCKQUOTE> </BLOCKQUOTE>

<BLOCKQUOTE>
... and the script does the following:
</BLOCKQUOTE>

<BLOCKQUOTE><ul>
<li>Check the consistency between the current password and the
    repeat (and issue a retry screen if that fails).
<li>start an expect (or Perl comm.pl) script that:
    <ul>
	<li>telnet to localhost
	<li>waits for a "login:" prompt
	<li>sends the userid
	<li>waits for a "password:" prompt
	<li>send the current password
	<li>waits for one of:
		<ul>
		<li>a shell prompt (sends passwd command)
		<li>the passwd prompt (if the user shell is set
		    to <TT>/usr/bin/passwd).</TT>
		<li>a "login incorrect" message (aborts and
			returns HTML error  form).
		</ul>
   </ul>
<li>if the process gets to <TT>.../bin/passwd</TT>'s prompt:
   <ul>
	<li>send the old password
	<li>wait for new password prompt
	<li>send the new password
	<li>wait for repeat prompt
	<li>sent the new password again
	<li>wait for O.K. message
	<li>returns HTML success page.
   </ul>
</ul></BLOCKQUOTE>
<BLOCKQUOTE>
So mostly it's a matter of writing the expect or comm.pl script.
</BLOCKQUOTE>
<BLOCKQUOTE>
Unfortunately I don't have the real script handy.  It
looked something like:
</BLOCKQUOTE>

<BLOCKQUOTE><pre>
#!/usr/bin/expect -f
## by Jim Dennis (<A HREF="mailto:jimd@starshine.org">jimd@starshine.org</A>)
## This should check a username/password
## pair by opening a telnet to localhost
## and trying to use that to login
## -- you might have to adjust the last
## expect block to account for your
## system shell prompts, and error messsages

## It returns 0 on success and various non-zero
## values for various modes of failure

set timeout 5
log_user 0

gets stdin name
gets stdin pw

spawn "<TT>/usr/bin/telnet</TT>" "localhost"

expect {

-- "ogin: $"    { send -- "$name\r" }

timeout         { send -- "\r\r" }

eof             { exit 253  }
}


expect {

"ssword: $"     { send -- "$pw\r" }
}

expect {

"ast login: "    { exit 0   }
"(\\\$|%)"       { exit 0   }
"ogin incorrect" { exit 1   }
timeout          { exit 254 }
eof              { exit 253 }
}
</pre></BLOCKQUOTE>

<BLOCKQUOTE>
... so you'd replace the "exit 0" clauses with
something like the following to have it change
the password instead of merely checking the password
as the example above does.
</BLOCKQUOTE>
<BLOCKQUOTE>

</BLOCKQUOTE>
<BLOCKQUOTE><pre>
set password [lindex $argv 1]
send "<TT>/bin/passwd\r</TT>"
expect "password:"
send "$password\r"
expect "password:"
send "$password\r"
</pre></BLOCKQUOTE>

<BLOCKQUOTE>
... this assumes that you got to a shell prompt.  If
you use the old trick of setting the users' login shell
to <TT>/bin/passwd</TT> then you'd add another expect close to the
original script to respond to the prompt for "Old password"
--- which you'd get in lieue of a shell prompt.
</BLOCKQUOTE>
<BLOCKQUOTE>
Obviously in that case you wouldn't be "send"-ing the
<TT>/bin/passwd</TT> command to the shell prompt as I've done in
the second line of this second code example.
</BLOCKQUOTE>
<BLOCKQUOTE>
There's a package that purports to do this at:
</BLOCKQUOTE>

<BLOCKQUOTE><dl>
<dt>Linux Admin CGI Package Docu (English)
<dd><tt><A HREF="http://www.daemon.de/doc_en.html"
		>http://www.daemon.de/doc_en.html</A></tt>
</dl></BLOCKQUOTE>
<BLOCKQUOTE>
... so you can try that.
</BLOCKQUOTE>
<BLOCKQUOTE>
You can also look at the Linux-admin mailing list archives
where I'm sure I've seen Glynn Clements point people
to some utility he wrote  (I think I've seen this about
a dozen times).
</BLOCKQUOTE>
<BLOCKQUOTE>
A quick trip to the Linux-Admin FAQ
(<A HREF="http://www.kalug.lug.net/linux-admin-FAQ"
	>http://www.kalug.lug.net/linux-admin-FAQ</A>) led me
to a list of list archives, which lead me to one with
search features.  Searching on "<tt>web password change</tt>"
got me to a message that refers to:
</BLOCKQUOTE>
<BLOCKQUOTE> <BLOCKQUOTE> <CODE>
<A HREF="ftp://win.co.nz/web-pwd">ftp://win.co.nz/web-pwd</A>
</CODE> </BLOCKQUOTE> </BLOCKQUOTE>
<BLOCKQUOTE>
... I'm sure there are others out there.
</BLOCKQUOTE>

<!-- sig -->

<!-- end 41 -->
<!--     .~~.~~.~~.~~.~~.~~.~~.~~.~~.~~.~~.~~.~~.~~.~~.~~.~~.~~.     -->
<A NAME="tag/42"><HR WIDTH="75%" ALIGN="center"></A>
<!-- begin 42 -->
<H3 align="left"><img src="../gx/dennis/qbubble.gif" height="50" width="60"
	  alt="(?) " border="0">
ifconfig reports TX errors on v2.1.x kernels
</H3>


<p><strong>From Peter Bruley on Tue, 15 Dec 1998  
</strong></p>
<!-- ::
'ifconfig': TX errors
~~~~~~~~~~~~~~~~~~~~~
:: -->
<P><STRONG><IMG SRC="../gx/dennis/qbub.gif" ALT="(?)"
	HEIGHT="28" WIDTH="50" BORDER="0"
	>
Answer Guy:
</STRONG></P>
<P><STRONG>
I have tried various 2.1x kernels every - once and a while to see how
the new version is coming along. What I have noticed is errors being
reported by "ifconfig" on the TX only (both ppp &amp; eth). Do you know why
?
</STRONG></P>
<P><STRONG>
TX Error
</STRONG></P>

<BLOCKQUOTE><IMG SRC="../gx/dennis/bbub.gif" alt="(!)"
	HEIGHT="28" WIDTH="50" BORDER="0"
	>
That's a good question.  On the ethernet, I'd expect that
most of them would be due to frame collisions.  Basically
they'd happen whenever any two cards on your segment tried
to send dataframes at close to the same time.  On the PPP
link I'd expect them to be due to line noise.
</BLOCKQUOTE>
<BLOCKQUOTE>
However, I'm not sure and I don't know why you wouldn't
see any RX errors.  Are you saying that you only see these
under the 2.1.xxx kernels?  I can assure you that some
errors are perfectly normal (under any kernel).  Too many
may indicate a flaky card (yours, or any other on your
network segment), bad cabling (thinnet/coax is particularly
bad --- also using cat 3 UTP and/or running any sort of
cable too close to flourescent light ballasts and other
sorts of transformers and "noisy" RF generating equipment).
</BLOCKQUOTE>
<BLOCKQUOTE>
On one of my systems (a 486 router, two 3c509 ISA ethernet
cards, each on relatively short quiet cat 5 UTP segments,
running 2.0.36) I have 0 errors in both the TX and RX
segments out of about 200,000 packets routed.  This is over
an uptime of about 20 days.  I picked that systems uptime
and stats more or less at random (I'm using it's console as
a telnet/terminal to get to my '<tt>screen</tt>' session as I type
this).
</BLOCKQUOTE>
<BLOCKQUOTE>
On another system (a 386DX33 with on 3c509 adapter, running
2.0.30) I see six million packets received and 26 thousand
RX errors (no TX errors out of about 3 million packets
transmitted).  That's been up for 71 days.
</BLOCKQUOTE>
<BLOCKQUOTE>
I supposed we could commission a study to see if
different ethernet cards, kernels and other factors produce
wildly different statistics.  But that sounds too much
like a graduate project.
</BLOCKQUOTE>

<!-- sig -->

<!-- end 42 -->

<hr width="40%" align="center">

<!-- begin 71 -->
<H3 align="left"><img src="../gx/dennis/qbubble.gif" height="50" width="60"
	  alt="(?) " border="0">'ifconfig': TX errors</H3>

<p><strong>From Peter Bruley  on Fri, 25 Dec 1998  
</strong></p>
<!-- ::
More on:
'ifconfig': TX errors
~~~~~~~~~~~~~~~~~~~~~~
:: -->
<P><STRONG><IMG SRC="../gx/dennis/qbub.gif" ALT="(?)"
	HEIGHT="28" WIDTH="50" BORDER="0"
	>
Hi: Jim
</STRONG></P>
<P><STRONG>
Thanks for your reply, sorry I'm slow getting back.
</STRONG></P>
<P><STRONG>
Here is a print out of my "ifconfig" after about 5 min. on the
ppp connection to my ISP:
</STRONG></P>

<pre><strong> lo    Link encap:Local Loopback
       inet addr:127.0.0.1  Bcast:0.0.0.0  Mask:255.0.0.0
       UP LOOPBACK RUNNING  MTU:3924  Metric:1
       RX packets:166 errors:0 dropped:0 overruns:0 frame:0
       TX packets:0 errors:24679 dropped:166 overruns:0 carrier:0 coll:0

 eth0  Link encap:Ethernet  HWaddr 00:40:05:60:71:DD
       inet addr:10.40.150.1  Bcast:10.40.150.255  Mask:255.255.255.0
       UP BROADCAST RUNNING MULTICAST  MTU:1500  Metric:1
       RX packets:288 errors:0 dropped:0 overruns:0 frame:0
       TX packets:86 errors:74789 dropped:507 overruns:0 carrier:0 coll:0
       Interrupt:10 Base address:0x7000

 ppp0  Link encap:Point-to-Point Protocol
       inet addr:226.186.100.56  P-t-P:226.186.100.249 Mask:255.255.255.255
       UP POINTOPOINT RUNNING NOARP MULTICAST  MTU:576  Metric:1
       RX packets:156 errors:0 dropped:0 overruns:0 frame:0
       TX packets:0 errors:14836 dropped:135 overruns:0 carrier:0 coll:0
</strong></pre><P><STRONG>
Here is are some of my software versions:
</STRONG></P>

<Pre><STRONG>
Kernel is 2.1.128
libc.so.5 =&gt; libc.so.5.4.44
depmod (Linux modutils) 2.1.121
ppp-2.3.5
net-tools 1.432
</STRONG></Pre>

<P><STRONG>
Things seem to work properly. (all network services) except for some
utilities that report  modem activity ie/ <tt>xmodemlights</tt> 
(<A HREF="http://www.netpci.com/~dwtharp/xmodemlights"
	>http://www.netpci.com/~dwtharp/xmodemlights</A>)
</STRONG></P>
<P><STRONG>
Note that my ethernet card is also reporting errors.
</STRONG></P>
<P><STRONG>
Now assuming that these are real errors; how come when I boot up into a
v2.0.34 kernel all the errors go away (on both ethnet &amp; ppp) and my
xmodemlights utility works flawlessly ?
</STRONG></P>
<P><STRONG>
I have tried the v2.1.(85-131) kernel on apx 3-4 different boxes and I
have observed the same problems.
</STRONG></P>
<P><STRONG>
I'm alone on this issue or do you know of others reporting the same
problems ?
</STRONG></P>
<P><STRONG>
Peter
</STRONG></P>

<BLOCKQUOTE><IMG SRC="../gx/dennis/bbub.gif" alt="(!)"
	HEIGHT="28" WIDTH="50" BORDER="0"
	>
I don't know if there's any problem here.  However,
I would check the kernel mailing archives and
possibly (after downloading, installing and testing
the 2.1.132 or later kernel) post a message to the
kernel developers list to inquire about it.
</BLOCKQUOTE>
<BLOCKQUOTE>
I might be that the old 2.0.x driver wasn't reporting
errors for your cards.  They may have been buggy.  It's
also possible that they may have been driving your
hardware slower, causing fewer errors, or fewer
detections of errors.  Of course it could be
bugs in the latest drivers which we'd like fixed before
we go to 2.2.
</BLOCKQUOTE>
<BLOCKQUOTE>
So, check with the kernel developers and possibly get
onto the comp.os.linux.* newsgroups (networking or hardware)
with this question to poll other users for their results.
</BLOCKQUOTE>

<BLOCKQUOTE><em>
	[ In the "late breaking news" department, the kernels
	  are starting to be called <tt>2.2.pre</tt> so now
	  is the time to start trying them out if you've been
	  interested but afraid to go for a beta kernel. 
	--&nbsp;Heather&nbsp;]
</em></BLOCKQUOTE>
<!-- sig -->

<!-- end 71 -->
<!--     .~~.~~.~~.~~.~~.~~.~~.~~.~~.~~.~~.~~.~~.~~.~~.~~.~~.~~.     -->
<A NAME="tag/44"><HR WIDTH="75%" ALIGN="center"></A>
<!-- begin 44 -->
<H3 align="left"><img src="../gx/dennis/qbubble.gif" height="50" width="60"
	  alt="(?) " border="0">
Support for Trident Video/Television Adapter
</H3>


<p><strong>From Daniel Robidoux  on Mon, 14 Dec 1998  
</strong></p>
<!-- ::
Support for Trident Video/Television Adapter
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
:: -->

<P><STRONG><IMG SRC="../gx/dennis/qbub.gif" ALT="(?)"
	HEIGHT="28" WIDTH="50" BORDER="0"
	>
Looking for a manual for a trident 9685 with tv. I'm trying to get
output to my tv but nothing works. Can you offer any suggestions.
</STRONG></P>
<BLOCKQUOTE><IMG SRC="../gx/dennis/bbub.gif" alt="(!)"
	HEIGHT="28" WIDTH="50" BORDER="0"
	>
Call Trident?
</BLOCKQUOTE>
<BLOCKQUOTE>
I answered a question about the Providia 9685 chipset
back in issue 31 --- but that had no mention of a TV
tuner.
</BLOCKQUOTE>
<BLOCKQUOTE>
There is a "video4linux" project that supports at least
the BTTV (Hauppage et al) chipsets.  I've never used it
but you can feel free to hit Yahoo! and browse through
the 2200 hits that you'll get with a search string like:
</BLOCKQUOTE>
<BLOCKQUOTE> <BLOCKQUOTE> <CODE>
"video4linux 9685"
</CODE> </BLOCKQUOTE> </BLOCKQUOTE>
<BLOCKQUOTE>
... see what that nets you.
</BLOCKQUOTE>

<!-- sig -->

<!-- end 44 -->
<!--     .~~.~~.~~.~~.~~.~~.~~.~~.~~.~~.~~.~~.~~.~~.~~.~~.~~.~~.     -->
<A NAME="tag/45"><HR WIDTH="75%" ALIGN="center"></A>
<!-- begin 45 -->
<H3 align="left"><img src="../gx/dennis/qbubble.gif" height="50" width="60"
	  alt="(?) " border="0">
Plug and Pray Problems
</H3>


<p><strong>From Tony Grant on Mon, 14 Dec 1998  
</strong></p>
<!-- ::
Plug and Pray Problems
~~~~~~~~~~~~~~~~~~~~~~
:: -->
<P><STRONG><IMG SRC="../gx/dennis/qbub.gif" ALT="(?)"
	HEIGHT="28" WIDTH="50" BORDER="0"
	>
Hi,
</STRONG></P>
<P><STRONG>
Problem: USR Sportster ISDN TA will not work on AMD K-6/II machine.
</STRONG></P>
<P><STRONG>
Solution: Force D-Link Ethernet card to use IRQ 5 and ioports in the
0300 - 031f range so as not to interfere with the ioports needed by the
Sportster.
</STRONG></P>
<P><STRONG>
Question: How do I force the Ethernet card to behave? On bootup my
kernel (2.0.36) tells me that IRQ <TT>/</TT> io etc are being set by 
BIOS. I want to set them myself.
</STRONG></P>
<P><STRONG>
TIA for pointers to the correct doc.
</STRONG></P>
<P><STRONG>
Cheers
<br>Tony Grant
</STRONG></P>

<BLOCKQUOTE><IMG SRC="../gx/dennis/bbub.gif" alt="(!)"
	HEIGHT="28" WIDTH="50" BORDER="0"
	>
My first guess would be that you're encountering a problem
with some "ISA Plug and Play" adapters.  The first
option would be to see if there's a setting to disable
"plug and pray" on one or both of these boards, and manually
set them (possibly using an MS-DOS or Windows) utility).
</BLOCKQUOTE>
<BLOCKQUOTE>
Failing that you can look for a Linux package called
'<tt>isapnptools</tt>' --- I've never used it --- but it seems to
have helped a few people out there.
</BLOCKQUOTE>
<BLOCKQUOTE>
I've read many messages from people who've resorted to
booting DOS, running the configuration utilities from
there and then loading their Linux kernel via <tt>LOADLIN.EXE</tt>.
</BLOCKQUOTE>
<BLOCKQUOTE>
This is more of a workaround than a real solution --- but
it seems to be effective for most and I don't know of
any downside for normal operation (just that mild distaste
that running MS-DOS to configure you hardware every time
you boot might leave in your mouth).  Console yourself
with the fact that you rarely have to reboot Linux.
</BLOCKQUOTE>

<!-- sig -->

<!-- end 45 -->

<hr width="40%" align="center">

<!-- begin 43 -->
<H3 align="left"><img src="../gx/dennis/qbubble.gif" height="50" width="60"
	  alt="(?) " border="0">
Plug and Pray Problems
</H3>

<p><strong>From Tony Grant  on Mon, 14 Dec 1998  
</strong></p>

<P><STRONG><font color="#000066"><em>
Jim Dennis wrote:
</em></font></STRONG></P>
<!-- ::
Plug and Pray Problems
~~~~~~~~~~~~~~~~~~~~~~
:: -->
<P><STRONG><font color="#000066"><em>
..snip
</em></font></STRONG></P>
<P><STRONG><font color="#000066"><em>
This is more of a workaround than a real solution --- but
it seems to be effective for most and I don't know of
any downside for normal operation (just that mild distaste
that running MS-DOS to configure you hardware every time
you boot might leave in your mouth).  Console yourself
with the fact that you rarely have to reboot Linux.
</em></font></STRONG></P>
<BLOCKQUOTE><IMG SRC="../gx/dennis/bbub.gif" alt="(!)"
	HEIGHT="28" WIDTH="50" BORDER="0"
	>
Jim,
</BLOCKQUOTE>
<BLOCKQUOTE>
Thanks for your prompt reply if only M$ offered such aftersales support 
<IMG SRC="<TT>../gx/dennis/smily.gif</TT>" ALT="=;-)" height="24" 	
	width="20" align="middle">
</BLOCKQUOTE>
<BLOCKQUOTE>
<tt>Loadlin</tt> looks like a last resort solution that I will have to 
turn to. I really didn't want to install W$ or DOS on this machine (it 
is a headless server) so booting is no problem, the machine is up all 
of the time, only SW upgrades will imply rebooting.
</BLOCKQUOTE>
<BLOCKQUOTE>
Cheers and thanks again
</BLOCKQUOTE>
<BLOCKQUOTE>
Tony Grant
</BLOCKQUOTE>


<!-- end 43 -->
<!--     .~~.~~.~~.~~.~~.~~.~~.~~.~~.~~.~~.~~.~~.~~.~~.~~.~~.~~.     -->
<A NAME="tag/46"><HR WIDTH="75%" ALIGN="center"></A>
<!-- begin 46 -->
<H3 align="left"><img src="../gx/dennis/qbubble.gif" height="50" width="60"
	  alt="(?) " border="0">
Sharing/Exporting Linux Directories to Windows '9x/NT
</H3>


<p><strong>From markr on Mon, 14 Dec 1998  
</strong></p>
<!-- ::
Sharing/Exporting Linux Directories to Windows '9x/NT
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
:: -->

<P><STRONG><IMG SRC="../gx/dennis/qbub.gif" ALT="(?)"
	HEIGHT="28" WIDTH="50" BORDER="0"
	>
I have a 5 system LAN at home with 2 linux, 2 win98, and 1 NT
machine.  From any of the 98/NT machines, I can see the linux
boxes in Network Neighborhood.  However, I am unable to connect to
shares on the linux boxes.  I have logged out of windows and back
in as both '<tt>root</tt>' and '<tt>mark</tt>', both valid users on the linux
systems, but when I try to access a share I'm prompted for a
password which, although correct, is promptly rejected.  I can go
from Linux to win, and Linux to Linux, but I need to be able to go
the other way as well....
</STRONG></P>
<P><STRONG>
Any advice?
</STRONG></P>
<P><STRONG>
thanks,
<br>Mark Rolen
</STRONG></P>

<BLOCKQUOTE><IMG SRC="../gx/dennis/bbub.gif" alt="(!)"
	HEIGHT="28" WIDTH="50" BORDER="0"
	>
Have you read through the Samba man pages (smbd(8),
nmbd(8), smb.conf(5), samba(7), smbstatus(1), etc),
and the Samba FAQ and web site 
(<A HREF="http://www.samba.org">http://www.samba.org</A>)?
</BLOCKQUOTE>
<BLOCKQUOTE>
Start there and make sure that you have '<tt>smbd</tt>' and '<tt>nmbd</tt>'
running in the correct order, and that you have a valid 'smb.conf.'
</BLOCKQUOTE>
<BLOCKQUOTE>
The best place to ask this sort of question is the
comp.protocols.smb newsgroup.  This is where the most
avid Samba users exchange notes and commiserate over
the latest MS CIFS machinations.
</BLOCKQUOTE>
<BLOCKQUOTE>
When you ask them a question, be sure to include
the simplest version of your smb.conf that you've tried
and representative samples of any <EM>relevant</EM> syslog messages
from <TT>/var/log/messages.</TT>  Read their FAQ thoroughly for
more details about the sorts of information to include
in your support queries.
</BLOCKQUOTE>
<BLOCKQUOTE><em>
	[ Actually, your conf files are probably fine, since you see
	  the share announced, and actually get a dialog back... 
	  except that you're missing one.  Win98 and NT use encrypted
	  passwords (or Win95 since one of the OSR packs) which
	  a new enough version of SaMBa can answer, but it needs 
	  to be fed the passwords your win boxes will be using.  
	  Go into the FAQ and search for '<tt>smbpasswd</tt>' and 
	  you should find the rest of the details. --&nbsp;Heather&nbsp;]
</em></BLOCKQUOTE>
<!-- sig -->

<!-- end 46 -->
<!--     .~~.~~.~~.~~.~~.~~.~~.~~.~~.~~.~~.~~.~~.~~.~~.~~.~~.~~.     -->
<A NAME="tag/47"><HR WIDTH="75%" ALIGN="center"></A>
<!-- begin 47 -->
<H3 align="left"><img src="../gx/dennis/qbubble.gif" height="50" width="60"
	  alt="(?) " border="0">Mail processing</H3>


<p><strong>From Juan Cuervo on Mon, 14 Dec 1998  
</strong></p>
<BLOCKQUOTE>

</BLOCKQUOTE>
<P><STRONG><IMG SRC="../gx/dennis/qbub.gif" ALT="(?)"
	HEIGHT="28" WIDTH="50" BORDER="0"
	>
Hello Answerguy, My name is Juan Cuervo and I was wondering if you
could help me with this:
</STRONG></P>
<P><STRONG>
I need all the incoming mail of my mail server users to be send to
their mailboxes (as usual), but also to be processed by an
external program (I mean , not a MTA). So, I need so send a copy
of the mail to this external program if the mail user has a file
in their home directory (called, lets say, ~/.myprog ) wich
indicates that the mail messages for that user should be parsed by
this external program too.
</STRONG></P>
<P><STRONG>
Thank you for your help.
<br>Juan Cuervo
</STRONG></P>

<BLOCKQUOTE><IMG SRC="../gx/dennis/bbub.gif" alt="(!)"
	HEIGHT="28" WIDTH="50" BORDER="0"
	>
You can create an '<TT>/etc/procmailrc</TT>' and define 'procmail'
as your local delivery agent.  This is the most
straightforward way to do this.  However, it is pretty
dangerous (the called program will be called as 'root')
and it might result in unacceptable levels of overhead
(depending on your number of users and their mail volumes).
</BLOCKQUOTE>
<BLOCKQUOTE>
In any event the contents of <TT>/etc/procmailrc</TT> would look
something like:
</BLOCKQUOTE>

<BLOCKQUOTE><pre>
:0c
| /root/bin/mailfilter/.myprog
</pre></BLOCKQUOTE>

<BLOCKQUOTE>
.... to send a copy of each mail item through a program
as you described.
</BLOCKQUOTE>
<BLOCKQUOTE>
Personally, I don't recommend this, as it sounds like
several disasters just begging to happen.  However,  you're
welcome to experiment with this on a test system for a
little bit to learn how it works.
</BLOCKQUOTE>
<BLOCKQUOTE>
Many Linux distributions include '<tt>sendmail</tt>' configured to
use '<tt>procmail</tt>' as their LDA by default.  Look for a
group of lines in your <TT>/etc/sendmail.cf</TT> that looks like:
</BLOCKQUOTE>

<blockquote><pre>Mlocal,         P=/usr/bin/procmail, F=lsDFMAw5:/|@qSPfhn9, S=10/30, R=20/40,
                T=DNS/RFC822/X-Unix,
		A=procmail -Y -a $h -d $u
</pre></blockquote>
<BLOCKQUOTE>
... to see if this is the case.  If not, either replace
the Mlocal clause that's in your <TT>/etc/sendmail.cf</TT> (yuck!),
or add an entry like:
</BLOCKQUOTE>

<blockquote><pre>		MAILER(`procmail')dnl
</pre></blockquote><BLOCKQUOTE>
... to your ".mc" (M4 configuration file) and regenerate
your .cf file with the appropriate m4 command like:
</BLOCKQUOTE>

<blockquote><pre>		m4 &lt; foo.mc &gt; /etc/sendmail.cf
</pre></blockquote>
<BLOCKQUOTE>
Note that sendmail involves quite a bit more than this
--- so you may want to get more detailed advice before
trying this on a production mail server.  There's a 900 page
book from O'Reilly that's probably the best reference to
'<tt>sendmail</tt>' available.  Arguments that we should also switch
to '<tt>qmail</tt>' or Wietse Venema's '<tt>PostFix</tt>' 
(formerly known as '<tt>Vmailer</tt>') may not help in your case.
</BLOCKQUOTE>

<!-- sig -->

<!-- end 47 -->
<!--     .~~.~~.~~.~~.~~.~~.~~.~~.~~.~~.~~.~~.~~.~~.~~.~~.~~.~~.     -->
<A NAME="tag/48"><HR WIDTH="75%" ALIGN="center"></A>
<!-- begin 48 -->
<H3 align="left"><img src="../gx/dennis/qbubble.gif" height="50" width="60"
	  alt="(?) " border="0">
Extra Formfeed from Windows '95
</H3>


<p><strong>From Jerry W Youngblood  on Mon, 14 Dec 1998  
</strong></p>
<!-- ::
Extra Formfeed from Windows '95
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
:: -->
<P><STRONG><IMG SRC="../gx/dennis/qbub.gif" ALT="(?)"
	HEIGHT="28" WIDTH="50" BORDER="0"
	>
Is there a way to supress the extra formfeed when I print on my Linux
HP540 printer from Windows95 on the network.  Everything prints great,
however there is an extra page that always comes out after the print
job.  How do I supress this?
</STRONG></P>
<BLOCKQUOTE><IMG SRC="../gx/dennis/bbub.gif" alt="(!)"
	HEIGHT="28" WIDTH="50" BORDER="0"
	>
I think there is a Win '9x control panel setting that
can be tweaked to prevent this.  However, I do as little
with Win '9x as I can, so I don't know precisely where
in that morass of dialogs and menus you might find this
setting.
</BLOCKQUOTE>
<BLOCKQUOTE>
(I suppose another option would be to set a special
printcap entry for your Win '95 system to use, and
have that use one of the settings for supressing formfeeds
or use a special filter or something).
</BLOCKQUOTE>
<BLOCKQUOTE>
I should warn that I also do as little printing as I can
get away with.
</BLOCKQUOTE>
<!-- sig -->
<!-- end 48 -->
<!--     .~~.~~.~~.~~.~~.~~.~~.~~.~~.~~.~~.~~.~~.~~.~~.~~.~~.~~.     -->
<A NAME="tag/49"><HR WIDTH="75%" ALIGN="center"></A>
<!-- begin 49 -->
<H3 align="left"><img src="../gx/dennis/qbubble.gif" height="50" width="60"
	  alt="(?) " border="0">
Can't Login in as Root
</H3>


<p><strong>From David Stebbins on Mon, 14 Dec 1998  
</strong></p>
<!-- ::
Can't Login in as Root
~~~~~~~~~~~~~~~~~~~~~~
:: -->
<BLOCKQUOTE>

</BLOCKQUOTE>
<P><STRONG><IMG SRC="../gx/dennis/qbub.gif" ALT="(?)"
	HEIGHT="28" WIDTH="50" BORDER="0"
	>
Hey Jim, After reading the letters to you and your responses I feel kind
of silly writting to you with my little problem, but here it is. I am a
very, very new linux 5.2 redhat  (Macmillan) user and after installing
the OS and establishing a user account for myself I have not been able
to login as the root user. I type the same exact password that I used
when I set the system up (as the root uesr), but cannot get back in
(...very frustrating). perhaps you have a solution for me? I was logging
in as "<tt>root</tt>" (w/o the " marks) and then just entering my 
password. What am I doing wrong?  Thanks David
</STRONG></P>
<BLOCKQUOTE><IMG SRC="../gx/dennis/bbub.gif" alt="(!)"
	HEIGHT="28" WIDTH="50" BORDER="0"
	>
Is this at the console?
</BLOCKQUOTE>
<BLOCKQUOTE>
If not, it's probably just <tt>securetty</tt> (read the man page
in section 5).
</BLOCKQUOTE>
<BLOCKQUOTE>
Can you login as a normal user and then use the '<tt>su</tt>'
command to attain '<tt>root</tt>' status?
</BLOCKQUOTE>
<BLOCKQUOTE>
If not then you probably have lost or forgotten the
password or corrupted your <TT>/etc/passwd</TT> file.  In those
cases you can boot from a floppy diskette or boot
and issue the '<tt>init=/bin/sh</tt>' LILO option (as I described
last month) to get into the system in single user mode
without requiring any password (requires console access,
obviously).
</BLOCKQUOTE>
<BLOCKQUOTE>
Keep in mind that the passwords are case sensitive.
You must remember which letters you typed in [Shift]-ed
mode and in lower case.  Also, if you look at you
<TT>/etc/passwd</TT> file you shouldn't seen any blank lines, any
comments, and any "junk" characters (control characters,
etc).  Read the <tt>passwd(5)</tt> on any working system to
get the details of proper '<tt>passwd</tt>' file formatting --- or
just copy one from your boot floppy and recreate the
accounts as necessary.
</BLOCKQUOTE>
<BLOCKQUOTE>
Note, if you create a new passwd file you may create
"orphan" files in this process, as your new account names
might have mismatches to the old numeric UID's and GID's
under which these files were created.  The easiest way to
fix that on a small system is to look at the numeric
UID's of the files (any "orphan" file will show up with
a numeric owner during an '<tt>ls -l</tt>' and you can use the
command '<tt>find / -nouser -ls</tt>' to list all of them) ---
then using your personal knowlege of who these files
belong to, set their <TT>/etc/passwd</TT> account to match
those numerics.
</BLOCKQUOTE>
<BLOCKQUOTE>
Unfortunately the full details of all of this are far
to complicated to describe in detail at this hour (it's
3:00am my time, I just got back from Boston, Massachusetts
from the USENIX/SAGE LISA Conference).
</BLOCKQUOTE>
<BLOCKQUOTE>
Once you get your system straightened out, make a
backup copy of your <TT>/etc/passwd</TT> and <TT>/etc/group</TT> files
--- just mount a floppy and copy them to it.  That will
make restores <EM>much easier</EM> in the future (even if you
you have a full backup system in place it's often handy
to restore these files before trying the rest of your
restore --- some versions of '<tt>tar</tt>' and '<tt>cpio</tt>' for example
don't restore files under numeric UID's and GID's -- they'll
"quash" the ownership to root.root for all of them!
</BLOCKQUOTE>
<BLOCKQUOTE>
If you really get stuck, call my number (800) 938-4078
to leave voice mail.  It would make more sense to
walk you through the recover than to type up every possible
recovery technique in this message.
</BLOCKQUOTE>

<!-- sig -->

<!-- end 49 -->
<!--     .~~.~~.~~.~~.~~.~~.~~.~~.~~.~~.~~.~~.~~.~~.~~.~~.~~.~~.     -->
<A NAME="tag/50"><HR WIDTH="75%" ALIGN="center"></A>
<!-- begin 50 -->
<H3 align="left"><img src="../gx/dennis/qbubble.gif" height="50" width="60"
	  alt="(?) " border="0">
Alternative Method for Recovering from Root Password Loss
</H3>


<p><strong>From David C. Winters  on Mon, 14 Dec 1998  
</strong></p>
<!-- ::
Alternative Method for Recovering from Root Password Loss
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
:: -->
<BLOCKQUOTE>

</BLOCKQUOTE>
<P><STRONG><IMG SRC="../gx/dennis/qbub.gif" ALT="(?)"
	HEIGHT="28" WIDTH="50" BORDER="0"
	>
Just discovered the LG, and your column, today.  I sent you a
message a few minutes ago asking a question; here's a submission.
</STRONG></P>
<P><STRONG>
You finish up your 
"<a href="/issue35/tag/passwd.html">No Echo During Password Entry</a>" 
answer in your Issue #35 column with a method for recovering from losing 
<tt>root</tt>'s password.  I've used another method, using LILO.
</STRONG></P>
<P><STRONG>
During boot, when the "<tt>LILO boot:</tt>" prompt appears, hitting the
&lt;TAB&gt; key will give you a list of all of the kernels (by label)
that LILO knows about.  On my system, I'd see
</STRONG></P>

<pre><strong>&gt; LILO boot:
&gt; 2.0.30		2.0.30-orig
&gt; boot:
</strong></pre><P><STRONG>
("2.0.30-orig" is the default 
<A HREF="http://www.redhat.com/">Red Hat</A> 2.0.30-3 kernel on 4.2;
"2.0.30" is the label for the kernel I compiled.)
</STRONG></P>
<P><STRONG>
If I append "<tt> single</tt>" to a kernel label, eg, "<tt>2.0.30 single</tt>",
it'll boot using that kernel but come up in single-user mode.
Just calling <tt>passwd()</tt> will let you change root's password.  You
then want to use <tt>exit()</tt> to continue bringing yourself back up to
your normal runlevel (3 on my machine).
</STRONG></P>

<BLOCKQUOTE><IMG SRC="../gx/dennis/bbub.gif" alt="(!)"
	HEIGHT="28" WIDTH="50" BORDER="0"
	>
I'm well aware of this technique.  However, using
'<tt>init=/bin/sh</tt>' will work in cases where '<tt>single</tt>' won't.
</BLOCKQUOTE>
<BLOCKQUOTE>
Some systems have their 'single user' mode entries
in <TT>/etc/inittab</TT> set to call an '<tt>sulogin</tt>' command ---
which requires a root password.  Ooops!
</BLOCKQUOTE>
<BLOCKQUOTE>
I glossed over the details due to my own time constraints.
</BLOCKQUOTE>

<P><STRONG><IMG SRC="../gx/dennis/qbub.gif" ALT="(?)"
	HEIGHT="28" WIDTH="50" BORDER="0"
	>
Useful, but a large security hole.  Unless you secure it, anyone
sitting down on console can reboot the machine and come up as
root.  To close this hole off, <tt>chmod() /etc/lilo.conf</TT> to 600 (or
660 if it's owned root:root) and add the "<tt>restricted</tt>" and
"<tt>password=&lt;some_password&gt;</tt>" lines, like the following example
<TT>/etc/lilo.conf</TT> file:
</STRONG></P>
<BLOCKQUOTE><IMG SRC="../gx/dennis/bbub.gif" alt="(!)"
	HEIGHT="28" WIDTH="50" BORDER="0"
	>
Quite right.
</BLOCKQUOTE>

<STRONG><IMG SRC="../gx/dennis/qbub.gif" ALT="(?)"
	HEIGHT="28" WIDTH="50" BORDER="0"
	>
<pre> boot=/dev/sda
 map=/boot/map
 install=/boot/boot.b
 prompt
 timeout=50
 restricted
 password=AnswerGuy
 image=/boot/vmlinuz
         label=2.0.30
         root=/dev/sda2
         initrd=/boot/initrd
         read-only
 image=/boot/vmlinuz-2.0.30-orig
         label=orig
         root=/dev/sda2
         initrd=/boot/initrd
         read-only
</pre></strong>

<P><STRONG>
Run <tt>lilo()</tt>, then reboot.  Entering "<tt>2.0.30 single</tt>" 
will get you to a password prompt.  When you enter "AnswerGuy", the 
LILO password won't be echod to the screen as per normal for entering 
passwords, and LILO will bring you up as root.
</STRONG></P>
<P><STRONG>
This obviously requires remembering yet another password, but it's
something to look into because, by default, LILO isn't
password-protected on the <A HREF="http://www.debian.org/">Debian</A> 
or Red Hat distributions I've used.
</STRONG></P>
<BLOCKQUOTE><IMG SRC="../gx/dennis/bbub.gif" alt="(!)"
	HEIGHT="28" WIDTH="50" BORDER="0"
	>
Also quite right.
</BLOCKQUOTE>
<BLOCKQUOTE>
The principle problem with this is that it doesn't
prevent the user from booting from a floppy (such as a
Tom's Root/Boot (<A HREF="http://www.toms.net/rb"
		>http://www.toms.net/rb</A>) or even
just an MS-DOS diskette with a disk/hex editor).
</BLOCKQUOTE>
<BLOCKQUOTE>
Some PC's have the ability to "lock out" the floppy
drive and protect the CMOS with a password.  That
helps.  However, it isn't much help.  Many (possibly
most) BIOS/CMOS sets have "backdoors" such that their
support technicians can help customers "get back into"
their systems.  This is a <EM>bad</EM> idea --- but seems to be
pretty common.  In addition it's possible to open the
system case and temporarily remove or short (with a
resistor) the battery on the motherboard, or remove the
clock chip (where the CMOS data, including the password,
is stored).
</BLOCKQUOTE>
<BLOCKQUOTE>
So, to achieve any semblence of console security you
must at least do the following:
</BLOCKQUOTE>

<BLOCKQUOTE><ul>
<li>Lock the PC in a cabinet, closet or case
	(or install one or more locking bolts in the case.)
<li>Verify that the BIOS has no back door
	(how?) or replace the BIOS with a custom one
	or one that has been audited and verified by
	some trusted party as having no back doors.
<li>Disable floppy and CD-ROM boot.
<li>Enable CMOS password protection to prevent
	changes to the boot and other CMOS settings.
</ul></BLOCKQUOTE>
<P><STRONG><IMG SRC="../gx/dennis/qbub.gif" ALT="(?)"
	HEIGHT="28" WIDTH="50" BORDER="0"
	>
Debian: Whatever version was current two years ago; we switched to
RH.  Red Hat: 4.2
</STRONG></P>
<P><STRONG>
D.
</STRONG></P>
<BLOCKQUOTE><IMG SRC="../gx/dennis/bbub.gif" alt="(!)"
	HEIGHT="28" WIDTH="50" BORDER="0"
	>
Thanks for the prompting.
</BLOCKQUOTE>
<BLOCKQUOTE>
I personally like the design of the Corel Netwinder
(StrongARM/RISC based "thin clients" or "network computers"
with embedded Red Hat Linux and <A HREF="http://www.kde.org/">KDE</A>), 
and the Igel "Etherterm/Ethermulation" (PC based X Terminal, thin client,
and character mode ethernet terminals, with custom embedded
Linux --- and Java, Netscape and other optional tools on
solid state disks).
</BLOCKQUOTE>

<BLOCKQUOTE><dl>
<dt>Corel Computing, a division of Corel Software, Inc:
<dd><tt><A HREF="http://www.corelcomputer.com"
		>http://www.corelcomputer.com</A></tt>
</dl></BLOCKQUOTE>

<BLOCKQUOTE><dl>
<dt>Igel USA:
<dd><tt><A HREF="http://www.igelusa.com">http://www.igelusa.com</A></tt>
</dl></BLOCKQUOTE>

<BLOCKQUOTE>
These systems are specifically designed with no
support for removable media.  This makes this much better
suited to deployment in hostile user environments (such as
libraries, kiosks, Internet cafes, public access and college
computing labs).
</BLOCKQUOTE>
<BLOCKQUOTE>
It is unfortunate that these systems are currently a bit
more expensive than similarly powered PC's.  Since they are
currently produced in somewhat volumes and they are
currently niche markets, they command a higher margin and
don't benefit from the full economies of scale.
</BLOCKQUOTE>
<BLOCKQUOTE>
However, that's the main reason I don't own any of these.
</BLOCKQUOTE>
<BLOCKQUOTE>
(Another advantage to these systems, over and above
security, is that they offer much less power draw and
much quieter operation than standard PC's with that
incessant fan and disk noise).
</BLOCKQUOTE>

<!-- sig -->

<!-- end 50 -->
<!--     .~~.~~.~~.~~.~~.~~.~~.~~.~~.~~.~~.~~.~~.~~.~~.~~.~~.~~.     -->
<A NAME="tag/51"><HR WIDTH="75%" ALIGN="center"></A>
<!-- begin 51 -->
<H3 align="left"><img src="../gx/dennis/qbubble.gif" height="50" width="60"
	  alt="(?) " border="0">
SCOldies Bragging Rights
</H3>


<p><strong>From David C. Winters  on Mon, 14 Dec 1998  
</strong></p>
<!-- ::
SCOldies Bragging Rights
~~~~~~~~~~~~~~~~~~~~~~~~
:: -->
<P><STRONG><IMG SRC="../gx/dennis/qbub.gif" ALT="(?)"
	HEIGHT="28" WIDTH="50" BORDER="0"
	>
In your response to Anthony's second message (re: a coworker teasing him
about SCO's capabilities), you say:
</STRONG></P>
<P><STRONG><FONT COLOR="#000066"><EM>
I figured. About the only things the SCOldies can hold over us
right now are "journal file support" and "Tarantella."
</EM></FONT></STRONG></P>
<P><STRONG>
Abject curiosity makes me ask: What are these two capabilities?
</STRONG></P>
<P><STRONG>
D.
</STRONG></P>
<BLOCKQUOTE><IMG SRC="../gx/dennis/bbub.gif" alt="(!)"
	HEIGHT="28" WIDTH="50" BORDER="0"
	>
"Journaling Filesystems" and "Logging Filesystems" are those
which store and utilize transaction logs (journals) of
file operations until those changes are "committed"
(synchronized).
</BLOCKQUOTE>
<BLOCKQUOTE>
Thus a set of small data structures on your filesystems
are automatically synchronized (like in a "write-through
cache") while the rest of the fs benefits from normal
write caching.
</BLOCKQUOTE>
<BLOCKQUOTE>
The net effect is that filesystems can be quickly checked
and repaired after a castastrophic shutdown.  In other
words, you don't have to wait for hours for 'fsck' to
finish fixing your filesystems after someone kicks the
plug on your server (or the power supply fails, etc).
</BLOCKQUOTE>
<BLOCKQUOTE>
This is likely to be added to Linux by version 2.4 or
3.x.  Some preliminary work as already been done.
</BLOCKQUOTE>
<BLOCKQUOTE>
Many versions of Unix (such as SCO, Novell/SCO Unixware,
and AIX) have their own implementations of these features.
In addition there is a company called Veritas
* (<A HREF="http://www.veritas.com/corporate/index.htm"
	>http://www.veritas.com/corporate/index.htm</A>).
</BLOCKQUOTE>
<BLOCKQUOTE>
You can get some similar effect from Linux, at considerable
performance cost, by selectively mounting your important
filesystems with the 'sync' option (mount -o sync ....).
</BLOCKQUOTE>
<BLOCKQUOTE>
"Tarantella" is a unique feature of SCO's.  It provides
Java/Web based access to your Linux desktop.  The closest
match is the VNC package (virtual network computer) from
the Olivetti/Oracle (Joint) Research Laboratory
* (<A HREF="http://www.orl.co.uk/vnc/index.html"
	>http://www.orl.co.uk/vnc/index.html</A>).
</BLOCKQUOTE>
<BLOCKQUOTE>
VNC is a network windowing system (like X Windows, but
more "lightweight") which allows you to connect to your
systems remotely via an MS Windows (Win '95/'98/NT),
MacOS, or Java client.  VNC also allows you to remotely
connect to Win '9x/NT system from it's X Windows (or
other Win/MacOS/Java) clients.
</BLOCKQUOTE>
<BLOCKQUOTE>
Actually VNC might be close enough in features that
SCO couldn't get much mileage out of touting it over
Linux with VNC.  VNC is under the GPL.
</BLOCKQUOTE>
<!-- sig -->
<!-- end 51 -->
<!--     .~~.~~.~~.~~.~~.~~.~~.~~.~~.~~.~~.~~.~~.~~.~~.~~.~~.~~.     -->
<A NAME="tag/52"><HR WIDTH="75%" ALIGN="center"></A>
<!-- begin 52 -->
<H3 align="left"><img src="../gx/dennis/qbubble.gif" height="50" width="60"
	  alt="(?) " border="0">
Application Direct Access to Remote Tape Drive
</H3>


<p><strong>From Yves Larochelle  on Mon, 14 Dec 1998  
</strong></p>
<!-- ::
Application Direct Access to Remote Tape Drive
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
:: -->
<P><STRONG><IMG SRC="../gx/dennis/qbub.gif" ALT="(?)"
	HEIGHT="28" WIDTH="50" BORDER="0"
	>
Hello,
</STRONG></P>
<P><STRONG>
I have a simple problem.  I run a FORTRAN program that makes calls
to a C library to read data from a DLT SCSI tape drive. Everything
is fine when I run from a drive on my host machine.
</STRONG></P>

<BLOCKQUOTE><IMG SRC="../gx/dennis/bbub.gif" alt="(!)"
	HEIGHT="28" WIDTH="50" BORDER="0"
	>
Oddly enough I was just writing in my book about how the
tape drives under Unix (and Linux) are available for
general purpose spooling of applications data sets (like
the old mainframe spooling and job control model) but
are rarely used in this fashion.  It's amusing to see
that someone is doing this.
</BLOCKQUOTE>

<P><STRONG><IMG SRC="../gx/dennis/qbub.gif" ALT="(?)"
	HEIGHT="28" WIDTH="50" BORDER="0"
	>
But I haven't been able to open/read the tape drive on a remote
host. I have read your previous answers on remote tape access:
</STRONG></P>

<code><strong>
<a href="http://www.ssc.com/lg/issue31/tag_backup.html"
	>http://www.ssc.com/lg/issue31/tag_backup.html</a>
<br>and
	<a href="http://www.ssc.com/lg/issue29/tag_betterbak.html"
	>http://www.ssc.com/lg/issue29/tag_betterbak.html</a>
</strong></code>

<P><STRONG>
but it doesn't solve my problem.
</STRONG></P>
<P><STRONG>
I want to use local memory and CPU, so "rsh" is
not an option. In my C library I have tried
to change:
</STRONG></P>
<P><STRONG>

</STRONG></P>
<pre><strong>&gt;		fd =  open ("/dev/st0", flag, 0);
&gt; ... to:
&gt;		fd =  open ("remotehost:/dev/st0", flag, 0);
&gt; or even:
&gt;		fd =  open ("operator@remotehost:/dev/st0", flag, 0);
</strong></pre><P><STRONG>
without success:
</STRONG></P>
<P><STRONG>

</STRONG></P>
<P><STRONG>
Open failed on tape
No such file or directory
</STRONG></P>

<BLOCKQUOTE><IMG SRC="../gx/dennis/bbub.gif" alt="(!)"
	HEIGHT="28" WIDTH="50" BORDER="0"
	>
Yep.  That's right.  Inspection of the code for
'<tt>tar</tt>' and '<tt>cpio</tt>' would reveal that these do use
an implicity '<tt>rsh</tt>' to the remote host, and pipe their
data streams over TCP connections thereto.
</BLOCKQUOTE>
<BLOCKQUOTE>
This ability to access devices remotely is not built into
the C libraries, it is built by your program through
the native network mechanisms (or at least via judicious
use of the '<tt>system()</tt>' library call).
</BLOCKQUOTE>

<P><STRONG><IMG SRC="../gx/dennis/qbub.gif" ALT="(?)"
	HEIGHT="28" WIDTH="50" BORDER="0"
	>
I do have setup <TT>/etc/hosts.equiv</TT> (and <TT>/$HOME/.rhosts)</TT> 
so I can access my account on the remote host without password
</STRONG></P>
<P><STRONG>
I have been told to use "rmt", but how to do it within the C library ??
</STRONG></P>

<BLOCKQUOTE><IMG SRC="../gx/dennis/bbub.gif" alt="(!)"
	HEIGHT="28" WIDTH="50" BORDER="0"
	>
I don't know much about '<tt>rmt</tt>' but you can pick up the
'<tt>dump</tt>' package in which it is included and read the man
page therefrom.  I'd pick up the sources to that package
so you can read some sample source code to understand
how '<tt>dump</tt>' uses it.
</BLOCKQUOTE>
<BLOCKQUOTE>
(Obviously if you want to actually cut and paste the source
code for use in your project, you'll want to read and
comply with the license --- probably GPL.  This may be of
no consequence if you won't be redistributing your program
--- and should be know problem if you're willing to release
your sources under a compatible license.  It should also be
no problem if you read these sources to gain and
understanding of the API's and code your own functions.
However, read the license for yourself).
</BLOCKQUOTE>
<P><STRONG><IMG SRC="../gx/dennis/qbub.gif" ALT="(?)"
	HEIGHT="28" WIDTH="50" BORDER="0"
	>
Can you help me with this one ???
</STRONG></P>

<BLOCKQUOTE><IMG SRC="../gx/dennis/bbub.gif" alt="(!)"
	HEIGHT="28" WIDTH="50" BORDER="0"
	>
Since I'm not a programmer --- not much directly.
However, as I've said, you can study examples of this
sort of code in the '<tt>tar</tt>', '<tt>cpio</tt>', and 
'<tt>dump</tt>' sources.
</BLOCKQUOTE>
<P><STRONG><IMG SRC="../gx/dennis/qbub.gif" ALT="(?)"
	HEIGHT="28" WIDTH="50" BORDER="0"
	>
If at all possible,
</STRONG></P>
<BLOCKQUOTE><IMG SRC="../gx/dennis/bbub.gif" alt="(!)"
	HEIGHT="28" WIDTH="50" BORDER="0"
	>
...	(e-mail ellided)
</BLOCKQUOTE>

<BLOCKQUOTE>
I always respond via e-mail whenever I respond at all.
The mark-up to HTML is done at the end of each month by
my lovely assistant (and wife), Heather.
</BLOCKQUOTE>

<!-- sig -->

<!-- end 52 -->
<!--     .~~.~~.~~.~~.~~.~~.~~.~~.~~.~~.~~.~~.~~.~~.~~.~~.~~.~~.     -->
<A NAME="tag/53"><HR WIDTH="75%" ALIGN="center"></A>
<!-- begin 53 -->
<H3 align="left"><img src="../gx/dennis/qbubble.gif" height="50" width="60"
	  alt="(?) " border="0">
Mounting multiple CD's
</H3>


<p><strong>From ali  on Mon, 14 Dec 1998  
</strong></p>
<!-- ::
Mounting multiple CD's
~~~~~~~~~~~~~~~~~~~~~~
:: -->
<P><STRONG><IMG SRC="../gx/dennis/qbub.gif" ALT="(?)"
	HEIGHT="28" WIDTH="50" BORDER="0"
	>
HI
</STRONG></P>
<P><STRONG>
I've just recently purchased a copy of <A HREF="http://www.redhat.com/">Red Hat</A> Linux 5.0 and a new CD
drive(ie. I now have 2 CD drives) and I need to know how to mount them.
</STRONG></P>
<P><STRONG>
The 2 drives are connected to the IDE on my soundblaster AWE-64 sound card
and I need to know how to mount the drives from there. (I previously had
one drive and mounted it using <TT>/dev/cdrom</TT> but now what do I use?)
</STRONG></P>

<BLOCKQUOTE><IMG SRC="../gx/dennis/bbub.gif" alt="(!)"
	HEIGHT="28" WIDTH="50" BORDER="0"
	>
<TT>/dev/cdrom</TT> is normally a symbolic link (sometimes a hard
link) to some other device node such as <TT>/dev/hdc</TT> (first
device on the second IDE channel) or <TT>/dev/scd0</TT> (first CD
device on the first SCSI channel).
</BLOCKQUOTE>

<P><STRONG><IMG SRC="../gx/dennis/qbub.gif" ALT="(?)"
	HEIGHT="28" WIDTH="50" BORDER="0"
	>
The two drives are:
<br>1) Samsung SCR-2030
<br>2) HP CD-Writer Plus 8100
</STRONG></P>

<BLOCKQUOTE><IMG SRC="../gx/dennis/bbub.gif" alt="(!)"
	HEIGHT="28" WIDTH="50" BORDER="0"
	>
These (and the fact that you refer to your Sound card)
sound like SCSI devices.  You'd simply find out which of
these your <TT>/dev/cdrom</TT> is linked to (by mounting it as
normal or inspecting the 'ls -il' output of your
<TT>/dev/</TT> directory).
</BLOCKQUOTE>
<BLOCKQUOTE><em>
	[ And, you could tell which one it was since its light will flash
	  when you mount the disc. --&nbsp;Heather&nbsp;]
</em></BLOCKQUOTE>
<BLOCKQUOTE>
For the other you'd use a command like:
</BLOCKQUOTE>
<BLOCKQUOTE><BLOCKQUOTE><CODE>
mount -t iso9660 -o ro <TT>/dev/scd1</TT> <TT>/mnt/cdrom1</TT>
</CODE></BLOCKQUOTE></BLOCKQUOTE>

<BLOCKQUOTE>
... where the -t specifies the filesystem type (ISO 9660
is the standard for normal CD's), -o is a set of options
(read-only in this case) and the next two parameters are a
device name (second SCSI CD drive), and an arbitrary mount
point (usually an empty directory under the <TT>/mnt</TT> tree
--- or an empty directory in any other convenient location).
</BLOCKQUOTE>
<BLOCKQUOTE>
You could name that mountpoint anything that your filesystem
will allow (just about anything).  I use <TT>/mnt/cd*</TT> or
<TT>/mnt/cdrom*</TT> as prefixes to these names for obvious reasons.
</BLOCKQUOTE>
<BLOCKQUOTE>
If this new drive is on an IDE interface its likely that
you'd use something like <TT>/dev/hdc</TT> or <TT>/dev/hdd</TT> for the
device name.
</BLOCKQUOTE>
<P><STRONG><IMG SRC="../gx/dennis/qbub.gif" ALT="(?)"
	HEIGHT="28" WIDTH="50" BORDER="0"
	>
Any help will be appreciated.
</STRONG></P>
<P><STRONG>
Thanks
Ali
</STRONG></P>

<!-- sig -->

<!-- end 53 -->
<!--     .~~.~~.~~.~~.~~.~~.~~.~~.~~.~~.~~.~~.~~.~~.~~.~~.~~.~~.     -->
<A NAME="tag/54"><HR WIDTH="75%" ALIGN="center"></A>
<!-- begin 54 -->
<H3 align="left"><img src="../gx/dennis/qbubble.gif" height="50" width="60"
	  alt="(?) " border="0">
More on Multi-Feed Netnews (leafnode)
</H3>

<BLOCKQUOTE>
Some additional comments by one of the authors/maintainers
of leafnode(?).
</BLOCKQUOTE>

<p><strong>From <EM>The Answer Guy</EM> on Mon, 14 Dec 1998  
</strong></p>
<!-- ::
More on Multi-Feed Netnews (leafnode)
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
:: -->

<P><STRONG><IMG SRC="../gx/dennis/qbub.gif" ALT="(?)"
	HEIGHT="28" WIDTH="50" BORDER="0"
	>
Jim,
<br>I have a question in the "Answer Guy's" inbox regarding
multi-feed leaf netnews.  I don't remember which package
my querent was using (leafnode, suck?, ???) but his
question regarded whether it's possible using any of these
packages to download news from multiple sites and upload/
feed them back selectively).
</STRONG></P>

<BLOCKQUOTE><IMG SRC="../gx/dennis/bbub.gif" alt="(!)"
	HEIGHT="28" WIDTH="50" BORDER="0"
	>
It is possible with suck/INN, of course. (Everything is possible with
this combination, I suppose 
<IMG SRC="<TT>../gx/dennis/smily.gif</TT>" ALT=":-)" 
				height="24" width="20" align="middle">.
</BLOCKQUOTE>
<BLOCKQUOTE>
It is also possible with leafnode, starting from 1.7.
</BLOCKQUOTE>
<BLOCKQUOTE>
The config file should look like this:
</BLOCKQUOTE>
<BLOCKQUOTE><pre>
server = news.a.org
supplement = news.b.com
expire = 14			# expire messages after that many days
create_all_links = no		# optional, saves disk space
</pre></BLOCKQUOTE>
<BLOCKQUOTE>
Leafnode should be able to figure out everything else on its own.
</BLOCKQUOTE>
<BLOCKQUOTE>
If you need usernames and passwords for servers, it becomes a bit more
complicated, but leafnode can handle this as well:
</BLOCKQUOTE>
<BLOCKQUOTE><pre>
server = news.a.org
username = user_at_a
password = password_at_a
supplement = news.b.com
username = user_at_b
password = password_at_b
expire = 14
create_all_links = no
</pre></BLOCKQUOTE>
<BLOCKQUOTE>
HTH,
- --Cornelius.
</BLOCKQUOTE>
<BLOCKQUOTE><em>
/* Cornelius Krasel, U Wuerzburg, Dept. of Pharmacology, Versbacher Str. 9 */
</em></BLOCKQUOTE>
<!-- sig -->
<!-- end 54 -->
<!--     .~~.~~.~~.~~.~~.~~.~~.~~.~~.~~.~~.~~.~~.~~.~~.~~.~~.~~.     -->
<A NAME="tag/55"><HR WIDTH="75%" ALIGN="center"></A>
<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 3.2//EN">
<html>
<head>
<META NAME="generator" CONTENT="lgazmail v1.1G.e">
<TITLE>The Answer Guy 36: 
Getting 'rsh' to work
</TITLE>
</HEAD><BODY BGCOLOR="#FFFFFF" TEXT="#000000"
	LINK="#3366FF" VLINK="#A000A0">
<!-- ::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::: -->
<H4>"The Linux Gazette...<I>making Linux just a little more fun!</I>"</H4>
<P> <hr> <P>
<!-- ::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::: -->
<center>
<H1><A NAME="answer">
	<img src="../gx/dennis/qbubble.gif" alt="(?)" border="0" align="middle">
	<font color="#B03060">The Answer Guy</font>
	<img src="../gx/dennis/bbubble.gif" alt="(!)" border="0" align="middle">
</A></H1> 
<BR>
<H4>By James T. Dennis,
	<a href="mailto:answerguy@ssc.com">answerguy@ssc.com</a><BR>
	Starshine Technical Services,
	<A HREF="http://www.starshine.org/">http://www.starshine.org/</A> 
</H4>
</center>

<p><hr><p>
<!-- ::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::: -->
<!-- begin 55 -->
<H3 align="left"><img src="../gx/dennis/qbubble.gif" height="50" width="60"
	  alt="(?) " border="0">
Getting 'rsh' to work
</H3>


<p><strong>From Anthony Howe  on Mon, 14 Dec 1998  
</strong></p>
<!-- ::
Getting 'rsh' to work
~~~~~~~~~~~~~~~~~~~~~
:: -->

<P><STRONG><IMG SRC="../gx/dennis/qbub.gif" ALT="(?)"
	HEIGHT="28" WIDTH="50" BORDER="0"
	>
Oh hum.  I'm having trouble with getting rsh to work between two
machines for a specific task.  I've read the rsh, tcpd, and hosts.allow
man pages and I still can't get it to work.
</STRONG></P>

<p><strong><OL>
<li>the same user "joe" with the same password exists on both "client"
    and "server" machines.

<li>server's hosts.deny:		
	<br><tt>ALL:ALL</tt>

<li>server's hosts.allow:
 	<br><tt>in.rshd:1.2.3.4</tt>

<li>server's inetd.conf:		
	<br>"shell" line uncommented

<li>I have an A record for:		 
	<br><tt>client &nbsp; &nbsp; A &nbsp; &nbsp; 1.2.3.4</tt>

<li>and I have a PTR record for:	
	<br><tt>4.3.2.1.in-addr.arpa &nbsp; &nbsp; PTR &nbsp; &nbsp; client</tt>
</OL>

Now every time I try and do something as simple as:
</strong></p>

<Pre><STRONG>joe@client$ rsh server '/bin/ls /home/joe'</STRONG></Pre>

<P><STRONG>
I get "Permission denied".  The logs on neither client nor server
provide no reason for the "Permission denied".
</STRONG></P>
<P><STRONG>
Maybe I just over-tired, but I can't figure out what I'm overlooking.
Can anyone please tell me what I'm missing?
</STRONG></P>
<BLOCKQUOTE><IMG SRC="../gx/dennis/bbub.gif" alt="(!)"
	HEIGHT="28" WIDTH="50" BORDER="0"
	>
What is the precise line in your <TT>/etc/inetd.conf?</TT>
</BLOCKQUOTE>
<BLOCKQUOTE>
Some versions of in.rshd and in.rlogind have options
which force the daemon to ignore .rhosts files (-l)
allow 'superuser' access (-h), syslog all access
attempts (-L), and perform "double reverse lookups"
(-a).
</BLOCKQUOTE>
<BLOCKQUOTE>
It looks like your forward and reverse records are alright
(assuming that the client's <TT>/etc/resolv.conf</TT> is pointing
at a name server that recognized the authority for the
zones you're using).
</BLOCKQUOTE>
<BLOCKQUOTE>
Note: If you are going through IP Masquerading at some point
(some sort of proxy/firewall package) then there's also the
remote chance that your source port is being remapped to
some unprivileged (&gt;1024) port as the packets are re-written
by your masquerading/NAT router.
</BLOCKQUOTE>
<BLOCKQUOTE>
I did complain to the Linux/GNU maintainers of the
rshd/rlogind package about the fact that their syslog
messages don't provide more detailed errors on denial.
However, I'm not enough of a coder to supply patches.
</BLOCKQUOTE>
<BLOCKQUOTE>
To test this without TCP Wrappers at all try
commenting out the line that looks something like:
</BLOCKQUOTE>
<blockquote><pre>shell	stream	tcp	nowait	root	/usr/sbin/tcpd		in.rshd -a
</pre></blockquote><BLOCKQUOTE>
... and replacing it with something like:
</BLOCKQUOTE>
<blockquote><pre>shell	stream	tcp	nowait	root	/usr/sbin/in.rshd	in.rshd -L
</pre></blockquote><BLOCKQUOTE>
(note: we just changed the tcpd to refer to rshd).
</BLOCKQUOTE>
<!-- sig -->
<!-- end 55 -->
<!--     .~~.~~.~~.~~.~~.~~.~~.~~.~~.~~.~~.~~.~~.~~.~~.~~.~~.~~.     -->
<A NAME="tag/56"><HR WIDTH="75%" ALIGN="center"></A>
<!-- begin 56 -->
<H3 align="left"><img src="../gx/dennis/bbubble.gif" height="50" width="60"
	  alt="(!) " border="0">
Linux as a Netware Client
</H3>

<p><strong>From Jedd  on Sat, 05 Dec 1998  
</strong></p>

<!-- ::
More on:
Linux as a Netware Client
~~~~~~~~~~~~~~~~~~~~~~~~~
:: -->
<P><STRONG><IMG SRC="../gx/dennis/qbub.gif" ALT="(?)"
	HEIGHT="28" WIDTH="50" BORDER="0"
	>
Howdi,
</STRONG></P>
<P><STRONG>
In the December issue of LG, you answered someone's 
<a href="/issue35/tag/netware.html">query regarding
accessing their netware servers</a> from Linux, by pointing him at 
<A HREF="http://www.caldera.com/">Caldera</A> or the ncpfs package.
</STRONG></P>
<P><STRONG>
The caldera system is quite fine, albeit based on Redhat, and between
the two companies they seem to have not only ignored the old FSSTND,
but positively danced on its grave.  
&lt;hug <A HREF="http://www.debian.org/">Debian</A>&gt;  Trying to get the
Caldera Netware client working under Debian, btw, was a right pain (I've
still not done it), so it may not be feasible.  Looking at their archives,
it appears that even getting it to work under pure Redhat is a bit, uhm,
'challenging'.
</STRONG></P>
<P><STRONG>
However, for your info, the ncpfs package does support NDS (Netware
4 &amp; 5) connections - and has done for the last two minor releases.  I'm
still experiencing some problems with this feature - when trying to
concurrently authenticate to two servers in the same tree - but I hope/
suspect that's me doing something funny.
</STRONG></P>
<P><STRONG>
Cheers,
<br>Jedd.
</STRONG></P>

<BLOCKQUOTE><IMG SRC="../gx/dennis/bbub.gif" alt="(!)"
	HEIGHT="28" WIDTH="50" BORDER="0"
	>
Some more feedback that I'll just present on its own merits.
</BLOCKQUOTE>

<!-- sig -->

<!-- end 56 -->
<!--     .~~.~~.~~.~~.~~.~~.~~.~~.~~.~~.~~.~~.~~.~~.~~.~~.~~.~~.     -->
<A NAME="tag/57"><HR WIDTH="75%" ALIGN="center"></A>
<!-- begin 57 -->
<H3 align="left"><img src="../gx/dennis/qbubble.gif" height="50" width="60"
	  alt="(?) " border="0">
LILO Default
</H3>

<p><strong>From Steven W.Cline on Mon, 07 Dec 1998  
</strong></p>
<!-- ::
LILO Default
~~~~~~~~~~~~
:: -->
<P><STRONG><IMG SRC="../gx/dennis/qbub.gif" ALT="(?)"
	HEIGHT="28" WIDTH="50" BORDER="0"
	>
Answerguy,
</STRONG></P>
<P><STRONG>
I've been searching for this but can't find it.  I would like to change the
default OS that lilo loads.  Right now it is Linux.  How can I change the
default to DOS?
</STRONG></P>
<P><STRONG>
This is because I am the only one using Linux and the rest of the family 
uses DOS.
</STRONG></P>
<P><STRONG>
Steven W.Cline
<br>San Bruno, Ca.
</STRONG></P>

<BLOCKQUOTE><IMG SRC="../gx/dennis/bbub.gif" alt="(!)"
	HEIGHT="28" WIDTH="50" BORDER="0"
	>
The default is the first "stanza" (boot image)
listed in the <TT>/etc/lilo.conf.</TT>
</BLOCKQUOTE>
<BLOCKQUOTE>
So, just edit that file and move the block for your Windows stanza to 
place it after any global directives and before any other OSes that you 
have listed.
</BLOCKQUOTE>
<BLOCKQUOTE>
Alternatively you can just use the <tt>default=</tt> directive
to specify the label of the image that you want to use.
</BLOCKQUOTE>
<BLOCKQUOTE>
(Hint:  searching the <tt>lilo.conf(5)</tt> man page on the
term "<tt>default</tt>" leads us to the answer within a few shots.
</BLOCKQUOTE>

<BLOCKQUOTE><em>
	[ I should only comment on layout stuff, but here, I just gotta.
</em></BLOCKQUOTE>

<BLOCKQUOTE><em>
	  Once upon a time when <tt>antares</tt> was a multi-boot
	  machine, I had it set up so that CTRL-ALT-DEL would
	  always reboot you into "the other OS".  For a while it was 
	  so handy, I'd even forgotten how we did it... so I wasn't
	  able to tell Jim!  But here's a trick that should work:  
</em></BLOCKQUOTE>
<BLOCKQUOTE><em>
	  Add a line to <tt>/etc/inittab</tt> that reads:
</em></BLOCKQUOTE>

<BLOCKQUOTE><blockquote><code>
	ms::boot:/sbin/lilo -R dos
</code></blockquote></BLOCKQUOTE>

<BLOCKQUOTE><em>
	  <br>(assuming you've named your stanzas <tt>linux</tt> and 
	  <tt>dos</tt>).  The '<tt>ms</tt>' is a gratuitous identifier; it
	  could really be anything, as long as the other inittab lines have
	  a different first value.   The '<tt>-R</tt>' stores a 
	  LILO command choice for only one session, so on the next reboot 
	  (from DOS, which isn't saying anything special to LILO) you'll
	  go back to the other OS... unless sometime during your linux
	  session, you run another <tt>lilo -R</tt> command that mentions
	  a different command line to default to.  However, you leave the
	  lilo default to linux this way.  I suppose you could use this
	  to run <tt>/sbin/lilo -R linux</tt> so that reboots from Linux
	  will tend to stay in Linux, with the default set as Jim described
          to <tt>dos</tt> so that power-on, and reboots in DOS, will tend 
	  to stay in DOS.
</em></BLOCKQUOTE>
<BLOCKQUOTE><em>
	  I don't know if there's a LILO control program for DOS
	  these days, but with LOADLIN and a copy of the kernel stored
          in DOS-accessible space, you could even create a script
	  that would let you add "Linux" to your DOS or Windows menu
	  system.  If you prefer to go that way, you could even uninstall
	  LILO and put back a plain DOS master boot record, so it would
          never ask anymore.  Or, you can set LILO to delay forever, so 
	  you can always choose which OS ... though this loses the benefit
	  of being able to ignore the system while it boots.
	--&nbsp;Heather&nbsp;]
</em></BLOCKQUOTE>
<!-- sig -->
<!-- end 57 -->
<!--     .~~.~~.~~.~~.~~.~~.~~.~~.~~.~~.~~.~~.~~.~~.~~.~~.~~.~~.     -->
<A NAME="tag/61"><HR WIDTH="75%" ALIGN="center"></A>
<!-- begin 61 -->
<H3 align="left"><img src="../gx/dennis/qbubble.gif" height="50" width="60"
	  alt="(?) " border="0">
Uninstalling Linux
</H3>


<p><strong>From Tom Monaghan  on Fri, 18 Dec 1998  
</strong></p>
<!-- ::
Uninstalling Linux
~~~~~~~~~~~~~~~~~~
:: -->

<P><STRONG><IMG SRC="../gx/dennis/qbub.gif" ALT="(?)"
	HEIGHT="28" WIDTH="50" BORDER="0"
	>
i cannot find any info on the best way to uninstall 
<A HREF="http://www.redhat.com/">Red Hat</A> Linux 5.2.
</STRONG></P>
<P><STRONG>
I must reinstall DOS as linux does not support my video driver (yet).
Any help would be appreciated.  Thanks.
</STRONG></P>

<BLOCKQUOTE><IMG SRC="../gx/dennis/bbub.gif" alt="(!)"
	HEIGHT="28" WIDTH="50" BORDER="0"
	>
When you installed Linux, you probably created a set
of partitions on one of your hard disks.  You can just
go into the Linux '<tt>fdisk</tt>' (using your installation diskette
or CD) and delete all of your Linux parititions (including
swap and "native" (ext2)).
</BLOCKQUOTE>
<BLOCKQUOTE>
Once you done that then DOS/Windows should be "willing" to
create new partitions in the unallocated portions of disk
space that you've created by deleting your Linux partitions.
</BLOCKQUOTE>
<BLOCKQUOTE>
If the whole disk was devoted to Linux and you want to
trick MSDOS into believing that this whole drive is
"fresh from the factory" you can use the following
trick:
</BLOCKQUOTE>
<BLOCKQUOTE><strong><em><font color="#660000">
WARNING! THIS WILL WIPE OUT ALL DATA ON YOUR DISK!
</font></em></strong></BLOCKQUOTE>

<BLOCKQUOTE><dl>
<dt>Boot into Linux (on a rescue diskette
	or into the working copy that you have installed)
<dt>Login as <tt>root</tt>.
<dt>Issue a command <EM>like</EM> the following:
	<dd><tt>dd if=/dev/zero count=1 of=/dev/hda</tt>
</dl></BLOCKQUOTE>
<BLOCKQUOTE>

</BLOCKQUOTE>
<BLOCKQUOTE>
... NOTE:  The "of" parameter should point at
the device node for your disk.  If are doing this
to the first or only IDE drive on your system (the
most likely case) you'd use <TT>/dev/hda</TT> as I've shown.
If you're doing this to the first SCSI drive it
would be <TT>/dev/sda</TT>, if you were doing it to a second
IDE or SCSI drive that would be <TT>/dev/hdb</TT> or <TT>/dev/sdb</TT>
respectively, and so on.
</BLOCKQUOTE>
<BLOCKQUOTE>
To get some idea of which drives and partitions
you have Linux installed on you could use the
command:
</BLOCKQUOTE>
<BLOCKQUOTE><BLOCKQUOTE><CODE>
fdisk -l | less
</CODE></BLOCKQUOTE></BLOCKQUOTE>
<BLOCKQUOTE>

</BLOCKQUOTE>
<BLOCKQUOTE>
... to look at the partitions on all drives that
Linux can see.  Note that you'll see partitions
like <TT>/dev/hda1</TT> and <TT>/dev/hda5</TT>, etc.  These are
partitions on the first IDE drive (/dev/hda).
</BLOCKQUOTE>

<BLOCKQUOTE>
When we zero out the first sector of the drive, operating
systems will consider the whole drive to be blank and
will install just as you would on a brand new hard drive.
(Technically under MS-DOS you could just wipe out the two
bytes at the end of the first sector --- which is a
signature value that MS-DOS <tt>FDISK.COM</tt> (or 
<tt>FDISK.EXE</tt>) uses to detect a partiton table or MBR.  
Naturally you could also delete the partitions (as described 
earlier) and then boot from a DOS floppy and issue the command:
</BLOCKQUOTE>
<BLOCKQUOTE> <BLOCKQUOTE> <CODE>
FDISK /MBR
</CODE> </BLOCKQUOTE> </BLOCKQUOTE>
<BLOCKQUOTE>

</BLOCKQUOTE>
<BLOCKQUOTE>
... this will work on MS-DOS 5.0 and later.  Otherwise
use the 'dd' method from Linux.
</BLOCKQUOTE>
<BLOCKQUOTE>
Incidentally I rather doubt that <EM>Linux</EM> doesn't support
your video card.
</BLOCKQUOTE>
<BLOCKQUOTE>
It is probably more formally correct to say that XFree86
doesn't support your video card.  You don't need to run a
GUI to use most of Linux (I rarely go into X Windows).
</BLOCKQUOTE>

<BLOCKQUOTE><em>
	[ They just released XFree86 3.3.3 recently, so maybe you
	  should check again with a fresh X package from 
	  <a href="http://www.xfree86.org/"
		>http://www.xfree86.org/</a> and see if it has
	  your card in it now.  --&nbsp;Heather&nbsp;]
</em></BLOCKQUOTE>

<BLOCKQUOTE>
As I point out in other messages there are a couple of
alternatives to XFree86 including some freely distributed
binary X servers (source code unavailable) which can be
found at the Red Hat contrib site and other mirrors and
software archives, and there are a couple of commercial X
Windows System packages for Linux (from Xi Graphics:
<A HREF="http://www.xig.com">http://www.xig.com</A>, and 
MetroLink: <A HREF="http://www.metrolink.com"
		>http://www.metrolink.com</A>).
</BLOCKQUOTE>

<!-- sig -->

<!-- end 61 -->

<hr width="40%" align="center">

<!-- begin 59 -->
<H3 align="left"><img src="../gx/dennis/qbubble.gif" height="50" width="60"
	  alt="(?) " border="0">
Uninstalling Linux
</H3>


<p><strong>From Tom Monaghan  on Fri, 18 Dec 1998  
</strong></p>
<P><STRONG>
Thanks.  Since I was in a hurry, I just ran the install and deleted
all my linux partitions via Disk Druid (coincidentally the same tack
you suggest) and booted out of the install.  So now I am back to DOS :(
</STRONG></P>
<P><STRONG>
I have RH 5.2 at home, so deleting linux here at work does not end my
experimentation with this OS.  The thing I am stuck on at home is
getting my modem to connect to my ISP.  This is so freaking
frustrating I had to step away for a day or so...Will continue to bang
on linux until I get it right.  It's funny, I have a decent amount of
UNIX experience under my belt (I am ashamedly a Software Developer),
but when it comes to configging stuff I am a moron!
</STRONG></P>
<P><STRONG>
Super L/User
</STRONG></P>

<!-- sig -->
<!-- end 59 -->
<!--     .~~.~~.~~.~~.~~.~~.~~.~~.~~.~~.~~.~~.~~.~~.~~.~~.~~.~~.     -->
<A NAME="tag/62"><HR WIDTH="75%" ALIGN="center"></A>
<!-- begin 62 -->
<H3 align="left"><img src="../gx/dennis/qbubble.gif" height="50" width="60"
	  alt="(?) " border="0">
Making a Kernel Requires 'make'
</H3>


<p><strong>From Mohd. Faizal Nordin  on Fri, 18 Dec 1998  
</strong></p>
<!-- ::
Making a Kernel Requires 'make'
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
:: -->
<P><STRONG><IMG SRC="../gx/dennis/qbub.gif" ALT="(?)"
	HEIGHT="28" WIDTH="50" BORDER="0"
	>
Hai everybody....
</STRONG></P>

<P><STRONG>
I am having problem to compile my kernel in order to set my ppp and
diald. The problem is when I want to compile kernel for RedHat 5.1 I got
error msg: " make : bash command not found ".
</STRONG></P>
<P><STRONG>
Can someone pls help me on this problem.
</STRONG></P>

<P><STRONG>
Cheers...
<br>fiber...
</STRONG></P>

<BLOCKQUOTE><IMG SRC="../gx/dennis/bbub.gif" alt="(!)"
	HEIGHT="28" WIDTH="50" BORDER="0"
	>
It sounds like you need to install '<tt>make</tt>' (the package
that interprets "makefiles" and traverses the sources
resolving dependencies by compiling, linking and otherwise
manipulating the sources, object files, etc).  (Either
you need to install the package or make sure that it and
your other development tools are properly on your PATH).
</BLOCKQUOTE>
<BLOCKQUOTE>
You also need <tt>gcc</tt> (the GNU C compiler) and the 
'<tt>binutils</tt>' package (which contains '<tt>ar</tt>' 
'<tt>ld</tt>' and the assemblers and
other tools that are needed to build most C programs).
</BLOCKQUOTE>
<BLOCKQUOTE>
It seems odd that you need to recompile your kernel for
PPP support.  Most distributions ship with that built in
or with a modular kernel and a selection of pre-compiled
modules.
</BLOCKQUOTE>

<!-- sig -->

<!-- end 62 -->
<!--     .~~.~~.~~.~~.~~.~~.~~.~~.~~.~~.~~.~~.~~.~~.~~.~~.~~.~~.     -->
<A NAME="tag/63"><HR WIDTH="75%" ALIGN="center"></A>
<!-- begin 63 -->
<H3 align="left"><img src="../gx/dennis/qbubble.gif" height="50" width="60"
	  alt="(?) " border="0">
Using only 64Mb out of 128Mb Available
</H3>


<p><strong>From Terry Singleton on Thu, 17 Dec 1998  
</strong></p>
<!-- ::
Using only 64Mb out of 128Mb Available
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
:: -->

<P><STRONG><IMG SRC="../gx/dennis/qbub.gif" ALT="(?)"
	HEIGHT="28" WIDTH="50" BORDER="0"
	>
When I run the admin tool "<tt>top</tt>" it appears as if my system 
is only using 64MB of memory.
</STRONG></P>

<pre><strong> 11:00am  up 4 days, 23:39,  2 users,  load average: 0.07, 0.03, 0.00
 40 processes: 39 sleeping, 1 running, 0 zombie, 0 stopped
 CPU states:  0.3% user,  0.1% system,  0.0% nice, 99.6% idle
 Mem:   64168K av,  57420K used,   6748K free,  19820K shrd,  19816K buff
 Swap: 104384K av,     24K used, 104360K free                 23932K cached
</strong></pre><P><STRONG>
The results show 64168K av which indicates 64168K of available memory yet
our system has 128MB RAM? I have the same results on 2 other Linux servers
with more than 64MB RAM.
</STRONG></P>
<P><STRONG>
I am running RedHat 5.1, is there anything <EM>special</EM> I have to do to tell
the system I have more than 64MB, recompile the kernel..?
</STRONG></P>
<P><STRONG>

</STRONG></P>
<BLOCKQUOTE><IMG SRC="../gx/dennis/bbub.gif" alt="(!)"
	HEIGHT="28" WIDTH="50" BORDER="0"
	>
This is a classic FAQ.  The BIOS standards for memory query
(Int 12h?) don't support the return of more than 64Mb of
RAM.  There are a number of different mechanisms for doing
this on different chipsets, and some were "dangerous" (in
the sense that they might hang some systems with a different
API/BIOS).  So, Linux didn't support automatic detection of
more than 64Mb on most systems until very recently
(2.0.36?).
</BLOCKQUOTE>
<BLOCKQUOTE>
You've always been able to over-ride this with a kernel
parameter.  As you may know from my earlier articles or from
the LILO man pages you can pass parameters to the Linux
kernel using an append= directive in your <TT>/etc/lilo.conf</TT>
file (and subsequently runing <TT>/sbin/lilo</TT>, of course) or by
manually appending the parameters on the command line at the
LILO prompt (or on the LOADLIN.EXE command line).
</BLOCKQUOTE>
<BLOCKQUOTE>
To do this with <tt>lilo.conf</tt> you add lines of the form:
</BLOCKQUOTE>
<BLOCKQUOTE> <BLOCKQUOTE> <CODE>
append="mem=128M"
</CODE> </BLOCKQUOTE> </BLOCKQUOTE>

<BLOCKQUOTE>
... to each of the Linux stanzas to which you want this to
apply.  (I'd leave one of them without it for the first try
so you have a working configuration into which you can boot
in case there's a problem with your system.  I've heard of
some cases where users had to reduce their memory
configuration by 1Mb for odd reasons).
</BLOCKQUOTE>
<BLOCKQUOTE>
With the newer 2.0.36 and 2.1.x kernels you shouldn't
need to do this (they have new autodetection code that
should handle all of the common chipsets).
</BLOCKQUOTE>
<BLOCKQUOTE>
One trick for programmers --- if you want to ensure that
your code or distribution will run in limited memory
constraints you can do a quick test using a smaller
mem= parameter to force the kernel to run in less space
than it normally would.
</BLOCKQUOTE>
<BLOCKQUOTE>
WARNING:  If you forget the trailing '<TT>M</TT>' the kernel load
will fail when it tries to allocate the specified amount
of RAM <EM>in bytes</EM>. (Don't do that!).
</BLOCKQUOTE>
<BLOCKQUOTE>
In any event you might want to check out some of the
FAQ's on Linux since I'm sure this is in a couple of them.
</BLOCKQUOTE>

<!-- sig -->

<!-- end 63 -->
<hr width="40%" align="center">

<!-- begin 60 -->
<H3 align="left"><img src="../gx/dennis/qbubble.gif" height="50" width="60"
	  alt="(?) " border="0">
Using only 64Mb out of 128Mb Available
</H3>


<p><strong>From Terry Singleton on Fri, 18 Dec 1998  
</strong></p>

<!-- ::
More on:
Using only 64Mb out of 128Mb Available
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
:: -->

<P><STRONG><IMG SRC="../gx/dennis/qbub.gif" ALT="(?)"
	HEIGHT="28" WIDTH="50" BORDER="0"
	>
Thanks Jim.I added the line as you suggested, however it did not seem to
<EM>take</EM> am I supposed to be it under the boot image section 
itself? Memory is still 64000av.
</STRONG></P>

<BLOCKQUOTE><IMG SRC="../gx/dennis/bbub.gif" alt="(!)"
	HEIGHT="28" WIDTH="50" BORDER="0"
	>
Sorry, I should have been more detailed.  You need
to add this <tt>append=</tt> directive to each of the stanzas to
which it applies.  (You could have a couple of stanzas
that referred to reduced memory configuration if you were
a software developer, tester or reviewer so that you could
test a package's behaviour under varying memory constraints).
</BLOCKQUOTE>
<P><STRONG><IMG SRC="../gx/dennis/qbub.gif" ALT="(?)"
	HEIGHT="28" WIDTH="50" BORDER="0"
	>
This is what I have:
</STRONG></P>

<pre><strong> boot=/dev/sda
 map=/boot/map
 install=/boot/boot.b
 prompt
 timeout=50
 append="mem=128M"
 image=/boot/vmlinuz-2.0.34-0.6
         label=linux
         root=/dev/sda1
         initrd=/boot/initrd-2.0.34-0.6.img
         read-only
</strong></pre><P><STRONG>
should it be:
</STRONG></P>

<pre><strong> boot=/dev/sda
 map=/boot/map
 install=/boot/boot.b
 prompt
 timeout=50
 image=/boot/vmlinuz-2.0.34-0.6
         label=linux
         root=/dev/sda1
         initrd=/boot/initrd-2.0.34-0.6.img
         read-only
 	  append="mem=128M"
</strong></pre><BLOCKQUOTE><IMG SRC="../gx/dennis/bbub.gif" alt="(!)"
	HEIGHT="28" WIDTH="50" BORDER="0"
	>
Yes.
</BLOCKQUOTE>
<BLOCKQUOTE>
(Also remember to re-run <TT>/sbin/lilo</TT> to read this
config file and build the new boot blocks and maps
therefrom).
</BLOCKQUOTE>
<BLOCKQUOTE>
Incidentally it would have been quicker and reasonably
safe (in this case) to just try the experiement.  It
should have worked and you'd have gotten your answer
much quicker.
</BLOCKQUOTE>
<BLOCKQUOTE>
I can understand a degree of hesitation about experimenting
with the boot blocks and partition tables (a data structure
that's stored in the the same block as the MBR first stage
boot block).   Obviously a mistake means that you can't
boot at all.
</BLOCKQUOTE>
<BLOCKQUOTE>
However, it's wise to have a backup <em>and a working rescue
floppy</em> and to practice using them before you make any
changes to your <TT>/etc/lilo.conf.</TT>
</BLOCKQUOTE>

<!-- sig -->

<!-- end 60 -->
<!--     .~~.~~.~~.~~.~~.~~.~~.~~.~~.~~.~~.~~.~~.~~.~~.~~.~~.~~.     -->
<A NAME="tag/64"><HR WIDTH="75%" ALIGN="center"></A>
<!-- begin 64 -->
<H3 align="left"><img src="../gx/dennis/qbubble.gif" height="50" width="60"
	  alt="(?) " border="0">Manipulating Clusters on a Floppy ...</H3>


<p><strong>From Padma Kumar on Thu, 17 Dec 1998  
</strong></p>
<P><STRONG>
Sir,
</STRONG></P>
<P><STRONG>
I'am basically want to write an application which needs to mark a
particular predefined cluster as bad, and  also  need to change
dynamically  the value contained in the specific cluster.  Is there any
way by which we can write some data into a cluster, mark that cluster as
bad, again i need to mark that  bad cluster as usable and update the
data in the cluster and then mark it as bad again.
</STRONG></P>
<P><STRONG>
I would be greatful if you could help me out with this task or tell me
where i can find some information regarding this.
</STRONG></P>
<P><STRONG>
Thanking you for your consideration.
<br>With Regards
<br>Padma Kumar
</STRONG></P>
<BLOCKQUOTE><IMG SRC="../gx/dennis/bbub.gif" alt="(!)"
	HEIGHT="28" WIDTH="50" BORDER="0"
	>
This is a rather dubious request.
</BLOCKQUOTE>
<BLOCKQUOTE>
You'd have to write you're own custom programs to do this
(for each filesystem type that you wanted to support ---
since different filesystems have different mechanisms for
marking clusters as bad).
</BLOCKQUOTE>
<BLOCKQUOTE>
I've heard of MS-DOS virus writers, and some copy protection
schemes, that used similar techniques to covertly write
keying information on people's systems back when software
copy-protection <EM>seemed</EM> feasible.  The demise of this
technique has two major dimensions:
</BLOCKQUOTE>

<BLOCKQUOTE>
There were chronic technical problems caused to
legitimate users (thus decreasing customer
satisfaction while increasing support costs).
(Problems resulting from restoration of user
programs and data after a hardware failure or
upgrade are one example). A moderately skilled
cracker could easily reverse engineer and bypass
these measures (often by "NOP-ing" out the portions
of code that performed the objectional hackery).
</BLOCKQUOTE>
<BLOCKQUOTE>
Many users/customer simply rejected the whole
adversarial stance of software companies employing
these techniques.  We still see tacit acceptance
of "dongles" (hardware keys, typically attached to
parallel or serial ports which are queried by a
program to enable its operation, typically with
some sort of challenge response protocol).  However,
those are only used for a small number of high end
packages.
</BLOCKQUOTE>
<BLOCKQUOTE>

</BLOCKQUOTE>
<BLOCKQUOTE>
To write your own code, just look at the examples in the
programs: <tt>badblocks</tt>, <tt>mke2fs</tt>, and <tt>e2fsck</tt>.  
These all manipulate the badblocks lists on Linux' ext2 filesystems.
</BLOCKQUOTE>
<BLOCKQUOTE>
Naturally you can look at the sources for similar programs
for each other fs which you intend to support.  Note that
most of these programs are under the GPL.  While studying
them and writing your own code is probably a fair use,
if you intend to "cut and paste" code from them you must
read and respect their licenses (which would be in
conflict with any copy-protection applications which you
might have in mind).
</BLOCKQUOTE>
<BLOCKQUOTE>
I realize I'm reading a lot into your question.  I don't
know of any other rational uses for bogus "bad blocks."
</BLOCKQUOTE>

<!-- sig -->

<!-- end 64 -->

<hr width="40%" align="center">

<!-- begin 68 -->
<H3 align="left"><img src="../gx/dennis/qbubble.gif" height="50" width="60"
	  alt="(?) " border="0">
Manipulating clusters on a floppy ...
</H3>


<p><strong>From Padma Kumar  on Sun, 20 Dec 1998  
</strong></p>
<!-- ::
More on:
Manipulating clusters on a floppy ...
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
:: -->
<P><STRONG><IMG SRC="../gx/dennis/qbub.gif" ALT="(?)"
	HEIGHT="28" WIDTH="50" BORDER="0"
	>
Sir,
</STRONG></P>
<P><STRONG>
Thanks for spending time for answering my question ...
</STRONG></P>
<P><STRONG>
Basically i'm trying to write the code in Delphi (Assembly code in
Delphi) for Windows 95 stand-alone PC.
</STRONG></P>
<P><STRONG>
I hope this clarifies ur doubt in short.
</STRONG></P>

<BLOCKQUOTE><IMG SRC="../gx/dennis/bbub.gif" alt="(!)"
	HEIGHT="28" WIDTH="50" BORDER="0"
	>
It clarifies things just fine.  This is the <EM>Linux</EM>
Gazette.  I answer questions that relate to <EM>Linux</EM>.
</BLOCKQUOTE>
<BLOCKQUOTE>
If you have programming questions that related to Win '95
and/or Delphi --- please go to Yahoo! and look for a
Win '95 or Delphi "Answer Guy" (or other support forum).
</BLOCKQUOTE>
<BLOCKQUOTE>
You paid money for that commercial software --- with the
stated or implied benefit of technical support.  It's really
a pity that the companies that sold you these packages aren't
delivering on that promise.
</BLOCKQUOTE>
<BLOCKQUOTE>
As I said, you can look at the Linux sources for
many examples of manipulating many types of filesystems
(including MS-DOS/Win '95) -- those examples are mostly in
C.
</BLOCKQUOTE>

<P><STRONG><IMG SRC="../gx/dennis/qbub.gif" ALT="(?)"
	HEIGHT="28" WIDTH="50" BORDER="0"
	>
Thanking you once more for ur consideration
<br>Expecting a reply soon
</STRONG></P>

<BLOCKQUOTE><IMG SRC="../gx/dennis/bbub.gif" alt="(!)"
	HEIGHT="28" WIDTH="50" BORDER="0"
	>
Have you ever read any of my other answers?
How did you find my address without getting any indication
of the focus of my work?  Is it just that using all that
vendorware has left you desparately seeking support from
anyone you can find?
</BLOCKQUOTE>
<!-- sig -->

<!-- end 68 -->
<!--     .~~.~~.~~.~~.~~.~~.~~.~~.~~.~~.~~.~~.~~.~~.~~.~~.~~.~~.     -->
<A NAME="tag/65"><HR WIDTH="75%" ALIGN="center"></A>
<!-- begin 65 -->
<H3 align="left"><img src="../gx/dennis/qbubble.gif" height="50" width="60"
	  alt="(?) " border="0">
Setting up ircd
</H3>


<p><strong>From paul maney  on Thu, 17 Dec 1998  
</strong></p>
<!-- ::
Setting up ircd
~~~~~~~~~~~~~~~
:: -->

<P><STRONG><IMG SRC="../gx/dennis/qbub.gif" ALT="(?)"
	HEIGHT="28" WIDTH="50" BORDER="0"
	>
hi there i cant set up ircd on redhat Linux i haveing big pog what
can i do to get it to work a.s.p pls from paul marney
</STRONG></P>
<P><STRONG>
you can get me on [phone omitted] or [email omitted]
</STRONG></P>
<BLOCKQUOTE><IMG SRC="../gx/dennis/bbub.gif" alt="(!)"
	HEIGHT="28" WIDTH="50" BORDER="0"
	>
I'm afraid this question is below the literacy threshold.
</BLOCKQUOTE>
<BLOCKQUOTE>
I think this translates to:
</BLOCKQUOTE>

<blockquote><font color="#000066"><em>
		I can't set up 'ircd' on my Red Hat Linux system.
		I'm having "big problems" (with it).  What can I do to
		get it to work?  Please reply ASAP.
</em></font></blockquote>
<BLOCKQUOTE>
First, I've never set up an IRC server.  I've only used
IRC as a client on a few occasions (less than ten in the
last ten years).  I presume that I could set on up if I
tried (and I know some of the people who created Undernet
-- one of the larger IRC networks, so I'm sure I could get
help if I needed it).
</BLOCKQUOTE>
<BLOCKQUOTE>
However, your question shows a remarkable lack of
motivation.  You don't provide any information about what
version of <A HREF="http://www.redhat.com/">Red Hat</A> 
you are using, where you got the your IRC
(Internet Relay Chat) daemon package (I've never seen one
included with Red Hat Linux CD's --- though admittedly I
wasn't looking for it).  More importantly you don't give
any indication of what you've tried or what sort of problems
you've encountered.
</BLOCKQUOTE>
<BLOCKQUOTE>
Based on your message it doesn't appear that you've
even read whatever man pages, README files, and other
documentation came with your ircd package.
</BLOCKQUOTE>
<BLOCKQUOTE>
Glancing around I found an ircd21002.tgz in the 
<A HREF="http://www.slackware.org/">Slackware</A>
contrib directory on ftp.cdrom.com (Walnut Creek,
manufacturers of many fine collections of free software
--- including the Slackware Linux distribution and
<A HREF="http://www.freebsd.org/">FreeBSD</A>).
</BLOCKQUOTE>
<BLOCKQUOTE>
Grabbing that I find a set of documents and an example
<tt>ircd.conf</tt> file that give some hints as to how you'd use
this particular version of IRC.  It turns out that this one
is the "UnderNet" version of <tt>ircd</tt> (I'd heard that they'd
written their own, but coming across here it was just by chance).
</BLOCKQUOTE>
<BLOCKQUOTE>
You could look at the UnderNet web site
(<A HREF="http://www.undernet.org">http://www.undernet.org</A>) but 
that doesn't seem to lead to any technical documentation of the sort 
that you'd need to set up your own server or join one of the
relay networks.  You'd have to know to look at
<A HREF="http://www.undernet.org/documents"
	>http://www.undernet.org/documents</A> (since there don't seem
to be any links from the index page down to this page).
However that doesn't include anything that you need either.
</BLOCKQUOTE>
<BLOCKQUOTE>
My next stop would be Yahoo!:
</BLOCKQUOTE>
<BLOCKQUOTE><dl>
<dt>Computers and Internet:Internet:Chat:IRC:Networks
<dd><tt><A HREF="http://dir.yahoo.com/Computers_and_Internet/Internet/Chat/IRC/"
   >http://dir.yahoo.com/Computers_and_Internet/Internet/Chat/IRC/</A></tt>
</dl></BLOCKQUOTE>
<BLOCKQUOTE>
... and I'll leave it to you to search through those links.
</BLOCKQUOTE>
<BLOCKQUOTE>
Naturally you could also hunt through the IRC channels
and ask the regulars in those that are appropriate.  I
suspect that <EM>some</EM> of the people who install, configure
and maintain these servers are also IRC users.  I think
there's also a couple of news groups that are appropriate
(search your local lists of newsgroups for the string
"irc").
</BLOCKQUOTE>
<BLOCKQUOTE>
If you ask for help from any other parties, I'd suggest
putting some careful thought into crafting your questions
--- most people won't spend nearly the time that I just
have on answer a question that's presented as badly as
this.
</BLOCKQUOTE>
<!-- sig -->
<!-- end 65 -->
<!--     .~~.~~.~~.~~.~~.~~.~~.~~.~~.~~.~~.~~.~~.~~.~~.~~.~~.~~.     -->
<A NAME="tag/66"><HR WIDTH="75%" ALIGN="center"></A>
<!-- begin 58 -->
<H3 align="left"><img src="../gx/dennis/qbubble.gif" height="50" width="60"
	  alt="(?) " border="0">Sendmail on private net with UUCP link to Internet</H3>


<p><strong>From rkblum on Tue, 15 Dec 1998  
</strong></p>
<P><STRONG>
Hello Answer Guy!
</STRONG></P>
<P><STRONG>
Thanks for all of your excellent advice.  I really enjoy your
columns.  In your December issue, you had an 
<a href="/issue35/tag/pvtmail.html">answer for RoLillack</a>
for using Sendmail on a local private network.  You mentioned that
your network is connected to the Internet via a UUCP hub for mail
purposes.  I would like to follow-up on that comment.
</STRONG></P>
<P><STRONG>
I do volunteer work at a local K-6 school and we were looking for
a similar mail solution.  Your answer got the wheels rolling and
we think we have a good, inexpensive e-mail solution for the
school.  The only piece that we are missing is the <tt>sendmail.cf</tt>
file for the UUCP hub.  We have not been able to find a good
example of how to configure the hub to route all outbound mail to
the ISP UUCP host, as well as not do DNS lookups for our clients
running Eudora.  Unfortunately, we have not been able to find the
SendMail book in our local bookstores.  We would appreciate any
help you could give us in this direction.
</STRONG></P>
<P><STRONG>

</STRONG></P>
<BLOCKQUOTE><IMG SRC="../gx/dennis/bbub.gif" alt="(!)"
	HEIGHT="28" WIDTH="50" BORDER="0"
	>
I don't know how you'd convince Eudora and other
mail user agents not to do DNS queries for MX records.
I use a trick with sendmail (specifying an IP address
of the form '<tt>[192.168.1.x]</tt>' --- note the square brackets
--- in my <tt>nullclient.mc</tt> file).
</BLOCKQUOTE>
<BLOCKQUOTE>
In my case I have an "all Linux" network.  The rare
occasions when I try to run some MS or Apple based OS
around generally don't involve setting them up with
access to the Internet and certainly don't involve my
trying to read my mail on them.
</BLOCKQUOTE>
<BLOCKQUOTE>
You might be able to do the same, or you might have to
create a DNS server that "claims" to be authoritative
for the root domain (then one called ".").
</BLOCKQUOTE>
<BLOCKQUOTE>
I've heard of people setting up these sorts of disconnected
DNS zone but I don't have an example handy.  I'd suggest
grabbing the DNS HOWTO and searching through the archives
of the Linux-admin list for some suggestions on that.
</BLOCKQUOTE>
<BLOCKQUOTE>
Incidentally I hear there are some pretty good Linux Users'
Groups in Indiana.  Sadly I note that there is no
SAGE (SysAdmin's Guild) chapter for your area.  USENIX/SAGE
is hoping to greatly expand the number of SAGE local
chapters around the world and across the country in the
near future.  All it takes are a few professional system
administrators to get together (SAGE is OS neutral, though
the membership shows a decided preference for Unix-like systems).
</BLOCKQUOTE>
<BLOCKQUOTE>
As for my particular setup, here's the M4 config file
from one of my clients:
</BLOCKQUOTE>

<blockquote><pre>divert(0)dnl
VERSIONID(`@(#)clientproto.mc	8.7 (Berkeley) 3/23/96')

OSTYPE(linux)
FEATURE(nullclient, `[192.168.1.3]')
</pre></blockquote>
<BLOCKQUOTE>
... that's all you need.  You can then use m4 to
generate a <TT>/etc/sendmail.cf</TT> file from this (as I've
described in past columns.  Newer versions of sendmail
provide a '<tt>makefile</tt>' to make this generation step even
easier.
</BLOCKQUOTE>
<BLOCKQUOTE>
The effect of this <tt>.mc</tt> file is to forward <EM>all</EM> mail to
my mail hub (which is the mail store for my LAN and is the
gateway to the rest of the world).
</BLOCKQUOTE>
<BLOCKQUOTE>
On my client workstations I retrieve mail using '<tt>fetchmail</tt>'
(via POP-3).  Thus if I mail '<tt>star</tt>' (my wife) the mail
gets sent to '<tt>antares</tt>' (the hub) even though she has an
account on the local host.  This means that she, my father,
and others with accounts on my workstation, don't need to
maintain <tt>.forward</tt> files on '<tt>canopus</tt>' or any of the other
workstations around the house.  All of their mail (and mine
for that matter) gets sent to antares.
</BLOCKQUOTE>
<BLOCKQUOTE>
My mail gateway's <tt>.mc</tt> file looks like:
</BLOCKQUOTE>

<blockquote><pre>divert(-1)
divert(0)dnl
include(`../m4/cf.m4')dnl
VERSIONID(`$Id: antares.mc,v 1.3 1998/03/17 02:22:55 root Exp root $ by James T. Dennis, Starshine.org $Date: 1998/03/17 02:22:55 $')
OSTYPE(`linux')

FEATURE(`allmasquerade')dnl
FEATURE(`masquerade_envelope')dnl
FEATURE(`always_add_domain')dnl
FEATURE(`nodns')dnl
FEATURE(`nocanonify')dnl
FEATURE(`local_procmail')dnl
FEATURE(`uucpdomain')dnl

MAILER(`smtp')dnl
MAILER(`uucp')dnl
MAILER(`procmail')dnl
MAILER(`uucp')dnl

MASQUERADE_AS(`starshine.org')dnl

undefine(`BITNET_RELAY')dnl
define(`confDEF_USER_ID',&quot;8:12&quot;)dnl
define(`SMART_HOST', `uucp-dom:XXXX')dnl
</pre></blockquote>
<BLOCKQUOTE>
On this last line I have the name of my UUCP provider
listed in place of those X's.  By defining a mailer and
host pair for my SMART_HOST I force '<tt>sendmail</tt>' to deliver
all of my non-local mail to my UUCP provider through the
"uucp-dom" mailer.  "uucp-dom" is a mailer that delivers
mail via uucp even though it uses "domain style" (DNS)
address syntax.
</BLOCKQUOTE>
<BLOCKQUOTE>
This last file is probably a bit more elaborate than
you actually need --- and it's simplified a bit for
this example.
</BLOCKQUOTE>
<BLOCKQUOTE>
(I actually use the "mailertable" FEATURE to trick the
system into deliver mail that <EM>appears</EM> to be to one
of my LAN hosts into delivering it to a virtual hosted
mail server that's really maintained by my ISP).
</BLOCKQUOTE>
<P><STRONG><IMG SRC="../gx/dennis/qbub.gif" ALT="(?)"
	HEIGHT="28" WIDTH="50" BORDER="0"
	>
Thanks again for all of your great answers!
</STRONG></P>

<P><STRONG>
Rich Blum
<br>Trader's Point Christian Schools
<br>Indianapolis, Indiana
</STRONG></P>

<BLOCKQUOTE><IMG SRC="../gx/dennis/bbub.gif" alt="(!)"
	HEIGHT="28" WIDTH="50" BORDER="0"
	>
I'm glad I could help.  You are right, UUCP is still a
good way to get e-mail and netnews without getting a full
Internet connection and without having the connection used
by web browsing or other protocols which you might prefer
not to run into your site.  (Conversely it's also a great
way to preserve your PPP bandwidth to interactive uses
while your mail and/or news gets spooled quietly away for
other times).
</BLOCKQUOTE>

<!-- sig -->
<!-- end 58 -->

<hr width="40%" align="center">
<!-- begin 66 -->
<H3 align="left"><img src="../gx/dennis/qbubble.gif" height="50" width="60"
	  alt="(?) " border="0">Re(2): Sendmail on private net with UUCP link to Internet</H3>


<p><strong>From rkblum on Wed, 16 Dec 1998  
</strong></p>
<P><STRONG>
Jim -
</STRONG></P>

<P><STRONG>
Thanks for your quick response and acurate answers!  The sendmail.cf
sample you sent was exactly what we needed.  I think that I
unneccessarilty muddied the waters with my Eudora question.  It turned
out that it was not a DNS problem with Eudora, it was my mistake of not
having the IP addresses in the ip_allow.  The Eudora clients work fine
now.  I have asked our local bookstore to order the SendMail book for me
- I think I need it!
</STRONG></P>
<P><STRONG>
Thanks again for your help - keep up the good work!
</STRONG></P>
<P><STRONG>
Rich Blum
</STRONG></P>

<!-- end 66 -->
<!--     .~~.~~.~~.~~.~~.~~.~~.~~.~~.~~.~~.~~.~~.~~.~~.~~.~~.~~.     -->
<A NAME="tag/67"><HR WIDTH="75%" ALIGN="center"></A>
<!-- begin 67 -->
<H3 align="left"><img src="../gx/dennis/qbubble.gif" height="50" width="60"
	  alt="(?) " border="0">
Complaint Department:
</H3>


<p><strong>From T Elliot  on Sun, 20 Dec 1998  
</strong></p>
<!-- ::
Complaint Department:
~~~~~~~~~~~~~~~~~~~~~
:: -->
<BLOCKQUOTE>

</BLOCKQUOTE>
<P><STRONG><IMG SRC="../gx/dennis/qbub.gif" ALT="(?)"
	HEIGHT="28" WIDTH="50" BORDER="0"
	>
Having worked with Unix (1983-1989) and (gasp) MS-DOS (from DOS
2.11) and Windows (from Win 3.0 to NT Server 4.0 - I once
installed the NT5 beta, but decided it was too risky) and
occasionally been tempted into trashing my spare PC to install
Linux, one of the biggest problems I find with Linux is the lack
of coherent tools and user interfaces.
</STRONG></P>
<P><STRONG>
If I install a package under Windows, I get a shortcut to the
program(s) via a menu or window (program group).
</STRONG></P>
<BLOCKQUOTE><IMG SRC="../gx/dennis/bbub.gif" alt="(!)"
	HEIGHT="28" WIDTH="50" BORDER="0"
	>
So don't use it.
</BLOCKQUOTE>
<BLOCKQUOTE>

</BLOCKQUOTE>
<P><STRONG><IMG SRC="../gx/dennis/qbub.gif" ALT="(?)"
	HEIGHT="28" WIDTH="50" BORDER="0"
	>
Do the same under Linux and then I have to write down the main
program name or remember it (after examining the files to be
installed so I can figure out what the actual command is) - sure
it will probably be installed in the path, but I'm getting old and
the memory is failing.
</STRONG></P>
<BLOCKQUOTE><IMG SRC="../gx/dennis/bbub.gif" alt="(!)"
	HEIGHT="28" WIDTH="50" BORDER="0"
	>
Yep.  I know.  Tough isn't it?
</BLOCKQUOTE>
<BLOCKQUOTE>

</BLOCKQUOTE>
<P><STRONG><IMG SRC="../gx/dennis/qbub.gif" ALT="(?)"
	HEIGHT="28" WIDTH="50" BORDER="0"
	>
My spare PC is currently running RedHat 5.2 and this afternoon I
downloaded Code Crusader et al and therein lies the tale... NOT
ccrusader, NOT codecrusader or variations thereof, but "jcc" - no
additions to the "start menu" if using Fvwm2 or any other window
manager, in fact, no indication that the system had new software
except that the disk free space had decreased.
</STRONG></P>
<P><STRONG>
Until this type of thing is resolved, then Linux will only gain
the support of the lab-coats or the enthusiast.
</STRONG></P>
<P><STRONG>

</STRONG></P>
<BLOCKQUOTE><IMG SRC="../gx/dennis/bbub.gif" alt="(!)"
	HEIGHT="28" WIDTH="50" BORDER="0"
	>
... and professionally administered sites where a sysadmin
or delegate evaluates packages before installing them
--- figures out what is going where and deploys them
according to their needs.
</BLOCKQUOTE>
<BLOCKQUOTE>
This is a rather boring message.  I'm not the Linux
complaint department.  You can send your suggestions
to <A HREF="http://www.redhat.com/">Red Hat</A> Inc., 
<A HREF="http://www.suse.com/">S.u.S.E.</A>, 
<A HREF="http://www.caldera.com/">Caldera</A>, and many others.
</BLOCKQUOTE>
<BLOCKQUOTE>
Incidentally, S.u.S.E. does have some scripts that
maintain your system default window manager menus
when you install new packages.
</BLOCKQUOTE>
<BLOCKQUOTE>
As for the implied suggestion --- I know that some
people at Red Hat are working on something like this.
However, since there is no central authority over Linux
development and there are no "code and interface police"
to enforce <EM>your</EM> notion of "how things should be done"
--- there are practical limits to what can be
accomplished.
</BLOCKQUOTE>
<BLOCKQUOTE>
For those that care, the usual technique I use when
installing RPM's is to list and/or browse the contents of
the package before I install it.  You can list them with
a command like:
</BLOCKQUOTE>
<BLOCKQUOTE><BLOCKQUOTE><CODE>
rpm -qpl &lt;package.file.name&gt;
</CODE></BLOCKQUOTE></BLOCKQUOTE>
<BLOCKQUOTE>
...  and you can narrow that do just the docs using:
</BLOCKQUOTE>
<BLOCKQUOTE><BLOCKQUOTE><CODE>
rpm -qpd &lt;package.file.name&gt;
</CODE></BLOCKQUOTE></BLOCKQUOTE>
<BLOCKQUOTE>

</BLOCKQUOTE>
<BLOCKQUOTE>
You can browse through an RPM file interactive using
Midnight Commander ('<tt>mc</tt>').   Just highlight the file
using mc's "Norton Commander inspired" interface and
hit [Enter].  This will traverse down into the RPM file
as though it were a directory tree --- and you can browse
through and view the file contents to your heart's content.
</BLOCKQUOTE>
<BLOCKQUOTE>
When you use <tt>mc</tt>'s [F3] key to view a file, it can interpret
several types of files.  Thus you can view the man pages
from inside of an RPM file without installing anything.
</BLOCKQUOTE>
<BLOCKQUOTE>
Since many of the most useful programs available under
Linux and other forms of Unix are designed as filters,
or intended to be run as services (possibly as dynamically
launched '<tt>inetd</tt>' based daemons) or cron jobs --- or are
otherwise non-interactive --- it often doesn't make sense
to add menu options for them.
</BLOCKQUOTE>
<BLOCKQUOTE>
However, I've suggestion to Red Hat and S.u.S.E that
RPM maintainers and builders be encouraged to add entries
for programs that constitute "user interfaces" (for
character mode and/or X Windows --- and for any other
interfaces that might arise in the future --- such as
Berlin).  One of Red Hat's senior people disagreed with
the whole notion, though that may be more a deficiency
in my presentation than anything.
</BLOCKQUOTE>

<P><STRONG><IMG SRC="../gx/dennis/qbub.gif" ALT="(?)"
	HEIGHT="28" WIDTH="50" BORDER="0"
	>
PS. My main PC runs NT server 4.0 sp4 with sql server, iis, etc,
etc. I use it for software development using DevStudio (c++) and
even though I have to reboot the &amp;^^% thing every time I touch
something in its config, I'd rather that than guessing at what
I've installed and what the comand line is.
</STRONG></P>

<BLOCKQUOTE><IMG SRC="../gx/dennis/bbub.gif" alt="(!)"
	HEIGHT="28" WIDTH="50" BORDER="0"
	>
Great.  More power to you.  So, do a Yahoo! search to
see if you can find the "complaintguy" somewhere.  Let
me know if you find him (or her) and I'll bounce mail
like this to the appropriate venue.
</BLOCKQUOTE>
<BLOCKQUOTE>
The problem here is that you seem to have confused me
with some Linux advocate.  I use Linux and I prefer it
to other systems that I've used (although 
<A HREF="http://www.freebsd.org/">FreeBSD</A> is
a very close second).
</BLOCKQUOTE>
<BLOCKQUOTE>
I've espoused the opinion, on several occasions in
this column, that the selection of any tools (software
or otherwise) should be done through a process of
requirements analysis.  Some requirements can be
met with a number of solutions.  So, after we've
found a basic list of possible solutions that meet
the requirements we can narrow down that list
by measuring them against our constraints and make
final selections (if choices still remain) based
on preferences.
</BLOCKQUOTE>
<BLOCKQUOTE>
The time is rapidly approaching when you can run a
complete <A HREF="http://www.kde.org/">KDE</A> or 
<A HREF="http://www.gnome.org/">GNOME</A> system 
and never see a command
line.  Developers of KDE, GNOME, and eventually GNUStep
applications will be free to integrate their interfaces
in the ways that are appropriate to each of those systems.
</BLOCKQUOTE>
<BLOCKQUOTE>
The KDE developers have already shown an amazing
predilection for generating KDE interfaces to existing
programs.  Once nice thing about Linux and Unix is that
it's relatively easy to design an application in a
client/server model --- and to provide multiple front
ends (clients) which each provide unique forms of
access to the same application functions.  This is
just good programming design.
</BLOCKQUOTE>
<BLOCKQUOTE>
Another nice thing is that we can concurrently run
programs from many GUI's under the same desktop.  Thus
I can run a GNOME application under KDE and vice versa.
Indeed using VNC and XNest I can run whole X sessions
within a window under one of my X sessions.
</BLOCKQUOTE>
<BLOCKQUOTE>
Of course, people who just stick with the front ends
will be constrained from access many of those powerful
filters and tools that I described earlier.  It's unlikely
that front ends will be built for <EM>all</EM> of them.
</BLOCKQUOTE>
<BLOCKQUOTE>
However, most people only use a few applications, anyway.
</BLOCKQUOTE>
<P><STRONG><IMG SRC="../gx/dennis/qbub.gif" ALT="(?)"
	HEIGHT="28" WIDTH="50" BORDER="0"
	>
PPS. The main gripe is - USER TOOLS and EASE OF CONFIGURATION.
</STRONG></P>

<BLOCKQUOTE><IMG SRC="../gx/dennis/bbub.gif" alt="(!)"
	HEIGHT="28" WIDTH="50" BORDER="0"
	>
So find someone to gripe to.  I'm here to <EM>answer</EM>
<EM>questions</EM>.
</BLOCKQUOTE>
<BLOCKQUOTE>
(P.S. the various "advocacy" newsgroups are perfect for
this sort of message).
</BLOCKQUOTE>

<!-- sig -->
<!-- end 67 -->

<hr width="40%" align"center">

<!-- begin 70 -->
<H3 align="left"><img src="../gx/dennis/qbubble.gif" height="50" width="60"
	  alt="(?) " border="0">
More on "Complaint Department"
</H3>


<p><strong>From T Elliot  on Fri, 25 Dec 1998  
</strong></p>
<!-- ::
More on "Complaint Department"
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
:: -->

<P><STRONG><IMG SRC="../gx/dennis/qbub.gif" ALT="(?)"
	HEIGHT="28" WIDTH="50" BORDER="0"
	>
Thank you for your comments and suggestions.  I appreciate that I
have probably wasted your time, but you have answered most of my
questions (including to whom to gripe).
</STRONG></P>

<BLOCKQUOTE><IMG SRC="../gx/dennis/bbub.gif" alt="(!)"
	HEIGHT="28" WIDTH="50" BORDER="0"
	>
If I was worried about "wasting my time" I wouldn't
have signed up for this.
</BLOCKQUOTE>
<BLOCKQUOTE>
However, one of the few rights I reserve for myself in this
column is the right to be a curmudgeon.
</BLOCKQUOTE>
<!-- sig -->

<!-- end 70 -->
<!--     .~~.~~.~~.~~.~~.~~.~~.~~.~~.~~.~~.~~.~~.~~.~~.~~.~~.~~.     -->
<A NAME="tag/69"><HR WIDTH="75%" ALIGN="center"></A>
<!-- begin 69 -->
<H3 align="left"><img src="../gx/dennis/qbubble.gif" height="50" width="60"
	  alt="(?) " border="0">
eql Not Working
</H3>


<p><strong>From Brett  on Thu, 24 Dec 1998  
</strong></p>
<!-- ::
eql Not Working
~~~~~~~~~~~~~~~
:: -->
<P><STRONG><IMG SRC="../gx/dennis/qbub.gif" ALT="(?)"
	HEIGHT="28" WIDTH="50" BORDER="0"
	>
I have had absolutely no luck with eql getting my two USR 56k
modems working in sync. I can get both of them connected, but only
one uses bandwidth... and if I disconnect #1 then #2 takes over
the bandwidth job... I am just wondering if I can get this working
and somewhere that you could point me to get it working... any
reply would be much appreciated...
</STRONG></P>

<BLOCKQUOTE><IMG SRC="../gx/dennis/bbub.gif" alt="(!)"
	HEIGHT="28" WIDTH="50" BORDER="0"
	>
If you read the eql docs carefully I'm pretty sure it points
out that you must establish both connections to a
server/router/terminal server that supports this mode of
operation.  Essentially you must be connected to two modems
on a single other system running something that is like and
compatible with eql.
</BLOCKQUOTE>
<BLOCKQUOTE>
If ISP isn't specifically working with you on this --- then
you won't be able to get it working.  So call your ISP and
explain your needs to them.  According to the README.eql
file Linux eql driver is compatible with the load balancing
(round robin routing) on some Livingston (CommOS?)
router/terminal servers.
</BLOCKQUOTE>
<BLOCKQUOTE>
I suggest a careful re-reading of
<tt>/usr/src/linux/drivers/net/README.eql</tt>
</BLOCKQUOTE>

<BLOCKQUOTE>
... and perhaps a follow up of that FTP link to see
if there are any updates are additional notes available
on that site.  There are a couple of e-mail reports
from users appended to this file --- perhaps one of them
can help more.  I've never used the eql drivers since
speed was never my problem with online access --- it's
just the latency and dial time delays that used to drive me
crazy.
</BLOCKQUOTE>
<!-- sig -->
<!-- end 69 -->
<!--     .~~.~~.~~.~~.~~.~~.~~.~~.~~.~~.~~.~~.~~.~~.~~.~~.~~.~~.     -->
<A NAME="tag/76"><HR WIDTH="75%" ALIGN="center"></A>
<!-- begin 76 -->
<H3 align="left"><img src="../gx/dennis/qbubble.gif" height="50" width="60"
	  alt="(?) " border="0">
 Upgrade Kills Name Server
</H3>

<p><strong>From <em>Anonymous</em> on Fri, 25 Dec 1998  
</strong></p>
<!-- ::
<A HREF="http://www.redhat.com/">Red Hat</A> Upgrade Kills Name Server
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
:: -->
<P><STRONG><IMG SRC="../gx/dennis/qbub.gif" ALT="(?)"
	HEIGHT="28" WIDTH="50" BORDER="0"
	>
I just upgraded"= to Red Hat 5.2 and set up everything as I had it
before and now I get the following:
</STRONG></P>
<Pre><STRONG>
fetchmail: POP3 connection to mail.nashville.com failed: temporary name server error
</STRONG></Pre>
<P><STRONG>
Netscape can't recognize mail.nashville.com either.
I am having to send this from Windows email.
</STRONG></P>
<P><STRONG>
My <tt>etc/hosts</tt> file looks the same as it did before. What other 
files do I need to check and/or post?
</STRONG></P>
<P><STRONG>
Thanks!!
</STRONG></P>

<BLOCKQUOTE><IMG SRC="../gx/dennis/bbub.gif" alt="(!)"
	HEIGHT="28" WIDTH="50" BORDER="0"
	>
I'm just going to guess that the upgrade renamed some of
your files (probably your DNS zone files, possible even your
<TT>/etc/resolve.conf)</TT> to add the '<tt>rpmorig</tt>' extension.
</BLOCKQUOTE>
<BLOCKQUOTE>
So, search for <tt>rpmorig</tt> files and look for the files that
were put in place of them.  You'll have to manually resolve
the differences.  (Use the '<tt>diff</tt>' program).
</BLOCKQUOTE>
<BLOCKQUOTE>
I've complained to them before about their penchant for
moving your files out of the way when they to a upgrades.
Their concern is that the old configuration files may be
incompatible with the new ones.  I've said that the
disruption caused by users doing an upgrade when they never
realized or tracked which files there changed and
"configured" tends to outweigh the chances that a new
package upgrade will completely fail when presented with an
older format of its own configuration file.
</BLOCKQUOTE>
<BLOCKQUOTE>
One problem to consider is that you old version of
Linux may have been running BIND 4.9.x or earlier (I'm
guessing that your system is providing it's own DNS
services).   The new version (5.2) might be installing
BIND 8.1.2.  These <EM>do</EM> have incompatible file formats
for the base configuration file --- however the name has
chagned too.  The old one used <tt>named.boot</tt>.  The new version
uses <TT>/etc/named.conf.</TT>  There is a utility with the package
to convert a <tt>named.boot</tt> file to <tt>named.conf</tt> format.  
Actually the new format is much easier to set up.
</BLOCKQUOTE>
<BLOCKQUOTE>
Anyway it is almost certain that you need to configure your
'<tt>named</tt>' (BIND).
</BLOCKQUOTE>
<BLOCKQUOTE>
Unix mail doesn't normally refer to your <TT>/etc/hosts</TT> file
since that can't convey information about MX records and
preferences.  SMTP mail routing is done via MX records
--- not by host address (A) records.  So it doesn't matter
what your <TT>/etc/hosts</TT> file look like for this.
</BLOCKQUOTE>

<!-- sig -->

<!-- end 76 -->
<!--     .~~.~~.~~.~~.~~.~~.~~.~~.~~.~~.~~.~~.~~.~~.~~.~~.~~.~~.     -->
<A NAME="tag/77"><HR WIDTH="75%" ALIGN="center"></A>
<!-- begin 77 -->
<H3 align="left"><img src="../gx/dennis/qbubble.gif" height="50" width="60"
	  alt="(?) " border="0">
MS Applications Support For Linux
</H3>

<p><strong>From Marty Bluestein  on Fri, 25 Dec 1998  
</strong></p>
<!-- ::
MS Applications Support For Linux
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
:: -->

<P><STRONG><IMG SRC="../gx/dennis/qbub.gif" ALT="(?)"
	HEIGHT="28" WIDTH="50" BORDER="0"
	>
Is there a mechanism that enables MS apps to run under Linux?  Is anyone
working on an autoloader for Linux?
</STRONG></P>
<P><STRONG>

</STRONG></P>
<BLOCKQUOTE><IMG SRC="../gx/dennis/bbub.gif" alt="(!)"
	HEIGHT="28" WIDTH="50" BORDER="0"
	>
There are a few projects.  The most prominent is
WINE (<A HREF="http://www.winehq.com">http://www.winehq.com</A>).  
The goal of WINE is a complete re-implementation of the Windows API's 
to achieve full binary compatibility under any x86 Unix with X Windows 
(Linux is the predominant platform but any other modern x86 Unix 
should be a reasonable platform for WINE).
</BLOCKQUOTE>
<BLOCKQUOTE>
Another is Bochs (which has recently moved it's web pages
to <A HREF="http://www.bochs.com">http://www.bochs.com</A>).  Bochs 
is a package which emulates an x86 CPU and PC chipset (similar to 
<a href="http://www.connectix.com/">Connectix</a>' "Virtual PC").  
It runs on any platform that can compile its C sources.   I've heard 
that it works reasonably well but is to slow for production use 
(for running Win 95 or 98 on a PC).  Considering that you're using a 
PC to emulate a full PC CPU and chipset this is not a surprising 
limitation.
</BLOCKQUOTE>
<BLOCKQUOTE>
For older MS Windows applications  (3.1 and earlier) you
might try WABI --- a commercial Windows Applications Binary
Interface which is available for Linux from 
<A HREF="http://www.caldera.com/">Caldera</A>
(<A HREF="http://www.caldera.com">http://www.caldera.com</A>).  
This is not be updated and is unlikely to ever support Windows '95 
or later applications.
</BLOCKQUOTE>
<BLOCKQUOTE>
For DOS (non-Windows) you can run a copy of MS-DOS, DR-DOS
FreeDOS or just about any other "real mode" x86 OS under
the Linux '<tt>dosemu</tt>'.  (Just search for it in Yahoo!
using "<tt>+linux +dosemu</tt>").
</BLOCKQUOTE>
<BLOCKQUOTE><em>
	[ Its home page is hosted by SuSE ...
	<a href="http://www.suse.com/dosemu/"
		>http://www.suse.com/dosemu/</a> ... 
	I use it to run dBase stuff and it works pretty well
	at this point. --&nbsp;Heather&nbsp;]
</em></BLOCKQUOTE>
<BLOCKQUOTE>
The DOS support is pretty good these days, though I don't
use any MS-DOS applications any more so I don't have much
first hand experience with it.  The WABI support was pretty
fast (it felt faster running typical Windows 3.x programs
under Linux than it did under native MS-DOS on similar
hardware --- probably do to Linux more efficient filesystem
and memory management).
</BLOCKQUOTE>
<BLOCKQUOTE>
When thinking about the limitations of Linux support Win '9x
and NT applications support (Win 32S) it is helpful to keep
in mind that these limitations are almost certainly a key
design goal at Microsoft.  Although Linux was not on thier
"radar" during the design of Windows '95 and NT --- OS/2
certainly was.
</BLOCKQUOTE>
<BLOCKQUOTE>
Enmeshing the interfaces at various levels to make
applications difficult or impossible to support under
competing operating systems is one of the key strategies
that Microsoft employs.  The current DoJ case against them
is only a tip of the backlash that consumers are now
directing to this monopoly.  The fact that Linux
installation tripled in the last year --- and that many
organizations are now considering Linux for their desktop
applications platform is ample evidence of that.
</BLOCKQUOTE>

<BLOCKQUOTE>
* (personally I think it's still a bit premature
to be touting Linux as typical workers desktop
system --- though the introduction of Corel's
WordPerfect for Linux, and the release of an
updated Wingz Professional for the platform
do certainly bode well for the coming year.
I've heard that Applixware 4.4.1 is also
greatly improved and the next version of
StarOffice 5.x should stabilize and mature that
suite.  Meanwhile <A HREF="http://www.gnome.org/">GNOME</A>, 
<A HREF="http://www.kde.org/">KDE</A>, LyX, and GNUStep
are plodding along towards "prime time"
availability).
</BLOCKQUOTE>

<BLOCKQUOTE>
So that fact that there is only limited support for MS apps
under Linux is a testimony to the skills of Microsoft's
programmers.  We can surmise that preventing these
applications from running on non-Microsoft operating systems
was given higher priority than robustness, security,
stability, integrity, or performance.
</BLOCKQUOTE>
<BLOCKQUOTE>
Probably the only features that were given priority over
"trap the user" were those that would enable magazine
writers, and corporate purchasing agents to "review" the
products and feel that they had evaluated them with about 15
minutes to an hour of actual work time exposure.  This
forces the application programmer to put all sorts of
"features" onto menus, button bars, toolbars, icon ribbons,
and otherwise clutter the screens and windows.   This is an
endemic problem in commercial software --- it's written to
get reviews and make sales, not to satisfy long term users.
</BLOCKQUOTE>
<BLOCKQUOTE>
Of course an alternative to direct MS Applications support
is support for their document formats.  However this is
another of those key "customer trapping" opportunities.
They do everything short of strong (non-exportable)
encryption to lock your data into .DOC, .XLS, and .PPT
formats.  The latest Linux applications suites and word
processors are making some headway in this --- and I can
often extract contents from Word '97 files without too
much fuss.  Earlier versions of Word are pretty well
supported at this point.
</BLOCKQUOTE>
<BLOCKQUOTE>
You can bet that the next version of Office will egregiously
break format compatability.  MS can't allow its customers
any freedom of choice or portability of documents to
"other" platforms.  That's much too dangerous to their
upgrade revenue scheme.
</BLOCKQUOTE>
<BLOCKQUOTE>
I've talked about MS Windows support and the evils of
proprietary document formats before.  I personally think
that the only rational remedy for Microsoft's monopolistic
practices would be for the DoJ to impose a rule that MS
produce freely available (open source) "reference
implementations" of standards C source code to peform a
reasonable suite of conversions and manipulations on all
"documents" produces by their applications (including .EXE
and .DLL "documents" produced by their programming
"applications").  Under this plan any upgrade to any MS
product that failed compatibility test suites with there
freely available reference implementation (converters, tools
and filters) would result in an immediate injunction on
distribution until the reference implementation as updated
and vetted as compatible.
</BLOCKQUOTE>
<BLOCKQUOTE>
(Note that I didn't say that MS has to release any of the
sources to any of their products.  Only that they must
release some reference implementation that is compatible
with the file formats, and freely usable in competing
products --- free and commercial.  Their contention is that
their products enjoy superior market share as a result of
superior interface and integration with one another --- this
would give them a unique opportunity to prove that).
</BLOCKQUOTE>
<BLOCKQUOTE>
I have no idea what you mean by an "autoloader for Linux."
</BLOCKQUOTE>
<BLOCKQUOTE>

</BLOCKQUOTE>
<P><STRONG><IMG SRC="../gx/dennis/qbub.gif" ALT="(?)"
	HEIGHT="28" WIDTH="50" BORDER="0"
	>
Thanks.
<br>Marty Bluestein
</STRONG></P>

<!-- sig -->

<!-- end 77 -->
<hr width="40%" align="center">

<!-- begin 74 -->
<H3 align="left"><img src="../gx/dennis/qbubble.gif" height="50" width="60"
	  alt="(?) " border="0">
Automount/autoloader
</H3>

<p><strong>From Marty Bluestein  on Fri, 25 Dec 1998  
</strong></p>
<!-- ::
Automount/autoloader
~~~~~~~~~~~~~~~~~~~~
:: -->

<P><STRONG><IMG SRC="../gx/dennis/qbub.gif" ALT="(?)"
	HEIGHT="28" WIDTH="50" BORDER="0"
	>
OK. Guess I should have fully read your message before I
responded.  By the term "autoloader" I mean a self installing
function - you stick in the CD and Linux (or some other OS) sets
itself up. I wasn't aware that MS was already loading their user's
work (.DOC,. XLS, etc.) with gotchas. I wonder if the DoJ is aware
of and pursuing this?
</STRONG></P>
<P><STRONG>
Marty
</STRONG></P>

<BLOCKQUOTE><IMG SRC="../gx/dennis/bbub.gif" alt="(!)"
	HEIGHT="28" WIDTH="50" BORDER="0"
	>
There are several packages that will automatically
mount CD's (and floppies, NFS directories etc) for
Linux.  This is referred to generically (under Unix)
as "volume management" or "automounting" (the latter
term is more often used with regards to network file
systems while the former is exclusively used for
local media).
</BLOCKQUOTE>
<BLOCKQUOTE>
Under Solaris there is a daemon called '<tt>vold</tt>' that
manages CD's.
</BLOCKQUOTE>
<BLOCKQUOTE>
Under Linux you can use the '<tt>amd</tt>' (automount daemon)
or an old program called "<tt>Supermount</tt>" (Stephen Tweedie,
if I recall correctly).  Under newer Linux kernels you
can look for a module called "<tt>autofs</tt>".
</BLOCKQUOTE>
<BLOCKQUOTE>
I haven't played with these much so I can't give real
advice on using them.  However, you now have some key
words to search on.  If you get one of them working
in a way that seems like it would meet a typical
requirements scenario --- write it up as a mini-HOWTO
and solicit people to contribute sample configurations
and descripts for other common usage scenarios (or
at least write up an "unmaintained" mini-HOWTO and
encourage the readers to adopt and maintain it.
</BLOCKQUOTE>

<!-- sig -->
<!-- end 74 -->
<hr width="40%" align="center">

<!-- begin 73 -->
<H3 align="left"><img src="../gx/dennis/qbubble.gif" height="50" width="60"
	  alt="(?) " border="0">
More on: MS Apps Support
</H3>

<p><strong>From Marty Bluestein  on Fri, 25 Dec 1998  
</strong></p>
<!-- ::
More on: MS Apps Support
~~~~~~~~~~~~~~~
:: -->

<P><STRONG><IMG SRC="../gx/dennis/qbub.gif" ALT="(?)"
	HEIGHT="28" WIDTH="50" BORDER="0"
	>
Although my ire against Gates, et al would like to see a good
platform running his apps that will probably be a moving target.
Better, I think, to develop a good set of apps that can work on
the docs that MS apps produce.  MSs response would have to be to
encumber a user's work with junk to make it incompatible with any
other apps.  The result of that could very well be disaster for
MS.  Could you imagine having your work suddenly become
incomprehensible because of the cute little things your app put in
it?
</STRONG></P>
<P><STRONG>
Marty
</STRONG></P>

<BLOCKQUOTE><IMG SRC="../gx/dennis/bbub.gif" alt="(!)"
	HEIGHT="28" WIDTH="50" BORDER="0"
	>
I don't have to imagine this scenario.  I've seen it
happen many times.
</BLOCKQUOTE>

<!-- sig -->

<!-- end 73 -->

<hr width="40%" align="center">

<!-- begin 75 -->
<H3 align="left"><img src="../gx/dennis/qbubble.gif" height="50" width="60"
	  alt="(?) " border="0">
MS Applications Support For Linux
</H3>

<p><strong>From Marty Bluestein  on Fri, 25 Dec 1998  
</strong></p>
<P><STRONG>
You are right on.  My appreciation of MS coincides with yours.  I wish I had
the time and the money to pursue that emulation of 95 and NT.  Even better
would be a good, competitive set of apps.  Corel's latest release for Linux
may indicate some movement in that direction.  TNX for your response. Happy
Xmas.
<br>Marty Bluestein
</STRONG></P>

<!-- end 75 -->
<hr width="40%" align="center">

<!-- begin 88 -->
<H3 align="left"><img src="../gx/dennis/qbubble.gif" height="50" width="60"
	  alt="(?) " border="0">
More on: MS Apps Support
</H3>

<p><strong>From Marty Bluestein  on Sat, 26 Dec 1998  
</strong></p>
<!-- ::
More on: MS Apps Support
~~~~~~~~~~~~~~~
:: -->

<P><STRONG><IMG SRC="../gx/dennis/qbub.gif" ALT="(?)"
	HEIGHT="28" WIDTH="50" BORDER="0"
	>
I've just installed Redhat. It is "auto loading".  I now have a problem
which Redhat and I must resolve. I'll write it up and post it when it's
corrected. To whit.. WIN95 now crawls along as if it had a bigger bag of
sand on it's back.  Re MS: I'd rather see MS broken up into two separate
companies. One doing APPS and the other doing OS.
TNX for responses.  HAPPY XMAS, MERRY CHANUKAH, SWINGING KWANZA
and JOYFUL RAMADAN.
</STRONG></P>

<BLOCKQUOTE><IMG SRC="../gx/dennis/bbub.gif" alt="(!)"
	HEIGHT="28" WIDTH="50" BORDER="0"
	>
I can't help with the Win '95 problem.  It's probably
confused about WINS (Windows Naming System) or some other
networking issue.
</BLOCKQUOTE>
<BLOCKQUOTE>
Re: Breaking up MS.  Historically this has done <EM>NO GOOD</EM>
with other monopolies.  Go read a decent historical account
and business analysis on JP Morgan  (and wash that down
with some Noam Chomsky).  I'd recommend a book for you
--- but I'd have to refer to my father to find one.  My
knowlege is definitely second-hand on this --- but I've
discussed it with a couple people whose background in
the fields of finance and history I respect.
</BLOCKQUOTE>
<BLOCKQUOTE>
Breaking them up is a fundamentally flawed approach. The
controlling interests -- the OWNERS will still be the same.
The resulting companies would clearly have mutual interests,
complementary product lines, and interlocking boards of
directors.
</BLOCKQUOTE>
<BLOCKQUOTE>
Unfortunately this approach would "appease" the masses
and actually work in Bill G's favor (as it did with
JP Morgan).  It will allow the DoJ to appear competent
and be touted as a "tough on (corporate) crime" victory.
So, it's the most likely outcome.
</BLOCKQUOTE>
<BLOCKQUOTE>
It's also just about the worst way to deal with the problem.
(It's even worse than sitting back and doing <em>nothing</em>)
since it sets another bad precedent.
</BLOCKQUOTE>

<!-- sig -->

<!-- end 88 -->
<!--     .~~.~~.~~.~~.~~.~~.~~.~~.~~.~~.~~.~~.~~.~~.~~.~~.~~.~~.     -->
<A NAME="tag/78"><HR WIDTH="75%" ALIGN="center"></A>
<!-- begin 78 -->
<H3 align="left"><img src="../gx/dennis/qbubble.gif" height="50" width="60"
	  alt="(?) " border="0">
Linux as a Home Internet Gateway and Server
</H3>


<p><strong>From Nilesh M.  on Thu, 24 Dec 1998  
</strong></p>
<!-- ::
Linux as a Home Internet Gateway and Server
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
:: -->
<P><STRONG><IMG SRC="../gx/dennis/qbub.gif" ALT="(?)"
	HEIGHT="28" WIDTH="50" BORDER="0"
	>
Hi,
</STRONG></P>
<P><STRONG>
I just have some questions about setting up linux to run as a
server for my home computer and to share an internet connection
and also to setup as a server for the internet.
</STRONG></P>
<BLOCKQUOTE><IMG SRC="../gx/dennis/bbub.gif" alt="(!)"
	HEIGHT="28" WIDTH="50" BORDER="0"
	>
O.K. That is three different roles:
</BLOCKQUOTE>

<BLOCKQUOTE><ol>
<li>Network Server (which services)
<li>Internet Gateway (proxy and/or masquerading)
<li>Internet Host/Server (which services)
</ol></BLOCKQUOTE>

<BLOCKQUOTE>
It is possible for Linux to concurrently handle
all three roles --- though having all of your "eggs in
one basket" may be not be a good idea with regards to
security and risk assessment.
</BLOCKQUOTE>
<BLOCKQUOTE>
Traditionally your concerns would also have encompassed the
capacity planning --- but a typical modern PC with 200+
Pentium processor, 32Mb to 256Mb of RAM and 4Gb to 12Gb if
disk space has quite a bit of capacity compared to the Unix
hosts of even 5 to 10 years ago.
</BLOCKQUOTE>

<P><STRONG><IMG SRC="../gx/dennis/qbub.gif" ALT="(?)"
	HEIGHT="28" WIDTH="50" BORDER="0"
	>
Do you know if I can setup a linux box with one 10mbs ethernet for
a modem and a 100mbs ethernet for a network in my house?  Where do
I start and how would I do it.
</STRONG></P>

<BLOCKQUOTE><IMG SRC="../gx/dennis/bbub.gif" alt="(!)"
	HEIGHT="28" WIDTH="50" BORDER="0"
	>
I presume you're referring to a 10Mbps ethernet for a
cable modem, ISDN router (like the Trancell/WebRamp, or
the Ascend Pipeline series), or a DSL router.  These
usually provide 10Mbps interfaces and act as routers to
the cable, ISDN or xDSL services to which you're subscribed.
</BLOCKQUOTE>
<BLOCKQUOTE>
It's certainly possible for you to install two or three
ethernet cards into a Linux system.  Any decent modern
100Mbps ethernet card will also automatically handle
10Mbps if you plug them into such a LAN.  So you'd just
put two of these cards into your system, plug one into
your router and the other into your highspeed hub.
</BLOCKQUOTE>
<BLOCKQUOTE>
You often have to add the following line to your
<TT>/etc/lilo.conf</TT> to get kernel to recognize the second
ethernet card:
</BLOCKQUOTE>
<BLOCKQUOTE> <BLOCKQUOTE> <CODE>
append="ether=0,0,eth1"
</CODE> </BLOCKQUOTE> </BLOCKQUOTE>

<BLOCKQUOTE>
... the <tt>0,0,</tt> is a hint to autoprobe for the IRQ and
I/O base address for this driver.  Alternatively you might
have to specify the particulars for your cards
with a line like:
</BLOCKQUOTE>
<BLOCKQUOTE> <BLOCKQUOTE> <CODE>
append="ether=10,0x300,eth0 ether=11,0x280,eth1"
</CODE> </BLOCKQUOTE> </BLOCKQUOTE>

<BLOCKQUOTE>
... instead.    This line must be present in each
of the Linux "stanzas" (groups of lines which refer to
different Linux kernels with their corresponding root
filesystem pointers and other settings).
</BLOCKQUOTE>
<BLOCKQUOTE>
Of course you must run the <TT>/sbin/lilo</TT> command to read
any changes in your <TT>/etc/lilo.conf</TT> file and "compile"
them into a new set of boot blocks and maps.
</BLOCKQUOTE>
<BLOCKQUOTE>
If you have a normal modem connected to the system
--- it's possible to use that as well.  You can use
PPP (the pppd program) to establish Internet connection
over normal phone lines.  There are also internal
ISDN, T1 "FRADs" (frame relay access devices) and
CSU/DSU (or Codecs --- coder decoder units) that can be
installed into your PC and controlled by Linux drivers.
</BLOCKQUOTE>
<BLOCKQUOTE>
I've seen references to the ipppd to control some
sorts of internal ISDN cards.  I think most of the others
have drivers that make them 'look like' a modem or ethernet
driver to Linux.
</BLOCKQUOTE>
<BLOCKQUOTE>

</BLOCKQUOTE>
<P><STRONG><IMG SRC="../gx/dennis/qbub.gif" ALT="(?)"
	HEIGHT="28" WIDTH="50" BORDER="0"
	>
I just want to buy two 100mbs ethernet cards to hook up to each
other... so I don't think I'd need a hub do I?  I only want two
computers hooked up to this makeshift network.
</STRONG></P>
<P><STRONG>

</STRONG></P>
<BLOCKQUOTE><IMG SRC="../gx/dennis/bbub.gif" alt="(!)"
	HEIGHT="28" WIDTH="50" BORDER="0"
	>
You either need a hub, or you need a "crossover"
ethernet patch cord.  A normal cat 5 ethernet patch
cord isn't wired correctly to directly connect two
ethernet cards.
</BLOCKQUOTE>
<BLOCKQUOTE>

</BLOCKQUOTE>
<P><STRONG><IMG SRC="../gx/dennis/qbub.gif" ALT="(?)"
	HEIGHT="28" WIDTH="50" BORDER="0"
	>
Any help would be appreciated, especially something like a link to
a document which would give me a step by step setup.
</STRONG></P>
<P><STRONG>

</STRONG></P>
<BLOCKQUOTE><IMG SRC="../gx/dennis/bbub.gif" alt="(!)"
	HEIGHT="28" WIDTH="50" BORDER="0"
	>
I don't have such a link.  As you may have realized there
are  a couple of hundred HOWTO documents on Linux and
many of them relate to configuring various services.
</BLOCKQUOTE>
<BLOCKQUOTE>
Let's go back to our list of different roles:
</BLOCKQUOTE>
<BLOCKQUOTE>

</BLOCKQUOTE>
<BLOCKQUOTE>
Network Server (which services)
Internet Gateway (proxy and/or masquerading)
Internet Host/Server (which services)
</BLOCKQUOTE>
<BLOCKQUOTE>

</BLOCKQUOTE>
<BLOCKQUOTE>
Starting at the top.  You have a small network that
is not normally connected to the Internet (there isn't
a permanent dedicated Internet connection).  So, you
probably want to use "private net" addresses for your
own systems.   These are IP addresses that are reserved
--- they'll never be issued to any host on the Internet
(so you won't create any localized routing ambiguities
by using them on your systems).
</BLOCKQUOTE>
<BLOCKQUOTE>
There are three sets of these number:
</BLOCKQUOTE>
<BLOCKQUOTE>

</BLOCKQUOTE>
<BLOCKQUOTE>
192.168.*.*			    255 Class C nets
172.16.*.* through 172.31.*.*        15 Class B nets
10.*.*.*                              1 Class A net
</BLOCKQUOTE>
<BLOCKQUOTE>
... I use 192.168.42.* for my systems at home.
</BLOCKQUOTE>
<BLOCKQUOTE>
... These addresses can also be used behind firewalls
and Internet <EM>gateways</EM>.  The classic difference between
a router and a gateways is that a router just routes
package between networks (operating at the "transport"
layer of the ISO OSI reference model) while a gateway
does translation between protocols (operating at the
applications or other upper layers of the reference model).
</BLOCKQUOTE>
<BLOCKQUOTE>
In the case of Linux we can configure our one Linux system
to act as local server and as an Internet gateway.   Our
gateway can operate through "proxying" (using SOCKS or
other applications layer utilities to relay connections
between our private network and the rest of the world), or
through IP masquerading (using network address translation
code built into the kernel to rewrite packets as they are
forwarded --- sort of a network layer transparent proxying
method).
</BLOCKQUOTE>
<BLOCKQUOTE>
However, we're getting ahead of ourselves.
</BLOCKQUOTE>
<BLOCKQUOTE>
First we need to setup our Linux LAN server.  So
we install Linux and configure its internal ethernet card
with an IP address like 192.168.5.1.  This should have a
route that points to our internal network, something like:
</BLOCKQUOTE>
<BLOCKQUOTE><BLOCKQUOTE><CODE>
route add -net 192.168.5.0 eth0
</CODE></BLOCKQUOTE></BLOCKQUOTE>
<BLOCKQUOTE>

</BLOCKQUOTE>
<BLOCKQUOTE>
... to tell the kernel that all of the 192.168.5.*
hosts will be on the eth0 segment.
</BLOCKQUOTE>
<BLOCKQUOTE>
Now, what services do you want to make accessible
to your other systems.
</BLOCKQUOTE>
<BLOCKQUOTE>
By default a Linux installation makes a common set of
services (telnet, NFS, FTP, rsh, rlogin, sendmail/SMTP, web,
samba/SMB, POP and IMAP etc) available to any system which
can reach you.  Most of these are accessible via the
"internet service dispatcher" called '<tt>inetd</tt>'. The list of
these services is in the <TT>/etc/inetd.conf</TT> file.  Some other
services, such as mail transport and relaying (sendmail),
and web (<A HREF="http://www.apache.org/">Apache</A> httpd) 
are started in "standalone" mode --
that is they are started by <TT>/etc/rc.d/*/S*</TT> scripts.  NFS is
a special service which involves several different daemons
--- the portmapper and mountd in particular.  That's because
NFS is an "RPC" based service.
</BLOCKQUOTE>
<BLOCKQUOTE>
The fact that any system that can route packets to you can
request any service your system offers, and the fact that
most Unix and Linux systems offer a full suite of services
"right out of the box" has classically been a major security
problem.  Any bug in any service's daemon could result in a
full system compromise which could be exploited from
anywhere in the world.  This is what led to the creation of
TCP Wrappers (which is installed in all major Linux
distribution by default --- but is configured to be
completely permissive by default).  It is also why we have
"firewalls" and "packet filters."
</BLOCKQUOTE>
<BLOCKQUOTE>
It's tempting to think that you'll be too obscure for anyone
to break into.  However, these days there are many crackers
and 'script kiddies' who spend an inordinate amount of time
"portscanning" --- looking for systems that are vulnerable
--- taking them over and using them for further portscanning
sniffing, password cracking, spamming, warez distribution
and other activities.
</BLOCKQUOTE>
<BLOCKQUOTE>
I recently had a DSL line installed.  So, I'm now
connected to the Internet full time.  I've had it in for
less than a month and there are no DNS records that point
to my IP addresses yet.  I've already had at least three
scans for a common set IMAP bugs and one for a '<tt>mountd</tt>'
bug.  So, I can guarantee you that you aren't too obscure
to worry about.
</BLOCKQUOTE>
<BLOCKQUOTE>
You are also at risk when you use dial-up PPP over ISDN or
POTS (plain old telephone service) lines.  The probabilities
are still reasonably on your side when you do this.
However, it's worth configuring your system to prevent these
problems.
</BLOCKQUOTE>
<BLOCKQUOTE>
So, you'll want to edit two files as follows:
</BLOCKQUOTE>
<BLOCKQUOTE>

</BLOCKQUOTE>
<blockquote><pre>		/etc/hosts.allow
		ALL:LOCAL
</pre></blockquote><BLOCKQUOTE>

</BLOCKQUOTE>
<blockquote><pre>		/etc/hosts.deny
		ALL:ALL
</pre></blockquote>
<BLOCKQUOTE>
... that's the absolute minimum you should consider.
This configuration means that the tcpd program (TCP
Wrappers) will allow access to "local" systems (those
with no "dots" in their host names, relative to your
domain), and will deny access to all services by all
other parties.
</BLOCKQUOTE>
<BLOCKQUOTE>
For this to work properly you'll have to make sure that
all of your local hosts are given proper entries in your
<TT>/etc/hosts</TT> file and/or that you've properly set up your
own DNS servers with forward <EM>and reverse</EM> zones.  You'll
also want to make sure that your <TT>/etc/host.conf</TT> (libc5)
and/or <TT>/etc/nsswitch.conf</TT> (glibc2, aka libc6) are
configured to give precedence to your hosts files.
</BLOCKQUOTE>
<BLOCKQUOTE>
My host.conf file looks like:
</BLOCKQUOTE>
<BLOCKQUOTE>

</BLOCKQUOTE>
<blockquote><pre>		# /etc/host.conf
		order hosts bind
		multi on
</pre></blockquote><BLOCKQUOTE>
and my <TT>/etc/nsswitch.conf</TT> looks like:
</BLOCKQUOTE>
<BLOCKQUOTE>

</BLOCKQUOTE>
<blockquote><pre>		passwd: db files nis
		shadow: db files nis
		group:  db files nis

		hosts:		files dns
		networks:       files dns

		services:       db files
		protocols:      db files
		rpc:		db files
		ethers:		db files
		netmasks:       files
		netgroup:       files
		bootparams:     files

		automount:      files
		aliases:        files
</pre></blockquote><BLOCKQUOTE>
glibc2 has hooks to allow extensible lookup for
each of these features through modular service
libraries.  Thus we'll soon be seeing options to
put '<tt>LDAP</tt>' in this services switch file ---
so that hosts, user and group info, etc could be
served by an nss_ldap module which would talk to
some LDAP server.  We could see some user and group
information served by "Hesiod" records (over DNS
or secure DNS protocols) using some sort of <tt>nss_hesiod</tt>
module.  We might even see NDS (Novell/Netware directory
services) served via an <tt>nss_nds</tt> module.
</BLOCKQUOTE>
<BLOCKQUOTE>
But I'm straying from the point.
</BLOCKQUOTE>
<BLOCKQUOTE>
Once you've done this, you should be able to provide
normal services to your LAN.  Precisely how you set
up your client system depends on what OS they run and
which services you want to access.
</BLOCKQUOTE>
<BLOCKQUOTE>
For example.  If you want to share files over NFS with
your Linux or other Unix clients, you'd edit
the <TT>/etc/exports</TT> file on your Linux server to specify
which directory trees should be accessible to which
client systems.
</BLOCKQUOTE>
<BLOCKQUOTE>
Here's an exports file from one of my systems:
</BLOCKQUOTE>
<BLOCKQUOTE>

</BLOCKQUOTE>
<blockquote><pre># /       *.starshine.org(ro,insecure,no_root_squash)
# /       192.168.5.*(ro,insecure,no_root_squash)
/etc/   (noaccess)
/root/  (noaccess)
/mnt/cdrom 192.168.5.*(insecure,ro,no_root_squash)
</pre></blockquote><BLOCKQUOTE>
... note I've marked two directories as "<tt>noaccess</tt>" which I
use when I'm exporting my root directory to my LAN.  I do
this to prevent any system in the rest of my network from
being able to read my configuration and passwd/shadow files.
I only export my root directory in read-only mode, and I
only do that occasionally and temporarily (which is why
these or commented out at the moment).  My CDROM I leave
available since I'm just not worried about anyone in the
house reading data off of any CD's I have around.
</BLOCKQUOTE>
<BLOCKQUOTE>
Keep in mind that NFS stands for "no flippin' security" ---
anyone in control of any system on your network can pose as
any non root user and access any NFS share "as" that user
(so far as all filesystem security permissions are
concerned.  NFS was designed for a time when sites only had
a few host systems and all of those were connected and
tightly controlled in locked rooms.  NFS was never intended
for use in modern environments where people can carry a
Linux, <A HREF="http://www.freebsd.org/">FreeBSD</A>, or even Solaris x86 system into your office
under one arm (installed on a laptop) and connect it to the
nearest ethernet jack (now scattered throughout every corner
of modern offices --- I've seen them in the <em>reception
areas</em> of some sites).
</BLOCKQUOTE>
<BLOCKQUOTE>
To do filesharing for your Windows boxes you'd configure
Samba by editing <TT>/etc/smb.conf.</TT>  To act as a fileserver
for your MacOS systems you'd install and configure
'netatalk'.   To emulate a Netware fileserver you'd
install Mars_nwe, and/or buy a copy of the Netware Server
for Linux from <A HREF="http://www.caldera.com/">Caldera</A> (<A HREF="http://www.caldera.com">http://www.caldera.com</A>).
</BLOCKQUOTE>
<BLOCKQUOTE>
There are ways to configure your system as a printer server
for any of these constituencies as well.
</BLOCKQUOTE>
<BLOCKQUOTE>
Beyond file and print services we move to the "commodity
internet services" like FTP, telnet, and HTTP (WWW).
There's generally no special configuration necessary for
these (if you've installed any of the general purpose
Linux distributions).
</BLOCKQUOTE>
<BLOCKQUOTE>
If you create an FTP account in your <TT>/etc/passwd</TT> file then
anonymous FTP will be allowed to access a limited
subdirectory of files.  If you rename this account to
"noftp" or to "ftpx" or to anything other than "ftp" and/or
if you remove the account entirely than you system will not
allow anonymous FTP at all.  If you allow anonymous FTP you
can simply put any file that you want made public into the
~ftp/pub directory --- and make sure that they are readable.
By default the FTP services are run through tcpd so they
will respect your hosts.allow/hosts.deny settings.
</BLOCKQUOTE>
<BLOCKQUOTE>
If you're going to set up a "real" FTP site for
public mirroring or professional "extranet" applications
you'd want to use ncftpd, proftpd, or beroftpd instead of
the now aging WU-ftpd or the old BSD FTP daemon (in.ftpd).
These alternative FTP daemons have their own configuration
files and can support virtual hosting and other features.
In some of them you can create "virtual users --- accounts
that are only valid for FTP access to specific FTP subtrees
and/or virtually hosted services --- accounts that can be
used to access any other service on the system.
</BLOCKQUOTE>
<BLOCKQUOTE>
Web services are controlled with their own configuration
files.  There are a couple of whole books just on the
configuration of Apache servers.  By default they let anyone
view any web pages that you put into the 'magic' directories
(<tt>/home/httpd/docs</tt> or something like that).
</BLOCKQUOTE>
<BLOCKQUOTE>
It's possible to limit access to specific directories
according the the IP addresses (or reverse DNS names) of the
clients.  As with TCP Wrappers this should not be considered
to be a form "authentication" --- but it can be used to
distinguish between "local" and "non-local" systems <em>IF YOU
HAVE ANTI-SPOOFING PACKET FILTERS</em> in place (a part of any
good firewall).
</BLOCKQUOTE>
<BLOCKQUOTE>
<tt>telnet</tt>, <tt>rlogin</tt>, <tt>rsh</tt>, and other forms 
of interactive shell access are generally pretty easy to setup.  
Like many Unix/Linux services it is harder to disable or to limit
access to these services than it is to allow it.
</BLOCKQUOTE>
<BLOCKQUOTE>
Under <A HREF="http://www.redhat.com/">Red Hat</A> Linux access 
to these and other
"authenticating" services can be controlled by editing
PAM configuration files under <TT>/etc/pam.d/</TT>
</BLOCKQUOTE>
<BLOCKQUOTE>
So, the short answer to the question "How do I set
up Linux as a server?"  is you install it, setup
its address and routing, then you install and
configure the services that you want to provide.
</BLOCKQUOTE>
<BLOCKQUOTE>
Now, when we we want to use Linux as a gateway to
the Internet (or any other network --- to connect
you home network to your office or to a friend's
network) you first resolve the addressing and routing
issues (set up your second interface and add the
appropriate routes).  Then you use IP masquerading
<EM>or</EM> proxy services (SOCKS) to allow your systems
(using the non-routable "private net" addresses)
to access services on the Internet.
</BLOCKQUOTE>
<BLOCKQUOTE>
To use IP masquerading with the old ipfwadm code
(as present in the standard 2.0.x kernels you just
issue a command like:
</BLOCKQUOTE>
<BLOCKQUOTE><BLOCKQUOTE><CODE>
ipfwadm -F -a accept -m -D 0.0.0.0/0 -S 192.168.5.0/24
</CODE></BLOCKQUOTE></BLOCKQUOTE>

<BLOCKQUOTE>
... which adds (<tt>-a</tt>) a rule to the forwarding (<tt>-F</tt>) table
to "accept" for "masquerading" (<tt>-m</tt>) any packets that are
"destined for" (<tt>-D</tt>) anywhere (<tt>0.0.0.0/0</tt>) and are from
source IP addresses (<tt>-S</tt>) that match the pattern
192.168.5.0/24 (an address mask that specifies the first
24 bits, or three octets as the "network portion" of the
address --- and therefore covers that whole class C
network).
</BLOCKQUOTE>
<BLOCKQUOTE>
You should definitely use a modular kernel and almost
certainly should have '<tt>kerneld</tt>' loaded when you use
this masquerading technique.  That's because there are
several common protocols (especially FTP) which require
special handling for masquerading (in the case of FTP
there's a data connection that comes back from the
server to the client, while the data connection when
in the usual direction from the client to the server.
</BLOCKQUOTE>
<BLOCKQUOTE>
For this reason I actually prefer applications proxying.
To use that you go to the "contrib" directory at any Red Hat
site and download the SOCKS server and client packages.
You install the server on your Linux gateway then you
install the clients on any of your Linux clients.
</BLOCKQUOTE>
<BLOCKQUOTE>
On the SOCKS gateway you create a file: <TT>/etc/socks5.conf</TT>
with something like this for its contents:
</BLOCKQUOTE>

<blockquote><pre>		route   192.168.5.     -       eth0
		permit  -       -       -       -       -       -
</pre></blockquote>
<BLOCKQUOTE>
... there are many options that you can use to
limit access to the socks gateway --- but this is the
simplest working example.
</BLOCKQUOTE>
<BLOCKQUOTE>
On the Linux clients you create a file named
<TT>/etc/libsocks5.conf</TT> with an entry in it that looks
something like:
</BLOCKQUOTE>

<blockquote><pre>	socks5 	   -	-	-	-	192.168.5.2
	noproxy	   -	192.168.5.	-
</pre></blockquote><BLOCKQUOTE>
... where the ".2" address is the one on which I was
running this SOCKS server.
</BLOCKQUOTE>
<BLOCKQUOTE>
For the non Linux clients you have various different
configuration methods.  Most Windows TCP/IP utility
suites (other than Microsoft's) support SOCKS proxies.
There are replacement WINSOCK.DLL's that support this
proxying protocol transparently for most/all other
Windows services.  The MacOS applications also seem to
support SOCKS pretty widely.
</BLOCKQUOTE>
<BLOCKQUOTE>
There are a few alternatives to NEC's SOCKS servers.
I've found "DeleGate" to be a pretty good one (search
for it on Freshmeat).  DeleGate as the advantage that you
can use it as a "manually traversed" proxy as well as
a "SOCKS" compatible one.  The SOCKS proxying protocol
allows the client software to communicate with the
proxy server to relay information about the request to
it, so that it can, in turn, relay that to a process
that runs on the external servers.  This is called
"traversal."
</BLOCKQUOTE>
<BLOCKQUOTE>
Non-SOCKS proxies have to have some other traversal
mechanism.  Many of them are "manually traversed" --- I
telnet or ftp to the TIS FWTK proxies (for example) and I
log in as "<A HREF="mailto:myname@myrealtarget.org"
		>myname@myrealtarget.org</A>." --- in other words I
encode additional account <EM>and destination</EM> information into
the prompts where I'd normally just put my account name.
</BLOCKQUOTE>
<BLOCKQUOTE>
DeleGate allows you do use this manual traversal mechanism
when you are stuck with a non-SOCKSified client.
</BLOCKQUOTE>
<BLOCKQUOTE>
I've also seen reference to another SOCKS server
package called "Dante" --- that's also listed at
Freshmeat (<A HREF="http://www.freshmeat.net"
		>http://www.freshmeat.net</A>).
</BLOCKQUOTE>
<BLOCKQUOTE>
There are also a few other types of proxies for special
services.  For example the Apache web server, and the CERN
web server and a few others can be used as "caching web
proxies."  Squid can proxy and cache for web and FTP.
</BLOCKQUOTE>
<BLOCKQUOTE>
Some services, such as mail and DNS are inherently
"proxy" capable by design.  I can't adequately cover
DNS or e-mail services in this message.  There are
full-sized books on each of these.
</BLOCKQUOTE>
<BLOCKQUOTE>
So that's the very basics of using Linux as a
gateway between a private LAN and the Internet.  If you
get a set of "real" IP addresses, and you insist on
using these to allow "DRIP" (directly routed IP) into your
LAN you don't have to do any of this IP masquerading or
proxying --- but you should do some packet filtering
to protect your client systems and servers.
</BLOCKQUOTE>
<BLOCKQUOTE>
Good packet filtering is difficult.  I alluded to one of the
problem when I pointed out that FTP involves two different
connections --- an outgoing control connection and an
incoming data connection.  There's also a "PASV" or
"passive" mode which can help with that --- but it still
involves two connections.  This wreaks havoc with simple
packet filtering plans since we can't just blindly deny
"incoming" connection requests (based on the states of the
"SYN" and "ACK" flags in the TCP packet headers.  One of the
"advantages" (or complications) of "stateful inspection" is
that it tracks these constituent connections (and the TCP
sequencing of all connections) to ensure consistency.
</BLOCKQUOTE>
<BLOCKQUOTE>
A decent set of packet filters will involve much more code
than the set of proxying and masquerading examples I've
shown here.  I personally don't like DRIP configurations.  I
think they represent too much risk for typical home and
small business networks.  However, here's a sample
</BLOCKQUOTE>

<blockquote><pre># Flush the packet filtering tables
/root/bin/flushfw

# Set default policy to deny

/sbin/ipfwadm -I -p deny
/sbin/ipfwadm -F -p deny
/sbin/ipfwadm -O -p deny


# Some anti-martian rules -- and log them
	## eth1 is outside interface

/sbin/ipfwadm -I -o -W eth1 -a deny -S 192.168.0.0/16
/sbin/ipfwadm -I -o -W eth1 -a deny -S 172.16.0.0/12
/sbin/ipfwadm -I -o -W eth1 -a deny -S 10.0.0.0/8
/sbin/ipfwadm -I -o -W eth1 -a deny -S 127.0.0.0/8

# Some anti-leakage rules -- with logging
	## eth1 is outside interface

/sbin/ipfwadm -O -o -W eth1 -a deny -S 192.168.0.0/16
/sbin/ipfwadm -O -o -W eth1 -a deny -S 172.16.0.0/12
/sbin/ipfwadm -O -o -W eth1 -a deny -S 10.0.0.0/8
/sbin/ipfwadm -O -o -W eth1 -a deny -S 127.0.0.0/8

	## these are taken from RFC1918 --- plus
	## the 127.* which is reserved for loopback interfaces


# An anti-spoofing rule -- with logging
/sbin/ipfwadm -I -o -W eth1 -a deny -S 222.250.185.16/28

# No talking to our fw machine directly
	## (all packets are destined for forwarding to elsewhere)

/sbin/ipfwadm -I -o -a deny -D 222.250.185.14/32
/sbin/ipfwadm -I -o -a deny -D 222.250.185.30/32


# An anti-broadcast Rules
	## (block broadcasts)
/sbin/ipfwadm -F -o -a deny -D 222.250.185.15/32
/sbin/ipfwadm -F -o -a deny -D 222.250.185.31/32

# Allow DNS
	## only from the servers listed in my caching server's
	## /etc/resolv.conf

/sbin/ipfwadm -F -a acc -D 222.250.185.18/32 -P udp  -S 192.155.183.72/32
/sbin/ipfwadm -F -a acc -D 222.250.185.18/32 -P udp  -S 192.174.82.4/32
/sbin/ipfwadm -F -a acc -D 222.250.185.18/32 -P udp  -S 192.174.82.12/32

# anti-reserved ports rules
	##  block incoming access to all services
/sbin/ipfwadm -F -o -a deny -D 222.250.185.16/28 1:1026 -P tcp
/sbin/ipfwadm -F -o -a deny -D 222.250.185.16/28 1:1026 -P udp


# Diode
	## (block incoming SYN/-ACK connection requests)
	## breaks FTP
/sbin/ipfwadm -F -o -a deny -D 222.250.185.16/28 -y

## /sbin/ipfwadm -F -o -i acc \
##	-S 0.0.0.0/0 20 -D 222.250.185.16/28 1026:65535 -y
##	simplistic FTP allow grr!


# Allow client side access:
	## (allow packets that are part of existing connections)
/sbin/ipfwadm -F -o -a acc -D 222.250.185.16/28 -k
</pre></blockquote>

<BLOCKQUOTE>
There are bugs in that filter set.  Reading the comments
you'll see where I know of a rule that handles most FTP ---
but opens risks any services that run on ports above 1024
--- like X windows (6000+) etc.  This would simply require
the attacker to have control of their system (be root on
their own Linux or other Unix system --- not too tough) and
for them to create package that appeared to come from their
TCP port 20 (the ftp data port).  That's also trivial for
anyone with a copy of '<tt>spak</tt>' (send packet).
</BLOCKQUOTE>
<BLOCKQUOTE>
So, I have this rule commented out and I don't show a set of
rules to allow localhost systems to connect to a proxy FTP
system.
</BLOCKQUOTE>
<BLOCKQUOTE>
Note that these addresses are bogus.  They don't point to
anything that I know of.
</BLOCKQUOTE>
<BLOCKQUOTE>
The only parts of this set of filters that I feel confident
about are the parts where I deny access for incoming spoofed
packets (the ones that claim to be from my own addresses or
from non-routable or "martian" addresses like localhost).  I
also have rules to prevent my system from "leaking" any
stray private net and/or martian packets out into the
Internet.  This is a courtesy --- and it has the practical
benefit that I'm much less likely to "leak" any confidential
data that I'm sharing between "private net" system on my LAN
--- even if I screw up my routing tables and try to send
them out.
</BLOCKQUOTE>
<BLOCKQUOTE>
I've read a bit about <tt>ipfil</tt> (Darren Reed's IP Filtering
package --- which is the de facto standard on FreeBSD and
other BSD systems and which can be compiled and run on
Linux.  This seems to offer some "stateful" features that
might allow one to more safely allow non-passive FTP.
However, I don't know the details.
</BLOCKQUOTE>
<BLOCKQUOTE>
The 2.2 kernels will include revamped kernel packet
filtering which will be controlled by the 'ipchains'
command.  This is also available as a set of unofficial
patches to the 2.0 series of kernels.  This doesn't seem to
offer any "stateful inspection" features but it does have a
number of enhancents over the existing ifpwadm controlled
tables.
</BLOCKQUOTE>
<BLOCKQUOTE>
Your last question was about configuring Linux as an
Internet server (presumably for public web pages, FTP or
other common Internet services.
</BLOCKQUOTE>
<BLOCKQUOTE>
As you might have gathered by now; that is the same as
providing these service to your own LAN.  Under Linux (and
other forms of Unix) any service default to world-wide
availability (which is why we have firewalls).
</BLOCKQUOTE>
<BLOCKQUOTE>
I've spent some time describing how Linux and other Unix
systems need to be specially configured in order to <EM>limit</EM>
access to services to specific networks.  Otherwise someone
in Brazil can as easily print document on your printer as
you.
</BLOCKQUOTE>
<BLOCKQUOTE>
To be an Internet server all you have to do is have a static
IP address (or regularly update your address record at
<A HREF="http://www.ml.org">http://www.ml.org</A>).  Once people know how to route requests
to your server --- assuming you haven't taken steps to block
those requests --- Linux will serve them.
</BLOCKQUOTE>
<BLOCKQUOTE>
Most of the challenges in setting up networks relate
to addressing, routing, naming and security.  Most of us
still use "static" routing for our own networks ---
just manually assigning IP addresses when we first deploy
our new systems.  Most of us with dial-in PPP get dynamic
IP addresses from our ISP's.  Some sites now use DHCP to
provide dynamic addresses to desktop systems (servers
still need consistent addresses --- and using DHCP for
those just introduced additional opportunities for failure).
</BLOCKQUOTE>
<BLOCKQUOTE>
For routing, subnetting, and LAN segmentation issues ---
read my posting on routing from last month (I think Heather is
publishing it this month).  That's about 30 pages long!
</BLOCKQUOTE>
<BLOCKQUOTE>
(The one thing I glossed over in that was "proxyarp"
on ethernet.  It's covered in <a href="./tag/72.html">another message
this month</a> so glance at it if you'd like to learn more.)
</BLOCKQUOTE>

<BLOCKQUOTE>
I hope I've imparted some hint on the importance of
considering your systems security.  Even if you have nothing
of value on your systems --- if the thought of some cracker
vandalizing your files for kicks is of no concern to you ---
it is irresponsible to connect a poorly secured system to
the Internet (since your compromised system may be used to
harass other networks).
</BLOCKQUOTE>

<P><STRONG><IMG SRC="../gx/dennis/qbub.gif" ALT="(?)"
	HEIGHT="28" WIDTH="50" BORDER="0"
	>
I would like to write a faq about this after I'm done... hopefully
I can help other after a bit of exprimenting myself.
</STRONG></P>

<BLOCKQUOTE><IMG SRC="../gx/dennis/bbub.gif" alt="(!)"
	HEIGHT="28" WIDTH="50" BORDER="0"
	>
While the offer is appreciated --- it would be more of a
book than an FAQ.  However, I would like to see some "Case
Studies" --- descriptions of typical SOHO (small office,
home office), departmental, and enterprise Linux (and
heterogenous) installations.
</BLOCKQUOTE>
<BLOCKQUOTE>
These would include network maps, "sanitized" examples of
the addresses, routing tables and configuration files for
all services that are deployed in the network, on all of the
clients and servers present.  Company, domain and other
names, and IP addresses would be "anonymized" to discourage
any abuse and minimize any risk represented by exposure.
(E-mail addresses of the contributors could be "blind"
aliased through my domain or hotmail, or whatever).
</BLOCKQUOTE>
<BLOCKQUOTE>
The important thing here is to define the precise mixture of
services that you intend to provide and the list of users
and groups to which you intend to provide them.  This is a
process that I've harped on before -- requirements analysis.
</BLOCKQUOTE>
<BLOCKQUOTE>
You need to know <EM>who</EM> you are serving and <EM>what</EM> services
they need.
</BLOCKQUOTE>

<P><STRONG><IMG SRC="../gx/dennis/qbub.gif" ALT="(?)"
	HEIGHT="28" WIDTH="50" BORDER="0"
	>
Thanks
<br>Nilesh.
</STRONG></P>

<!-- sig -->

<!-- end 78 -->
<!--     .~~.~~.~~.~~.~~.~~.~~.~~.~~.~~.~~.~~.~~.~~.~~.~~.~~.~~.     -->
<A NAME="tag/79"><HR WIDTH="75%" ALIGN="center"></A>
<!-- begin 79 -->
<H3 align="left"><img src="../gx/dennis/qbubble.gif" height="50" width="60"
	  alt="(?) " border="0">
Persistent Boot Sector
</H3>


<p><strong>From Hummingbird Designs on Thu, 24 Dec 1998  
</strong></p>
<!-- ::
Persistent Boot Sector
~~~~~~~~~~~~~~~~~~~~~~
:: -->
<P><STRONG><IMG SRC="../gx/dennis/qbub.gif" ALT="(?)"
	HEIGHT="28" WIDTH="50" BORDER="0"
	>
Hi,
</STRONG></P>
<P><STRONG>
I installed Linux on my PC at work and had everything working with
System commander, I have to use NT for some apps we use at work.
</STRONG></P>
<P><STRONG>
anyway, I was trying to get the nic card working so I tried using
the setup tool to install the kernel from the Cdrom that is used
to install linux off a network.  Now everytime I turn on the
machine it gives me the screen as if I had installed a bootdsk
like when you first install Linux. I have done EVERYTHING I know
of to get that out of there . . .I used a zerofill utility that
goes over each and every sector of every track and fills it with
0's including the MBR. and that damn message still comes up
everytime I boot. . .  I was thinking of removing my Hard drive
and seeing if it flashed my BIOS or something cause according to
Quantum9its a quantum drive) their utility is almost like a low
level format.
</STRONG></P>
<P><STRONG>

</STRONG></P>
<BLOCKQUOTE><IMG SRC="../gx/dennis/bbub.gif" alt="(!)"
	HEIGHT="28" WIDTH="50" BORDER="0"
	>
"the setup tool..." (what setup tool?)
"the screen as if I had installed a bootdsk[sic]" (what
screen?)
"EVERYTHING" (what is "everything?").
"zerofill utility" (what utility?)
"that damn message" (what damn message?).
</BLOCKQUOTE>
<BLOCKQUOTE>
You do seem to be a bit sketchy on the specifics so I'll
have to guess.
</BLOCKQUOTE>
<BLOCKQUOTE>
You had (some distribution of) Linux installed on your
system in a dual boot configuration with NT.  You were using
System Commander as your primary boot manager.  Presumably
you installed LILO (the Linux loader) into the "logical boot
record" (the "superblock") of one of your Linux filesystems
(presumably the root fs).  While trying to configure or
troubleshoot some problem with a network card (NIC) you used
some sort of "setup" utility which somehow configured your
system to bypass System Commander's boot record (presumably
by overwriting it with a copy of LILO).  You've tried some
ways to restore your System Commander installation, and/or
to build a new MBR, and those have been unsuccessful.
</BLOCKQUOTE>
<BLOCKQUOTE>
O.K.  Given that guess work I have a hypothesis.  You may
have run something like '<TT>FDISK /MBR</TT>' from your NT boot disk.
This may have enabled the active partition in your MBR.  The
DOS MBR code would load the logical boot record of the
active partition.  If your Linux partition (with its copy
of LILO in the superblock" ) just happened to be the active
partition at the time --- you might see that copy of LILO
(one of two that had been installed on your disk, one on the
MBR and the other in the LBR/superblock) as the first screen
on boot up.
</BLOCKQUOTE>
<BLOCKQUOTE>
(I'm not sure this scenario accounts for all of your
symptoms since this is all based on guesswork).
</BLOCKQUOTE>
<BLOCKQUOTE>
I have no idea what your "zero fill" utility is doing ---
but it almost certainly is not zero'ing out track zero of
your hard drive (including the MBR).  That would render the
system unbootable and would destroy the primary copy of your
partition table (the last 50 bytes or so of the MBR).  The
Linux/Unix command to do this is very simple:
</BLOCKQUOTE>
<BLOCKQUOTE> <BLOCKQUOTE> <CODE>
dd if=/dev/zero of=/dev/hda bs=512 count=63
</CODE> </BLOCKQUOTE> </BLOCKQUOTE>

<BLOCKQUOTE>
... where <TT>/dev/hda</TT> is the first IDE drive, 512 is the bytes
per sector and count is the number of sectors in a typical
track.  DON'T DO THIS!  (If you insist on doing this, first
double check which device you want to use, the first IDE is
<TT>/dev/hda</TT> and the first SCSI is <TT>/dev/sda</TT>, then check the
number of sectors per track --- which should be listed in
your CMOS setup for an IDE drive and would be listed in your
vendor documentation and <EM>possibly</EM> by your SCSI adapter
diagnostics firmware).
</BLOCKQUOTE>
<BLOCKQUOTE>
You could save a copy of your MBR and partition table using
dd with a command like:
</BLOCKQUOTE>
<BLOCKQUOTE> <BLOCKQUOTE> <CODE>
dd if=/dev/hda bs=512 count=1 of=/root/mbr.bin
</CODE> </BLOCKQUOTE> </BLOCKQUOTE>

<BLOCKQUOTE>
... which you can use in scripts to compare and replace your
MBR in future mishaps.
</BLOCKQUOTE>
<BLOCKQUOTE>
It's possible that System Commander's boot loader is still
in the MBR --- but that it's been configured to skip it's
opening menu/selection prompting and boot directly off of
your Linux partition.
</BLOCKQUOTE>
<BLOCKQUOTE>
Of course it's also possible that Linux as completely
taken over your system; that's it's run amok and overwritten
every partition and drive on the system.  In my experience
that would only happen if you (or someone) <EM>told</EM> it do
do this.  I've never seen Linux touch any part of a hard
drive unless it was "told" to do so.  (Unlike MS-DOS,
OS/2, and Windows which periodically trash the MBR when
they hang --- apparently scribbling register or random
memory contents over track zero, sector zero when those
zero's just happen to be in the the register during the
dying spasms of those systems).
</BLOCKQUOTE>
<BLOCKQUOTE>
There is virtually no chance that Linux touched your flash
BIOS --- so this is not a bug in your firmware.  I'd say
that this "zerofill" utility is highly suspect.  Obviously
Linux users just use the 'dd' command for this sort of
thing.
</BLOCKQUOTE>
<BLOCKQUOTE>
As for how to fix you problem.  You could try re-installing
System Commander.  I've never used it --- but it seems
that it can find most types of partitions during
installation --- so it should be able to find your NT and
Linux filesystems and install a new copy of it's boot loader
code to  start either of these systems.  I've never used
System Commander --- but it is commercial software --- so
it <EM>SHOULD</EM> come with some technical support.  Perhaps they
can walk you through the re-installation.
</BLOCKQUOTE>
<BLOCKQUOTE>
Keep in mind that LILO can still be installed on your MBR,
your superblock, or <EM>both</EM>, so it might still show up after
you have System Commander or NT's boot manager installed.
It should then only come up <EM>after</EM> you've selected an
option from your primary boot loader.  This can be a
bit confusing --- so you can reconfigure lilo to
bypass any prompts or delays when you're calling it
in this fashion.
</BLOCKQUOTE>
<BLOCKQUOTE>
Keep in mind that you can also find, download, and
install LOADLIN.EXE into a DOS directory somewhere on
your system.  You can use that instead of LILO (it's a
DOS program that loads linux kernels).  I've heard a
rumor that there is an NT native console application
(an NT .EXE that you'd run under a CMD.EXE shell) to
load Linux.  I've never seen it.
</BLOCKQUOTE>
<BLOCKQUOTE>
If you end up having to re-install Linux and NT (probably
unnecessary --- but it might be the easiest way) you
can configure Linux to boot from floppy and never touch the
boot records on your hard disk.  It's also possible to
configure Linux to use some other hard disk on your system
--- and not have it touch your primary drive at all.
</BLOCKQUOTE>
<BLOCKQUOTE>
Read through back issues of this column and go through the
various multi-boot HOWTO's and mini-HOWTO's at the LDP site
(<A HREF="http://metalab.unc.edu/LDP">http://metalab.unc.edu/LDP</A>) 
and it's mirrors.  There are many options.
</BLOCKQUOTE>

<P><STRONG><IMG SRC="../gx/dennis/qbub.gif" ALT="(?)"
	HEIGHT="28" WIDTH="50" BORDER="0"
	>
C's from home and a nic card I know to install linux over the
network and see if that gets rif of it.
</STRONG></P>

<BLOCKQUOTE><IMG SRC="../gx/dennis/bbub.gif" alt="(!)"
	HEIGHT="28" WIDTH="50" BORDER="0"
	>
I don't get this at all.  How would you expect
installing Linux (over a network or otherwise) to <em>get
rid of</em> a Linux boot loader.
</BLOCKQUOTE>

<P><STRONG><IMG SRC="../gx/dennis/qbub.gif" ALT="(?)"
	HEIGHT="28" WIDTH="50" BORDER="0"
	>
any help would be appreciated
<br>Brian Korsund
</STRONG></P>

<!-- sig -->

<!-- end 79 -->
<!--     .~~.~~.~~.~~.~~.~~.~~.~~.~~.~~.~~.~~.~~.~~.~~.~~.~~.~~.     -->
<A NAME="tag/80"><HR WIDTH="75%" ALIGN="center"></A>
<!-- begin 80 -->
<H3 align="left"><img src="../gx/dennis/qbubble.gif" height="50" width="60"
	  alt="(?) " border="0">
Secondary MX Records: How and Why
</H3>


<p><strong>From Craig Capodilupo  on Thu, 24 Dec 1998  
</strong></p>
<!-- ::
Secondary MX Records: How and Why
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
:: -->
<BLOCKQUOTE>

</BLOCKQUOTE>
<P><STRONG><IMG SRC="../gx/dennis/qbub.gif" ALT="(?)"
	HEIGHT="28" WIDTH="50" BORDER="0"
	>
Some domains have multiple MX records. Sometimes the MX record of lower
preference, say 20, is an off-site domain.  Does this off-site server
have to be configured to hold mail until the primary exchanger is back
online?
</STRONG></P>
<P><STRONG>
I am going to use my UNIX server as a secondary mail exchanger but I am
not sure if it has to be configured.
</STRONG></P>
<P><STRONG>

</STRONG></P>
<BLOCKQUOTE><IMG SRC="../gx/dennis/bbub.gif" alt="(!)"
	HEIGHT="28" WIDTH="50" BORDER="0"
	>
In the good old days there was no special tricks to
providing secondary MX for your friends.  They would just
add you mail server to their DNS records, listing you as a
"less preferred" mail exchanger (an MX record with a higher
value than any of yours).  Mail would be relayed
automatically.
</BLOCKQUOTE>
<BLOCKQUOTE>
This was in the days of "promiscuous mail relaying" --- it
was easier to just let anyone relay mail though anyone else.
However, just as venereal disease contributed to the demise
of the "free love" promiscuity of the '60's --- the blight
of spam as spelled the end of open e-mail relaying in our
decade.
</BLOCKQUOTE>
<BLOCKQUOTE>
The problem was that spammers would dump their e-mail on any
open relay --- one piece of mail that might be addressed to
thousands of happless recipients (and with the return
addresses forged on top of that).
</BLOCKQUOTE>
<BLOCKQUOTE>
When you install '<tt>sendmail</tt>' version 8.9.x and later the open
relay to which early versions defaulted are now closed.
You'll have to create a relay map (default location in
<TT>/etc/mail/relay-domains)</TT> to enable relaying for your
sites).
</BLOCKQUOTE>
<BLOCKQUOTE>
There are some questions that relate to this in the
'<tt>sendmail</tt>' FAQ at:
</BLOCKQUOTE>
<BLOCKQUOTE> <BLOCKQUOTE> <CODE>
<A HREF="http://www.sendmail.org/faq/section3.html"
	>http://www.sendmail.org/faq/section3.html</A>#3.27
</CODE> </BLOCKQUOTE> </BLOCKQUOTE>
<BLOCKQUOTE>
... although you could disable this feature and allow
promiscuous relaying --- I'd not suggest this.
</BLOCKQUOTE>
<BLOCKQUOTE>
You'd eventually get hit by a spammer and then you'll
probably end up on Paul Vixie's "Real-time blackhole list"
(the RPL) or on "DorkSlayer's" ORBS (open relay blocking
system).  There are many sites these days that subscribe to
these free DNS lookup services in their "check_relay" macros
--- and deny any mail access whatsoever from any site listed
on one or either of these.
</BLOCKQUOTE>
<BLOCKQUOTE>
However, that should be all there is to it.  Normally your
mail would just get tossed into the queue at your MX
secondary's site where it will languish until your site is
back up (or less busy, or whatever).  In other words whatever
connectivity problem the original sender's site had in
getting to your primary MX host will probably go away within
a few hours --- and your secondary MX will relay your mail
during its normal queue runs.  The orginal sender will get
delay notifications (4 hours, 4 days, etc) according to the
settings in your secondary's configuration files.
</BLOCKQUOTE>
<BLOCKQUOTE>
Some people use these features in their firewall
configuration --- they place a higher MX host outside their
main network (on the exposed network segment) --- and all
outside mail has to hit it first (since they can never
connect to the preferred hosts inside due to the packet
filters).  The packet filters then allow that exposed host
(and only that exposed host) to transfer files into the
domain.  Thus the potential attacker can't attempt to
directly exploit bugs in the internal SMTP daemon
(especially if the "exposed" host is behind an anti-spoofing
screen, and has "source routing" disabled, which all Linux
systems default to).
</BLOCKQUOTE>
<BLOCKQUOTE>
A more elegant approach is to use "split DNS" --- so that
the external/exposed MX host appears (to the outside world)
to be the preferred mail destination while the real
preferred system (to your internal systems, and to your
exposed host itself) is sequestered on your internal network
using non-routable "private net" addresses.  The advantage
to this is that your potential attackers don't have any
information about your internal structure --- and they can't
route packets to your internal hosts at all (those don't
have "real" IP addresses).  Thus the outside attacker has to
resort to high wizardry to get packets to your hosts, before
any exploits can even be attempted.
</BLOCKQUOTE>
<BLOCKQUOTE>
(I should note that any attacks that can be carried through
the mail <EM>contents</EM> will still get delivered to you.  The
bugs this protects you from are those in the TCP connection
handling of the daemons --- not in the parsing of headers
and message contents).
</BLOCKQUOTE>
<BLOCKQUOTE>
I've heard of some sites that maintain separate queues for
their relay neighbors.  I don't know exactly how that works
--- but its similar to the way that ISP's maintain queues
for their SMTP customers.  Basically they create a
rule (probably an entry in their mailertable) that calls
the relay mailer with an extra parameter.  Thus all the
queue items end up in special, separate directories.
Then the SMTP ETRN command can be used (by customers) to
force a queue delivery (something like:
'<tt>sendmail -q -O QueueDirectory=/var/spool/mqueue.customerX</tt>')
when the customer's connection comes up.
</BLOCKQUOTE>
<BLOCKQUOTE>
Then there are sites that deliver all mail to a given site
into a single mail spool (mbox) file.  Hopefully they are
adding the "<tt>X-envelope-To:</tt>" headers as they do this.  Then
their clients use '<tt>fetchmail</tt>' to grab these messages, split
them back out and dispatch them according to the delivery
policies at the disconnected site.
</BLOCKQUOTE>
<BLOCKQUOTE>
Personally I still prefer UUCP for handling mail to
disconnected sites.  However, it is getting increasingly
difficult for new users to find people who understand UUCP.
(Oddly one study showed that the use of UUCP hasn't
decreased at all -- it's grown at a slow, steady couple of
percent all along.  However, compared to the explosive
growth of the Internet it as seemed, by comparison to
completely disappeared.  I think UUCP is still a <EM>very</EM> good
option for emerging countries and for anyone that isn't
maintaining dedicated connections to the Internet --- though
I'd say that a bit of work should be done on simple
configuration tools and examples.  It's easy enough to use
UUCP as a transport for DNS/Internet "domain" style
addresses.  So we don't need to ever return to the bad old
days of "bang paths").
</BLOCKQUOTE>

<P><STRONG><IMG SRC="../gx/dennis/qbub.gif" ALT="(?)"
	HEIGHT="28" WIDTH="50" BORDER="0"
	>
TIA,
<br>Craig
</STRONG></P>

<!-- sig -->

<!-- end 80 -->
<!--     .~~.~~.~~.~~.~~.~~.~~.~~.~~.~~.~~.~~.~~.~~.~~.~~.~~.~~.     -->
<A NAME="tag/81"><HR WIDTH="75%" ALIGN="center"></A>
<!-- begin 81 -->
<H3 align="left"><img src="../gx/dennis/qbubble.gif" height="50" width="60"
	  alt="(?) " border="0">
'lpd' Bug: "restricted service" option; Hangs Printer Daemon
</H3>


<p><strong>From Michael Martinez  on Thu, 24 Dec 1998  
</strong></p>
<!-- ::
'lpd' Bug: "restricted service" option; Hangs Printer Daemon
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
:: -->
<BLOCKQUOTE>

</BLOCKQUOTE>
<P><STRONG><IMG SRC="../gx/dennis/qbub.gif" ALT="(?)"
	HEIGHT="28" WIDTH="50" BORDER="0"
	>
The lpd that RedHat linux supplies has a problem. If you send it a print
job across the network, and you do not have an account on the print serve,
lpd forks a child, creates an entry for you in the queue, then hangs
because it can't find your user id. Do you know a remedy for this?
</STRONG></P>
<P><STRONG>
Michael Martinez
<br>System Administrator, C.S. Dept, New Mexico Tech
</STRONG></P>
<P><STRONG>

</STRONG></P>
<BLOCKQUOTE><IMG SRC="../gx/dennis/bbub.gif" alt="(!)"
	HEIGHT="28" WIDTH="50" BORDER="0"
	>
I think I read about this in the security mailing lists
recently.  It seems to be related to the "restricted
service" (rs) option in your <TT>/etc/printcap</TT>.
</BLOCKQUOTE>
<BLOCKQUOTE>
One option would be to remove the rs option from the
printcap and use packet filtering and <tt>hosts_access</tt>
(TCP_Wrappers) to restrict access to your print server(s).
</BLOCKQUOTE>
<BLOCKQUOTE>
Then look for updates to the packqage itself.
</BLOCKQUOTE>
<BLOCKQUOTE>
The first thing to do is to report this to 
<A HREF="http://www.redhat.com/">Red Hat</A> Inc.
after checking their web site and for any updates to
this package.  First find the package name using
rpm -q <TT>/usr/sbin/lpd.</TT>  This will tell you which RPM
package included the lpd command.
</BLOCKQUOTE>
<BLOCKQUOTE>
Then connect to <A HREF="ftp://updates.redhat.com"
		>ftp://updates.redhat.com</A> (or one of
its mirror sites).  I don't see one there yet.  If
you aren't already using the most current Red Hat version
(5.2 at this point) then check for that package in the
RPMS directory for the latest.  Red Hat Inc normally
embeds the version in the package and file names.
</BLOCKQUOTE>
<BLOCKQUOTE>
My <A HREF="http://www.suse.com/">S.u.S.E.</A> system 
(which uses RPM format but uses a
different suite of RPM files) reports <tt>lprold-3.0.1-14</tt>
as the package name that owns '<TT>/bin/sbin/lpd</TT>' --- so
I'd look for a S.u.S.E. RPM that was later than that.
</BLOCKQUOTE>
<BLOCKQUOTE>
Failing that look for a <A HREF="http://www.debian.org/">Debian</A> 
package (an update) and try using "alien" to convert that into an RPM.
Look up the Debian maintainer for that package at the
<A HREF="http://www.debian.org">http://www.debian.org</A> web site.
</BLOCKQUOTE>
<BLOCKQUOTE>
If that doesn't work, look for a canonical "home" site
for the package (lpr/lpd is a classic BSD subsystem
--- so looking at the <A HREF="http://www.freebsd.org/">FreeBSD</A> 
<A HREF="http://www.netbsd.org/">NetBSD</A> and/or 
<A HREF="http://www.openbsd.org/">OpenBSD</A>
sites for a later version of the "tarball" (sources
in .tar format) might work.  Look in the man pages
and run '<tt>strings</tt>' on the lpd binary --- and look through
other docs (use <tt>rpm -ql &lt;packagename&gt;</tt> for a list of all
files in that package) to see if an author or maintainer
for the base package is listed.  Then you can look at
that maintainer's web site or FTP server, and/or possibly
e-mail them.
</BLOCKQUOTE>

<BLOCKQUOTE>(The BSD sites are
<A HREF="http://www.freebsd.org">http://www.freebsd.org</A>,
<A HREF="http://www.netbsd.org">http://www.netbsd.org</A>,
<A HREF="http://www.openbsd.org">http://www.openbsd.org</A>,
in case you needed them.)
</BLOCKQUOTE>

<BLOCKQUOTE>
If you have a competent programmer on hand (I'm am <EM>not</EM>
a competent programmer) you could have them look through
the sources and apply a fix.  Then you'd e-mail the diffs
to your patches to the maintainer of the package (possibly
copying Red Hat Inc as well).    If you also looked at the
Debian site for an update you can copy their maintainer
on your fix as well.
</BLOCKQUOTE>
<BLOCKQUOTE>
They may not accept your patches --- but they will
certainly appreciate the effort and it may help them
focus on the right part of the code.
</BLOCKQUOTE>
<BLOCKQUOTE>
This is how Linux got where it is today.  (I've sent
patches in on 'sendmail', 'md5sum' and 'tripwire' in
the past --- and I'm <EM>not</EM> a programmer.  So anyone
who does feel competent in the art should not be
intimidated by the notion, and won't have to spend
nearly as long poring over the sources as I did for
my pathetic little suggestions).
</BLOCKQUOTE>
<BLOCKQUOTE>
I'd like to suggest one modest "New Year's Resolution"
to every Linux user:
</BLOCKQUOTE>
<BLOCKQUOTE><BLOCKQUOTE>
Find one bug or typo.  Fix it.
</BLOCKQUOTE></BLOCKQUOTE>

<BLOCKQUOTE>
... hunt through the man pages, docs, sources, etc
of a few of your favorite packages.  Find one thing
that's wrong or missing, correct it (or find someone
to do it with you) and submit the patch to the
appropriate parties.
</BLOCKQUOTE>
<BLOCKQUOTE>
Last year was the first year Linux was taken "seriously."
Let's make this the year that we prove that the "open source"
(TM) process is maintainable and yields truly superior
and mature results.
</BLOCKQUOTE>

<!-- sig -->

<!-- end 81 -->
<hr width="40%" align="center">

<!-- begin 90 -->
<H3 align="left"><img src="../gx/dennis/qbubble.gif" height="50" width="60"
	  alt="(?) " border="0">LPD forks and hangs/Linux</H3>


<p><strong>From Michael Martinez  on Sat, 26 Dec 1998  
</strong></p>
<P><STRONG>
Thanks a bunch for your great, documented help. Just so you know, RH 5.2
ships with this problem. So, I'll check out the other resources you gave
me. I've considered writing a patch for it - I might just do it!
</STRONG></P>
<P><STRONG>
Merry Christmas,
</STRONG></P>
<P><STRONG>
Michael Martinez
<br>System Administrator, C.S. Dept, New Mexico Tech
</STRONG></P>

<!-- end 90 -->
<!--     .~~.~~.~~.~~.~~.~~.~~.~~.~~.~~.~~.~~.~~.~~.~~.~~.~~.~~.     -->
<A NAME="tag/82"><HR WIDTH="75%" ALIGN="center"></A>
<!-- begin 82 -->
<H3 align="left"><img src="../gx/dennis/qbubble.gif" height="50" width="60"
	  alt="(?) " border="0">
Dual Boot Configurations
</H3>


<p><strong>From Justin Jenkins  on Thu, 24 Dec 1998  
</strong></p>
<!-- ::
Dual Boot Configurations
~~~~~~~~~~~~~~~~~~~~~~~~
:: -->
<BLOCKQUOTE>

</BLOCKQUOTE>
<P><STRONG><IMG SRC="../gx/dennis/qbub.gif" ALT="(?)"
	HEIGHT="28" WIDTH="50" BORDER="0"
	>
I'm ashamed to ask this but I don't know how!
i got a copy at work, and installed it on an
old 166 I would like to install it on my 450
can you help me??
-thanks
Justin
</STRONG></P>
<BLOCKQUOTE><IMG SRC="../gx/dennis/bbub.gif" alt="(!)"
	HEIGHT="28" WIDTH="50" BORDER="0"
	>
Have you tried the HOWTO?
</BLOCKQUOTE>
<BLOCKQUOTE>
<A HREF="http://metalab.unc.edu/LDP/HOWTO/mini/Linux+DOS+Win95+OS2.html"
	>http://metalab.unc.edu/LDP/HOWTO/mini/Linux+DOS+Win95+OS2.html</A>
</BLOCKQUOTE>
<!-- sig -->

<!-- end 82 -->
<!--     .~~.~~.~~.~~.~~.~~.~~.~~.~~.~~.~~.~~.~~.~~.~~.~~.~~.~~.     -->
<A NAME="tag/84"><HR WIDTH="75%" ALIGN="center"></A>
<!-- begin 84 -->
<H3 align="left"><img src="../gx/dennis/qbubble.gif" height="50" width="60"
	  alt="(?) " border="0">
Microtek Scanner Support:  Alejandro's Tale
</H3>


<p><strong>From AmericanPride88  on Sat, 26 Dec 1998  
</strong></p>
<!-- ::
Microtek Scanner Support:  Alejandro's Tale
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
:: -->
<BLOCKQUOTE>

</BLOCKQUOTE>
<P><STRONG><IMG SRC="../gx/dennis/qbub.gif" ALT="(?)"
	HEIGHT="28" WIDTH="50" BORDER="0"
	>
Hello Alejandro, I'm pretty annoyed that when I went to download
the file at Microtek Ibelieve it was this?/ epp 264 exe.
</STRONG></P>
<P><STRONG>

</STRONG></P>
<P><STRONG>
They didn't have it available , They should at least include some
info about their hardware on a CD so that my Hardware Wizard can
setup the right driver for the Damn Scanner, someone suggested. I
try a HP scanner. I believe I will
</STRONG></P>
<P><STRONG>
Return the C3 tomorrow. It was my Christmas present it's been
nothing but a Dissapointment to me.  Thank you...
</STRONG></P>
<P><STRONG>

</STRONG></P>
<P><STRONG>
If you can suggest a compatible Driver or anything else please
do. Thanks again!1
</STRONG></P>
<P><STRONG>
Sincerely, Rebecca
</STRONG></P>
<BLOCKQUOTE><IMG SRC="../gx/dennis/bbub.gif" alt="(!)"
	HEIGHT="28" WIDTH="50" BORDER="0"
	>
Who is Alejandro?
</BLOCKQUOTE>
<BLOCKQUOTE>
Rebecca,  it looks like you have sent this message astray.
First I'm not Alejandro, I'm Jim Dennis.  You sent this to
"<A HREF="mailto:answerguy@ssc.com">answerguy@ssc.com</A>" which is the access point to the Linux
Gazette "Answer Guy" column --- providing free technical
support (and a bit of spleen venting and curmudgeonly commentary)
for users of Linux.
</BLOCKQUOTE>
<BLOCKQUOTE>
Your message doesn't relate to Linux as far as I can see.  We
don't often use ".exe" files and Linux doesn't need a "Hardware
Wizard" to find and use any of its devices (except for the
guy at the keyboard, perhaps).
</BLOCKQUOTE>
<BLOCKQUOTE>
The primary resource for supporting scanners under Linux would
be SANE (Scanner Access is Now Easy) at:
<A HREF="http://www.mostang.com/sane">http://www.mostang.com/sane</A>
</BLOCKQUOTE>
<BLOCKQUOTE>

</BLOCKQUOTE>
<!-- sig --><BLOCKQUOTE>

</BLOCKQUOTE>

<!-- end 84 -->
<!--     .~~.~~.~~.~~.~~.~~.~~.~~.~~.~~.~~.~~.~~.~~.~~.~~.~~.~~.     -->
<A NAME="tag/85"><HR WIDTH="75%" ALIGN="center"></A>
<!-- begin 85 -->
<H3 align="left"><img src="../gx/dennis/qbubble.gif" height="50" width="60"
	  alt="(?) " border="0">
Modem HOWTO Author Gets Offer RE: WinModems
</H3>


<p><strong>From bf347 on Sat, 26 Dec 1998  
</strong></p>
<!-- ::
Modem HOWTO Author Get's Offer RE: WinModems
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
:: -->
<P><STRONG><IMG SRC="../gx/dennis/qbub.gif" ALT="(?)"
	HEIGHT="28" WIDTH="50" BORDER="0"
	>
I'm the author of the new Modem-HOWTO.  Someone sent me email saying that
he could put me in touch with someone who might release the info
needed to write a driver for Lucent LT Winmodems.  Is anyone interested?
Is the first line of this message truncated?  It is on my dumb terminal.
I'm writing this from a BBS that allows no editing of this message.
</STRONG></P>
<P><STRONG>
Dave Lawyer
<br><a href="mailto:bf347@lafn.org">bf347@lafn.org</a>
</STRONG></P>
<BLOCKQUOTE><IMG SRC="../gx/dennis/bbub.gif" alt="(!)"
	HEIGHT="28" WIDTH="50" BORDER="0"
	>
Ironically I was just answering another correspondent
who got burned by one of these things.
</BLOCKQUOTE>
<BLOCKQUOTE>
As I said there, I'll never purchase <EM>any</EM> internal
modem.
</BLOCKQUOTE>
<BLOCKQUOTE>
However, I'll post this message to my editor (it should
appear in the February LG if at all).  Maybe someone
else will be interested.
</BLOCKQUOTE>

<BLOCKQUOTE><em>
	[ February when you got it in December?  I sometimes
	  defer by one month, but not short messages like
	  this one.  Get more coffee.  BTW the other querent
	  has a Lucent WinModem, so I'm sure there's at least
	<strong>one</strong> interested reader.  Contrary
	to usual, I've left his address available in case 
	any readers want to make contact to take on the task.
	--&nbsp;Heather&nbsp;]
</em></BLOCKQUOTE>

<BLOCKQUOTE>
You could also send a message to the SVLUG (Silicon Valley
Linux Users Group) list --- since you appear to be in Los
Angeles.  I realize that L.A. doesn't have as large and
active a LUG as the SF Bay and Silicon Valley areas ---
thought I've heard that you're working on it.
</BLOCKQUOTE>
<BLOCKQUOTE>
Look at <A HREF="http://www.svlug.org">http://www.svlug.org</A> 
and <A HREF="http://www.balug.org">http://www.balug.org</A>
for a couple of Linux users groups up in Northern Cal
that might have some interested programmers.  Also
be sure to shop it around at your local UG's and in
the newsgroups and mailing lists.  I'm sure that
someone will pick off the job --- if the people at
Lucent, or wherever, aren't too onerous.
</BLOCKQUOTE>
<BLOCKQUOTE>
The message came through fine.
</BLOCKQUOTE>
<!-- sig -->
<!-- end 85 -->
<!--     .~~.~~.~~.~~.~~.~~.~~.~~.~~.~~.~~.~~.~~.~~.~~.~~.~~.~~.     -->
<A NAME="tag/86"><HR WIDTH="75%" ALIGN="center"></A>
<!-- begin 86 -->
<H3 align="left"><img src="../gx/dennis/qbubble.gif" height="50" width="60"
	  alt="(?) " border="0">
Condolences to Another Victim of the "LoseModem" Conspiracy
</H3>


<p><strong>From simone  on Sat, 26 Dec 1998  
</strong></p>
<!-- ::
Condolences to Another Victim of the "LoseModem" Conspiracy
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
:: -->
<P><STRONG><IMG SRC="../gx/dennis/qbub.gif" ALT="(?)"
	HEIGHT="28" WIDTH="50" BORDER="0"
	>
I think I allready know th answer...
</STRONG></P>
<P><STRONG>
Well I have a Lucent modem 56K
(it has been a mistake i didn't know winmodems existance
I was so happy with my old 14400)
</STRONG></P>
<P><STRONG>
It doesn't work with linux or solaris (so sad)
</STRONG></P>
<P><STRONG>
Do you have any suggestions?
</STRONG></P>
<BLOCKQUOTE><IMG SRC="../gx/dennis/bbub.gif" alt="(!)"
	HEIGHT="28" WIDTH="50" BORDER="0"
	>
Return the modem.  Complain bitterly to the
retailer and get their assurances that they
will stop ripping off their customers with these
pieces of garbage posing as computer peripherals.
</BLOCKQUOTE>
<BLOCKQUOTE>
Then get an external modem.  So far I've never heard of
an external "winmodem" --- and I've heard that it's
not feasible to design one.  Sticking with external
modems has always been a good idea.  They are more expensive
but they've always been better products.  Generally they are
more reliable (probably less power fluctuation and
electronic crosstalk from the other components inside the
PC).  It's also safer and better for the rest of the PC
(less crosstalk with the internal modem, less heat in
the case, virtually no chance that a modem that gets zapped
by a <EM>phone line</EM> power surge will destroy your CPU or
memory chips in the computer, etc).  Finally it's <EM>much</EM>
more convenient for most users (you have status lights;
you can move the modem to other systems easily and
replace it with an old "test" modem easily).
</BLOCKQUOTE>
<BLOCKQUOTE>
I personally will <EM>not</EM> ever buy an internal modem.
Not ever!
</BLOCKQUOTE>
<P><STRONG><IMG SRC="../gx/dennis/qbub.gif" ALT="(?)"
	HEIGHT="28" WIDTH="50" BORDER="0"
	>
thanks for reading
<br>sorry for bad English
<br>waitig for an answer
</STRONG></P>
<BLOCKQUOTE><IMG SRC="../gx/dennis/bbub.gif" alt="(!)"
	HEIGHT="28" WIDTH="50" BORDER="0"
	>
No problem.  I still have some other messages in
Spanish, Portugese, and maybe some in Italian that
I haven't answered yet.  I haven't had the time to
cut and paste them into Babelfish for the "rough"
translation.
</BLOCKQUOTE>
<P><STRONG><IMG SRC="../gx/dennis/qbub.gif" ALT="(?)"
	HEIGHT="28" WIDTH="50" BORDER="0"
	>
Un cordiale saluto
Montanari
</STRONG></P>
<!-- sig -->
<!-- end 86 -->
<!--     .~~.~~.~~.~~.~~.~~.~~.~~.~~.~~.~~.~~.~~.~~.~~.~~.~~.~~.     -->
<A NAME="tag/87"><HR WIDTH="75%" ALIGN="center"></A>
<!-- begin 93 -->
<H3 align="left"><img src="../gx/dennis/qbubble.gif" height="50" width="60"
	  alt="(?) " border="0">
Reading Audio Tapes using HP-DAT Drive
</H3>


<p><strong>From Thomas Kruse  on Fri, 25 Dec 1998  
</strong></p>
<!-- ::
Reading Audio Tapes using HP-DAT Drive
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
:: -->
<BLOCKQUOTE>

</BLOCKQUOTE>
<P><STRONG><IMG SRC="../gx/dennis/qbub.gif" ALT="(?)"
	HEIGHT="28" WIDTH="50" BORDER="0"
	>
Hi!
I wonder, if you can help me with the following issue:
I bought a brand new SCSI HP-DAT streamer. In the manual it is described
to treat audio-dat tapes as if they were read-only.
I tried to fetch the data from the tape, but I get always i/o erorrs. (I
tried "cat <TT>/dev/st0</TT>" "dd if=/dev/st0...")
Do I need special software or is it impossible to "read" audio tapes
with Linux? (I heard rumors, that this is possible with special Win95
software)
</STRONG></P>
<P><STRONG>
Regards, Thomas
</STRONG></P>
<P><STRONG>

</STRONG></P>
<BLOCKQUOTE><IMG SRC="../gx/dennis/bbub.gif" alt="(!)"
	HEIGHT="28" WIDTH="50" BORDER="0"
	>
That's an excellent question.  I have absolutely no
idea.  I guess you could look at the Linux st driver
sources and see if they need to be changed.  I guess
you might even write to the author or maintainer of the
st driver to ask for advice.
</BLOCKQUOTE>
<BLOCKQUOTE>
Looking under <TT>/usr/src/linux</TT>
I find, in <TT>.../drivers/scsi/st.c</TT> that the 2.0.36 sources
list Kai Makisara as the author.  I've blind copied his
addresses on this response.
</BLOCKQUOTE>
<BLOCKQUOTE>
Kai,  thanks for the work on the 'st' driver.  What
would prevent one from reading audio tapes using
<TT>/dev/stX</TT> under Linux?
</BLOCKQUOTE>
<BLOCKQUOTE>
I'm sorry if you're getting two copies of this
I wasn't sure which address from the st.c file to use.
</BLOCKQUOTE>
<BLOCKQUOTE>
(Note: this message is in response to a Linux Gazette
"Answer Guy" question.  I'll be happy to post any response
--- which may end up prevent future questions on this
topic.  If this is buried in an FAQ, HOWTO, or man page
somewhere, please point us at it and forgive us for not
finding it).
</BLOCKQUOTE>

<!-- sig -->

<!-- end 93 -->
<hr width="40%" align="center">
<!-- begin 87 -->
<H3 align="left"><img src="../gx/dennis/qbubble.gif" height="50" width="60"
	  alt="(?) " border="0">
More on: Reading Audio Tapes using HP-DAT Drive
</H3>

<p><strong>From Kai Makisara on Sat, 26 Dec 1998  
</strong></p>
<!-- ::
More on: Reading Audio Tapes using HP-DAT Drive
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
:: -->

<P><STRONG><IMG SRC="../gx/dennis/qbub.gif" ALT="(?)"
	HEIGHT="28" WIDTH="50" BORDER="0"
	>
There are (at least) two issues when using audio DAT tapes in a computer
DAT drive:
</STRONG></P>
<P><STRONG><ol>
<li>You may or may not be successful in using audio media to record
digital data. The tape cartridge does not contain the MRS (Media
Recognition System) identification data that most of the digital
tapes nowadays have.  The drive uses this data to determine the
tape length, etc. By default, the HP drives I have seen treat any
non-MRS tapes read-only. You can change this with a switch. I
assume this is what the HP manual means but not what you are
interested in.
<li>You may be able to read audio data using a computer DAT. This
depends on the firmware of the DAT driver. As far as I know, most
computer DAT drives are unable to read audio data. There have been
some drives from Silicon Graphics that were able to read audio
data. As far as I know, they were ordinary Archive DATs with
special firmware. You needed special SCSI commands to read audio
data (I don't know the commands).
</ul></STRONG></P>
<P><STRONG>
The Linux SCSI tape driver does not currently have any support for
reading audio data.
</STRONG></P>
<P><STRONG>
Kai
</STRONG></P>
<BLOCKQUOTE><IMG SRC="../gx/dennis/bbub.gif" alt="(!)"
	HEIGHT="28" WIDTH="50" BORDER="0"
	>
Thanks Kai.
</BLOCKQUOTE>
<BLOCKQUOTE>
I presume this is a result of the music industry's
lobbying.  The big record companies (Sony, Columbia,
et al) have been interferring with the digital
electronics industry for years in a misguided effort
to discourage bootlegging.
</BLOCKQUOTE>
<BLOCKQUOTE>
Oh well.  We're already at the stage where some people
are providing free writing --- the beginnings of an
"open content" movement.  This will probably encompassing
music and literature much as the "open source (TM)" movement
has made an impact on software.
</BLOCKQUOTE>
<BLOCKQUOTE>
I don't object to spending money on a good book or
a decent CD.  I'd just like to see more of it go to
the artist and I'd like some assurance that corporate
politics and big business aren't exerting undue control
over the contents.  However, I'll leave it at that before
this becomes overly political (and overtly subversive).
</BLOCKQUOTE>
<!-- sig -->
<!-- end 87 -->
<!--     .~~.~~.~~.~~.~~.~~.~~.~~.~~.~~.~~.~~.~~.~~.~~.~~.~~.~~.     -->
<A NAME="tag/91"><HR WIDTH="75%" ALIGN="center"></A>
<!-- begin 91 -->
<H3 align="left"><img src="../gx/dennis/qbubble.gif" height="50" width="60"
	  alt="(?) " border="0">
Best of Answer Guy:  A Volunteer?
</H3>


<p><strong>From EvilEd  on Fri, 25 Dec 1998  
</strong></p>
<!-- ::
Best of Answer Guy:  A Volunteer?
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
:: -->
<P><STRONG><IMG SRC="../gx/dennis/qbub.gif" ALT="(?)"
	HEIGHT="28" WIDTH="50" BORDER="0"
	>
Hi,
</STRONG></P>
<P><STRONG>
I've been reading "Answer Guy" for a while now. I have to say, it's
really informative and cool. Would'nt it be great to have an archive or
a separate page for "Best of Answer Guy 1998"?
</STRONG></P>
<P><STRONG>
Thanks and more power,
EVILed
</STRONG></P>
<BLOCKQUOTE><IMG SRC="../gx/dennis/bbub.gif" alt="(!)"
	HEIGHT="28" WIDTH="50" BORDER="0"
	>
Wow!  That sounds like a great News Year's project.
Would you like to do it?  Would anywhere like to do it?
</BLOCKQUOTE>
<BLOCKQUOTE>
If y'all put together your favorite 50 or 100 questions,
answers and rants from me --- I'll annotate them with
updated links and comments.  So you'll get a retrospective
on how things have changed since I wrote some of those
messages.  (In many cases I've learned more after that fact
--- often from reader comments and corrections.  In other
cases things have just changed since I wrote my responses).
</BLOCKQUOTE>
<BLOCKQUOTE>
However, I can't do this myself.  I wrote all that stuff
and the thought of reading back through all of it is
mind numbing.    So, if someone wants to volunteer on this
--- let me know.
</BLOCKQUOTE>
<!-- sig -->
<!-- end 91 -->
<!--     .~~.~~.~~.~~.~~.~~.~~.~~.~~.~~.~~.~~.~~.~~.~~.~~.~~.~~.     -->
<A NAME="tag/94"><HR WIDTH="75%" ALIGN="center"></A>
<!-- begin 94 -->
<H3 align="left"><img src="../gx/dennis/qbubble.gif" height="50" width="60"
	  alt="(?) " border="0">
termcap/terminfo Oddities to Remotely Run SCO App
</H3>


<p><strong>From Eric Freden  on Fri, 25 Dec 1998  
</strong></p>
<!-- ::
tercap/terminfo Oddities to Remotely Run SCO App
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
:: -->
<P><STRONG><IMG SRC="../gx/dennis/qbub.gif" ALT="(?)"
	HEIGHT="28" WIDTH="50" BORDER="0"
	>
Dear Answer Guy,
</STRONG></P>
<P><STRONG>

</STRONG></P>
<P><STRONG>
I managed to solve my keybinding problem
without your help (thanks anyway). Here is a synopsis:
I needed to run proprietary software (in Cobol, no less)
on a PPro running SCO Unixware via telnet from a
PII running RedHat 5.0. The SCO box had a limited
termcap file, none of which matched type linux
(Linux console) or xterm (for Linux X). Changing
TERM in Linux does not alter function key bindings!
The only way I could change keybindings was to mess
with <TT>/usr/lib/kbd/keytables</TT> which changes bindings
at boot or <TT>/usr/X11/lib/X11/xkb</TT> which alters bindings
upon startx. Both of these methods are global in nature
and will "break" existing applications like emacs.
I read the man pages on xterm where there is an
option to change to Sun style function keys bindings
(which was not SCO compatible either).
</STRONG></P>
<P><STRONG>
Then I noticed that xterm and nxterm (i.e. color xterm)
bind F1--F4 differently!?!?! By sheer luck, SCO has a
termcap entry called coxterm that is compatible with
nxterm keybindings. There is no termcap or terminfo
entry for nxterm in Linux. Why not? For that matter,
I see no effect in function keymappings after
changing existing termcap entries, compiling with tic,
and rebooting . Why not?
</STRONG></P>
<P><STRONG>
Eric Freden
</STRONG></P>
<P><STRONG>

</STRONG></P>
<BLOCKQUOTE><IMG SRC="../gx/dennis/bbub.gif" alt="(!)"
	HEIGHT="28" WIDTH="50" BORDER="0"
	>
Last I heard Eric S. Raymond was still maintaining
the termcap file.  He's also listed in the author's
section in the '<tt>terminfo</tt>' man page.  So perhaps he'd
be the best person to address these issues?
</BLOCKQUOTE>
<BLOCKQUOTE>
(I've copied him on this.  Hi Eric!  Missed you
at LISA.  Hope to see you at LinuxWorld Expo next March).
</BLOCKQUOTE>

<!-- sig -->

<!-- end 94 -->
<!--     .~~.~~.~~.~~.~~.~~.~~.~~.~~.~~.~~.~~.~~.~~.~~.~~.~~.~~.     -->
<A NAME="tag/95"><HR WIDTH="75%" ALIGN="center"></A>
<!-- begin 95 -->
<H3 align="left"><img src="../gx/dennis/qbubble.gif" height="50" width="60"
	  alt="(?) " border="0">
Arabic BiDi Support for Linux
</H3>


<p><strong>From Anas Nashif  on Fri, 25 Dec 1998  
</strong></p>
<!-- ::
Arabic BiDi Support for Linux
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
:: -->

<P><STRONG><IMG SRC="../gx/dennis/qbub.gif" ALT="(?)"
	HEIGHT="28" WIDTH="50" BORDER="0"
	>
Hi,
I was wondering if its possible in one way or another to use arabic on
linux..  Is there anything being done in this field? and how difficult 
it is to implement it?
</STRONG></P>
<P><STRONG>
thanks,
<br>anas
</STRONG></P>
<P><STRONG>
Anas Nashif	&nbsp; &nbsp; &nbsp; Universitaet Mannheim
</STRONG></P>

<BLOCKQUOTE><IMG SRC="../gx/dennis/bbub.gif" alt="(!)"
	HEIGHT="28" WIDTH="50" BORDER="0"
	>
Sorry it took me so long to answer this question.
I finally did get around to doing a Yahoo! search on
"<tt>+Linux +Arabic</tt>" and found this reference:
</BLOCKQUOTE>

<BLOCKQUOTE><dl>
<dt>Linux in Turkey
<dd><tt><A HREF="http://www.slashdot.org/articles/98/09/05/1624256.shtml"
	>http://www.slashdot.org/articles/98/09/05/1624256.shtml</A></tt>
</dl></BLOCKQUOTE>
<BLOCKQUOTE>
... the references to Arabic ensued from the thread
discussion after the main article.  So far as I know there
is no direct BiDi (bidirectional text) support for Linux
yet.  Some applications such as emacs/xemacs with MULE
(multi language extensions) do provide some support for
this.   However I don't know much about the details.
</BLOCKQUOTE>
<BLOCKQUOTE>
Happy Ramadan, and good luck.
</BLOCKQUOTE>

<!-- sig -->

<!-- end 95 -->
<!--     .~~.~~.~~.~~.~~.~~.~~.~~.~~.~~.~~.~~.~~.~~.~~.~~.~~.~~.     -->
<A NAME="tag/96"><HR WIDTH="75%" ALIGN="center"></A>
<!-- begin 96 -->
<H3 align="left"><img src="../gx/dennis/qbubble.gif" height="50" width="60"
	  alt="(?) " border="0">
Automated Updates
</H3>

<p><strong>From Josh on Fri, 25 Dec 1998  
</strong></p>
<!-- ::
Automated Updates
~~~~~~~~~~~~~~~~~
:: -->

<P><STRONG><IMG SRC="../gx/dennis/qbub.gif" ALT="(?)"
	HEIGHT="28" WIDTH="50" BORDER="0"
	>
A quick suggestion for the updates question.
</STRONG></P>
<P><STRONG>
A student at georgia tech has written two excellent
scripts, autorpm and logwatch.  Autorpm will automatically
keep your system up to date with the current redhat updates.
Autorpm can be found at ftp.kaybee.org.  It saves a lot of
work on the system admins part.
</STRONG></P>
<P><STRONG>
He was going to add them to the LSM, but I'm
not sure if he has yet.
</STRONG></P>
<P><STRONG>
Josh
</STRONG></P>
<BLOCKQUOTE><IMG SRC="../gx/dennis/bbub.gif" alt="(!)"
	HEIGHT="28" WIDTH="50" BORDER="0"
	>
There's also an '<TT>autoup.sh</TT>' script for 
<A HREF="http://www.debian.org/">Debian</A> systems.
</BLOCKQUOTE>
<BLOCKQUOTE>
I'd suggest that these systems be used with considerable
trepidation (if at all).  However, they do make sense for
some cases.  For example I'm pretty sure you can configure
these to watch some internal server.
</BLOCKQUOTE>
<BLOCKQUOTE>
So, as the sysadmin for a medium to large installation you
could manually grab and test updates --- or set up a
"sacrificial" system to automatically grab them.  Then,
when you've vetted the updates you can post the RPM or
.deb files to your internal server where you're client
systems would pick it up.
</BLOCKQUOTE>
<BLOCKQUOTE>
There's also a package called '<tt>cfengine</tt>' by Mark Burgess
which can help with various configuration details that
might need to be tuned after any sort of automated update
or software/configuration file distribution.  (The old
fashioned Unix way to automate updates to client systems
is to use '<tt>rdist</tt>' --- preferably over '<tt>ssh</tt>' 
for better security).
</BLOCKQUOTE>
<BLOCKQUOTE>
'cfengine' is the "awk of configuration management."
Basically a 'cfengine' script is a series of class
descriptions, assertions and corrective actions.  So
you can express policies like:  All 
<A HREF="http://www.redhat.com/">Red Hat</A> Linux systems
running 2.0.30 kernel in this DNS subdomain and in this NIS
netgroup, on any Tuesday (a series of class specifications)
should have less than 100Mb of log files under <TT>/var/log</TT>
(an assertion) and should have more that 40Mb of free space
thereunder (another assertion) OR we should rotate the
logs, removing the really old ones and compressing the other
non-current ones (a corrective action).
</BLOCKQUOTE>
<BLOCKQUOTE>
'cfengine' is an interesting project I'd like to see the
security features beefed up considerably and I'd like to
see it undergo a comprehensive security audit (by the
<A HREF="http://www.openbsd.org/">OpenBSD</A> and/or Linux SecAudit teams).
</BLOCKQUOTE>
<BLOCKQUOTE>
Naturally 'cfengine' is one of those tools with which
you can shoot off your foot, at about the HIP!  So you
should be <EM>very</EM> careful when you first start playing with it.
</BLOCKQUOTE>
<BLOCKQUOTE>
More info on that package can be found at its canonical
home page: <A HREF="http://www.iu.hioslo.no/cfengine"
		>http://www.iu.hioslo.no/cfengine</A>
</BLOCKQUOTE>
<BLOCKQUOTE>
Kirk Bauer (autorpm's author) doesn't seem to maintain
a web page touting it's features.  So you'll have to
grab the file via FTP.
</BLOCKQUOTE>
<BLOCKQUOTE>
There's also a package called '<tt>rpmwatch</tt>' which is
listed at: <A HREF="http://www.iaehv.nl/users/grimaldo/info/scripts"
		>http://www.iaehv.nl/users/grimaldo/info/scripts</A>
</BLOCKQUOTE>
<BLOCKQUOTE>
More info on autoup.sh can be found in the Debian FAQ:
</BLOCKQUOTE>
<BLOCKQUOTE>
<A HREF="http://www.debian.org/doc/FAQ/debian-faq-10.html"
	>http://www.debian.org/doc/FAQ/debian-faq-10.html</A>
</BLOCKQUOTE>
<BLOCKQUOTE>
... or directly at these sites:
</BLOCKQUOTE>
<BLOCKQUOTE>
<A HREF="http://www.taz.net.au/autoup"
	>http://www.taz.net.au/autoup</A>
<A HREF="http://csanders.vicnet.net.au/autoup"
	>http://csanders.vicnet.net.au/autoup</A>
</BLOCKQUOTE>
<!-- sig -->
<!-- end 96 -->
<!--     .~~.~~.~~.~~.~~.~~.~~.~~.~~.~~.~~.~~.~~.~~.~~.~~.~~.~~.     -->
<A NAME="tag/97"><HR WIDTH="75%" ALIGN="center"></A>
<!-- begin 97 -->
<H3 align="left"><img src="../gx/dennis/bbubble.gif" height="50" width="60"
	  alt="(!) " border="0">Liam Greenwood: Your XDM question</H3>


<p><strong>From Liam Greenwood on Fri, 25 Dec 1998  
</strong></p>
<BLOCKQUOTE>
Here's a suggestion that I'll just pass along.
</BLOCKQUOTE>

<P><STRONG>
<img src="../gx/dennis/bbub.gif" height="28" width="50"
	  alt="(!) " border="0">
To run XDM and not run have XDM start an Xserver on your local host:
</STRONG></P>
<Pre><STRONG>
telinit 3  # go to runlevel 3 (no xdm)
</STRONG></Pre>
<P><STRONG>
edit the file <TT>/etc/X11/xdm/Xservers</TT> and comment out the line
which looks like this:
</STRONG></P>
<Pre><STRONG>
:0 local /usr/X11R6/bin/X
</STRONG></Pre>
<P><STRONG>
...by putting a # at the start.
</STRONG></P>
<Pre><STRONG>
telinit 5   # go to runlevel 5 to start xdm
</STRONG></Pre>

<P><STRONG>
(on a Red hat system... others may have the config file in another place).
</STRONG></P>

<P><STRONG>
Cheers, Liam
</STRONG></P>
<HR width="10%" align="left">
<P><STRONG><em>
Don't tell my Mother I'm a programmer...
...she thinks I'm a piano player in a brothel.
</em></STRONG></P>
<!-- sig -->

<!-- end 97 -->
<!--     .~~.~~.~~.~~.~~.~~.~~.~~.~~.~~.~~.~~.~~.~~.~~.~~.~~.~~.     -->
<A NAME="tag/98"><HR WIDTH="75%" ALIGN="center"></A>
<!-- begin 98 -->
<H3 align="left"><img src="../gx/dennis/qbubble.gif" height="50" width="60"
	  alt="(?) " border="0">
'rsh' as 'root' Denied
</H3>


<p><strong>From Walt Smith  on Thu, 24 Dec 1998  
</strong></p>
<!-- ::
'rsh' as 'root' Denied
~~~~~~~~~~~~~~~~~~~~~~
:: -->
<P><STRONG><IMG SRC="../gx/dennis/qbub.gif" ALT="(?)"
	HEIGHT="28" WIDTH="50" BORDER="0"
	>
hi,
</STRONG></P>
<P><STRONG>
I can run a program using rsh as 'user' on the same pc.
i.e.  rsh pcname ls  (or thereabouts)
It won't run as 'root'.
</STRONG></P>
<P><STRONG>
There is one file that is supposed to be used as a config
if running as root.   It makes no difference.
Do I need to recompile rsh wil a particular option?
</STRONG></P>
<BLOCKQUOTE><IMG SRC="../gx/dennis/bbub.gif" alt="(!)"
	HEIGHT="28" WIDTH="50" BORDER="0"
	>
You probably won't need to recompile it.
</BLOCKQUOTE>
<BLOCKQUOTE>
The most common version of 'in.rshd' that's included
with Linux will allow you to invoke it with the
-h option (added to the appropriate line in the target
system's <TT>/etc/inetd.conf</TT> file) to over-ride this
restriction.  If you're using 
<A HREF="http://www.redhat.com/">Red Hat</A> with PAM then
you'll have to consider reconfiguring the appropriate
file under <TT>/etc/pam.d/</TT> to remove the option that
prevent root access therein (I don't have that
configuration file handy since I'm not using PAM on
any of my boxes at home, at this point).
</BLOCKQUOTE>
<BLOCKQUOTE>
All of this is in the man pages (in.rshd for the
daemon).
</BLOCKQUOTE>
<BLOCKQUOTE>
I'll go on record to recommand that you ban 'rsh' and
'rlogin' from your networks completely --- using 'ssh'
instead.  Later, when we have ubiquitous deployment of IPSec
(transport layer security for TCP/IP) and Secure DNS (the
ability to digitally sign and authenticate hostname/IP
records) it may be acceptable to re-introduce these
protocols.... maybe.
</BLOCKQUOTE>
<P><STRONG><IMG SRC="../gx/dennis/qbub.gif" ALT="(?)"
	HEIGHT="28" WIDTH="50" BORDER="0"
	>
regards,
</STRONG></P>
<P><STRONG>
Walt...in Baltimore
respond to <A HREF="mailto:XXXXXXX@bcplXXXXXX">XXXXXXX@bcplXXXXXX</A>
</STRONG></P>
<BLOCKQUOTE><IMG SRC="../gx/dennis/bbub.gif" alt="(!)"
	HEIGHT="28" WIDTH="50" BORDER="0"
	>
Did you ever program in BCPL?
</BLOCKQUOTE>
<!-- sig -->
<!-- end 98 -->
<!--startcut ======================================================= -->
<P> <hr> <P>
<H5 align="center"><a href="http://www.linuxgazette.com/ssc.copying.html"
	>Copyright &copy;</a> 1999, James T. Dennis 
<BR>Published in <I>The Linux Gazette</I> Issue 36 January 1999</H5>
<!-- ::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::: -->
<P><hr><p>

<H4>
"Linux Gazette...<I>making Linux just a little more fun!</I>"
</H4>

<P> <HR> <P> 
<!--===================================================================-->

<center>
<H1><font color="maroon">Booting Linux with the NT Loader</font></H1>
<H4>By <a href="mailto:glarrier@ei.edu.uy">Gustavo Larriera</a></H4>
</center>
<P> <HR> <P>  

On these days technical professionals like you and me often
must deal with the following scenario: To make Linux and NT
peacefully coexist on the same machine. Many HOW-TOs have been
written -and it's a good advice to give them a look- about how to
configure LILO (The Linux Loader) to do the task. Unfortunately,
classic documentation have little references about the NT Loader.
Yes, I know for some people there's some kind of religious war
between Linux and NT out there :-) But from the point of view of
a IT professional, the main objective is to have the job well
done. </p>

<p>In many real-life situations we must tackle with a
installation where it is not desirable to alter the NT boot
process. May be it is your machine's boss and he/she prefers to
keep on booting the same way for ever ;-) In this article I will
focus on how to configure the NT Loader so as to boot Linux (and
continue booting NT also!). </p>

<p>I hope these tips will help Linux users to successfully boot
Linux through the NT Loader the easiest way. The procedure I will
explain works for NT Server 4 and NT Workstation 4 running on
Intel-compatible PC. </p>

<h2>The Scenario </h2>

<p>After long conversation you have convinced your boss to put
Linux on her computer machine. She is a happy NT user, she loves
Word and Excel and such. She also is a clever person and has
decided to give Linux a try. So she wants to have Linux
installed. Just a moment: She prefers to keep booting with her
familiar loading menu, from where she can choose to boot NT or
DOS. Her wishes are your wishes, so you decide not to use LILO to
dual-boot her computer. </p>

<h2>The MBR considered useful </h2>

<p>The most important thing you must always remember is that many
software products sit on your unique precious hard disk's Master
Boot Record (MBR). So does NT without asking and so optionally
does LILO if you want to. The machine's BIOS executes code stored
on the active partition to initiate your preferred OS. </p>

<p>When NT is installed, the MBR is modified to load a program
called NTLDR from the active partition's root directory. The
original MBR is saved on a small file called BOOTSECT.DOS. After
a NT installation, be careful never overwrite the MBR, because
the NT will no longer boot. To fix this problem, a NT user needs
the NT's Emergency Repair Disk (ERD). </p>

<p>With those things in mind, take note you must be careful to
configure LILO *not* to install on MBR. Instead you will need to
configure LILO on the root partition of Linux. That's safe for NT
and Linux can live without the MBR. </p>

<h2>NT loading process </h2>

<p>Once the NTLDR program launchs the NT user watch the &quot;OS
Loader V4.xx&quot; message. Then NTLDR shifts the processor to
386 mode and starts a very simple file system. After that, it
reads the file BOOT.INI to find out if there are other operating
systems and prompts the user with a menu. A typical BOOT.INI
looks like this: </p>

<pre>
[boot loader]
timeout=30
default=multi(0)disk(0)rdisk(0)partition(2)\WINNT

[operating systems]
multi(0)disk(0)rdisk(0)partition(2)\WINNT=&quot;NT V4 is here&quot;
multi(0)disk(0)rdisk(0)partition(2)\WINNT=&quot;NT V4 VGAMODE&quot; /basevideo /sos
C:\=&quot;DOS is here&quot;
</pre>

<p>The BOOT.INI file has two sections. The &quot;boot loader
section&quot; specifies how long in seconds will be the menu on
screen and the default menu choice. The &quot;opearating systems
section&quot; specifies the different OSs the user can choose. We
can read the machine boots NT (either in normal mode or in VGA
diagnosing mode) and also can boot DOS. We can deduce from this
example that DOS boots from the partition C: (first partition on
first disk) and NT boots from the second partition. Typical
installations have a C: partition formatted with DOS's FAT file
system and NT on another partition formatted with its NTFS (NT
File System). </p>

<p>If the user chooses to load NT, another program NTDETECT.COM
runs to check the existent hardware. If everything was okay, the
NT kernel is loaded and that's all we need to know. </p>

<p>Let's examine what happens if the user decide to choose other
OS rather than NT. In this situation, NTLDR needs to know which
is the boot sector required to load the non-NT OS. The appropiate
boot sector image must exists on a small 512-byte file. For
instance, to load DOS, NTLDR searches for a boot sector image
file called BOOTSECT.DOS. This image was created by the NT
installation. </p>

<p>So, what if I want to load Linux? It's quite simple, all we
need is a boot sector image file, let's name it BOOTSECT.LIN
(later we'll see how to obtain this file). You must put
BOOTSECT.LIN on C: and edit BOOT.INI, the &quot;operating systems
section&quot; now looking something like this: </p>

<pre>
[operating systems]
multi(0)disk(0)rdisk(0)partition(2)\WINNT=&quot;NT V4 is here&quot;
multi(0)disk(0)rdisk(0)partition(2)\WINNT=&quot;NT V4 VGAMODE&quot; /basevideo /sos
C:\=&quot;DOS is here&quot;
C:\BOOTSECT.LIN=&quot;Now Linux is here&quot; 
</pre>

<p>The BOOT.INI can be edited with any plain ASCII text editor.
Normally this file has system-hidden-readonly attributes, so you
must change them using the 'attrib' DOS command or within NT,
from the file's property dialogbox. </p>

<h2>The Linux side of the story </h2>

<p>Now let's concentrate on the Linux shore. We need to install
Linux, configure LILO and create the BOOTSECT.LIN file. </p>

<p>The first step is to have Linux installed. We all know how to
do that: Choose appropiate partitions for Linux system, swap and
user's stuff, run installation program, etc. Easy cake, first
step is completed okay in less than 45 minutes. </p>

<p>Then we must configure LILO. We also know how to do that, but
be careful *not* to install LILO on the MBR (unless you hate NT
too much :-)) When configuring LILO, choose to install it on your
Linux root partition. If you don't know how to configure LILO,
spend some minutes reading the HOW-TOs or use some of the useful
setup programs most modern Linux distributions have. My
installation is S.u.S.E., so I use the 'yast' (Yet Another Setup
Tool). </p>

<p>Once LILO is configured (let's asume the Linux root partition
is /dev/hda3) we must use 'dd' to create the boot record image.
Login as root and do the following: </p>

<pre>
# dd if=/dev/hda3 bs=512 count=1 of=/dosc/bootsect.lin 
</pre>

<p>Prior you have mounted the FAT C: partition as /dosc. Just in
case you cannot access to this partition, for instance if it's
formatted with NTFS, just write BOOTSECT.LIN to a DOS-formatted
diskette or some partition where NT can read from. If you put
BOOTSECT.LIN in a place othet than C:\ remember to modify the
BOOT.INI file accordingly. </p>

<p>Now your boss can choose Linux from her NT Loader's menu. The
NTLDR will load the BOOTSECT.INI and she'll see the LILO prompt.
Then she'll plunge into her new Linux box. Finally, if you
configured LILO to load Linux and also the DOS on C: when LILO
prompts, your boss will reload from the active C: partition,
again into NT Loader. The procedure described may be repeated if
you wish to boot several Linuxes, you must just create
appropiated boot sector image files for each of your Linuxes.</p>


<!--===================================================================-->
<P> <hr> <P> 
<center><H5>Copyright &copy; 1999, Gustavo Larriera<BR> 
Published in Issue 36 of <i>Linux Gazette</i>, January 1999</H5></center>

<!--===================================================================-->
<P> <hr> <P> 
<A HREF="./lg_toc36.html"><IMG ALIGN=BOTTOM SRC="../gx/indexnew.gif" 
ALT="[ TABLE OF CONTENTS ]"></A>
<A HREF="../lg_frontpage.html"><IMG ALIGN=BOTTOM SRC="../gx/homenew.gif"
ALT="[ FRONT PAGE ]"></A>
<A HREF="./lg_answer36.html"><IMG SRC="../gx/back2.gif"
ALT=" Back "></A>
<A HREF="./defurne1.html"><IMG SRC="../gx/fwd.gif" ALT=" Next "></A>
<P> <hr> <P> 

<H4>
"Linux Gazette...<I>making Linux just a little more fun!</I>"
</H4>

<P> <HR> <P> 
<!--===================================================================-->

<center>
<H1><font color="maroon">Defining a Linux-based Production System</font></H1>
<H4>By <a href="mailto:jurgen.defurne@scc.be">Jurgen Defurne</a></H4>
</center>
<P> <HR> <P>  

<H2>
<U>Introduction</U></H2>
In a previous article ("Thoughts About Linux", <I>LG</I>, October) I browsed upon
several topics to use Linux in business, not only for networking and communication,
but also for real production systems. There are several conditions which
need to be fulfilled, but it should be possible to define a basic database
system, which is rapidly deployed and has everything that is needed in
such a system.
<BR>The past two months I have been increasing my knowledge about Linux
and available tools on Linux. There are several points which need further
elaboration, but I have a fairly good idea of what is needed.
<H2>
<U>Goal</U></H2>
The goal is to have a look at the parts which are needed to implement a
reliable production database system, together with the tools needed to
provide for (rapid) (inhouse) development, but for a fairly lower cost
than is needed with traditional platforms. It must be reliable, in the
sense that all necessary procedures for a minimum downtime are available,
with the emphasis that a little downtime can be tolerated.
<BR>I do need to place a remark here. I worked on several projects, where
people tried to save time by asking for rapid development, or trying to
save money by reusing parts which lay around, or by converting systems.
What happened in all cases was that both money and time were lost, the
main reason being not understanding all aspects of the problems.
<BR>This is a mistake I don't want to make. I think that I now have enough
experience to show a way to achieve the above defined goal, describing
a Linux-based production platform which has lower deployment and exploitation
costs.
<H2>
<U>Basic recommendations</U></H2>
These are general guidelines. The first part in creating and exploiting
a successful production system is in constraining the amount of tools that
are needed on the platform. This leads to the second part of success, understanding
and knowing your tools. Experience is still the most valuable tool, but
depending on the amount and complexity of tools, much time can be wasted
trying to get to know the tools that are at hand. Good handbooks with clear
examples and thorough cross-references are a great help, as are courses
on the subjects that matter.
<H2>
<U>Hardware</U></H2>
At the moment I won't go very deep into hardware. The base platform should
be a standard PC with an IDE harddrive on a PCI controller which is fast
back-to-back capable. I tested the basic data rate of a Compaq Despro system
(166 MHz, Triton II chipset) and got a raw data-speed (unbuffered, using
write()) of 2.5 MB (megabytes)/s. I suppose that for a small entry platform
this is fairly reasonable. Further tests should be developed to test the
loading of the machine under production circumstances.
<BR>The most important part , however, is that all machines running Linux
with production data, should be equipped with a UPS. This is because the
e2fs file system (as most Un*x filesystems) is very vulnerable in the case
of an unexpected system shutdown. For this reason, a tape drive is also
indispensable, with good backup and restore procedures which must be run
from day 0.
<H2>
<U>Production tools</U></H2>
Our main engine is the database management system. For production purposes,
the following features must be available :
<UL>
<LI>
Fast query capability</LI>

<LI>
Batch job entry</LI>

<LI>
Printing</LI>

<LI>
Telecommunication</LI>

<LI>
Transaction monitoring</LI>

<LI>
Journaling</LI>

<LI>
User interfacing</LI>
</UL>

<H3>
Fast query capability</H3>
This feature is especially necessary for interactive applications. Your
clients shouldn't wait half a minute before the requested operation is
fulfilled. This capability can be enhanced by buffering, faster CPU's,
faster disk-drives, faster bus-systems and RAID.
<H3>
Batch job entry</H3>
This is a very valuable production tool. There are much jobs which depend
on the daily production changes, but which need much processing time afterwards.
These are mostly run at night, always on the same points of time, daily,
weekly, monthly or yearly.
<H3>
Printing</H3>
Printing is a very important action in every production system and should
be looked after from the design phase. This is because many companies have
several documents that are official. Not only printing on laser- or inkjet
printers should be supported, but also printing with heavy duty printing
equipment for invoices, multi-sheet paper, etc.
<H3>
Telecommunication</H3>
Telecommunication is not only about the Internet. There are still many
systems out there that work with direct lines between them. The main reason
is that this gives the people who are responsible for the services, a much
greater degree of control over access and implementation. In addition to
TCP/IP; e-mail and fax, support for X.25 should also be an option in this
area.
<BR>People should also have control over the messages and/or faxes they
send. A queue of messages should be available, where everybody can see
all messages globally (dest, time, etc) and where they have access to their
own messages.
<H3>
Transaction monitoring</H3>
With transaction monitoring, I mean the ability to rollback pending updates
on database tables. This feature is especially needed when one modification
concerns several tables. These modifications must all be committed at the
same time, or be rolled back into the previous state.
<H3>
Journaling</H3>
This capability is needed to repair files and filesystems which got corrupted
due to a system failure. After restarting the system, a special program
is used to undo all changes which couldn't be committed. In this sense,
journaling stands very close to transaction monitoring.
<H3>
User interfacing</H3>
This is a tricky part, because it is part development and part production.
On the production side, the interface system should give users rapid access
to their applications and also partition all applications between departments.
Most production systems I have seen do this with menu's. There are several
reasons. The main reason is that most production systems still work with
character-based applications. There are many GUI's out there, but production
systems will still be solely character based (except for graphics and printing,
but I consider these niche markets), even on a GUI. The second reson is
that a production system usually has lots and lots of large and little
program's. You just can't iconify them all and put them in maps. Then you
would only have a graphical menu, with all icons adding more to confusion
than clarity.
<H3>
What's available ?</H3>
Note : When I name or specify products, I will only specify those with
which I am already familiar. I presume that any one of you will have his/her
own choices. They serve as basic examples, and do not imply any preferences
on my side.
<P>The only database system on Linux I personally know for the moment,
is PostgreSQL. It supports SQL and transaction monitoring. Is it fast ?
I don't know. One should have a backup of a complete production database,
which can then be used to test against the real production machine, with
interactive, background and batch jobs running like they do in the real
world.
<P>For batch jobs, crond should always be started. In addition to this,
the <I>at</I> and <I>batch</I> commands can be used to have a more structured
implementation of business processes.
<P>For printing, I know (and use) the standard Linux tools lpd, Ghostscript
and TeTeX. There might be a catch however. In some places you need to merge
documents with data. The main reason for this is that a wordprocessing
package offers more control over the format and contents of the document,
instead of printing the document with a simple reporting application. On
my current workplace, a migration to HP is busy. The solution there is
WordPerfect. In the past, I have used this solution under DOS, to automatically
start WP and produce a merged document. Is this possible too with StarOffice
?
<BR>Are there other print solutions which offer more interactive control
over the printing process than lpd ? Users should have more easy access
to their printjobs and the printing process.
<P>Telecommunication is a real strong point of Linux. I won't enumerate
them all. Even if it doesn't support X.25, it is still possible to use
direct dial-up lines using SLIP or PPP.
<P>Journaling is the weakest point of Linux. I have worked with the following
filesystems : FAT, HPFS, NTFS, e2fs, the Novell filesystem and the filesystem
of the WANG VS minicomputer system. With all these systems, I have had
power-failures or crashes, but the only file-system that gives trouble
after this is e2fs. In all other cases, a filesystem check repairs all
damage and the computer continues. On WANG VS, index-sequential files are
available. When a crash occurs, the physical integrity of an indexed file
can be compromised. To defend against this, there are two solutions. The
first is reorganizing the file. This is copying the file on a record-by-record
basis. This rebuilds the complete file and its indices, and inserts or
deletes which were not committed are rejected. The second option is using
the built in transaction system. A file can flagged as belonging to a database.
Every modification to these files is logged until the transaction is completely
committed. After a failure has occurred, the files can be restored in their
original states using the existing journals. This is a matter of minutes.
<BR>I think that the only filesystem on PC which offers comparable functionality
is that of Novell.
<BR>The e2fs file system check works, but it does offer not enough explanation.
When there is a really bad crash, the filesystem is just a mess.
<H2>
<U>Development tools</U></H2>
I will describe here the kind of tools that I needed when I was maintaining
a production database in a previous job. The main theme here is that programmers
in a production environment should be productive. This means that they
should be offered a complete package, with all tools and documentation
necessary to start immediately (or in a relatively short time). This means
that for every package there should be a short, practical tutorial available.
<BR>I will divide this section into two parts, the first being necessary
tools, the second being optional tools. Also necessary for development
is a methodology. This methodology should be equal through all delivered
tools. The easiest way to do this is through an integrated development
environment.
<H2>
<U>Compulsory development tools</U></H2>
Which tools are the minimum needed to start coding without much hassle
? I found these tools to be invaluable on several platforms :
<UL>
<LI>
An integrated development environment</LI>

<LI>
A powerful editor</LI>

<LI>
An interactive screen development package</LI>

<LI>
A data dictionary</LI>

<LI>
A high-level language with DBMS preprocessor support</LI>

<LI>
A scripting language</LI>
</UL>

<H3>
Integrated development environment</H3>
Your IDE should give access to all your tools in an easy and consistent
manner. It should be highly customisable, but be delivered with in a configuration
which gives direct access to all installed tools.
<H3>
Editor</H3>
If you have a real good editor, it can act as an integrated development
environment. Features which enhance productivity are powerful search-and-replace
capabilities and macro features (even a simple record-only macro feature
is better than no macro features). Syntax colouring is nice, but one can
live easy without it. Syntax completion can be nice, but you have to learn
to live with it. Besides, the editor cannot know which parts of statement
you don't need, so ultimately you will have more clutter in your source,
or you waste your time erasing unnecessary source code.
<H3>
Screen development</H3>
This is an area where big savings can be done. For powerful screen development
you need the following parts in the development package :
<OL>
<LI>
Standard screens which are drawn upon information in the data dictionary</LI>

<LI>
Easy passing of variables between screens and applications</LI>

<LI>
A standard way of activating a screen in an application</LI>
</OL>
The savings are on several places. If you create a new screen, then you
should immediately get a default screen with all fields from the requested
table. After this, only some repositioning and formatting to local business
standards needs to be done. I worked with two such systems, FoxPro and
WANG PACE, and the savings are tremendous in all parts of the software
cycle (prototyping, implementation and maintenance).
<H3>
Data dictionary</H3>
A data dictionary is a powerful tool, from which much information can be
extracted for all parts of the development process. The screen builder
and the HL preprocessor should be able to extract their information from
the data dictionary. The ability to define field- and record-checking functions
in the data dictionary instead of the application program, eliminates the
need to propagate changes in this code through all applications. With the
proper reports, one should also be able to look at different angles into
the structure of the database.
<H3>
High level language with DBMS preprocessor support</H3>
You can't do complete development without a high-level language. There
are always functions needed which can't be implemented through the database
system. To make development easier, it should be possible to embed database
control statements in the source program. The compiler should be invoked
automatically.
<H3>
Scripting language</H3>
A scripting language is very useful in several aspects. Preparing batch
jobs is part of it. I also found out that a business system consists of
several reusable pieces, which can be easily strung together using a scripting
language. Also, the overall steering and maintenance of the system can
be greatly simplified.
<H2>
<U>Optional development tools</U></H2>
These are tools that were avalailable on several platforms, which can come
in handy, but aren't necessarily usable to deliver production environment
applications. I found out that these are little used.
<UL>
<LI>
Interactive query system</LI>

<LI>
Report editor</LI>
</UL>

<H3>
Interactive query system</H3>
This is often designed to be used by people which are not programmers.
Experience has thaught me however that people who are not programmers in
a business, don't have the time to learn these tools. It is a useful tool
for a programmer to test queries and views, but it isn't really useful
as a production tool. Only in some cases, for real quick and dirty work,
is it worth using.
<H3>
Report editor</H3>
This is even a more overestimated tool. I shared thoughts about this with
other programmers, and our conclusion was : bosses always ask reports which
are much more complicated than a simple report editor can handle. It would
be far better to use a programming language specifically designed for reporting
(any one know of such a thing ? Any experiences with Perl for extraction
and reporting ?).
<H3>
What's available ?</H3>
Note : I will direct my attention only at the compulsory development tools.
The rest of the environment will be centered around the features of PostgreSQL.
<P>As an integrated development environment, EMACS is probably the first
which comes to mind. It integrates even with my second subject, a powerful
editor. Is it even at all possible to draw a line between the two ? Is
EMACS a powerful editor which serves as a development environment, or is
it a development environment which is tightly integrated with its editor?
<P>The data dictionary, the screen development package and the DBMS preprocessor
are more thightly bound than other parts of the package. The screen editor
and the DBMS preprocessor should get their information from the data dictionary,
and the DBMS HL statements should also provide for interaction with screens.
It should be both possible to develop screens for X-windows, as well for
character-based terminals.
<BR>In the field of high level languages, there are several options, but
a business oriented language is still missing. Yes, I am talking COBOL
here, although an xBase dialect is also great for such applications. I
have programmed for eight years in several languages, only the last two
year in COBOL, and it IS better for expressing business programs than C/C++.
If anyone would ask me now to write business programs in C/C++, I think
the first thing I would do was write a preprocessor so that I could express
my programs with COBOL-like syntax.
<BR>I don't know how ADA goes for business programs, but a combination
of GNAT, with a provision to copy embedded SQL statements to the translated
C-source and then through the SQL preprocessor would maybe work.
<BR>I only had a small look at Perl, and from Tcl and Python I know absolutely
nothing, but while interactive languages are fine for interactive programs,
you should also bear in mind that some programs must process much data,
and that therefore access to a native code compiler is essential.
<BR>There is another point in which only COBOL is good. This is in financial
mathematics. This is due to the use of packed decimal numbers up to 18
digits long where the decimal point can be in any place. You should have
compiler support for that too. On the x86 platform this capability exists
in the numerical processor, which is capable of loading and storing 18
digit packed decimal numbers. Computations are carried out in the internal
80-bit floating point format of the co-processor.
<P>When you have a Linux system, the first scripting language you run into
is probably that of the bash shell. This should be sufficient for most
purposes, although my experiences with scripting languages is that they
benefit greatly from statements for simple interaction (prompting and simple
field entry).
<H2>
<U>What should be delivered ?</U></H2>
As I said before, this list doesn't present any endorsement from me towards
any of these products or programs. This list should be expanded with all
products which fit in either one of these categories, so all hints all
wellcome.
<BR>Another weak point in some areas of Linux is documentation. For a production
environment, the Linux documentation project is probably a must, preprinted
from the Postscript sources. For the commercial products, good documentation
is also not a problem. For other parts of Linux tools, the books from O'Reilly
&amp; Associates are very valuable. HOWTO's are NOT suited for a production
environment, but since they are more about implementation, they are suitable
for the people who put the system together. The catch is this : when a
system is delivered, all necessary documentation should be prepared and
delivered too. I worked with several on-line documentation systems, but
when in a production environment, nothing beats printed documentation.
<BR>&nbsp;
<CENTER><TABLE BORDER COLS=2 WIDTH="90%" NOSAVE >
<TR NOSAVE>
<TH COLSPAN="2" NOSAVE>Production system</TH>
</TR>

<TR NOSAVE>
<TD>DBMS
<BR>- Fast query/update
<BR>- Transaction processing
<BR>- Journaling</TD>

<TD VALIGN=TOP NOSAVE>postgreSQL
<BR>mySQL
<BR>mSQL
<BR>Adabas
<BR>c-tree Plus/Faircom Server
<BR>...</TD>
</TR>

<TR NOSAVE>
<TD VALIGN=TOP NOSAVE>Communication</TD>

<TD>ppp
<BR>slip
<BR>efax
<BR>...</TD>
</TR>

<TR NOSAVE>
<TD VALIGN=TOP NOSAVE>Batch job entry</TD>

<TD>crond
<BR>at
<BR>batch</TD>
</TR>

<TR>
<TD>Printing</TD>

<TD>lpd</TD>
</TR>

<TR>
<TD>User interfacing</TD>

<TD>?</TD>
</TR>

<TR NOSAVE>
<TH COLSPAN="2" NOSAVE>Development system</TH>
</TR>

<TR>
<TD>IDE</TD>

<TD>EMACS</TD>
</TR>

<TR NOSAVE>
<TD VALIGN=TOP NOSAVE>Editor</TD>

<TD>EMACS
<BR>vi</TD>
</TR>

<TR NOSAVE>
<TD VALIGN=TOP NOSAVE>Screen development</TD>

<TD>Depends on DBMS</TD>
</TR>

<TR>
<TD>Data dictionary</TD>

<TD>Depends on DBMS</TD>
</TR>

<TR NOSAVE>
<TD VALIGN=TOP NOSAVE>Application language</TD>

<TD>C
<BR>C++
<BR>Cobol ?
<BR>Perl
<BR>Tcl(/Tk)
<BR>Python
<BR>Java</TD>
</TR>

<TR>
<TD>Scripting language</TD>

<TD>bash</TD>
</TR>
</TABLE></CENTER>

<H2>
<U>Summary</U></H2>
I am still trying to drag Linux into business. If you want to do business
using Linux, you should be able to deliver a complete system to the customer.
In this article I outlined the components of such a system and some weaknesses
which should be overcome. As a result, I created a table enumerating the
needed components for such a system.
<BR>This table is absolutely <I><U>not</U></I> finished. I welcome all
references to programs and products to update this table. It should be
possible to publish an update once a month. What I also should do, is extend
the table with references to available documentation.
<BR>Another part which needs more attention is developing tests to assess
the power of the database system, ie. what can be expected in terms of
throughput and response under several load scenarios.
<BR>&nbsp;

<!--===================================================================-->
<P> <hr> <P> 
<center><H5>Copyright &copy; 1999, Jurgen Defurne <BR> 
Published in Issue 36 of <i>Linux Gazette</i>, January 1999</H5></center>

<!--===================================================================-->
<P> <hr> <P> 
<A HREF="./lg_toc36.html"><IMG ALIGN=BOTTOM SRC="../gx/indexnew.gif" 
ALT="[ TABLE OF CONTENTS ]"></A>
<A HREF="../lg_frontpage.html"><IMG ALIGN=BOTTOM SRC="../gx/homenew.gif"
ALT="[ FRONT PAGE ]"></A>
<A HREF="./larriera.html"><IMG SRC="../gx/back2.gif"
ALT=" Back "></A>
<A HREF="./marsden.html"><IMG SRC="../gx/fwd.gif" ALT=" Next "></A>
<P> <hr> <P> 

<H4>
"Linux Gazette...<I>making Linux just a little more fun!</I>"
</H4>

<P> <HR> <P> 
<!--===================================================================-->

<center>
<H1><font color="maroon">EMACSulation</font></H1>
<H4>By <a href="mailto:emarsden@mail.dotcom.fr">Eric Marsden</a></H4>
</center>
<P> <HR> <P>  

<blockquote><small>

   This column is devoted to getting more out of Emacs, text editor
   extraordinaire. Each issue I plan to present an Emacs extension
   which can improve your productivity, make the sun shine more brightly
   and the grass greener.

</small></blockquote>

<hr noshade>

<blockquote><font face="Helvetica">
   Why is the word abbreviate so long?
</font></blockquote>


<h1>Time saving</h1>

<p> You've probably noticed that Emacs goes to a fair bit of trouble to
    save you typing. The minibuffer offers a history mechanism which allows
    you to recall and edit previous commands, and many minibuffer entry
    prompts try to complete whatever you're typing when you hit
    <tt>TAB</tt>. This behaviour was the inspiration for the readline and
    history libraries, which are used in several shells and commandline
    interpreters.

<p> This column is dedicated to another of these keystroke-saving features
    in Emacs: the abbreviation facility. Do you get sick of typing in
    repetitive phrases such as your company's name, or your phone number?
    Abbreviations are here to save your fingers. For example, you could ask
    Emacs to expand <strong>LAAS</strong> to <strong>Laboratoire d'Analyse
    et d'Architecture des Syst&egrave;mes</strong>. The expansion happens
    once you type a non word-constituent character after the abbreviation
    (a space, for instance, though the exact definition of a word
    separation depends on the mode you are using).

<p> This is the Emacs abbrev mechanism. You can either use a minor mode
    called abbrev-mode, which will cause abbrevs to expand automatically
    (you enable the minor-mode by saying <tt>M-x abbrev-mode</tt>), or you
    can expand them on demand by saying <tt>C-x a e</tt> with the cursor
    positioned after the abbreviation. Your abbreviations can be saved to a
    file when you quit Emacs and reloaded automatically when you launch it:
    </p>

<table border="0" bgColor="#E0E0E0" width="100%">
<tr><td>
<pre class="programlisting">
    <font color="red">
    ;; if there is an abbrev file, read it in</font>
    (if (file-exists-p abbrev-file-name)
       (read-abbrev-file))</pre>
</td></tr></table>


<h2>Defining an abbrev</h2>

<p> To create an abbrev definition, type the abbreviation
    (<strong>LAAS</strong> in the example above) in a buffer, say <tt>C-x a
    i g</tt>, then enter the text you would like it to expand to in the
    minibuffer. This slightly arcane sequence creates a <em>global
    abbrev</em>, which will apply in all modes. Try it out by entering the
    abbreviation and saying <tt>C-x a e</tt> (<tt>e</tt> for
    <em>expand</em>). Emacs also allows you to create abbreviations which
    will be active only in a specific mode by saying <tt>C-x a i l</tt>
    instead (in a buffer which is already in the appropriate mode). <tt>M-x
    list-abbrevs</tt> displays a list of all currently defined abbrevs.


<h2>Mail abbrevs</h2>

<p> Since the dawn of time, Unix mail programs have used the
    <tt>~/.mailrc</tt> file to allow users to create their own email
    aliases. The mail-abbrevs mechanism reads in the contents of this file
    and defines abbreviations which will be expanded in the
    <strong>To:</strong> and <strong>Cc:</strong> fields of any email you
    compose in Emacs. Here is an example of the <tt>~/.mailrc</tt> alias
    syntax: </p>

<pre>
    alias dsssl        dssslist@mulberrytech.com
    alias cohorts      rabah jarboui almeida behnia
    alias bond         "James Bond &lt;bond@guerilla.net&gt;"
</pre>

<p> There are other more sophisticated addressbook systems around, such as
    Jamie Zawinski's <a
    href="http://pw2.netcom.com/~simmonmt/bbdb/">BBDB</a>, but they
    won't allow you to share aliases with other mailers. You can have
    mail-abbrev minor mode activated whenever you compose an email in
    Emacs using the following line in your <tt>~/.emacs</tt>: </p>

<table border="0" bgColor="#E0E0E0" width="90%">
<tr><td>
<pre class="programlisting">
    <font color="red">
    ;; unnecessary if you use XEmacs</font>
    (add-hook 'message-setup-hook 'mail-abbrevs-setup)</pre>
</td></tr>
</table>

    

<h2>Dynamic abbrevs</h2>
    
<p> The standard abbreviation facility requires you explicitly to register
    your abbrevs, which is fine for things you type every week, but is a
    hassle for expressions which only occur in one document. Emacs also
    supports <em>dynamic abbrevs</em>, which try to guess the word you are
    currently typing from the surrounding text. This is very useful for
    programming in languages which encourage VeryLongVariableNames: you
    only need type the variable name once, after which it suffices to type
    the first few letters followed by <tt>M-/</tt>, and Emacs will try to
    complete the variable name.

<p> To be very precise, dabbrev searches for the least distant word of
    which the word under the cursor is a prefix, starting by examining
    words in the current buffer before the cursor position, then words
    after the cursor, and finally in all the other buffers in your Emacs.
    If there are several possible expansions (<i>ie</i> the text you have
    typed isn't a unique prefix), pressing <tt>M-/</tt> cycles though the
    successive possibilities. Saying <tt>SPC M-/</tt> lets you complete
    phrases which contain several words.

<p> Diehard vi users might be interested to read the <a
    href="http://www.eskimo.com/~seldon/dabbrev-vi.txt">tribulations of a
    user</a> who tried to implement a limited version of dabbrevs in vi.
    

<h2>Completion</h2>
    
<p> The Completion package, by Jim Salem, is similar in function to dynamic
    abbrevs, but uses a different keybinding (<tt>M-RET</tt>) and a subtly
    different algorithm. Rather than searching for a completion which is
    close in the buffer, it starts by searching through words which you
    have typed in recently (falling back to searching open buffers if this
    fails). The history of recently used words is saved automatically when
    you quit Emacs. To enable completion (you can use it instead of, or as
    well as, dabbrevs), put the following in your <tt>~/.emacs</tt>: </p>

<table border="0" bgColor="#E0E0E0" width="90%">
<tr><td>
<pre class="programlisting">

    (require 'completion)
    (initialize-completions)</pre>
</td></tr>
</table>



<h2>Hippie Expand</h2>
    
<p> Filename completion in the minibuffer is a truly wonderful keystroke
    saver, and you might find yourself wishing you could use it when
    entering a filename in a regular buffer. Wish no longer: this is one of
    the features offered by the fabulous hippie-expand package.

<p> Hippie-expand, by Anders Holst, is a singing and dancing abbrev
    mechanism, which is capable of many different types of dynamic abbrevs.
    It can expand according to:

<ul>    
<li> file name: if you type <tt>/usr/X</tt> then hit the
     expansion key, it will expand to <tt>/usr/X11R6/</tt>;
<li> exact line match: searches for a line in the buffer which has the
     current line as a prefix;
<li> the contents of the current buffer, and other buffers on failure, just
     like dabbrev;
<li> the contents of the kill-ring (which is where Emacs stores text that
     you have <em>killed</em>, or ``cut'' in MacOS terminology, in
     a circular buffer). Rather than typing <tt>M-y</tt> to cycle through
     positions in the kill-ring, you can hippie-expand on the first word in
     the killed text.
</ul>

<p> Hippie-expand is not active by default, so you need to bind it to a
    key. Here's what I use: </p>

<table border="0" bgColor="#E0E0E0" width="90%">
<tr><td>
<pre class="programlisting">

    (define-key global-map (read-kbd-macro "M-RET") 'hippie-expand)</pre>
</td></tr>
</table>
    

<p> Go forth and save keystrokes.
    

<h2>Feedback</h2>

<p> <a href="mailto:gtb@Eng.Sun.COM">Glenn Barry</a> sent me a comment on
    the EMACSulation on gnuclient/gnuserv:

<blockquote>

<! b69454 >
<table bgColor="#BBDDFF" width="80%" border="0">
<tr><td>    
    Just read and enjoyed your article on gnuserv/gnuclient in the
    Linux Gazette.

<p> But you forgot the use of gnuserv/gnuclient that makes it incredibly
    useful; one can access their full running emacs session by logging-in
    via a tty remotely (rlogin/telnet) and running &quot;gnuclient -nw&quot; ...
    makes working from home a breeze (even over low speed (28.8) links).

<p> Note you do have to rlogin to the system running the emacs
    w/gnuserv, as the <tt>gnuclient -nw</tt> does not work over the net
    (at least that's what the man page says). It took me awhile to
    figure this out so it would be nice to make sure folks know about
    this great capability.
</td></tr>
</table>
</blockquote>

<p> The <tt>-nw</tt> switch asks Emacs to start up in console mode, which
    makes it much more useable over a slow connection than using a remote
    display with X11. Note that XEmacs is able to use ANSI colors on the
    console or in an xterm, while GNU Emacs currently can't do color but
    does offer a text-mode menubar.

<p> Glenn also gave an illustration of the power of ffap: he has customized
    it to recognize Sun bug numbers under the cursor and dispatch a
    dynamically generated URL to a web front end for their bug tracking
    system.


<h2>Next time ...</h2>

<p> Next month I'll look at skeleton insertion and templating mechanisms
    in Emacs. Don't hesitate to contact me at
    <tt>&lt;emarsden@mail.dotcom.fr&gt;</tt> with comments, corrections or
    suggestions (what's <em>your</em> favorite couldn't-do-without Emacs
    extension package?). <code>C-u 1000 M-x hail-emacs</code> !

<p> <strong>PS</strong>: Emacs isn't in any way limited to Linux, since
    implementations exist for many other operating systems (and some
    systems which only halfway operate). However, as one of the leading
    bits of free software, one of the most powerful, complex and
    customizable, I feel it has its place in the <i>Linux Gazette</i>.
<!--===================================================================-->
<P> <HR> <P> 
<A HREF="../issue25/marsden.html">EMACSulation #1, February 1998</A><BR>
<A HREF="../issue26/marsden.html">EMACSulation #2, March 1998</A><BR>
<A HREF="../issue27/marsden.html">EMACSulation #3, April 1998</A><BR>
<A HREF="../issue29/marsden.html">EMACSulation #4, June 1998</A><BR> 
<A HREF="../issue31/marsden.html">EMACSulation #5, August 1998</A>

<!--===================================================================-->
<P> <hr> <P> 
<center><H5>Copyright &copy; 1999, Eric Marsden <BR> 
Published in Issue 36 of <i>Linux Gazette</i>, January 1999</H5></center>

<!--===================================================================-->
<P> <hr> <P> 
<A HREF="./lg_toc36.html"><IMG ALIGN=BOTTOM SRC="../gx/indexnew.gif" 
ALT="[ TABLE OF CONTENTS ]"></A>
<A HREF="../lg_frontpage.html"><IMG ALIGN=BOTTOM SRC="../gx/homenew.gif"
ALT="[ FRONT PAGE ]"></A>
<A HREF="./defurne1.html"><IMG SRC="../gx/back2.gif"
ALT=" Back "></A>
<A HREF="./defurne2.html"><IMG SRC="../gx/fwd.gif" ALT=" Next "></A>
<P> <hr> <P> 

<H4>
"Linux Gazette...<I>making Linux just a little more fun!</I>"
</H4>

<P> <HR> <P> 
<!--===================================================================-->

<center>
<H1><font color="maroon">Evaluating postgreSQL for a Production Environment</font></H1>
<H4>By <a href="mailto:jurgen.defurne@scc.be">Jurgen Defurne</a></H4>
</center>
<P> <HR> <P>  

<H1>
Introduction</H1>
With the advent of relatively powerful, free and/or cheap software, I wanted
to see if I was able to create a production environment around Linux and
a DBMS. In the past I have worked with several DBMS products in several
environments. My goal was to evaluate the Linux/postgreSQL against the
several environments I am familiar with. Out of these environments I will
pick the aspects which I think are important in a production environment.
<H1>
Past production environments</H1>
I have worked in three stages of production environment. These were the
unconnected PC environment, the connected PC environment (file/print server
networking), and multi-user/multi-tasking environment (minicomputer). I
will introduce the several tools in order of this complexity.
<P>Some terms will need to be explicitly defined, because the xBase terminology
is sometimes confusing. The term 'database' here means the collection of
several related tables which are needed to store organised data. The term
'table' is used to define one collection of identical data, a set. This
is because in the original xBase languages, 'database' was used as to mean
'table'.
<H2>
FoxBase</H2>
Effectively being a much faster clone of dBase III, FoxBase contained the
minimum necessary to define the tables of a database and a programming
language which contained all necessary to write applications very quickly.
<P>A database consisted of several tables and their indexes. The association
of tables and their indexes must explicitly be done using commands.
<P>The programming language used is completely procedural. It contains
statements to create menu's, open and close tables, filter tables (querying),
insert, update and delete records, view records through screens and a browse
statement. Defining all these things in a program is quite straightforward.
Records are manipulated as program variables. All data is stored in ASCII
format.
<P>One special feature which originated in dBase, are 'macro's'. These
macro's are text strings, which could be compiled and interpreted at run-time.
This was a necessary feature, because most statements took string arguments
without quotes, e.g. OPEN MY_TABLE. If you wanted to define a statement
with a parameter, you could not directly refer to a variable. Trying to
execute OPEN ARG_TABLE, the program would search for the file 'ARG_TABL'.
To circumvent this problem you need to code the following :
<P><TT>&nbsp;&nbsp;&nbsp; ARG_TABLE = "MY_TABLE"<BR>
&nbsp;&nbsp;&nbsp; OPEN &amp;ARG_TABLE</TT>
<H2>
Clipper</H2>
Clipper originated as a dBase compiler, but added soon after powerful extensions
to the language. I have also worked with the Summer '87 and the 5.0 version.
At the database level, nothing changed very much from FoxBase, but at the
user interface level and the programming level, several advanced features
offered faster development turn-around times and advanced user interfacing.
The macro feature was still available, but Clipper expanded it through
code blocks. In the original implementation, a macro needed to be evaluated
every time it was used. In cases where macro's where used to filter data,
this amounted to waste of computing time. The introduction of the code
block made it possible to compile a macro just once and then use the compiled
version.
<P>Other features where the introduction of some object-oriented classes
for user interfacing, a powerful multi-dimensional array type, declarations
for static and local variables and a plethora of functions to manipulate
arrays and tables. The flipside of all this was that learning to effectively
use the language took some more time. I have two books about Clipper 5.0
and they are quite large.
<H2>
FoxPro 2.0</H2>
FoxPro was the successor of FoxBase. It added GUI-features to the text-interface,
making it possible to work with overlapping windows. FoxPro 2.0 also added
embedded SQL statements. It was only a subset with SELECT, INSERT, UPDATE
and DELETE, but this offered already a substantial advantage over the standard
query statements. It also offered a better integration between tables and
their indexes, and one of the most powerful query optimizers ever developed.
They also provided some development tools, of which the most important
where the screen development and the source documentation tools.
<P>Clipper and FoxPro made it also possible to program for networks and
thus enable multi-user database systems.
<H2>
WANG PACE</H2>
WANG PACE is a fully integrated DBMS development system which runs on the
WANG VS minicomputers. It offers an extended data dictionary with field-
and record-level validation, HL-language triggers and view-definitions.
All defined objects contain a version count. When an object is modified
and subsequent programs are not, then a runtime error is generated when
compiled versions don't match DD versions. It also offers a powerful screen
editor, a report editor and a query-by-example system. Access through COBOL,
COBOL85 or RPGII is available with a pre-processor which compiles embedded
statements into API-calls.
<H1>
Summary of important features</H1>
If I look in retrospect to these systems, what were the important features
which made programming more productive ? This reference must be made against
postgreSQL and the available libraries for interfacing to the back-end.
It must also be made from the point of the production programmer, who must
be able to write applications without being bothered by irrelevant details.
<UL>
<LI>
Field names translate to native variable names</LI>

<BR>Defining a field name for a table makes it available under the same
name to the program which can then use it as an ordinary, native variable.
<BR>&nbsp;
<LI>
Uniform memory allocation system</LI>

<BR>The xBase systems have a dynamic memory allocation scheme, which is
completely handled by the runtime library. COBOL is fully statically allocated.
In none of these languages the programmer needs to be concerned with tracking
allocated memory.
<BR>&nbsp;
<LI>
Direct update through the current record</LI>

<BR>The manipulated record is available to update the table through one
or another UPDATE statement.
<BR>&nbsp;
<LI>
Database statements have the same format as the application language</LI>

<BR>When programming in xBase, the statements to extract and manipulate
data from the database tables formed an integral part of the procedure
language.
<BR>In COBOL, the statements where embedded and processed by a preprocessor.
The syntax of the available statements was made to resemble COBOL syntax,
with its strong and weak points.
<BR>&nbsp;
<LI>
Simple definition and usage of screens</LI>

<BR>In xBase, there are simple yet powerful statements available for defining
screens. Screens are called through only one or two statements.
<BR>In WANG PACE, screens can only be defined through the screen editor.
There are three statements available : one to use menu's, one to process
one record in a cursor and an iterative version to process all records
in a cursor. Most screen processing is handled through the run-time libraries.</UL>

<H1>
Features available when installing postgreSQL</H1>
The four first features can be installed using the ecpg preprocessor. This
makes it possible to use native program variables, you don't have to worry
about memory allocation, because the run-time library takes care of it,
and updates can also take place using the selected program-variables.
<P>What is missing, is a special form of include statement. Now you need
to know which fields are in a table if you want to use a 'exec sql declare'
statement. It would be better if there was something like 'exec sql copy
fields from &lt;tablename>'. If the tabledefinition then changes, recompiling
the program will adjust to the new definitions.
<P>Using the pgaccess program (under X-windows) provides access to the
data dictionary in a more elegant manner.
<H1>
Summary</H1>
I started out to write a critique on postgreSQL because of the summary
documentation which is delivered in the package. This made it rather hard
to find and use all the components which provide additional functions.
<P>I started describing my experiences on other platforms to get an insight
in what a production environment should deliver to the programmer. Then
I started to look closely at the delivered documentation and to my surprise
all components that I needed where in fact in the package.
<P>The following critique still remains however. The documentation of the
package is too much fragmented, and most parts of the documentation are
centered around technical aspects which do not bother the production programmer.
This is understandable however. The documentation is written by the same
people that implement them. I know of my own experience that writing a
user manual is very hard and it is easy to get lost in the technical details
of the implementation that you know about.
<P>The following parts of postgreSQL are important for the production programmer,
and their documentation should be better integrated.
<UL>
<LI>
The psql processor</LI>

<P><BR>This is a nice tool to define all necessary objects in a database,
to get acquainted with SQL and to test ideas and verify joins and queries.
<LI>
The ecpg preprocessor</LI>

<P><BR>This is the main production tool to write applications which use
database manipulation statements. This capacity should probably be extended
to other languages too. Since all bindings from the selected cursor are
made to program variables, records can be processed without the hassle
of converting them from and to ASCII, and updates can be made through the
'exec sql update' statement.
<LI>
The pgaccess package</LI>

<P><BR>The pgaccess package provides access to all parts of the database
and offers the ability to design screens and reports. It is still in a
development phase. I hope it will be extended in the future, because the
basic idea is excellent and the first implementations are worthwile.</UL>
The libpq library is of no real value to a production programmer. It should
be mainly a tool to be used in implementing integrated environments and
database access languages. It could e.g. be used to create an xBase like
environment (for those who wish to use this).
<H1>
Further research</H1>
In the following weeks (months) I hope to setup a complete database system
over a network, with one server and several types of clients (workstation,
terminal, remote computer) through several interfaces (Ethernet, serial
connections). I will investigate the several platforms for application
development. I intend to have a closer look at the provided tools in the
postgreSQL package (developing a simple database for my strip book collection),
but I will also look at the possibilities that Java offers a development
platform with JDBC, screen design and application programming.
<P>One last note : for the moment I concentrate on using tools that I don't
need to pay for, because I need the money for my hardware platforms and
for my house. This does not mean that I am a die-hard 'software should
be gratis' advocate. A production environment favors to pay for software,
because then it knows that it has a complete tool with support and warranty
(horror stories about bad support not withstanding).

<!--===================================================================-->
<P> <hr> <P> 
<center><H5>Copyright &copy; 1999, Jurgen Defurne <BR> 
Published in Issue 36 of <i>Linux Gazette</i>, January 1999</H5></center>

<!--===================================================================-->
<P> <hr> <P> 
<A HREF="./lg_toc36.html"><IMG ALIGN=BOTTOM SRC="../gx/indexnew.gif" 
ALT="[ TABLE OF CONTENTS ]"></A>
<A HREF="../lg_frontpage.html"><IMG ALIGN=BOTTOM SRC="../gx/homenew.gif"
ALT="[ FRONT PAGE ]"></A>
<A HREF="./marsden.html"><IMG SRC="../gx/back2.gif"
ALT=" Back "></A>
<A HREF="./blair.html"><IMG SRC="../gx/fwd.gif" ALT=" Next "></A>
<P> <hr> <P> 

<H4>
"Linux Gazette...<I>making Linux just a little more fun!</I>"
</H4>

<P> <HR> <P> 
<!--===================================================================-->
<font color="navy">A <I>Linux Journal</I> Review</font>:
This article appeared first in the July 1998 issue of <I>Linux
Journal</I>.
<P> <HR> <P>

<center>
<H1><font color="maroon">Introducing Samba</font></H1>
<H4>By <a href="mailto:john.blair@brainwell.com">John Blair</a></H4>
</center>
<P> <HR> <P>  

The whole point of networking is to allow computers to easily share
information. Sharing information with other Linux boxes, or any UNIX
host, is easy--tools such as FTP and NFS are readily available and
frequently set up easily ``out of the box''. Unfortunately, even the most
die-hard Linux fanatic has to admit the operating system most of the PCs
in the world are running is one of the various types of Windows.
Unless you use your Linux box in a particularly isolated environment,
you will almost certainly need to exchange information with machines
running Windows. Assuming you're not planning on moving all of your
files using floppy disks, the tool you need is Samba.
<p>
Samba is a suite of programs that gives your Linux box the ability to speak
SMB (Server Message Block). SMB is the protocol used to implement
file sharing and printer services between computers running OS/2,
Windows NT, Windows 95 and Windows for Workgroups. The protocol is
analogous to a combination of NFS (Network File System), <b>lpd</b> (the
standard UNIX printer server) and a distributed authentication
framework such as NIS or Kerberos. If you are familiar with Netatalk,
Samba does for Windows what Netatalk does for the Macintosh. While
running the Samba server programs, your Linux box appears in the
``Network Neighborhood'' as if it were just another Windows machine.
Users of Windows machines can ``log into'' your Linux server and,
depending on the rights they are granted, copy files to and from parts
of the UNIX file system, submit print jobs and even send you WinPopup
messages. If you use your Linux box in an environment that
consists almost completely of Windows NT and Windows 95 machines,
Samba is an invaluable tool.
<p><center>
<img src="./gx/blair/2716f1.gif"> 
<p>
<h4>Figure 1. The Network Neighborhood, Showing the Samba Server</h4></center>
<p>
Samba also has the ability to do things that normally require the
Windows NT Server to act as a WINS server and process ``network
logons'' from Windows 95 machines. A PAM module derived from Samba
code allows you to authenticate UNIX logins using a Windows NT Server.
A current Samba project seeks to reverse engineer the proprietary
Windows NT domain-controller protocol and re-implement it as a
component of Samba. This code, while still very experimental, can already
successfully process a logon request from a Windows NT Workstation
computer. It shouldn't be long before it will act as a full-fledged
Primary Domain Controller (PDC), storing user account information and
establishing trust relationships with other NT domains. Best of all,
Samba is freely available under the GNU public license, just
as Linux is. In many environments the Windows NT Server is required
only to provide file services, printer spools and
access control to a collection of Windows 95 machines. The combination
of Linux and Samba provides a powerful low-cost alternative to the
typical Microsoft solution.
<p>
<h3>Windows Networking</h3>
<p>
Understanding how Samba does its job is easier if you know a little
about how Windows networking works. Windows clients use file and
printer resources on a server by transmitting ``Server Message
Block''
over a NetBIOS session. NetBIOS was originally developed by IBM to
define a networking interface for software running on MS-DOS or
PC-DOS. It defines a set of networking services and the software
interface for accessing those services, but does not specify the actual protocol
used to move bits on the network.
<p>
Three major flavors of
NetBIOS have emerged since it was first implemented, each differing in
the transport protocol used. The original implementation was referred
to as NetBEUI (NetBIOS Extended User Interface), which is a
low-overhead transport protocol designed for single segment networks.
NetBIOS over IPX, the protocol used by Novell, is also popular. Samba
uses NetBIOS over TCP/IP, which has multiple advantages.
<p>
TCP/IP is already implemented on every operating system worth its salt,
so it has been relatively easy to port Samba to virtually every flavor of
UNIX, as well as OS/2, VMS, AmigaOS, Apple's Rhapsody (which is really
NextSTEP) and (amazingly) mainframe operating systems like CMS. Samba
is also used in embedded systems, such as stand-alone printer servers and
Whistle's InterJet Internet appliance. Using TCP/IP also means that
Samba fits in nicely on large TCP/IP networks, such as the Internet.
Recognizing these advantages, Microsoft has renamed the combination of
SMB and NetBIOS over TCP/IP the Common Internet Filesystem (CIFS).
Microsoft is currently working to have CIFS accepted as an Internet
standard for file transfer.
<p><center>
<img src="./gx/blair/2716f2.gif"> 
<p>
<h4>Figure 2. SMB's Network View compared to OSI Networking
Reference Model</h4></center>
<p>
<h3>Samba's Components</h3>
<p>
A Samba server actually consists of two server programs:
<b>smbd</b> and <b>nmbd</b>. <b>smbd</b> is the core of Samba.
It establishes sessions, authenticates clients and provides access to
the file system and printers. <b>nmbd</b> implements the ``network
browser''. Its role is to advertise the services that the Samba server
has to offer. <b>nmbd</b> causes the Samba server to
appear in the ``Network Neighborhood'' of Windows NT and Windows 95
machines and allows users to browse the list of available
resources. It would be possible to run a Samba server without
nmbd, but users would need to know ahead
of time the NetBIOS name of the server and the resource on it they
wish to access. <b>nmbd</b> implements the Microsoft network
browser protocol, which means it participates in browser elections
(sometimes called ``browser wars''), and can act as a master or
back-up browser. <b>nmbd</b> can also function as a WINS (Windows Internet
Name Service) server, which is necessary if your network spans more
than one TCP/IP subnet.
<p>
Samba also includes a collection of other tools.
<b>smbclient</b> is an SMB client with a shell-based user interface,
similar to FTP, that allows you to copy files to and from other SMB
servers, as well as allowing you to access SMB printer resources and
send WinPopup messages. For users of Linux, there is also an SMB
file system that allows you to attach a directory shared from a
Windows machine into your Linux file system. <b>smbtar</b> is a
shell script that uses smbclient to store a remote Windows
file share to, or restore a Windows file share from a standard UNIX tar
file.
<p>
The <b>testparm</b> command, which parses and describes the
contents of your smb.conf file, is particularly useful since
it provides an easy way to detect configuration mistakes. Other
commands are used to administer Samba's encrypted password file,
configure alternate character sets for international use and
diagnose problems.
<p>
<h3>Configuring Samba</h3>
<p>
As usual, the best way to explain what a program can do is to show
some examples. For two reasons, these examples assume that you already
have Samba installed. First, explaining how to build and install
Samba would be enough material for an article of its own. Second, since Samba is
available as Red Hat and Debian packages shortly after each new stable
release is announced, installation under Linux is a snap. Further,
most ``base'' installations of popular distributions already
automatically install Samba.
<p>
Before Samba version 1.9.18 it was necessary to compile Samba
yourself if you wished to use encrypted password
authentication. This was true because Samba used a DES library to implement
encryption, making it technically classified as a munition by the
U.S. government. Binary versions of Samba with encrypted password
support could not be legally exported from the United States, which
led mirror sites to avoid distributing pre-compiled copies of Samba
with encryption enabled. Starting with version 1.9.18, Samba uses a
modified DES algorithm not subject to export restrictions.
Now the only reason to build Samba yourself is if you like to test the
latest alpha releases or you wish to build Samba with non-standard
features.
<p>
Since SMB is a large and complex protocol, configuring Samba can be
daunting. Over 170 different configuration options can
appear in the smb.conf file, Samba's configuration file. In
spite of this, have no fear. Like nearly all aspects of UNIX, it is
pretty easy to get a simple configuration up and running. You can
then refine this configuration over time as you learn the function of each
parameter. Last, the latest version of Samba, when this article
was written in late January, was 1.9.18p1. It is possible that the behavior of some of
these options will have changed by the time this is printed. As usual,
the documentation included with the Samba distribution (especially the
README file) is the definitive source of information.
<p>
The smb.conf file is stored by the Red Hat and Debian
distributions in the /etc directory. If you have built Samba
yourself and haven't modified any of the installation paths, it is
probably stored in /usr/local/samba/lib/smb.conf. All of the
programs in the Samba suite read this one file, which is structured
like a Windows *.INI file, for configuration information.
Each section in the file begins with a name surrounded by square brackets
and either the name of a service or one of the special sections:
<tt>[global]</tt>, <tt>[homes]</tt> or <tt>[printers]</tt>.
<p>
Each configuration parameter is either a global parameter, which means
it controls something that affects the entire server, or a service
parameter, which means it controls something specific to each service.
The <tt>[global]</tt> section is used to set all the global
configuration options, as well as the default service settings.
The <tt>[homes]</tt> section is a special service section
dynamically mapped to each user's home directory. The
<tt>[printers]</tt> section provides an easy way to share every
printer defined in the system's <tt>printcap</tt> file.
<p>
<h3>A Simple Configuration</h3>
<p>
The following smb.conf file describes a simple and
useful Samba configuration that makes every user's home directory on
my Linux box available over the network.
<p>
<pre>
[global]
	netbios name = FRODO
	workgroup = UAB-TUCC
	server string = John Blair's Linux Box
	security = user
	printing = lprng

[homes]
	comment = Home Directory
	browseable = no
	read only = no
</pre>
The settings in the <tt>[global]</tt> section set the name of the
host, the workgroup of the host and the string that appears
next to the host in the browse list. The security parameter
tells Samba to use ``user level'' security. SMB has two modes of
security: share, which associates passwords with specific resources,
and user, which assigns access rights to specific users. There isn't
enough space here to describe the subtleties of the two modes, but
in nearly every case you will want to use user-level security.
<p>
The printing command describes the local
printing system type, which tells Samba exactly how to submit print jobs,
display the print queue, delete print jobs and other operations.
If your printing system is one that Samba doesn't already know how
to use, you can specify the commands to invoke for each print
operation.
<p>
Since no encryption mode is specified, Samba will default to using
plaintext password authentication to verify every connection
using the standard UNIX password utilities. Remember, if your
Linux distributions uses PAM, the PAM configuration must be modified
to allow Samba to authenticate against the password database. The
Red Hat package handles this automatically. Obviously, in many
situations, using plaintext authentication is foolish. Configuring
Samba to support encrypted passwords is outside the scope of this
article, but is not difficult. See the file ENCRYPTION.txt in
the /docs directory of the Samba distribution for details.
<p>
The settings in the <tt>[homes]</tt> section control the behavior
of each user's home directory share. The comment parameter
sets the string that appears next to the resource in the browse list.
The <tt>browseable</tt> parameter controls whether or not a service
will appear in the browse list. Something non-intuitive about the
<tt>[homes]</tt> section is that setting <tt>browseable = no</tt>
still means that a user's home directory will appear as a directory
with its name set to the authenticated user's username. For example,
with <tt>browseable = no</tt>, when I browse this Samba server I will see a share called
<tt>jdblair</tt>. If <tt>browseable = yes</tt>, both a share
called <tt>homes</tt> and <tt>jdblair</tt> would appear in the browse
list. Setting <tt>read only = no</tt> means that users should be able
to write to their home directory if they are properly authenticated.
They would not, however, be able to write to their home directory if the UNIX
access rights on their home directory prevented them from doing so.
Setting <tt>read only = yes</tt> would mean that the user would not be
able to write to their home directory regardless of the actual UNIX
permissions.
<p>
The following configuration section would grant access to every
printer that appears in the printcap file to any user that
can log into the Samba server. Note that the <tt>guest ok = yes</tt>
normally doesn't grant access to every user when the server is using
user-level security. Every print service must define <tt>printable =
yes</tt>.
<p>
<pre>
[printers]
	browseable = no
	guest ok = yes
	printable = yes
</pre>
This last configuration snippet adds a server share called
public that grants read-only access to the anonymous ftp
directory. You will have to set up the printer driver on the client
machine. You can use the <b>printer name</b> and <b>printer driver</b>
commands to automate the process of setting up the printer
client on Windows 95 and Windows NT clients.
<p>
<pre>
[public]
	comment = Public FTP Directory
	path = /home/ftp/pub
	browseable = yes
	read only = yes
	guest ok = yes
</pre>
<p><center>
<img src="./gx/blair/2716f3.gif"> 
<p>
<h4>Figure 3. Appearance of Samba Configuration in Windows Explorer</h4></center>
<p>
Be aware that this description doesn't explain some subtle issues,
such as the difference between user and share level security and
other authentication issues. It also barely scratches the surface of
what Samba can do. On the other hand, it's a good example of how easy
it can be to create a simple but working smb.conf file.
<p>
<h3>Conclusions</h3>
<p>
Samba is the tool of choice for bridging the gap between UNIX and
Windows systems. This article discussed using Samba on Linux in
particular, but it is also an excellent tool for providing access to
more traditional UNIX systems like Sun and RS/6000 servers. Further,
Samba exemplifies the best features of free software, especially when
compared to commercial offerings. Samba is powerful, well supported
and under continuous active improvement by the Samba Team.
<p>
<h3>Resources</h3>
<p>
The Samba home page, at http://samba.anu.edu.au/samba/, is the
definitive source for news and information about Samba. The 
documentation distributed with Samba is relatively
unorganized, but covers every aspect of server configuration. If you
have questions about Samba, first consult the FAQ, then try the
Samba Mailing List. The location of both can be found on the Samba
home page. 
<p>
The book <i>Samba: Integrating UNIX and
Windows</i>, by John Blair and published by SSC, covers all aspects of 
installation, configuration and maintenance of a Samba server.

<!--===================================================================-->
<P> <hr> <P> 
<center><H5>Copyright &copy; 1999, John Blair <BR> 
Published in Issue 36 of <i>Linux Gazette</i>, January 1999</H5></center>

<!--===================================================================-->
<P> <hr> <P> 
<A HREF="./lg_toc36.html"><IMG ALIGN=BOTTOM SRC="../gx/indexnew.gif" 
ALT="[ TABLE OF CONTENTS ]"></A>
<A HREF="../lg_frontpage.html"><IMG ALIGN=BOTTOM SRC="../gx/homenew.gif"
ALT="[ FRONT PAGE ]"></A>
<A HREF="./defurne2.html"><IMG SRC="../gx/back2.gif"
ALT=" Back "></A>
<A HREF="./jenkins5.html"><IMG SRC="../gx/fwd.gif" ALT=" Next "></A>
<P> <hr> <P> 

<H4>
"Linux Gazette...<I>making Linux just a little more fun!</I>"
</H4>

<P> <HR> <P> 
<!--===================================================================-->

<center>
<H1><font color="maroon">Linux Installation Primer, Part 5</font></H1>
<H4>By <a href="mailto:">Ron Jenkins</a></H4>
</center>
<P> <HR> <P>  


<P>Copyright <FONT FACE="Symbol" SIZE=2>&Oacute;</FONT><FONT FACE="Courier
New" SIZE=2> 1998 by Ron Jenkins. This work is provided on an "as is"
basis. The author provides no warranty whatsoever, either express or
implied, regarding the work, including warranties with respect to its
merchantability or fitness for any particular purpose. <BR> 
The author welcomes corrections and suggestions. He can be reached by electronic mail at </FONT><A HREF="mailto:rjenkins@qni.com"><FONT FACE="Courier New" SIZE=2>rjenkins@qni.com</FONT></A><FONT FACE="Courier New" SIZE=2>, or at his personal homepage: </FONT><A HREF="http://www.qni.com/~rjenkins/"><FONT FACE="Courier New" SIZE=2>http://www.qni.com/~rjenkins/</FONT></A><FONT FACE="Courier New" SIZE=2>.
<P>Corrections, as well as updated versions of all of the author's works may be found at the URL listed above.
<P>NOTE: As you can see, I am moving to a new ISP. Please bear with me as I get everything in working order. The e-mail address is functional; the web site will be operational hopefully around mid December or early January.
<P>SPECIAL NOTE: Due to the quantity of correspondence I receive, if you are submitting a question or request for problem resolution, please see my homepage listed above for suggestions on information to provide.
<P>I only test my columns on the operating systems specified. I don't have access to a MAC, I don't use Windows 95, and have no plans to use Windows 98. If someone would care to provide equivalent instructions for any of the above operating systems, I will be happy to include them in my documents.
<P><B>ADDENDUM TO LAST MONTH'S COLUMN</B>:</P>
<P>I neglected to mention that you should consider purchasing some cable ties, coaxial clips, or other devices to dress your cabling properly.</P>
<P>These should be available at your local computer store, or a large selection can be found on page # 163 of the Radio Shack 1999 Catalog. (Space limitations preclude listing them all.) </P>
<P>This will allow you to bundle the cable or cables neatly together, attach them firmly to the baseboard or whatever area in which you are installing them, and make troubleshooting and maintenance of cabling problems much easier.</P>
<P>Finally, consider marking each end of your cables in some way so you know which ends go together. There are a variety of ways to do this, including simply writing on the cable itself with a sharpie or white pen, noting the location or machine it is intended for, or my favorite, using color coded tape wrapped at each end.</P>
<P>Also, each connection on a 10BASE2 coaxial bus network will require a
BNC "tee" connector. This should be included with your network card. If not
go to Radio Shack and get some (PN# 278-112.) They are cheaper than buying
them at a computer store. Finally, don't forget the termination devices. You will need two. These are available either at your local computer store, or at Radio Shack (PN# 278-270.)</P>
<P><B>Part Five: Deploying a home network</B>
<P>This month we will utilize the home networking plan we prepared last month, and bring it to fruition.</P>
<P>This is going to involve several steps, and I will present them in the order I recommend, but ultimately it will be up to you to choose your deployment method.</P>
<P>Additionally, I will offer step by step instructions on the configuration of the networking components and protocols. This will give you the basic functionality upon which you will add to as this series continues.</P>
<P>The goal of this installment will be to get the networking hardware and software installed, provide basic connectivity, and simple name resolution and file sharing services.</P>
<P>The more advanced services, such as sendmail, DNS, routing, ftp, web, print services, and gateway service will be covered in the next installment.</P>
<P>As with each installment of this series, there will be some operations required by each distribution that may or may not be different in another. I will diverge from the generalized information when necessary, as always.</P>
<P>In this installment, I will cover the following topics:</P>

<UL>
<LI>Pre-installation planning. </LI>
<LI>Preparing the cabling. </LI>
<LI>Preparing the file server. </LI>
<LI>Preparing the workstations. </LI>
<LI>Installing the cabling. </LI>
<LI>Installing the hardware. </LI>
<LI>Installing the software. </LI>
<LI>Configuration of the file server. </LI>
<LI>Configuration of the work stations. </LI>
<LI>Testing the installation. </LI>
<LI>Troubleshooting the installation. </LI>
<LI>References. </LI>
<LI>Resources for further information. </LI>
<LI>Preview of next months installment. </LI>
<LI>About the Author.</LI></UL>

<B><P>Assumptions that apply to the following installation instructions:</P>
</B><P>To keep this installment to a manageable size, as well maintaining an acceptable level of simplicity, the following things will be assumed.</P>
<P>We will be installing a three node network, consisting of a file server, one Windows NT client, and one Linux client. Physically, all three machines are on a single table. The Linux client is at the extreme left, the Linux fileserver is in the center, and the NT client is at the extreme right.</P>
<P>In the 10BASE2 (coaxial or bus configuration,) the cabling will be run along the rear edge of the table and fastened by clips available for this purpose either from a computer store or at Radio Shack as previously mentioned.</P>
<P>In the 10BASET or star configuration, the hub will be placed alongside the file server, and the cabling will emanate from the hub to the various machines, The three cables will be bundled together with cable ties, forming one larger diameter group of cables that can be treated as a single cable. This will be attached to the back of the table using clips as described above.</P>
<P>The NICs I will use are NE2000 ISA bus combo cards, with both a BNC and a RJ-45 interface. The cards will be Plug and Play cards which require you to use a utility diskette under DOS, provided with the card, to configure it. This utility diskette also contains the NT drivers for the card.</P>
<P>I use FREE DOS, available at </FONT><A HREF="http://sunsite.unc.edu/"><FONT FACE="Courier New" SIZE=2>http://sunsite.unc.edu</FONT></A><FONT FACE="Courier New" SIZE=2> to create the DOS boot disk. You may or may not have to create your own DOS boot disk, depending on what kind of NIC you have.</P>
<P>Two of our NE2000 NICs will be set to the following:</P>
<P>IO = 0x320 (320), IRQ = 10</P>
<P>The third one will be configured by NT.</P>
<P>These are by far the most common cards people usually start out with. If you are using something different, the instructions should be similar. Just make sure you can turn off the Plug and Play feature (bug?) for the Linux machines, if necessary. This usually only applies to ISA NICs, as kernels =&gt; 2.0.34 usually do a pretty good job of snagging PCI NICs.</P>
<P>This should provide the information required for most any size network, the steps will just need to be duplicated for the extra clients and/or servers.</P>
<P>I will use the terms UNIX and Linux somewhat interchangeably, except where I am explicitly referring to something unique to a particular flavor of UNIX, in which case I will note the difference.</P>
<P>If you will be integrating Novell or MAC clients, you're on your own. I
have not touched Novell since 3.1, and I don't have access to a MAC machine. The AppleTalk and IPX HOW-TOs may be of some assistance to you.</P>
<P>Further, it will be assumed you are using "reserved" IP addresses for your home network. We will use the Class C reserved network 192.168.1.0. The netmask for our network, thus will be 255.255.255.0. We will give the file server the IP 192.168.1.2, and the hostname fileserver01. The Linux client's IP will be 192.168.1.3, with the hostname linux01. Finally, the NT client's IP will be 192.168.1.4, with a hostname of nt01. I am keeping the 192.168.1.1 address and the hostname gateway01 for the gateway machine we will build next month.</P>
<P>The domain name of this network will be </FONT><A HREF="http://home.net/"><FONT FACE="Courier New" SIZE=2>home.net</FONT></A><FONT FACE="Courier New" SIZE=2>.</P>
<P>The NT domain (not to be confused with the actual domain) name will be HOME.</P>
<P>The NT client will access the file services using SAMBA, and the Linux client will access file services using the native Network File System (NFS.)</P>
<P>Name resolution will be accomplished using common hosts and resolv.conf files, and a little trick for the NT box.</P>
<P>When finished you should be able to ping all machines both by IP address, and hostname.</P>
<P>Additionally, you should be able to access the disk storage on the file server from either client, with both read and write access.</P>
<B><P>Pre-installation planning:</P>
</B><P>Review of the network plan: Look over the network plan ONE LAST TIME. Make sure you have acquired all the necessary hardware, software, and cabling, as well as a hub or termination devices, if required.</P>
<P>Preparing the common files: Since we will not be using DNS for name resolution at this point, we will rely on primarily three files for the UNIX machines, and one file for the NT box.</P>
<P>Unique to the UNIX machines will be:</P>
<P>/etc/hosts.conf</P>
<P>/etc/resolv.conf</P>
<P>These two files will be propagated throughout the Linux portion of the network, along with the hosts file described below.</P>
<P>The first file, hosts.conf, simply tells the Linux box what means to use to resolve IP addresses to hostnames, and the order in which it should use them. </P>
<P>There are basically two methods utilized for name resolution. The hosts file (see below for more information,) which we will use in this installation, and a DNS server, usually another UNIX box running a program called the Berkeley Internet Name Daemon (BIND.)</P>
<P>First, cd to etc/, then open the hosts.conf file, or create it if necessary, and edit it to contain the line:</P>
<P>order hosts,bind</P>
<P>Then close the file. This simply tells the Linux box to first check its hosts file to find another machine on the network before trying anything else.</P>
<P>Next, open the resolv.conf file, or create it if necessary, and edit it to contain the lines:</P>
<P>domain </FONT><A HREF="http://home.net/"><FONT FACE="Courier New" SIZE=2>home.net</FONT></A></P>
<FONT FACE="Courier New" SIZE=2><P>search </FONT><A HREF="http://home.net/"><FONT FACE="Courier New" SIZE=2>home.net</FONT></A></P>
<FONT FACE="Courier New" SIZE=2><P>After you are finished, close the file. This tells the Linux box it's domain name, and to search this domain first before implementing any external name resolution.</P>
<P>The purpose of this is to keep your local network name resolution on the local network. This will become important later when we hook these machines up to the Internet through a gateway machine.</P>
<P>Common to both the NT and UNIX machines will be:</P>
<P>A hosts file, which is simply a listing of all the machines on a local area network, which translates IP addresses to hostnames.</P>
<P>Open the hosts file with your favorite editor, again creating it if necessary, and create entries for the loopback adapter, also known as the localhost, and each machine on your network. This file will be copied to each machine, thus allowing both the UNIX boxes and the NT machine to find each other by hostname.</P>
<P>Entries in the hosts file are created using the following syntax:</P>
<P>IP address&#9;Fully Qualified Domain Name (FQDN)&#9;hostname</P>
<P>For example, for the machine bear.foobar.net, with an IP of 206.113.102.193, the proper entry would be:</P>
<P>206.113.102.193&#9;bear.foobar.net&#9;bear</P>
<P>A SHORT NOTE ON THE LOOPBACK ADAPTER: this interface, also known as the localhost, MUST be the first entry in any hosts file.</P>
<P>So, to create the hosts file we will be using across our entire network, edit it to contain the following lines:</P>
<P>127.0.0.1&#9;&#9;localhost</P>
<P>192.168.1.1&#9;&#9;gateway01.home.net&#9;gateway01</P>
<P>192.168.1.2&#9;&#9;fileserver01.home.net&#9;fileserver01</P>
<P>192.168.1.3&#9;&#9;linux01.home.net&#9;&#9;linux01</P>
<P>192.168.1.4&#9;&#9;nt01.home.net&#9;&#9;nt01</P>
<P>On the UNIX machines, this file also lives in the /etc directory, while on the NT machine it will live in /winnt/system32/drivers/etc directory.</P>
<P>Now that we have prepared our common files, we can move to actual deployment preparations.</P>
<P>Logistics and downtime: While this is not as great a concern on a home network as it is on a commercial LAN, it is still important to consider the impact the network installation will have on your machines, as well as what if any interruption of productivity might occur.</P>
<P>You have two major, and one minor option in this regard:</P>

<UL>
<LI>The blitz method: This method entails setting aside a period of time when all machines may be downed, cabling, hardware and software installed and configured all in one contiguous session. Best for very small networks, and non commercial networks. </LI></UL>


<UL>
<LI>The phased method: This method involves a more conservative, cautious approach. Individual machines or sections of the network are downed one at a time, configured, tested, and brought back up before moving to the next section. This minimizes the interruption of productivity, and loss of computer services. Best for larger networks or most any commercial network. </LI>
<LI>A combination of the two: In any installation other than an extremely small network such as our example here, some combination of the two methods is usually the most practical approach. For instance, you may choose to blitz all the server machines, so that file services and other services will be immediately available to the client machines. After the blitz of the servers, you may then choose to slowly integrate the client machines by department, by priority of use, or most commonly, the suits first, then everyone else. As an aside, if you are deploying a network in a commercial environment, never underestimate the effect of office politics in your planning. While the executives may not technically need to be on the network as soon as your programmers or designers, remember to keep the man with the checkbook happy, and you will find your next upgrade much easier to justify.</LI></UL>

<B><P>Preparing the cabling:</P>
</B><P>10BASE2: Double check that you have sufficient coaxial cable, in the proper lengths, to interconnect all the machines on your bus. Remember, the cable strings from machine to machine, so I recommend physically laying out the cable between each machine to make sure you have enough, and the proper lengths. Finally, be sure you have the proper clips and ties to dress the cables neatly.</P>
<P>10BASET: Depending on whether you bought the cables already made up, or made them yourself, the same general rules stated above will also apply here. Placement and layout of the cabling will be largely determined by your placement of the hub. Try to place the hub in such a way as to assure the shortest average length from the hub to each machine. As mentioned above, make sure you have sufficient materials to neatly run, anchor, and wrap your cabling.</P>
<B><P>Preparing the file server:</P>
</B><P>Memory issues: A good rule of thumb for any computer, and especially servers, is the more RAM the better. Since this is a home network, this is not as big an issue, but still important.</P>
<P>Disk storage issues: If you can afford it, get SCSI drives. They work better and last longer. If you are on a budget, EIDE or UDMA drives will do in a pinch, but be aware they will not stand up as well under heavy, constant use.</P>
<P>Backup device issues: I use a SCSI DAT drive, and have always had good results with it. Whatever you choose, MAKE SURE IT IS SUPPORTED BY Linux BEFORE YOU BUY IT! <B><I>And backup up anything on any of the machines you will be working on that you cannot afford to lose!</P>
</B></I><P>Power interruption and loss of data: You should consider at
least protecting your fileserver with an Uninterruptable Power Supply
(UPS.) I can recommend APC and Tripp-Lite products here. Why? Because they
put they're money where they're mouth is on the warranty provided. Try to
get one with two protected outlets, and jacks for your phone line. This
will come in handy later when we do the gateway. Surges don't just come over the power lines. Ideally all your machines should have one, but try to make sure you get one for the file server.</P>
<B><P>Preparing the client workstations:</P>
</B><P>Linux box: not really much to do here, as most everything you need should already be installed. All your networking software should already be there. The only possible exception to this is if you have a RedHat machine, and you chose dialup workstation during installation. In this case, you may or may not have to install additional packages. Check your documentation.</P>
<P>NT box: Here you will need to have your CD-ROM handy, as the networking software is probably not on your machine unless you explicitly requested it during the installation process. The software I am talking about here is separate and distinct from what is required for Dial Up Networking (DUN.)</P>
<P>Surge protectors:  If you cannot afford a UPS for each machine, at least put a quality surge protector on the two clients. Avoid the temptation to buy a bargain one. APC and Tripp-Lite are ones I can recommend for the same reasons as stated above. If either of these machines has any peripherals connected to it such printers, modems, scanners, etc. make sure these are protected as well.</P>
<B><P>Installing the cabling:</P>
</B><P>10BASE2: This is a fairly straightforward process. Simply lay the cable along the back on the table (or whatever your machines are on,) where you plan to install them. Do not anchor the cables at this time.</P>
<P>10BASET: Once you have determined where your hub will be located, lay out the cable from the hub to each machine. Do not bundle or anchor the cables at this time.</P>
<B><P>Installing the hardware:</P>
</B><P>Network Interface Cards: This is fairly straightforward. Power off your machine. Remove the case cover and find an empty expansion slot appropriate for your type of card. Make sure it is firmly seated, and that you replace the screw that holds it in place.</P>
<P>If the card is an ISA card, and is going into one of the Linux boxes, be sure to disable the Plug and Play feature and make note of the IO address and IRQ the card is using. There is usually some of setup program to help you with this. Write these values down as you will need them later.</P>
<P>A QUICK NOTE ON IO ADDRESSES AND IRQ's: Some cards may require you to manually set the IO and IRQ values using jumpers on the card. Use care here. If you choose an IO address or IRQ already in use by another device, all sorts of nasty things can happen. Here are some good ones to try that generally work:</P>
<P>IO Address:</P>
<P>0x300 (300)</P>
<P>0x310 (310)</P>
<P>0x320 (320)</P>
<P>IRQ:</P>
<P>10, 11, or 12. </P>
<P>If the card is a PCI card, have a go at auto detection first, then failing that, use the DOS setup program if required. Here at most, you may have to specify the IO address, which usually looks something similar 0x6xxx.</P>
<P>In any case, once the card is set, be sure to write the pertinent information down. You will need it later on the Linux boxes, and you may or may not need it on the NT box.</P>
<P>10BASE2:</P>

<UL>
<LI>Connectors and termination: Connect the tee to the NIC. On the Linux client and the NT client, place a termination device one side of the tee. Then using the cables you laid out earlier, connect the machines together.</LI></UL>

<P>10BASET:</P>

<UL>
<LI>Installing the hub: This should consist of nothing more than setting it down on the table and plugging it in. In other situations, you may or may not find it advantageous to mount it on the wall, or even under the table. </LI>
<LI>Connecting to the hub: Using the cables you laid out before, connect one end of each cable to the appropriate NIC. Now you may bundle, but not anchor the cabling, starting at the each client on either end, and working toward the fileserver in the middle. </LI></UL>

<B><P>Installing the software:</P>
</B><P>Required software:</P>
<P>Common:</P>
<P>The /etc/hosts file: as specified above.</P>
<P>The /etc/hosts.conf file: as specified above.</P>
<P>The /etc/resolv.conf file: as specified above.</P>
<P>Specific to the file server:</P>
<P>If necessary, copy the above common files to the appropriate directories.</P>
<P>SAMBA: This may or may not already be present on your system. If not, use pkgtool on a Slackware box to install it, and glint or the command RPM:ivh &lt;name of samba.rpm&gt; to install it on a RedHat box. Once you have verified it is installed, configure it as follows:</P>
<UL>
<LI>In the /etc directory, there should be an smb.conf-sample file. You may copy this to a new file called smb.conf, or create your own from scratch. I recommend using the sample one at first. </LI>
<LI>Edit the line workgroup = WORKGROUP and change it to workgroup = </FONT><A HREF="http://home.net/"><FONT FACE="Courier New" SIZE=2>home.net</FONT></A> </LI>
<FONT FACE="Courier New" SIZE=2><LI>Next, look for a line similar to the following: hosts allow = xxx.xxx.x. Where xxx.xxx.x. represent the first three octets of your network address, 192.168.1. in the example. Additionally, be sure to allow the loopback interface. So the correct entry would be :&nbsp;hosts allow = 192.168.1. 127.&nbsp;</LI>
<LI>Finally, look for the line: remote announce = xxx.xx.x.xxx and change it to 192.168.1.255 for our example network.</LI></UL>

<P>NFS services: This should already be installed on your Linux boxes.</P>
<P>A possible exception is RedHat, again if the NFS server and client options were not selected during installation. If necessary, install them. Once you have verified the software is installed on your system, configure as follows:</P>
<P>The /etc/exports file: This is fairly simple. There is much more to NFS than what I will present here, but briefly, and entry in the exports file uses the following syntax:</P>
<P>/name/of/directory/to/export&#9;(type of access) who.can.access</P>
<P>So as an example, to export the home directory with read and write permissions, to anyone in the </FONT><A HREF="http://home.net/"><FONT FACE="Courier New" SIZE=2>home.net</FONT></A><FONT FACE="Courier New" SIZE=2>, the correct entry would be:</P>
<P>/home&#9;&#9;(rw,no_root_squash)&#9;*.home.net</P>
<P>Specific to the NT client: Copy the hosts file ONLY to the specified location. Insert your NT CD-ROM and choose start/settings/controlpanel/network. Depending on whether you have been using this machine for DUN, you may or may not have some of the software already installed. If not just follow the prompts, with the following objectives:</P>
<P>Install ONLY the TCP/IP protocol.</P>
<P>When the time comes to install your Network Adapter (NIC), you can try to let it auto-detect first, then failing that, choose Have Disk and use the diskette supplied with your NIC.</P>
<P>You can safely accept the defaults at this point. If prompted for information such as hostname, IP address, or netmask, refer to the stated configuration above.</P>
<P>You may be prompted to reboot several times. Do so.</P>
<P>Specific to the Linux client: Copy the common files to the appropriate directories.</P>
<P>The only exception would be if you desired to make directories on the Linux client available to the NT client. If this is the case, simply repeat the SAMBA instructions for the file server above on the Linux client as well.</P>
<B><P>Configuration of the file server:</P>
</B><P>Basic Networking  the first step on the UNIX boxes is to get the NIC recognized. On a Slackware machine, this is done by editing /etc/rc.d/rc.modules and uncommenting the line that will load the kernel module necessary for your particular NIC, and possibly passing the IO address and/or the IRQ to help Linux find the card. Scroll down to the Network Device Support section, and look for the line:</P>
<P>#/sbin/modprobe/ ne io=0x320 #NE2000 at 0x320</P>
<P>Uncomment the line by deleting the pound sign. Depending on what release of Slackware you are using, you may or may not have to specify the IRQ as well. This should not be necessary if you are using release 3.5 or higher.</P>
<P>Next, you will want to configure your networking software. Use the netconfig utility for this. Follow the prompts, with the following in mind:</P>
<P>When asked if you will be using only loopback, answer no.</P>
<P>Leave the default gateway blank.</P>
<P>Leave the nameserver stuff blank.</P>
<P>In RedHat, you can use the linuxconf utility in either text mode or under X. I have had a few bad experiences with the X version, so I recommend using the text mode version.</P>
<P>At the command prompt, type linuxconf &lt;RETURN&gt;</P>
<P>You will be presented with a dialog box.</P>
<P>Choose Config/Networking/Client tasks/Basic host information.</P>
<P>First, set your hostname to fileserver01.home.net, then tab to quit to return to the previous screen. Choose Adaptor 1, use the spacebar to select the following parameters:</P>

<UL>
<LI>Enabled </LI></UL>


<UL>
<LI>Config mode Manual</LI></UL>

<P>Next enter the proper hostname, domain, IP, netmask, device number, kernel module, IO, and IRQ for machine. In our case, the proper data is:</P>
<P>fileserver01.home.net</P>
<P>fileserver01</P>
<P>192.168.1.2</P>
<P>255.255.255.0</P>
<P>eth0</P>
<P>ne</P>
<P>0x320</P>
<P>10</P>
<P>If at any point, you are prompted for a default gateway, leave it blank for now.</P>
<P>After you have entered this information, choose quit, accept, quit, quit, quit, until you are asked to activate your changes.</P>
<P>If you want, you can use linuxconf to add your user accounts now, or do it manually later.</P>
<P>Reboot.</P>
<B><P>Configuration of the workstations:</P>
</B><P>Configuration of the NT client  Choose start/settings/controlpanel/network.</P>
<P>Select the Identification tab. Make sure your Workgroup is set to HOME.</P>
<P>Select the Protocols tab. Highlight TCP/IP. Click on Properties.</P>
<P>Select the IP Address tab, and make sure Specify an IP address is selected, and that the IP and netmask are correct. Additionally, make sure the Default Gateway is blank.</P>
<P>Select the DNS tab. Enter your hostname (nt01) and domain (</FONT><A HREF="http://home.net/"><FONT FACE="Courier New" SIZE=2>home.net</FONT></A><FONT FACE="Courier New" SIZE=2>) in the appropriate boxes.</P>
<P>Select the WINS Address tab. Make sure the WINS server boxes are blank, and uncheck the Enable DNS for Windows Resolution and Enable LMHOSTS Lookup boxes if necessary.</P>
<P>Select OK. When prompted that one of the adapters has an empty WINS something or other, select yes to continue. Select close. You will be prompted to reboot.</P>
<P>Configuration of the Linux client  The network configuration will be the same as the fileserver instructions.</P>
<B><P>Testing the installation:</P>
</B><P>If any of these testing procedures fail, go to the troubleshooting section for suggestions on how to correct the problem.</P>
<P>Testing for physical connectivity  To test physical connectivity, ping one of the other hosts on the network. You should see some return information and statistics. Depress Ctrl+C to exit.</P>
<P>Testing the loopback adapter  To test the loopback adapter, simply ping 127.0.0.1.</P>
<P>Testing the NIC  To test the NIC, simply ping the IP address of the NIC.</P>
<P>Using ifconfig and ipconfig -</P>
<P>In Linux and NT, there are utilities provided to assist you in assessing the condition of your networking setup and hardware. They are called ifconfig and ipconfig, respectively.</P>
<P>On a Linux box, at the command prompt: ifconfig &lt;RETURN&gt; should yield two entries  one for the Loopback Adapter called lo, and one for your NIC, called eth0.</P>
<P>On an NT box the command ipconfig should yield one entry, describing your Ethernet adapter.</P>
<P>Testing name resolution  To test name resolution simply ping by hostname, such as fileserver01, nt01, linux01, etc.</P>
<P>Testing file services </P>

<UL>
<LI>Linux NFS  To test the NFS services, CD to /mnt, and create a directory called test. Then try to mount the remote directory to it. For instance, in our example above, we are exporting /home on the fileserver machine, so lets mount it under test: mount t nfs fileserver01:/home /mnt/test &lt;RETURN&gt;. If all went well, you should now be able to access the remote directory from the Linux client. </LI>
<LI>NT SAMBA  double-click on Network Neighborhood. Under Home, you should see both your NT client and the Linux machine, fileserver01. Double click on the entry for fileserver01. If your user account has been created on the Linux box, you should be able to enter your username and password when prompted, and be taken directly to your home directory on the Linux box.</LI></UL>

<B><P>Troubleshooting the installation:</P>
</B><P>Troubleshooting physical connectivity problems </P>

<UL>
<LI>ping 127.0.0.1. If this fails, you have an improper networking configuration. Go back and recheck all your settings and required files. If this works, try to ping the IP address of the NIC installed in the machine. If this does not work, make sure the card is being recognized by Linux. If the NIC has more than one interface e.g. RJ-45 (10BASET) and a BNC (10BASE2,) make sure you have the correct one activated. If all goes well up until this point, try to ping another machine on the network by IP address. If this fails, see the next section on cable integrity.</LI></UL>

<P>Cable integrity </P>

<UL>
<LI>If you cannot ping any other machine on the network, and you have tried all of the above, here are some tips for isolating cabling problems. </LI>
<LI>10BASE2  move the termination of the bus to the next machine in line. Try to ping it. If this fails, try another cable. Repeat the ping test. If it still fails, suspect a termination problem. See below. </LI>
<LI>10BASET  check that the RJ-45 connector is firmly seated in the NIC and the hub. If the cable is good, there should be an LED lit up above the port on the hub into which the cable is inserted. If the LED is not lit, try another cable.</LI></UL>

<P>Termination integrity </P>

<UL>
<LI>This only applies to 10BASE2 or bus networks. Terminators are usually a
pass or fail type of deal. Either they work or they don't. First try another cable, and check to see if you are getting link lights on the NIC. Finally, double check combo cards to make sure the BNC interface is active.</LI></UL>

<P>Troubleshooting name resolution problems:</P>

<UL>
<LI>First, try to ping by IP address. If this fails, check cabling, termination, and NIC recognition at boot time. On the UNIX boxes, ifconfig &lt;RETURN&gt; should show the loopback interface and eth0. If the NIC is not recognized, make sure Plug and Play is turned off, and you have passed the correct IO and IRQ parameters to the kernel. On an NT box, ipconfig &lt;RETURN&gt; should yield similar results. If not, check your network configuration. /start/programs/administrative tools/nt diagnostics may be of some help here. </LI>
<LI>If the ping by IP is successful, try to ping by hostname. If this fails, check your hosts file and make sure it matches the one above. If this is a UNIX box, check your hosts.conf and resolv.conf files and make sure they match the examples. If this is a NT box, make sure you placed the hosts file in the proper directory as specified above.</LI></UL>

<P>Troubleshooting NFS problems </P>

<UL>
<LI>If you cannot mount a remote drive, check the /etc/exports file on the machine that physically contains the directory you are trying to mount. Make sure the desired directory is being exported correctly. </LI>
<LI>If you can mount the remote directory, but can read and/or write, go back to the exports file and check the permissions.</LI></UL>

<P>Troubleshooting SAMBA problems </P>

<UL>
<LI>If the Linux box does not show up in the Network Neighborhood, make sure that both the NT box and the /etc/smb.conf files are using the HOME workgroup. </LI>
<LI>If the Linux box shows up, but you cannot access the shares, see if you are running Service Pack 3. If so, read the SAMBA docs for the required registry change that will need to be made to the NT machine. </LI>
<LI>Finally, make sure the username/password combination you are trying to use exists on the UNIX box as well as the NT box.</LI></UL>

<B><P>References:</P>
</B><P>Previous columns:</P>
<P>Linux Installation Primer parts three and four</P>
<P>Other:</P>
<P>Ethernet HOW-TO</P>
<P>Net-3 HOW-TO</P>
<P>Network Administrators Guide</P>
<P>Mastering Windows NT Server 4 (3<SUP>rd</SUP> Edition)</P>
<B><P>Resources for further information:</P>
</B><P>The Linux Documentation Project</P>
</FONT><P><A HREF="http://www.patoche.org/LTT/"><FONT FACE="Courier New" SIZE=2>http://www.patoche.org/LTT/</FONT></A></P>
<P><A HREF="http://www.ugu.com/"><FONT FACE="Courier New" SIZE=2>http://www.ugu.com/</FONT></A></P>
<P><A HREF="http://www.stokely.com/unix.sysadm.resources/index.html"><FONT FACE="Courier New" SIZE=2>http://www.stokely.com/unix.sysadm.resources/</FONT></A></P>
<FONT FACE="Courier New" SIZE=2><P>alt.unix.wizards</P>
<P>comp.security.unix</P>
<P>comp.unix.admin</P>
<P>alt.os.linux.slackware</P>
<P>comp.os.linux.networking</P>
<P>comp.os.linux.hardware</P>
<P>linux.redhat.misc</P>
<B><P>Coming in Part Six: the long awaited Internet Gateway!</P>
</B></Font>
<P> <HR> <P> 
<center><H4>Previous ``Linux Installation Primer'' Columns</H4></center>
<p>
<A HREF="../issue32/jenkins1.html">Linux Installation Primer #1, September
1998</A><BR>
<A HREF="../issue33/jenkins2.html">Linux Installation Primer #2, October
1998</A><BR> 
<A HREF="../issue34/jenkins3.html">Linux Installation Primer #3, November
1998</A><BR> 
<A HREF="../issue35/jenkins4.html">Linux Installation Primer #4, December
1998</A><BR> 


<!--===================================================================-->
<P> <hr> <P> 
<center><H5>Copyright &copy; 1999, Ron Jenkins <BR> 
Published in Issue 36 of <i>Linux Gazette</i>, January 1999</H5></center>

<!--===================================================================-->
<P> <hr> <P> 
<A HREF="./lg_toc36.html"><IMG ALIGN=BOTTOM SRC="../gx/indexnew.gif" 
ALT="[ TABLE OF CONTENTS ]"></A>
<A HREF="../lg_frontpage.html"><IMG ALIGN=BOTTOM SRC="../gx/homenew.gif"
ALT="[ FRONT PAGE ]"></A>
<A HREF="./blair.html"><IMG SRC="../gx/back2.gif"
ALT=" Back "></A>
<A HREF="./haldar.html"><IMG SRC="../gx/fwd.gif" ALT=" Next "></A>
<P> <hr> <P> 

<H4>
"Linux Gazette...<I>making Linux just a little more fun!</I>"
</H4>

<P> <HR> <P> 
<!--===================================================================-->

<center>
<H1><font color="maroon">Linux on a Shoestring</font></H1>
<H4>By <a href="mailto:csu96177@cse.iitd.ernet.in">Vivek Haldar</a></H4>
</center>
<P> <HR> <P>  

This article first appeared in the September 1998 issue of PC Quest, India's
leading infotech magazine.
<P> <HR> <P> 

<!-- AS-TOC_BEGIN{ -->
<H1 ALIGN=center>Table of Contents</H1>

<UL>
	<LI><A HREF="#as-h2-23100">INTRODUCTION</A>
	<LI><A HREF="#as-h2-23101">SAVE RAM!</A>
	<UL>
		<LI><A HREF="#as-h3-23102">RECOMPILE THE KERNEL</A>
		<LI><A HREF="#as-h3-23103">STOP SOME SERVICES!</A>
		<LI><A HREF="#as-h3-23104">HOW TO REMOVE SERVICES FROM A RUNLEVEL </A>
		<LI><A HREF="#as-h3-23105">WHICH SERVICES TO KEEP, AND WHICH TO REMOVE </A>
		<LI><A HREF="#as-h3-23106">SERVICES YOU MIGHT WANT TO KEEP</A>
	</UL>
	<LI><A HREF="#as-h2-23107">SAVE DISK SPACE</A>
	<UL>
		<LI><A HREF="#as-h3-23108">HOW TO REMOVE A PACKAGE </A>
		<LI><A HREF="#as-h3-23109">WHICH PACKAGES DO I REMOVE?</A>
	</UL>
	<LI><A HREF="#as-h2-231010">WINDING UP</A>
</UL>
<!-- AS-TOC_END} -->


<HR>




<H2><A NAME="as-h2-23100">INTRODUCTION</A></H2>

	
<P>

      With every operating system out there screaming "Give me more!"
      - more disk space, more RAM, more Mhz - it's comforting to know
        that there is one savior out there for those of us not
        endowed with the sizzlingly latest hardware. Yes, I am talking 
        about Linux.
      
<P>
Though Linux shines as a network operating system, and is often
      projected as one, the fact is that it makes a great single user
      OS as well - something that one could use on a non-networked
      home PC. 
<P>
And in that case, there are a number of ways in which you could
      tweak your system to get more punch out of it - even on machines
      as antiquated as 486s, and with as little RAM as 8MB.

         
<P>
Now please remember that you need to be logged in as root to do
      all the following things. Our attack will be two pronged - to
      minimize usage of RAM, and to save disk space. 

  <H2><A NAME="as-h2-23101">SAVE RAM!</A></H2>


  <H3><A NAME="as-h3-23102">RECOMPILE THE KERNEL</A></H3>

           
<P>
 The kernel that is installed out of the box does the job,
            but its a catch-all kernel, with almost everything
            compiled into it. Which means that its bigger than it has
            to be for you. If you compile your own kernel from the
            kernel sources, it could be upto 100kb smaller than the
            default vmlinuz kernel. Besides, its very helpful to know
            how to compile the kernel. 
            It's quite simple actually. You first configure it, that
            is, you say what all you want in your kernel. And then you 
            compile it. 
           
<P>
 Linux has reached that advanced stage in its evolution
            where even the kernel configuration can be done
            graphically. The kernel sources usually reside in
            /usr/src/linux. To get the graphical configuration
            running, do "make menuconfig"(for text based menus), or "make 
            xconfig"(for graphical setup in X). You'll be presented
            with a long list of configurable options, and before
            deciding, it is advisable to see the sagely help note
            which goes along with each. The notes always give sound
            advice, and you should follow it. By doing so, you'll land
            up with exactly the things that you need compiled into
            your kernel, and nothing else. I would also suggest
            reading the README file in the source directory. 
            Once you've configured everything, quit X if you're
            running it. This is so that you can do the compilation in
            text mode, without a heavy X running, and with more
            available RAM. 
           
<P>
 Do "make dep; make zImage", go have coffee, and come back
            after some time. Once that is done, the README explains in
            no uncertain terms what to do with your new kernel, and I
            would only be reproducing it if I told you.

         <H3><A NAME="as-h3-23103">STOP SOME SERVICES!</A></H3>

            
<P>
When a normal Linux system is running, there are a number of
            background jobs constantly running on it, each for a specific 
            purpose - these are called <EM>daemons</EM>. For example, sendmail,
            the mail daemon, is the process which takes care of all the
            sending and routing of mail. A number of such daemons are
            started at bootup. And to group together sets of daemons that 
            you might want to start for specific purposes, you have
            <EM>runlevels</EM>, which are simply groupings of services to start
            and stop. For example, on a normal Linux system runlevel 1,
            which is single user mode, will obviously need a lot fewer
            services to be running than runlevel 3, the full fledged
            multi user mode. 
            
<P>

Linux, by default, boots into <STRONG>runlevel 3</STRONG>. Now it turns out
            that of the myriad services started in that runlevel, some of 
            them a simple non networked home PC could do without. For
            example, you obviously wouldn't want to waste precious RAM by 
            running sendmail on such a machine. Yeah, it can be fun to
            send mail back and forth between root@localhost, and
            someuser@localhost, but that wears off pretty fast. 

  <H3><A NAME="as-h3-23104">HOW TO REMOVE SERVICES FROM A RUNLEVEL </A></H3>

               
<P>
With RedHat, it's all very simple. Administration is
               definitely one of the areas in which RedHat scores over
               other distributions. After logging in as root, start X,
               and from an xterm, start "tksysv". This is the graphical
               runlevel editor.  
               
<P>

You'll see six columns, one for each runlevel. Now we'll
               only be fiddling with runlevel 3, the one which Linux
               normally boots into. Each column will have two halves, the
               top one for services to start at bootup, and the botton
               one for services to stop at shutdown. All you have to do
               to remove a particular service is to select it, and press
               Del. Thats it. Just remember to save your changes before
               quitting. 

<H3><A NAME="as-h3-23105"> WHICH SERVICES TO KEEP, AND WHICH TO REMOVE </A></H3>

               
<P>
Actually, it's much simpler to tell you which ones to
               keep. Remember, all this tweaking is only in runlevel
               3. Now the bare essentials are :
               <UL>
               <LI><STRONG>kerneld</STRONG> - nothing will work without this!
               <LI><STRONG>syslog </STRONG>- must have around for kernel to log
               messages. The logs are helpful for seeing what was
               going on with your system in case something goes
               wrong(actually, nothing ever goes wrong with Linux!).
               <LI> <STRONG>keytable</STRONG> - you need this if want to be able to use
               your keyboard!
               <LI><STRONG>rc.local</STRONG> - this is where some trivial nitty gritties
               happen, after all the other services have been
               started. 
</UL>

               
               
<P>
You simply need to have the above four
               services. Without them, as some say, "not everything
               will work."
  <H3><A NAME="as-h3-23106">SERVICES YOU MIGHT WANT TO KEEP</A></H3>

              
<P>
 Then there are the fence sitters - non critical services
               which you might want to keep, if you need them, or if
               you fancy them.
               <UL>
               <LI> <STRONG>crond </STRONG>- this runs a number of trivial jobs
               periodically, the most important of which is to make
               sure that your log files don't get too large. you can
               run it if you're paranoid. 
               <LI><STRONG>atd</STRONG> - this deamon is required if you want to run "at" 
               jobs, i.e., jobs which begin execution at a time
               specified by you. people working on large, multi-user
               systems which are up 24 hours, everyday, use this to run
               heavy computational jobs at night, when loads on the
               system are lighter. but on a simple home machine, i
               don't see much use for it. after all, you're the only
               one using it!
               <LI> <STRONG>gpm</STRONG> - this allows you to use the mouse in text
               mode. useful sometimes only if you work in text mode,
               and a complete waste if you work in x. 
</UL>
 
               

<H2><A NAME="as-h2-23107"> SAVE DISK SPACE</A></H2>

      
<P>
   Actually, there's nothing much you can do here, except
         removing unwanted packages. Redhat linux has a superb,
         easy to use, and comprehensive package management system 
         which can keep track of almost every non user file on
         your disk. Everything installed on your system is part
         of some package, and packeges can be uninstalled. 

<H3><A NAME="as-h3-23108"> HOW TO REMOVE A PACKAGE </A></H3>


          
<P>
  Just run "glint", the graphical interface to the
            redhat package management system, from a command line
            while in x, and you will get a graphical interface to
            all the packages installed on your system. The
            packages are classified, and show up in a directory
            browser like window. To remove a package, just select
            it and click on the "uninstall" button on the right
            side.
            
<H3><A NAME="as-h3-23109">  WHICH PACKAGES DO I REMOVE?</A></H3>

            
<P>
Beware though, there are some critical packages which
            shouldn't be uninstalled. In glint, it's generally
            advisable to not touch the "base" and "library"
            packages unless you know exactly what you are
            doing. 
            
<P>

            For others, see their description(click the "query"
            button). If you haven't used that package in a long
            time, or don't foresee using it, it's generally safe
            to remove it. In case removing a package affects any
            other package, glint will tell you. It's all quite
            safe. If you do end up needing the package, you can
            always reinstall it from the CD.
            
<H2><A NAME="as-h2-231010">  WINDING UP</A></H2>


<P>
      These were only a few suggestions that you could try
      out. The more comfortable you get with Linux, and the more
      you explore, the more ideas you'll get to tweak your system 
      to get the most out of it. 

<P>
      <EM>Linux is an OS which is more
      forgiving to experimentation than most others. So think,
      and try it out!</EM>


<!--===================================================================-->
<P> <hr> <P> 
<center><H5>Copyright &copy; 1999, Vivek Haldar <BR> 
Published in Issue 36 of <i>Linux Gazette</i>, January 1999</H5></center>

<!--===================================================================-->
<P> <hr> <P> 
<A HREF="./lg_toc36.html"><IMG ALIGN=BOTTOM SRC="../gx/indexnew.gif" 
ALT="[ TABLE OF CONTENTS ]"></A>
<A HREF="../lg_frontpage.html"><IMG ALIGN=BOTTOM SRC="../gx/homenew.gif"
ALT="[ FRONT PAGE ]"></A>
<A HREF="./jenkins5.html"><IMG SRC="../gx/back2.gif"
ALT=" Back "></A>
<A HREF="./coleman.html"><IMG SRC="../gx/fwd.gif" ALT=" Next "></A>
<P> <hr> <P> 

<H4>
"Linux Gazette...<I>making Linux just a little more fun!</I>"
</H4>

<P> <HR> <P> 
<!--===================================================================-->

<center>
<H1><font color="maroon">The Linux User</font></H1>
<H4>By <a href="mailto:bpcolema@uncg.edu">Bryan Patrick Coleman</a></H4>
</center>
<P> <HR> <P>  

Who uses Linux? This question has changed as Linux evolves. Originally 
none but the ultra hacker or the core developers of the OS were the ones 
to use it. As different functionality got added, more and more less 
technically oriented people began to use Linux. 
<P>
Now the question is how far will Linux go toward being an OS for 
the end user. The response that is the healthiest for continued growth 
would be as far as one can go. What you say would you turn Linux into a 
next generation Windows. No, but there is more to it than that. 
nifty    To effectively become an end user product and keep the hackable 
quality of Linux should be the new focus. That means when developing open 
source software you are developing for everyone from the ultimate power 
user / hacker to the less than average user that may have never used 
a computer before. Yes some people have never used computers before 
still in this day and age. 
<P>
What does this mean for development? First and foremost make everything 
you possible can configurable. Not just different makes for different needs 
but truly extendable interfaces using guile or python for example. But also 
there need to be defaults. So after your application is installed a user 
can simply start your program and it look polished. As long as your source 
code is available the hard core hacker is happy. But for hacker wouldi-be's 
it is very important that source code is internally documented. 
<P>
But wait we can go a step beyond simply creating fully configurable 
applications that are extendable and come with  default settings. How about 
"smart" applications. Maybe you have installed application A on your system 
and application B comes along from the same people that brought you A. Wow 
you would love to have it so you install it and low and behold all of the 
little tweaks that you have made to A are already configured for application 
B. Since A and B are smart applications they have communicated and B now 
knows what you like. Of course not everyone likes there applications deciding 
what they like so all smart applications should be lobotomyzable.
<P>
Now for the real fire. How about all this plus the application is ready 
for immediately distributed computing, not only distributed but PVM aware so 
if you connect to a Beowulf cluster your application is ready to do some 
super computing. Groups can be formed across the web i.e. ready made 
intranet. Security is of course built in so you company or organization 
can just set up there own key and away they go.
<P>
Why stop at just X or the console or even Linux. I your application is 
completely system aware no matter where you are or what computer your using 
a person just has to start up there application and it does the rest going 
so far as trying to figure out which way you like your application and if 
your going to be doing distributed work. 
<P>
In short the new wave of computing will be all things for all people. 
This new approach needs a new name I think. I prefer liquid or fluid UI or 
interfacing framework. Some might  think of Java. Java however is slow, slow 
and in the end it is only one library. What I have in mind would be more 
of a set of wrapper classes one for each library used. And one wrapper 
that would handle all of the calls to the widget sets and do all of the 
AI work. This double wrapper approach would cut a lot of the time and 
effort of emulating multiple classes. 

<!--===================================================================-->
<P> <hr> <P> 
<center><H5>Copyright &copy; 1999, Bryan Patrick Coleman <BR> 
Published in Issue 36 of <i>Linux Gazette</i>, January 1999</H5></center>

<!--===================================================================-->
<P> <hr> <P> 
<A HREF="./lg_toc36.html"><IMG ALIGN=BOTTOM SRC="../gx/indexnew.gif" 
ALT="[ TABLE OF CONTENTS ]"></A>
<A HREF="../lg_frontpage.html"><IMG ALIGN=BOTTOM SRC="../gx/homenew.gif"
ALT="[ FRONT PAGE ]"></A>
<A HREF="./haldar.html"><IMG SRC="../gx/back2.gif"
ALT=" Back "></A>
<A HREF="./ayers.html"><IMG SRC="../gx/fwd.gif" ALT=" Next "></A>
<P> <hr> <P> 

<H4>
"Linux Gazette...<I>making Linux just a little more fun!</I>"
</H4>

<P> <HR> <P> 
<!--===================================================================-->

<center>
<H1><font color="maroon">Kernel 2.2's Frame-buffer Option</font></H1>
<h4>By <a href="mailto: layers@marktwain.net">Larry Ayers</a></h4>
</center>
<P> <HR> <P>  

<center><font color="maroon"><h3>Introduction</h3></font></center>

<p>The long-awaited new stable version 2.2 of the Linux kernel is on the verge
of release as the new year begins; a great variety of new features and drivers
will be included.  One of the new features is the option to use a new device
type for the virtual consoles, the frame buffer device (<kbd>/dev/fb[0-7].</kbd>)
This new device type isn't really essential for the many Linux users running
Intel machines, but those people using Alpha, Sparc, PPC, or any of the other
platforms supported by Linux should benefit, as the idea behind the
frame buffer console is to provide a hardware-independent console device.

<p>Geert Uytterhoeven, a Belgian programmer and one of the primary frame
buffer developers, wrote a succinct introduction to one of
the frame buffer documents included with the kernel source:<br>

<blockquote>
The frame buffer device provides an abstraction for the graphics hardware. It
represents the frame buffer of some video hardware and allows application
software to access the graphics hardware through a well-defined interface, so
the software doesn't need to know anything about the low-level (hardware
register) stuff.
</blockquote>

<p>Users of Intel machines already have methods available to vary the
size of the text console screen, such as the <kbd>video=ask</kbd> Lilo
parameter and the SVGATextMode utility.  I've used SVGATextMode for quite some 
time to set the console text to a 116x34 resolution.  It works fine, but while 
configuring recent 2.2 beta kernels with menuconfig I couldn't help but be
intrigued by the choices offered in the  <kbd>Console Drivers</kbd>
sub-screen.  My video card these days is a Matrox Mystique, and when I saw a
new frame buffer driver for Matrox cards and another option for Mystique
support I just had to give it a try.

<center><font color="maroon"><h3>Installation Tips</h3></font></center>

<p>The first time I tried a kernel with Matrox frame buffer support I could
see that the card was detected (as the boot messages scrolled by) and the
penguin logo's appearance at the upper right corner of the screen seemed 
to indicate that at least part of this compiled-in feature was working, but
the console was the same old 80x25 default.  Back to the documentation, where
I learned that a utility called <i>fbset</i> would be helpful.  This small
program (written by Geert Uytterhoeven and Roman Zippel) is used to change or
query the current frame buffer mode.  Even more important, the installation of 
<i>fbset</i> creates the special device files <kbd>/dev/fb[0-7]</kbd> which
are needed for frame buffer functionality.  The <i>fbset</i> archive can be
found at this FTP
<a href="ftp://ftp.uni-erlangen.de/pub/Linux/LOCAL/680x0/">site</a>.

<p>Another document found in the <kbd>fb</kbd> subdirectory of the kernel
source's <kbd>Documentation</kbd> directory is called <kbd>matroxfb.txt</kbd>.
Written by Petr Vandrovec, the Czech developer responsible for the Matrox
frame buffer drivers, this document is a great help in setting up workable
frame buffer modes.  Another, more generic document called
<kbd>vesafb.txt</kbd> can be consulted when setting up modes for other
VESA-2.0 compliant video cards.

<p>There are two ways to tell the kernel which frame buffer mode to use.
While experimenting, setting the mode specification at the Lilo prompt is a
quick way to try a mode out.  Let's say that your main dependable kernel is
the first one in the <kbd>/etc/lilo.conf</kbd> file, and the frame buffer
kernel is the second and is named bzImage-2.2.  Your computer boots, the LILO
prompt appears, and you press the shift key.  Here is an example of a mode
being set:<br>

<p><kbd>LILO bzImage-2.2 video=matrox:vesa:0x188</kbd>

<p>If the mode is acceptable, the console screen will switch to the new mode
(in this case, 960x720) soon after the boot messages begin to scroll by.  The
relevant boot messages will look something like this:<br>

<p><pre><kbd>
matroxfb: Matrox Mystique (PCI) detected 
matroxfb: 960x720x8bpp (virtual: 960x4364) 
matroxfb: framebuffer at 0xE0000000, mapped to 0xc4807000, size 4194304 
Console: switching to colour frame buffer device 120x45 
fb0: MATROX VGA frame buffer device 
</kbd></pre>

<p>If you like the mode, a variation of the above Lilo command can be
inserted directly into the <kbd>/etc/lilo.conf</kbd>  file; the line should
look something like this:<br>

<p><kbd>append="video=matrox:vesa:392"</kbd>

<p>The quotes are essential, and notice that the hex number 0x188 has been
converted to its decimal equivalent 392, since Lilo can't understand hex
numbers in the <kbd>lilo.conf</kbd> file.

<p>Once the frame buffer kernel is booted the <i>fbset</i> utility can be used 
to switch to other modes.  Mode specifications can be derived from X modes,
but not wanting to spend hours fooling around with this I took the easy way
out.  Before I edited the <kbd>lilo.conf</kbd> file so that the mode would be
set automatically when booting, I tried several different hex numbers at the
Lilo prompt.  After booting each one I ran <i>fbset</i> without any
arguments.  When run this way <i>fbset</i> outputs to the screen the current
mode specs in a format usable in the (initially nonexistent) config file
<kbd>/etc/fb.modes</kbd>.  Here's a sample of the output:<br>

<p><pre><kbd>
kbdmode "name"
    # D: 56.542 MHz, H: 45.598 kHz, V: 59.998 Hz
    geometry 960 720 960 4364 8
    timings 17686 144 24 28 8 112 4
endmode
</kbd></pre>

<p>Several of these mode specs can be pasted into a new
<kbd>/etc/fb.modes</kbd> file, substituting different mnemonic names for the
&quot;name&quot; in the pasted output.  One useful mode to include is a basic, 
non-color text mode, either by trying one of the text modes described in the
documentation or simply by running <kbd>fbset -depth 0</kbd>.  SVGAlib console 
graphics programs won't run properly in frame buffer consoles with higher
color-depths.  Once a <kbd>fb.modes</kbd> file has been created the frame
buffer mode can be changed by running the command <kbd>fbset name</kbd>, where 
&quot;name&quot; is one of the mode names in the file.

<center><font color="maroon"><h3>Frame Buffers and X</h3></font></center>

<p>Naturally, the big question many readers will have is &quot;Will X Windows
run when started from a frame buffer console?&quot;.  The answer is &quot;It 
depends.&quot;.  Some combinations of X servers and video cards are known to
have problems, especially when switching back and forth from X to a virtual
console.  This can be a problem with SVGATextMode as well.  The XFree86 3.3.3
SVGA server I've been using with my Matrox card has worked well with the
frame-buffer consoles.  Your mileage may vary.

<p>There <em>is</em> a special server available in source form; it's called
XF68_FBDev and it's included in the XFree86 3.2 (and later) sources.  Binaries 
aren't available, and the server is unaccelerated and would mainly be of interest 
to those running Linux on non-standard hardware such as PPC.

<center><font color="maroon"><h3>Conclusion</h3></font></center>

<p>The majority of Linux users probably won't be using the frame buffer kernel 
options any time soon.  It has advantages with some hardware, but it takes 
time to figure out and use effectively, and the benefits are nice for console
users but won't be of much use to those who spend most of their time in X
Windows.  I think that the reason it will be a part of the next stable kernel
release is that frame buffer devices aren't Intel-specific, as is much of the
current console code.  It's likely that the much-anticipated release of
XFree86 4.0 (possibly this year) will include more frame buffer compatibility
in its server modules, such as seems to exist now in the SVGA server.
<p>
<hr>
<!-- hhmts start -->
Last modified: Sun  3 Jan 1999
<!-- hhmts end -->

<!--===================================================================-->
<P> <hr> <P> 
<center><H5>Copyright &copy; 1999, Larry Ayers <BR> 
Published in Issue 36 of <i>Linux Gazette</i>, January 1999</H5></center>

<!--===================================================================-->
<P> <hr> <P> 
<A HREF="./lg_toc36.html"><IMG ALIGN=BOTTOM SRC="../gx/indexnew.gif" 
ALT="[ TABLE OF CONTENTS ]"></A>
<A HREF="../lg_frontpage.html"><IMG ALIGN=BOTTOM SRC="../gx/homenew.gif"
ALT="[ FRONT PAGE ]"></A>
<A HREF="./coleman.html"><IMG SRC="../gx/back2.gif"
ALT=" Back "></A>
<A HREF="./merlino.html"><IMG SRC="../gx/fwd.gif" ALT=" Next "></A>
<P> <hr> <P> 

<H4>
"Linux Gazette...<I>making Linux just a little more fun!</I>"
</H4>

<P> <HR> <P> 
<!--===================================================================-->

<center>
<H1><font color="maroon">Running Your Own Domain Over a Part Time Dialup</font></H1>
<H4>By <a href="mailto:joe@negia.net">Joe Merlino</a></H4>
</center>
<P> <HR> <P>  

You love your linux box. You love the power. You love the flexability. You
love the freedom. You really love the utter non-microsoftness of it. But
deep down inside, you know there's something missing. A deep longing sits
within you, crying out to be assuaged.
<P>
Your friends with full-time ethernet connections have it. Your really rich
friend with a T-1 to the house has it. They can log into their linux boxen
any time they want. They have their own domain names. You probably even
have an account on one of their machines. But look what you're stuck with.
Sure your modem's pretty fast, but it only dials up when you tell it to,
and you can't tell it when you're not logged in. Even if you set it up to
run as a cron job, you wouldn't know where to telnet to because your ISP
gives you a different IP number every time you dial in.
<P>
How do you get remote access?
<P>
Fear not. There Is A Way. For the price of a dialup PPP account, you can
have that precious remote access. And if you're willing to pay the freight
to InterNIC (you can scrape up seventy bucks, can't you?) you can even
have your own domain. Here's how:
<P><HR> <P> 
<H4> STEP 1 - SETTING UP PPP</H4> 
<P>
The general setup of PPP connections on Linux is well documented
elsewhere, so I won't go into it, except to say that you need to have PPP
set up to run non-interactively from a command line. Graphical programs to
activate PPP such as EZPPP or Red Hat's netcfg won't work. This is because
you're going to create a script to be run as a cron job, and that script
needs to be able to call your PPP-connecting script.
<P>
For the purposes of this article, my PPP-connecting script is called
/etc/ppp/ppp-on, and the script that ends the PPP connection is called
/etc/ppp/ppp-off. You should be able to find examples of these sorts of
scrips on the web.
<P><HR> <P> 
<H4>STEP 2 - DYNAMIC DNS SERVICE</H4> 
<P>
You probably have Domain Name Service (DNS) through your ISP, but your ISP
doesn't keep track of your particular connection because it changes every
time you dial in. Your ISP does this because it has more users than it
does IP numbers. This makes sense when you consider that most of the
people who use the service only connect for a short time - a couple of
hours at most. You can probably get a full-time connection and a static IP
number from your ISP, but such things are typically pretty expensive.
<P>
The thing is, you don't really need a static IP number to have a constant
domain name. As long as the Domain Name Server where your domain name
lives knows what your IP number is *at any given time*, you can get to
your machine. And the DNS server where you domain name lives doesn't have
to be the same one that belongs to your ISP.
<P>
I use a service provided by a company called Dyndns (www.dyndns.com)
Dyndns will, for a fee, maintain your domain name in its database. The
domain name you get can either be a subdomain of theirs (i.e.
yourdomain.dyndns.com), which is cheaper, or your can have your own unique
domain name (i.e. yourdomain.com), which is somewhat more expensive. If
you want a unique domain name, irst, you have to register your domain name
with InterNIC (www.internic.net). Dyndns will do this for you, for a fee,
but it's so easy to do, you might as well save yourself the money and do
it yourself. When you register with InterNIC, you have to supply the IP
numbers of a primary and secondary DNS server. These numbers are available
on Dyndns's web page. Once all of this goes through (read: is paid for),
you're good to go.
<P>
The next thing you do is download a client program from Dyndns's website.
They have a couple of different clients you can choose from (one in C, and
one in Perl), and it might take some experimenting to figure out which one
is better for you (even then, I had to have a friend of mine hack the
Perl client a little to make it work).
<P>
When you are logged into your ISP, you run the client program. The client
program gets your current IP number from the output of the 'ifconfig'
command, and reports it to Dyndns's DNS server. Your domain name is now
pointed at your machine.
<P>
[Note: Nothing I've said in this section should be considered an
endorsement of or advertisement for Dyndns. I've used their service as an
example because it's the service I use, and it's what I'm familiar with.]
<P><HR> <P> 
<H4>STEP 3 - AUTOMATING THE CONNECTION</H4> 
<P>
You've got the domain name, you've got the DNS service, amd you've got the
client program working. Now you need a way to make the computer log itself
onto your ISP without your actually being there to do it. Ah, the wonders
of Linux! This is taken care of with a simple shell script. Here's what I
use:

<pre>
#!/bin/bash

#  This is a script that attempts to log into a remote dialup and
#  establish a PPP connection. If it is sucessful, it runs 'ntpdate'
#  (network clock set), NamedControl.pl (a perl script to update
#  the dynamic DNS), and fetchmail for all accounts. If it fails, it
#  makes two more attempts, and then exits.

#  This script is released under the GNU General Public Licence. No
#  warrenty whatsoever is expressed or implied.

#  Original version was written by Joe Merlino &lt;joe@negia.net&gt;, November,
#  1997.

#  If you have an idea for an improvement to this script, please let me
#  know. 

#  set iteration counter at 1
i=1
while [ $i -le 3 ]
  do

    #  This part tests for the availability of the modem. If the modem
    #  is available, it runs /etc/ppp/ppp-on. If not, it reports and
    #  exits.

    (
    if (test -e /var/lock/LCK..modem)
      then 
        echo modem not available  # for some reason this didn't work. 
        exit 0
      else
        /etc/ppp/ppp-on
        sleep 45
     fi
    )

    #  This part tests for the modem lock file, and if it exists, runs
    #  the various programs needed to update the system from the network.
    #  if the lock file is not found, it reports and exits.

    (
    #!/bin/bash
    if (test -e /var/lock/LCK..modem)
      then  
        /etc/ppp/netpack  #invoke 'netpack' script
        echo done
      else
       echo no connection
    fi
    )
    sleep 60

      #  This part again tests for the lock file, and if it finds it, sets
      #  the iteration counter to 4 (so the script will exit). If the lock
      #  file is not found, it incriments the counter by one.

      if (test -e /var/lock/LCK..modem)
        then
          i=3
      fi
      i=`expr $i + 1`
      echo $i
  done
</pre>

You'll notice that this script calls another script, 'netpack'. I've done
that because I have a set of things I like to do when my machine logs
itself in. At the very least, 'netpack' should include your dynamic DNS 
client script. I would also recommend that it include whatever you use
to download your email (e.g. 'fetchmail' or 'popclient' or whatever). It
would also be possible to replace the line that calls 'netpack' with a
series of lines that call the various programs, but I like the modular
design because I can edit 'netpack' on it's own.
<P>
I put both this script (which I named 'auto-up'), and 'netpack' in
/etc/ppp/.
<P>
Once you've got all that set up, try running it manually to make sure it
works. (Don't forget to give yourself execute permission.) Once you've
established that it works, set it up as a cron job (using the 'crontab -e'
command) to run whenever you want to have remote access to your linux box.
Also, set up /etc/ppp/ppp-off to run when you want your access to end.
<P>
[Note: Some ISPs have a limit on the amount of time you can be connected
without doing anything. This is to keep people from logging in and simply
leaving their computers connected indefinitely. You should be aware of
your ISP's policy with regard to this.]
<P>
And there it is. You now have remote access to your machine at specified
times. Now you can start pining for a full-time connection.

<p>Addendum: Between the time I wrote this article, and the time that this
issue of <i>Linux Gazette</i> was posted, DynDNS added a web-based update
system to its already existing methods. This means that you can update
DynDNS manually, with your browser.

<p>It also gives us the opportunity to write another Perl client. This one
can be much more compact, and should work "out of the box" with only one
small hack required for your account information.

<p>If you want to use it, simply copy the text between the ---CUT--- lines to
a file, give yourself execute permission, and use it in place of the other
client program.
<br><br><br>

<pre>

---------------CUT------------------

#!/usr/bin/perl

#
# Client script for HTTP update of DynDNS's Dynamic Domain service.
# Written by Joe Merlino  12/31/98
# Licence: GNU GPL
#

use IO::Socket;

# Replace the values below with your information as indicated

$host = "master.dyndns.com";
$myhost = "myhost";		#replace with your hostname
$myname = "postmaster";		
$mypass = "mypass";		#replace with your password


# This part opens a connection to DynDNS's web server.
$remote = IO::Socket::INET->new(
	Proto => "tcp",
	PeerAddr => "$host",
	PeerPort => "http(80)"
	) 
	or die "couldn't open $host";

# This part sends an HTTP request containing your information.
print $remote "GET /dyndns/cgi/DynDNSWeb.cgi?name=$myname&passwd=$mypass&domain=$myhost&IP=AUTO HTTP/1.0\n\n";


#This part extracts and prints DynDNS's response.
while ($hrm = <$remote>) {

	if ($hrm =~ /UPDATE/) {
		$message = $hrm
	}

	if ($line =~ /THERE/) {
		$message = $hrm
	}
}

print "DynDNS: $message";

-close $remote;
---------------CUT------------------
</PRE> 

<!--===================================================================-->
<P> <hr> <P> 
<center><H5>Copyright &copy; 1999, Joe Merlino <BR> 
Published in Issue 36 of <i>Linux Gazette</i>, January 1999</H5></center>

<!--===================================================================-->
<P> <hr> <P> 
<A HREF="./lg_toc36.html"><IMG ALIGN=BOTTOM SRC="../gx/indexnew.gif" 
ALT="[ TABLE OF CONTENTS ]"></A>
<A HREF="../lg_frontpage.html"><IMG ALIGN=BOTTOM SRC="../gx/homenew.gif"
ALT="[ FRONT PAGE ]"></A>
<A HREF="./ayers.html"><IMG SRC="../gx/back2.gif"
ALT=" Back "></A>
<A HREF="./ali.html"><IMG SRC="../gx/fwd.gif" ALT=" Next "></A>
<P> <hr> <P> 

<H4>
"Linux Gazette...<I>making Linux just a little more fun!</I>"
</H4>

<P> <HR> <P> 
<!--===================================================================-->

<center>
<H1><font color="maroon">Setting Up a PPP/POP Dial-in Server USING Red Hat Linux 5.1</font></H1>
<H4>By <a href="mailto:hassan@glcom.com">Hassan Ali</a></H4>
</center>
<P> <HR> <P>  
DISCLAIMER:
<P>
This worked for me. Your mileage may vary!
<P>
OBJECTIVES:<BR> 
To install PPP and POP/IMAP services on a Red Hat Linux 5.1 server for
dial-in users.
<P>
TOOLS: <BR> 
Red Hat Linux 5.1 CDs
<P>
ASSUMPTIONS:<BR> 
You have a PC with basic installation of Red Hat Linux 5.1 with
a Linux kernel that supports IP forwarding.
<P><HR> <P> 
STEP 1: Install "mgetty" (if not yet installed) from Red Hat 5.1 CD #1<BR> 
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
<ol>
<li>Login as "root", insert Red Hat 5.1 CD #1 in the CD-ROM drive and
     mount it using the command:
<pre>
     # mount -t iso9660 /dev/hdb /mnt/cdrom
</pre>
     (It is assumed that your CD-ROM drive is device /dev/hdb, if not
     change it accordingly)
<li>Get to the RPMS directory:
<pre>
     # cd /mnt/cdrom/RedHat/RPMS
</pre>
<li>Install "mgetty" rpm files:
<pre>
     # rpm -Uvh mgetty*
</pre>
     This will install mgetty and all its cousins, but who cares!! If you
     hate extended family, have your way and replace "mgetty*" with
     "mgetty-1.1.14-2.i386.rpm". 

<li>At the end of /etc/mgetty+sendfax/mgetty.config file, add the
     following set of three lines for each serial port connected to a modem
     for dial-in users. Here is an example for /dev/ttyS1 and /dev/ttyC15:
<pre>
     # For US Robotics Sportster 28.8 with speaker off
     port ttyS1
     init-chat "" ATZ OK AT&F1M0E1Q0S0=0 OK
     answer-chat "" ATA CONNECT \c \r

     # For Practical Peripheral 14.4 with fax disabled and prolonged
     # carrier wait time (90 sec)
     port ttyC15
     init-chat "" ATZ OK AT&F1M0E1Q0S0=0S7=90+FCLASS=0 OK
     answer-chat "" ATA CONNECT \c \r
</pre>
Notes:
<ol>
   <li>AT&F1 sets hardware flow-control mode on many modems. For other
         modems use appropriate initializations in the init-chat line.
         <li>Just in case you wonder why I took as an example a ttyC15
	 port; well, you may have such a port if you have a multiport
	 serial card. If you need one, I recommend Cyclades cards.
</ol>
<li>In /etc/mgetty+sendfax/login.config file, search for the line that
     starts with /AutoPPP/. Make sure that it is not commented (i.e. there
     is no "#" at the beginning of the line), and edit it to be:
<pre>
     /AutoPPP/	-	a_ppp  	/etc/ppp/ppplogin
</pre>
     If you wish to have users' login names (rather than "a_ppp") to
     appear in the /var/run/utmp and /var/log/wtmp log files, then the
     above line should be:
<pre>
     /AutoPPP/	-	-	/etc/ppp/ppplogin
</pre>
<li>In /etc/inittab file, search for the section that runs "getty"
     processes and add at the end of that section one line of the
     following form for each modem port. Example here is given for ttyS1
     and ttyC15.
<pre>
     7:2345:respawn:/sbin/mgetty -x 3 ttyS1
     8:2345:respawn:/sbin/mgetty -x 3 ttyC15
</pre>
     [the first number (7,8) is arbitrary (in fact I have seen in some
     cases "s1", "s2", etc, used instead). Just give a different number
     for each port. And why not you go by the order!!? Me wonders!]

<li> Connect the modems to the serial ports, switch them ON and then
     initialize "mgetty" with the command:
<pre>
     # init q
</pre>
     NOTE: If you spawn "mgetty" on a serial port with no modem
     connected to it, or the modem is not switched ON, you'll get
     lots of error messages in "/var/log/messages" or/and in the other
     mgetty ("/var/log/log_mg.ttyXX") log files. In fact those
     error messages may continuosly pop up on your screen. Quite
     annoying, eh? To avoid this annoyance, each serial port that has no 
     modem connected to it should have its corresponding lines
     commented out in /etc/inittab and in 
     /etc/mgetty+sendfax/mgetty.config files.
</ol>
<P><HR> <P> 
STEP 2: Install PPP (if not installed) from Red Hat 5.1 CD #1<BR> 
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
<ol>
<li> If the Red Hat CD #1 is properly mounted (see STEP 1.1), to
     install PPP type the following command:
<pre>
 # rpm -Uvh /mnt/cdrom/RedHat/RPMS/ppp*
</pre>
<li>Edit /etc/ppp/options files to read as follows:
<pre>
     -detach
     crtscts
     netmask 255.255.255.0
     asyncmap 0
     modem
     proxyarp
</pre>
     NOTES: 
<ol>
<li>Use appropriate netmask for your network. It doesn't have to
           be 255.255.255.0, in fact in my case it was 255.255.255.224
           <li>Read man pages for "pppd" to understand those options.
</ol>
<li>Edit /etc/ppp/ppplogin file (create it if it doesn't exist) to read as
     follows:
<pre>
     mesg n
     tty -echo
     /usr/sbin/pppd silent auth -chap +pap login
</pre>
     Make the file executable using command:
<pre>
     # chmod +x /etc/ppp/ppplogin
</pre>
     NOTE: We're going to use PAP authentication BUT using the ordinary
           /etc/passwd password file. That's what "+pap login" means.

<li> For each serial port connected to a modem, create a corresponding
     /etc/ppp/options.ttyXX file, where "XX" is "S1" for ttyS1 port,
     "S2" for ttyS2 port, "C15" for ttyC15, etc. In one such file put
     the following line:
<pre>
     myhost:ppp01
</pre>
     
     where "myhost" is the hostname of the PPP server - change it
     accordingly to the actual hostname of your Linux box. If you're
     more forgetful than you can REMEMBER to admit, remind yourself of
     the hostname of your server using the "hostname" command.
<pre>
     # hostname
</pre>
     The word "ppp01" used above is just an arbitrarily chosen name for
     the virtual host associated with one of the PPP dial-in lines and
     its corresponding IP address as defined in /etc/hosts file (to be
     discussed later). 
     In another /etc/ppp/options.ttyXX file, you may wish to type in the
     following line:
<pre>
     myhost:ppp02
</pre>
     That is, here you define a different PPP hostname, "ppp02". Use
     a different hostname for each serial port. You can choose any names
     that your lil' old heart desires! They don't have to be ppp01,
     ppp02, ppp03, etc. They can be "junkie", "newbie", "noname",
     whatever!

<li>Edit /etc/ppp/pap-secrets file and add one line as shown below for
     each IP address that is to be dynamically assigned to PPP dial-in
     users. This, of course, assumes that you have a pool of IP
     addresses that you can assign to your dial-in clients:
<pre>
     # Secrets for authentication using PAP
     # client	server		secret		IP addresses
     *		*		""		10.0.0.3
     *		*		""		10.0.0.4
</pre>
    
     This says: no PAP secrets (passwords) set for any client from
     anywhere in the world with the shown IP address. We don't need to
     use PAP secrets if we will be using /etc/passwd instead. If
     you are REALLY not paranoid, you can have just one following line 
     that will serve all the IP addresses (yours and your
     neighbour's!):
<pre>
     # Secrets for authentication using PAP
     # client	server		secret		IP addresses
     *		*		""		*	
</pre>
<li>Make /usr/sbin/pppd program setuid "root" by using command:
<pre>
     # chmod u+s /usr/sbin/pppd
</pre>
<li>Edit /etc/hosts file to assign IP addresses to all PPP hostnames
     you used in STEP 2.4. Use the pool of IP addresses used in STEP
     2.5:
<pre>
     10.0.0.3	ppp01	ppp01.mydomain.com
     10.0.0.4	ppp02	ppp02.mydomain.com
</pre>
     NOTE: Replace "mydomain.com" with the actual domain name of your PPP
     server. Just in case you're confused, I assume your PPP server is
     "myhost.mydomain.com".
</ol>
<P><HR> <P> 
STEP 3: Install POP/IMAP servers (if not installed) from Red Hat 5.1 CD #1<BR> 
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
<ol>
<li>With the Red Hat CD #1 properly mounted, issue the following
     command to install POP and IMAP:
<pre>
     # rpm -Uvh /mnt/cdrom/RedHat/RPMS/imap*
</pre>
<li>Check /etc/inetd.conf file to see if "pop-2", "pop-3", and "imap"
     service lines are all uncommented. If not, uncomment them (i.e
     remove the leading "#"). If you only want to support POP3
     clients, just uncomment the "pop-3" line. If POP2 and POP3
     files are not in the "imap*" RPM file, try to see if you have
     "ipop*" RPM file and use it instead.

<li>Activate the new services by using command:
<pre>
     # kill -HUP `cat /var/run/inetd.pid`
</pre>
</ol>
<P> <HR> <P> 
STEP 4: Enable IP fowarding <BR> 
~~~~~~~~~~~~~~~~~~~~~~~~~~~
<ol>
<li>If you use the already compiled Linux kernel that comes with
     Red Hat 5.1, it does normally have support for IP forwarding. If you
     compile your own Linux kernel, you have to enable "IP:
     forwarding/gatewaying" networking option during compilation. 
     
     For RFC compliance, the default bootup process does not enable
     IP forwarding.  Enable IP forwarding by setting it to "yes" in
     /etc/sysconfig/network file, like so:
<pre>
     FORWARD_IPV4=yes
</pre>
<li>Activate IP forwarding by using command:
<pre>
     # echo "1" > /proc/net/ip_forward
</pre>
     or by rebooting the system.
</ol>
<P><HR> <P> 
STEP 5: Test the server<BR> 
~~~~~~~~~~~~~~~~~~~~~~~
<ol>
<li>First create users (if not ready). You can give them
     "/home/username" home directory and "/bin/bash" login shell if you 
     want them to have both "PPP" and shell access. Give them
     "/home/username" home directory and "/etc/ppp/ppplogin" login program if
     you want them to have PPP access but not shell access. It's better
     to use "usercfg" tool to set-up new users.
     Typical /etc/passwd file entries may be as follows:
<pre>
     jodoe:tdgsHjBn/hkg.:509:509:John Doe:/home/jodoe:/bin/bash
     jadoe:t8j/MonJd9kxy:510:510:Jane Doe:/home/jadoe:/etc/ppp/ppplogin
</pre>
     In this example, John Doe will have both PPP and shell access,
     while Jane Doe will only have PPP access. If you have just started
     to wonder how John Doe may have PPP access, the answer lies with
     the /AutoPPP/ configuration in "mgetty" - it does the magic. Any 
     user that will dial in and talk PPP, mgetty will give him/her the 
     /etc/ppp/ppplogin program. 
 <P>     
     So, if John Doe dials-in using Windows 95 dial-up adaptor
     which is set up to make a PPP connection, mgetty will give John Doe
     PPP access. If he dials in with any other communication software
     e.g HyperTerminal, (with no PPP negotiation) he will be given the 
     normal login shell. This will never happen for Jane Doe. She will
     always be welcome by the "/etc/ppp/ppplogin" program. 
 <P>     
     In fact "mgetty" allows you to use the same modem lines for various
     protocols. For example, your UUCP clients (if you have any) may use
     the same modem lines as your PPP clients! Of course, you have to
     give your UUCP clients "/var/spool/uucppublic" home directory and
     "/usr/sbin/uucico" login program.

<li>Assuming you have a web server (Apache) already setup (it's a
     piece-a-cake to setup Apache), use a web browser, and a POP e-mail
     client (e.g Eudora) on a remote PC connected to a modem and a phone
     line. If it is a Windows 95/98 PC, setup the Dial-up Adaptor
     appropriately by specifying the IP address of the PPP server as the
     Gateway, use correct DNS IP address, and specify that the server
     will assign an IP address automatically. In the POP client (e.g
     Eudora), set SMTP and POP host as the IP address of the PPP/POP
     server.
<P>
     Now dial-up the server and wait for connection. Test out web
     browsing, and POP mail sending and receiving. If it doesn't work...
     something is wrong somewhere ;-) 
 </ol>    
<P><HR> <P> 
REFERENCES:
<P>
1. PPP-HOWTO
2. NET-3-HOWTO
3. "Using Linux", Bill Ball, published by Que (around 
   US$30 - highly recommended)
4. mgetty documentation
<P>

<!--===================================================================-->
<P> <hr> <P> 
<center><H5>Copyright &copy; 1999, Hassan O. Ali <BR> 
Published in Issue 36 of <i>Linux Gazette</i>, January 1999</H5></center>

<!--===================================================================-->
<P> <hr> <P> 
<A HREF="./lg_toc36.html"><IMG ALIGN=BOTTOM SRC="../gx/indexnew.gif" 
ALT="[ TABLE OF CONTENTS ]"></A>
<A HREF="../lg_frontpage.html"><IMG ALIGN=BOTTOM SRC="../gx/homenew.gif"
ALT="[ FRONT PAGE ]"></A>
<A HREF="./merlino.html"><IMG SRC="../gx/back2.gif"
ALT=" Back "></A>
<A HREF="./bennetjan.html"><IMG SRC="../gx/fwd.gif" ALT=" Next "></A>
<P> <hr> <P> 
<H4>
"Linux Gazette...<I>making Linux just a little more fun!</I>"
</H4>
<P> <HR> <P> 
<!--===================================================================-->
<center>
<H1><font color="maroon">Touchpad Cures Inflammation</font></H1>
<H4>By <a href="mailto:chguy@chguy.net">Bill Bennet</a></H4>
</center>
<P> <HR> <P>  
           Here are some reasons to go to a little touchpad for Linux:
<ol>
<li>    It will exercise your whole hand digit by digit.
<li>    When you take the pressure off of your "clicker finger" your chronic 
        carpal tunnel and joint soreness will go away in a few days.
<li>    When you work without soreness, you will enjoy your Linux box even 
        more than you do now.
<li>    You can really truly do magic hand gestures to make your machine go.
<li>    It works better in Linux than in the monopoly system!
</ol>
<P>
&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;So, what make and model are we talking about?  It is the Elite 800 dpi EZ-Pointe serial touchpad by <a href="http://www.pcconcepts.com">PC Concepts</a>.  I got mine at Computer Avenue (<a href="http://www.computeravenue.com">www.computeravenue.com</a>).
        Developed for the Windows-Intel monopoly system, it comes with a diskette that holds the "drivers" for <a href="http://www.vcnet.com/bms/departments/catalog.html">Microsoft's</a> DOS and their 16-bit and 32-bit window managers.
<P>&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;
The DOS setup of the pad is simply a matter of putting the diskette in the floppy drive and copying the "drivers" over to your machine.  You get the usual triple set of instructions: one for DOS, one for 16-bit gui DOS and one very "clickety" set of instructions for 32-bit gui DOS 7.0.  
<P>&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;
  After about twenty minutes of fiddling and adjusting, you are back to square one: you have installed a serial pointing device.  Yes, you can enter in some key bindings coupled with clicks of the primary and secondary switches.  You can set up hotspots accessible from a set of keys and clicks of switches.  When the play-time is done (about twenty minutes or so - depends how playful you feel), you have to reboot your machine to record the settings.  Ok, no problem.

<P>&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;
  Now you can use the pad.  You will find that all of the fiddling and customizing was a waste of time, since you will just be doing same-old, same-old with a new pointing device. When it comes to <a href="http://www.goldtouch.com/articles/">RSI</a>, you can get yourself a better <a href="http://www.goldtouch.com/media/complaint.htm">mouse</a> or you can get yourself a totally new pointing device.
<P>&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;
  The time comes when you want to see this thing work in Linux.  Then you realize that your DOS fiddlings with "drivers" will be impossible in Linux because all of the "drivers" are written for the Widows-Intel monopoly system.  It makes me think.
<P>&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;
  Where does the typical hardware problem start?  Right! It starts with standard manufacturing procedure: you follow the market. So the typical hardware problem in Linux is about hardware that will work only when a  set of mystical registers is set up; those settings which can only be set with <a href="#loadlin">DOS</a> software. We all know that the majority of PC owners are forced to get DOS software when they buy their machine.  All we need is hardware that works on its own interface (like your BIOS and CMOS at startup) and hardware that will accept signals from any software, as long as the signals are correct.
<P>&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;
The non-standard hardware that uses non-standard settings is often (too often) kept from us by manufacturers who force the signing of a NDA (non-disclosure agreement) in order to protect their <a href="#xfree">secrets</a>.  Ask yourself: is it a secret because it is simple and elegant?  My answer is that these companies are afraid of a certain big, bad wolf company that steals innovation; this same thief claims to be the leading innovator!  It is no wonder, then, that certain hardware is not yet open to Open Source. 
<P>&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;
  We also need for the manufacturers to hear that Linuxians will purchase from "Linux friendly" companies first. First and foremost, the consumer can really influence the computer industry by supporting the protocols that are open and free for all users. So do not buy from a company that seeks to own the protocols and do buy from companies that adhere to the protocols as they have been established.
<P>&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;
  Enter the serial port <a href="#rodent">protocol</a> for the serial mouse.  A mouse is a mouse.  Evidence for the DOJ: a "regular" mouse is a <a href="http://www.vcnet.com/bms/departments/catalog.html">Microsoft</a> mouse. If any of you folks think that there is no need to curb monopolies and their anti-competitive, locked in, exclusive contracts, remember this: a "regular" mouse used to be an Apple mouse. Apple had the home computer mouse first and they played fair.  It is my contention that Apple needed to play a bit more hard-nosed.  Just look at who "owns" (influences) them <a href="http://www.vcnet.com/bms/departments/catalog1.html">now</a>.
<P>&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;
  The defacto standard for a "regular" serial mouse is based on its ubiquitous placement as an accessory for the monopoly system PC. Besides, we users like pointing devices. For the sake of clarity, you even call a "regular" mouse or the touchpad a <a href="http://www.vcnet.com/bms/departments/catalog.html">Microsoft</a> mouse when you install Linux.  
<P>&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;
  Well, it is time to leave the pad plugged in and reboot the machine to Linux. Good.  Let us see if it works without all of these DOS driver fiddlings.  You wait.  You hope.  You curse the monopoly.  Then it happens.
<P>&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;
  Gpm -t ms is <a href="#gpmnote">running</a>.  You brush a digit across the pad. It's alive! Now for startx.
<P>&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;
  The pad will work as a regular mouse in Linux without any of those annoying "drivers" because the Linux mouse <a href="#setup">config</a> is ready for any serial mouse.  No drivers.  No fiddling.  And the left and right buttons work just fine. In fact, it seems to me that the motion is smoother.

<h2><center><font color=blue size =+1>Give me a bit of skin anyday</h2></font></center>
<P>&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;
  The standard procedure for <a href="http://www.goldtouch.com/articles/best.html">operating</a> a mouse is odd to watch if you look at it like a non-computer-familiar person. The operator holds the hand in readiness on top of the mouse.  Whether you are a "micro-wrist-twitch" artist or a "full-shoulder-pusher" or a "swing-punch-twister" it all looks the same: your finger rests on the clicker and moves in one axis, making a tiny movement over and over. The term "clickfest" was coined as a derisive remark by some person with an aching "mouse wrist" and and a sore "clicker finger", I'll bet.
<P>&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;
  Enter the pad, man.  Brush a finger, any finger across the smooth touch pad.  Your cursor will follow.  Skin is in. Try a knuckle. Any skin covered body part will do.  Now do a little light tap on a menu button.  It responds.  Do a light double tap.  This light double tap is now your new "clickety-click". You do have <a href="#3bnote">switches</a>, and they make drag and drop a little easier.  I prefer to do the light stroke thing at this time; it just is way too cool and human, if you know what I mean.
<P>&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;
  Then you try some fine pointer movement, such as in xpainting or GIMP-ing. Wow! The finest single pixel motion is waiting for you with a touchpad. It is done with a "fingerprint rollover" of a fingertip; just like you get when they throw you in a holding cell at your local ticket giving outlet. You get good traction and positive one-to-one feedback from the pointer with none of that annoying mouse-ball slippage. The finishing touch is the drag and drop, where you can move to your target, take your digit away from the pad surface (the cursor stays put), move it to one edge of the pad, touch down and tap twice to light up the target, and drag your targeted item to its destination. It is just a pleasure to work with a touchpad.

<P>&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;
  So that is it.  No HOWTO is needed for this seriously fun way to point and click on your screen. Best of all, there is no fiddling with no damn "drivers".
<P>&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;
  When your carpal tunnel soreness goes away you may once again be carefree and easy-going at your monitor.  Do you suppose that flame wars are due to pain from mousing in addition to the pain in the usual place?  Adios from this desktop.
<hr><a name=gpmnote><h2><font color=blue>gpm note</h2></font></a>
<P>&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;
  The gpm for a two button mouse is gpm -t bare.  It also works on gpm -t ms if you want or need three-button emulation.  
<hr><a name=3bnote><h2><font color=blue>3 button emulation note</h2></font></a
<P>&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;
As a three-button mouse emulator, the pad is very nice because the middle pair of left/right switches are about 1 millimeter apart and can easily be pressed together with one finger. The point is that you do not have to make any adjustments from your "regular" mouse setup, which is in /etc/X11/XF86Config in the pointer section. Just plug it in and make it go.
<hr><a name=rodent><h2><font color=blue>rodent protocol</h2></font></a>
<P>To see the various rodent protocols, type "man mouse" to see the fine documentation.
<hr><a name=setup><h2><font color=blue>I was set up!</a></h2></font>
<P>XF86Setup is the graphical setter upper for your mouse and X Windows.
<P>Xconfigurator is the console/xterm setter upper for this same job.
<P>xf86config is the text based setter upper.-- pick a binary, any binary
<hr><a name=xfree><h2><font color=blue>Reference reading:</h2></font></a>
<P>XFree86 HOWTO -- required reading for Linuxians -- see secret video timings
<P>3-Button-Mouse HOWTO -- you might have fun with this -- prep for surgery
<P><a name=loadlin>Loadlin+Win95 mini-HOWTO</a> -- to beat the "DOS only" hardware trick 
<P>"Loadlin.exe Installer", Linux Gazette issue #34, November, 1998 -- step by step 
<hr><br><P>
<center><font color=blue><strong>made with Emacs 20.2.1 on an i486 with GNU/Linux 2.0.32<P>The word damn is used to emphasize an adamant position and is in no way meant as an affront to sincere readers.</center></font></strong>

<!--===================================================================-->
<P> <hr> <P> 
<center><H5>Copyright &copy; 1999, Bill Bennet <BR> 
Published in Issue 36 of <i>Linux Gazette</i>, January 1999</H5></center>

<!--===================================================================-->
<P> <hr> <P> 
<A HREF="./lg_toc36.html"><IMG ALIGN=BOTTOM SRC="../gx/indexnew.gif" 
ALT="[ TABLE OF CONTENTS ]"></A>
<A HREF="../lg_frontpage.html"><IMG ALIGN=BOTTOM SRC="../gx/homenew.gif"
ALT="[ FRONT PAGE ]"></A>
<A HREF="./ali.html"><IMG SRC="../gx/back2.gif"
ALT=" Back "></A>
<A HREF="./kuethe.html"><IMG SRC="../gx/fwd.gif" ALT=" Next "></A>
<P> <hr> <P> 

<H4>
"Linux Gazette...<I>making Linux just a little more fun!</I>"
</H4>

<P> <HR> <P> 
<!--===================================================================-->

<center>
<H1><font color="maroon">Through the Looking Glass: Finding Evidence of Your Cracker</font></H1>
<H4>By <a href="mailto:ckuethe@math.ualberta.ca">Chris Kuethe</a></H4>
</center>
<P> <HR> <P>  

You've subscribed to Bugtraq and The Happy Hacker list, bought 
yourself a copy of The Happy Hacker, and read The Cuckoo's Egg a 
few times. It's been a very merry Christmas, with the arrival of a cable 
modem and a load of cash for you, so you run out and go shopping to 
start your own hacker lab. A week later, you notice that one of your 
machines is being an especially slow slug and you've got no disk 
space. Guess what - you got cracked, and now it's time to clean up the 
mess. The only way to be sure you get it right is to restore from a 
clean backup - usually install media and canonical source - but let's 
see what the "h4x0r" left for us to study.
<P>
In late October of this year, we experienced a rash of attacks on some 
workstations here at the University of Alberta's Department of 
Mathematical Sciences. Many of our faculty machines run RedHat 5.1 
(there's a good platform to learn how to try to secure...) since it's 
cheap and easy to install. Workstations are often dual-boot with 
Windows 95, but we'll be phasing that out as we get Citrix WinFrame 
installed. This paper is an analysis of the compromise of one 
professor's machine.
<P>
One fine day I was informed that we'd just had another break-in, and 
it was time for me to show my bosses some magic. But like a skilled 
cardshark who's forced to use an unmarked deck, my advantage of 
being at the console had been tainted. Our cracker had used a decent 
rootkit and almost covered her tracks.
<P>
In general, a rootkit is a collection of utilities a cracker will install in 
order to keep her root access. Things like versions of ps, ls, passwd, 
sh, and other fairly essential utilities will be replaced with versions 
containing back doors. In this way, the cracker can control how much 
evidence she leaves behind. Ls gets replaced so that the cracker's files 
don't show up, and ps is done so that her processes are not displayed 
either. Commonly a cracker will leave a sniffer and a backdoor hidden 
somwhere on your machine. Packet sniffers - programs that record 
network traffic which can be configured to filter for login names and 
passwords - are not part of a rootkit per se, but they are nearly as 
loved by hackers as a buggered copy of ls. What wouldn't want to try 
intercept other legitimate user passwords?
<P>
In nearly all cases, you can trust the copy of ls on the cracked box to 
lie like a rug. Don't bet on finding any suspicious files with it, and  
don't trust the filesizes or dates it reports; there's a reason why a 
rootkit binary is generally bigger than the real one, but we'll get there 
in a moment. In order to find anything interesting, you'll have to use 
find. Find is a clever version of 'ls -RalF <w> | grep <x> | grep <y> | 
... | grep <z> '. It has a powerful matching syntax to allow precise 
specification of where to look and what to look for. I wasn't being 
picky - anything whose name began with a dot was worth looking at. 
The command: find / -name ".*" -ls
<P>
Sandwiched in the middle of a ton of useless temporary files and the 
usual '.thingrc' files (settings like MS-DOS's .ini) we found 
'/etc/rc.d/init.d/...'. Yes, with 3 dots. One dot by itself isn't suspicious, 
nor are two. Play around with DOS for about two seconds and you'll 
see why: '.' means "this directory" and '..' means "one directory up." 
They exist in every directory and are necessary for the proper 
operation of the file system. But '...' ? That has no special reason to 
exist.
<P>
Well, it was getting late, and I was fried after a day of class and my 
contacts were drying up, so I listed /etc/rc.d/init.d/ to check for this 
object. Nada. Just the usual SysV / RH5.1 init files. To see who was 
lying, changed my directory into /tmp/foo, the echoed the current date 
into a file called '...' and tried ls on it. '...' was not found. I'd found 
the first rootkit binary: a copy of ls written to not show the name '...' . 
I will admit that find is another target to be compromised; in this case 
it was still clean and gave me some useful information.
<P>
Now that we knew that '...' was not part of a canonical distribution, I 
moved into to it and had a look. There were only two files; linsniffer 
and tcp.log. I viewed tcp.log with more and made a list of the staff 
who would get some unhappy news. Ps didn't show the sniffer 
running, but ps should not be trusted in this case, so I had to check 
another way.
<P>
We were running in tcsh, an enhanced C-syntax shell which supports 
asychronous (background) job execution. I typed './linsniffer &' 
which told tcsh to run the program called linsniffer in this directory, 
and background it. Tcsh said that was job #1, with process ID 2640. 
Time for another ps - and no linsniffer. Well, that wasn't too 
shocking. Either ps was hacked or linsniffer changed its name to 
something else. The kicker: 'ps 2640' reported that there were no 
processes available. Good enough. Ps got cracked. This was the 
second rootkit binary. Kill the currently running sniffer.
<P>
Now we check the obvious: /etc/passwd. There were no strange 
entries and all the logins worked. That is, the passwords were 
unchanged. In fact the only wierd thing was that the file had been 
modified earlier in the day. An invocation of last showed us that 
'bomb' had logged in for a short time around 235am. That time would 
prove to be significant. Ain't nobody here but us chickens, and none 
of us is called bomb...
<P>
I went and got my crack-detection disk - a locked floppy with binaries 
I trust - and mounted the RedHat CD. I used my clean ls and found 
that the real ls was about 28K, while the rootkit one was over 130K! 
Would anyone like to explain to me what all those extra bytes are 
supposed to be? The 'file' program has our answer: ELF 32-bit LSB 
executable, Intel 80386, version 1, dynamically linked, not stripped. 
Aha! So when she compiled it, our scriptkiddie forgot to strip the file. 
That means that gcc left all its debugging info in the file. Indeed, 
stripping the program brings it down to 36K, which is about 
reasonable for the extra functionality (hiding certain files) that was 
added.
<P>
Remember how I mentioned that the increased filesize is important? 
This is where we find out why. First, new "features" have been added. 
Second, the binaries have verbose symbol tables, to aid debugging 
without having to include full debug code. And third, many 
scriptkiddies like to compile things with debugging enabled, thinking 
that it'll give them more debug-mode backdoors. Certainly our 'kiddie 
was naive enough to think so. Her copy of ls had a full symbol table, 
and source and was compiled from /home/users/c/chlorine/fileutils-
3.13/ls.c - which is useful info. We can fetch canonical distributions 
and compare those against what's installed to get another clue into 
what she may have damaged.
<P>
I naively headed for the log files, which were, of course, nearly as 
pure as the driven snow. In fact the only evidence of a crack they held 
was a four day gap. Still, I did find out something useful: this box 
seemed to have TCP wrappers installed. OK, those must have failed 
somehow since she got in to our system. On RH51, the TCP wrappers 
live in /usr/sbin/in.* so what's this in.sockd doing in /sbin? Being 
Naughty, that's what. I munged in.sockd through strings, and found 
some very interesting strings indeed. I quote: You are being logged , 
FUCK OFF , /bin/sh , Password: , backon . I doubt that this is part of 
an official RedHat release.
<P>
I quickly checked the other TCP wrappers, and found that RedHat's 
in.rshd is 11K, and the one on the HD was 200K. OK, 2 bogus 
wrappers. It seems that, looking at the file dates, this cracked wrapper 
came out the day after RH51 was released. Spooky, huh?
<P>
I noticed that these binaries, though dynamicically linked, used libc5, 
not libc6 which we have. Sure, libc5 exists, but nothing, and I mean 
nothing at all uses it. Pure background compatiblity code. After 
checking the other suspect binaries, they too used libc5. Thats where 
strings and grep (or a pager) gets used.
<P>
Now I'm getting bored of looking by hand, so lets narrow our search a 
little using find. Try everything in October of this year... I doubt our 
cracker was the patient sort - look at her mistakes so far - so she 
probably didn't get on before the beginning of the month. I don't 
claim to be a master of the find syntax, so I did this:
<PRE>
find / -xdev -ls | grep "Oct" | grep -v "19[89][0-7]" > octfiles.txt
</PRE>
In english: start from the root, and don't check on other drives, print 
out all the file names. Pass this through a grep which filters everything 
except for "Oct" and then another grep to filter out years that I don't 
care about. Sure, the 80's produced some good music (Depeche 
Mode) and good code (UN*X / BSD) but this is not the time to study 
history.
<P>
One of the files reported by the find was /sbin/in.sockd. Interestingly 
enough, ps said that there was one unnamed process with a low (76) 
process id owned by uid=0, gid=26904. That group is unknown on 
campus here - whose is it? And how did this file get run so early so as 
to get that low a PID? In.sockd has that uid/gid pair... funky. It has to 
get called from the init scripts since this process appears on startup, 
with a consistently low PID. Grepping the rc.sysinit file for in.sockd, 
the last 2 lines of the file are this:
<PRE>
#Start Socket Deamon
exec in.sockd
</PRE>
Yeah, sure... That's not part of the normal install. And Deamon is 
spelled wrong. Should a spellchecker be included as an crack-
detector? Well, RedHat isn't famous for poor docs and tons of typos, 
but it is possible to add words to a dictionary. So our cracker tried to 
install a backdoor and tried to disguise it by stuffing it in with some 
related programs. This adds credibility to my theory that our cracker 
has so far confined her skills to net searches for premade exploits.
<P>
The second daemon that was contaminated was rshd. About 10 times 
as big as the standard copy, it can't be up to anything but trouble. 
What does rsh mean here? RemoteSHell or RootShell? Your guess is 
as good as mine.
<P>
So far what we've found are compromised versions of ls, ps, rshd, 
in.sockd, and the party's just beginning. I suggest that once you're 
finished reading this, you do a web search for rootkit and see how 
many you can scrounge up and defeat. You have to know what to look 
for in order to be able to remove it.
<P>
While the log files had been all but wiped clean, the console still had 
some errors printed on it, quite a few after 0235h. One of these was a 
refusal to serve root access to / via nfs at 0246h. That coincided 
perfectly with the last access time to the NFS manpage. So our 
scriptkiddie found something neat, and she tried to mount this 
computer via NFS, but she didn't set it up properly. All crackers, I'd 
say, make mistakes. If they did everything perfectly we'd never notice 
them and there would be no problems. But it's the problems that arise 
from their flaws that cause us any amount of grief. So read your 
manuals. The more thorougly you know your system, the more likely 
you are to notice abnormalities.
<P>
One of the useful things (for stopping a cracker) about NFS is that if 
the server goes down, all the NFS clients with directories still 
mounted will hang. You'll have to 120-cycle the machine to get it 
back. Hmmm. This presents an interesting tool opportunity: write a 
script to detect an NFS hack, and if a remote machine gets in, ifconfig 
that interface off. Granted, that presents a possible denial-of-service if 
authorized users get cut off. But it's useful if you don't want your 
workstation getting compromised.
<P>
At this point I gave up. I learned what I'd set out to do - how to find 
the crap left behind by a cracker. Since the owner of this system had 
all her files on (removed) removable media there was no danger of 
them being in any way compromised. The ~janedoe directory was 
mounted off a Jaz disk which she took home at night, so I just dropped 
the CD into her drive and reinstalled. This is why you always keep 
user files on a separate partition, why you always keep backups and 
why it's a good plan to write down where to get the sources for things 
you downloaded, if you can't keep the original archives.
<P>
Now that we've accumulated enough evidence and we're merely 
spirited sluggers pulverizing an equine cadaver, it's time to consider 
the appropriate response. Similar to Meinel's you-can-get-punched 
and you-can-go-to-jail warnings in The Happy Hacker, I would 
suggest that a vicious retaliatory hack is not appropriate. In Canada, 
the RCMP does actually have their collective head out of the sand. I 
am not a lawyer, so don't do anything based on these words except 
find a lawyer of your own. With that out of the way, suffice it to say 
that we're big on property protection here. Aside from finding a 
lawyer of your own, my advice here is for you to call the national 
police, whoever they are. People like the RCMP, FBI, BKA, MI-5 and 
KGB probably don't mind a friendly phone call, especially if you're 
calling to see how you can become a better law-abiding citizen. 
Chances are, you'll get some really good tips, or at least some handy 
references. And of course you'll know someone who'll help you 
prosecute.
<P>
My communication with RCMP's Commercial Crimes unit (that 
includes theft of computing and/or network services) can be 
summarized as follows: E-mail has no expectation of privacy. You 
wish email was a secret, but wake up and realize that it's riskier than a 
postcard. As systems administrator, you can do anything you want 
with your computer - since it's your responsibility either because you 
own it or because you are its appointed custodian - so long as you 
warn the users first. So I can monitor each and every byte all of my 
users send or receive, since they've been warned verbally, 
electronically and in writing, of my intent to do so. My browse of the 
FBI's website shows similar things. But that was only browsing. 
Don't run afoul of provincial or state laws regulating the interception 
of electronic communication either.
<P>
NOTE:
	While I have attempted to make this reconstruction of events
 	as accurate as possible, there's always a chance I might have
 	misread a log entry, or have misinterpreted something. Further,
 	this article is solely my opinion, and should not be read as
 	the official position of my employer.
<P>
Appendix A: Programs you want in a crack-detection kit  
<ul>
<li>find, ps, ls, cp, rm, mv
<li>gdb, nm, strings, file, strip
<li>(GNU)tar, gzip, grep
<li>less / more
<li>vi / pico
<li>tcsh / bash / csh / sh
<LI>mount
</ul>
	For security reasons these should all be statically linked.
<P>
<B>Appendix B: References</B> 
WinFrame:<BR> 
http://www.citrix.com/
<P>
RedHat 5.1:<BR> 
http://www.redhat.com/<BR> 
http://www.rootshell.com/
http://www.netspace.org/lsv-archive/bugtraq.html
<P>
About the filesystem:<BR> 
McKusik, M.K., Joy, W.N., Leffler, S.J., Fabry, R.S.,
"A Fast File System for UNIX" Unix System Manager's Manual,
Computer Systems Reseach Group, Berkeley. SMM-14 April 1986
<P>
LEA and Computer Crime:<BR> 
http://www.rcmp-grc.gc.ca/html/cpu-cri.htm <BR> 
http://www.fbi.gov/programs/compcrim.htm<BR> 

<!--===================================================================-->
<P> <hr> <P> 
<center><H5>Copyright &copy; 1999, Chris Kuethe <BR> 
Published in Issue 36 of <i>Linux Gazette</i>, January 1999</H5></center>

<!--===================================================================-->
<P> <hr> <P> 
<A HREF="./lg_toc36.html"><IMG ALIGN=BOTTOM SRC="../gx/indexnew.gif" 
ALT="[ TABLE OF CONTENTS ]"></A>
<A HREF="../lg_frontpage.html"><IMG ALIGN=BOTTOM SRC="../gx/homenew.gif"
ALT="[ FRONT PAGE ]"></A>
<A HREF="./bennetjan.html"><IMG SRC="../gx/back2.gif"
ALT=" Back "></A>
<A HREF="./lussier.html"><IMG SRC="../gx/fwd.gif" ALT=" Next "></A>
<P> <hr> <P> 

<H4>
"Linux Gazette...<I>making Linux just a little more fun!</I>"
</H4>

<P> <HR> <P> 
<!--===================================================================-->

<center>
<H1><font color="maroon">USENIX LISA Vendor Exhibit Trip Report</font></H1>
<H4>By <a href="mailto:plussier@BayNetworks.COM">Paul L. Lussier</a></H4>
</center>
<P> <HR> <P>  

Thu, 10 Dec 1998 <BR> 
I went into Boston yesterday, 09 December, for the Vendor Exhibit at the LISA 
conference. My most immediate and overwhelming feeling was one of major
disappointment in myself for not having pushed on my management to send me to
this conference :(  It looks like it's a really great conference.  Alas, I'm 
trying to be positive and look at it from the point of view of "Why waste a
trip to your own backyard that might be better spent traveling elsewhere :)"
<P>
Anyway,  the vendor exhibit was fantastic, though my guess is it's only really
good for those of us who do hard-core sysadmin'ing for a living.  The average
Linux enthusiast might have been bored, since it really is nothing more than
a lot of vendors hawking their wares (Though *everyone* would have enjoyed all
the free stuff :)
<P>
Ironically, the one major vendor who was conspicuously absent was Sun. All the
other vendors were there, Network Appliance, Auspex, Compaq (never did see
maddog though), IBM, SGI (at least I saw a booth with an INDY in it).
<P>
There were a lot of what I call "Want-Ad" booths to.  Collective Technologies
(formerly Pencom System Administration), Sprint Paranet, Fidelity, and
several other companies there for sole reason of trying to recruit people.
<P>
The Open Source contingent was there in full force with booths for RedHat
OpenBSD, The Free Software Foundation, etc.  There were several booths
from various software companies, most of whom I've heard of, and even several
I haven't.
<P>
I spent a lot of time talking to various companies for things directly related
to my needs here at work, and got in some personal geek talk re: Linux
as well.
<P>
I stopped by the RedHat booth, and was kind of disappointed.  They just didn't
seem excited to be there.  Maybe it was because I keep to much up-to-date
on them and they had *absolutely nothing* new to tell me that I didn't
already know.  I got the distinct impression they were tired of being there.
It very well could have been that they wanted to be talking to those who
aren't yet converted to Linux yet, but instead kept getting inundated with
the RH fan club :)  I don't think they've adjusted to be on top of the
world yet.  I heard someone come by and say, "Hey, we're planning on another
10 RH Linux servers in then month of so!"  The RH response, was an 
un-enthusiastic "Oh, that's cool."  As if they had heard the same thing
all day long, and really didn't want to hear it anymore.  I don't think
they knew how to deal with their success.  It could also have been that this
particular guy was one of the RH developers, not a PR/Marketing person.
<P>
I spoke with a guy at the OpenBSD booth, I think it was Theo de Radt himself.
I mentioned I tried to get the latest release from amazon.com last week, which,
according to the OpenBSD site, is selling it. Yet amazon doesn't have any
mention of 2.4, only 2.3.  He basically got really upset at that, mentioning
that *they* sent him an e-mail the same day of the 2.4 release announcement
stating they had already gotten 170 requests for it.  His only response
was "Well then fix your web page.  You just lost $1700US.  They all bought
it off the OpenBSD site!"  So, needless to say, I'll be getting 2.4 directly
from them :)
<P>
There were 3 sw booths I stopped at that really got me intrigued.  First there
was Aurora Software from Pelham, NH (I think).  Their product is called
SARCheck.  It's for Solaris, and it's a front end reporting mechanism for 
ps and SAR.  Supposedly it assists in performance monitoring and tuning by
taking the output of ps and sar, translating it into English, and then making
recommendations on what to change, why, and how.  I think the sw is $150 per
system, not per CPU (this means that I can use it on my 14 processor Sun E4500,
and only pay $150).  This sounds really good, and I'm hoping to be able
play with it real soon.
<P>
The next company was Shpink Software (yes, really!:) .  Their product is the 
Network Shell (nsh).  This looks *really, really, really cool*.  In short,
it's a client/server system where you can 'cd' to a UNC path on another
machine.  This differs greatly from NFS in that nsh has the ability to
*execute commands* on the remote system.  For example, say I have 3 systems,
a Linux box, an NT box, and a Solaris box.  From my Linux system I can:
<pre>
	linux> tar cvf //solaris/foo.tar //nt/users
</pre>
or:
<pre>
	linux> cd //solaris/etc
	linux> vi passwd
</pre>
Basically, nsh removes the need for rlogin/telnet sessions to a system and
provides for heavily encrypted sessions, user/machine ACLs, and many other
niceties.  The price is incredibly reasonable at $150 per seat.  The advised
way of using nsh is to set up a limited number of machines as "administration"
hosts, and run the server daemon where ever else you need to.  Nsh comes 
with Perl modules to allow access from perl programs, and works on all major
versions of Unix/Linux, with the nsh daemon available for W95/NT.
<P>
Now, for the last, but one of the neatest!  Spiderplant.  This is an
environmental monitoring gizmo that can connect to the serial port of any
system.  In short, you can designate any system as an environment
monitoring station and connect this little black box to your serial port.
It costs $100 for "The little black box" and 1 probe, $15 extra for each
additional probe.  The software is Open Source so you can hack it to
your heart's content :)  Here are the vital stats:
<pre>
	      Temperature Range: 
	            -55/+125 C in 0.1 C. 
	      Accuracy: 
	            0.5 C. 
	      Sensors: 
	            15 (or more) per device, 16 devices per serial line. 
	      Data Connection: 
	            RS-232, 1200 baud, 8,N,1. 
	            DB9 or DB25 connector to computer. 
	      Size: 
	            Main unit measures 3.5" x 2.25" x 1". 
	            Comes with 14-foot serial cable, 10-foot probe cable. 
	      Certification: 
	            Complies with FCC rules part 15
		    (Class B, for home or office use, US and Canada).
</pre>
Here are the URLs for the products mentioned:
<pre>
	http://www.openbsd.org/
	http://www.sarcheck.com/
	http://www.shpink.com/
	http://www.spiderplant.com/
	http://www.shpink.com/
</pre>
Hopefully someone will provide a trip report of the rest of the LISA conference
for those of us unfortunate enough to have missed it.
<P>
-- <BR> 
Paul

<!--===================================================================-->
<P> <hr> <P> 
<center><H5>Copyright &copy; 1999, Paul Lussier <BR> 
Published in Issue 36 of <i>Linux Gazette</i>, January 1999</H5></center>

<!--===================================================================-->
<P> <hr> <P> 
<A HREF="./lg_toc36.html"><IMG ALIGN=BOTTOM SRC="../gx/indexnew.gif" 
ALT="[ TABLE OF CONTENTS ]"></A>
<A HREF="../lg_frontpage.html"><IMG ALIGN=BOTTOM SRC="../gx/homenew.gif"
ALT="[ FRONT PAGE ]"></A>
<A HREF="./kuethe.html"><IMG SRC="../gx/back2.gif"
ALT=" Back "></A>
<A HREF="./cooper.html"><IMG SRC="../gx/fwd.gif" ALT=" Next "></A>
<P> <hr> <P> 

<H4>
"Linux Gazette...<I>making Linux just a little more fun!</I>"
</H4>

<P> <HR> <P> 
<!--===================================================================-->

<center>
<H1><font color="maroon">X Windows versus Windows 95/98/NT: No contest</font></H1>
<H4>By <a href="mailto:pgc@maths.warwick.ac.uk">Paul Gregory Cooper</a></H4>
</center>
<P> <HR> <P>  

In the December Issue of the Linux Journal Sergio Martinez wrote in
asking for a (quick) article about the differences between X and
Windows 95/98/NT (w95) -- see below. This is my attempt to answer his
questions - I remember asking similar things when I started using UNIX
4 years ago.  [More answers can be found in the <A
HREF="./lg_tips36.html#sergio">2 Cent Tips</A> Column.
--Editor] I've tried to aim this article at the 'Linux newbie' and
as I am not an X hacker, and never been a w95 hacker, there may well
be inaccuracies, but I have tried to capture the ideas and spirit of X
(and w95, such as it has any). I would be pleased to hear from Xperts
and newbies alike.

<p>
Sergio has asked questions relating to GNOME and KDE and for the most
part I treat them as equivalent (in the same way I'm treating all
window managers as equivalent). I should state now that I prefer using
GNOME over KDE, irrespective of the ongoing KDE / Open Source debate,
hence I have more experience in GNOME than in KDE. This too may lead
to inaccuracies.

<p>
Mail criticisms to <a
href="mailto:pgc@maths.warwick.ac.uk">pgc@maths.warwick.ac.uk</a>.


<hr>

<P>
This is Sergios mail;

<p>

I'm just writing in with an idea for a quick article. I've been using
the GNOME desktop. I'm a relative Linux newbie though, and I think
that many of your less experienced readers could probably benefit from
a short article about window managers. These are some things I
currently don't quite understand:

<p>
   1.Terminology: The differences (if any) among a GUI, a window
manager, a desktop, and an interface. How do they differ from X
windows?

<p>
   2.Do all window managers (like GNOME or KDE or FVWM95) run on top
of X windows?

<p>
   3.What exactly does it mean for an application to be GNOME or KDE
aware? What happens if it's not? Can you still run it?

<p>
   4.What exactly do the GTK+ (for GNOME) or Troll (for KDE) libraries
do?

<p>
   5.How does the history of Linux (or UNIX) window managers compare
to that of say, the desktop given to Win98/95 users? How,
specifically, does Microsoft limit consumer's choices by giving them
just one kind of desktop, supposedly one designed for ease of use?

<p>
   6.What's happening with Common Desktop Environment? Is it correct
that it's not widely adopted among Linux users because it's a resource
hog, or not open source?

<p>
These are some questions that might make an enlightening, short
article. Thank you for your consideration.

<p>
--
Sergio E. Martinez 

<hr>

<p>
Before I try to answer each point I'll try to give a quick intro into
X-windows.

<p> Think of X as just another program. When you type startx what
happens is that X starts (shock!), in the background, and runs the
.xinitrc file. The .xinitrc tells X what programs to start once X
itself has started - more on this later. (Some systems use the
.Xclients file instead of .xinitrc - I'll just use .xinintrc).

<p>
So X is just another program but what does it do? Roughly speaking X
takes control of the screen from the command line and provides the
system with the ability to create windows and communicate with them.
Basically that's ALL it does - decorating, moving, resizing, focus,
etc, (i.e. managing the windows X provides) is left to the window
manager.

<p> What's clever about X is uses a client/server model and is network
transparent. This is a bunch of jargon - what does it mean? 

<p> When you type startx you are starting the X-server, when you run
an 'X-application', e.g. netscape, this is a client to which the
X-server gives a window. Similarly xterm is an X-app which puts the
command line in a window.

<p>
Network transparency doesn't mean much if you're not networked so
let's suppose the computer you started X on is called fourier and is
networked. Now a program on any computer on the network can ask the
X-server on fourier to start a window for it (on fourier), for
instance from fourier you could telnet to cauchy (another computer on
your network) and run netscape and have the netscape window appear on
your screen (connected to fourier).

<p> In fact it works the other way round too - an X-server can have
many screens (or, as it calls them, displays) connected to it at once
- all different - and those screens can be at the other end of a
network. This goes back to (one of) the original design purpose(s) of
X which was for X-terminals, i.e. things that looked like a computer
but were no more than a screen, some memory, a bios, and a network
card connected to one (or many) UNIX mainframe(s). See <a href="
http://www.menet.umn.edu/~kaszeta/unix/xterminal/index.html">this
page</a> for details of how to turn old 386/486's into xterminals.


<p> 
<b>
   1.Terminology: The differences (if any) among a GUI, a window
manager, a desktop, and an interface. How do they differ from X
windows?
</b>

<p> Ok, so we have more jargon - I hope I get this right ;-). An
interface is the way in which a piece of software interacts with the
user. Unix commands use a command line interface (CLI) whereas
X-applications use a graphical user interface (GUI). However
different applications tend to use different approaches to the GUI, for
instance when you select a menu does one click bring the menu up
(e.g. netscape) or do you have to hold the mouse button down
(e.g. ghostview). What GNOME, KDE, and w95 try to provide a consistent
GUI amongst all applications, or at least amongst the common parts of
applications, e.g. menus, file selection, window controls, scrollbars,
etc. See the <a href="http://www.iarchitect.com/">GUI hall of
fame/shame</a> for examples of good/bad GUI design (in windows
environment).

<p>
As was mentioned above a window manager takes over where X leaves
of - that is, controlling the windows X gives it. Window managers
usually give you alot more that the just the ability to move, resize,
or iconify windows. Many also provide virtual desktops, taskbars,
themes, app managers, etc. See <a
href="http://www.PLiG.org/xwinman/">Window managers for X</a> for a
list of most, if not all, wm's.

<p> Desktop has (as far as I can tell) two usages. We use 'the
desktop' to refer to the background part of the screen. GNOME, KDE,
W95, and MacOS all 'provide a desktop' meaning the background is more
that just a canvas for a nice picture - it acts like any directory in
the system.  Technically all this means is that you can place files
onto it. However these may be data (like a letter to gran) or
programs, (e.g. netscape, emacs, etc). Usually this 'background as
directory' philosophy is coupled with a graphical file manager, so
that when you (double) click on a file either it runs (if it's a
program) or a suitable program is started to read the data in the
file. In this context 'desktop' can also include a GUI, so that when
people say that all Linux/UNIX is missing is a 'desktop' what they
mean is a consistent design of common parts of programs, a graphical
file manager, and the ability to leave files littered on the desktop
;-)

<p>
<b>
   2.Do all window managers (like GNOME or KDE or FVWM95) run on top
of X windows?
</b>

<p> I like to think of the window manager, fvwm95, window maker, etc,
and the desktop, GNOME or KDE, as running in conjunction with X - but
this is just semantics. The window manager and/or desktop is started
(in the .xinitrc file) after X has started.

<p> The traditional (i.e. pre KDE/GNOME) setup of .xinitrc (after some
environment settings) is to have some xterms and a window manager, so
the last lines of the .xinitrc might look like;

<pre>
xterm &
xterm &
fvwm95
</pre>

The window manager is the last thing started by .xinitrc and when the
wm exits, .xinitrc finishes and then X terminates.

<p>
If you were using GNOME the last few lines of the .xinitrc would now
be;

<pre>
fvwm95 &
gnome-session
</pre>

And for KDE it would be;

<pre>
startkde
</pre>

As before GNOME (KDE) are the last things started by .xinitrc and so
when you logout of GNOME (KDE) the <tt> gnome-session </tt>
(<tt>startkde</tt>) termintes, .xinitrc finishes, and then X
terminates.

<p>
In both these examples the xterms are left out as GNOME and KDE
provide sessions management, which means any application left running
when the session ends get started when you startup the next
time. Windows has some session management too.

<p>
See the next answer as to why the window manager is started for GNOME
but not for KDE.

<p>
<b>
   3.What exactly does it mean for an application to be GNOME or KDE
aware? What happens if it's not? Can you still run it?
</b>

<p> 
AFAIK an application is a GNOME (KDE) application of it conforms to the
GNOME (KDE) GUI guidelines/specifications and uses the Gtk+ (qt)
libraries. All this means is that GNOME apps use Gtk+ to build menu's,
buttons, scroll bars, file selectors, etc and they do so in a
consistent way (as defined by the GNOME team), e.g. all menus are left
justified, all apps have a FILE menu as the left-most menu, etc. Same
for KDE except they use the qt library by Troll Tech (and possibly a
different set of design guidelines).

<p>
Any GNOME app will run provided you have Gtk+ (and the other GNOME
libraries) installed and similarly any KDE app will run so long as you
have qt (and other KDE libraries) installed - you do not have to be
running GNOME/KDE to use a GNOME/KDE application. The only other
additional thing GNOME/KDE apps may have is drag and drop awareness,
e.g. in GNOME you can drag a JPG from a GMC (file manger) window into
an ElectricEyes (graphics viewer) window and ElecticEyes will display
this file. You can do similar things in KDE.

<p>
GNOME and KDE have different attitudes to window managers. KDE prefers
to work with its own window manager Kvm, and GNOME is 'window manager
agnostic' - well those are the 'party lines'. You can get other wm's
to work with KDE (so I'm told) and GNOME should work with any wm but
prefers to work with a window manager that is ICCCM compliant and
'GNOME aware'. I'm not sure what this means but I know the only
totally compliant wm is Enlightenment DR0.15 (which is only available
through CVS at the moment) followed by icewm, and with blackbox and
windowmaker a little way behind. I think that the KDE team are working
towards making KDE less dependent on Kvm and defining what a KDE wm
should be.

<p>
<b>
   4.What exactly do the GTK+ (for GNOME) or Troll (for KDE) libraries
do?
</b>

<p>
Whoops - I think I answered this above. Gtk+ and qt are toolkits for
building menu's, buttons, scrollbars, dialog boxes, and loads more. 

<p>
<b>
   5.How does the history of Linux (or UNIX) window managers compare
to that of say, the desktop given to Win98/95 users? How,
specifically, does Microsoft limit consumer's choices by giving them
just one kind of desktop, supposedly one designed for ease of use?
</b>

<p>
I'm not sure I understand this question let alone know how to answer
it, so instead I'll answer what I think you might be asking which is;
What's the difference between UNIX + X and W95/98/NT.

<p> The first thing to point out is the component nature of the UNIX
approach to a GUI/Desktop. First we have the OS itself, in our case
Linux, on top of that we have the window system, X, and in conjunction
with that we have the window manager, fvwm (for example), and in
conjunction with these two we have the desktop/gui, either GNOME or
KDE. This follows the general philosophy of UNIX which is to build
small tools that interact which each other in well defined ways. It
may seem shambolic but it is a strength. It means that one or other of
the pieces can be interchanged, which gives the user lots of choice
(perhaps too much), and also allows for technological
improvements. For instance X is just one windowing system and may not
last forever (gasp!) There are others, e.g. the hungry programmers
<a href="http://www.hungry.com/products/Ywindows/">Y</a>.

<p> This also gives the user the choice of which window manager or
desktop to use, or in fact whether to use windows and desktops at all
- it may seem strange but some people prefer the command line, and
others use X and a window manager but don't like GNOME or KDE. 

<p>
Windows95/98/NT on the other hand is a different kettle of
fish. Here the OS, GUI, WM, and desktop aren't clearly separated (as
in UNIX) but are all rolled into one. Thus you have whatever choice
Microsoft happen to give you, i.e. windows themes.

<p> 
For Microsoft this is an advantage - it stops people butting in and
rewriting parts of their OS which could potentially lose them
money. For instance they realized that with the old windows 2/3.1 you
could simply replace MS DOS with another compatible DOS such as DR DOS
from Caldera. In an ongoing court case Caldera allege that MS added
code to windows to make it seem like there was a bug in DR DOS. With
9*/NT being all rolled in one there is no need to resort to such
tactics.

<p> IMO the W95 desktop is inferior because the user is limited to one
design whereas on a linux system there is a wm + desktop to suit just
about everybody (including those that don't want either a wm or a
desktop).

<p>
<b>
   6.What's happening with Common Desktop Environment? Is it correct
that it's not widely adopted among Linux users because it's a resource
hog, or not open source?
</b>

<p>
It's not widely adopted because it is commercial, not open source, a
resourse hog, has security problems (RedHat stopped selling it for
this reason), and is IMHO outdated.

<!--===================================================================-->
<P> <hr> <P> 
<center><H5>Copyright &copy; 1999, Paul Gregory Cooper <BR> 
Published in Issue 36 of <i>Linux Gazette</i>, January 1999</H5></center>

<!--===================================================================-->
<P> <hr> <P> 
<A HREF="./lg_toc36.html"><IMG ALIGN=BOTTOM SRC="../gx/indexnew.gif" 
ALT="[ TABLE OF CONTENTS ]"></A>
<A HREF="../lg_frontpage.html"><IMG ALIGN=BOTTOM SRC="../gx/homenew.gif"
ALT="[ FRONT PAGE ]"></A>
<A HREF="./lussier.html"><IMG SRC="../gx/back2.gif"
ALT=" Back "></A>
<A HREF="./richardson.html"><IMG SRC="../gx/fwd.gif" ALT=" Next "></A>
<P> <hr> <P> 
<center>
<H1><IMG SRC="../gx/backpage.gif" alt="Linux Gazette Back Page"></H1>

<H5>Copyright &copy; 1999 Specialized Systems Consultants, Inc.<br>
For information regarding copying and distribution of this material see the
<A HREF="../ssc.copying.html">Copying License</A>.</H5>
</center>

<P> <hr> <P> 

<H3>Contents:</H3>
<ul>
<li><a HREF="./lg_backpage36.html#authors">About This Month's Authors</a>
<li><a HREF="./lg_backpage36.html#notlinux">Not Linux</a>
</ul>

<a name="authors"></a>
<P> <HR> <P> 
<!--======================================================================-->

<center><H3><font color="maroon">About This Month's Authors</font></H3></center>

<P> <HR> <P> 
<!--======================================================================-->

<P> 
<H4><IMG ALIGN=BOTTOM ALT="" SRC="../gx/note.gif">Hassan Ali</H4>
Hassan is a Ph.D. degree holder in numerical techniques
applied to electromagnetics from the University of Ottawa,
Canada. He is presently working with NORTEL NETWORKS in
Ottawa, Canada, as a specialist in software tools used to
predict signal integrity, and electromagnetic compatibility
(EMC) on printed circuit boards. Having been introduced to
Linux by a friend about 2 years ago, he has never stopped
having fun with it. Hassan loves to write about whatever
little he knows about for others to learn or to correct
him.

<P> 
<H4><IMG ALIGN=BOTTOM ALT="" SRC="../gx/note.gif">Larry Ayers</H4>
Larry lives on a small farm
in northern Missouri, where he is currently engaged in building a
timber-frame house for his family. He operates a portable band-saw mill,
does general woodworking, plays the fiddle and searches for rare
prairie plants, as well as growing shiitake mushrooms. He is also
struggling with configuring a Usenet news server for his local ISP.

<P> 
<H4><IMG ALIGN=BOTTOM ALT="" SRC="../gx/note.gif">Bill Bennet</H4>
Bill,
the ComputerHelperGuy, lives in Selkirk, Manitoba, Canada; the "Catfish
Capitol of North America" if not the world. He is on the Internet at
www.chguy.net. He tells us "I have been a PC user since 1983 when I got my start as a
Radio Shack manager. After five years in the trenches, I went into
business for myself. Now happily divorced from reality, I live next to my
Linux box and sell and support GPL distributions of all major Linux
flavours. I was a beta tester for the PC version of Playmaker Football and
I play `pentium-required' games on the i486. I want to help Linux become a
great success in the gaming world, since that will be how Linux will take
over the desktop from DOS." It is hard to believe that his five years of
university was only good for fostering creative writing skills.

<P> 
<H4><IMG ALIGN=BOTTOM ALT="" SRC="../gx/note.gif">John Blair</H4>
John currently works as a software engineer at Cobalt
Microserver. When he's not hacking Cobalt's cute blue Qube,
he's hanging out with his wife Rachel and newborn son Ethan. John is
also the author of <I>Samba: Integrating UNIX and Windows</I>, published by
SSC.

<P> 
<H4><IMG ALIGN=BOTTOM ALT="" SRC="../gx/note.gif">Bryan Patrick Coleman</H4>
Bryan
attends the University of North Carolina at Greensboro where he is
persuing a B.S. in both Computer Science and Anthropology. He has been
involved with Linux since 1994 kernel?, and helped found the Triad Linux
Users Group located in central North Carolina. His future plans are for a
PhD in computer science and a career where he can use Linux. 

<P> 
<H4><IMG ALIGN=BOTTOM ALT="" SRC="../gx/note.gif">Paul Cooper</H4>
Paul is a Ph.D. student at the Mathematics Institute Warwick
university. To help finance his studies he also works in the dept.
computer support team, mostly writing documentation. His main interest
outside of Maths and Linux, is American Football, in particular playing
for the university team, the Warwick Wolves.

<P> 
<H4><IMG ALIGN=BOTTOM ALT="" SRC="../gx/note.gif">Jurgen Defurne</H4>
Jurgen is an Analyst/programmer in financial company (Y2K and 
Euro).
He became interested in microprocessors 18 years ago, when my eyes saw 
the TRS-80 in the 
Tandy (Radio Shack) catalog.
I read all I could find about microprocessors, which was 
then mostly confined to 8080/8088/Z80. The only thing he could do back 
then was write 
programs in assembler without even having a computer.
When he was 18, he gathered enough money to buy his first computer, 
the Sinclair ZX 
Spectrum. He studied electronics and learned programming mostly
on his own. He worked with 
several languages (C, C++, xBase/Clipper, Cobol, FORTH) and several 
different systems in 
different areas: programming of test equipment, single- and 
multi-user databases in 
quality control and customer support, and PLCs in an aluminium 
foundry/milling factory.

<P> 
<H4><IMG ALIGN=BOTTOM ALT="" SRC="../gx/note.gif">Jim Dennis</H4>
Jim is the proprietor of <A href="http://www.starshine.org">
Starshine Technical Services</A>.
His professional experience includes work in the technical 
support, quality assurance, and information services (MIS)
departments of software companies like 
<A href="http://www.quarterdeck.com"> Quarterdeck</A>, 
<A href="http://www.symantec.com"> Symantec/
Peter Norton Group</A>, and 
<A href="http://www.mcafee.com"> McAfee Associates</A> -- as well as 
positions (field service rep) with smaller VAR's.
He's been using Linux since version 0.99p10 and is an active
participant on an ever-changing list of mailing lists and 
newsgroups.  He's just started collaborating on the 2nd Edition
for a book on Unix systems administration.
Jim is an avid science fiction fan -- and was
married at the World Science Fiction Convention in Anaheim.

<P> 
<H4><IMG ALIGN=BOTTOM ALT="" SRC="../gx/note.gif">Vivek Haldar</H4>
Vivek is a third year BTech student at the Indian Institute of Technology, and
has been using Linux for the past two years, both at home and college.

<P> 
<H4><IMG ALIGN=BOTTOM ALT="" SRC="../gx/note.gif">Ron Jenkins</H4>
Ron has over 20 years experience in RF design, satellite systems, and UNIX/NT administration. He currently resides in Central Missouri where he will be spending the next 6 to 8 months recovering from knee surgery and looking for some telecommuting work. Ron is married and has two stepchildren.

<p>
<H4><IMG ALIGN=BOTTOM ALT="" SRC="../gx/note.gif">Chris Kuethe</H4>
Chris is a system administrator at the University of Alberta's
Mathematics Department. A little on the paranoid side, his main
interests are in security and cryptography. Still a student,
his plans include graduate work in Computing Science and moving
to warmer lands.

<P> 
<H4><IMG ALIGN=BOTTOM ALT="" SRC="../gx/note.gif">Gustavo Larriera</H4>
Gustavo teachs database courses at Universitario
Autonomo del Sur (Montevideo, Uruguay). He is also the webmaster of the only
official mirror site of <I>Linux Gazette</I> in his country
[http://www.silab.ei.edu.uy/lg/]. He is a Linux average user and also a
Microsoft Certified Professional in NT. He hopes that is not considered a
great disadvantage :-)

<P> 
<H4><IMG ALIGN=BOTTOM ALT="" SRC="../gx/note.gif">Joe Merlino</H4>
Joe Merlino is a library assistant at Georgia Tech. He lives with his wife
in Athens, Georgia. Consequently, he spends a lot of time in the car,
where he thinks up projects to try on his linux box.

<a name="notlinux"></a>
<P> <hr> <P> 
<!--====================================================================-->

<center><H3><font color="maroon">Not Linux</font></H3></center>

<P> <HR> <P> 
<!--======================================================================-->
<P>
Thanks to all our authors, not just the ones above, but also those who wrote
giving us their tips and tricks and making suggestions. Thanks also to our
new mirror sites.
<P> 
With the Holidays, I took a week vacation to go back to Houston and visit
family and friends. I had a wonderful time. My grandchildren are smarter
and more beautiful each time I see them. I have a new <A
HREF="http://www.ssc.com/ssc/Employees/Margie/photos/sarahrebecca.jpg">picture</A>
of Sarah and Rebecca on my home page.
<P> 
My best friend, Benegene, had arranged for a get together with three
friends from our university (Baylor) days. We had a lot of fun catching up
and talking about old times. It was amazing how different the memories were
that stood out in each of our minds. Only goes to prove that what one
person finds remarkable may be quite "ho hum" to the next. Ah well, it was
a good evening and one I hope will be repeated.
<P> 
Have fun!

<P> <hr> <P> 
<A HREF="http://www.ssc.com/ssc/Employees/Margie/margie.html">
Marjorie L. Richardson</A> <br>
Editor, <A HREF="http://www.linuxgazette.com/"><i>Linux Gazette</i></A>, <A
HREF="mailto:gazette@ssc.com">gazette@ssc.com</a>

<P> <HR> <P>
<!--====================================================================-->
<A HREF="./lg_toc36.html"><IMG SRC="../gx/indexnew.gif" ALT="[ TABLE OF 
CONTENTS ]"></A>
<A HREF="../lg_frontpage.html"><IMG SRC="../gx/homenew.gif" ALT="[ FRONT 
PAGE ]"></A> 
<A HREF="./richardson.html"><IMG SRC="../gx/back2.gif" ALT=" Back "></A>
<p><hr><p>
<I>Linux Gazette</I> Issue 36, January 1999,
<A HREF="http://www.linuxgazette.com/">http://www.linuxgazette.com</A><BR> 
This page written and maintained by the Editor of <I>Linux Gazette</I>,
<A HREF="mailto:gazette@ssc.com"> gazette@ssc.com</A>
<P> 
</BODY>
</HTML>