File: lg_answer61.html

package info (click to toggle)
lg-issue61 2-1
links: PTS
area: main
in suites: sarge
size: 2,252 kB
ctags: 212
sloc: makefile: 34; sh: 34
file content (5244 lines) | stat: -rw-r--r-- 213,821 bytes
<!--startcut ======================================================= -->
<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 3.2//EN">
<html>
<head>
<META NAME="generator" CONTENT="lgazmail v1.3E.k">
<TITLE>Linux Gazette 61: The Answer Gang (TWDT)</TITLE></HEAD><BODY BGCOLOR="#FFFFFF" TEXT="#000000"
	LINK="#3366FF" VLINK="#A000A0">
<!-- ::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::: -->
<P>
<CENTER>
<!-- *** BEGIN navbar *** -->
<IMG ALT="" SRC="../gx/navbar/left.jpg" WIDTH="14" HEIGHT="45" BORDER="0" ALIGN="bottom"><A HREF="lg_bytes61.html"><IMG ALT="[ Prev ]" SRC="../gx/navbar/prev.jpg" WIDTH="16" HEIGHT="45" BORDER="0" ALIGN="bottom"></A><A HREF="index.html"><IMG ALT="[ Table of Contents ]" SRC="../gx/navbar/toc.jpg" WIDTH="220" HEIGHT="45" BORDER="0" ALIGN="bottom" ></A><A HREF="../index.html"><IMG ALT="[ Front Page ]" SRC="../gx/navbar/frontpage.jpg" WIDTH="137" HEIGHT="45" BORDER="0" ALIGN="bottom"></A><A HREF="../faq/index.html"><IMG ALT="[ FAQ ]" SRC="./../gx/navbar/faq.jpg"WIDTH="62" HEIGHT="45" BORDER="0" ALIGN="bottom"></A><A HREF="lg_tips61.html"><IMG ALT="[ Next ]" SRC="../gx/navbar/next.jpg" WIDTH="15" HEIGHT="45" BORDER="0" ALIGN="bottom"  ></A><IMG ALT="" SRC="../gx/navbar/right.jpg" WIDTH="15" HEIGHT="45" ALIGN="bottom">
<!-- *** END navbar *** -->
</CENTER>
</p>
<P> <hr> <P>
<!-- ::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::: -->
<center>
<H1><A NAME="answer">
	<img src="../gx/dennis/qbubble.gif" alt="(?)" 
		border="0" align="middle">
	<font color="#B03060">The Answer Gang</font>
	<img src="../gx/dennis/bbubble.gif" alt="(!)" 
		border="0" align="middle">
</A></H1> 
<BR>
<H4>By Jim Dennis, Ben Okopnik, Dan Wilder, Chris Giamakopolous, the Editors of Linux Gazette... 
	and You!
<br>Send questions (or interesting answers) to
	<a href="mailto:linux-questions-only@ssc.com">linux-questions-only@ssc.com</a>
</H4>
</center>

<p><hr><p>
<!--  endcut ======================================================= -->
<H3>Contents:</H3>
<dl>
<dt><a href="#tag/greeting"
	><strong>&para;: Greetings From Heather Stern</strong></A></dl>

<DL>
<!-- index_text begins -->
<dt><A HREF="#tag/1"
	><img src="../gx/dennis/bbub.gif" height="28" width="50"
	  alt="(!)" border="0"
	><strong>Baffled</strong></a>
<dt><A HREF="#tag/3"
	><img src="../gx/dennis/qbub.gif" height="28" width="50"
	  alt="(?)" border="0"
	><strong>A rather unique query (I hope)</strong></a>
<dt><A HREF="#tag/4"
	><img src="../gx/dennis/qbub.gif" height="28" width="50"
	  alt="(?)" border="0"
	></a>info needed --or--
<dd><A HREF="#tag/4"
	><strong>What is Linux?</strong></a>
<br>the screensavers look great!
<dt><A HREF="#tag/5"
	><img src="../gx/dennis/qbub.gif" height="28" width="50"
	  alt="(?)" border="0"
	><strong>Linux Installation question</strong></a>
<dt><A HREF="#tag/6"
	><img src="../gx/dennis/qbub.gif" height="28" width="50"
	  alt="(?)" border="0"
	></a>Abt.. Michael Lauzon's Q in issue 60.. --or--
<dd><A HREF="#tag/6"
	><strong>Tell me about the K guys</strong></a>
<br>SCI-Linux project to use multiple package types?
<dt><A HREF="#tag/7"
	><img src="../gx/dennis/qbub.gif" height="28" width="50"
	  alt="(?)" border="0"
	></a> minimum configuration Linux ? --or--
<dd><A HREF="#tag/7"
	><strong>Data Recovery Vendor Seeks Linux Basics</strong></a>
	RAIDs do not guarantee safety for your data	

<dt><A HREF="#tag/8"
	><img src="../gx/dennis/qbub.gif" height="28" width="50"
	  alt="(?)" border="0"
	></a>a question --or--
<dd><A HREF="#tag/8"
	><strong>Linux, UNIX, what's the difference?</strong></a>

<dt><A HREF="#tag/9"
	><img src="../gx/dennis/qbub.gif" height="28" width="50"
	  alt="(?)" border="0"
	><strong>linux question</strong></a>
<dt><A HREF="#tag/10"
	><img src="../gx/dennis/qbub.gif" height="28" width="50"
	  alt="(?)" border="0"
	><strong>Red Hat 7.0</strong></a> Crackerz!

<dt><A HREF="#tag/11"
	><img src="../gx/dennis/qbub.gif" height="28" width="50"
	  alt="(?)" border="0"
	><strong>Transmitting PaperPort files with .max</strong></a>
	Definitely some Windows file format
<dt><A HREF="#tag/12"
	><img src="../gx/dennis/qbub.gif" height="28" width="50"
	  alt="(?)" border="0"
	><strong>Help Me Delete Linux</strong></a>
<dt><A HREF="#tag/19"
	><img src="../gx/dennis/qbub.gif" height="28" width="50"
	  alt="(?)" border="0"
	><strong>Removing Linux: Sacrilege!</strong></a>
<dt><A HREF="#tag/32"
	><img src="../gx/dennis/qbub.gif" height="28" width="50"
	  alt="(?)" border="0"
	></a>uninstall linux --or--
<dd><A HREF="#tag/32"
	><strong>Another uninstall: Getting to a Root Prompt to Blow it All Away</strong></a>

<dt><A HREF="#tag/13"
	><img src="../gx/dennis/qbub.gif" height="28" width="50"
	  alt="(?)" border="0"
	><strong>setting root password</strong></a>
<dt><A HREF="#tag/14"
	><img src="../gx/dennis/qbub.gif" height="28" width="50"
	  alt="(?)" border="0"
	><strong>I can't seem to write to my vfat (Windoze) file system with any user other than root.</strong></a>
<dt><A HREF="#tag/15"
	><img src="../gx/dennis/qbub.gif" height="28" width="50"
	  alt="(?)" border="0"
	></a>For Jim Dennis...Hello from South Texas --or--
<dd><A HREF="#tag/15"
	><strong>Firewall for a SOHO</strong></a>
<br>Small World, isn't it?
<dt><A HREF="#tag/16"
	><img src="../gx/dennis/qbub.gif" height="28" width="50"
	  alt="(?)" border="0"
	><strong>Something comparable to Services in NT</strong></a>
<dt><A HREF="#tag/17"
	><img src="../gx/dennis/qbub.gif" height="28" width="50"
	  alt="(?)" border="0"
	><strong>Editing fstab file for tape backup</strong></a>
<dt><A HREF="#tag/18"
	><img src="../gx/dennis/qbub.gif" height="28" width="50"
	  alt="(?)" border="0"
	><strong>Mail gets nowhere?</strong></a>
<dt><A HREF="#tag/20"
	><img src="../gx/dennis/bbub.gif" height="28" width="50"
	  alt="(!)" border="0"
	><strong>Loading SuSE Linux 6.4 via NFS</strong></a>
<dt><A HREF="#tag/21"
	><img src="../gx/dennis/qbub.gif" height="28" width="50"
	  alt="(?)" border="0"
	><strong>RE: classified disk</strong></a>
<dt><A HREF="#tag/22"
	><img src="../gx/dennis/qbub.gif" height="28" width="50"
	  alt="(?)" border="0"
	><strong>multiple subnets, one DNS</strong></a>
<dt><A HREF="#tag/23"
	><img src="../gx/dennis/qbub.gif" height="28" width="50"
	  alt="(?)" border="0"
	></a>Linux vs. DESQview??? --or--
<dd><A HREF="#tag/23"
	><strong>responding to DESQview/386 Die Hards into the Next Millennia</strong></a>

<dt><A HREF="#tag/24"
	><img src="../gx/dennis/qbub.gif" height="28" width="50"
	  alt="(?)" border="0"
	><strong>DOS partition from Linux</strong></a>
<dt><A HREF="#tag/25"
	><img src="../gx/dennis/qbub.gif" height="28" width="50"
	  alt="(?)" border="0"
	><strong>e-mails not getting through</strong></a>
<dt><A HREF="#tag/26"
	><img src="../gx/dennis/qbub.gif" height="28" width="50"
	  alt="(?)" border="0"
	></a>exit X & shutdown --or--
<dd><A HREF="#tag/26"
	><strong>Exiting X and Rebooting with One Keystroke</strong></a>

<dt><A HREF="#tag/27"
	><img src="../gx/dennis/qbub.gif" height="28" width="50"
	  alt="(?)" border="0"
	><strong>Multiplexing ppp connections</strong></a>
<dt><A HREF="#tag/28"
	><img src="../gx/dennis/qbub.gif" height="28" width="50"
	  alt="(?)" border="0"
	><strong>[Tony@thermo-king.com: new to Linux]</strong></a>
<dt><A HREF="#tag/29"
	><img src="../gx/dennis/qbub.gif" height="28" width="50"
	  alt="(?)" border="0"
	><strong>Trident Providia 9685</strong></a>
<dt><A HREF="#tag/30"
	><img src="../gx/dennis/qbub.gif" height="28" width="50"
	  alt="(?)" border="0"
	><strong>The New network On The BLock</strong></a>
<dt><A HREF="#tag/31"
	><img src="../gx/dennis/qbub.gif" height="28" width="50"
	  alt="(?)" border="0"
	><strong>Mail Daily sylog message to remote e-mail</strong></a>
<dt><A HREF="#tag/33"
	><img src="../gx/dennis/qbub.gif" height="28" width="50"
	  alt="(?)" border="0"
	></a>automation for minicom --or--
<dd><A HREF="#tag/33"
	><strong>Scripted Serial Sessions</strong></a>

<dt><A HREF="#tag/34"
	><img src="../gx/dennis/qbub.gif" height="28" width="50"
	  alt="(?)" border="0"
	></a>About Epson Stilus Color 670 --or--
<dd><A HREF="#tag/34"
	><strong>Setting up print filters.</strong></a>

<dt><A HREF="#tag/35"
	><img src="../gx/dennis/qbub.gif" height="28" width="50"
	  alt="(?)" border="0"
	><strong>Xwindows</strong></a>
<dt><A HREF="#tag/36"
	><img src="../gx/dennis/qbub.gif" height="28" width="50"
	  alt="(?)" border="0"
	><strong>diald on a smoothwall box</strong></a>
<dt><A HREF="#tag/37"
	><img src="../gx/dennis/qbub.gif" height="28" width="50"
	  alt="(?)" border="0"
	><strong>...a bulk friendly ISP?</strong></a>

<!-- index_text ends -->
</DL>
<!--     .~~.~~.~~.~~.~~.~~.~~.~~.~~.~~.~~.~~.~~.~~.~~.~~.~~.~~.     -->
<A NAME="tag/greeting"><HR WIDTH="75%" ALIGN="center"></A>
<H3 align="left"><img src="../gx/dennis/hbubble.gif" 
	height="50" width="60" alt="(&para;) " border="0"
	>Greetings from Heather Stern</H3>
<!-- begin hgreeting -->
<p>
Hello everyone, and welcome once again to The Answer Gang.  As the fog starts
to lift this morning I am enjoying the fluffy greyness and savoring a good 
cup of coffee.  I leave it entirely to your imagination whether I'm talking
about the weather or my clouded thoughts.
</p><p>
We have some really juicy threads this month and I hope you like them.  I'd 
like to encourage anybody who feels like asking us questions, to consider
the following guidelines:
</p>
<ul>
<li>
Please use a real subject.  We hate having to reply to "your mail" (the 
classic default coughed up by our mailers, when replying to a blank subject 
line). "Help" or "Linux trouble" is not much help to us.  I know it sounds 
strange, there's a batch of us here, but it will probably greatly increase 
your chance of being one of the lucky souls who gets a direct answer.  Try 
actually stating your linux flavor, and what kind of trouble.
Examples: "RH 7 sound config?" "SuSE NFS install" etc.

<li>
This is a <em>Linux</em> webzine - ask us questions about free software.
For those of you from AOL, if the members' help forum can't answer you,
don't expect us to be any help at all (unless it's about Linux).
Windows has its own magazines and sites, and frankly most of the Gang hasn't
used Windows except in a cross-platform context in a long time. 
<br>
That said, If you work for a Windows 'zine, you should really read one or
two of the items this issue...

<li>
Requests for anonymity are honored here.  But if you don't want us to 
publish your question and the answers, don't expect us to be interested in 
helping you much.  Several of us are consultants for a living, so unless it's 
helping a few hundred people at once, we're not inclined to do freebies.

<li>
If you're using a foreign language and can manage to use an English subject,
please give a shot at asking your question in English, too.  We're quite 
forgiving of spotty English, if we can tell what you're asking.  Otherwise 
there's a couple of months lag while we have a translator look at your stuff,
if we even have someone to translate for your language.  Babelfish is only
good for a laugh.

<li>
We reserve the right to be curmudgeonly.  So flaming us for a lack of formality
will get you laughed at.  We've also got ethics here and if you don't, you'll 
get a serious drubbing.  However, we don't bother publishing answers that don't
have some meat to them.
</ul>

<p>
Spam seems to be down this month, and I don't think we got any non-computing
questions this time around.  Must be a Christmas present 
<IMG SRC="../gx/dennis/smily.gif" ALT=":)"
                height="24" width="20" align="middle">


</p><p>
It's a new year and I look forward to some interesting New Year's resolutions.
In past years I've made selections such as 1600x1200 (the year I got the
beautiful monitor I use daily) and 600 dpi (a printer, of course)...
</p>


<!-- end hgreeting -->
<!--     .~~.~~.~~.~~.~~.~~.~~.~~.~~.~~.~~.~~.~~.~~.~~.~~.~~.~~.     -->
<A NAME="tag/1"><HR WIDTH="75%" ALIGN="center"></A>
<!-- begin 1 -->
<H3 align="left"><img src="../gx/dennis/bbubble.gif" 
	height="50" width="60" alt="(!) " border="0"
	>Baffled</H3>

<p><strong>From Patrick Green
</strong></p> 
<p align="right"><strong>Answered By Jim Dennis
<br></strong></p>
<P><STRONG>
James I am at a loss here so I thought I would give you a try. I exited out
of a root session (not su) and I go back a couple hours later to login. I
enter my user name and lo and behold, no password prompt. So I cold boot it
(hate that) comes back up just fine, go to login ...no password prompt. Any
ideas?
</STRONG></P>
<BLOCKQUOTE><IMG SRC="../gx/dennis/bbub.gif" ALT="(!)"
	HEIGHT="28" WIDTH="50" BORDER="0"
	> [Jim]
First you'll want to get to a shell prompt.  I'd treat this as
though your <TT>/etc/passwd</TT> or <TT>/bin/login</TT> files are corrupt.  So,
start Linux using the init=/bin/sh kernel parameter (passed
from the LILO: prompt --- or LOADLIN, GRUB or whatever boot
loader you're using.
</BLOCKQUOTE>
<BLOCKQUOTE>
If that doesn't work, get out a rescue diskette or CD.
Remember Tom's (<A HREF="http://www.toms.net/rb"
	>http://www.toms.net/rb</A>).
</BLOCKQUOTE>
<BLOCKQUOTE>
Once you've done that try to confirm that your <TT>/etc/passwd</TT>,
<TT>/etc/group</TT>  and various <TT>/etc/pam.d</TT> files are sane.  They
should "look right" (if you've seen copies before).
</BLOCKQUOTE>
<BLOCKQUOTE>
If you have backups of your <TT>/etc/passwd</TT> and <TT>/etc/group</TT> files,
restore them to an alternate location (<TT>/tmp</TT>) and run diff
on them.  See if the differences seem reasonable.
</BLOCKQUOTE>
<BLOCKQUOTE>
If this is an RPM based system try the rpm <TT>-Va</TT> command
to verify the integrity of your <TT>/bin/login</TT> and other binaries.
(If you have a full tar backup of your root and <TT>/usr</TT> filesystems
you can use the 'tar df' or 'tar dzf' directives to report on
differences between your current files and those in your backup.
</BLOCKQUOTE>
<BLOCKQUOTE>
If you're running <A HREF="http://www.debian.org/">Debian</A> there are several ways to check the
integrity of your files; none of them is as easy to explain
and/or type as rpm <TT>-Va</TT> (that's one of the very few deficiencies
in the apt and dpkg systems).  You can run debsums or tripwire or
aide if you have any of them --- but that's probably a matter of
closing the barn door while the horses are already astray in
this case.
</BLOCKQUOTE>
<BLOCKQUOTE>
There is a possibility that your <TT>/bin/login</TT> program is corrupt
or that an attacker has compromised your system and attempted
to replace <TT>/bin/login</TT> (or some other files) with a broken
version (perhaps linked against some library you don't have
even just having the wrong permissions or something like
that).
</BLOCKQUOTE>
<BLOCKQUOTE>
Of course I'd also check the <TT>/var/log/messages</TT> and related files
to see if there are any clues in there; do a fsck on your
root filesystem, try to run <TT>/bin/login</TT> from a rescue shell
prompt, etc.  You can even temporarily replace <TT>/bin/login</TT> with a
one-line wrapper script. Rename it to login.binary or some such
an write a shell script like:
</BLOCKQUOTE>

<blockquote><pre>       #!/bin/sh
       exec /usr/sbin/strace -o /tmp/login.strace/$$.out /bin/login.binary
</pre></blockquote>
<BLOCKQUOTE>
... then try to login (rebooting as necessary, or just start
a shell on one of your virtual console with an appropriate
line in your <TT>/etc/inittab</TT> files).
</BLOCKQUOTE>
<BLOCKQUOTE>
It's an unusual problem, but these sorts of techniques will
help you narrow down what's happening.
</BLOCKQUOTE>
<BLOCKQUOTE>
(Obviously your kernel, your root filesystem and the init
program are working.  Your getty seems to be working
enough to display an "issue" file and accept a username.
So we've already narrowed it down to getty and login ---
either getty is failing to successfully execute the login
command, or the login command is failing to emit a password
prompt.  Since the latter is somewhat more likely we focus
on it.)
</BLOCKQUOTE>

<!-- end 2 -->
<!--     .~~.~~.~~.~~.~~.~~.~~.~~.~~.~~.~~.~~.~~.~~.~~.~~.~~.~~.     -->
<A NAME="tag/3"><HR WIDTH="75%" ALIGN="center"></A>
<!-- begin 3 -->
<H3 align="left"><img src="../gx/dennis/qbubble.gif" 
	height="50" width="60" alt="(?) " border="0"
	>A rather unique query (I hope)</H3>


<p><strong>From Karen Gartner 
</strong></p> 
<p align="right"><strong>Answered By Ben Okopnik, Mike Orr
<br></strong></p>
<P><STRONG>
Running RH 7 - Dell Precision 420, 18GB SCSI HD @ 10K rpm, 1 CD-ROM, 1
CD-RW, 19" screen w. Diamond Fire GL1 video card and therein is the start
of my problem.
</STRONG></P>
<P><STRONG>
The latest version of the Diamond fire GL1 driver for linux will only
work with kernel 2.2.14. RH 7 uses 2.2.16 so I have to backtrack to an
earlier kernel in order to use Gnome &amp; <A HREF="http://www.kde.org/">KDE</A> (I'm stuck in consoleland right
now).
</STRONG></P>
<BLOCKQUOTE><IMG SRC="../gx/dennis/bbub.gif" ALT="(!)"
	HEIGHT="28" WIDTH="50" BORDER="0"
	> [Ben]
Interesting. The first possibility that I would explore would be to search
the web (or possibly contact the author) for a patch for the Diamond video
code, rather than downgrading the kernel. Chances are relatively high that
the necessary changes would be trivial (on the other hand, it may require
a major code rewrite, but it wouldn't hurt to check.)
</BLOCKQUOTE>
<P><STRONG><IMG SRC="../gx/dennis/qbub.gif" ALT="(?)"
	HEIGHT="28" WIDTH="50" BORDER="0"
	>
Indeed I have installed the new (old?) kernel but on booting, only 1 scsi
host is recognized where there should be 3, there's an IDE recognition
problem, and ultimately I get the message "kernel panic: VFS: unable to
mount root fs 08:02". I have checked lilo.conf and all is well there.
</STRONG></P>
<BLOCKQUOTE><IMG SRC="../gx/dennis/bbub.gif" ALT="(!)"
	HEIGHT="28" WIDTH="50" BORDER="0"
	> [Ben]
Well, the "kernel panic" message says that it's not finding a bootable
device/useable boot record on device 08:02 (if I recall correctly, that
means "device with major number 8, minor number 2", otherwise known as
"<TT>/dev/sda2</TT>", the 2nd partition of your 1st SCSI HD.) Is that what your
boot device is supposed to be? (side query: have you re-run "lilo"? It
never hurts to do so, and if you've changed <EM>anything</EM> having to do with
booting - and you have - you <EM>must</EM> do so.)
</BLOCKQUOTE>

<blockquote>
<BLOCKQUOTE><IMG SRC="../gx/dennis/bbub.gif" ALT="(!)"
	HEIGHT="28" WIDTH="50" BORDER="0"
	> [Mike]
Not finding the <EM>root partition</EM> to mount.  The boot sector is a different
story, and if you made it this far, it's functioning correctly.
</BLOCKQUOTE>
<BLOCKQUOTE>
At least your panic message has the word "root" in it.  When it happens
to me, I get a cryptic "unable to open initial VC" (=virtual console) or
something like that.  Because displaying a login: prompt requires a
virtual console, which requires a device in the <TT>/dev/</TT> directory, which
requires a root partition to be mounted.
</BLOCKQUOTE>
<BLOCKQUOTE><IMG SRC="../gx/dennis/bbub.gif" ALT="(!)"
	HEIGHT="28" WIDTH="50" BORDER="0"
	> [Ben]
If you are unable to mount the root partition (you are correct in that
regard - I misspoke), I don't think that you will ever get anywhere near
the login prompt; the boot will fail at that point. It is true, though,
that a missing or damaged "<TT>/dev</TT>" directory will cause the "VC" message -
as will a "no virtual terminals" setting in the kernel configuration.
</BLOCKQUOTE>
</blockquote>

<BLOCKQUOTE><IMG SRC="../gx/dennis/bbub.gif" ALT="(!)"
	HEIGHT="28" WIDTH="50" BORDER="0"
	> [Ben]
Where did the new (old?) kernel come from? If it's a "stock" RedHat
kernel, I would be rather surprised - RH compiles theirs with every bell,
whistle, and gilliwhillikin included. I certainly haven't had any fail to
detect SCSI hosts/devices, but that may just be because I've done only a
few "RH on SCSI" installations. I certainly have not had any SCSI
detection problems with <A HREF="http://www.debian.org/">Debian</A>, even SCSI-emulation setups (that being
what I have at home.)
</BLOCKQUOTE>
<BLOCKQUOTE>
If it's a kernel that someone else compiled, I would definitely check the
configuration... scratch that. I would not <EM>use</EM> a custom-compiled kernel
while bringing up a new system in the first place. I recommend that you
don't either.
</BLOCKQUOTE>
<BLOCKQUOTE>
By the way, are you certain that you should see 3 SCSI <EM>hosts</EM>, rather
than three SCSI <em>devices</em>? There is a difference, and it's an important
one. The host adapters are interfaces between the PC and the SCSI devices;
it would be exceedingly rare (if even possible) to find three of them in
one system.
</BLOCKQUOTE>

<blockquote>
<BLOCKQUOTE><IMG SRC="../gx/dennis/bbub.gif" ALT="(!)"
	HEIGHT="28" WIDTH="50" BORDER="0"
	> [Mike]
You should find out which device it's complaining about.  Look in
Documentation/devices.txt in your kernel source.  Block device 8:2 is
indeed <TT>/dev/sda2.</TT>
</BLOCKQUOTE>
<BLOCKQUOTE>
(You can also look in the <TT>/dev/MAKEDEV</TT> script, because this is the
script that made all those device files.  However, I find it harder to
read.)
</BLOCKQUOTE>
<BLOCKQUOTE><IMG SRC="../gx/dennis/bbub.gif" ALT="(!)"
	HEIGHT="28" WIDTH="50" BORDER="0"
	> [Ben]
It's even easier to look in the "<TT>/dev</TT>" directory using Midnight Commander,
and scroll down until you see a match for those numbers. Possibly simplest
of all would be
</BLOCKQUOTE>

<blockquote><pre>ls /dev|grep "8, *2 "
</pre></blockquote>
<BLOCKQUOTE><IMG SRC="../gx/dennis/bbub.gif" ALT="(!)"
	HEIGHT="28" WIDTH="50" BORDER="0"
	> [Mike]
Provided the <TT>/dev</TT> directory is there and is intact.
</BLOCKQUOTE>

<BLOCKQUOTE>
Note also that there are two types of devices, "block" and "character".
Disk drives are block devices.  The same major number may be assigned
to one block device and a different character device.
</BLOCKQUOTE>
</blockquote>

<P><STRONG><IMG SRC="../gx/dennis/qbub.gif" ALT="(?)"
	HEIGHT="28" WIDTH="50" BORDER="0"
	>
What I would like to do is take the config file from 2.2.16 and copy it
to 2.2.14. Everything but the video card works tickety boo in 2.2.16. The
problem is, where do I find the config file from 2.2.16? 2.2.14 is in
usr/src/linux of course, which was created on the install, but where does
the old .config file reside?
</STRONG></P>
<P><STRONG>
Is that even a good idea to solve the issue? Any and all help is mightily
appreciated.
</STRONG></P>
<BLOCKQUOTE><IMG SRC="../gx/dennis/bbub.gif" ALT="(!)"
	HEIGHT="28" WIDTH="50" BORDER="0"
	> [Ben]
I would say that this is not a good idea at all. Configurations - and
thus, config files - vary wildly between kernel versions. On the other
hand, printing out the old configuration and walking through the new one
to make sure that it's as close as possible to the original would be very
useful. On my system (I'm running Debian, but I don't think it would be
very different on others), the config file is in
</BLOCKQUOTE>
<BLOCKQUOTE>
"<TT>/usr/src/kernel-source-</tt>&lt;version&gt;<tt>/.config</TT>"
</BLOCKQUOTE>
<BLOCKQUOTE><IMG SRC="../gx/dennis/bbub.gif" ALT="(!)"
	HEIGHT="28" WIDTH="50" BORDER="0"
	> [Mike]
This is the normal Linux convention.  Actually, you can place your build
tree anywhere, but you should make <TT>/usr/src/linux</TT> a symlink to it so
that the compiler will find the include files.  (Is this still required
now that glibc has its own kernel headers?)
</BLOCKQUOTE>

<BLOCKQUOTE><IMG SRC="../gx/dennis/bbub.gif" ALT="(!)"
	HEIGHT="28" WIDTH="50" BORDER="0"
	> [Ben]
Good luck in resolving your problem.
</BLOCKQUOTE>

<!-- end 3 -->
<!--     .~~.~~.~~.~~.~~.~~.~~.~~.~~.~~.~~.~~.~~.~~.~~.~~.~~.~~.     -->
<A NAME="tag/4"><HR WIDTH="75%" ALIGN="center"></A>
<!-- begin 4 -->
<H3 align="left"><img src="../gx/dennis/qbubble.gif" 
	height="50" width="60" alt="(?) " border="0"
	>What is Linux?</H3>
<H4 ALIGN="center">the screensavers look great!</H4>


<p><strong>From David Cruz 
</strong></p> 
<p align="right"><strong>Answered By Mike Orr, Heather Stern
<br></strong></p>
<!-- ::
What is Linux?
~~~~~~~~~~~~~~
the screensavers look great!
:: -->

<P><STRONG>
i live in south africa and find it hard to source help from anyone here.i
recently saw a friend how is running his pc on linux software.very
impressive.i myself have windows 2000,which works well but when it comes to
graphics and proffessional look you're way ahead.i've been trying hard
searching the net for the last week for your softwear but came up with
nothing.
</STRONG></P>
<BLOCKQUOTE><IMG SRC="../gx/dennis/bbub.gif" ALT="(!)"
	HEIGHT="28" WIDTH="50" BORDER="0"
	> [Mike]
The following URLs contain material on what Linux is, what you can do
with it, and where to find it:
</BLOCKQUOTE>
<BLOCKQUOTE><BLOCKQuote>
<A HREF="http://www.linuxresources.com"
	>http://www.linuxresources.com</A> , sections:
</BLOCKQuote></BLOCKQUOTE>
<BLOCKQUOTE>
<UL>
	<LI>"What is Linux"?
	<LI>"About Linux distributions" (general information)
	<LI>"Linux distributions" (information about each major distribution)
	<LI>"GLUE" (look for a Linux users group in South Africa)
</UL>
</BLOCKQUOTE>
<BLOCKQUOTE>
<A HREF="http://www.linuxdoc.org/HOWTO/META-FAQ.html"
	>http://www.linuxdoc.org/HOWTO/META-FAQ.html</A>
This is the Linux Meta-HOWTO, which gives an overview of where to find
different kinds of Linux information.
</BLOCKQUOTE>
<BLOCKQUOTE>
<A HREF="http://www.linuxdoc.org"
	>http://www.linuxdoc.org</A>
Home site for Linux documentation.  Click on "mirrors" and find a mirror
in South Africa to read; it will be faster and cheaper than using the
USA server.
</BLOCKQUOTE>
<BLOCKQUOTE>
<A HREF="http://www.linuxnewbie.org"
	>http://www.linuxnewbie.org</A>
A site dedicated to helping new Linux users and those who just want to
see what Linux is before deciding whether to run it.
</BLOCKQUOTE>
<BLOCKQUOTE>
<A HREF="http://www.linuxstart.com"
	>http://www.linuxstart.com</A>
A site which tries to be a "user-friendly index of Linux information".
</BLOCKQUOTE>
<P><STRONG><IMG SRC="../gx/dennis/qbub.gif" ALT="(?)"
	HEIGHT="28" WIDTH="50" BORDER="0"
	>
.the one thing i
found incredible was your screensavers- radar, bumps(the blue torch
searching in the dark,compass
</STRONG></P>
<BLOCKQUOTE><IMG SRC="../gx/dennis/bbub.gif" ALT="(!)"
	HEIGHT="28" WIDTH="50" BORDER="0"
	> [Mike]
Does anybody know which programs he's talking about?  Is it the standard
X screensavers (xlockmore), the xscreensaver package, or something that
comes with <A HREF="http://www.kde.org/">KDE</A> or Gnome?
</BLOCKQUOTE>
<BLOCKQUOTE>
I don't use screensavers; I prefer to make the screen go black and switch
to power-saving mode.  If I want to watch "eye candy", I'll run an
application which does this.  Fortunately, xscreensaver screen savers can
also be run as applications in their own windows, not just as screen savers.
</BLOCKQUOTE>
<BLOCKQUOTE><IMG SRC="../gx/dennis/bbub.gif" ALT="(!)"
	HEIGHT="28" WIDTH="50" BORDER="0"
	> [Heather]
The radar screensaver he is talking about is one of the utilities which
can be used as an xscreensaver module, or simply run as a seperate app.
By default it just looks cute, but it has command line options to "ping"
some specified hosts your local network and thus be more realistic "sonar"
for your situation.  Several of the nicer toys like this need to be fetched
seperately from xscreensaver package itself.
</BLOCKQUOTE>
<BLOCKQUOTE>
Gnome uses a GTK based front end to xscreensaver, which shows a number of
these sorts of descriptions, including for the extras (it mentions their
homesites, so you know where to get them from.  Maybe handy even if you
hate Gnome?)  I have to say it was useful when I was trying to decide
which modules to not bother using.  I don't really like the idea of a <EM>truly</EM>
random screen toy, as some of these artsy things are just plain ugly.
</BLOCKQUOTE>
<BLOCKQUOTE>
I don't remember what K uses.  Anyways asking whether a given module is in
xscreensaver or in xlockmore is a lost cause.  The two are always in a race
and at any given time, both have lots of cool eye candy, and a lot of it is
GPL so you could port it if you felt like.  You can have both installed, but 
only run one or the other at a time.
</BLOCKQUOTE>

<!-- end 4 -->
<!--     .~~.~~.~~.~~.~~.~~.~~.~~.~~.~~.~~.~~.~~.~~.~~.~~.~~.~~.     -->
<A NAME="tag/5"><HR WIDTH="75%" ALIGN="center"></A>
<!-- begin 5 -->
<H3 align="left"><img src="../gx/dennis/qbubble.gif" 
	height="50" width="60" alt="(?) " border="0"
	>Linux Installation question</H3>


<p><strong>From Layne Gossett 
</strong></p> 
<p align="right"><strong>Answered By Mike Orr, Heather Stern
<br></strong></p>
<P><STRONG>
Is there an option for specifying that I would like to be prompted for all of
the kernel options during installation, much like you get when building your
own kernel?
</STRONG></P>
<BLOCKQUOTE><IMG SRC="../gx/dennis/bbub.gif" ALT="(!)"
	HEIGHT="28" WIDTH="50" BORDER="0"
	> [Mike]
I assume that by "during installation" you mean you want to customize
the kernel options at each boot, not the first time you install Linux
using your distribution's install program.
</BLOCKQUOTE>
<BLOCKQUOTE>
You cannot set the compile-time options (=the "make menuconfig" options)
at boot time.  However, there are lots and lots of other kernel options
you can set from the LILO: promit or by adding an
</BLOCKQUOTE>
<BLOCKQUOTE><code>
append="myoption1 myoption2=myvalue1,myvalue2"
</code></BLOCKQUOTE>
<BLOCKQUOTE>
line in <TT>/etc/conf.lilo</TT> and re-running lilo.  See the Bootprompt-HOWTO
for all the options you can set.
<A HREF="http://www.linuxdoc.org/HOWTO/BootPrompt-HOWTO.html"
	>http://www.linuxdoc.org/HOWTO/BootPrompt-HOWTO.html</A>
</BLOCKQUOTE>
<BLOCKQUOTE>
Some other options can be set at runtime via the <TT>/proc</TT> filesystem.  For
instance,
</BLOCKQUOTE>
<BLOCKQUOTE><code>
echo 1 &gt;/proc/sys/net/ipv4/ip_forward
</code></BLOCKQUOTE>
<BLOCKQUOTE>
will turn on IP forwarding.  Echoing a zero will turn it off.
Documentation for these files is in the appropriate subsystems' docs and
HOWTOs.  (And actually, most are not documented very well.)
</BLOCKQUOTE>
<P><STRONG><IMG SRC="../gx/dennis/qbub.gif" ALT="(?)"
	HEIGHT="28" WIDTH="50" BORDER="0"
	>
Although I have read the HOWTOs on building my own kernel, I still have not
been able to get it to work out yet.  I've had a lot of luck installing Red
Hat from the CD, but I'd like to have firewalling and IP Masq capabilities
from a "clean" installation (and remove things like PCMCIA, etc.).
</STRONG></P>
<BLOCKQUOTE><IMG SRC="../gx/dennis/bbub.gif" ALT="(!)"
	HEIGHT="28" WIDTH="50" BORDER="0"
	> [Mike]
For masquerading, you must compile the kernel with IP forwarding and IP
masquerading.  Then you need to enable it in one of your boot scripts.
For instance, my <A HREF="http://www.debian.org/">Debian</A> <TT>/etc/init.d/rc.firewall</TT> contains:
</BLOCKQUOTE>
<BLOCKQUOTE><BLOCKQUOTE><CODE>
/sbin/modprobe ip_masq_ftp # Only neded if masquerading non-passive FTP.
<BR>echo "1" &gt; /proc/sys/net/ipv4/ip_forward # Turn on IP forwarding.
<BR>/sbin/ipchains -M -S 7200 10 160 # Debian default timeouts.
<BR>/sbin/ipchains -P forward DENY # Deny any other kinds of forwarding.
<BR>/sbin/ipchains -A forward -s 10.0.0.0/8 -j MASQ
<BR># Masquerade from the 10.0.0.0 network to the outside world.
</CODE></BLOCKQUOTE></BLOCKQUOTE>
<BLOCKQUOTE>
Try running these commands manually and see if you can get masquerading
working with your current kernel.
</BLOCKQUOTE>
<BLOCKQUOTE>
For more security, you can build a more elaborate set of ipchains rules.
(Note: ipchains requires a 2.2.x kernel, which I assume is what you
have.)
</BLOCKQUOTE>
<BLOCKQUOTE><IMG SRC="../gx/dennis/bbub.gif" ALT="(!)"
	HEIGHT="28" WIDTH="50" BORDER="0"
	> [Heather]
The Debian installer does ask about these things, but just to prepare
the modules listing, not to prepare a whole kernel.  And its prompts are
rather wimpy - you really have best luck if you already know what you are
looking for.
</BLOCKQUOTE>

<!-- end 5 -->
<!--     .~~.~~.~~.~~.~~.~~.~~.~~.~~.~~.~~.~~.~~.~~.~~.~~.~~.~~.     -->
<A NAME="tag/6"><HR WIDTH="75%" ALIGN="center"></A>
<!-- begin 6 -->
<H3 align="left"><img src="../gx/dennis/qbubble.gif" 
	height="50" width="60" alt="(?) " border="0"
	>Tell me about the K guys</H3>
<H4 ALIGN="center">SCI-Linux project to use multiple package types?</H4>


<p><strong>From Manoj Warrier 
</strong></p> 
<p align="right"><strong>Answered By Heather Stern, Mike Orr
<br></strong></p>
<!-- ::
Tell me about the K guys
~~~~~~~~~~~~~~~~~~~~~~~~~
SCI-Linux project to use multiple package types?
:: -->
<P><STRONG>
Dan is right. Use one of the user friendly, mouth feeding distros
and U stay a newbie unless U make a habit of reading the Linux
Gazette and Linux Journal articles out of curiosity as to what happens
under the hood...
</STRONG></P>
<P><STRONG>
But, my ears picked up at Heather's comment <TT>-&gt;</TT> "I think the K guys
have the right idea, writing a front end that deals with more than
one package type". It sounds exactly like something I need. We are
compiling a set of software (most of the links provided at
"<A HREF="http://Scilinux.freeservers.com"
	>http://Scilinux.freeservers.com</A>") which we think go into making an
Enviornment for scientific computing on Linux. We plan to make a CDROM
by April 2001 (GPL) with the sources <TT>/</TT> RPMs <TT>/</TT> other binaries and have
a Tcl/Tk interface to install these on a existing Linux/GNU PC.
We are still wondering if there is "a front end GUI that can deal with
more than 1 pacakage type".
</STRONG></P>
<BLOCKQUOTE><IMG SRC="../gx/dennis/bbub.gif" ALT="(!)"
	HEIGHT="28" WIDTH="50" BORDER="0"
	> [Heather]
kpackage is allegedly able to deal with both .deb and .rpm package types.
I assume that you still need the underlying libraries, so it knows what to
call.  It may also be strongly dependent on alien, a script which eases the
conversion between package types.
</BLOCKQUOTE>
<BLOCKQUOTE>
If you're going to write your own GUI, definitely take a look at alien, the
packaging APIs, and the apps which already exist to deal with these package
types alone. Just make sure not to mix licenses in any incompatible ways...
</BLOCKQUOTE>
<P><STRONG><IMG SRC="../gx/dennis/qbub.gif" ALT="(?)"
	HEIGHT="28" WIDTH="50" BORDER="0"
	>
So who are this K guys? <A HREF="http://www.kde.org/">KDE</A> develoment team? ...
</STRONG></P>
<BLOCKQUOTE><IMG SRC="../gx/dennis/bbub.gif" ALT="(!)"
	HEIGHT="28" WIDTH="50" BORDER="0"
	> [Heather]
Yes.  The full name of KDE is "the K Desktop Environment" where according
to the FAQ, K stands for Kool.  But they refer throughout their docs to K,
for example, the K menus, the K button, etc.
</BLOCKQUOTE>
<BLOCKQUOTE><IMG SRC="../gx/dennis/bbub.gif" ALT="(!)"
	HEIGHT="28" WIDTH="50" BORDER="0"
	> [Mike]
Of course, it was named after CDE, the Common Desktop Environment GUI
that many commercial Unices use.
</BLOCKQUOTE>

<p><em>... to which Manoj replies ...</em></p>


<P><STRONG><img src="../gx/dennis/qbubble.gif" 
	height="50" width="60" alt="(?) " border="0"
	>
Hi and thanks,
</STRONG></P>
<P><STRONG>
Elaborating more on my task at hand,
</STRONG></P>
<P><STRONG>
Work to be done <TT>-&gt;</TT> Create a CDROM with scientific software which can
be installed on a PC already running Linux.
</STRONG></P>
<P><STRONG>
Problem faced <TT>-&gt;</TT> There are various distros of Linux, various versions
of Linux software, therefore a binary which works on one may not
work on the other.
</STRONG></P>
<BLOCKQUOTE><IMG SRC="../gx/dennis/bbub.gif" ALT="(!)"
	HEIGHT="28" WIDTH="50" BORDER="0"
	> [Heather]
This is more a matter of the library dependencies than the limits of
any one distro.  ldd &lt;binaryname&gt; would tell you which libraries it
expects, and if those are really already present, you can force it to
install, over its packagemaneger's objection, and it will work.
</BLOCKQUOTE>
<blockquote>
<p><strong><IMG SRC="../gx/dennis/qbub.gif" ALT="(?)"
	HEIGHT="28" WIDTH="50" BORDER="0"
	> 
(1) Thanks. I did not know this.
</strong></p>
</blockquote>

<BLOCKQUOTE><IMG SRC="../gx/dennis/bbub.gif" ALT="(!)"
	HEIGHT="28" WIDTH="50" BORDER="0"
	> [Heather]
In some cases the kernel may lack something, in which case providing a
usable kernel with modules would be a good idea.  Don't forget pcmcia
modules and setup if you want to gracefully handle laptops.
</BLOCKQUOTE>

<blockquote>
<p><strong><IMG SRC="../gx/dennis/qbub.gif" ALT="(?)"
	HEIGHT="28" WIDTH="50" BORDER="0"
	>
Not planning on this (at least not in the pre-alpha version). Also
wondering where I can keep the CDROM for free downloading (Power cuts,
etc, are quiet common this place).
</strong></p>
</blockquote>

<P><STRONG><IMG SRC="../gx/dennis/qbub.gif" ALT="(?)"
	HEIGHT="28" WIDTH="50" BORDER="0"
	>
Policy <TT>-&gt;</TT> Do not want to creae another distro of Linux (Linux from
scratch is the way to do it ... am I right??) on which we can then
make pre-compiled binaries.
</STRONG></P>
<BLOCKQUOTE><IMG SRC="../gx/dennis/bbub.gif" ALT="(!)"
	HEIGHT="28" WIDTH="50" BORDER="0"
	> [Heather]
Sort of contrary to this, people call "Bastille Linux" a distro even
though it's strictly symbiotic to RedHat.  You might look at Rock Linux
(designed to put the whole thing together from sources) or piggyback on
<A HREF="http://www.slackware.org/">Slackware</A> (which was an early distro, and is pretty strong in the compiler
department) or on debian (if it's got the packages you want already, since
it has so many).
</BLOCKQUOTE>
<P><STRONG><IMG SRC="../gx/dennis/qbub.gif" ALT="(?)"
	HEIGHT="28" WIDTH="50" BORDER="0"
	>
Therefore plan <TT>-&gt;</TT> Have the sources, binaries (*.rpm, slackware *.tgz,
*.deb, etc..) on a CDROM and have a Tcl/Tk script to install your
choice. The script would try to compile the sources for your Linux
distro if none of the binaries packed with the CDROM works for you.
I realise that a script that compiles from source for your distro of
linux will take a loooooot of time, and it is close to impossible
to make it work for all distros .. SO ANY IDEAS??
</STRONG></P>
<BLOCKQUOTE><IMG SRC="../gx/dennis/bbub.gif" ALT="(!)"
	HEIGHT="28" WIDTH="50" BORDER="0"
	> [Heather]
with the aid of alien I use rpm's on my debian box and .deb's on my <A HREF="http://www.suse.com/">SuSE</A>
box fairly freely.  Admittedly I did grab 3 deb's to bring lynx-ssl over
but it was worth it... and not very hard, debian's dependency tree was
accurate.
</BLOCKQUOTE>

<blockquote>
<p><strong><IMG SRC="../gx/dennis/qbub.gif" ALT="(?)"
	HEIGHT="28" WIDTH="50" BORDER="0"
	> 
(2) Using alien seems to be a stop gap solution ( I still have to check it
out ).
</strong></p>
</blockquote>


<BLOCKQUOTE><IMG SRC="../gx/dennis/bbub.gif" ALT="(!)"
	HEIGHT="28" WIDTH="50" BORDER="0"
	> [Heather]
If you also provide the basic libraries that your packages expect, and you
are <EM>really</EM> careful about adding them, you could do okay.  The tricky part
is things like libjpeg6a versus libjpeg6b (for example).  If you get some
app that really only wants a specific libary and nothing else will do, you'll
have to use LD_PRELOAD variables.
</BLOCKQUOTE>

<blockquote>
<p><strong><IMG SRC="../gx/dennis/qbub.gif" ALT="(?)"
	HEIGHT="28" WIDTH="50" BORDER="0"
	>
(3) Hopefully we will not need to use LD_PRELOAD. Providing basic libraries
is most appealing (after using ldd "binaryname" to find the library
dependencies for all the softwarewe plan to pack).
</strong></p>
<BLOCKQUOTE><IMG SRC="../gx/dennis/bbub.gif" ALT="(!)"
	HEIGHT="28" WIDTH="50" BORDER="0"
	> [Heather]
The point of using LD_PRELOAD would be if using this with an unknown locally
installed system - if your users will be booting from your CD-ROM, then you'll
know their environment is correct, and LD_PRELOAD will be unnecessary.
</BLOCKQUOTE>
</blockquote>

<BLOCKQUOTE>
You can use them anyway, and keep all your known support libraries in a little
link farm, or something.  Probably don't even need hardlinks.
</BLOCKQUOTE>
<P><STRONG><IMG SRC="../gx/dennis/qbub.gif" ALT="(?)"
	HEIGHT="28" WIDTH="50" BORDER="0"
	>
Why go into it at all <TT>-&gt;</TT> At my Institute (Insttute for plasma research,
Ahmedabad, India) we have a lot of ppl using Linux and most of them
do not have Octave, Scilab, Numerical libraries, yorick, xfig, lyx,
AbiWord, pvm, mpich, ftncheck, etc. etc. etc... on thier Linux PCs.
It would be convinient to therefore have a CDROM which would install
these on thier PCs.
</STRONG></P>
<BLOCKQUOTE><IMG SRC="../gx/dennis/bbub.gif" ALT="(!)"
	HEIGHT="28" WIDTH="50" BORDER="0"
	> [Heather]
Just offhand I've seen most of those in a debian capt list.  Make note,
I do point at non-free and non-US, so you may need to do that, or fight
licensing hassles, to distribute them.
</BLOCKQUOTE>

<blockquote>
<p><strong><IMG SRC="../gx/dennis/qbub.gif" ALT="(?)"
	HEIGHT="28" WIDTH="50" BORDER="0"
	> 
Never used <A HREF="http://www.debian.org/">Debian</A> (Indian PC mags have never given a free version). Here
RedHat sems to rule the roost. We get at least 2 CDROMS every year..
</strong></p>
</blockquote>

<P><STRONG><IMG SRC="../gx/dennis/qbub.gif" ALT="(?)"
	HEIGHT="28" WIDTH="50" BORDER="0"
	>
Another problem is getting started using these new
software. Detailed 100+page manuals are very useful after you get
started. therefore we have plans of short getting started guides for
these software. I guess there are other people who also might find
such a CDROM useful. Thats why we started this.
</STRONG></P>
<BLOCKQUOTE><IMG SRC="../gx/dennis/bbub.gif" ALT="(!)"
	HEIGHT="28" WIDTH="50" BORDER="0"
	> [Heather]
All my best wishes go to you, the Linux world needs more documenters 
<IMG SRC="../gx/dennis/smily.gif" ALT=":)" 
		height="24" width="20" align="middle">
</BLOCKQUOTE>
<P><STRONG><IMG SRC="../gx/dennis/qbub.gif" ALT="(?)"
	HEIGHT="28" WIDTH="50" BORDER="0"
	>
Meanwhile Ill be exploring alien and kpackage. kpackage would probably
need the underlying libraries ... Not everybody has this.
</STRONG></P>
<BLOCKQUOTE><IMG SRC="../gx/dennis/bbub.gif" ALT="(!)"
	HEIGHT="28" WIDTH="50" BORDER="0"
	> [Heather]
There are tricks for unwrapping an rpm or a deb without having the library
installed yet.  The <A HREF="http://www.linuxcare.com/">Linuxcare</A> Bootable Business Card (BBC) does this to
install ssh on-the-fly since when they began the project, the U.S. still
had overly eager anti-crypto laws.  (It can be argued that they're still
rather crazy - see the EFF - but I'll leave that be for now.)  You can get
the BBC at its new site: <A HREF="http://open-projects.linuxcare.com/BBC"
	>http://open-projects.linuxcare.com/BBC</A>
</BLOCKQUOTE>
<P><STRONG><IMG SRC="../gx/dennis/qbub.gif" ALT="(?)"
	HEIGHT="28" WIDTH="50" BORDER="0"
	>
Which leads me to ask <TT>-&gt;</TT> Dont youll think fondly
about the window manager which you could work on within 5 seconds
of typing "startx" at your console on your 16 MB RAM 486? This
could be a silly sentiment ...
</STRONG></P>
<BLOCKQUOTE><IMG SRC="../gx/dennis/bbub.gif" ALT="(!)"
	HEIGHT="28" WIDTH="50" BORDER="0"
	> [Heather]
I recommend looking at fvwm2, it's what I use for a lightweight setup that
still offers "normal" menus.  And flwm (fast light window manager) comes
highly recommended from the debian-laptops mailing list.
</BLOCKQUOTE>

<blockquote>
<p><strong><IMG SRC="../gx/dennis/qbub.gif" ALT="(?)"
	HEIGHT="28" WIDTH="50" BORDER="0"
	> 
I use fvwm. flwm sounds good. Must check it out.
</strong></p>
</blockquote>


<BLOCKQUOTE><IMG SRC="../gx/dennis/bbub.gif" ALT="(!)"
	HEIGHT="28" WIDTH="50" BORDER="0"
	> [Heather]
If you're going to write your own GUI, definitely take a look at alien, the
packaging APIs, and the apps which already exist to deal with these package
types alone. Just make sure not to mix licenses in any incompatible ways...
</BLOCKQUOTE>

<blockquote>
<p><strong><IMG SRC="../gx/dennis/qbub.gif" ALT="(?)"
	HEIGHT="28" WIDTH="50" BORDER="0"
	> 
and YES !! we have to check out licenses in detail (the least attractive
part of the project), but I guess we might be able to distribute most of
it since this is never going to be a commercial CDROM. Ill put it up
for free downloading (Is there anyone who will provide this service -
A mount point for a CDROM having a tar gzipped version of it?). Dont know
if I can convince my Institute to CDwrite and mail the CDROM to whoever
requests it and pays mailing charges. In fact dont know if anybody will
want it, but we learn quiet a lot (ldd "binary name", alien, etc..)
doing this.
</strong></p>
</blockquote>

<P><STRONG><IMG SRC="../gx/dennis/qbub.gif" ALT="(?)"
	HEIGHT="28" WIDTH="50" BORDER="0"
	>
Thanks once again.
</STRONG></P>
<P><STRONG>
Manoj
</STRONG></P>
<p><em>
Then there was this great - user friendly OS which
overwrote your MBR whenever you installed it...
</em></p>
<BLOCKQUOTE><IMG SRC="../gx/dennis/bbub.gif" ALT="(!)"
	HEIGHT="28" WIDTH="50" BORDER="0"
	> [Heather]
You're welcome, and good luck in your project.
</BLOCKQUOTE>


<!--     .~~.~~.~~.~~.~~.~~.~~.~~.~~.~~.~~.~~.~~.~~.~~.~~.~~.~~.     -->
<A NAME="tag/7"><HR WIDTH="75%" ALIGN="center"></A>
<!-- begin 7 -->
<H3 align="left"><img src="../gx/dennis/qbubble.gif" 
	height="50" width="60" alt="(?) " border="0"
	>Data Recovery Vendor Seeks Linux Basics</H3>
<h4 align="center">RAIDs do not guarantee safety for your data</h4>

<p><strong>From Support 
</strong></p> 
<p align="right"><strong>Answered By Jim Dennis, Mike Orr  
<br></strong></p>
<!-- ::
Data Recovery Vendor Seeks Linux Basics
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
:: -->
<P><STRONG>
I wonder if you could point me to a FAQ that would answer the
following question:
</STRONG></P>
<P><STRONG>
We are a small company specializing in Data Recovery. HardDisk
"crashes" and the like.
</STRONG></P>
<P><STRONG>
We have a client that used a network Disk Drive from a company
called NETGEAR. It appears that they have built their product
round Linux (The good news !)
</STRONG></P>
<BLOCKQUOTE><IMG SRC="../gx/dennis/bbub.gif" ALT="(!)"
	HEIGHT="28" WIDTH="50" BORDER="0"
	> [Jim]
Yes.  I've heard that the Netgear NAS (network attached storage)
products use an embedded Linux system).  However I don't know
any details about their configuration.
</BLOCKQUOTE>
<BLOCKQUOTE><IMG SRC="../gx/dennis/bbub.gif" ALT="(!)"
	HEIGHT="28" WIDTH="50" BORDER="0"
	> [Mike]
I have a bit of sympathy in my heart for data recovery companies,
because we had to use one at the hospital I worked at in 1994.  I was
doing data entry into a FoxPro database and the Novell server crashed.
To top it off, this was 3pm on Christmas Eve and most people were gone.
Troubleshooting proved that the server would reliably crash when
accessing the middle of certain files in the NetWare filesystem--and
these were the database data files.
</BLOCKQUOTE>
<BLOCKQUOTE>
It took a week to recover.  We were between sysadmins and didn't have a
backup, because our disk capacity was 2 GB but our tape drive had not
kept pace -- it was still a measly 250 MB model.  A guest sysadmin from
the hospital-wide pool came, did the standard bindery tests (akin to
fsck), called a couple consultants who didn't help, called a CNE but
didn't engage him since he wouldn't have done more than we'd already
done--but would have charged $50 anyway!
</BLOCKQUOTE>
<BLOCKQUOTE>
We discovered that disk mirroring is not always a good thing.  The
mirror drive was supposed to be our backup.  And it did backup well:
it backed up the corrupted data!
</BLOCKQUOTE>
<BLOCKQUOTE>
The sysadmin noted my comments about the hard drive making noises, and
wrote in a report, "It done sound like a car need bearings."  We sent
the drive to OnTrack; they took it apart, charged $2000, and sent back a
tape containing all the files they could recover.  Out of all the
consultants and CNEs we called, they were the only competent ones in
this whole process.  They also sent back an amusing analysis report:
"Severe hard drive damage.  Drive should be replaced."  Duh!
</BLOCKQUOTE>
<BLOCKQUOTE>
We replaced both drives, because the other one was acting up too.  Both
were part of a bad Maxtor batch that were causing problems in other
parts of the hospital as well.  They had 12-month warranties, and the
drives were failing in the 11th or 13th months.
</BLOCKQUOTE>

<P><STRONG><IMG SRC="../gx/dennis/qbub.gif" ALT="(?)"
	HEIGHT="28" WIDTH="50" BORDER="0"
	>
Thus far, we have regrettably no experience of Linux. I wish to
Install a minimum configuration of Linux on a Win98 test PC in
order that i may copy the data on their (undamaged) harddisk to
another FAT32 harddisk and thereafter backup to CD's.
</STRONG></P>
<P><STRONG>
Right now i'm downloading 2 * 675Mb of "Linux" in ISO format. I
doubt that i need 10% of it for this task, but i have no knowledge of
the required files to get a minimal system running.
Is there an FAQ that would explain to a willing but uneducated guy,
how to proceed.
</STRONG></P>
<BLOCKQUOTE><IMG SRC="../gx/dennis/bbub.gif" ALT="(!)"
	HEIGHT="28" WIDTH="50" BORDER="0"
	> [Jim]
You don't mention <EM>which</EM> ISO images you're downloading.  It's
probably excessive in any event.  Generally you can install a
fairly full Linux distribution from one CD (the second CD on many
distributions contains source code and/or extra software, sometimes
including shareware and other "non-free" stuff (demoware, etc)).
</BLOCKQUOTE>
<P><STRONG><IMG SRC="../gx/dennis/qbub.gif" ALT="(?)"
	HEIGHT="28" WIDTH="50" BORDER="0"
	>
1. how to install a minimum version of Linux
</STRONG></P>
<BLOCKQUOTE><IMG SRC="../gx/dennis/bbub.gif" ALT="(!)"
	HEIGHT="28" WIDTH="50" BORDER="0"
	> [Jim]
This is a very difficult question to answer given that you haven't
told me which distribution you're downloading.  Distributions differ
more in their installation and initial configuration than in any other
regard.
</BLOCKQUOTE>
<BLOCKQUOTE>
It would also be difficult, even if you had provided this information,
since it requires essentially a chapter length exposition.
</BLOCKQUOTE>
<BLOCKQUOTE><IMG SRC="../gx/dennis/bbub.gif" ALT="(!)"
	HEIGHT="28" WIDTH="50" BORDER="0"
	> [Mike]
If you want just a minimal Linux installation to just copy data off a
Linux partition, consider Tom's Root Boot.  It's a minimal Linux system
on a bootable floppy, with the utilities needed in a typical rescue
situation.  Our sysadmins swear by it for all manner of workstation
setup tasks.
</BLOCKQUOTE>
<BLOCKQUOTE>
<A HREF="http://www.toms.net/rb"
	>http://www.toms.net/rb</A>
</BLOCKQUOTE>
<BLOCKQUOTE>
However, I echo Jim's statement that you need to know the basics of
Linux utilities in order to do an effective data transfer.  Many people
have had to embark on an unanticipated self-taught crash course, but it
means spending a weekend with the HOWTOs and manual pages or a book.
</BLOCKQUOTE>
<P><STRONG><IMG SRC="../gx/dennis/qbub.gif" ALT="(?)"
	HEIGHT="28" WIDTH="50" BORDER="0"
	>
2. how to copy files from a Linux Partition on  one disk to a fat 32
partition on a second disk.
</STRONG></P>
<BLOCKQUOTE><IMG SRC="../gx/dennis/bbub.gif" ALT="(!)"
	HEIGHT="28" WIDTH="50" BORDER="0"
	> [Jim]
This part would be quite easy once you have Linux installed.
Linux support FAT32 and MS-DOS filesystems (including the VFAT
long filename support).  So you'd use a command sequence
something like this:
</BLOCKQUOTE>

<blockquote><pre>  mkdir /mnt/netgear
  mkdir /mnt/windows
  mount -t ext2 /dev/hdb1 /mnt/netgear
  mount -t vfat /dev/sda1 /mnt/windows
  cd /mnt/netgear &amp;&amp; cp -ax . /mnt/windows
</pre></blockquote>
<BLOCKQUOTE>
... this assumes that you have installed Linux unto your first
IDE drive (the master on the primary controller) which is called
<TT>/dev/hda</TT> under Linux.  It therefore assumes that the hard drive
which you've extracted from the Netgear NAS unit is the second
IDE drive (slave on the primary IDE controller) which is called
<TT>/dev/hdb</TT> under Linux.  This all presumes that you made the necessary
changes to the pin settings on your hard drives to get the hardware
working.
</BLOCKQUOTE>
<BLOCKQUOTE>
I also assume that you're using a SCSI disk (though you could use
a third or fourth IDE drive --- or even a fifth, sixth, etc).
<TT>/dev/sda</TT> is the first SCSI hard drive on any normal Linux system
(though this may change in the future, with devfs).
</BLOCKQUOTE>
<BLOCKQUOTE>
So, this example makes many assumptions about how you've
installed Linux and what hardware you have available.  There are
<EM>MANY</EM> other ways to do this.
</BLOCKQUOTE>
<BLOCKQUOTE>
Other than that the example basically makes a pair of mountpoints
(places at which filesystem can be connected), mounts the
Netgear drive to one and the Win '9x drive/filesystem to another
changes to the top of the netgear directory tree and copies
everything on that filesystem (recursively) unto the VFAT partition.
</BLOCKQUOTE>
<BLOCKQUOTE>
Note: I'm also assuming that the Netgear is not functioning as a
NAS and that you're removing the hard disk from it and connnecting
it to one of your lab machines.  That seems pretty obvious to me,
since you'd just attach to it via the network directly from a
Win '9x/NT box if the NAS services were working; right?
</BLOCKQUOTE>
<BLOCKQUOTE>
I'm also assuming that Netgear is using ext2 (the dominant Linux
native filesystem).  If they're using Reiserfs or some other
filesystem --- then you'd have to do things a bit differently.
If that is the case; you'd be best advised to use the <A HREF="http://www.suse.com/">SuSE</A>
distribution which already includes support for Reiserfs ---
otherwise you'd have to patch and build your own custom kernels;
which is not a task to be undertaken by novices.
</BLOCKQUOTE>
<BLOCKQUOTE>
(S.u.S.E. is the only major distribution that already supports
Reiserfs.  Netgear <EM>might</EM> have patched their system to support
it given that Reiserfs' "journaling" features would be <EM>very</EM>
desirable on any Linux-based headless NAS device!)
</BLOCKQUOTE>
<P><STRONG><IMG SRC="../gx/dennis/qbub.gif" ALT="(?)"
	HEIGHT="28" WIDTH="50" BORDER="0"
	>
3. Am i inventing work unnecessarily. maybe there exist tools to
read Linux partitions and copy DATA to Fat32. Something in the
Style of Partition magic ( but to actually COPY files.)
</STRONG></P>
<BLOCKQUOTE><IMG SRC="../gx/dennis/bbub.gif" ALT="(!)"
	HEIGHT="28" WIDTH="50" BORDER="0"
	> [Jim]
There used to be a set of ext2 (Linux extended filesystem version
2) utilities for OS/2 and Win32 (NT and '9x).  However I'm not
sure that they are the best for your purposes.
</BLOCKQUOTE>
<BLOCKQUOTE>
It would probably be best to buy a nice large hard drive
(6Gb or better), put it in one of your lab workstations,
install Linux from CD (I prefer <A HREF="http://www.debian.org/">Debian</A>; but S.u.S.E. might
be more to your liking --- S.u.S.E. is the most popular
distribution in Europe and has very good support for various
continental languages).
</BLOCKQUOTE>
<BLOCKQUOTE>
Once you have Linux installed and the Netgear drive attached
you can "dump" a raw (bitwise) image of the entire drive into
a single Linux file using a command like:
</BLOCKQUOTE>

<blockquote><pre>   dd if=/dev/hdb of=/some/path/with/lots/of/free/space bs=1024k
</pre></blockquote>
<BLOCKQUOTE>
... or you could dump each filesystem/partition by using
the commands:
</BLOCKQUOTE>

<blockquote><pre>   fdisk -l /dev/hdb
</pre></blockquote>
<BLOCKQUOTE>
... and then (for each of the partitions listed there:
let's say it's 1, 2, 3, <EM>5</EM> and 6; skipping 4 since it might/would
be the extended partiton container:
</BLOCKQUOTE>

<blockquote><pre>   for i in 1 2 3 5 6; do
      dd if=/dev/hdb$i of=/lots-of-space/netgear-image.hdb$i.bin
      done
</pre></blockquote>
<BLOCKQUOTE>
(This last is a bit fancy for a novice.  However, you can just
type the commands one at a time until that little snippet of
shell code makes sense).  (Obviously you'll need to put in
your own names in place of the of= paths that I've listed here).
</BLOCKQUOTE>
<BLOCKQUOTE>
NOTE:  if the netgear filesystems are larger than 2Gb then
you might need a very new kernel with LFS (large filesystem support)
or you could use "raw" partitions (unallocated space) on your
new large Linux disk.
</BLOCKQUOTE>
<BLOCKQUOTE>
This "dd" approach is handy if you want to preserve a full
snapshot of the filesystem (in it's damaged state) before attempting
data recovery.  That way, if your filesystem check and repair
efforts cause <EM>more</EM> damage you can always start from scratch.
</BLOCKQUOTE>
<BLOCKQUOTE>
In general I'd say that there is <EM>way</EM> too much about Linux to
learn before you'd understand how to do filesystem or data recovery.
As I'm sure you know from your experience with FAT/VFAT/FAT32 based
filesystems, one must generally be expert in an OS prior to being
competant at data recovery under it.
</BLOCKQUOTE>
<P><STRONG><IMG SRC="../gx/dennis/qbub.gif" ALT="(?)"
	HEIGHT="28" WIDTH="50" BORDER="0"
	>
I would be most grateful for any advice you could offer.
</STRONG></P>
<BLOCKQUOTE><IMG SRC="../gx/dennis/bbub.gif" ALT="(!)"
	HEIGHT="28" WIDTH="50" BORDER="0"
	> [Jim]
You could look for a good Linux training consultant to come
in and give you're team a crash course.  You'll find that Linux
really is a data recovery person's dream tool suite.  Although it's
not "easy to use" it does offer <EM>full</EM> access to the system
hardware and has very good support for the filesystems of various
operating systems.
</BLOCKQUOTE>
<P><STRONG><IMG SRC="../gx/dennis/qbub.gif" ALT="(?)"
	HEIGHT="28" WIDTH="50" BORDER="0"
	>
My best Christmas greetings from Sweden,
Tony Kvarnstrom
</STRONG></P>

<!-- end 7 -->

<!--     .~~.~~.~~.~~.~~.~~.~~.~~.~~.~~.~~.~~.~~.~~.~~.~~.~~.~~.     -->
<A NAME="tag/8"><HR WIDTH="75%" ALIGN="center"></A>
<!-- begin 8 -->
<H3 align="left"><img src="../gx/dennis/qbubble.gif" 
	height="50" width="60" alt="(?) " border="0"
	>Linux, UNIX, what's the difference?</H3>


<p><strong>From Alex 
</strong></p> 
<p align="right"><strong>Answered By Heather Stern
<br></strong></p>
<!-- ::
Linux, UNIX, what's the difference?
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
:: -->
<P><STRONG>
Hi, I have a question that's been on my mind lately.
I've looked around the web and gotten some roundabout
answers.  The question is, what is Linux?
</STRONG></P>
<BLOCKQUOTE><IMG SRC="../gx/dennis/bbub.gif" ALT="(!)"
	HEIGHT="28" WIDTH="50" BORDER="0"
	> [Heather]
Linux began life as a kernel that would act like Minix but run on Linus'
80386 and mount up his minix filesystems.  He shared it and was encouraged
by folks submitting their own patches.  People just can't make their mouth
say "Linus' Minix" for very long, but I can't pinpoint when it got compressed
to Linux.  Maybe one of our readers could 
<IMG SRC="../gx/dennis/smily.gif" ALT=":)" 
		height="24" width="20" align="middle">
</BLOCKQUOTE>
<BLOCKQUOTE><IMG SRC="../gx/dennis/bbub.gif" ALT="(!)"
	HEIGHT="28" WIDTH="50" BORDER="0"
	> [Mike]
Vaguely I recall Lars Wirzenius mentioning the origin of the
name Linux in a talk at Linux Expo 1998.  I think he said something
like it wasn't Linus who came up with the name.  He just uploaded it
to the FTP site and the FTP admin had to come up with a label for it,
so he called it Linux.  But I may be remembering wrong.
</BLOCKQUOTE>
<BLOCKQUOTE>
Where's that message where Linus recounts how his first success in
building Linux was to develop a multitasker that allowed one process
to write "a" repeatedly to the screen while another process wrote "b"?
I think in there it mentions that one of his early names for the
system, when he was in an extremely frustrated mood, was Buggix.
</BLOCKQUOTE>

<BLOCKQUOTE><IMG SRC="../gx/dennis/bbub.gif" ALT="(!)"
	HEIGHT="28" WIDTH="50" BORDER="0"
	> [Heather]
As time rolled on and "distributions" were gathered and sold, the press
likes to call the distributions Linux too, while others argue that only
the kernel is Linux and the rest is (for example) <A HREF="http://www.redhat.com/">Red Hat</A> or <A HREF="http://www.suse.com/">SuSE</A> or whatever.
</BLOCKQUOTE>
<P><STRONG><IMG SRC="../gx/dennis/qbub.gif" ALT="(?)"
	HEIGHT="28" WIDTH="50" BORDER="0"
	>
The most popular answer on the net seems to be "Linux
is a UNIX-like OS".  Well, then what is UNIX?  And why
isn't Linux UNIX?
</STRONG></P>
<BLOCKQUOTE><IMG SRC="../gx/dennis/bbub.gif" ALT="(!)"
	HEIGHT="28" WIDTH="50" BORDER="0"
	> [Heather]
There is someone who presently administers the trademark work UNIX and they
don't feel like branding Linux with it for free.  <A HREF="http://www.freebsd.org/">FreeBSD</A> has the same
"problem" - both are at this point well established systems that people
already experienced in UNIX will find comfortable features in.
</BLOCKQUOTE>
<BLOCKQUOTE>
The trademark began life as AT&amp;T Bell Labs UNIX, and has been traded and
sold a number of times since.  For a while Novell owned it ... in fact,
for a brief time it looked like Novell could become the source of a new,
completely non Microsoft based system, because they had Netware, they
had DR DOS, they had WordPerfect and its family of apps... but they either
didn't see it or had so many internal politics they couldn't do it.
</BLOCKQUOTE>
<BLOCKQUOTE>
The current trademark holders are the Open Group.   Their babble about
rights to use their trademark is at:
<A HREF="http://www.unix-systems.org/trademark.html"
	>http://www.unix-systems.org/trademark.html</A>
</BLOCKQUOTE>
<BLOCKQUOTE>
Anyways, UNIX shouldn't be used as a generic term, because that's against
the principles of trademark.  Let me illustrate with an example that a few
more people will understand.  You can't call something Coca-Cola
(<A HREF="http://www.coca-cola.com"
	>http://www.coca-cola.com</A>) that's not.  You're not supposed to call it Pepsi
either (<A HREF="http://www.pepsi.com"
	>http://www.pepsi.com</A>, but you can't use the site at all from lynx;
try their investor relations site, <A HREF="http://www.pepsico.com"
	>http://www.pepsico.com</A> instead) unless it's
really Pepsi.  But you can call it a "Coca-Cola like soda" or say something
"tastes kinda like Pepsi" and you're safest with "a cola" or "a soda pop".
For the curious out there, I drink either, but prefer RC
(<A HREF="http://www.rccola.com"
	>http://www.rccola.com</A>).
</BLOCKQUOTE>
<BLOCKQUOTE>
So Linux is "an operating system" which only "tastes like MS Windows" if you
select a window manager with a theme that tries really hard to do that,
but tends to "taste like UNIX".  Admittedly it tastes a bit more like these
if you go the extra mile and run <A HREF="http://www.winehq.com/">WINE</A> or have the iBCS compatability module
around so you could try to run the respective binaries.
</BLOCKQUOTE>
<BLOCKQUOTE><IMG SRC="../gx/dennis/bbub.gif" ALT="(!)"
	HEIGHT="28" WIDTH="50" BORDER="0"
	> [Mike]
Funny, just today I saw a story in Linux Weekly News where Sun claims
Solaris is a version of Linux because it can run programs compiled for
Linux, and maddog says this proves we've never come to a consensus on
what "Linux" really means.  Purists say Linux means just the kernel, but
maddog cites Linus as predicting that mainframes with highly-customized
kernels will also be "Linux sytems" in the future.
</BLOCKQUOTE>
<BLOCKQUOTE>
<A HREF="http://www.lwn.net/2000/1221"
	>http://www.lwn.net/2000/1221</A>
</BLOCKQUOTE>

<P><STRONG><IMG SRC="../gx/dennis/qbub.gif" ALT="(?)"
	HEIGHT="28" WIDTH="50" BORDER="0"
	>
Is AIX or Solaris or SunOS or HP-UX a UNIX?
</STRONG></P>
<BLOCKQUOTE><IMG SRC="../gx/dennis/bbub.gif" ALT="(!)"
	HEIGHT="28" WIDTH="50" BORDER="0"
	> [Heather]
AIX and Solaris are blessed with this trademark under "UNIX 98", HP-UX and
Tru64 among others are blessed under "UNIX 95". (You can see the Open
Group's Registered Product Catalog if you care:
<A HREF="http://www.opengroup.org/regproducts/catalog.htm"
	>http://www.opengroup.org/regproducts/catalog.htm</A>
</BLOCKQUOTE>
<BLOCKQUOTE>
I don't think SunOS ever got so blessed; it was a BSD derivitive after all.
You can read some about the confusions between SunOS and Solaris in this
handy note:
<A HREF="http://www.math.umd.edu/~helpdesk/Online/GettingStarted/SunOS-Solaris.html"
	>http://www.math.umd.edu/~helpdesk/Online/GettingStarted/SunOS-Solaris.html</A>
</BLOCKQUOTE>
<P><STRONG><IMG SRC="../gx/dennis/qbub.gif" ALT="(?)"
	HEIGHT="28" WIDTH="50" BORDER="0"
	>
If so, what makes them a UNIX and Linux <EM>not</EM>
a UNIX?  Is it kernel specific?  What's the deal?
</STRONG></P>
<BLOCKQUOTE><IMG SRC="../gx/dennis/bbub.gif" ALT="(!)"
	HEIGHT="28" WIDTH="50" BORDER="0"
	> [Heather]
I hope this helped.
</BLOCKQUOTE>

<!-- end 8 -->
<!--     .~~.~~.~~.~~.~~.~~.~~.~~.~~.~~.~~.~~.~~.~~.~~.~~.~~.~~.     -->
<A NAME="tag/9"><HR WIDTH="75%" ALIGN="center"></A>
<!-- begin 9 -->
<H3 align="left"><img src="../gx/dennis/qbubble.gif" 
	height="50" width="60" alt="(?) " border="0"
	>linux question</H3>


<p><strong>From Ted Mims 
</strong></p> 
<p align="right"><strong>Answered By Dan Wilder
<br></strong></p>
<P><STRONG>
I hope you can help me out.  I am running a box with Linux 6.0.  I had a
hacker a few weeks ago that primarily set up some shielded irc channels
and modified my dns for his needs (exactly what they were, I am not
sure).  Anyway, somehow he made it so that my securetty file is ignored.
I am having no luck locking root out of telnet.  securetty has the
correct format and permissions and pam_securetty.so is not commented in
the <TT>/etc/pam.d/login</TT> file.  Do you happen to have any suggestions?  All
I want to do is re-restrict direct-in root access.  I would greatly
appreciate any elightenment you can offer.  Thanks
</STRONG></P>
<P><STRONG>
Ted H. Mims
</STRONG></P>
<BLOCKQUOTE><IMG SRC="../gx/dennis/bbub.gif" ALT="(!)"
	HEIGHT="28" WIDTH="50" BORDER="0"
	> [Dan]
The executive summary: reinstall, secure the new system,
copy data from the old.
</BLOCKQUOTE>
<BLOCKQUOTE>
Unfortunately, once a system is compromised, you can't trust
the pieces.  The skilful cracker, or even the less skilled
in this day of script kiddees, will have replaced system binaries
such as <TT>/bin/login</TT>, <TT>/bin/ls</TT>, <TT>/bin/ps</TT>, and on and on.  This places
you in a shifting hall of mirrors when you attempt repair on a
running system.  Especially if you attempt this repair while the
system is connected to the network.  I know very few sysadmins
who would be up to this challenge, fewer still who would be
assured of success, and almost none who would attempt it except
on a wager or as a sport.  I would be the last to suggest
you attempt this based on a few pointers.
</BLOCKQUOTE>
<BLOCKQUOTE>
The prudent course of action is a fresh install on a new hard drive.
Do this on a system without any connection to an outside network.
</BLOCKQUOTE>
<BLOCKQUOTE>
Upgrade named.  <A HREF="http://www.isc.org/products/BIND"
	>http://www.isc.org/products/BIND</A> is the URL.
Use bind-8.2.2 patchlevel 7 for an easy upgrade from what's on
most 6.0 distributions.  Or, see if the ftp site for your
distribution has an upgrade.  Eight bugs, including one
allowing remote exploit and providing the attacker with
full access at whatever privilege level named runs at, have
been located in older versions of bind.
</BLOCKQUOTE>
<BLOCKQUOTE>
Eliminate all services the system does not need, by turning them
off in <TT>/etc/inetd.conf</TT> or the equivalent xinetd config files.
</BLOCKQUOTE>
<BLOCKQUOTE>
Establish secure passwords for all accounts.
</BLOCKQUOTE>
<BLOCKQUOTE>
At that point, take the hard drive from the old system and mount
it for example on <TT>/mnt.</TT>  Copy valuable data from the old hard drive
to the new.  Examine all configuration files you may copy over
carefully.
</BLOCKQUOTE>
<BLOCKQUOTE>
Don't allow telnet from remote systems.  The password is
transmitted in plaintext, not a very good idea in this
age of sniffers.
</BLOCKQUOTE>
<BLOCKQUOTE>
Consider instead installing ssh or openssh, if remote access
is needed, or if you're on a LAN with more than a handful
of hosts or with users who are not highly trusted employees.
Be aware that even ssh is not 100% proof against "man in the middle"
compromise.
</BLOCKQUOTE>
<blockquote>
<BLOCKQUOTE>
&lt;digression&gt;
That "6.0" doesn't mean much if you don't specify the distribution,
for example "<A HREF="http://www.redhat.com/">Red Hat</A>" or "<A HREF="http://www.suse.com/">SuSE</A>"  Each Linux distribution
maintains its own versioning system, with only very rough
equivalence between distributions.
&lt;/digression&gt;
</BLOCKQUOTE>
</blockquote>

<p><em>.... Ted found the breakage ...</em></p>
<p><strong><img src="../gx/dennis/qbubble.gif" 
	height="50" width="60" alt="(?) " border="0"
	> 
I just needed to actually pen the question to someone.  I figured it out
all by my lonesome.  Thanks anyway.  He had bypassed pam and sent it
back to the login.defs file which of course did not have a CONSOLE
directive.
</strong></p>
<p><strong>
Ted H. Mims
</strong></p>

<!-- end 9 -->
<!--     .~~.~~.~~.~~.~~.~~.~~.~~.~~.~~.~~.~~.~~.~~.~~.~~.~~.~~.     -->
<A NAME="tag/10"><HR WIDTH="75%" ALIGN="center"></A>
<!-- begin 10 -->
<H3 align="left"><img src="../gx/dennis/qbubble.gif" 
	height="50" width="60" alt="(?) " border="0"
	>Red Hat 7.0</H3>
<h4 align="center">Crackerz!</h4>


<p><strong>From George Hawthorn 
</strong></p> 
<p align="right"><strong>Answered By  Ben Okopnik, Heather Stern
<br></strong></p>
<P><STRONG>
Answer Guy,
</STRONG></P>
<P><STRONG>
I've searched every Linux site I can find to understand why after months of
trouble free operation, I am unable to login to my RH 7.0 server at the
terminal.  Everything is working fine, web server, ftp, router but I simply
cannot login as root or anybody else for that matter.  I can do a 'linux
single' boot but under a normal boot, when I get the login: prompt and type
root, I'm back at the login prompt again.
I realize this is an imposition, but I'm getting desperate.
</STRONG></P>
<P><STRONG>
Thanks for your time,
</STRONG></P>
<P><STRONG>
George Hawthorn
</STRONG></P>
<BLOCKQUOTE><IMG SRC="../gx/dennis/bbub.gif" ALT="(!)"
	HEIGHT="28" WIDTH="50" BORDER="0"
	> [Ben]
First, a quick possibility:  Take a look at my 
'<a href="../issue52/okopnik.html"><em>"Cannot execute <TT>/bin/bash:</TT> Permission denied" - solved!</em></a>' article in Issue #52 of the Linux Gazette.
It may contain an answer to your question. Note also that people <EM>are</EM>
able to log in if your ftp, etc. services are usable - they are logging in
as a very low-privilege user ("nobody", or "ftp"), but they <EM>are</EM> logging
in.
</BLOCKQUOTE>
<BLOCKQUOTE><IMG SRC="../gx/dennis/bbub.gif" ALT="(!)"
	HEIGHT="28" WIDTH="50" BORDER="0"
	> [Heather]
Here's an even faster possibility (maybe even the same) - did you upgrade
PAM recently by any chance?  The default files from a PAM upgrade usually
are not the same as your normal policy.  One time I ended up only being
able to get in via ssh ... and that, only because my key was already in
place, so it wasn't dropping down to standard authentication.
</BLOCKQUOTE>
<BLOCKQUOTE><IMG SRC="../gx/dennis/bbub.gif" ALT="(!)"
	HEIGHT="28" WIDTH="50" BORDER="0"
	> [Ben]
Second - when you do log in via 'single', what does the system look like?
Has the password file changed? (Hint: it is a Good Idea to have dated
snapshots of "<TT>/etc</TT>" along with your regular backups; a tarred/gzipped
archive should easily fit on a floppy.) Try making a copy of "<TT>/etc/passwd</TT>"
(or "<TT>/etc/shadow</TT>" if you use shadow passwords), then edit it to remove the
password hash for root -
</BLOCKQUOTE>

<blockquote><pre>root:1XaFDYn7EapuP:0:0:root:/root:/bin/bash
</pre></blockquote>
<BLOCKQUOTE>
Chop out the second field:
</BLOCKQUOTE>

<blockquote><pre>root::0:0:root:/root:/bin/bash
</pre></blockquote>
<BLOCKQUOTE>
When you next log in as "root", you won't need a password - just make sure
to create one immediately. If you <EM>still</EM> cannot log in, then something in
the system itself is giving you problems; once again, refer to the above
article.
</BLOCKQUOTE>
<BLOCKQUOTE>
As to reasons <EM>why</EM> this happened in the first place: well, the scary-but-
obvious reason could be that some "script-kiddie" got into your system and
did a dance on it. Not to panic; as long as you've got good backups, the
damage can be undone (and if you're running a publicly accessible server
and _don't_ have backups, I'm afraid you've gone beyond any help I can
give.) It could also be that some program you've installed - and I haven't
heard of anything like this with progs from established distributions,
whereas just slapping in a random tarball could do this - has messed up
your libraries or other vital files.
</BLOCKQUOTE>
<BLOCKQUOTE>
In my experience with Linux, I've come to an expectation that I did not
have with MS Windows or OS/2 - "stuff" doesn't just happen. There <EM>is</EM> a
reason for this; whether a security problem caused by random services
enabled in "<TT>/etc/inetd.conf</TT>" (I strongly suggest reading the Security-HOWTO
if you have not done so previously) or a problematic program installation,
you need to track it down and resolve it. Particularly in the case of a
break-in, it is not something you want to happen again.
</BLOCKQUOTE>
<BLOCKQUOTE>
Good luck
</BLOCKQUOTE>

<p><em>... George adds some context ...</em></p>

<P><STRONG>
<img src="../gx/dennis/qbubble.gif" 
	height="50" width="60" alt="(?) " border="0"
	> 
Ben,
</strong></p>
<P><STRONG>
Thanks so much for the speedy reply.  I'm going to read through your e-mail
very carefully.  I can tell you that I've done nothing to the server for
months accept FTP files to it, Telnet to it, add a couple of users etc.
It's been running perfectly since August of this year, and so I "think" I
can rule out my actions as the cause.  I haven't installed any additional
programs.  As for the security issue, this was and still is my immediate
concern.  I wonder if someone has got in and done "something".  I did see a
couple of bad login attempts using lastb.  I do have copies of ALL important
files, and so could simply reinstall the OS, but then I'd be no better
off...just waiting for it to happen again.
Thanks once again for your help.  I'll let you know if I find the cause.
</strong></p>

<p><em>... then following Ben's advice, investigates more carefully ...</em></p>

<P><STRONG>
<img src="../gx/dennis/qbubble.gif" 
	height="50" width="60" alt="(?) " border="0"
	> 
Ben,
Following your article in issue #52, I looked at <TT>/bin/login</TT> (using linux
single) and noticed that it is owned by root and lp (have no idea what lp is
...sounds like a print queue).
</STRONG></P>
<BLOCKQUOTE><IMG SRC="../gx/dennis/bbub.gif" ALT="(!)"
	HEIGHT="28" WIDTH="50" BORDER="0"
	> [Ben]
Just to hazard a guess - since I don't know the layout of your system or
anything else about it - an attacker may indeed have come in via your
remote print system; there are exploits (if I remember correctly) that use
it, since it requires a high level of privilege to access the hardware
ports. I would at least check into security measures involving the print
system - the first of which would be to make sure that I'm running "rlpr"
or "lprng" for my remote services. The second would most likely be a
search of COTSE &lt;<A HREF="http://www.cotse.com/unix.htm&gt"
	>http://www.cotse.com/unix.htm&gt</A>;, Insecure.org
&lt;<A HREF="http://www.insecure.org/sploits_linux.html&gt"
	>http://www.insecure.org/sploits_linux.html&gt</A>;, or NetworkICE
&lt;<A HREF="http://www.networkice.com/advice/Exploits&gt"
	>http://www.networkice.com/advice/Exploits&gt</A>; for known exploits against
whatever I <EM>am</EM> running.
</BLOCKQUOTE>
<P><STRONG><IMG SRC="../gx/dennis/qbub.gif" ALT="(?)"
	HEIGHT="28" WIDTH="50" BORDER="0"
	>
I booted up another pc with RH 7.0 and
noticed that its <TT>/bin/login</TT> ownership is root and root.  I tried chown
root.root login, but get the 'permission denied response'.  I also edited
<TT>/etc/shadow</TT> with no luck.  I agree with your theory that reinstalling
teaches you nothing.  My master plan was to FTP the login "program" from a
working pc to the server in the hope that login is somehow corrupted on the
server.
</STRONG></P>
<BLOCKQUOTE><IMG SRC="../gx/dennis/bbub.gif" ALT="(!)"
	HEIGHT="28" WIDTH="50" BORDER="0"
	> [Ben]
"<TT>/bin/login</TT>" and "<TT>/bin/bash</TT>" are typically good things to check when
looking for intrusion "footprints", especially a "<TT>/bin/bash</TT>" that's been
set SUID (this means that anyone running that shell has full root
privileges!) The fact that you're unable to chown "login" means that
FTPing a good "login" binary will not help - you probably won't be able to
delete the old one. In fact, it's a pretty strong indicator that...
</BLOCKQUOTE>
<P><STRONG><IMG SRC="../gx/dennis/qbub.gif" ALT="(?)"
	HEIGHT="28" WIDTH="50" BORDER="0"
	>
I rebooted the server using the linux single command, and then SU to login
as root.  I was scrolling through previous commands and was surprised to see
many commands that I didn't enter.  Someone created a user called "Poped" as
far as I can tell, and then entered commands such as
</STRONG></P>
<P><STRONG>
rm <TT>-f</TT> <TT>/bin/login</TT>
chattr <TT>-i</TT> <TT>/bin/login</TT>
</STRONG></P>
<P><STRONG>
It would seem that someone gained access.  What do you think?
</STRONG></P>
<BLOCKQUOTE><IMG SRC="../gx/dennis/bbub.gif" ALT="(!)"
	HEIGHT="28" WIDTH="50" BORDER="0"
	> [Ben]
...somebody got in. I assume I don't need to mention that you need to
immediately take your system off the network - given that he has root
access, your attacker could easily wipe out your entire system.
</BLOCKQUOTE>
<BLOCKQUOTE>
I would guess, even though you haven't mentioned this, that they ran a
"chattr +i" on the "<TT>/bin/login</TT>" that they had installed - this would be the
reason that you can't delete "<TT>/bin/login</TT>". You can remove the "immutable"
flag set by "chattr" by running "chattr <TT>-i</TT> <TT>/bin/login</TT>"; this should allow
you to delete/replace it with a non-'rootkit' "login".
</BLOCKQUOTE>
<BLOCKQUOTE>
By the way - one of the ways you can usually tell the replacements is by
looking at the size of the executable. The 'rootkit' types, due to the
fact that they can't be dynamically linked (they have to be able to work on
a system whether it has their required libraries or not), are normally much
larger.
</BLOCKQUOTE>
<BLOCKQUOTE>
In a way, you should consider yourself lucky - a really knowledgeable
cracker would have replaced your "<TT>/sbin/syslogd</TT>" and cleaned up your
logfiles. You would never have known that anyone had been in there. Also,
the very fact that he screwed up "login" to that degree shows him to be an
amateur - a successful system crack is nowhere nearly that obvious or
crude.
</BLOCKQUOTE>
<BLOCKQUOTE>
Once again, I strongly recommend reading the Security-HOWTO and doing some
research. Leave your system off-line until you're satisfied 1) that you
understand how the attacker got in, 2) have securely patched that hole,
and 3) have done a general security survey of your system and are
reasonably satisfied with its state. If you're setting up a publicly-
accessible server and have not studied the security aspect, you're letting
yourself in for a large heap of trouble - as you have found out.
</BLOCKQUOTE>
<P><STRONG><IMG SRC="../gx/dennis/qbub.gif" ALT="(?)"
	HEIGHT="28" WIDTH="50" BORDER="0"
	>
Thanks for any help.
</STRONG></P>
<P><STRONG>
P.S. so much for my firewall.
</STRONG></P>
<BLOCKQUOTE><IMG SRC="../gx/dennis/bbub.gif" ALT="(!)"
	HEIGHT="28" WIDTH="50" BORDER="0"
	> [Ben]
Ah, <EM>more</EM> reading to do! 
<IMG SRC="../gx/dennis/smily.gif" ALT=":)" 
		height="24" width="20" align="middle"> Firewall setup is not as "automatic" as a lot
of folks think. Most of the time, it's not particularly difficult - but it
<EM>does</EM> require attention and a bit of study. See the (are you surprised?)
Firewall-HOWTO.
</BLOCKQUOTE>

<p><em>... George will go one better ...</em></p>

<P><STRONG>
<img src="../gx/dennis/qbubble.gif" 
	height="50" width="60" alt="(?) " border="0"
	>
Ben,
I'm really grateful for your excellent responses.  You've been a tremendous
help and I plan on taking your advice.  I bought "Building Linux and Open
BSD Firewalls" a few months ago and will delve more deeply into the book.
</STRONG></P>
<P><STRONG>
Happy Christmas, and thanks once again.
</STRONG></P>
<BLOCKQUOTE><IMG SRC="../gx/dennis/bbub.gif" ALT="(!)"
	HEIGHT="28" WIDTH="50" BORDER="0"
	> [Ben]
Glad I could be of help, George; sounds like you're taking an effective
tack to resolve the problem. Merry Christmas to you as well, and the best
of luck.
</BLOCKQUOTE>

<!-- end 10 -->
<!--     .~~.~~.~~.~~.~~.~~.~~.~~.~~.~~.~~.~~.~~.~~.~~.~~.~~.~~.     -->
<A NAME="tag/11"><HR WIDTH="75%" ALIGN="center"></A>
<!-- begin 11 -->
<H3 align="left"><img src="../gx/dennis/qbubble.gif" 
	height="50" width="60" alt="(?) " border="0"
	>Transmitting PaperPort files with .max</H3>
<h4 align="center">Definitely some Windows file format</h4>


<p><strong>From Elizabeth Sedgwick 
</strong></p> 
<p align="right"><strong>Answered By  Mike Orr, Heather Stern, Don Marti
<br></strong></p>
<p><strong>
Gees, I hope you can help me.
</strong></p>
<p><strong>
I just loaded PaperPort software for windows, which is used
with a scanner for photographs, etc. onto my computer.  The
extension for the software is .max.  When I send photographs
to friends, they cant open them.  Do they have to have the
software on their computer to open the files?
</strong></p>
<p><strong>
In trying to solve this problem, I saved the photos with a
.jpeg extension and am sending them this way.  Some of my
friends do not have .jpeg type software in their computers.
Is there some way to download jpeg software from the
internet if you dont have it on your computer?
</strong></p>
<p><strong>
Your help with be so appreciated?
Elizabeth
</strong></p>

<BLOCKQUOTE><IMG SRC="../gx/dennis/bbub.gif" ALT="(!)"
	HEIGHT="28" WIDTH="50" BORDER="0"
	> [Mike]
This is Linux Gazette, not Windows Gazette.  You'd get a better
answer by asking a Windows group.
</BLOCKQUOTE>
<BLOCKQUOTE>
.max is not a normal image extension like .jpg, .gif, .png.  It
is very likely the recipient does not have a .max reader installed.
Nowadays they probably DO have a .jpg viewer of some sort
already installed.  How to view the image depends totally on the
recipient's mail program and other software.  At worst, they can save
the .jpg's as files and view them in Netscape or Internet Explorer using
a URL like file:/directory/filename.jpg .  (May need "\" or "\\"
and a "c:" prefix under Windows?)
</BLOCKQUOTE>
<BLOCKQUOTE>
IF they are running Windows, it's possible something called "File
Associations" has a bad configuration.  This is a table that tells
Windows which program to use to open a .jpg or .jpeg file when you
double-click it.  In Win95, it was a setting in Windows Explorer off one
of the menus somewhere.  In Win98/2000, I have no idea where it is.
</BLOCKQUOTE>

<p><em>... Great help, but Elizabeth is confused ...</em></p>

<P><STRONG><img src="../gx/dennis/qbubble.gif" 
	height="50" width="60" alt="(?) " border="0"
	>
Thank you for your help.
</strong></p>
<p><strong>
When I transmitted my email, it was sent to <A HREF="mailto:linux-questions-only@ssc.com"
	>linux-questions-only@ssc.com</A>.  How it
reached you is beyond me.
</strong></p>
<p><strong>
Thanks for your ideas!!  You're right about jpeg.
</strong></p>
<p><strong>
For your info, I learned that jpeg software comes with Microsoft Explorer.
I tried it, and the photos were highly enlarged at the receiver's end.  It
worked, but you had to look through several screens to see the whole photo.
The photo was smaller than screen size when I sent it.
</strong></p>
<p><strong>
I did find a solution that seems to work.  I use the extension of .exe and
people are able to open the file without special software.
</strong></p>
<p><strong>
Thanks again!!!
</strong></p>

<BLOCKQUOTE><IMG SRC="../gx/dennis/bbub.gif" ALT="(!)"
	HEIGHT="28" WIDTH="50" BORDER="0"
	> [Mike]
<A HREF="mailto:linux-questions-only@ssc.com"
	>linux-questions-only@ssc.com</A> was originally an alias for Jim Dennis, who answered the
questions and collected the threads to publish in Linux Gazette.
To ease the burden on him, we expanded it to The Answer Gang
(<A HREF="mailto:linux-questions-only@ssc.com"
	>linux-questions-only@ssc.com</A>), a mailing list with about ten subscribers.  All of them
see the questions and try to respond.  This also improves the quality of
the answers.
</BLOCKQUOTE>

<p><em>... Elizabeth is right to wonder ...</em></p>

<P><STRONG><img src="../gx/dennis/qbubble.gif" 
	height="50" width="60" alt="(?) " border="0"
	>
Does <A HREF="mailto:linux-questions-only@ssc.com"
	>linux-questions-only@ssc.com</A> answer questions about windows?
</strong></p>

<BLOCKQUOTE><IMG SRC="../gx/dennis/bbub.gif" ALT="(!)"
	HEIGHT="28" WIDTH="50" BORDER="0"
	> [Mike]
No.  Sometimes we will anyway, but generally not.
</BLOCKQUOTE>
<BLOCKQUOTE>
I used to do Windows support at a hospital, so I remember the tricks
I used then.  But I haven't used Windows hardly at all since 1998.
</BLOCKQUOTE>

<BLOCKQUOTE><IMG SRC="../gx/dennis/bbub.gif" ALT="(!)"
	HEIGHT="28" WIDTH="50" BORDER="0"
	> [Don]
About Windows/Linux interoperability, yes.  If there's no Linux in
the picture at all, then no.
</BLOCKQUOTE>
<BLOCKQUOTE><em>
Any technology distinguishable from magic is insufficiently advanced.
</em></BLOCKQUOTE>
<BLOCKQUOTE><IMG SRC="../gx/dennis/bbub.gif" ALT="(!)"
	HEIGHT="28" WIDTH="50" BORDER="0"
	> [Heather]
We actually try to answer questions, but only have any interest in
answering Linux questions.  There are lots of sites dedicated to Windows.
</BLOCKQUOTE>
<BLOCKQUOTE>
Perhaps a better question would be, if one of the Gang feels inclined to
answer a Windows question anyway, do we publish it?  Usually not.  If it 
involves interoperability, or it looks like Linux users
might also somehow benefit from the answer, or it gives our crew an
opportunity to advocate Linux a bit, then we do.
</BLOCKQUOTE>

<p><em>... Fair enough, but then ...</em></p>

<P><STRONG><img src="../gx/dennis/qbubble.gif" 
	height="50" width="60" alt="(?) " border="0"
	>
Thank you for corresponding with me.  Is there another web location I can
contact to obtain answers to Windows questions?
</STRONG></P>
<BLOCKQUOTE><IMG SRC="../gx/dennis/bbub.gif" ALT="(!)"
	HEIGHT="28" WIDTH="50" BORDER="0"
	> [Mike]
Not that I know of in particular.  There are USENET newsgroups
(comp.os.ms-windows.* I think), which you can access at 
<a href="http://www.deja.com/">www.deja.com</a>.
</BLOCKQUOTE>
<BLOCKQUOTE>
Or go to Google (<A HREF="http://www.google.com"
	>http://www.google.com</A>) and type some keywords.
</BLOCKQUOTE>
<BLOCKQUOTE><IMG SRC="../gx/dennis/bbub.gif" ALT="(!)"
	HEIGHT="28" WIDTH="50" BORDER="0"
	> [Heather]
There's a tips area at <a href="http://www.winfiles.com">winfiles.com</a>, 
but it's nothing like we have.  Here is a real nice opportunity for one of 
the Windows related magazines to do a Windows Answers column like ours on 
their website...
</BLOCKQUOTE>

<!-- end 11 -->
<!--     .~~.~~.~~.~~.~~.~~.~~.~~.~~.~~.~~.~~.~~.~~.~~.~~.~~.~~.     -->
<A NAME="tag/12"><HR WIDTH="75%" ALIGN="center"></A>
<!-- begin 12 -->
<H3 align="left"><img src="../gx/dennis/qbubble.gif" 
	height="50" width="60" alt="(?) " border="0"
	>Help Me Delete Linux</H3>


<p><strong>From Antony 
</strong></p> 
<p align="right"><strong>Answered By Mike Orr
<br></strong></p>
<P><STRONG><IMG SRC="../gx/dennis/qbub.gif" ALT="(?)"
	HEIGHT="28" WIDTH="50" BORDER="0"
	>
Hi, I recently attempted to install Linux Mandrake, but I did it wrong and know Windows has been
deleted and linux won't work, all I want to do is Delete linux  so I can reinstall Windows and be
happy again, I cant even install windows at the moment because linux is taking up too much room on
the hard drive. Mum is heaps annoyed as she can't use the computer so can you please help me
quickly? Thanks
</STRONG></P>
<BLOCKQUOTE><IMG SRC="../gx/dennis/bbub.gif" ALT="(!)"
	HEIGHT="28" WIDTH="50" BORDER="0"
	> [Mike]
Hmm, three questions about uninstalling Linux in two days.  I wonder what
that means.
</BLOCKQUOTE>
<BLOCKQUOTE>
Doesn't the Windows setup program allow you to repartition your disk as
part of the process?  If not, that's a big omission.
</BLOCKQUOTE>
<BLOCKQUOTE>
Anybody here use Mandrake?  Does it come with a boot floppy that can be
used as a rescue disk?  If so, you should be able to boot from the floppy,
press Alt-F2 to go to the second virtual console, run "cfdisk" or "fdisk"
and delete the Linux partitions (or all the partitions), and then reboot
and run the Windows install program.
</BLOCKQUOTE>

<!-- end 12 -->

<!--     .~~.~~.~~.~~.~~.~~.~~.~~.~~.~~.~~.~~.~~.~~.~~.~~.~~.~~.     -->
<A NAME="tag/19"><HR WIDTH="75%" ALIGN="center"></A>
<!-- begin 19 -->
<H3 align="left"><img src="../gx/dennis/qbubble.gif" 
	height="50" width="60" alt="(?) " border="0"
	>Removing Linux: Sacrilege!</H3>
<H4 ALIGN="center">or: <TT>/bin/dd</TT> is your friend!</H4>


<p><strong>From Kevin Gray 
</strong></p> 
<p align="right"><strong>Answered By Mike Orr, Jim Dennis
<br></strong></p>
<!-- ::
Removing Linux: Sacrilege!
~~~~~~~~~~~~~~~~~~~~~~~~~~
or: <TT>/bin/dd</TT> is your friend!
:: -->
<P><STRONG>
hello i was just wondering how to remove linux from my system. I have two
hard drives one with linux and the other with windows 98. Everything works
fine but I just never use linux and since I don't have the time or technical
know how as to operate linux i would like to get my hard drive back. Is
there a way to do this? Any help would be appreciated. Thank you.
</STRONG></P>
<P><STRONG>
Until your next letter I remain,
<br>Sincerely Yours,
<br>Kevin Gray
</STRONG></P>

<BLOCKQUOTE><IMG SRC="../gx/dennis/bbub.gif" ALT="(!)"
	HEIGHT="28" WIDTH="50" BORDER="0"
	> [Mike]
Is Linux on your primary drive or second drive?  If it's on your second
drive, use Windows fdisk program to delete the Linux partitions and
create DOS partition(s).  If you can't find a graphical fdisk program
under the start menu, open a DOS box and type "fdisk".  Choose the
option to switch drives if necessary), then the option to print
partition information.  Verify which are the Linux partition(s) and
delete them.  Then either make one big DOS partition or several small
ones.  Close and reboot, open My Computer, right-click on each new
partition and choose "Format" from the menu.
</BLOCKQUOTE>
<BLOCKQUOTE>
If Linux is on your primary drive, can you switch the drive cables
and/or jumpers to make Windows the primary drive?  Be warned that
Windows programs tend to go into convulsions if you change drive letters on
them.  Windows assigns drive letters according to which partitions it
finds first, so moving drives around or changing DOS partitions changes
the drive letters.  Use the Windows utility to make a rescue floppy
first.
</BLOCKQUOTE>
<BLOCKQUOTE>
If you're using LILO to boot, you can eliminate it by using
"<TT>fdisk /mbr</TT>", an undocumented option to Windows' fdisk program.  This
replaces the master boot record on the disk with Windows' default
version.  Note that Windows' boot loader is primitive: it won't
give you a menu, it'll just boot whichever primary partition is active
(on the first disk only).  You must first make that partition active
(=bootable) using fdisk, and ensure ONLY ONE partition is active.
</BLOCKQUOTE>

<BLOCKQUOTE><IMG SRC="../gx/dennis/bbub.gif" ALT="(!)"
	HEIGHT="28" WIDTH="50" BORDER="0"
	> [Jim]
Note that most versions of MS FDISK will refuse to remove
non-MS-DOS partitions.  You can use Linux fdisk to remove partitions
or you can use dd to complete wipe out all data on the Linux
disk which will make it look like it's fresh from the factory
so far as MS is concerned.
</BLOCKQUOTE>
<BLOCKQUOTE>
Also note that swapping drive letters out from under a MS OS
installation is basically guaranteed to hurt worse than backing
up your data to floppies, re-installing the OS from scratch,
re-installing all applications and restore copies of your data
into place.  (This re-installation process has the added benefit
of ensure that you have backups and of cleaning out all of the
cruft that tends to accumulate in Microsoft based operating
systems over time).
</BLOCKQUOTE>

<BLOCKQUOTE><IMG SRC="../gx/dennis/bbub.gif" ALT="(!)"
	HEIGHT="28" WIDTH="50" BORDER="0"
	> [Mike]
When I use it, it just asks, "Delete non-DOS partition?" and does
it.
</BLOCKQUOTE>
<BLOCKQUOTE>
You can use Linux fdisk to delete the partition, but be careful,
because then Linux won't exist but will still be running.  Do it
in single-user mode (type "linux single" at the LILO prompt),
then reboot immediately after exiting the program.  Even better
would be to boot from a Linux rescue floppy (which probably came
with your distribution) so that you're not deleting the
currently-running system.
</BLOCKQUOTE>

<p><em>... and the real nitty gritty instructions ...</em></p>
<BLOCKQUOTE><IMG SRC="../gx/dennis/bbub.gif" ALT="(!)"
	HEIGHT="28" WIDTH="50" BORDER="0"
	> [Jim]
Let's assume that you have two IDE drives and that you have
Linux installed on what MS-DOS/MS Windows would call your "D:"
drive (<TT>/dev/hdb</TT> or <TT>/dev/hdc</TT> or even possibly <TT>/dev/hdd</TT> under Linux).
Obviously that could be <TT>/dev/sda</TT> if you're using a combination of IDE
and SCSI or <TT>/dev/sdb</TT> if you have two SCSI drives.
</BLOCKQUOTE>
<BLOCKQUOTE>
So, let's assume that MS Windows is installed on <TT>/dev/hda</TT> and
that Linux is on <TT>/dev/hdc</TT> (perhaps your CD-ROM drive is <TT>/dev/hdb</TT>
<TT>/dev/hdd</TT>).
</BLOCKQUOTE>
<BLOCKQUOTE>
To remove Linux as though it had NEVER been there you can follow
these steps:
</BLOCKQUOTE>

<blockquote><pre>      lilo -u /dev/hda
</pre></blockquote>
<BLOCKQUOTE>
... should attempt to copy <TT>/boot/boot.0300</TT> back into <TT>/dev/hda</TT>
(that should have been the backup copy of your original master
boot record --- MBR).  If that does work then prepare an MS-DOS
boot floppy (ask Microsoft how to do that with newer versions
of Win'9x; they'll swear that Win'9x isn't really DOS anymore,
but they're lying, of course).
</BLOCKQUOTE>
<BLOCKQUOTE>
Now to wipe out EVERYTHING from <TT>/dev/hdc.</TT>
</BLOCKQUOTE>
<font color="#990000">
<hr width="20%" align="center">
<BLOCKQUOTE>
WARNING!!!
</BLOCKQUOTE>
<BLOCKQUOTE>
The following will irrevocably wipe out all data
on a hard drive!  Mistyping it can wipe out everything
on the wrong drive!  IF YOU CARE ABOUT ANY OF YOUR
DATA, BACK IT UP!  MAKE COPIES DON'T AND DON'T COME
CRYING TO US IF YOU FLUB THIS UP!!!!
</BLOCKQUOTE>
<BLOCKQUOTE>
WARNING!!!
</BLOCKQUOTE>
<hr width="20%" align="center">
</font>

<blockquote><pre>     dd if=/dev/zero of=/dev/hdc bs=1024k  # DANGER! Will Robinson!
</pre></blockquote>
<BLOCKQUOTE>
... this will scribble streams of ASCII "zeroes" (NUL characters) all
over <TT>/dev/hdc</TT> --- wiping out Linux.
</BLOCKQUOTE>
<BLOCKQUOTE>
When you reboot Linux will be gone (the kernel and the dd program
were in memory, but that's cleaned up on a system reboot).
</BLOCKQUOTE>
<BLOCKQUOTE>
If your system doesn't boot from its hard drive after this, then
pull out that MS-DOS boot floppy.  By the way, you should have one
of those around for various recovery reasons --- it is a vital
part of running MS-DOS and recovery from any virus that your system
catches.  Then run:
</BLOCKQUOTE>

<blockquote><pre>     FDISK /MBR
</pre></blockquote>
<BLOCKQUOTE>
(That's a DOS command that should create a new boot record for
you).
</BLOCKQUOTE>
<BLOCKQUOTE>
If it still doesn't come up after this than refer to the huge
WARNING that precedes this dangerous command example.  Sigh,
re-install MS-Windows and restore from backup.
</BLOCKQUOTE>

<!-- end 19 -->
<!--     .~~.~~.~~.~~.~~.~~.~~.~~.~~.~~.~~.~~.~~.~~.~~.~~.~~.~~.     -->
<A NAME="tag/32"><HR WIDTH="75%" ALIGN="center"></A>
<!-- begin 32 -->
<H3 align="left"><img src="../gx/dennis/qbubble.gif" 
	height="50" width="60" alt="(?) " border="0"
	>Another uninstall: Getting to a Root Prompt to Blow it All Away</H3>


<p><strong>From Lynn Johnson 
</strong></p> 
<p align="right"><strong>Answered By  Jim Dennis
<br></strong></p>
<!-- ::
Another uninstall: Getting to a Root Prompt to Blow it All Away
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
:: -->
<P><STRONG>
I am trying to remove linux - i logged in as root but where do I
type fdisk?  I don't see a place to type anything - pls help -
thanks, lynn
</STRONG></P>
<BLOCKQUOTE><IMG SRC="../gx/dennis/bbub.gif" ALT="(!)"
	HEIGHT="28" WIDTH="50" BORDER="0"
	> [Jim]
I'm going to guess that you're logging through some graphical
service (xdm, kdm, gdm, etc).  That would be the most common case
where you could log in as root and not see a text console and a
shell prompt.
</BLOCKQUOTE>
<BLOCKQUOTE>
So, assuming that this is the case the question becomes:
</BLOCKQUOTE>
<BLOCKQUOTE><BLOCKQuote>
How do I get to a root shell prompt?
</BLOCKQuote></BLOCKQUOTE>
<BLOCKQUOTE>
There are many possibilities.  X can be configured to run any
of a number of GUIs (graphical user interfaces) such as <A HREF="http://www.kde.org/">KDE</A>,
<A HREF="http://www.gnome.org/">GNOME</A>, twm, fvwm, etc.  Any of those can be configured to offer
a very limited number of menus (possibly no menus at all).
</BLOCKQUOTE>
<BLOCKQUOTE>
Typically you access your GUI's menus under X by clicking on the
"wall paper" (or screen "background" which is technically called the
"root window" in X parlance).  That will bring up the "root menu."
(The windows and menus in X are thought of as a tree, just as your
filesystems are trees of directories, and subdirectories (branches)
and files (leaves).  You might have to click with your right or
middle mouse buttons. That is configurable in most X window managers.
There might even be different menus that come up for each mouse
button.  Typically one set of them would be the main set of menu
options and the other(s) would contain some special window manager
features to resize, raise, lower, move and destroy windows, select
"minimized" or "hidden" applications etc.
</BLOCKQUOTE>
<BLOCKQUOTE>
When you find the main menu tree you can search it for some entry
such as "xterm" or "rxvt" or "eterm" or "kterm" or for entries
that are referred to as "shells."  Since X is completely configurable
the labels on the menus can be <EM>anything</EM>.
</BLOCKQUOTE>
<BLOCKQUOTE>
All of that aside it's probably easiest to skip all of this GUI
rigamarole. There are a couple of ways to do this.  On most
systems you could switch away from X (and/or any of the display
managers -- the various graphical login tools) using the following
keystrokes:
</BLOCKQUOTE>
<BLOCKQUOTE><BLOCKQuote>
[Ctrl]+[Alt]+[F1]
</BLOCKQuote></BLOCKQUOTE>
<BLOCKQUOTE>
(That's holding down the "control" and the "alt" keys and typing
in the first function key).  That should bring you to a text mode
login console (which is a virtual terminal/console running any of
the "getty" programs, usually mingetty under Linux.
</BLOCKQUOTE>
<BLOCKQUOTE>
From there you can log in as root and you should be presented with
a shell prompt (usually ending in a "#" hash/pound sign which
conventionally indicates a root prompt).
</BLOCKQUOTE>
<BLOCKQUOTE>
If that fails then you'll probably want to "break in" by rebooting.
It's possible for someone to configure a Linux box such that
there are no getty's running on any virtual consoles.  It's even
possible to configure one to run multiple different X sessions
concurrently.  I have a workstation at my new office which is
running four different xdm sessions.
</BLOCKQUOTE>
<BLOCKQUOTE>
So, if you system has been configured to remove the text
virtual consoles, or if you're running a distribution that only
makes a GUI available by default, then you'll want to reboot.
</BLOCKQUOTE>
<BLOCKQUOTE>
The easiest way to reboot from a graphical session under Linux
is to type:
</BLOCKQUOTE>
<BLOCKQUOTE><BLOCKQuote>
[Ctrl]+[Alt]+[Backspace], [Ctrl]+[Alt]+[Del]
</BLOCKQuote></BLOCKQUOTE>
<BLOCKQUOTE>
...in rapid succession.  The first keystroke combination will
kill the X server, the other one will signal init (the process
manager under Linux) to perform a reboot.
</BLOCKQUOTE>
<BLOCKQUOTE>
Of course either of these features <EM>might</EM> also be disabled!
If that's the case then just hit the reset button on your
system, or flip the power switch (wait about 30 seconds and
turn it back on) or pull the power plug.
</BLOCKQUOTE>
<BLOCKQUOTE>
While it's booting wait for the keyboard lights to flash a
couple of times (while the system counts its memory, checks
it's floppies, etc).  There will <EM>probably</EM> be a LILO prompt
(possibly this will be quite brief.  So, as soon as you see
the keyboard caps lock, scroll lock, and num lock lights
flicker, turn on the caps and/or scroll lock.  If they flick
back off in a second, turn them back on and hold down any
shift or control key.
</BLOCKQUOTE>
<BLOCKQUOTE>
All of these shenanigans are intended to interrupt LILO
(the most popular Linux loader) and convince it to give you
a prompt.  At that prompt type:
</BLOCKQUOTE>

<blockquote><pre>	    linux init=/bin/sh rw
</pre></blockquote>
<BLOCKQUOTE>
Actually you might have to replace the first word in that
line with something else.  What else?  That depends.  LILO
can be configured to call the Linux installations or "stanzas"
by any name you'd like.  Also LILO can be configured not
to allow any interruption or it can be configured to require a
password to boot or to bypass the normal boot procedure.
</BLOCKQUOTE>
<BLOCKQUOTE>
However, more than 99% of all the Linux boxes in the world
today will give you a root prompt if you follow this last
procedure.  There are only a few freaks like me that know enough
about Linux to configure LILO with passwords and/or to ignore
all attempts to get at a LILO prompt.  (Of course there are
other boot managers for Linux.  In particular newer versions
of Mandrake might use GRUB --- the grand unified bootloader;
and I haven't studied that one at all.
</BLOCKQUOTE>
<BLOCKQUOTE>
In the <EM>highly</EM> unlikely event that you <EM>still</EM> can't get at
a root prompt then you'll want to boot from a floppy or a
CD (such as the <A HREF="http://www.linuxcare.com/">Linuxcare</A> bootable business card or one of
its clones).  I'm not going to go into the details on that
for right now.  If you need to know how to do that just
search Google! (<A HREF="http://www.google.com/linux"
	>http://www.google.com/linux</A>) for "recovery
disk" or go to Tom Oehser's site and read about Tom's
"root/boot" disk images (<A HREF="http://www.toms.net/rb"
	>http://www.toms.net/rb</A>).
</BLOCKQUOTE>
<BLOCKQUOTE>
Notice that most of the difficulty here is that I have
no idea how your Linux system is configured, nor do I have
any idea what distribution you're running.  As you might have
guessed from this long set of directions Linux is a bit
configurable.
</BLOCKQUOTE>
<BLOCKQUOTE>
Obviously once you get to a root prompt you can just
use the command:
</BLOCKQUOTE>

<blockquote><pre>        fdisk /dev/hda
</pre></blockquote>
<BLOCKQUOTE>
... to work on the partitions on your primary IDE drive.
(You can use <TT>/dev/hdb</TT> for the secondardy IDE on the first
controller, <TT>/dev/hdc</TT> for the primary drive on the secondary
controller, etc; and you can use <TT>/dev/sda</TT>, <TT>/dev/sdb</TT>, etc
if you're using SCSI drives).
</BLOCKQUOTE>

<!-- end 32 -->

<!--     .~~.~~.~~.~~.~~.~~.~~.~~.~~.~~.~~.~~.~~.~~.~~.~~.~~.~~.     -->
<A NAME="tag/13"><HR WIDTH="75%" ALIGN="center"></A>
<!-- begin 13 -->
<H3 align="left"><img src="../gx/dennis/qbubble.gif" 
	height="50" width="60" alt="(?) " border="0"
	>setting root password</H3>

<p><strong>From Tom Weingarten  
</strong></p> 
<p align="right"><strong>Answered By Ben Okopnik 
<br></strong></p>
<P><STRONG>
I've managed to work myself into quite the dilemma. Somehow my root
password has been deleted, so I can no longer enter my system except by
a second login, which does not have write permissions on anything or the
ability to acces linuxconf or userconf. I'm using RedHat Linux on a
dual-pentium box. However, I've found that the RedHat cd is far from
adequate for rescue purposes, so I created a mandrake cd, and can use it
to edit files. What do you suggest I do? Thanks in advance for your time
</STRONG></P>
<BLOCKQUOTE><IMG SRC="../gx/dennis/bbub.gif" ALT="(!)"
	HEIGHT="28" WIDTH="50" BORDER="0"
	> [Ben]
I've found that the RedHat CD (or boot floppy) actually works reasonably
well as a rescue disk - flipping to the 2nd console via "Alt-F2" and
mounting the existing hard drive is the answer (RedHat tech support told me
it couldn't be done and I should reinstall. &lt;sigh&gt
<IMG SRC="../gx/dennis/smily.gif" ALT=";)" 
		height="24" width="20" align="middle"> Whichever you choose,
fixing the root password problem is pretty easy - and before anybody starts
storming about it being a HUGE security hole, remember that "physical
access=root access". Period. It's the reason that locked server closets and
machine rooms exist. If you want just that tiny bit of extra security (your
eight-year-old computer genius has been trying random passwords against
"root" or some such), disable the floppy/CD boot and password the BIOS
(write your hard drive's cylinder/head/sector info on the side of the PC
case and *don't* lose <EM>that</EM> password; resetting the BIOS can be a touchy
business.)
</BLOCKQUOTE>
<BLOCKQUOTE>
So - boot your machine via a boot disk or CD. Mount the offending drive -
for this example, we'll say you have it under "<TT>/mnt</TT>". Edit
"<TT>/mnt/etc/passwd</TT>" (or "<TT>/mnt/etc/shadow</TT>" if you use shadow passwords) and
clear out the second field in the "root" entry (fields are separated by
colons) - that's the encrypted password. In other words, given an entry
that looks like this:
</BLOCKQUOTE>

<blockquote><pre>root:2St5fADe4oOcSE:0:0:root:/root:/bin/bash
</pre></blockquote>
<BLOCKQUOTE>
you should end up with this:
</BLOCKQUOTE>

<blockquote><pre>root::0:0:root:/root:/bin/bash
</pre></blockquote>
<BLOCKQUOTE>
Save the file and reboot, this time without the boot disk. Log in as root (no
password necessary) and immediately assign one using the "passwd" utility.
No muss, no fuss, no greasy aftertaste. And, umm, keep a close watch on
Junior: he might be reading this too... 
<IMG SRC="../gx/dennis/smily.gif" ALT=":)" 
		height="24" width="20" align="middle">
</BLOCKQUOTE>

<p><em>... Ben's a hero! ...</em></p>

<p><strong>
<img src="../gx/dennis/qbubble.gif" 
	height="50" width="60" alt="(?) " border="0"
	>
Thanks a million. You've saved me the fate of hundreds of users asking what the
heck happened to their character files (I run an online game). Also, btw, while
searching desperately for a solution, I found that if you edit <TT>/etc/pam.d/login</TT>
and change everything to optional, you can login as root with the wrong
password. Then you can change the password, all from the boot cd. Although, your
method is infinitely simpler. 
<IMG SRC="../gx/dennis/smily.gif" ALT=":-)" 
		height="24" width="20" align="middle">
</strong></p>
<p><strong>
Thanks again for your help.
Tom
</strong></p>

<!-- end 13 -->
<!--     .~~.~~.~~.~~.~~.~~.~~.~~.~~.~~.~~.~~.~~.~~.~~.~~.~~.~~.     -->
<A NAME="tag/14"><HR WIDTH="75%" ALIGN="center"></A>
<!-- begin 14 -->
<H3 align="left"><img src="../gx/dennis/qbubble.gif" 
	height="50" width="60" alt="(?) " border="0"
	>I can't seem to write to my vfat (Windoze) file system with any user other than root.</H3>


<p><strong>From John Fox 
</strong></p> 
<p align="right"><strong>Answered By  Ben Okopnik
<br></strong></p>
<P><STRONG>
I currently run Red hat 7.0 and am attempting to follow the suggested
procedures of not logging on as root unless I absolutely have to.  When I am
logged in to the system as my non-root user id, I am unable to write files
to the vfat file system.
</STRONG></P>
<P><STRONG>
I have tried to chown the mount point, I have even gone so far as to try to
chown and change the file permissions of a file on the vfat file system(to
no avail).  I have checked the mount and all the vfat mounts all show (rw).
</STRONG></P>
<P><STRONG>
The following is the error message I receive when I attempt to copy a file:
cp: cannot create regular file `filename.ext': permission denied.
</STRONG></P>
<P><STRONG>
Does anyone have any idea?
</STRONG></P>
<BLOCKQUOTE><IMG SRC="../gx/dennis/bbub.gif" ALT="(!)"
	HEIGHT="28" WIDTH="50" BORDER="0"
	> [Ben]
Yep; I remember cursing and scratching my head over this one quite a while
ago. You've got the right idea in looking at the permissions/ownership of
the mount point - but as you've found out, you can't just change them.
</BLOCKQUOTE>
<BLOCKQUOTE>
Here's the solution that I've used. I like this one, since it would work
well on a multiuser system as well as a regular home system. First, create
a group called "msdos". Note its GID (the number associated with that
group; take a look with 'vigr'.) Add yourself to that group -
</BLOCKQUOTE>

<blockquote><pre>adduser jfox msdos
</pre></blockquote>
<BLOCKQUOTE>
(assuming your username is 'jfox'.) Now, in your '<TT>/etc/fstab</TT>', add the
"noexec", "umask" and "gid" parameters to the appropriate partition:
</BLOCKQUOTE>

<blockquote><pre>/dev/hda3  /mnt/msdos  vfat  noexec,umask=003,gid=1001  0 0
</pre></blockquote>
<BLOCKQUOTE>
Obviously, the GID would be that of the "msdos" group.
</BLOCKQUOTE>
<BLOCKQUOTE>
What we're doing here is mounting that partition with the appropriate group
ID and setting the umask - this masks <EM>out</EM> the permissions that the
mounted partition will have. The "noexec" parameter works with in concert
with the other two to produce the following conditions:
</BLOCKQUOTE>
<BLOCKQUOTE><BLOCKQuote>
Directory access under the mountpoint is allowed to members of GID 1001
All files under the mountpoint are readable <EM>and</EM> writable by GID 1001
The files are "read-only" to the other users
None of the files are executable (does not apply to DOS emulation)
</BLOCKQuote></BLOCKQUOTE>
<BLOCKQUOTE>
It takes a bit to get used to this three-parameter control system, but
it is actually very flexible and can be used to set up just about any
combination of permissions and directory accessibility you could want.
</BLOCKQUOTE>
<BLOCKQUOTE>
From this point on, if you want to give a user on your system read/write
access to the files on that partition, simply add them to the "msdos"
group.
</BLOCKQUOTE>

<p><em>... wishing the docs were better ...</em></p>

<P><STRONG>
<img src="../gx/dennis/qbubble.gif" 
	height="50" width="60" alt="(?) " border="0"
	>
Ben,
</STRONG></P>
<P><STRONG>
Thanks for your help.  That did the trick.  I think they could have made it
easier by putting somthing in the faq. On their site.
</STRONG></P>
<BLOCKQUOTE><IMG SRC="../gx/dennis/bbub.gif" ALT="(!)"
	HEIGHT="28" WIDTH="50" BORDER="0"
	> [Ben]
You're welcome - glad I could help! Just as an idea, if you perceive this
as a topic that lacks coverage in the Linux community, consider writing a
HOWTO - the Linux Documentation Project, under whose auspices the LG
operates, is always on the lookout for more useful info that can be shared.
It's yet another way to put something back in as a return for the effort
that other Linux folks have put out - and this kind of feedback is
precisely what allows a community to grow.
</BLOCKQUOTE>

<p><em>... you can do it John! ...</em></p>

<p><strong>
<img src="../gx/dennis/qbubble.gif" 
	height="50" width="60" alt="(?) " border="0"
	>
Will do Ben,
</strong></p>
<p><strong>
I would be happy to contribute to the community.  I thought you had to be
hooked up with the right people in order to contribute.  I will seriously
consider writing something up.  Especially considering that I am on Vacation
until the end of the year and will have plenty of free time on my hands.
</strong></p>

<!-- end 14 -->
<!--     .~~.~~.~~.~~.~~.~~.~~.~~.~~.~~.~~.~~.~~.~~.~~.~~.~~.~~.     -->
<A NAME="tag/15"><HR WIDTH="75%" ALIGN="center"></A>
<!-- begin 15 -->
<H3 align="left"><img src="../gx/dennis/qbubble.gif" 
	height="50" width="60" alt="(?) " border="0"
	>Firewall for a SOHO</H3>
<H4 ALIGN="center">Small World, isn't it?</H4>


<p><strong>From Tom Bynum 
</strong></p> 
<p align="right"><strong>Answered By  Jim Dennis
<br></strong></p>
<!-- ::
Firewall for a SOHO
~~~~~~~~~~~~~~~~~~~~~~
Small World, isn't it?
:: -->
<P><STRONG>
Actually, hello from your mom's next door neighbor (...well....two
doors...damn it...close enough...).  Anyway, I was talking with her out in
the cul-de-sac Sunday evening and she lent me her copy of your book to
browse.
</STRONG></P>
<BLOCKQUOTE><IMG SRC="../gx/dennis/bbub.gif" ALT="(!)"
	HEIGHT="28" WIDTH="50" BORDER="0"
	> [Jim]
Mom mentioned that she'd been chatting with you.
</BLOCKQUOTE>
<blockquote>
<BLOCKQUOTE><IMG SRC="../gx/dennis/bbub.gif" ALT="(!)"
	HEIGHT="28" WIDTH="50" BORDER="0"
	> [Mike]
Jim wrote a book?
</BLOCKQUOTE>
<BLOCKQUOTE><IMG SRC="../gx/dennis/bbub.gif" ALT="(!)"
	HEIGHT="28" WIDTH="50" BORDER="0"
	> [Heather]
Yeah, Linux System Administration by 
<a href="http://www.newriders.com">New Riders Publishing</a>.  
purple edge stripe,
"landmark" series with a view of the French river (the Seine I think) on the
cover's top quarter stripe.
</BLOCKQUOTE>
<BLOCKQUOTE>
Wherein the first half describes policies so real decisions can be made, and
the second half describes practicum, so sysadmins can Do Cool Stuff.  eg. to
have an awk script "vette" the logs of all the boring ordinary stuff amd leave
you the stuff that looks new or weird.
</BLOCKQUOTE>
<BLOCKQUOTE>
It's a good thing 
<IMG SRC="../gx/dennis/smily.gif" ALT=":&gt;" 
		height="24" width="20" align="middle">

</BLOCKQUOTE>
<BLOCKQUOTE><IMG SRC="../gx/dennis/bbub.gif" ALT="(!)"
	HEIGHT="28" WIDTH="50" BORDER="0"
	> [Mike]
That's cool that
New Riders has a Linux book.  Several of us at SSC have been very impressed
with the two New Riders' books on Python and PHP, so I'll have to take a look
at this one.  The other two books are very concise: they give you a lot of
information in a small space, and answer questions you didn't think to ask,
more so than books three times their size.
</BLOCKQUOTE>
</blockquote>


<P><STRONG><IMG SRC="../gx/dennis/qbub.gif" ALT="(?)"
	HEIGHT="28" WIDTH="50" BORDER="0"
	>
I spend about 99.8% of my time in Windoze.......(snore.....) so please
forgive some rather newbie questions, but I have an idea that incorporates
Linux in a big way.
</STRONG></P>
<P><STRONG>
Let me give you a short Linux bio...
I was first exposed to Linux back in 1997 when someone at my ISP mentioned
using it for an internal mail server.  I figured "...how hard can it be..".
I went and bought a book which included 3 distros.  I ended up using <A HREF="http://www.caldera.com/">Caldera</A>
Openlinux Lite 1.0.  (because it was the only one that would install)  In
about a week I got Sendmail to work with the ISP through a dial-up SLIP/PPP
connection.  At that time we only had a single company dial-up account so I
had the machine using a crontab to dial-up and kick the SMTP server every 3
hours or so.  The "kicking" part was something I found to make SMTP work
through a dynamic dial-up account.  Later I installed ISDN and a router and
got a static IP so we were live and just had to turn off the crontab.  I got
burned on "relaying" with that server and didn't know how to turn it off so
I installed Caldera OpenLinux 2.3 because it contained the new distribution
of Sendmail with relaying blocked out-of-the-box.
</STRONG></P>
<BLOCKQUOTE><IMG SRC="../gx/dennis/bbub.gif" ALT="(!)"
	HEIGHT="28" WIDTH="50" BORDER="0"
	> [Jim]
Yes.  Sendmail has a near vertical learning curve (and qmail is even
more confusing for me).  I actually like Postfix (now that I've tried it)
but I'm NOT recommending that you switch to a new MTA (mail transport
agent).  You got something that works well enough.  You've learned enough
to get by; and if you need to hire a consultant than there are LOTS of
them that know sendmail and very few who understand the corresponding
intricacies of qmail, Postfix, exim or any other MTA.
</BLOCKQUOTE>
<BLOCKQUOTE>
There is a really cool option to consider.  You could buy the commercial
sendmail package and use it's little configuration system.  You'd still
be running the same sendmail that you are now; but you'd have a somewhat
less gruesome interface for doing the basic configuration.  (If you later
had really special needs you could have someone start with those basic
configuration files.
</BLOCKQUOTE>
<BLOCKQUOTE>
Look at <A HREF="http://www.sendmail.com"
	>http://www.sendmail.com</A> for information on pricing and all of
that.
</BLOCKQUOTE>
<BLOCKQUOTE>
As for setting the "maximum message size" limit: you should be able
to edit your <TT>.../sendmail.cf</TT> file (either in <TT>/etc/</TT> or in <TT>/etc/mail/</TT>
depending on your distribution) and find a line that looks something
like:
</BLOCKQUOTE>

<blockquote><pre>#O MaxMessageSize=1000000
</pre></blockquote>
<BLOCKQUOTE>
... to make that work just remove that first character (the '#' or
hash sign) which "uncomments" that line.  The value is in characters
or octets (I'm not really sure which --- but they are the same for
ASCII and I doubt that you're getting alot of Unicode or UTF8 traffic
yet).
</BLOCKQUOTE>
<BLOCKQUOTE>
If you don't find this line then insert it somewhere in the
first section of the .cf file.  That means to put it before the
first line that starts with a P (which looks like the following
line in one of my sendmail.cf files):
</BLOCKQUOTE>

<blockquote><pre>Pfirst-class=0
</pre></blockquote>
<BLOCKQUOTE>
Sendmail isn't terribly picky about what order the options
appear in, but it can be picky about which "section" they're
in.  (In other words the options should all be grouped together
near the top of the cf file, the re-writing rules should all
be grouped together near the end of the file.
</BLOCKQUOTE>
<BLOCKQUOTE>
Note:  It's better if you're using a macro config file (usually
named &lt;something&gt;.mc).  So, here's a simple sample .mc file
showing a valid confMAX_MESSAGE_SIZE definition:
</BLOCKQUOTE>

<blockquote><pre>divert(-1)
# After the `divert(0)' all lines starting with `dnl' are
# comments until the next newline character.
include(`/usr/share/sendmail/m4/cf.m4')
divert(0)dnl
VERSIONID(`Linux Dec 19 16:43:03 PST 2000')
OSTYPE(`linux')dnl
dnl
define(`confMAX_MESSAGE_SIZE', `1234567890')dnl
define(`confPRIVACY_FLAGS', `authwarnings,novrfy,noexpn')dnl
define(`LUSER_RELAY', `local:postmaster')dnl
FEATURE(`nocanonify')dnl
FEATURE(use_cw_file)dnl
FEATURE(`always_add_domain')dnl
MASQUERADE_AS(`PUT_YOUR_DOMAIN_HERE')dnl
FEATURE(`masquerade_envelope')dnl
FEATURE(`allmasquerade')dnl
MAILER(`local')dnl
MAILER(`procmail')dnl
MAILER(`smtp')dnl
MAILER(`uucp')dnl
MAILER(`bsmtp')dnl
MAILER(`fido')dnl
dnl
LOCAL_CONFIG

</pre></blockquote>
<BLOCKQUOTE>
Most of represents a typical sendmail .mc file.  In order to
use this to generate a .cf file (which is what sendmail uses)
we issue a command like:
</BLOCKQUOTE>

<blockquote><pre>	m4 &lt; $THIS_MC_FILE_NAME &gt; /etc/sendmail.cf
</pre></blockquote>
<BLOCKQUOTE>
(Note: DON'T DO THIS using the sample I've given.  You'll
wipe out your existing sendmail.cf file!)
</BLOCKQUOTE>
<BLOCKQUOTE>
The idea here is not really that complicated.  sendmail uses
the cf file which is in a format that's convenient for the program.
For years people maintained cf files directly (using a text editor).
For some of us (myself included) it is still easier to make a small
change to an existing .cf file then it is figure out the corresponding
.mc file directive.
</BLOCKQUOTE>
<BLOCKQUOTE>
However, most of the text in the .cf file looks like line noise.
So mere mortals among us prefer to create shorter files that summarize
what we want sendmail to do.  Then we pass these shorter .mc files
through a macro expansion tool (the m4 program) and they get expanded
into the .cf files that sendmail uses.
</BLOCKQUOTE>
<BLOCKQUOTE>
But enough about sendmail.  On to your question.
</BLOCKQUOTE>
<P><STRONG><IMG SRC="../gx/dennis/qbub.gif" ALT="(?)"
	HEIGHT="28" WIDTH="50" BORDER="0"
	>
"Whew"...all right, here I am today.  The box runs, I don't screw with it.
Every now and then some bozo over in drafting tries to stuff a CAD drawing
in an email message, but after a little staff chastising and a re-boot,
everything's back to normal.  BTW, I've seen that "max message size" line in
the sendmail.cf, but everytime I try and make the line active, the server
issues an error when booting the sendmail daemon so I had to rem it out
again...sorry, back to my point...
</STRONG></P>
<BLOCKQUOTE><IMG SRC="../gx/dennis/bbub.gif" ALT="(!)"
	HEIGHT="28" WIDTH="50" BORDER="0"
	> [Jim]
(See above)
</BLOCKQUOTE>
<P><STRONG><IMG SRC="../gx/dennis/qbub.gif" ALT="(?)"
	HEIGHT="28" WIDTH="50" BORDER="0"
	>
I want to set up a Linux box to implement Firewall and Proxy services.  For
you that might be straight forward, but all the information I find is
sending me in mental circles...
</STRONG></P>
<P><STRONG>
This is what we currently have setup...Static address from ISP <TT>--&gt;</TT>  Router
(with ISDN modem) using NAT <TT>--&gt;</TT> Private address on the Lan side of the
router.  DHCP running on the network tells all the clients that the router
address is the gateway.  All works...thanks for shopping at Kmart.  Not very
safe...
</STRONG></P>
<BLOCKQUOTE><IMG SRC="../gx/dennis/bbub.gif" ALT="(!)"
	HEIGHT="28" WIDTH="50" BORDER="0"
	> [Jim]
I like to use pictures when I'm designing networks.
</BLOCKQUOTE>
<BLOCKQUOTE>
It sounds like you have this:
</BLOCKQUOTE>

<blockquote><pre>                                         * eth0
                                         v
               +---------+     +--------+     +-----+
               |   ISP   |-----| Router |--+--| LAN |
               +---------+     +--------+  |  +-----+
                              ^            |
                              * eth1       |   +-----------+
                                           +---| Linux Box |
                                               +-----------+
</pre></blockquote>
<BLOCKQUOTE>
... but it's not clear.  Clearly your Linux box cannot be
receiving mail from the Internet if it's using a "private"
(non-routable RFC1918) IP address.  That is to say that you
can't advertise a 192.168.*.*, 10.*.*.* or 172.16.*.* through
172.31.*.* address to the Internet as your MX (mail exchanger).
If you did so, then no one would be able to route SMTP (or any
other IP traffic) to you.
</BLOCKQUOTE>
<BLOCKQUOTE>
However, it's possible that you could have a feature/rule on your
router such that it relayed any incoming traffic on TCP port 25
on eth1 (the outer interface) to the same port on your Linux box.
</BLOCKQUOTE>
<BLOCKQUOTE>
This is one way to put a "hidden" server behind a router.  However,
it assumes that you have a router that is capable of doing such
relaying (or "transparent proxying").  There are a number of programs
capable of doing this for Linux.
</BLOCKQUOTE>
<BLOCKQUOTE>
(Another, less interesting and less useful solution would be for
your ISP to act as a your MX record AND for them to maintain their
own routes to your RFC1918 network.  Of course then you'd have to
co-ordinate this with your ISP and they'd have to assign different
RFC1918 address blocks to each of their customers that wanted this
service, and you'd have to maintain split DNS, and ... anyway
forget I mentioned that).
</BLOCKQUOTE>
<BLOCKQUOTE>
Another option would be to use the Linux box <EM>as</EM> both the
router and the sendmail host.  This is possible (so long as you
can connect your ISDN modem or TA to your Linux box).
</BLOCKQUOTE>
<BLOCKQUOTE>
Yet another option would be to have your ISP give you more than
one static IP address.  Two would be sufficient; four would be a
relatively normal subnet, though only two would be usable in
that.
</BLOCKQUOTE>
<BLOCKQUOTE>
Note: most of these configurations are NOT recommended.  They
offer little or no protection for the sendmail boxes, and
nothing protects your internal network from a potentially
compromised sendmail box.
</BLOCKQUOTE>
<P><STRONG><IMG SRC="../gx/dennis/qbub.gif" ALT="(?)"
	HEIGHT="28" WIDTH="50" BORDER="0"
	>
Here's what I want. (It sounds safer....so I'm gonna try and draw you a
mental picture here so bear with me...)
</STRONG></P>
<P><STRONG>
Static address from ISP <TT>--&gt;</TT> Router (with ISDN modem) using NAT <TT>--&gt;</TT> Firewall
(eth1 on linux box) <TT>--&gt;</TT> Firewall/Proxy/NAT services running inside box <TT>--&gt;</TT>
Gateway (eth0 on linux box)--&gt; Network
</STRONG></P>
<BLOCKQUOTE><IMG SRC="../gx/dennis/bbub.gif" ALT="(!)"
	HEIGHT="28" WIDTH="50" BORDER="0"
	> [Jim]
It sounds like you're saying that you want something like:
</BLOCKQUOTE>

<blockquote><pre>               +---------+     +--------+    +-----+
               |   ISP   |-----| Router |----| LAN |
               +---------+     +---+----+    +-----+
                                   |
                                   |   +-----------+
                                   +---| Linux Box |
                                       +-----------+
</pre></blockquote>
<BLOCKQUOTE>
This is a reasonable configuration.  You still need to
have some way of routing traffic to the Linux box.  That can
still be a TCP relay utility or feature running on the router
and redirecting all inbound SMTP (TCP port 25) traffic to
the Linux mail host.  It could be a different DRIP (directly
routable IP address) from your ISP.
</BLOCKQUOTE>
<BLOCKQUOTE>
It could even be a hack where all your incoming mail gets
stored by your ISP and is fetched into your domain via
POP or IMAP.  (I suspect that this is the way you were doing
it when you were in dial-up.  I suppose it might be what you're
still doing; it's not clear from your message).  Another trick
is for your ISP to be your primary MX, and for them to relay
it to you via UUCP (over TCP).
</BLOCKQUOTE>
<BLOCKQUOTE>
I used to get my mail via UUCP, and that was only a couple
years ago.
</BLOCKQUOTE>
<P><STRONG><IMG SRC="../gx/dennis/qbub.gif" ALT="(?)"
	HEIGHT="28" WIDTH="50" BORDER="0"
	>
Basically just insert it between the network and the router.  Does that make
sense?  Here's the reason for the router being on the end...it has my ISDN
modem built-in.  It's the only device I have that can run the ISDN
connection.  Things are too $tight$ to get a nice connection like a T1 with
expensive firewalls and such, so I'm trying to make this work cheap!  I also
want the logging and auditing provided by the proxy.
</STRONG></P>
<BLOCKQUOTE><IMG SRC="../gx/dennis/bbub.gif" ALT="(!)"
	HEIGHT="28" WIDTH="50" BORDER="0"
	> [Jim]
The problem here is getting the incoming traffic to your Linux
box.  I'm guessing that you might have something like a Trancell Webramp
ISDN TA/router.  You could replace that with an ISDN card or an external
ISDN "modem" (which connects to your Linux box via a serial port).
</BLOCKQUOTE>
<BLOCKQUOTE>
In those cases you'd have the routing and mail services running on
a single system (which is not a good security profile since a
compromise of your mail host constitutes  a loss of control of
all of your routing).
</BLOCKQUOTE>
<P><STRONG><IMG SRC="../gx/dennis/qbub.gif" ALT="(?)"
	HEIGHT="28" WIDTH="50" BORDER="0"
	>
The final effect is, a second "private" network between the linux box and
the router. So I will have one subnet for the LAN in general and eth0 of the
box on that side.  A second private address space and "subnet" available
only between eth1 and the router, and then of course our static IP on the
outside.  To me it kind of resembles a "DMZ" which most modern routers have
built in.  Let's call it a poor man's "DMZ".
</STRONG></P>
<BLOCKQUOTE><IMG SRC="../gx/dennis/bbub.gif" ALT="(!)"
	HEIGHT="28" WIDTH="50" BORDER="0"
	> [Jim]
Oh you mean:
</BLOCKQUOTE>

<blockquote><pre>               +---------+     +--------+                  +-----+
               |   ISP   |-----| Router |            +-----| LAN |
               +---------+     +---+----+            |     +-----+
                                   |                 |
                                   |   +-----------+ |
                                   +---| Linux Box |-+
                                       +-----------+
</pre></blockquote>
<BLOCKQUOTE>
... that's O.K.  In this case Linux is acting as an interior
router (and as a mail host).  Even better would be:
</BLOCKQUOTE>

<blockquote><pre>               +---------+     +--------+                     +-----+
               |   ISP   |-----| Router |               +-----| LAN |
               +---------+     +---+----+               |     +-----+
                                   |                    |
                                   |   +--------------+ |
                                   +---| Linux Router |-+
                                   |   +--------------+
                                   |
                                   |   +-------------------+
                                   +---| Linux Mail Server |
                                       +-------------------+
</pre></blockquote>
<BLOCKQUOTE>
Where you use two different Linux boxes, one as a router and
the other as a mail server.
</BLOCKQUOTE>
<BLOCKQUOTE>
You'd still want your ISP to give you one or two more DRIP
addresses (for the exterior interface on your Linux box(es)).
</BLOCKQUOTE>
<P><STRONG><IMG SRC="../gx/dennis/qbub.gif" ALT="(?)"
	HEIGHT="28" WIDTH="50" BORDER="0"
	>
Does this sound off the wall?  Every "how-to" I find for using Linux as a
firewall talks about it being the "router" at the end of the line between
the LAN/WAN.  I haven't heard of it being used as I have described and I'm
really not sure where to go from here.  It all sounds good on
paper..."...Client on the net ships a packet off to the gateway (eth0)...The
linux box runs it's firewall/proxy voodoo magic stuff and ships it out the
other side (eth1) to the router which of course really ships it out...".
But how about on the return trip?  With the firewall and the router both
using NAT...the router won't care, but how about inside the linux box?  Will
the packets still back and forth to each client OK?
</STRONG></P>
<BLOCKQUOTE><IMG SRC="../gx/dennis/bbub.gif" ALT="(!)"
	HEIGHT="28" WIDTH="50" BORDER="0"
	> [Jim]
Linux can be used as a border router and/or as an interior router.
</BLOCKQUOTE>
<BLOCKQUOTE>
An even better configuration would be:
</BLOCKQUOTE>

<blockquote><pre>               +---------+     +--------+                     +-----+
               |   ISP   |-----| Router |               +-----| LAN |
               +---------+     +---+----+               |     +-----+
                                   |                    |
                         Note ---&gt; |   +--------------+ |
                                   +---| Linux Router |-+
                                       +------+-------+
                                              |
                                              |
                                       +------+-------+
                                       | Linux Server |
                                       +--------------+
</pre></blockquote>
<BLOCKQUOTE>
... where you have three ethernet interface in your Linux Router
(a three legged firewall).
</BLOCKQUOTE>
<BLOCKQUOTE>
Note: this could be an ether crossover cable between the ISDN
router and the Linux box, or it could be a serial connection
between the Linux box and an external ISDN modem/TA (terminal
adapter) or the whole thing could be replaced with an internal
ISDN card that's plugged into the Linux Router.  (In that last
case, think of this line as being the Linux Router's internal
PCI or ISA bus).
</BLOCKQUOTE>
<BLOCKQUOTE>
The advantage here is that all traffic passes through the Linux
Router (where you can do packet filtering, IP redirection, logging).
However, if the Mail Server gets compromised then it can't be
easily used to attack the LAN machines.  (The mail server is not
trusted by the LAN machines, it is only allowed to received outbound
mail, and POP or other mail fetching connections from ther internal
hosts.
</BLOCKQUOTE>
<BLOCKQUOTE>
You can also sequester other services on the Linux Server.  You can
put a DNS server on it, etc.  Note that each service that you run on
the Linux Server the greater the risk that one of those services can
be used as a whole through which an attacker can compromise that
machine.  So, if you run mail, DNS, web and FTP all on that one
Linux server, then any exploit in any one of those can affect
the whole server, and thus compromise all of your DNS, mail, web,
and FTP services.
</BLOCKQUOTE>
<BLOCKQUOTE>
That's why we don't run those services on the router.  On my
router at home, there are NO services running (not even ssh).
I cannot access it remotely.  I must sit at the keyboard and work
from the console directly.  In fact there are IP packet filtering
rules that prevent that system from accepting <EM>any</EM> packets that
are addressed to it.  You can't even ping it!  (It will only
permit traffic that is supposed to go <EM>through</EM> it, not <EM>to</EM> it).
</BLOCKQUOTE>
<BLOCKQUOTE>
You could hang as many seperate Linux servers off of this eth2
interface (DMZ network segment) as you like.  However, you'll
either need to have separate real IP addresses (DRIPs) for each,
or you'll have to configure the Linux router to do TCP and UDP
redirection for each service to each server.
</BLOCKQUOTE>
<P><STRONG><IMG SRC="../gx/dennis/qbub.gif" ALT="(?)"
	HEIGHT="28" WIDTH="50" BORDER="0"
	>
I feel like a five year old asking why the sky is blue... I did find out one
thing this past weekend...IPchains works in here somewhere...that's about
all I know.
</STRONG></P>
<BLOCKQUOTE><IMG SRC="../gx/dennis/bbub.gif" ALT="(!)"
	HEIGHT="28" WIDTH="50" BORDER="0"
	> [Jim]
Actually your question is reasonably sophisticated, and your
criticism of the HOWTOs is well taken.
</BLOCKQUOTE>
<BLOCKQUOTE>
The biggest issue here is that you have two different problems
to solve.  First you need routing to work.  You need more IP
addresses or you need to install some form of TCP/UDP redirect
utility.  Keep in mind that the TCP/UDP redirect utilities might
be running as 'root' (if they are listening on "privileged" ports)
and, therefore might be a security risk <EM>on the router</EM>. There's a
way to use IPChains to redirect TCP traffic into a Unix domain socket
and I think there should be a utility to relay connections from
a Unix domain socket back to a TCP connection.  However, I haven't
looked for one recently and I don't remember if there was one the
last time a question like this came up.
</BLOCKQUOTE>
<BLOCKQUOTE>
(The advantage of this approach would be that it would allow the
redirection utilities to run as "nobody", or (better yet) as a
set of mutually non-trusting "nobody" UIDs --- which minimizes
the risk to the router).
</BLOCKQUOTE>
<BLOCKQUOTE>
That's why the router in a firewall is called a "bastion."  You
want it to be relatively simple with as few windows, doors as
possible and NO ornamentation.
</BLOCKQUOTE>
<BLOCKQUOTE>
I currently have a block of IP addresses, so I haven't had to
resort to incoming IP redirection.  (Otherwise I'd tell you the
name of the utility that I was using).
</BLOCKQUOTE>
<P><STRONG><IMG SRC="../gx/dennis/qbub.gif" ALT="(?)"
	HEIGHT="28" WIDTH="50" BORDER="0"
	>
I've said more than enough...time for a beer.  Hope to hear from you soon.
</STRONG></P>
<BLOCKQUOTE><IMG SRC="../gx/dennis/bbub.gif" ALT="(!)"
	HEIGHT="28" WIDTH="50" BORDER="0"
	> [Jim]
I agree.  I'm off to BALUG (<A HREF="http://www.balug.org"
	>http://www.balug.org</A>) where I'll fill up
on Tsing Tao and other chinese food.
</BLOCKQUOTE>

<!-- end 15 -->
<!--     .~~.~~.~~.~~.~~.~~.~~.~~.~~.~~.~~.~~.~~.~~.~~.~~.~~.~~.     -->
<A NAME="tag/16"><HR WIDTH="75%" ALIGN="center"></A>
<!-- begin 16 -->
<H3 align="left"><img src="../gx/dennis/qbubble.gif" 
	height="50" width="60" alt="(?) " border="0"
	>Something comparable to Services in NT</H3>


<p><strong>From Michael Swanson 
</strong></p> 
<p align="right"><strong>Answered By  Mike Orr
<br></strong></p>
<P><STRONG>
I've been playing with Linux for years, and just recently decided that I
wanted to learn more about it.  At this point I feel as though I know
nothing.  I have compiled and installed a proxy server in my Mandrake 7.1
system.  But I have to log in as ROOT to run it.  And I must run it everytime
I reboot.  I would like to have this run at start everytime.  As  I
understand it, anything run at startup is root, and this program (squid) says
it changes user after initialization.  The documentation mentions how the
program will respond after being automatically started, but gives no mention
at all on how to achieve this.
</STRONG></P>
<BLOCKQUOTE><IMG SRC="../gx/dennis/bbub.gif" ALT="(!)"
	HEIGHT="28" WIDTH="50" BORDER="0"
	> [Mike]
See if Mandrake uses the System V init scheme like <A HREF="http://www.redhat.com/">Red Hat</A> and <A HREF="http://www.debian.org/">Debian</A>
do.  You have one directory containing start/stop scripts, and other
directories containing symlinks to those scripts.  On Debian (which I'm
familiar with), the script directory is <TT>/etc/init.d</TT>, and the normal
symlink directory is <TT>/etc/rc2.d</TT> .  In that directory, put a link called
S##squid pointing to the script.  (Replace "##" with a 2-digit number
indicating which order to run it--lower numbers get started first.)
Mandrake is probably the same but the directories may be named
slightly differently.
</BLOCKQUOTE>
<BLOCKQUOTE>
Look for a README in the script directory, <TT>/usr/doc/sysvinit</TT>,
"man init", etc.  There's also a HOWTO "From Power Up to the Bash
Prompt"
(<A HREF="http://www.ssc.com/mirrors/LDP/HOWTO/From-PowerUp-To-Bash-Prompt-HOWTO.html"
	>http://www.ssc.com/mirrors/LDP/HOWTO/From-PowerUp-To-Bash-Prompt-HOWTO.html</A>)
that explains everything that happens when the computer boots up;
this is worth looking through even just to know what info is available
in it.
</BLOCKQUOTE>

<!-- end 16 -->
<!--     .~~.~~.~~.~~.~~.~~.~~.~~.~~.~~.~~.~~.~~.~~.~~.~~.~~.~~.     -->
<A NAME="tag/17"><HR WIDTH="75%" ALIGN="center"></A>
<!-- begin 17 -->
<H3 align="left"><img src="../gx/dennis/qbubble.gif" 
	height="50" width="60" alt="(?) " border="0"
	>Editing fstab file for tape backup</H3>


<p><strong>From Michael Dodge
</strong></p> 
<p align="right"><strong>Answered By Mike Orr, Dan Wilder
<br></strong></p>
<P><STRONG>
Dear Answer Guy:
</STRONG></P>
<P><STRONG>
I have installed a tape drive onto a 586 intel.  The tape drive is an HP
SCSI drive.  I had someone that I know compile the Kernel to support SCSI,
but I wasn't able to mount the tape drive.  I think that it is because I
haven't proplerly edited the fstab file.
</STRONG></P>
<P><STRONG>
I reads:
</STRONG></P>
<P><STRONG><BLOCKQuote>
<TT>/mnt/N</TT>    tape
</BLOCKQuote></STRONG></P>
<BLOCKQUOTE><IMG SRC="../gx/dennis/bbub.gif" ALT="(!)"
	HEIGHT="28" WIDTH="50" BORDER="0"
	> [Mike]
I haven't actually used a tape drive, but I've never seen any that are
mountable in the way floppy disks are.  So you don't need an entry in
fstab.  (If you did, it would be
</BLOCKQUOTE>
<BLOCKQUOTE><pre>/dev/DEVICE    /mnt/N    FILESYSTEM_TYPE   OPTIONS   0  0
</pre></BLOCKQUOTE>
<BLOCKQUOTE>
)
You would especially want the "noauto" option to prevent it from
automatically mounting the tape at boot time.  (Which would cause an
unpleasant delay if there was no tape in the drive.)
</BLOCKQUOTE>
<BLOCKQUOTE>
But as I said, I doubt you can mount tapes at all anyway.
</BLOCKQUOTE>
<BLOCKQUOTE>
Normally, you must figure out which device it is, and then use that as
the "filename" argument to your backup program (e.g., tar).  E.g.,
</BLOCKQUOTE>
<BLOCKQUOTE><pre>tar tvf /dev/rmt8 /home/me
</pre></BLOCKQUOTE>
<BLOCKQUOTE>
You use the "mt" command to skip forward or backward
over one or more tarfiles on the tape, rewind the tape, retension it, etc.
</BLOCKQUOTE>
<BLOCKQUOTE>
There is a ftape HOWTO.  Although that's not the kind of tape drive you
have, section 7 ("Backing up and restoring data") may be of help.
</BLOCKQUOTE>

<p><em>... thanks, now to <strong>make</strong> the backup ...</em></p>

<P><STRONG>
<img src="../gx/dennis/qbubble.gif" 
	height="50" width="60" alt="(?) " border="0"
	>
Tag,
</STRONG></P>
<P><STRONG>
Thanks for the advice.  I have another question though.  I use the tar
command to read from the tape, but how do I write to the tape.  I would
greatly appreciate any advice on this matter.  Thanks.
</STRONG></P>
<BLOCKQUOTE><IMG SRC="../gx/dennis/bbub.gif" ALT="(!)"
	HEIGHT="28" WIDTH="50" BORDER="0"
	> [Dan]
To write to tape:
</BLOCKQUOTE>

<blockquote><pre>  tar cf /dev/st0 files-to-tar
</pre></blockquote>
<BLOCKQUOTE>
To read from tape:
</BLOCKQUOTE>

<blockquote><pre>  tar xf /dev/st0 files-to-tar
</pre></blockquote>
<BLOCKQUOTE>
"c" means "create" archive, "x" means "extract".  In this case,
"<TT>/dev/st0</TT>" is your archive.
</BLOCKQUOTE>
<BLOCKQUOTE>
The answers to this and many other questions  about "tar" are found
if you type
</BLOCKQUOTE>

<blockquote><pre>  man tar
</pre></blockquote>

<p><em>... kudos gang! ...</em></p>

<P><STRONG>
<img src="../gx/dennis/qbubble.gif" 
	height="50" width="60" alt="(?) " border="0"
	>
I would like to thank Dan for the final piece of advice on this matter.  You
have helped me solve a problem that I have been working on for some time.  I
know that this stuff is probably cake for you guys at tag, but for someone
not as experienced with LINUX (myself for example), these tips really save
the day.
</STRONG></P>
<P><STRONG>
Sincerely,
<br>Mike Dodge
</STRONG></P>

<!-- end 17 -->
<!--     .~~.~~.~~.~~.~~.~~.~~.~~.~~.~~.~~.~~.~~.~~.~~.~~.~~.~~.     -->
<A NAME="tag/18"><HR WIDTH="75%" ALIGN="center"></A>
<!-- begin 18 -->
<H3 align="left"><img src="../gx/dennis/qbubble.gif" 
	height="50" width="60" alt="(?) " border="0"
	>Mail gets nowhere?</H3>


<p><strong>From anonymous 
</strong></p> 
<p align="right"><strong>Answered By Mike Orr
<br></strong></p>
<P><STRONG>
Do I ask you what does it mean when I get permanent fatal errs for
</STRONG></P>

<pre><strong> MAILER-DAEMON@aol.com &lt;mailto:MAILER-DAEMON@aol.com&gt;  transcript of session
 follows while talking to yd.mx.aol.com
 RCPT to:MAILER-DAEMON@aol.com &lt;mailto:MAILER-DAEMON@aol.com&gt;
 &lt;&lt;550MAILER-DAEMON@aol.com &lt;mailto:550MAILER-DAEMON@aol.com&gt; &gt;...User
 unknown
</strong></pre>
<BLOCKQUOTE><IMG SRC="../gx/dennis/bbub.gif" ALT="(!)"
	HEIGHT="28" WIDTH="50" BORDER="0"
	> [Mike]
"User unknown" really does mean user unknown.  aol.com has no user
"MAILER-DAEMON".
</BLOCKQUOTE>
<BLOCKQUOTE>
If something comes "from" MAILER-DAEMON, it's an error message, probably
reporting a previously-failed message.
</BLOCKQUOTE>
<P><STRONG><IMG SRC="../gx/dennis/qbub.gif" ALT="(?)"
	HEIGHT="28" WIDTH="50" BORDER="0"
	>
If I am asking the wrong person please direct me to the appropriate person.
What prompt to e-mail MAILER-DAEMON was an user unknown message from an aol
subscriber.
</STRONG></P>
<BLOCKQUOTE><IMG SRC="../gx/dennis/bbub.gif" ALT="(!)"
	HEIGHT="28" WIDTH="50" BORDER="0"
	> [Mike]
Then either the person's account expired or AOL is messed up.  You did
verify you typed the address correctly, no?  If you think AOL is at fault,
complain to <A HREF="mailto:postmaster@aol.com"
	>postmaster@aol.com</A>.  (Ditto for any other site.)  There's no
reason to write to MAILER-DAEMON, because there's nobody there to read it.
</BLOCKQUOTE>

<p><strong>
<img src="../gx/dennis/qbubble.gif" 
	height="50" width="60" alt="(?) " border="0"
	>
Thank you for your prompt reply.
</strong></p>

<!-- end 18 -->
<!--     .~~.~~.~~.~~.~~.~~.~~.~~.~~.~~.~~.~~.~~.~~.~~.~~.~~.~~.     -->
<A NAME="tag/20"><HR WIDTH="75%" ALIGN="center"></A>
<!-- begin 20 -->
<H3 align="left"><img src="../gx/dennis/bbubble.gif" 
	height="50" width="60" alt="(!) " border="0"
	>Loading SuSE Linux 6.4 via NFS</H3>


<p align="right"><strong>Answer By Chris Gianakopoulos 
<br></strong></p>
<BLOCKQUOTE>
Hi all,
</BLOCKQUOTE>
<BLOCKQUOTE>
This weekend, I decided to load <A HREF="http://www.suse.com/">SuSE</A> Linux 6.4 onto my son's IBM
PS/ValuePoint computer.
</BLOCKQUOTE>
<BLOCKQUOTE>
The network configuration is illustrated below.
</BLOCKQUOTE>

<blockquote><pre>      -----------------------                      -------------------------
      |                     |  10Base2 Ethernet    |                       |
      |      IBM            |----------------------| Linux Machine         |
      | PS/ValuePoint       |                      | Host: stargate        |
      | Host: strikeforce   |                      | with CDROM            |
      -----------------------                      -------------------------
       Target machine for                                    NFS server for
       Linux install                                          Linux install
</pre></blockquote>
<BLOCKQUOTE>
I have NFS running on my Linux machine, so I decided to install Linux
onto the IBM machine via NFS. I installed a minimal system so that I
could install user accounts in case problems occurred when I added more
packages to the system.
</BLOCKQUOTE>
<BLOCKQUOTE>
Once I had a minimal system up and running, I decided to use YAST (the
installation program) to added more packages into the system.
Everything worked fine until I was prompted to install CD2 of the
distribution.  I was told that I was loading the wrong CD!
</BLOCKQUOTE>
<BLOCKQUOTE>
I investigated the problem by executing "tcpdump" on my Linux machine so
that I could observe traffic over the ethernet.  To my surprise, I found
that the IBM machine was being denied access to CD2 (the second CD of
the SuSE distribution).
</BLOCKQUOTE>
<BLOCKQUOTE>
I then logged in as a user (not root) and then changed myself to root
with the 'su' command.  This allowed me to mount remote filesystems
using NFS (for example:
</BLOCKQUOTE>
<BLOCKQUOTE><BLOCKQuote>
I decided to continue observing ethernet traffic while I manually (for
example: mount <TT>-t</TT> nfs stargate:/cdrom myMountDirectory, where
myMountDirectory is a local directory on host strikeforce).  I now had a
controlled experiment, and I was able to determine that, out of the 6
CDs supplied with SuSE 6.4, CD number 2 could not be viewed, and this
was confirmed by the denied access packets observed via tcpdump on host
stargate.
</BLOCKQuote></BLOCKQUOTE>
<BLOCKQUOTE>
It turned out that, on CD number two the directory "." only had root
priviledges.  On the other CDs, there existed read and execute
priviledge for group and world.
</BLOCKQUOTE>
<BLOCKQUOTE>
My solution was to copy the image of CD2 onto a top level directory of
my Linux machine (host stargate), make sure that group and world had
read and execute rights, and modify <TT>/etc/exports</TT> (the NFS export file
which allows other users to view your filesystem) to reference the
directory.
</BLOCKQUOTE>
<BLOCKQUOTE>
The lines in <TT>/etc/exports</TT> looks like this:
</BLOCKQUOTE>

<blockquote><pre>--------------------------------------- start of file ----------------
# used for all other CDs
/cdrom    strikeforce(ro)
# used for CD number 2
/test/cdrom  strikeforce(ro)
--------------------------------------- end of file ------------------
</pre></blockquote>
<BLOCKQUOTE>
I noticed one odd thing during this exercise (installing Linux via NFS).
</BLOCKQUOTE>
<BLOCKQUOTE>
Even though host strikeforce had unmounted the remote filesystem on
</BLOCKQUOTE>
<BLOCKQUOTE>
host stargate (I confirmed this via a telnet session onto host
strikeforce), I could not unmount my cdrom.  In order to unmount the
cdrom, I had to comment out the line, in <TT>/etc/exports</TT>, which refers to
<TT>/cdrom</TT>, restart the NFS server by typing "nfsserver restart", and then
typing "unmount <TT>/dev/cdrom</TT>".  I could then unmount the cdrom, change the
cdrom, mount the new cdrom, uncomment the abovementioned line in
<TT>/etc/exports</TT>,  and restart the NFS server.
</BLOCKQUOTE>
<BLOCKQUOTE>
Perhaps, you do not have to unmount cdroms before changing them, but, I
would think that you would have to in order to maintain the proper
notion of the contents of the mounted cdrom.
</BLOCKQUOTE>
<BLOCKQUOTE>
The bottom line: My copy of SuSE Linux 6.4 does not have group and world
access rights to CD number 2, thus, you have to install from an image
copied onto the hard disk of the NFS server.
</BLOCKQUOTE>
<BLOCKQUOTE>
Perhaps this message is too long winded (I tend to ramble) for a 2 cent
tip.  I'll let all of you decide if this message is worth posting.  All
I know is that if I did not have strong networking and protocol
experience (my NFS knowledge is questionable), I wouldn't have known how
to use tcpdump, and I wouldn't have solved the problem in the speedy 5
hours that it took me.
</BLOCKQUOTE>
<BLOCKQUOTE>
Keep up the fantastic work, and thanks for all of your hard work for
this fine magazine!
</BLOCKQUOTE>
<BLOCKQUOTE>
Chris G.
</BLOCKQUOTE>

<!-- end 20 -->
<!--     .~~.~~.~~.~~.~~.~~.~~.~~.~~.~~.~~.~~.~~.~~.~~.~~.~~.~~.     -->
<A NAME="tag/21"><HR WIDTH="75%" ALIGN="center"></A>
<!-- begin 21 -->
<H3 align="left"><img src="../gx/dennis/qbubble.gif" 
	height="50" width="60" alt="(?) " border="0"
	>RE: classified disk</H3>


<p><strong>From Anonymous 
</strong></p> 
<p align="right"><strong>Answered By Ben Okopnik, Dan Wilder
<br></strong></p>
<P><STRONG>
Hey there gang!  I was in the Air Force for almost 21 years and worked in
the intelligence career field.  Depending on the level of classification the
overwrite method is not always allowable.  Shane Welton needs to contact his
security manager for clarification.  I took several computer security
courses taought by the NSA (yeah, I know the None Such Agency) and they
would not allow overwriting because they were able to recover all the data.
</STRONG></P>
<BLOCKQUOTE><IMG SRC="../gx/dennis/bbub.gif" ALT="(!)"
	HEIGHT="28" WIDTH="50" BORDER="0"
	> [Ben]
Heh. When I was in the Military Intelligence (yep, it's a non-sequitur
like "giant shrimp"), we dealt with NoneSuch; their "set in stone because
we say so" policies provoked a lot of comment among my fellow soldiers.
</BLOCKQUOTE>
<BLOCKQUOTE>
The ability to recover data through a simple format is the reason for the
7X overwrite method with random garbage. As long as 15 years ago, I
remember there being a guy in California who had a SQUID (Super-Conducting
Quantum Interference Detector) that could pull up a relatively high
percentage of data from a hard drive that had been through six low-level
formats (of course, he charged a few pennies for the privilege - $60k was
the figure I heard.) Those are typically just overwrites with all zeroes,
and he simply had to dig for a faint-but-present remainder of the original
ones and zeroes. He would try, but did not promise anything, with a
<EM>single</EM> data overwrite (I believe he was relying on the blank spots in the
current data.) After seven overwrites with random bits, there's <EM>nothing</EM>
of the original data left to be read - there's absolutely no way to
distinguish a '1' written seven overwrites ago from a '1' two overwrites
ago.
</BLOCKQUOTE>

<blockquote>
<BLOCKQUOTE><IMG SRC="../gx/dennis/bbub.gif" ALT="(!)"
	HEIGHT="28" WIDTH="50" BORDER="0"
	> [Dan]
If that's true, why not just overwrite seven times with all "0" or all
"1", on alternating passes?  Or run "badblocks <TT>-w</TT>" which writes
all 0xaa, 0x55, 0xff, then 0x00, several times?  Seems like it'd
be a lot faster than waiting for entropy on the <TT>/dev/*random.</TT>  And,
it guarantees that every bit gets flipped multiple times.
</BLOCKQUOTE>
<BLOCKQUOTE><IMG SRC="../gx/dennis/bbub.gif" ALT="(!)"
	HEIGHT="28" WIDTH="50" BORDER="0"
	> [Ben]
&lt;Shrug&gt; I always thought it would be sufficient, but the government spec
requires randomness. Given that "<TT>/dev/urandom</TT>" is non-blocking, I can't
see it as being much slower than any of the above, and I believe that a
pseudo-random source still qualifies - but given that my familiarity with
the pertinent regulations is from many years back, Your Mileage May Vary.
</BLOCKQUOTE>
</blockquote>

<BLOCKQUOTE>
If a company's the security policy disallows this kind of a solution, fine;
the technology is still a valid one.
</BLOCKQUOTE>

<p><em>... to which our spooky querent replies ...</em></p>

<p><strong>
<img src="../gx/dennis/qbubble.gif" 
	height="50" width="60" alt="(?) " border="0"
	>
Yeah, I know what you mean.  I dealt with SCI material, we couldn't even
think of declassifying anything.  We finally got permission for me only
since in a prior life i was a machinist (my dad owned a machine shop) to be
able to take a hard drive apart, chuck up the drive platter and remove the
top .030 (thirty thousandths) on each side AND then we had to smash the
platter.  The easiest thing was to just box up any drives and have the
courier take them up to Fort (Fumble) George G. Meade for them to destroy.
</strong></p>
<p><strong>
Hey, thanks for the trip down memory lane.  Linux lives!!!
</strong></p>

<!--     .~~.~~.~~.~~.~~.~~.~~.~~.~~.~~.~~.~~.~~.~~.~~.~~.~~.~~.     -->
<A NAME="tag/22"><HR WIDTH="75%" ALIGN="center"></A>
<!-- begin 22 -->
<H3 align="left"><img src="../gx/dennis/qbubble.gif" 
	height="50" width="60" alt="(?) " border="0"
	>multiple subnets, one DNS</H3>


<p><strong>From Damir Horvat 
</strong></p> 
<p align="right"><strong>Answered By Dan Wilder
<br></strong></p>
<P><STRONG>
Hello!
</STRONG></P>
<P><STRONG>
I have one linux server and 2 subnets on private network.
</STRONG></P>
<P><STRONG>
I would like to have this:
If the request (nslookup) come from subnet #1, DNS server would
show only the subnet #1 net table. And the other way around. The
two subnets should not "see" eachother.
</STRONG></P>
<P><STRONG>
any ideas?
</STRONG></P>
<P><STRONG>
kind regards,
<br>damir horvat
</STRONG></P>
<BLOCKQUOTE><IMG SRC="../gx/dennis/bbub.gif" ALT="(!)"
	HEIGHT="28" WIDTH="50" BORDER="0"
	> [Dan]
A so-called "split DNS" arrangement will do that.
</BLOCKQUOTE>
<BLOCKQUOTE>
Each subnet runs its own DNS server, which considers itself
authoritative for your domain.  Each server forwards other
requests to one or more third servers, possibly those of your
ISP, which handle all other requests.
</BLOCKQUOTE>
<BLOCKQUOTE>
The server on subnet #1 has entries in its zone table
only for hosts on subnet #1, and for any outside
hosts belonging to your domain that need to be reachable
from subnet #1.  Likewise, subnet #2.
</BLOCKQUOTE>
<BLOCKQUOTE>
Assuming your local subnets are 192.168.1.0 and .2.0
and that your ISPs nameservers are 10.0.0.1 and 10.0.0.2,
with BIND-8.2, your boot file (often <TT>/etc/named.conf</TT>),
has stanzas containing:
</BLOCKQUOTE>

<blockquote><pre>options {
        directory "/var/named";
        allow-query { 192.168.1.0/24; 127.0.0.1; };
        notify no;
        allow-transfer { none; };
        datasize 20M;
        forward only;
        forwarders {
        10.0.0.1;
        10.0.0.2;
        };
};

zone "your.domain." IN {
        type master;
        file "your.domain.zone";
};
</pre></blockquote>
<BLOCKQUOTE>
along with any other options and stanzas you need.
</BLOCKQUOTE>
<BLOCKQUOTE>
"<TT>/var/named/your.domain.zone</TT>" on each subnet lists <EM>all</EM> hosts
belonging to your domain that are visible from that subnet.
This includes any hosts off the subnet, as this setup will not
query the third-party DNS for hosts it doesn't know about in
your domain.
</BLOCKQUOTE>
<BLOCKQUOTE>
Substitute the proper IPs.  Subnet #1 lists 192.168.1.0 network
in its allow-query field; subnet #2, 192.168.2.0.  Hosts
on each subnet point to their own nameserver.  If the subnet is
large enough to warrant the effort, set up two nameservers on each
subnet, the second a slave to or a mirror of the first, so the
subnet won't be left without name service if you have to take
the nameserver down.
</BLOCKQUOTE>
<BLOCKQUOTE>
If you have only one Linux server to implement this with,
run two copies of BIND, each listening only on the IP connected
to its respective subnet.  Use the "listen-on" directive for that;
for more information, see "man named.conf.5".
</BLOCKQUOTE>

<p><em>... Damir replies ...</em></p>

<p><strong>
<img src="../gx/dennis/qbubble.gif" 
	height="50" width="60" alt="(?) " border="0"
	>
Hello!
</strong></p>
<p><strong>
Thank you. Yesterday I've done some reading myself, and
successfuly setup one box with two NICs.
</strong></p>
<p><strong>
Kind Regards.
</strong></p>

<!-- end 22 -->
<!--     .~~.~~.~~.~~.~~.~~.~~.~~.~~.~~.~~.~~.~~.~~.~~.~~.~~.~~.     -->
<A NAME="tag/23"><HR WIDTH="75%" ALIGN="center"></A>
<!-- begin 23 -->
<H3 align="left"><img src="../gx/dennis/qbubble.gif" 
	height="50" width="60" alt="(?) " border="0"
	>responding to DESQview/386 Die Hards into the Next Millennia</H3>


<p><strong>From Jim Barnett 
</strong></p> 
<p align="right"><strong>Answered By Heather Stern
<br></strong></p>

<P><STRONG>
Jim,
</STRONG></P>
<P><STRONG>
I'm beginning the serious stage of a large AI project.  For several reasons I (naturally) looked to Linux.  However, what I really need is a robust but SIMPLE multitasking OS that will juggle my ANSI C code and stay out of the way.  So far it looks like it may take the rest of my life to learn Linux, all the while I make no progress on my real project.
</STRONG></P>
<P><STRONG>
Then I remembered DESQview.
</STRONG></P>
<P><STRONG>
In a previous comment, 
</STRONG></P>

<blockquote><font color="#00007f"><em>
<P><STRONG>
<IMG SRC="../gx/dennis/bbub.gif" ALT="(!)"
	HEIGHT="28" WIDTH="50" BORDER="0"
	> [Jim]
I presume that Quarterdeck's aquisition by Symantec has spelled complete obscurity and orphanage to DV. They probably didn't even have the decency to release the sources to a "free world."
</STRONG></P>
<P><STRONG>
You might be far better off with a combination of Linux and its <A HREF="http://www.dosemu.org/">DOSEMU</A> or VMWare. It's a pity that you'd lose DESQview's UI (I'd really like to see a Linux console manager that would match the features and feel of the DESQview popup menu system --- but add configurability like DV/X). However you gain support for modern hardware (including CD's, CD-R, CD-RW, DVD and DVD-RAM) and procotols (running DV under a TCP/IP stack used to be like waltzing with a bear in a china shop!). You also lose all problems with memory management (forget about conventional vs. EMS and "largest program size").
</STRONG></P>
<P><STRONG>
All that and you get the sources, too. (A feature that would be even more exciting if I were a real programmer, and not just the occasional hack).
</STRONG></P>
</em></font></blockquote>


<p><strong>
you said it would probably not be possible to get Dv drivers for modern devices like CDROMs.  Just doing some preliminary surfing today, it looks like you may be right.  However, if I can find a copy of the actual program (there are tons of add-ons &amp; utilities online), I'd like to give DESKview a shot.
</STRONG></P>
<P><STRONG>
Assuming I stick with Linux, do you have any suggestions for shortening my learning curve?  Is there a small, non-network, non-graphics release of Linux you would recommend?
</STRONG></P>
<P><STRONG>
Trying not to fall down the learning curve,
<br>Jim
</STRONG></P>

<BLOCKQUOTE><IMG SRC="../gx/dennis/bbub.gif" ALT="(!)"
	HEIGHT="28" WIDTH="50" BORDER="0"
	> [Heather]
Sorry to run a mite late, but you can easily consider Tom's Root Boot (it
runs off a floppy, needs no graphics whatsoever, and lives in RAMdisks) or
<A HREF="http://www.debian.org/">Debian</A> base (the install is a bit annoying, tho) - I think <A HREF="http://www.libranet.com/">LibraNet</A> can give
you a somewhat easier Debian setup without attempting to use graphics.
</BLOCKQUOTE>
<BLOCKQUOTE>
TomsRtbt is a libc5 based Linux system.  Tom Oehser says he lives in it
day to day, and I assume he is able to use a compiler in it, since he creates
the code for new small utilities on his disk. It <em>does</em> have networking.
</BLOCKQUOTE>
<BLOCKQUOTE>
The advantage of Debian would be the ability to use their apt-get package
manager to fetch new applications or languages if you need them, eg. Lisp,
scheme, etc.  The full-screen textmode utility 'console-apt' is also worth
the time to download, since you can use that to read descriptions of packages
that you're considering.
</BLOCKQUOTE>

<!-- end 23 -->
<!--     .~~.~~.~~.~~.~~.~~.~~.~~.~~.~~.~~.~~.~~.~~.~~.~~.~~.~~.     -->
<A NAME="tag/24"><HR WIDTH="75%" ALIGN="center"></A>
<!-- begin 24 -->
<H3 align="left"><img src="../gx/dennis/qbubble.gif" 
	height="50" width="60" alt="(?) " border="0"
	>DOS partition from Linux</H3>


<p><strong>From Rick Rodgers
</strong></p> 
<p align="right"><strong>Answered By Mike Orr
<br></strong></p>
<P><STRONG><IMG SRC="../gx/dennis/qbub.gif" ALT="(?)"
	HEIGHT="28" WIDTH="50" BORDER="0"
	>
Does anyone know how to create a bootable DOS partition on a hardisk
using Linux? It seems that fdisk doesn't do it right and FreeDOS can
not boot.
</STRONG></P>
<BLOCKQUOTE><IMG SRC="../gx/dennis/bbub.gif" ALT="(!)"
	HEIGHT="28" WIDTH="50" BORDER="0"
	> [Mike]
First, the DOS partition has to be a primary partition (one of the first four
partitions).  Exactly one partition should be marked 'active' using fdisk.
This is the partition that will boot.  If the DOS partition is active, you
will boot only into DOS.  If your Linux partition is active AND you set up
LILO, or if you set up LILO on the master boot record, you can choose Linux
or DOS from the LILO menu.  See the LILO documentation in <TT>/usr/doc/lilo/</TT> or
thereabouts, and the LILO HOWTO and the other HOWTOs at 
<a href="http://www.linuxdoc.org/">www.linuxdoc.org</a>.
</BLOCKQUOTE>
<BLOCKQUOTE>
Actually, there is a DOS program called loadlin that will allow you to first
boot DOS, then go into Linux, but usually people use LILO instead.
</BLOCKQUOTE>
<BLOCKQUOTE>
I don't know about FreeDOS, but in MS-DOS or you have to copy the system files
in order to make a bootable disk.  You can do that when you format the disk
by using the <TT>/s</TT> option to the DOS FORMAT command, or by using the DOS SYS
command to copy the system files from a disk that already has then (e.g., a
bootable floppy: &quot;<tt>SYS A: C:</tt>&quot
<IMG SRC="../gx/dennis/smily.gif" ALT=";)" 
		height="24" width="20" align="middle">.  The required files are <tt>IO.SYS</tt>, <tt>MSDOS.SYS</tt> and
<TT>COMMAND.COM</TT>.  IO.SYS and MSDOS.SYS are hidden files in the root of your C:directory (or A:\ on bootable floppies).  COMMAND.COM is the DOS shell that
gives you the C:\&gt; prompt.  Without these three files, the DOS partition is
not bootable.
</BLOCKQUOTE>
<BLOCKQUOTE>
In Windows95, these same three files and commands are used, and bring up Win95
in MS-DOS mode (without the GUI).  For the GUI, you'll have to install Windows.
If you have the Windows installation files on a CD, you can copy them to the
DOS partition from Linux, boot DOS somehow, and then run the Windows SETUP.EXE
program.  You probably won't be able to use the CD-ROM from DOS without
Windows; that's why you'd need to copy the setup files to the hard drive first.
</BLOCKQUOTE>
<BLOCKQUOTE>
All bets are off with Windows 2000.
</BLOCKQUOTE>
<BLOCKQUOTE>
If this doesn't answer your question, tell us more specifically what the
problem is (what error messages you're getting, what partitions you have),
and that may help us give a better answer.
</BLOCKQUOTE>

<!-- end 24 -->
<!--     .~~.~~.~~.~~.~~.~~.~~.~~.~~.~~.~~.~~.~~.~~.~~.~~.~~.~~.     -->
<A NAME="tag/25"><HR WIDTH="75%" ALIGN="center"></A>
<!-- begin 25 -->
<H3 align="left"><img src="../gx/dennis/qbubble.gif" 
	height="50" width="60" alt="(?) " border="0"
	>e-mails not getting through</H3>


<p><strong>From DJ Bellerose 
</strong></p> 
<p align="right"><strong>Answered By  Mike Orr
<br></strong></p>

<p><strong>
Dear James,
</strong></p>
<p><strong>
Could you please give me some info as to why my e-mails are not being
recieved by the intended recipient. After sending them I do not get them
back in my own mail saying that they were undeliverable. I have on
occasion gotten some back but the ones I am sending to my boyfriend are
not getting to him although it says they are being sent. I have sent a
few and then have gone to his place so we could see what was happening
but nothing shows in his mailbox. All my other e-mails do make it to
whomever I send them to. Also the e-mails I have sent to my boyfriend
before have made it but for some reason in the past week and a half none
of them were sent to his mailbox. I know I have the right addy as he has
been here with me when we sent some. I hope you can help with this. If
you need his addy or mine I will send them to you upon request. When
they do come back to me it is from Mailer Daemon.
</strong></p>

<BLOCKQUOTE><IMG SRC="../gx/dennis/bbub.gif" ALT="(!)"
	HEIGHT="28" WIDTH="50" BORDER="0"
	> [Mike]
This is the biggest clue right here.  It should be an error message
saying (perhaps cryptically) why the mail is being returned. Also look
at the headers of the original message (which the error message will
hopefully include).  Every mail system the message passes through will
add a Received: line before the other Received: lines.  Did the message
go all the way to his ISP?  Can you write to his ISP's tech support
address or to <A HREF="mailto:postmaster@his-isp.com"
	>postmaster@his-isp.com</A>?  You need to determine whether it's
only his address that's failing or all addresses at his ISP.
</BLOCKQUOTE>
<BLOCKQUOTE>
If you are on a Linux system (which you are, right, since you wrote to
<en>Linux Gazette</em>?), look in your mail log (in <TT>/var/log/mail</TT> or
<TT>/var/log/exim</TT>, etc) to verify the message was successfully sent off
your computer and where it was sent to.
</BLOCKQUOTE>

<!-- end 25 -->
<!--     .~~.~~.~~.~~.~~.~~.~~.~~.~~.~~.~~.~~.~~.~~.~~.~~.~~.~~.     -->
<A NAME="tag/26"><HR WIDTH="75%" ALIGN="center"></A>
<!-- begin 26 -->
<H3 align="left"><img src="../gx/dennis/qbubble.gif" 
	height="50" width="60" alt="(?) " border="0"
	>Exiting X and Rebooting with One Keystroke</H3>


<p><strong>From stefan 
</strong></p> 
<p align="right"><strong>Answered By Ben Okopnik, Jim Dennis
<br></strong></p>
<!-- ::
Exiting X and Rebooting with One Keystroke
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
:: -->
<P><STRONG>
i've following problem:
i've set up a couple linux-pc's with X, but w/o a windowmanager, on which i
run an icaclient (citrix, u know!).
</STRONG></P>
<BLOCKQUOTE><IMG SRC="../gx/dennis/bbub.gif" ALT="(!)"
	HEIGHT="28" WIDTH="50" BORDER="0"
	> [Ben]
I'm not familiar with Citrix/ICA client, but a quick look at their website
tells me that the solution that I had in mind would work, as long as you
can create either desktop or toolbar icons.
</BLOCKQUOTE>
<P><STRONG><IMG SRC="../gx/dennis/qbub.gif" ALT="(?)"
	HEIGHT="28" WIDTH="50" BORDER="0"
	>
now for shutting down the computer the user first has to exit
X (by ctrl+alt+backspace) an can then press ctrl+alt+del.
</STRONG></P>
<BLOCKQUOTE><IMG SRC="../gx/dennis/bbub.gif" ALT="(!)"
	HEIGHT="28" WIDTH="50" BORDER="0"
	> [Ben]
Try creating an icon that runs "super halt". A number of people out there
don't like "super", but as far as I know, its security problems
(particularly the "buffer overflow" bug) have been fixed, and it is very
handy for something like this. "super" allows a user to run a specific
command as if they were root, which "halt" requires. When I did this
myself, initially, I was concerned about some possibility of creating a
problem by not exiting X directly, but then realized that it was simply an
old MS-Windows mental block: after all, "Ctrl-Alt-BkSp" kills X; what can
shutting down do that's any worse?
</BLOCKQUOTE>
<BLOCKQUOTE><IMG SRC="../gx/dennis/bbub.gif" ALT="(!)"
	HEIGHT="28" WIDTH="50" BORDER="0"
	> [Jim]
If you always want to reboot after exiting X then just start X
with a script like:
</BLOCKQUOTE>
<BLOCKQUOTE><BLOCKQUOTE><CODE>
#!/bin/sh
<BR>startx
<BR>exec /sbin/shutdown -r now
</CODE></BLOCKQUOTE></BLOCKQUOTE>
<BLOCKQUOTE>
... so any exit from X will then execute the next line of your shell
script.  I'm sure there are more elegant ways.  You might even want
to patch the X sources to use [Ctrl]+[Alt]+[Del] as the "Zap"
key instead of [Ctrl]+[Alt]+[Backspace].  I don't know of an option
to configure that.  However, I haven't even looked at XFree86 version
4.x yet!
</BLOCKQUOTE>

<P><STRONG><IMG SRC="../gx/dennis/qbub.gif" ALT="(?)"
	HEIGHT="28" WIDTH="50" BORDER="0"
	>
but this is a little to complicated (very dumb users 
<IMG SRC="../gx/dennis/smily.gif" ALT="; )" 
		height="24" width="20" align="middle">).
i'm looking for a possibility to assign a key-combination
(eg. ctrl+alt+f12) for shutting down X and the pc in one step.
</STRONG></P>
<BLOCKQUOTE><IMG SRC="../gx/dennis/bbub.gif" ALT="(!)"
	HEIGHT="28" WIDTH="50" BORDER="0"
	> [Ben]
I don't know how this would be any different from simply hitting
"Ctrl-Alt-Del", unless "ica-client" intercepts that. If it doesn't, simply
make sure that your "<TT>/etc/inittab</TT>" contains lines that look like this:
</BLOCKQUOTE>
<BLOCKQUOTE><BLOCKQUOTE><CODE>
# What to do when CTRL-ALT-DEL is pressed.
<BR>ca:12345:ctrlaltdel:/usr/bin/super /sbin/halt
</CODE></BLOCKQUOTE></BLOCKQUOTE>
<BLOCKQUOTE>
Hint: if you make "halt" an alias for "super halt", everyone who is
authorized via "<TT>/etc/super.tab</TT>" will be able to shut down the machine
simply by typing "halt" in an xterm.
</BLOCKQUOTE>
<P><STRONG><IMG SRC="../gx/dennis/qbub.gif" ALT="(?)"
	HEIGHT="28" WIDTH="50" BORDER="0"
	>
thanks,
stefan
</STRONG></P>
<P><STRONG>
ps: sorry for my bad english.
</STRONG></P>
<BLOCKQUOTE><IMG SRC="../gx/dennis/bbub.gif" ALT="(!)"
	HEIGHT="28" WIDTH="50" BORDER="0"
	> [Ben]
I find that most folks who apologize for their English - and yours is fine,
by the way - tend to be far more understandable (since they make an effort
to be understood) than native english speakers who write in with things
like "dOOdz U got 2 hepl mE My proBlM nVIDIa caRD WhaT I dO noW?????????"
It's not even the kOOl or 3l33t slang, but simply the fact that they don't
take the trouble to relay any useful information... oops, one of my
favorite rants. I'll stop now. 
<IMG SRC="../gx/dennis/smily.gif" ALT=":)" 
		height="24" width="20" align="middle">
</BLOCKQUOTE>

<!-- end 26 -->
<!--     .~~.~~.~~.~~.~~.~~.~~.~~.~~.~~.~~.~~.~~.~~.~~.~~.~~.~~.     -->
<A NAME="tag/27"><HR WIDTH="75%" ALIGN="center"></A>
<!-- begin 27 -->
<H3 align="left"><img src="../gx/dennis/qbubble.gif" 
	height="50" width="60" alt="(?) " border="0"
	>Multiplexing ppp connections</H3>


<p><strong>From David Hunt  
</strong></p> 
<p align="right"><strong>Answered By Ben Okopnik 
<br></strong></p>
<P><STRONG>
Dear Answer Gang
</STRONG></P>
<P><STRONG>
I have a RedHat 6.1 box that we use for dial out internet
access using ppp at 19200 baud. We would like to increase
our bandwidth, but according to our ISP the only way we can
do this, due to their system, is to have two dial out
connections and multiplex them together or have one for
outgoing and the other for incoming.
</STRONG></P>
<P><STRONG>
Is this possible to do in linux?
</STRONG></P>
<P><STRONG>
Where can I find documentation about how to do this?
</STRONG></P>
<BLOCKQUOTE><IMG SRC="../gx/dennis/bbub.gif" ALT="(!)"
	HEIGHT="28" WIDTH="50" BORDER="0"
	> [Ben]
Oh-oh. Time for me to put on The Curmudgeon Hat. The "baud vs. bps"
confusion is one of my Rant Topics (don't worry; it's a general rather
than a directed rant.)
</BLOCKQUOTE>
<BLOCKQUOTE>
If you are indeed connecting at 19200 baud (and that is far from certain),
it means absolutely nothing - unless you're doing something like packet
radio stuff, in which case you'd be dealing with the raw numbers. "baud"
refers to the actual switching frequency of the modem, which, given the
communication protocols in use today, bears less and less relation to the
bps (bytes per second) transmitted or received - the only thing that we
really care about, as it is the "real" data transfer rate (barring some
esoteric considerations.)
</BLOCKQUOTE>
<BLOCKQUOTE>
(By the way, doing a search for "bps baud confused" on Google produces
over 7,000 hits. Don't feel like you're alone. 
<IMG SRC="../gx/dennis/smily.gif" ALT=":)" 
		height="24" width="20" align="middle">
</BLOCKQUOTE>
<BLOCKQUOTE>
Let's see... by using Deep Magic, I can see that you're coming out of (or
at least e-mailing from) the Great State of Texas. Chances are pretty high
that the average ISP down thataway will let you connect at speeds up to
56k (nominally, that is; 53k is the actual upper limit due to phone system
voltage restrictions, unless they've changed it and forgot to notify me 
<IMG SRC="../gx/dennis/smily.gif" ALT=":)" 
		height="24" width="20" align="middle">
If your ISP is restricting you to something below that, changing your ISP
is probably the best bet.
</BLOCKQUOTE>
<BLOCKQUOTE>
Now, all that out of the way - if you actually do want to multiplex two
modems, and your ISP supports the scheme - and according to what you've
written, they do, then, yes, Linux does indeed support modem multiplexing.
Take a look at the "eql" package in the distribution, as well as
</BLOCKQUOTE>
<BLOCKQUOTE>
"<TT>/usr/src/kernel-source-&lt;version&gt;/Documentation/networking/eql.txt</TT>"
</BLOCKQUOTE>
<BLOCKQUOTE>
in the source tree. (This assumes that you have the kernel source
installed.) Note that modem multiplexing of this sort does not decrease
your latency, which is an entirely different issue and has quite a lot to
do with perceived "speed" of communications.
</BLOCKQUOTE>
<BLOCKQUOTE><dl><dt>
Also, check out Robert Novak's "EQL HOWTO" -
<dd><A HREF="http://home.indyramp.com/masq/eql/eql.html"
	>http://home.indyramp.com/masq/eql/eql.html</A>
</dl></BLOCKQUOTE>
<BLOCKQUOTE>
Pretty good stuff for load balancing info, which sounds like what you're
trying to do - unless switching ISPs is a better answer.
</BLOCKQUOTE>

<p><em>... David responds ...</em></p>

<P><STRONG>
<img src="../gx/dennis/qbubble.gif" 
	height="50" width="60" alt="(?) " border="0"
	>
Thanks very much for your quick reply. This was exactly what I
was after. After hearing about EQL from you I have since found a
lot of info about it.
</STRONG></P>
<BLOCKQUOTE><IMG SRC="../gx/dennis/bbub.gif" ALT="(!)"
	HEIGHT="28" WIDTH="50" BORDER="0"
	> [Ben]
You are certainly welcome; I'm very glad that the information was of use
to you.
</BLOCKQUOTE>
<P><STRONG><IMG SRC="../gx/dennis/qbub.gif" ALT="(?)"
	HEIGHT="28" WIDTH="50" BORDER="0"
	>
Just to let you know why I'm after multiplexing 2 19200bps lines.
Firstly we are not in the States but in the middle of Asia.
</STRONG></P>
<BLOCKQUOTE><IMG SRC="../gx/dennis/bbub.gif" ALT="(!)"
	HEIGHT="28" WIDTH="50" BORDER="0"
	> [Ben]
Ah. 'sil.org' is in Texas, and I gather you're posting via their web/mail
interface. If your ISP is AsiaOnLine.net, you have my profound sympathy; I
have several acquaintances who are vehement about calling it AphasiaOnLine
(it "forgets" a high percentage of their mail) and are unanimous in cursing
it to high heaven.
</BLOCKQUOTE>
<P><STRONG><IMG SRC="../gx/dennis/qbub.gif" ALT="(?)"
	HEIGHT="28" WIDTH="50" BORDER="0"
	>
Also
there is only one ISP in our area and for some reason or another
they say the max connection speed is 19200bps. One last
complication is we don't have a land line but only a microwave
connection to the nearest town.
</STRONG></P>
<BLOCKQUOTE><IMG SRC="../gx/dennis/bbub.gif" ALT="(!)"
	HEIGHT="28" WIDTH="50" BORDER="0"
	> [Ben]
Well - sounds like load-balancing experimentation is not a hobby for you
but more of a necessity. I must say that I find it interesting that your
ISP supports EQL; I assume you realize that it has to be supported at both
ends. Since they are the ones who suggested it, they most likely do. I wish
you the best of luck.
</BLOCKQUOTE>

<!-- end 27 -->
<!--     .~~.~~.~~.~~.~~.~~.~~.~~.~~.~~.~~.~~.~~.~~.~~.~~.~~.~~.     -->
<A NAME="tag/28"><HR WIDTH="75%" ALIGN="center"></A>
<!-- begin 28 -->
<H3 align="left"><img src="../gx/dennis/qbubble.gif" 
	height="50" width="60" alt="(?) " border="0"
	>[Tony@thermo-king.com: new to Linux]</H3>


<p><strong>From Tony Ormsby 
</strong></p> 
<p align="right"><strong>Answered By Heather Stern
<br></strong></p>
<P><STRONG>
Hi;
</STRONG></P>
<P><STRONG>
I am currently a Windows 98ME user. I have recently started studying Linux
OS at Tech.
I am looking at installing Linux onto an old PC at home to start with before
looking at possibly
replacing my current OS later on down the track.
My old PC is a i386 with 8Mb of RAM and about 250Mb of HDD space.
I am about to ask some silly questions which I hope you may be able to help
me with.
</STRONG></P>
<P><STRONG>
Firstly, for such an old system, is there a Linux OS available for it? (with
or without a GUI)
Secondly, I have an old Linux OS (similar to the old MS-DOS 3.3 OS) which I
am playing with
and am looking at writing a script which will help me to do the following:
</STRONG></P>

<strong><ul>
<li> advise user of terminal
<li> advise user of others logged on
<li> make an ext2 file system on a floppy
<li> mount a floppy at a location /mnt/floppy
<li> unmount the floppy from /mnt/floppy
<li> display date
<li> create back up of users home directory to floppy
<li> display current directory
<li> exit menu script.
</ul></strong>
<P><STRONG>
Actually, I'm also going through some old books but they don't five examples
of how these scripts
should be approached. I'm hoping that if I can get an example, it will give
me more of an idea on how
Linux directory system operates.
It does appears that the floppy drive once mounted becomes part of the root
directory rather than remain
a seperate drive as in MS OS .
</STRONG></P>
<P><STRONG>
I would like to know more about Linux. I believe that in the next few years,
it will grow more competitive
and become a real alternative to Windows.
I also have a copy of <A HREF="http://www.redhat.com/">Red Hat</A> 6.2 which I am looking at putting onto a spare
i486 with 16MB RAM
which I have in pieces.
I have been told however, that Mandrake 7.0 is a much easier alternative
when starting out in Linux.
I guess I'm looking for some help in determining which direction I'm going.
</STRONG></P>
<P><STRONG>
kind regards;
Tony Ormsby
</STRONG></P>

<BLOCKQUOTE><IMG SRC="../gx/dennis/bbub.gif" ALT="(!)"
	HEIGHT="28" WIDTH="50" BORDER="0"
	> [Heather]
<A HREF="http://www.debian.org/">Debian</A> can run easily in the limitation you described - its "base" only
uses about 60 Mb or so.  (might be less, I haven't really counted it).
Graphical setups cost a lot more space - you should avoid using weighty
applications like Emacs, the big environments like Gnome, K or the Office
Suites, because they will be very slow for you, if you even get them to fit.
</BLOCKQUOTE>
<BLOCKQUOTE>
You probably want to investigate some of the specialty distributions listed
at Linux Weekly News (<a href="http://www.lwn.net/">www.lwn.net</a>).
</BLOCKQUOTE>
<BLOCKQUOTE>
Whichever distro you use for the 386, make sure that you are fairly minimal
about what you allow it to install.  You might even consider calling the
staff for the companies (in the case of corporate distributions like <A HREF="http://linux.corel.com/">Corel</A>
or Redhat) and asking them what is the minimum space they can be installed
in, and the minimum RAM that configuration will run with.
</BLOCKQUOTE>
<BLOCKQUOTE>
The 486 you describe has a better chance of using something fairly ordinary,
though you'll probably still want to be picky about how to use your disk
space.  Again, 16 Mb is okay but a bit low, so the weightier apps won't be
all that happy in it.
</BLOCKQUOTE>
<BLOCKQUOTE>
Mandrake is a nice distro (when it works at all in your system) but since
it is optimized for 586 or higher-powered processors only, it won't work on
either of the two systems you mentioned.  Sorry.
</BLOCKQUOTE>
<BLOCKQUOTE>
If you have to, you can always use a much earlier distribution (though it
will have the security bugs that plagued those releases) or you can use a
"mini" distribution - usually optimized for running from floppies, but many
of them can be carefully set up to run from hard disks as well.
</BLOCKQUOTE>
<BLOCKQUOTE>
Tom's root boot is a nice tiny distro (floppy based) to use to learn more
about things under Linux without getting too complex.  It runs from RAM so
you don't have to ruin any harddisks until you decide what you want to do.
Of course, its documentation is very minimal, because too much wouldn't fit
on a floppy.  You can find his work at <A HREF="http://www.toms.net/rb"
	>http://www.toms.net/rb</A>
</BLOCKQUOTE>
<BLOCKQUOTE>
Best of Luck
</BLOCKQUOTE>
<!-- end 28 -->
<!--     .~~.~~.~~.~~.~~.~~.~~.~~.~~.~~.~~.~~.~~.~~.~~.~~.~~.~~.     -->
<A NAME="tag/29"><HR WIDTH="75%" ALIGN="center"></A>
<!-- begin 29 -->
<H3 align="left"><img src="../gx/dennis/qbubble.gif" 
	height="50" width="60" alt="(?) " border="0"
	>Trident Providia 9685</H3>


<p><strong>From J C White 
</strong></p> 
<p align="right"><strong>Answered By Heather Stern
<br></strong></p>
<P><STRONG>
Hi There,
</STRONG></P>
<P><STRONG>
I was told you might be able to direct me to where I can
find the drivers (Win98SE) for the Trident PV 9685...I have
this PCI vid
card with no drivers...I also have the AGP version...again
no drivers
</STRONG></P>
<P><STRONG>
any assistance will be greatly appreciated
</STRONG></P>
<P><STRONG>
J C White
</STRONG></P>
<BLOCKQUOTE><IMG SRC="../gx/dennis/bbub.gif" ALT="(!)"
	HEIGHT="28" WIDTH="50" BORDER="0"
	> [Heather]
The card that you have has actually come up before in The Answer Guy column,
in issue 31.  (<A HREF="../issue31/tag_trident.html">www.linuxgazette.com/issue31/tag_trident.html</A>) It's been
supported in <A HREF="http://www.redhat.com/">Red Hat</A> (at least on a hardware list) since at least version
4.2.  So, the card's been around awhile, and we can at least assure you that
it works for Linux...
</BLOCKQUOTE>
<BLOCKQUOTE>
Unfortunately that's not what you've asked.  Sadly, we have no particularly
great idea where to find just about anything specific for Windows (any
revision)... that's not the OS we write about.
</BLOCKQUOTE>
<BLOCKQUOTE>
However, I do find an occasional gem for Windows (when I have to go looking)
at either winfiles.com, or TUCOWS.  That's short for: The Ultimate Collection
Of Windows Software.  They've of course spread out into more OS flavors and
hardware such as Palm pilots andd our fave, Linux.
</BLOCKQUOTE>
<BLOCKQUOTE>
Under Linux, the card you mention works under Xfree86 version 3.3.6 as well
as the new, restructured to be nice and fast, 4.0.  I even saw a mention of
a 64-bit version of it being okay (AGP wasm't mentioned over in the list at
www.xfree86.org, but I'm guessing that's what you really have).  Metro-X has
a commercial server for it too.
</BLOCKQUOTE>
<BLOCKQUOTE>
Though it's mentioned in scattered references as "unsupported" I have to add
that in Linux terms, that means Trident has been worthless in helping us use
their stuff, so it doesn't mean exactly that it doesn't work, it means that
we probably are not making the card behave at its very best.  We might be -
we might even do a better job than your missing Windows drivers - but we
really can't tell.  Not a lot of developers will throw extra money at more
pieces of unusable hardware if they should fry one while trying to code things
to make it work.
</BLOCKQUOTE>
<BLOCKQUOTE>
To be utterly fair to Trident, there aren't that many companies that are
"supported" in the sense of really giving us data that we can use for coding
up new X server support.  It's kind of strange that vendors won't help, even
with some raw information about expected input and output signals, since they
claim they want to sell hardware.  Even if it would somehow reveal some great
secret about their hardware (I find this difficult to believe), you don't see
very many companies helping us out even with their <EM>older</EM> cards, saving juicy
protectionism for the Hottest New Toy.  There are a few...  <A HREF="http://www.suse.com/">SuSE</A> and Precision
Insight have given a lot of extra help to the X Free86 project by helping
convince and aid vendors in going our route... as for the others, too bad for
them.  We tend to buy what we can use, and we're really good at friendly word
of mouth for helpful vendors.  So if things don't work out for you (though I
hope they do), allow me to recommend 3D Labs, ATI (we handle so many ATI cards
I stopped counting them.  Get a Rage 128 and save yourself from wondering
which server entry to pick), Matrox (Milleniums are excellent), 3Dfx, or any
of the other vendors who've done XFCom servers.  They can use the
encouragement 
<IMG SRC="../gx/dennis/smily.gif" ALT=":)" 
		height="24" width="20" align="middle">
</BLOCKQUOTE>
<BLOCKQUOTE>
[Note]
3dfx appears to be effectively out of business since Nvidia bought them,
which might not matter to you, but it seemed wise to mention, as you might
not want to buy cards that have been orphaned that way.
</BLOCKQUOTE>

<p><em>... John went on to find the REAL answer he needed ...</em></p>

<P><STRONG><img src="../gx/dennis/qbubble.gif" 
	height="50" width="60" alt="(?) " border="0"
	>
found ALL drivers and will forward to list...even found
jumper settings to use as SVGA, S-Vid, or NtSC output in
Win95 or 95; again , will send....gimme addy where to upload
these gems to as well as a Trident total support page with
drivers for everything they ma(de)ke!!
</STRONG></P>
<P><STRONG>
Thanks Again
</STRONG></P>
<P><STRONG>
John
</STRONG></P>
<BLOCKQUOTE><IMG SRC="../gx/dennis/bbub.gif" ALT="(!)"
	HEIGHT="28" WIDTH="50" BORDER="0"
	> [Heather]
You can reply to <A HREF="mailto:linux-questions-only@ssc.com"
	>linux-questions-only@ssc.com</A> and I'll publish ... mainly because the
jumper details might be useful to Linux'ers too.   If you create
your own web page where you're keeping track of these, you can tell
us the link.  And, that'd make it pretty easy for you to submit the
tip to Windows related sites, as well.
</BLOCKQUOTE>
<BLOCKQUOTE>
I don't know if Trident maintains such a "total support page" - do
they?  But as time marches on, lots of companies stop maintaining
details for older cards.
</BLOCKQUOTE>
<BLOCKQUOTE>
[Note] John didn't forward the drivers, but if anybody needs to get ahold of
him for these, send a note to The Answer Gang (<A HREF="mailto:linux-questions-only@ssc.com"
	>linux-questions-only@ssc.com</A>) and I'll
forward it along to him.
</BLOCKQUOTE>

<!-- end 29 -->
<!--     .~~.~~.~~.~~.~~.~~.~~.~~.~~.~~.~~.~~.~~.~~.~~.~~.~~.~~.     -->
<A NAME="tag/30"><HR WIDTH="75%" ALIGN="center"></A>
<!-- begin 30 -->
<H3 align="left"><img src="../gx/dennis/qbubble.gif" 
	height="50" width="60" alt="(?) " border="0"
	>The New network On The BLock</H3>


<p><strong>From Robert Smith
</strong></p> 
<p align="right"><strong>Answered By Dan Wilder
<br></strong></p>
<P><STRONG>
Next year i'm hoping to set up a home network that will have internet connection through a firwall, then a DSL connection. With such a set up, is there any need to set up DNS services if we are to have a static IP address, or can we use the ISP's?
</STRONG></P>
<BLOCKQUOTE><IMG SRC="../gx/dennis/bbub.gif" ALT="(!)"
	HEIGHT="28" WIDTH="50" BORDER="0"
	> [Dan]
You can use the ISP's DNS services.  Put internal hostnames in
the <TT>/etc/hosts</TT> files, or equivalent for other OSs, and point
all hosts to the ISPs nameservers for resolution of external
hosts.  On Linux, <TT>/etc/host.conf</TT> should read
</BLOCKQUOTE>

<blockquote><pre>order hosts,bind
multi on
</pre></blockquote>
<BLOCKQUOTE>
and <TT>/etc/resolv.conf</TT> should have:
</BLOCKQUOTE>

<blockquote><pre>search your.internal.domain
nameserver IP.for.your.ISPs.nameserver
nameserver IP.for.another.of.your.ISPs.nameserver
</pre></blockquote>
<BLOCKQUOTE>
"your.internal.domain" is whatever you call your network.  No need
for it to be a registered domain.  "IP.for.your.ISPs.nameserver"
is the IP number for your ISP's nameserver.
</BLOCKQUOTE>
<BLOCKQUOTE>
It becomes worthwhile to set up an internal nameserver when
the internal network grows large enough to make propogating
the <TT>/etc/hosts</TT> files (and equivalent) a nuisance.  There are
a couple of other reasons to set up internal nameservers ...
consigning external banner ad servers to oblivion, for example ...
but AFAIK, these are all amenities you can easily live without.
</BLOCKQUOTE>

<!-- end 30 -->
<!--     .~~.~~.~~.~~.~~.~~.~~.~~.~~.~~.~~.~~.~~.~~.~~.~~.~~.~~.     -->
<A NAME="tag/31"><HR WIDTH="75%" ALIGN="center"></A>
<!-- begin 31 -->
<H3 align="left"><img src="../gx/dennis/qbubble.gif" 
	height="50" width="60" alt="(?) " border="0"
	>Mail Daily sylog message to remote e-mail</H3>


<p><strong>From Ling Ling  
</strong></p> 
<p align="right"><strong>Answered By Ben Okopnik 
<br></strong></p>
<P><STRONG>
Hi,
</STRONG></P>
<P><STRONG>
I am sorry about the interruption. But I have no way to find a help except
to try my luck everywhere I can (at least that's what I perceived). I have a
RH 6.2 server running as FTP server. Upon customer response, I will have to
send certain syslog message to their LAN account, like say <em>admin@system.com</em>.
I have read all the manual and even posted up a question on the linux
mailing list, but I have still no receiving the answer I want ... I now how
to redirect to a file or a local user, but this users is not a local system
users (but stay in the same domain), do you mind to guide me on this ??
</STRONG></P>
<BLOCKQUOTE><IMG SRC="../gx/dennis/bbub.gif" ALT="(!)"
	HEIGHT="28" WIDTH="50" BORDER="0"
	> [Ben]
I'm not exactly sure of what you're asking, but here is my best guess:
</BLOCKQUOTE>
<BLOCKQUOTE><BLOCKQuote>
1) You have a user connecting via FTP.
2) On a response (What kind of response? What kind is <EM>possible</EM> via
FTP?), you want to send e-mail to that user.
</BLOCKQuote></BLOCKQUOTE>
<BLOCKQUOTE>
Assuming that the response - however it's done - contains the user's name
and host, the answer is an easy one:
</BLOCKQUOTE>
<BLOCKQUOTE><BLOCKQUOTE><CODE>
tail /var/log/messages | mail -s "Your syslog info" <A HREF="mailto:Username@Host"
	>Username@Host</A>
</CODE></BLOCKQUOTE></BLOCKQUOTE>
<BLOCKQUOTE>
The above, for example, would send the last 10 lines of
"<TT>/var/log/messages</TT>" to the specified user. You can, of course, specify
whatever information you want to send, and use whatever subject you want
(the '<TT>-s</TT>' switch on the above command line) - this is purely an example,
since you didn't say what it is that you wanted from the syslog. Note that
you may have a decision to make with regard to file permissions, as most
log files are only readable by 'root'.
</BLOCKQUOTE>
<P><STRONG><IMG SRC="../gx/dennis/qbub.gif" ALT="(?)"
	HEIGHT="28" WIDTH="50" BORDER="0"
	>
Thank you very much.
</STRONG></P>
<P><STRONG>
Regards,
Ling Ling
</STRONG></P>
<BLOCKQUOTE><IMG SRC="../gx/dennis/bbub.gif" ALT="(!)"
	HEIGHT="28" WIDTH="50" BORDER="0"
	> [Ben]
You're welcome. If I'm off in my understanding of what you're trying to
do, please feel free to write back.
</BLOCKQUOTE>

<!-- end 31 -->
<!--     .~~.~~.~~.~~.~~.~~.~~.~~.~~.~~.~~.~~.~~.~~.~~.~~.~~.~~.     -->
<A NAME="tag/33"><HR WIDTH="75%" ALIGN="center"></A>
<!-- begin 33 -->
<H3 align="left"><img src="../gx/dennis/qbubble.gif" 
	height="50" width="60" alt="(?) " border="0"
	>Scripted Serial Sessions</H3>


<p><strong>From nir 
</strong></p> 
<p align="right"><strong>Answered By Jim Dennis
<br></strong></p>
<!-- ::
Scripted Serial Sessions
~~~~~~~~~~~~~~~~~~~~~~~~
:: -->
<P><STRONG>
Hellow
</STRONG></P>
<P><STRONG>
I am qa engineer
</STRONG></P>
<P><STRONG>
I want to write send and recieve file script for minicom, so i will
be able to check a lot off AT commands.  do you know about any tools
that could help me, or examples for those scripts.
</STRONG></P>
<BLOCKQUOTE><IMG SRC="../gx/dennis/bbub.gif" ALT="(!)"
	HEIGHT="28" WIDTH="50" BORDER="0"
	> [Jim]
Read the man pages:
</BLOCKQUOTE>

<blockquote><pre>RUNSCRIPT(1)                                         RUNSCRIPT(1)

NAME
       runscript - script interpreter for minicom

SYNOPSIS
       runscript scriptname [homedir]

DESCRIPTION
       runscript  is  a  simple  script  interpreter  that can be
       called from within the minicom communications  program  to
       automate  tasks  like  logging in to a unix system or your
       favorite bbs.
</pre></blockquote>
<BLOCKQUOTE>
runscript is a utility that comes with minicom.
</BLOCKQUOTE>
<BLOCKQUOTE>
Of course, I can't just leave it at that.  That would be far
too simple an answer.  I really have to put in a plug for
Kermit if you're going to be doing any serious communications
scripting.  Kermit is a rich programming/scripting language for
automating serial and network communications.  I really suggest
that you try it instead of minicom's runscript.
</BLOCKQUOTE>
<BLOCKQUOTE>
I must admit that I usually use minicom for most of my simple
interactive serial terminal needs.  However that's purely born of
laziness. Minicom is included with most LInux distributions while I'd
have to fetch kermit and build it from sources.  If it was
"apt-get'able" from the <A HREF="http://www.debian.org/">Debian</A> archive system; I'd go back in a
heartbeat.
</BLOCKQUOTE>
<BLOCKQUOTE>
All of that aside, runscript can probably do what you need,
and if that doesn't give you enough power to do the job then
look at the 'expect' programming language from Don Libes.  That
can automate any terminal/curses appllication under Linux/UNIX
and it supports the full TCL programming language.  There is also
an "expect.pm" module for PERL if you prefer its syntax and features.
</BLOCKQUOTE>



<p><strong>
<img src="../gx/dennis/qbubble.gif" 
	height="50" width="60" alt="(?) " border="0"
	>
Thank you.
</strong></p>
<p><strong>
Kermit is very good but their is one problem, i cant put AT commands in my
script.
i have the same problem in minicom (it dowsnt recognize AT commands)
i try even to combine the both (minicom and kermit).
i think kermit is powerful and thanks to you i learn it.
</strong></p>
<p><strong>
thanks again!!!
<br>Nir
</strong></p>

<!-- end 33 -->
<!--     .~~.~~.~~.~~.~~.~~.~~.~~.~~.~~.~~.~~.~~.~~.~~.~~.~~.~~.     -->
<A NAME="tag/34"><HR WIDTH="75%" ALIGN="center"></A>
<!-- begin 34 -->
<H3 align="left"><img src="../gx/dennis/qbubble.gif" 
	height="50" width="60" alt="(?) " border="0"
	>Setting up print filters.</H3>


<p><strong>From Neo  
</strong></p> 
<p align="right"><strong>Answered By Ben Okopnik 
<br></strong></p>
<P><STRONG>
Hi,
</STRONG></P>
<P><STRONG>
I'm a totally newbie about Linux, but I found it a real great OS (I
normally used Win98 !!!), but I have a small problem. I have just changed
my printer, a brand new Epson Stilus Color 670, but my Linux box won't use it
</STRONG></P>
<BLOCKQUOTE><IMG SRC="../gx/dennis/bbub.gif" ALT="(!)"
	HEIGHT="28" WIDTH="50" BORDER="0"
	> [Ben]
The main reason, Neo, is - of course - that the Matrix has you. 
<IMG SRC="../gx/dennis/smily.gif" ALT=":)" 
		height="24" width="20" align="middle">
</BLOCKQUOTE>
<BLOCKQUOTE>
Generally, I would not respond - few people would - to a request for help
that gives so little useful information. The reason that I'm answering this
question at all is because printing setups can be troublesome, and what I
want to do here is write a sort of a mini-troubleshooting guide. "My Linux
box won't use it" is rather useless; what does that mean? Are you
physically unable to connect the printer to the box? Does it not fit on the
same desk as the computer? Does it print perfectly except for skipping
every other comma? There is no way to tell, and most of us aren't into
guessing. Please try to make yourself clearer when asking for help; there's
no such thing as "too much information" when doing so.
</BLOCKQUOTE>
<BLOCKQUOTE>
If there's one bit of advice that I'd want to emphasize to the newcomers
in the Linux community, this would be it - make yourself as clear as
possible when asking for help, and include as much information as you
think necessary... and then add some more.
</BLOCKQUOTE>
<!-- ::
Check the hardware for compatibility.
~~~
:: -->
<BLOCKQUOTE>
A quick check of Epson's website didn't give me any specs on this printer,
just advertising crud. I suspect, though, that it is not a WinPrinter -
that's what I wanted to check up on. If it was, you'd have a bit of trouble
(software is available, but it's problematic.) In any case, WinPrinters
are beyond the scope of what I want to cover. We'll assume that you have a
real, honest-to-goodness printer with its own brain, and go from there.
</BLOCKQUOTE>
<!-- ::
Test the hardware at the lowest level of complexity.
~~~
:: -->
<BLOCKQUOTE>
Once you have connected the parallel cable (once again, USB printers are
outside the scope - look up the USB-HOWTO on the Web), powered up the
machine and the printer (DO NOT connect or disconnect parallel peripherals
under power: you stand a high chance of frying the peripheral and the
machine), and made sure that the printer's power light is on, it's time
for the basic test. Pick a text file that is about 1k in size - the
default "<TT>/etc/inittab</TT>" is a pretty fair example - and shove it straight out
through the parallel port:
</BLOCKQUOTE>
<BLOCKQUOTE><BLOCKQUOTE><CODE>
cat /etc/inittab &gt; /dev/lp0
</CODE></BLOCKQUOTE></BLOCKQUOTE>
<BLOCKQUOTE>
This assumes two things: 1) that you are logged in as root, and 2) that
the first parallel port, "lp0" (known as "LPT1:" under DOS/Windows) is
where your printer is connected.
</BLOCKQUOTE>
<BLOCKQUOTE>
If this doesn't work, look at any error messages that may be generated:
"Permission denied" probably means that you *didn't* log in as root.
"Device not configured" would mean that you either don't have the "lp"
module loaded (check by typing "lsmod") or do not have the kernel
parallel-port driver enabled, which would be a strange thing to do (but
I've seen it happen.)
</BLOCKQUOTE>
<BLOCKQUOTE>
If no error messages are generated and there's still no output, try
assuming that it's the other parallel port - there are rarely more than
two on machines today; for that matter, more than one is becoming rare.
Anyway, try
</BLOCKQUOTE>
<BLOCKQUOTE><BLOCKQUOTE><CODE>
cat /etc/inittab &gt; /dev/lp1
</CODE></BLOCKQUOTE></BLOCKQUOTE>
<BLOCKQUOTE>
- it can't hurt.
</BLOCKQUOTE>
<BLOCKQUOTE>
One rare, odd thing that can make this test fail - check the parallel port
settings in your BIOS. I've seen an "ECP/EPP" setting disable a Brother
printer under both Linux and Windows; all other settings allowed it to
work. Yes, Brother printers are weird - but this was about as strange as
snake suspenders...
</BLOCKQUOTE>
<BLOCKQUOTE>
If none of the above works, check the hardware by booting into DOS or
Windows and printing from there. If you still can't get it to print,
there's a problem with your hardware - port, cable, or printer. Curse life,
weep loudly, and replace whatever is necessary.
</BLOCKQUOTE>
<!-- ::
Setting up the printer spooler.
~~~
:: -->
<BLOCKQUOTE>
Install "lpr" or "lprng". For a home user, it makes no difference which
one you choose. Either one handles the tricky bit with the permissions -
you don't have to be root to print anymore. "cupsys", available with the
new version of <A HREF="http://www.debian.org/">Debian</A> (and probably other distros) takes care of this and
the next (filtering) stage. Make sure your "<TT>/etc/printcap</TT>" is correct (see
"man printcap") and test the system by typing
</BLOCKQUOTE>
<BLOCKQUOTE><BLOCKQUOTE><CODE>
lpr /etc/inittab
</CODE></BLOCKQUOTE></BLOCKQUOTE>
<!-- ::
Setting up print filters.
~~~
:: -->
<BLOCKQUOTE>
If all you were going to do is print text, you'd be done at this point.
However, most folks like their graphics and want to pretty-print stuff
like Web pages, etc. For this, you need a series of "translators" that
accept an arbitrary file type and turn it into language that is
appropriate for your printer. "magicfilter" and "apsfilter", in my
experience, can both be rather fussy about installation - I've had
problems with both. Test the system by printing a <EM>small</EM> graphics file,
preferably something like a black 4x4 pixel GIF or JPG - if you only get a
dot (the correct output), try a larger image; if the filters are messed
up, you won't get more than a page of random garbage.
</BLOCKQUOTE>
<BLOCKQUOTE>
At this point, you're done. The next move, as the original Neo said, is up
to you.
</BLOCKQUOTE>

<!-- end 34 -->
<!--     .~~.~~.~~.~~.~~.~~.~~.~~.~~.~~.~~.~~.~~.~~.~~.~~.~~.~~.     -->
<A NAME="tag/35"><HR WIDTH="75%" ALIGN="center"></A>
<!-- begin 35 -->
<H3 align="left"><img src="../gx/dennis/qbubble.gif" 
	height="50" width="60" alt="(?) " border="0"
	>Xwindows</H3>


<p><strong>From Wes Ragle 
</strong></p> 
<p align="right"><strong>Answered By Mike Orr, Heather Stern
<br></strong></p>
<P><STRONG><IMG SRC="../gx/dennis/qbub.gif" ALT="(?)"
	HEIGHT="28" WIDTH="50" BORDER="0"
	>
Is Xwindows a generic
part of Linux?  All I ever see while researching the question is xfree86?
</STRONG></P>
<BLOCKQUOTE><IMG SRC="../gx/dennis/bbub.gif" ALT="(!)"
	HEIGHT="28" WIDTH="50" BORDER="0"
	> [Mike]
"Linux" refers only to the kernel.  All Linux software comes from third
parties, including stuff that's necessary to boot and produce a shell
prompt.  X-windows is just a protocol; Xfree86 is a concrete
implementation of that protocol.
</BLOCKQUOTE>
<BLOCKQUOTE><IMG SRC="../gx/dennis/bbub.gif" ALT="(!)"
	HEIGHT="28" WIDTH="50" BORDER="0"
	> [Heather]
Actually strictly speaking, X is the protocol, windows are what it is about
painting, and people rarely see them apart unless they are programming an
X based application.  Especially if they're programming a window manager;
window managers (whose names often end in wm: fvwm, qvwm, twm, flwm, icewm;
but not necessarily: blackbox, enlightenment, sawfish) are responsible for
listening to X protocol messages like "you got clicked" or "keystroke M" or
"please repaint coordinates so-and-so" and telling the right applications
what to do.  It's the window manager that owns the scrollbars, the title
bar, and the background.
</BLOCKQUOTE>
<BLOCKQUOTE><IMG SRC="../gx/dennis/bbub.gif" ALT="(!)"
	HEIGHT="28" WIDTH="50" BORDER="0"
	> [Mike]
XFree86 describes itself as "a non-profit organisation which produces
XFree86, a freely redistributable open-source implementation of the X
Window System that runs on UNIX(R) and UNIX-like (like Linux, the BSDs,
Mac OS X (aka Darwin) and Solaris x86 series) operating systems and
OS/2."  (<A HREF="http://www.xfree86.org"
	>http://www.xfree86.org</A>)
</BLOCKQUOTE>
<BLOCKQUOTE>
Linuxers adopted Xfree86 over other versions of X-windows because (1) it
runs on the x86 CPUs (a sine que non), (2) it's affordable (back when X
was unusable under Linux I almost bought BSDi [another UNIX-like OS]
instead, but didn't because of its price tag), and (3) meets our
standards for open source (not counting a few minor squabbles along the
way).
</BLOCKQUOTE>
<BLOCKQUOTE>
Linuxers chose X-windows over other graphical systems (e.g., MGR)
because almost all the graphical applications available for UNIX are
designed for X.
</BLOCKQUOTE>

<BLOCKQUOTE><IMG SRC="../gx/dennis/bbub.gif" ALT="(!)"
	HEIGHT="28" WIDTH="50" BORDER="0"
	> [Heather]
There are other implementations of X, also... tinyX is one.  You can read
far more than any of us can say here by following some of the links at
Kenton Lee's site:
<A HREF="http://www.rahul.net/kenton/xsites.html"
	>http://www.rahul.net/kenton/xsites.html</A>
</BLOCKQUOTE>


<BLOCKQUOTE><IMG SRC="../gx/dennis/bbub.gif" ALT="(!)"
	HEIGHT="28" WIDTH="50" BORDER="0"
	> [Mike]
Four other graphical "systems" to look at are the framebuffer, SVGAlib,
Berlin and GGI.
</BLOCKQUOTE>
<BLOCKQUOTE>
The framebuffer is an optional part of the Linux kernel
that runs the video card in graphics mode.  This is required for
non-Intel systems (which don't have a text mode, so it must be
emulated).  It's also useful on Intel because X-windows normally takes
control of the video card itself, and because X is such a huge beast,
buggy X programs and drivers can crash the X server, freezing the
screen+keyboard+mouse and necessitating a reboot.  But with the
framebuffer, the kernel retains control of the video card and can tell
the X server where to go.
</BLOCKQUOTE>
<BLOCKQUOTE>
SVGAlib is a library that allows non-X programs to use graphics mode.
</BLOCKQUOTE>

<BLOCKQUOTE><IMG SRC="../gx/dennis/bbub.gif" ALT="(!)"
	HEIGHT="28" WIDTH="50" BORDER="0"
	> [Heather]
However, there's only one fellow in charge of it and video cards keep moving
onward.  Last I saw, he's not adding support for new cards - although many
with VESA 2.0 compatability will work.
</BLOCKQUOTE>


<BLOCKQUOTE><IMG SRC="../gx/dennis/bbub.gif" ALT="(!)"
	HEIGHT="28" WIDTH="50" BORDER="0"
	> [Mike]
Berlin is/was a project to make a windowing system better than X.  I
can't find a URL for it, so I'm not sure if it still exists.  (I thought
it was www.berlin.org, but that goes to www.berlin.de, which contains
tourist information about the city.  Google and MetaCrawler don't seem
to have any links to it.)
</BLOCKQUOTE>

<BLOCKQUOTE><IMG SRC="../gx/dennis/bbub.gif" ALT="(!)"
	HEIGHT="28" WIDTH="50" BORDER="0"
	> [Heather]
Funny, I went to Google, typed in the keywords "berlin" and "gui" and it
popped right up:
<A HREF="http://www.berlin-consortium.org"
	>http://www.berlin-consortium.org</A>
</BLOCKQUOTE>
<BLOCKQUOTE>
The trick is to make sure you don't get references to the city, by putting
in a more limiting keyword to go with it 
<IMG SRC="../gx/dennis/smily.gif" ALT=":)" 
		height="24" width="20" align="middle">  They have news as of late
November, so I guess the project is still alive.
</BLOCKQUOTE>

<BLOCKQUOTE><IMG SRC="../gx/dennis/bbub.gif" ALT="(!)"
	HEIGHT="28" WIDTH="50" BORDER="0"
	> [Mike]
GGI ("General Graphics Interface",
<A HREF="http://www.ggi-project.org"
	>http://www.ggi-project.org</A>) is a portable graphics interface
of the "write once, run anywhere" variety.  It can run with X and/or the
framebuffer and in other combinations.
</BLOCKQUOTE>
<P><STRONG><IMG SRC="../gx/dennis/qbub.gif" ALT="(?)"
	HEIGHT="28" WIDTH="50" BORDER="0"
	>
Would you please straighten me out as to
exactly what is involved in generating nice graphics in Linux?  Does Mesa
only work with drivers for a select few video chips?
</STRONG></P>
<BLOCKQUOTE><IMG SRC="../gx/dennis/bbub.gif" ALT="(!)"
	HEIGHT="28" WIDTH="50" BORDER="0"
	> [Mike]
I'll let others answer these since I don't know.
</BLOCKQUOTE>


<BLOCKQUOTE><IMG SRC="../gx/dennis/bbub.gif" ALT="(!)"
	HEIGHT="28" WIDTH="50" BORDER="0"
	> [Heather]
I don't think that is the case... although certain video chips may get a
significant boost from having OpenGL support directly, Mesa is software that
allows non-supporting cards to display applications designed around OpenGL.
Mostly.  The author is very careful to state that it is not a licensed SGI
implementation of OpenGL so if something isn't a perfect match, sorry.  You
can read all about that at the Mesa project homesite, again not quite obvious:
<A HREF="http://www.mesa3d.org"
	>http://www.mesa3d.org</A>
</BLOCKQUOTE>
<BLOCKQUOTE>
Anyways I hope that helps a bit.  Since I don't know what kind of nice graphics
you're trying to do, I don't know if any of the APIs optimized for helping
gamers might help you out too.  But this should be a good start.
</BLOCKQUOTE>

<!--              . . . . . . . . . . . . . . . . . . .              -->
<HR WIDTH="40%" ALIGN="center">
<!-- begin 35 -->
<H3 align="left"><img src="../gx/dennis/qbubble.gif" 
	height="50" width="60" alt="(?) " border="0"
	>Xfree 4.0.2</H3>


<BLOCKQUOTE><dL>
<dt>Definitely worth mentioning --
Xfree86 4.0.2 just came out.  Release notes:
<dd><A HREF="http://www.xfree.org/4.0.2/RELNOTES.html"
	>http://www.xfree.org/4.0.2/RELNOTES.html</A>
</ul></BLOCKQUOTE>

<!-- end 35 -->
<!--     .~~.~~.~~.~~.~~.~~.~~.~~.~~.~~.~~.~~.~~.~~.~~.~~.~~.~~.     -->
<A NAME="tag/36"><HR WIDTH="75%" ALIGN="center"></A>
<!-- begin 36 -->
<H3 align="left"><img src="../gx/dennis/qbubble.gif" 
	height="50" width="60" alt="(?) " border="0"
	>diald on a smoothwall box</H3>


<p><strong>From jim watkins 
</strong></p> 
<p align="right"><strong>Answered By  Mike Orr
<br></strong></p>
<P><STRONG>
This may be the wrong place to ask a question! in which case please take no
notice.However if not......
</STRONG></P>
<P><STRONG>
I just made a box running smoothwall, a sucess until....I realized it
did not dial on demand...then I found diald ....to me this looks like
it should achieve what I want...
</STRONG></P>
<BLOCKQUOTE><IMG SRC="../gx/dennis/bbub.gif" ALT="(!)"
	HEIGHT="28" WIDTH="50" BORDER="0"
	> [Mike]
<br>1) What are you trying to do?
</BLOCKQUOTE>
<BLOCKQUOTE>
2) What's smoothwall?
</BLOCKQUOTE>
<BLOCKQUOTE>
Diald's main use is to automatically initiate a ppp connection when
there's outgoing traffic at your site but the link is down, and then
to tell ppp to hang up when the outgoing traffic has been idle for a
certain period of time.
</BLOCKQUOTE>
<BLOCKQUOTE>
For an ordinary firewall situation with ppp and an analog modem, where
you want the connection to go up and down automatically as needed, yes,
you would use diald.
</BLOCKQUOTE>
<BLOCKQUOTE>
Note that diald cannot measure <EM>incoming</EM> traffic when the link is
down.  This would require something like diald at the ISP's end.
</BLOCKQUOTE>

<!-- end 36 -->
<!--     .~~.~~.~~.~~.~~.~~.~~.~~.~~.~~.~~.~~.~~.~~.~~.~~.~~.~~.     -->
<A NAME="tag/37"><HR WIDTH="75%" ALIGN="center"></A>
<!-- begin 37 -->
<H3 align="left"><img src="../gx/dennis/qbubble.gif" 
	height="50" width="60" alt="(?) " border="0"
	>...a bulk friendly ISP?</H3>


<p><strong>From needbulkisp 
</strong></p> 
<p align="right"><strong>Answered By Jim Dennis
<br></strong></p>
<!-- ::
...a bulk friendly ISP?
~~~~~~~~~~~~~~~~~~~~~~~
:: -->
<BLOCKQUOTE>
[the editor notes that the querent sent his mail as all HTML. Yuck.]
</BLOCKQUOTE>
<P><STRONG><IMG SRC="../gx/dennis/qbub.gif" ALT="(?)"
	HEIGHT="28" WIDTH="50" BORDER="0"
	>
Hello!
</STRONG></P>
<P><STRONG>
I'm trying to find a bulk friendly ISP, to host a very small website.
Can you help?
</STRONG></P>
<P><STRONG>
OR
</STRONG></P>
<P><STRONG>
Can you refer me to anyone?
</STRONG></P>
<P><STRONG>
Thanks very much,
</STRONG></P>
<P><STRONG>
HAPPY NEW YEAR!
</STRONG></P>
<P><STRONG>
From: <A HREF="mailto:needbulkisp@yahoo.com"
	>needbulkisp@yahoo.com</A>
</STRONG></P>
<BLOCKQUOTE><IMG SRC="../gx/dennis/bbub.gif" ALT="(!)"
	HEIGHT="28" WIDTH="50" BORDER="0"
	> [Jim]
I don't know what you mean by "bulk friendly."  However, you should
be aware that the phrase carries very negative connotations to
experience internet professionals.
</BLOCKQUOTE>
<BLOCKQUOTE>
To must of us that suggests that you are planning to spam (e-mail)
people and you want to hook up with an ISP that will tolerate your
abuse of the Internet and shield you from the wrath of the people
that you offend.
</BLOCKQUOTE>
<BLOCKQUOTE>
Since you say it's a "very small website" I presume that you don't
mean that you have a "bulk" of content that you wish to make
available.  Perhaps you mean that you have a small volume of content
that you believe will get an immense amount of traffic.  Obviously
there are lots of ISP and co-location facilities out there.  For
commercial traffic they are <EM>very</EM> "bulk friendly" (since they
charge for all the traffic --- the more traffic you generate, the
more money they charge and the friendlier they get).
</BLOCKQUOTE>
<BLOCKQUOTE>
Anyway, I'll refrain from suggested actual companies here.  Among
other things I don't know enough about your needs and resources
(money) to make any reasonable suggestions, and I'm not in the
business of shopping for ISPs (bulk-friendly or otherwise).
</BLOCKQUOTE>
<BLOCKQUOTE>
However, I've left your name in this message since your
e-mail address is clearly and solicitation for relevant advertising.
I'm sure that "bulk friendly" ISPs will just be banging down your
inbox within a few days.  (Normally we filter e-mail addresses
out of LG Answer Gang articles to protect or correspondents from
spammers; however this appears to be a "trowaway" e-mail account
which will be abandonned as soon as you've made your selection
--- so I'll suggest to my editors that we make an exception in your
case).
</BLOCKQUOTE>

<!-- end 37 -->
<!--startcut ======================================================= -->
<P> <hr> </p>
<H5 align="center"><a href="http://www.linuxgazette.com/copying.html"
	>Copyright &copy;</a> 2001, James T. Dennis 
<BR>Published in <I>Linux Gazette</I> Issue 61 January 2001</H5>
<H6 ALIGN="center">HTML transformation  by
	<A HREF="mailto:star@starshine.org">Heather Stern</a> of
	Starshine Technical Services,
	<A HREF="http://www.starshine.org/">http://www.starshine.org/</A> 
</H6>
<!-- ::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::: -->
</BODY></HTML>
<!--endcut ========================================================= -->