I've been trying in vain to do something very simple, but have been unable
to find the answer via excessive googling, so I'm hoping someone here can
point me in the right direction.
I am trying to configure my system so that I can utilise the TVout on my
graphics card. I want to be able to display to the TV while still
retaining use of the desktop via a CRT. Eventually I intend to run
MythTV on the TV screen (mainly for the movie and ogg playing
capabilities).
To this end I don't want KDE to bother running a window manager & desktop
on the TV screen. I have setup X such that I have :0.0 and :0.1 display
devices, with :0.1 being the TVout screen. Unfortunately I end up with a
KDE desktop on the TVout, along with my usual KDE desktop on the CRT.
I can successfully run a movie on the TV screen using -
$ DISPLAY=:0.1 vlc -f --video-on-top ./movie.avi
However, if I then try and run something on the CRT it steals the focus
from the vlc display on the TV (which in itself wouldn't be a huge
problem if the KDE panel didn't then put itself to the front on the TV
screen).
The only hint at a solution I've managed to find indicates that I /must/
run two instances of X, one for each screen, if I want to solve the
problem. However, another person has managed to do this with one
instance of X (with MythTV on the TV) but runs WindowMaker as their WM,
which accepts a -display parameter when run so it limits itself to :0.0
I've managed to muddle through getting all the really nasty stuff
working...
OpenLDAP works
OpenLDAP directory contains appropriate user entries
Users can authenticate through PAM against their OpenLDAP records (and I can even control what they can log into using the authorizedService attribute, so, some users get FTP, some get SSH, some get SMTP, some IMAP, etc.)
Anyhow, I'm down to one thing I need to make work that isn't.
I need to get Apache (2.0.53, Fedora Core 3) to authenticate
users against LDAP. I think I know how to make the Apache
queries work and query the right things from the LDAP server
and such, but, here's the rub:
Apache LDAP support is divided into two parts. mod_auth_ldap which
seems pretty straightforward (at least after dealing with everything
else), and, mod_ldap (which unlike the rest of apache modules is
util_ldap.c instead of mod_ldap.c WHEE!!).
My problem is that mod_ldap is refusing to make SSL connections to the
LDAP server, and, my LDAP server (deliberately) won't allow
authenticated binds using cleartext passwords without SSL.
Any ideas how to make this all work together or know anyone who knows
this stuff cold and could help me?
Thanks,
Time passes, this is pretty late in the month that it was sent, one
TAG member offers a little bit of aid, but...
I got some help from an openLDAP list finally... I was able to make
the dynamic group thing work. (Just got it working last night).
The 24th, on the edge of our TAG deadline.
-- Heather
Thanks for your assistance.
I wasn't able to get sets working (if anyone knows appropriate set
voodoo, please feel free to contact me off-line and I'll share what
I learn)...
However, for dynamic groups, I was able to create the following group:
Hope this is enough to be useful as a short blurb. Much more useful
full information coming (hopefully) soon.
Owen
If you're an LDAP user with an answer to the remaining part of his
puzzle - and not already involved with his thread on the OpenLDAP
mailing list... by all means drop him a line!
Otherwise, look forward to what chef Owen's been cooking up, next month.
Please also feel welcome to join us in IRC on #moin at freenode.
irc.debian.org, the default destination of IRC clients in debian, also goes
to freenode. Your distro may vary. MoinMoin is a python based wiki package
with themes, access control lists, and other antispam abilities.
-- Heather
I've been seeing happy cross references from the FvwmForums about
the articles our 'zine has about FVWM. Since the Forums themselves
have an unusual URL:
/dev/hda1 contains a file bootsec.lin which is a copy.
dd if=/dev/hda8 bs=512 count=1 of=/boot/bootsec.lin
cp /boot/bootsec.lin/mnt/hda1/bootsec.lin=20
[...]
and running /sbin/lilo
results after a restart in: L 99 99 99 etc.
I think that the missing step is that you are not repeating the "dd"
and "cp" operations every time you run lilo. After running lilo, you
have to transfer again the first 512 bytes of /dev/hda8 to the file
bootsec.lin in /dev/hda.
If I may digress a little bit, I have to say that it is here where I
have found the greatest advantage between lilo and grub: this step is
not needed with grub.
On Sun, Feb 27, 2005 at 09:50:00AM -0500, Jim Doutt wrote:
to Phil Hughes of SSC, Inc, cc'ing our editorial
staff
Phil,
I am MOST distressed to hear you are trying to close down
linuxgazette.net by appropriating their name. The fact that you HOSTED
them awhile back gives you NO RIGHT to the name. And in fact you have
linuxgazette.com already.
I ENJOY reading BOTH linuxgazette.net, and my subscription to
"Linux Journal", to which I am a long-time subscriber (and bought the CD
of back issues). There is room for BOTH of you in this big world.
Please lay off linuxgazette.net. I'd hate to have to drop my
subscription to "Linux Journal" which I enjoy reading every month.
Jim Doutt
Jim -
Thank you very much for your support, and for restating our position
with regard to SSC's unwarranted attacks. Here at the Linux Gazette, we
believe that there is indeed room for both - and our actions have
consistently reflected that belief. SSC, via their hired guns, have
closed off all avenues for peaceful coexistence by their threats; we
shall simply continue to stand firm against their baseless accusations -
the law and the public sentiment happen to coincide in support of us.
Your support, and the support of all our readers who have written to us
in regard to the present situation, serves to underscore and reinforce
our determination to see this through. Thank you, Jim... thank you,
everyone.
Regards, * Ben Okopnik * Editor-in-Chief, Linux Gazette * http://linuxgazette.net *
We received many letters from readers and responded to
some directly. I believe this exchange was the best summary of how we feel.
Thank you, gentle readers, thank you all. -- Heather
This page edited and maintained by the Editors of Linux Gazette HTML script maintained by Heather Stern of Starshine Technical Services, http://www.starshine.org/
16:10 * billp_ makes a hasty sendmail change to allow unresolvable domains
16:19 * billp_ goes back to default sendmail behavior
16:40 < billp_>
editorgal : do you know how to tweak sendmail & fetchmail so
that it accepts everything? I seem to have got to the point
where every few spams jams fetchmail before it can be handed
over to my local spamassasin
16:41 < billp_>
I get these timeouts:
16:41 < billp_>
SMTP error: 451 4.1.8 Domain of sender address
acetylene3@twobusbone.com does not resolve
16:41 < billp_>
not flushed
16:41 < billp_>
fetchmail: client/server protocol error while fetching from
localhost
16:41 < billp_>
fetchmail: Query status=4 (PROTOCOL)
16:41 * billp_ googles some more
16:42 <@editorgal>
fetchmail retreives from pop so it'll take anything you say
16:43 <@editorgal>
I always use a command line that forces things to be forced
16:43 < billp_>
Spam is jamming it dead at the moment - forcing me to ssh into
16:43 < billp_>
the hosting comany every 20
emails to manually delete one
16:44 <@editorgal>
fetchmail -v -a -m "/usr/bin/procmail -f -
/home/heather/.procmailrc"
16:46 < billp_>
So through procmail before the MTA?
16:46 <@editorgal>
I'm telling fetchmail to not try any funny business, do
it my way
16:47 <@editorgal>
that my way includes procmail directly skips the local MTA
16:47 * billp_ tries the same
16:58 < billp_>
Well done :D
16:58 < billp_>
It must have been sendmail waiting so long for DNS lookups for
16:58 < billp_>
non-existant domains that the pop server was timing out
16:59 <@editorgal>
yes and the pop being elsewhere, that's harder to control
17:00 <@editorgal>
it having accepted the mail at the spool there, any 'damage'
considered of storing it has already been done.
17:01 < billp_>
yes - and much more damage was being done by sendmail
timewasting tactics when in fact it takes hardly any time at
all to chuck once accepted
17:02 < billp_>
Superb editorgal :D This has been an irritant for ages
Anyway - got a 2-cent tip for you. I sent this one in to Mike ages ago, but searching for it in LG doesn't show anything.
One of the things I'd found when experimenting with RedHat is that their "apropos" utility seems to be just an
alias for "man -k", i.e., does not allow wildcard searches via "apropos -w". Since "apropos -w" was something I
found very useful in my early days of learning Linux, I decided to write a script that would be an even
friendler, more helpful version of "whatis" and "apropos -w" combined. I called it "howto"- and I still use it
on occasion, simply because it's a fun way to find info (and get hooked into checking out other interesting
things!). The syntax for it is very simple - just type
howto wipe out alien civilizations and make killer cheesecake
If there's anything that's available on the topic, or any of the keywords, you'll find it...
RedHat users note: your installation procedure does not automatically create the "whatis" database (or for that
matter, even the "mandb" database) which is required by this script - and by "whatis". See the manpage for
"man" and "whatis" for further info.
Wiping out alien civilizations and making killer cheesecake are definitely knowledge that should be propagated.
(are things? is knowledge? Damn this slippery language and its referents!)
Exporting a del.icio.us feed to a Netscape bookmark file
This didn't fit in with my article
(http://linuxgazette.net/110/oregan1.html), but it's still cool. It
dumps your del.icio.us feed into a Netscape compatible bookmarks file.
When you have problems booting Linux from DOS, you also have to look
in which mode you are using DOS: with or without HIMEM.SYS loaded,
with or without EMM/QEMM/EMM386 loaded, with or without a swap file,
with or without a disk cache or a memory disk (VDISK) loaded.
you have there a GPL bootloader which works from a lot of DOS
configurations (probably all of them) - and if you have problems,
its debug executable (dbgload.exe, dbgdisk.exe, dbgfs.exe...) create
a file named DBG which explains what did wrong.
You have precompiled loader (interactive and command line version) at:
You may not want to install it as the master boot record (MBR) of your
hard disk in its own managed partition (partition protected by setting
the IDE max address of the hard disk) if you are using an older 2.4
Linux kernel because those kernel had a bug where, when the IDE max
address is set, the Linux IDE system thinks the disk has 1 (i.e. one)
sector (i.e. the total size of the hard disk is then believed to be
512 bytes - that is a bug).
Note that I have never seen a case where - if a problem appear
following a hard disk install - the uninstall checkbox on the menu
did not perfectly work and restore a perfect system, at least since v0.8.
Version 0.9 is needed for newer 2.6 Linux kernels.
Etienne.
Linux mail and HTML
Haim Kalderon (HaimK from sitqad.co.il)
Question by (ben-fuzzybear from yahoo.com)
Answered By Brian Bilbrey
I'm now moving major application from Windows to Linux server.
The application used blat mailing software.
Until here no problem, because I can work with Linux mail instead.
But the Windows blat had a flag to send mail in html format... maybe you
know of an equivalent to send mails from Linux using the mail command?
Appreciate your help,
Haim
[Brian]
Hello Haim,
Create a text file that contains your email. It should look like an
email message, with headers on individual lines, etc:
To: you@example.com
From: me@example.com
Reply-To: me-too@example.com
Subject: Test HTML message
Make sure that one of headers is Content-Type, like this:
Content-Type: text/html; charset="us-ascii"
That tells the email client to render the text stream that it receives
as HTML. Note that there are many options for charset - use the one
that's appropriate for your target audience (common alternatives are the
ISO-8859-n charsets). Also note that it doesn't help you when receivers
of the email explicitly don't parse HTML mail, or have filters that
preferentially mark HTML email as likely spam. But, ranting aside, we
continue...
Then in the body of your email,
<html>
[your content]
</html>
All of that is in a text file (or composed on the fly by your
application), either way, redirected into the sendmail binary for mailing:
sendmail you@example.com < sample_message.htm
[Brian]
> To:
> <ben-fuzzybear@yahoo.com>
Ben FuzzyBear, eh? Is that your Animist Native American / Aleut moniker?
[Ben]
Old nickname coined by an x-gf due to a number of my bear-like
characteristics - mostly my hairy chest and my ability to substitute for
a room heater or an electric blanket... but 'twas long ago, far away,
and the account is essentially dead.
Converting Mailman's text archives to mbox
Benjamin A. Okopnik (ben from linuxgazette.net)
Question by The Linux Gang , Heather , (star from starshine.org)
This was true of our mailman, which is a rather basic configuration at
the time this tip was put together, so it should do just as well for anyone
else who hasn't indulged in heavy modifications to mailman. Ah, python...
-- Heather
Is the archive tarball not in mbox format? I'm writing this off-line
so I can't check, but let me know if it's not - I've done header
mangling before, specifically converting some weird format into mbox, so
I'll happily fold, spindle, and mutilate those poor emails as necessary.
[Jimmy]
The list archives are available as text (so close to mbox format that
you really have to wonder why they bothered using anything else), or as
HTML. Mailman does keep mboxes of its archives, but those are private -
you should have no problem grabbing it though.
Got'em. Seems that the mods are pretty basic; passing it through a
couple of simple regexes -
gzip -dc 2004-December.txt.gz|perl -0 -wpe's/^(From [^\s]+) at /\n$1\@/gsm;s/^\n//s' > mail.box
cures the disparity.
This page edited and maintained by the Editors of Linux Gazette HTML script maintained by Heather Stern of Starshine Technical Services, http://www.starshine.org/
The Answer Gang
Linux Gazette 112: The Answer Gang (TWDT)The Answer Gang 112:
...making Linux just a little more fun!
The Answer Gang By Jim Dennis, Jason Creighton, Chris G, Karl-Heinz, and...
(meet the Gang) ...
the Editors of Linux Gazette...
and
You!
We have guidelines for asking and answering questions. Linux questions only, please.
We make no guarantees about answers, but you can be anonymous on request. See also: The Answer Gang's
Knowledge Base
and the LGSearch Engine
hello, and greetings once again to the world of The Answer Gang. I'm sure
some of you are wondering why we're so late - fact is, we actually managed
to get some of us together for lunch, having had the odd chance of being
close enough in the same state to drive the rest of the intervening
distance.
Real Life also has its interventions. Not all bad - but the timing, well,
that can be.
I'm pleased to say one of my own interruptions of the outer world here
probably won't bore you to death -- and now it's revealed...
Running an internet lounge
For fun and profit? Fun, absolutely! Profit, um, no. My Star Trek
Crew (http://trek.starshine.org) runs an internet lounge at a handful
of science fiction conventions around here, and we either bring our own
older and not-so-valued equipment, or we use whatever is donated. These
being the old grey mares of the computing world, it's inevitable - so
far at least one monitor or computer has gone on the fritz each time.
The one time we thought we were unscathed, a monitor died near the end,
it was wellll.... sort of usable... we shut it off. Within the span of an
hour it got so bad the working blind really was better, or you be a
candidate for blinux afterwards.
The most spectacular failure was a power supply glitch, all the magic smoke
leaked out, luckily it didn't incite anything else. California has this
no-smoking indoors policy you see...
The first of these lounges fit Battlestar Galactica more than Star Trek - a
rag tag fugitive fleet, some can jump to light speed, and some, well, they
can't. What distro, I hear you ask! Well, since different members of my
crew - and a neighboring LUG - provided setups, we had:
some Sparcs running debian
about 6 PCs running Mandrake
10 PCs running some form of Red Hat, kickstarted
maybe 4 more PCs running some debian or other
the token, err, talking BORG - as recommended by a blind friend of mine.
people brought their laptops of course.
We've not run nearly so large a lounge since. 6 or 10 machines total is
more like it.
That was a pretty big conference, and people enjoyed the variety. I was
surprised at why a particularly slow Sparc was enjoying such popularity, but
apparently it had the best selection of chat clients...
There's the key. If you want to run a netlounge, know your audience, and
give them what they want. In my experience, they mostly care very little
about the OS. What they want are features:
GOOD web browsers, so their webmail and blog sites won't turn them away.
Chat, oboy do these people like chat clients.
SSH for the geekier souls, we've gotta get our email, and/or, we have to
solve someone's problem at the most inopportune moment.
Being able to play sounds and run videos is certainly appealing.
Alas, with so much of the web being "live content" you should at least
make an effort to support flash and shockwave. Java would be nice too.
Some do want a word processor, although in retrospect, a friendly enough
text editor such as Nedit will serve many of them. Printer's a good idea to
go with this...
Games? well, okay, maybe some games. I recommend PySol. Add it if your distro didn't put it in. Even the deepest windows fan warms to PySol ... so far.
If you're going to offer sound, xmms and Mplayer rock. literally. Beware
that the plugins above may make the browsers cranky about embedded video.
They want to get at things too. Handicapped access, icons NON geeks can
figure out (or else a big ol' icon map on the wall for this number one FAQ,
where's the $whatsit ) and room to scootch the chairs around (yeah, a
technical term). In other words, make sure there's some lounge in your
net lounge.
In earlier lounges the word processor was not really a big hit. The glitz
was too good too early, abiword felt right, then crashed at the worst
moments. It's better now - but some people have a rotten opinion of it :(
StarOffice did better - but needs a machine with some oooooooooomph. Java...
Live CDs really made the thing take off nicely. Now if the cords would
learn to telekinese themselves.... or the computers all came with wheels
like luggage... mmmmmm case mods. Yummmmm. (No I haven't done it. But
it's a thought.) We've been using Knoppix in the last few lounges,
customizing it with our own art. We might try ubuntu, too.
Make sure you've enough people, that they stay fed so they aren't cranky,
that they occasionally get to run off and do other things (eyestrain makes
people cranky too). Your silicate lifeforms will be easier to keep happy
when Murphy's Law isn't able to get your goat when it strikes.... because
troubleshooting that fist through the case would be much easier, but,
umm, that's not the kind of disk first aid I had in mind!
Plan that setup and teardown will take double the time it takes to setup and
teardown in the otherwise perfect conditions of your geeky home. Those
cords get tangled, the upstream DHCP looks askance at you, whatever. Expect
delays - just get the Express Lane up and have a wild guess at your
estimated full-service time. That solves desperation and hovering.
If the event is of any decent size, have an Extra Special Express Lane for
the people who make things happen. It'll make them feel like it's a special
benefit - and those moments when a piece of the event is about to suffer if
they can't find some important reading that happens to be online, will not
involve kicking someone off a machine who doesn't already kinda behind the
scenes already.
This weekend's convention will be a fun filled time of music and getting
together with good friends. Maybe a few will wish me a happy pre-dated
birthday. That's the scoop this month folks - above all else, have fun!
3C509B Does Not Work With Linux -- Problem Solved!
From Chris Gianakopoulos
Answered By: Mike Orr
Hi Gang,
I'm just sharing an experience with you. I've got Pentium 2 computers
with onboard audio these days.
I installed Linux using SuSE 8.2, and the ethernet would work sometimes
but mostly, the card did not get recognized. The card is a 3C509B ISA
card. At first, I thought that I zapped the ISA slot in my motherboards
(yea -- two of them) because the card would work on my trusty Pentium
Pro computer.
What was interesting was that if I installed Windows 2000 in the Pentium
2 system, the NIC worked flawlessly! Okay, now I knew that it was not
hardware. I just gave up for a while.
During the holidays (December), I reinstalled Linux on the Pentium 2
system. This time, I decided to get the thing to work. Playing around
with the PNP tools, I saw that candidate resources for my onboard audio
(MPU-401 to be specific) was either 0x300 or 0x330. Looking at
/proc/ioports, I saw that 0x300 was chosen for the I/O port.
I rebooted the system and disabled the onboard audio via the BIOS setup.
Of course, my Ethernet then worked. Looking at /proc/ioports, I asw
that 0x300 (my favorite addresses of course) was allocated to the NIC.
I went ahead and reenabled the onboard audio, thus causing failure of
the Ethernet again. I used YaST (SuSE's setup tool), and manually
allocated 0x330 to the MPU-401 port, and the Ethernet worked flawlessly.
Problem solved!
This was my first exposure to plug and play hardware when using Linux.
Plug and play was disabled on the 3C509 as recomended in the older days,
and the audio hardware was allocated my sacred I/O address. As I can
see /proc has lots of useful stuff, but, this is the first time that I
had to use it to troubleshoot a problem. Cool and fun.
[Sluggo]
I used to install 3C509B cards at a hospital. We always disabled plug &
play and set the base address using the DOS utility on the floppy. We
used 0x300 by default, or 0x220 if there was a conflict.
Yea, Ben O. mentioned the lower numbered addresses too (e.g. 0x220). I
use those for NE2000 type of cards -- for some reason, I got attached to
0x300 from my 3C503 days. (I still use coax these days -- no hubs....).
Obscure LILO problem, 1-5 minute LILO delay upon bootup.
From Justin Piszcz
Answered By: John Karns, Heather Stern.
Hi,
I am running Debian Sarge and previously migrated my root drive from a
8.4GB to a 40GB then to a 61.4GB now to a 250GB disk.
I always use tar to transfer one file system to the other and then chroot,
edit lilo and fstab and then re-run lilo.
For the:
8.4GB -> 40GB
40GB -> 60GB
I never had any issue.
However, with the 60GB -> 250GB drive, I did everything the same and at
the LILO prompt or "LIL" I should say, it sits there for about 1-5 minutes
and then says Loading Linux... BIOS something for about another 60 seconds
and THEN finally loads. Does anyone know what is up with this 5-6 minute
delay to load Linux?
[John]
Did you check the system logs to see if the message appears there?
All drives have been on the same promise controller, ATA/133, which has 48
bit addressing so there is no issue with the drive size being > 128GB.
[John]
You don't specify the model of the controller, nor anything about the
kernel you're using: stock kernel? Custom compiled? If custom, is the
ide controller driver statically linked, or being loaded as an (initrd)
module? ... etc.
The controller is a Promise 20269 ATA/133 controller, it is
custom-compilied; statically linked into the kernel.
I believe it is a LILO problem as the LILO menu/etc has problems loading
even before it touches the kernel.
Also, the /boot is the first 128MB of the drive, then swap, then root.
[John]
I'm not sure about the present state of ide booting requirements, but it
used to be that the important factor was the cylinder number, which is
related to, but not the same as, the size (in MB) of the boot partition,
depending on the data densityof the drive. With the older drives, the
relation ship was linear, as in N sectors per cylinder. That is no longer
the case however, with many / most / all of the more current generations
of hdd's.
I have also tried adding lba32 to lilo.conf && re-running lilo but this
made no difference.
The weird part is it boots (after a 4-6min delay).. but it does boot. If
there were a serious geometry/disk/issue one would think it would boot or
fail, not have a delay and then work.
[Heather]
Given the sizes in question I'll place my bets on 48-bit IDE support being
the culprit, though not on the exact mechanism of the misbehavior.
samba share folders
From jpshark
Answered By: Brian Bilbrey, John Karns, Suramya Tomar
hello, perhaps you could answer a simple question for me. i have a home
network with 2 linux boxes and 2 WinXP boxes. all 4 computers are set
with the same workgroup - the linux boxes use samba. i can access the
windows boxes from the linux boxes no problem. when I try to access the
linux boxes from the windows boxes, i get prompted for a user name and
password.
[Brian]
You need to setup users and passwords explicitly for Samba, these are
stored and sometimes administered separately from the Unix accounts.
$ man smbpasswd
for more details.
if i try the normal user name and passwords, windows resets
the dialog box and prefixes the user name with the name of the computer.
of course, this does not work. how do i access a linux box running samba
from a windows box running XP? also, i haven't figured out how to mark a
folder as "shared" in linux. thanks for any help.
regards,
jp
[Brian]
You need to configure directories that are shared in your systems
smb.conf. You will want to read the smb.conf files on your system, both
the running one (often found in /etc/samba/smb.conf) as well as any
example smb.conf files that are found with the Samba documentation. And
of course,
$ man smb.conf
[John]
As with most aspects of unix-like OS's, there is more than one way to
configure samba. In fact samba comes with a utility called 'swat', but
I've never used it, so I can't really say much about it. However, most
Linux distros these days do a pretty decent job of providing a template
configuration file that you can edit to add / change what you need without
too much work. You will need to have a text editor installed, and know
how to use it.
Depending on the distro that you have, the samba configuration file will
likely be found as either /etc/smb.conf or /etc/samba/smb.conf. "locate
smb.conf" might be of use to you, assuming that the "updatedb" utility has
been run on your system. To run the following command(s) and edit the
samba configuration, will need to login as root.
Usually, to get samba to allow connections from the outside world, you
need to add the user and password manually, using the utility samba
provides. To add a new user account, e.g., "john", type "smbpasswd -a
john". The "-a" is for "add". "man smbpasswd" for details. You will be
prompted for the password. If you duplicate the same username and
password as you use on the windoze side, then you won't be prompted for
a username and password when you want to access a samba share.
You designate a folder share by entering some parameters into the
smb.conf. For example. lets say that I have a dual-boot machine, and I
mount the 'blows partition under /dosC. I could add a stanza to smb.conf
such as the following:
[dosc]
comment = W2k - vfat
browseable = yes
read only = Yes
path = /dosC
valid users = john
guest ok = no
printable = no
Samba gives a fine degree of control by providing lots of parameters. Any
parameters not specified for a share assume defaults which samba will
provide. Usually the defaults for a share are such that you won't need to
provide more than a handful of parameters. "man smb.conf" will give you
lots of info about them. One thing perhaps worth noting is that many of
the parameters have one or more synonomous "twin" parameters, so there
aren't quite as many as there may seem at first, as there are "duplicates"
After making changes to smb.conf, it may be expedient to restart the smb
daemon. There are actually two daemons, but they might both be handled in
just one init script.
/etc/init.d/smb restart
and
/etc/init.d/nmb restart
should suffice in any case.
That will hopefully be enough to get you started. There's lots of info
out there on the 'net about samba too. Google is your friend.
To share a folder using Samba in Linux you need to edit the smb.conf
file. On my computer it is located in the /etc/samba folder.
You need to add the following lines to the file for each of the
directories you want to share:
[ShareName]
writeable = yes
valid users = suramya
user = suramya
path = /home/suramya
write list = suramya
The path is the directory you want to share. ShareName is the name you
want to call it. Valid users tells the system which users are allowed to
access this share. To create a readonly share remove the writable=yes tag.
Use the smbpasswd command to set the user password for samba share.
There is a way to have it sync the password with the linux password file
but I could never get that to work
Submitters, send your News Bytes items in
PLAIN TEXT
format. Other formats may be rejected without reading. You have been
warned! A one- or two-paragraph summary plus URL gets you a better
announcement than an entire press release. Submit items to
bytes@lists.linuxgazette.net
Legislation and More Legislation
European Software Patents
The proposed European Union directive on the patentability
of computer-implemented inventions (software patents
directive) has moved a step closer to adoption.
As reported last month, there was a strong push from the European Parliament,
and from some national governments (notably Poland) to restart the legislative
process that is targeted at regularising the basis for software patents in
Europe. Currently the European Patent Office is demonstrating a tacit
acceptance of software patents. This is in spite of an official framework that
has traditionally been interpreted as prohibiting the granting of patents for
software implemented inventions. Many leading individuals and organisations
involved in Free and Open Source Software
believe that software patents are
not a good way to drive innovation. Meanwhile, other vested interests see
their future in the creation of large stockpiles of patents that threaten to
bog down the software industry in a defensive/offensive patents stand-off. The
formula that will finally be adopted by the EU with regard to this issue will
have profound implications for innovation and economic flexibility throughout
Europe.
As matters stood last month, those opposed to the pro-software-patent directive
proposed by the European Commission were hoping that the Parliament
JURI committee
would recommend a restart of this legislative process. Such a restart
would provide an opportunity to re-examine the whole concept of software
patenting, and strengthen the European Parliament's hand with regard to applying
the restrictions on software patents it proposed earlier in this process.
In a continuation of the support the anti-patent lobby has received in
Parliament, the
JURI committee did indeed recommend such a restart, much to the
appreciation of groups such as the FFII.
Unfortunately, as welcome as this move is, the JURI committee, and Parliament,
cannot enforce such decisions. Against this background, the Commission has
decided to push ahead regardless, and move the hotly contested directive
closer to final adoption. FFII has
reported that this reluctance to restart stems from an awareness in the
Directorate General for the Internal Market, currently headed by Irishman
Charlie McCreevy, (a refugee from a particularly ruthless backstabbing in Irish
domestic politics) that any revised directive would
likely take a very different shape to that currently on the table.
Though some legitimate questions may be asked about McCreevy's politics and
closeness to vested interests, such enquiries have been tainted by
rather intemperate, prejudiced, and simple minded outbursts
by at least one prominent anti-patent campaigner who is apparently ignorant of
the dangers of scapegoating minority ethnic or national groups for the ills of
society.
The next outing for this directive will be on the 7th of March when there is a
meeting of the Competition Council. For EU citizens, lobbying of your national
representative on this panel may still be a worthwhile endeavour.
Useful sites for those opposed to software patents:
Slashdot has reported that
Eben Moglen
is
planning an upgrade for the GPL.
The linked
eWeek article
outlines some of the issues that are being borne in mind. A lot of emphasis is
placed on balancing the interests of all interested parties, even down to
choosing language that can be easily and unambiguously translated for use in
disparate countries across the world.
As always, you should download kernels and patches from your
nearest mirror.
Distro News
BeatrIX
BeatrIX Linux
is a free, compact (Less than 200 megabytes), operating system aimed at both
office and home users. It will operate on most IBM-compatible PCs manufactured
in the past 10 years, and can be run as a live CD or it can be installed to hard
drive.
You can see a
screen-shot tour of BeatrIX
at OSDir.com, and read
a review at Linux Times.net.
VidaLinux
is a Gentoo-based distribution that incorporates a number of
precompiled applications and a graphical installer (Red Hat's Anaconda).
You can read
a review of VidaLinux 1.1 at Mad Penguin.
Internet telephony software publisher
Skype has launched
Linux and OSX versions of its widely used communications software.
Apache
The Apache Software Foundation and The Apache HTTP Server Project have
announced the release of version 2.0.53 of the Apache HTTP Server ("Apache").
This release is compatible with modules compiled for 2.0.42 and
later versions. Apache HTTP Server 2.0.53 is available for download from
http://httpd.apache.org/download.cgi.
Linux Server Security
O'Reilly has released a new edition of its book
Linux Server Security.
The book covers a wide range of GNU/Linux security issues.
For an overview, you can consult
the table of contents.
Mick is LG's News Bytes Editor.
Originally hailing from Ireland, Michael is currently living in Baden,
Switzerland. There he works with ABB Corporate Research as a
Marie-Curie fellow, developing software for the simulation and design
of electrical power-systems equipment.
Before this, Michael worked as a lecturer in the Department of
Mechanical Engineering, University College Dublin; the same
institution that awarded him his PhD. The topic of this PhD research
was the use of Lamb waves in nondestructive testing. GNU/Linux has
been very useful in his past work, and Michael has a strong interest
in applying free software solutions to other problems in engineering.
Part computer programmer, part cartoonist, part Mars Bar. At night, he runs
around in a pair of colorful tights fighting criminals. During the day... well,
he just runs around. He eats when he's hungry and sleeps when he's sleepy.
Recently, I have been playing chess on FICS, a free service that uses the ICS
(Internet Chess Server) protocol. ICS is a telnet protocol, so you
can "telnet freechess.org 5000", login, and play with an ASCII
chess board if you want Here is what FICS output looks like: (I
made up most of this output as an example, but the actual output is
in the same format.)
fics%
Example shouts: This is an example shout
fics%
--> Example of using the "it" command...like /me in IRC.
fics%
Example(50): This is a chat message on channel 50.
fics%
Example (1436) seeking 15 13 rated standard f ("play 61" to respond)
fics% obs 21
You are now observing game 21.
Game 21: GMKasparov (2804) GMAdams (2741) unrated standard 120 0
Game 21 (GMKasparov vs. GMAdams)
---------------------------------
8 | *K| | | | *R| | | | Move # : 29 (White)
|---+---+---+---+---+---+---+---|
7 | | *P| | | | Q | | | Black Moves : 'hxg5 (0:00)'
|---+---+---+---+---+---+---+---|
6 | *P| | | | | | | |
|---+---+---+---+---+---+---+---|
5 | | *Q| | | | | *P| | Black Clock : 43:48
|---+---+---+---+---+---+---+---|
4 | | | | | | | | | White Clock : 1:06:43
|---+---+---+---+---+---+---+---|
3 | P | | | | | P | | | Black Strength : 17
|---+---+---+---+---+---+---+---|
2 | | P | | | | | P | | White Strength : 18
|---+---+---+---+---+---+---+---|
1 | | K | | | | | | R |
---------------------------------
a b c d e f g h
fics%
Now, you could play chess this way, if you don't mind using an
ASCII chess board and entering all your moves manually, but most
people use an interface program to provide them with a graphical
chess board. I use XBoard for my
graphical interface, which
provides a nice board, but it directly passes the ICS output to
stdin, and sends its stdout to the ICS. That is to say, you start
xboard in an xterm, and it's almost as if you'd used telnet to
connect except you have a graphical chess board. This isn't so bad,
except:
The server will output a line while you are in the middle of
typing something, so that half of your message ends up on one line
and half on another This can be confusing and difficult to
use.
Those fics% prompts waste a lot of space. (Up to half
of the lines on the terminal.)
Irssi is the IRC client I use. Well, it's mostly an IRC client.
There are modules for other protocols, such as ICQ.
I thought I could run XBoard in an Irssi window, filter out the
prompts, and have more fun. It's possible, you just have to tweak
things a little.
Configuring FICS
One problem with playing on FICS this way is that FICS will send a bell
(i. e., the ASCII BEL character) when the board is updated, letting you
know it's your move. However, they are sent without a newline, and since
Irssi's exec module will only print complete lines, you don't hear the bell
until the next newline, which could be with, for example, a chat message,
which will come an indeterminate amount of time after the BEL is sent. So
it's best to turn off bells on the FICS side with this command:
set bell off
This tells FICS not to send BEL characters on every board
update.
Configuring XBoard
Having turned off server-side alerts, you probably want to hear
some sort of sound when the opponent moves, but since just ringing
the terminal bell won't work, you'll have to use a sound file. Here
are my settings for XBoard in my .Xresources file:
The above configuration (among other things) sets "fanfare.wav"
to be played when the opponent moves and "bridge2.wav" to be played
on either a "Challenge" (When you're challenged on ICS) or a
"Request" (A request for something: draw, abort, adjourn, takeback,
etc.) Note that, in order for XBoard to heed "soundMove",
"ringBellAfterMoves" must be on.
Your configuration will differ, of course, and XBoard has scads
of options, so please refer to the 'xboard' man page for a full list
of supported sound events. (Among other things.)
When giving the names of sound files, you can also specify "$"
as a filename to have XBoard emit a BEL character for that event.
This is, of course, totally useless for the "soundMove" event for
reasons discussed earlier, but every other event that XBoard sees
involves something being printed, and thus Irssi will see the BEL
in a timely manner.
Note that, in order for the ICS-related sound events to work,
you must have 'colorizeMessages' enabled.
If you don't have some handy sound bites laying around, google
for "free sound files". Just be careful not to spend too much time
searching for suitable sounds, browsing site after site, staying up
all night, with your skeletal frame leaning limply against your
chair, the flickering light of your monitor casting a pale glow on
your bloodshot eyes, your mailbox overflowing as your quest causes
you to totally withdraw from society, becoming a sad, pathetic
little vegetable whose only joy in life is finding those perfect
sounds for every possible event.
Well, probably not, but you can spend a lot of time on it.
:-)
Configuring Irssi
Irssi doesn't really require much tweaking. If you have XBoard
beeping (i. e., you've specified "$" for one or more of XBoard's
sounds), you'll want to "/set bell_beeps on" in order to have Irssi
not ignore any BEL characters it sees. This is the alias I use:
/alias xboard window new hide; window name xboard; exec -name xboard -window -interactive \
xboard -ics -sgf ~/chess/fics.pgn | sed --unbuffered 's/^fics% //\;T\;/^\$/d'
Note that, in the alias, we have to quote ";" and "$", because those
characters have special importance to Irssi. XBoard is started in ICS mode,
appending any games played to ~/chess/fics.pgn. The 'sed'
command (which filters out the FICS prompt) is a little more complex, so
I'll take the easy way out and not attempt to explain it in detail. The
irrepressibly curious can refer to the 'sed' man page.
And that's all there is to it. You could, of course, use a
different ICS interface such as eboard, but I prefer XBoard,
and this configuration works for me.
I have used "FICS" to refer to the chess server throughout this
article because that's what I use, but this should work with most
any ICS, provided you modify the 'sed' incantation appropriately.
Jason is a high school student who installed his first distribution,
Slackware, in late 2002. Since then, he's joined the Answer Gang,
switched to CRUX and still can't seem to see an interesting piece of
technology without wondering how it works, and, in those rare cases when
it actually belongs to him or someone foolish enough to lend it,
tinkering endlessly with it.
RSA 2005 Conference and Expo, San Francisco - Special Report
More than crypto systems and algorithms, the RSA conference and expo
has become a premier showcase of the full spectrum of security products and
concerns in this era of every more insecure computing.
This reflects growing in interest for security products at government
and businesses everywhere. More attendees [about 13000] and more
exhibitors were on-hand than ever before [over 275 companies and
organizations before the conference started] for this 14th
annual RSA conference.
And one trend more than any other may offer some respite from the
growing tsunami of malware and identity theft: Trusted Computing.
The specifications developed over the last few years by the Trusted
Computing Group [TCG] are now starting to implemented by major PC and
software firms, most significantly motherboard crypto for PCs and notebooks
from HP and IBM that identify users prior to bootup. Follow this link for
the TGC presentations at RSA2005 [first 3 items]:
An emerging standard for Trusted Computing is a 'Trusted Platform',
which will relay on a cryptographically secured module to hold identity
information, certificates and secret keys that can be verified and
exchanged in a trusted computing environment. These modules, or TPMs, are
now available as is new software for identity management and attesting to
the integrity of the underlying computing platform. There are also
software versions of TPMs, some open source, that are able to play in a
trusted environment, although they are less secure than hardware TP
modules. See http://www.infsec.ethz.ch/people/psevinc/.
Here is a trusted computing network verification diagram:
and, at a network level,Trusted Network Connection [TNC]:
Anti-spyware products are becoming almost as ubiquitous as anti-virus
software. Almost all anti-virus, anti-worm vendors were adding or
incorporating anti-spyware modules in their product lines. Symantec will
be adding this as a feature to existing products while McAfee will be
offering an anti-spyware additional module to its enterprise offerings.
Phishing was also a topic at many vendor presentations, even though
this was largely referred as a social engineering attack. The Identity
Management companies tried to link phishing with ID mgt, but generally
required end-to-end use of their products. That long view of security gives
birth to another TLA - UTM or "unified threat management" as Symantec CEO
John Thomson called in his keynote.
Also there were renewed efforts to work together on an industry level.
A rare partnership between government and industry resulted in the
Common Vulnerability Scoring System (CVSS), unveiled at the RSA Conference
by the National Infrastructure Advisory Council
[NIAC, a part of the U.S. Department of Homeland
Security] and leading vendors like Cisco, Ebay, Microsoft, and Symantec.
This new and ambitious system aims to provide a common descriptive
language and standardized formula for reporting and assessing computer
security vulnerabilities and issues, instead of varying and confusing
vendor-specific ratings.
CVSS, which is partly related to Mitre Corp.'s CVE rating system, helps
prioritize software vulnerabilities both for ISVs and for enterprise users,
calculating the risk by considering the number of systems involved, the
type of exploit required, and if a software patch is available.
Three major security and auditing groups announced the formation of a
cooperative alliance to create better security policies and legislation and
to better work with security professionals throughout the industry. These
were the ASIS International, the ISACA (Information Systems Audit and
Control Association) and ISSA (Information Systems Security Association).
The groups will also work together to define certification and training
requirements for the Chief Security Officer (CSO) role and other
security-related positions in industry.
And Microsoft introduced its Microsoft Security Resource Center team at
its booth where security issues could be addressed. This was mostly a
customer feedback exercise and an attempt to raise the profile of the MSRC,
which also ran a blog for the length of the conference. It ties into the
TechNet security pages, [Finally, links for tools and patches.]
Underscoring the new Microsoft security initiatives, Bill Gates
delivered the show's opening keynote address on Monday. It highlighted new
Microsoft security products, including their enhanced 'Internet security
and acceleration' [ISA] server and future identity management products, and
touted a new version of Internet Explorer by this summer - but only
for Win XP users.
Microsoft was a platinum sponsor and had about 100 employees at the
show. Besides a large booth with a presentation area, there was a separate
expo area where attendees could get 'hands-on' test experience with
Microsoft security products and tools.
[After the RSA Conference, Gartner Corp analyst Neil MacDonald posted
a critique of the latest MS security offerings, rejecting the incremental
approach they are taking rather than a fundamental architectural change,
particularly with its IE web browser. See:
Also in the critique: "The decision to restrict IE 7.0 to the XP
platform also suggests that Microsoft wants to force users of older
platforms to upgrade if they want improved security." ]
This and all other major keynotes are replayable [after RSA webcast
registration] at:
Conference sessions were held in the afternoons in 16 simultaneous
tracks, including two separate Hackers & Threats tracks, tracks for
developers and cryptographers, business tracks, and tracks for privacy,
web security, wireless and Identity & Access Management.
The Hacker Tracks definitely covered a lot of important ground and gave
pause to developers and security officers alike. One paper focused on that
old nemesis, SQL Injection, showing that it was still a major concern since
the old standard approach of hiding error messages or using generic problem
messages does not actually stop the hack.
The presentation, by Imperva's Ofer Maor, shows the
result of security testing on MySQL and all leading DBs using indirect
query tests to discover the number and type of data fields available to an
SQL injection attack. These so-called 'blind' injection techniques only
take a little more effort but still yield confidential data.
For instance, even with hidden or generic error messages an attacker
could request additional fields above and below the actual number until
the correct number was determined and also check the data type one field at
a time until there was no error message or the target data emerged:
inject : ORDER BY 1 --
[and other numbers to get the right number of columns]
Assuming we get the number of columns, '4' here, and that we know a
valid acctnum, (AccNum=11223344), we can use the following
sequence with the the UNION SELECT clause to get the data types for the
columns:
11223344) UNION SELECT
NULL,NULL,NULL,NULL WHERE 1=2 -- No Error - Syntax is
right. MS SQL Server Used. Proceeding.
11223344) UNION SELECT
1,NULL,NULL,NULL WHERE 1=2 -- No Error - First column is
an integer.
11223344) UNION SELECT
1,2,NULL,NULL WHERE 1=2 -- Error! - Second column is not
an integer.
11223344) UNION SELECT
1,'2',NULL,NULL WHERE 1=2 -- No Error - Second column is a
string.
11223344) UNION SELECT
1,'2',3,NULL WHERE 1=2 -- Error! - Third column is not an
integer.
11223344) UNION SELECT
1,'2','3',NULL WHERE 1=2 -- No Error - Third column is a
string.
11223344) UNION SELECT
1,'2','3',4 WHERE 1=2 -- Error! - Fourth column is not an
integer.
11223344) UNION SELECT 1,'2','3','4' WHERE 1=2 -- No
Error - Fourth column is a string.
From this point an attacker can craft more specific queries to
get system tables and eventually get, for example, CCnum, SSnum and other
sensitive variables.
This and other presentations are available only to full conference
attendees but Imperva has several white papers on their website which were
the basis for RSA presentation:
Maor also discussed how signature-based security tools
could be thwarted by using other SQL tricks - concatenation, buried
comments and use of character values for instance - to camouflage the
injected SQL. Real security must be implemented at the application level
and web masters and developers must be careful in their designs and coding
and also very comprehensive in testing.
At the conclusion of the session, Maor suggested using different admin
accounts and passwords for different tables and application functions as a
deterrent. Also, while the occurrence of a certain SQL signature in a
parameter value might not be enough to alert for SQL injection attack, the
same signature in correlation with error responses or abnormal parameter
size of other signatures may indicate an SQL injection attack.
Microsoft researchers Kurt Dillard and Mike Danseglio gave a Hacker
track technical presentation on a new generation of stealthy rootkits for
Windows kernels. These smarter root kits intercept system calls and
actively filter out signs of their presence to avoid detection by software
and security staff. Microsoft has posted a short white paper on file
hiding and a 'cross-view diff' tool they are developing to detect this
behavior:
Another presentation by Dan Houser on stopping script kiddies and
automated attacks [for a mere $30K effort] suggested hiding critical
servers in the open by using available IP addresses for virtual servers on
an Internet-wide honey-pot. From the slides:
Convert unused Class B and C IP address space into decoy tripwire nets
example: 16,320,000 decoys, 200 "real" servers
Stop swallowing packets: route unreachable hosts to the virtual honeynet
190,000 decoys per "real" server = 99.9995% detection
Any hits are malicious - route to IDS / IPS
The result is that port scans would take weeks and even years to
complete while source addresses for the attackers can be identified and
blocked before real systems are compromised. This is approach also known as
the Big Freakin' Haystack Initiative; see more at
http://sourceforge.net/projects/bfhi.
Vendor News
Sun announced security enhancements to be added to its new Solaris10
OS, including an integrity checking process that provides assurance against
accidental or malicious tampering. A future update to Solaris 10 will
feature automatic run-time verification. This feature is designed to check
the system's code at the exact moment of execution, protecting against the
possibility of unauthorized modification between periodic auditing checks
and actual use. Administrators will be able to customize which signatures
will be checked, and use provided tools to digitally-sign code from other
sources.
After 15 months of certification testing by an independent organization,
Sun announced that its Solaris 9 Operating System has received 'Common
Criteria Certification'. Common Criteria is a critical requirement to many
governments, military and financial institutions. [Except for Sun's
military-grade Trusted Solaris operating system, Solaris becomes the only
general purpose operating system with protection profiles of both
Controlled Access Protection Profile and Role Based Access Control at
Evaluation Assurance Level 4+ (EAL4+). ]
Also, among Sun speakers at RSA conference this week was their Chief
Security Officer, Whitfield Diffie, who headlined a cryptographers panel.
Diffie is co-author of the Diffie-Hellman standard for Public Key
exchange [PKI].
Hewlett-Packard's booth demonstrated an HP technology to limit the
spread of viruses and worms throughout an enterprise by isolating problem
PCs and workstations and limiting outbound bandwidth. Its new
virus-throttling software will be available for ProLiant Servers and
ProCurve Networking by HP 5300 series switches.
HP also announced its Security Containment suite for its HP-UX 11iv2
OS. This virtualizes application into domains and limits memory and file
access by domains.
Other new products at RSA2005 used Linux, but it was often implicit
rather than obvious:
Linux was 'inside' for many security appliances: many security
appliances for email, VPNs, firewalls, etc., use embedded Linux at least as
a guest OS for serial port terminal sessions. Some run their IDS on Linux.
Some of the longer term appliance vendors use hardened freeBSD [Borderware,
for example]. Sun uses ENEA's OSE [not Linux or secure Solaris], and a
few use WindRiver's realtime OS, Vx Works. A few embedded Linux examples,
most using a 2.6 kernel:
Symantec appliances for firewalls, email, and network intrusion
Foundry's web acceleration appliance
ServGates EdgeForce line of all-in-one security appliances
TippingPoint's UnityOne IPS and integrated security appliance,
winner of SC Magazine's 2005 award for 'best security solution' and
a true 1 Gps device, uses WindRiver Vx, but the companion SMS
manager device uses Linux.
Novell introduced its Security Manager product, which is based on its
SuSE Linux and runs on any standard PC server. The product includes
firewall and VPN gateway, intrusion protection, virus protection, spam
blocks and configurable content filtering. In this case, the underlying
software comes from Astaro Networks which also sells it directly [about
$300 for a server and a 10 device monitoring license].
Separation Anxiety
Conference security separated the different classes of attendees so
successfully that it may become model of what other conferences will do.
Not only were the badges and holders different for full-conference
attendees, exhibitors, and expo attendees, the full-conference attendees
had their photos on the badges.
Professional security company personnel were used instead of convention
center part timers, so expo attendees were cleared out of the exhibition
hall at certain times and only full conference attendees got to see Bill
Gates keynote. Some vendors also provided expo perks to those with
full-conference badges.
A theatrical presentation preceding the show's opening highlighted the
prohibition and codebreaker theme. It told the story of honored
codebreakers and security pioneers Elizabeth and William Friedman and how
they helped start US government codebreaking hegemony in World War I and
into the 1920s and 30s.
Opening ceremony awards were aimed at recognizing ongoing contributions
to the advancement of information security. RSA 2005 recipients honored for
these annual awards include: for public policy, Orson Swindle, Federal
Trade Commission; for mathematics, Dan Boneh, associate professor, Stanford
University; and for best security practices, Michael Assante, CIO at
American Electric Power.
Collateral and Contests
There were more t-shirts, pens and other collateral offerings,
indicating a healthier industry. Borderware, a provider of anti-spam and
anti-virus software, offered a daily drawing for a 50-inch TV. There were
also uncountable drawings for iPods and X-Boxes. Some vendors offered
wheel-spins for PC and X-Box games [and mousepads for the not-so-lucky].
Three of the more useful collaterals were the CISSP [computer security
professional certification] assessment CD from CA, the box set of Solaris10
DVDs from Sun [saves a really, really long series of downloads and at least
4 CD-Rs], and the numerous retractable Ethernet cables [like the older
phone port connectors, only more useful.]
Special commendation in this department goes to McAfee who offered the
current edition of "Hacking Exposed" - 737 pages - for only sitting through
a short presentation and a short demo. Although they did finally run out of
books, this was a great service toward promoting secure computing
everywhere. I was very happy to get an updated copy!
And I was very happy to attend the 2005 RSA Conference and Expo.
If you are are interested and live nearby, RSA Conference will also be
holding one-day regional events throughout the year including: September
13, 2005 in Chicago and September 15, 2005 in New York. For more
information, visit http://www.rsaconference.com.
Howard Dyckoff is a long term IT professional with primary experience at
Fortune 100 and 200 firms. Before his IT career, he worked for Aviation
Week and Space Technology magazine and before that used to edit SkyCom, a
newsletter for astronomers and rocketeers. He hails from the Republic of
Brooklyn [and Polytechnic Institute] and now, after several trips to
Himalayan mountain tops, resides in the SF Bay Area with a large book
collection and several pet rocks.
Free as in Freedom: Part Three: Open Source to the Corporate Bazaar
Perhaps I was over-zealous in my praise of Richard Stallman and the
Free Software Foundation (FSF) in Part One of this article, "Free as in Freedom: GNU/Linux." That would be
unfair to many major corporations and the state of the world
they've created. Lots of people, especially "successful" Americans, like
the world just the way it is.
Oh well. It was a history of "GNU beginnings," the start of a
movement that, unlike anything we've thus far seen, said "No!" to the
corporate-defined order and created an alternative to corporate rule by
copyright, and an operating system that challenged the way certain
corporate monopolies have defined our desktops and how we use them (or go
directly to jail).
Well, that was the product of another era, which focused on GNU/Linux.
Old. Old. All that progressive, anti-corporate stuff is ridiculous,
romantic nonsense anyway - at least according to Eric Raymond, author of
"The Cathedral and the Bazaar" and co-creator (along with various
user/collaborators) of the immortal "fetchmail" program. This
section is going to focus not on GNU/Linux, but "New Linux," the
operating system as it exists today, with GUI desktop environments and
all the features of your favorite monopoly software (plus thousands of
Unix-like programs, tools, utilities etc.). So, time to wrest that
sword-helmet-cuirass combo from Richard Stallman - though he did look
awful good in that garb - and place them on the person of Raymond's
visionary of the now-and-next-week, the one and only Linus Torvalds.
Also, despite the legitimate concerns of the Free Software Foundation,
the operating system will never be called GNU/Linux, just "Linux."
This could be for brevity's sake, or because the idea of GNU/Linux was
promoted too late, or other reasons only we paranoid progressives -
actually, I'm not a progressive; I'm an anarchist, but it's all the
same "lefty crowd" (except for Libertarians who manage to 'pass' for
conservatives or plain old folks) of whiners and discontents, the kind
of folks who fail to appreciate all the great stuff corporate
monopolies bring to what's left of life on earth before they finally
kill it outright.
I began this article or series of articles because I saw in GNU/Linux
an example of a successful rebellion for "the left" to examine as a
model. I don't think I was mistaken, though, as with all movements,
once the "revolutionaries" have set the ground, the "liberals" take
over and try not only to remake the present, but rewrite the past. If
I "lionized" Stallman and "romanticized" GNU and the free software
movement to create a "founding" myth - oops. Better the real
revolutionary Jefferson than the paper and wax model we have today
thanks to generations of post-revolutionary revisionists. Stallman and
the FSF did what they did, long before my zealous praise, which is why
GNU/Linux exists today.
According to Okopnik, the allure of GNU/Linux is rooted in the moral
imperative created by the FSF and Stallman, "but is not strictly about it.
That's the flexible, fun approach that gets people involved, people who
would run away from a purely political approach. Most people would have a
great time living in a true democracy - but that does not mean that they
all want to become politicians, or involve a significant chunk of their
time in running the whole shindig," wrote Okopnik.
Okopnik pointed me to Eric S. Raymond's "The
Cathedral and the Bazaar" for a different take on the politics of
GNU/Linux, or in this case, "New Linux."
New Myths for New Linux: Linus's Law and the Bazaar
"Linux is subversive. Who would have thought even five years ago (1991)
that a world-class operating system could coalesce as if by magic out of
part-time hacking by several thousand developers scattered all over the
planet, connected only by the tenuous strands of the Internet?" wrote Eric
S. Raymond in "The Cathedral and the Bazaar" which chronicles the creation
of his popular fetchmail program.
Raymond extols the development techniques of Linus Torvalds, main
developer of the Linux kernel, as the new paradigm for software
development:
"Linus Torvalds's style of development - release early and often,
delegate everything you can, be open to the point of promiscuity - came as
a surprise. No quiet, reverent cathedral-building here rather, the Linux
community seemed to resemble a great babbling bazaar of differing agendas
and approaches (aptly symbolized by the Linux archive sites, who'd take
submissions from anyone) out of which a coherent and stable system could
seemingly emerge only by a succession of miracles."
Like Okopnik, he sees Linux users as a particularly self-reliant bunch;
many Linux users, he concedes, are also Linux developers. Raymond's
essay was written in the late 1990s, before the GNOME and KDE desktop
environments increased GNU/Linux's appeal among the general public.
Raymond wrote, "Another strength of the Unix tradition, one that Linux
pushes to a happy extreme, is that a lot of users are hackers too. Because
source code is available, they can be effective hackers. This can be
tremendously useful for shortening debugging time. Given a bit of
encouragement, your users will diagnose problems, suggest fixes, and help
improve the code far more quickly than you could unaided. Treating your
users as co-developers is your least-hassle route to rapid code improvement
and effective debugging.
"The power of this effect is easy to underestimate. In fact, pretty
well all of us in the open-source world drastically underestimated how
well it would scale up with number of users and against system
complexity, until Linus Torvalds showed us differently.
"In fact, I think Linus's cleverest and most consequential hack was not
the construction of the Linux kernel itself, but rather his invention
of the Linux development model. Linus's open development policy was
the very opposite of cathedral-building. Linux's Internet archives were
burgeoning, multiple distributions were being floated. And all of this
was driven by an unheard-of frequency of core system releases.
"Linus was treating his users as co-developers in the most effective
possible way:
"Release early. Release often. And listen to your customers.
"Linus's innovation wasn't so much in doing quick-turnaround releases
incorporating lots of user feedback (something like this had been
Unix-world tradition for a long time), but in scaling it up to a level
of intensity that matched the complexity of what he was developing. In
those early times (around 1991) it wasn't unknown for him to release a
new kernel more than once a day! Because he cultivated his base of
co-developers and leveraged the Internet for collaboration harder than
anyone else, this worked.
"Granted, Linus is a damn fine hacker. How many of us could engineer an
entire production-quality operating system kernel from scratch? But
Linux didn't represent any awesome conceptual leap forward. Linus is
not (or at least, not yet) an innovative genius of design in the way
that, say, Richard Stallman or James Gosling (of NeWS and Java) are.
Rather, Linus seems to me to be a genius of engineering and
implementation, with a sixth sense for avoiding bugs and development
dead-ends and a true knack for finding the minimum-effort path from
point A to point B. Indeed, the whole design of Linux breathes this
quality and mirrors Linus's essentially conservative and simplifying
design approach.
"So, if rapid releases and leveraging the Internet medium to the hilt
were not accidents but integral parts of Linus's engineering-genius
insight into the minimum-effort path, what was he maximizing? What was
he cranking out of the machinery?
"Put that way, the question answers itself. Linus was keeping his
hacker/users constantly stimulated and rewarded - stimulated by the
prospect of having an ego-satisfying piece of the action, rewarded by
the sight of constant (even daily) improvement in their work.
"Given a large enough beta-tester and co-developer base, almost every
problem will be characterized quickly and the fix obvious to someone.
"Or, less formally, 'Given enough eyeballs, all bugs are shallow.' I
dub this: 'Linus's Law'."
So, Raymond is replacing the "old heroes" with a new one, Linus.
Simple and "essentially conservative" in approach. The very words,
"Cathedral" and "Bazaar" were already in use to describe two
different development styles; nevertheless, they are loaded like
cluster bombs, and Raymond takes advantage of this, implying that the
"New Linux" style is the wave of "the now" and the future, while the
"old way" of the FSF - he even mentions Stallman and GNU Emacs as
relics of the Cathedral - is as obsolete as any old Church.
"Cathedral versus Bazaar"
Raymond wrote, "In Linus's Law, I think, lies the core difference
underlying the cathedral-builder and bazaar styles. In the
cathedral-builder view of programming, bugs and development problems
are tricky, insidious, deep phenomena. It takes months of scrutiny by a
dedicated few to develop confidence that you've winkled them all out.
Thus the long release intervals, and the inevitable disappointment when
long-awaited releases are not perfect... In the bazaar view, on the
other hand, you assume that bugs are generally shallow phenomena - or,
at least, that they turn shallow pretty quickly when exposed to a
thousand eager co-developers pounding on every single new release.
Accordingly you release often in order to get more corrections, and as
a beneficial side effect you have less to lose if an occasional botch
gets out the door... And that's it. That's enough. If 'Linus's Law' is
false, then any system as complex as the Linux kernel, being hacked
over by as many hands as the that kernel was, should at some point have
collapsed under the weight of unforeseen bad interactions and
undiscovered 'deep' bugs. If it's true, on the other hand, it is
sufficient to explain Linux's relative lack of bugginess and its
continuous uptimes spanning months or even years."
I wrote to Stallman that, according to my reading of "The Cathedral
and the Bazaar" Raymond, who used to develop GNU software, seemed to
classify the GNU/FSF method of development as "Cathedral" style as
opposed to the "Bazaar" style used by himself and Linus Torvalds.
Stallman responded:
"Is he still saying this? I thought he had stopped... It is not true.
There is no single GNU/FSF development method, since each package
maintainer can handle this as he likes. In fact, some GNU packages
tried the Bazaar model before ESR did. ... The fact is that before the
Bazaar model, the Cathedral model was the only one. We used it, ESR
used it, and everyone used it... I think ESR tried to associate that
model with GNU so as to make us look bad. He does not like our
philosophy, so he hoped that by making us look bad, he can reduce our
influence. However, I told him this was not true, and I thought he had
taken it out. Hence my question about whether he is still saying this."
Raymond went on to point out that the old corporate model of top-down
design no longer applied, that developers were more apt to create great
software if they were allowed to have fun while doing so, enjoy their
work as opposed to living a "Dilbert" nightmare in a cubicle;
nonetheless, this applies to the corporation. Raymond's vision of the
future is one of the successful corporate software product.
When the first version of "The Cathedral and The Bazaar" was
published in 1997, Netscape released its code as "open-source."
Exactly as Stallman had warned, "open source" was a corporate
methodology of co-opting the free software movement and sucking free
software into its own code. Raymond's unctuous epilog to "The
Cathedral and the Bazaar:"
Epilog: Netscape Embraces the Bazaar
It's a strange feeling to realize you're helping make history... On
January 22 1998, approximately seven months after I first published The
Cathedral and the Bazaar, Netscape Communications, Inc. announced it would
give away the source for Netscape Communicator. I had had no clue this was
going to happen before the day of the announcement.
"Eric Hahn, executive vice president and chief technology officer at
Netscape, emailed me shortly afterwards as follows: ``On behalf of everyone
at Netscape, I want to thank you for helping us get to this point in the
first place. Your thinking and writings were fundamental inspirations to
our decision.''
"The following week I flew out to Silicon Valley at Netscape's invitation
for a day-long strategy conference (on 4 Feb 1998) with some of their top
executives and technical people. We designed Netscape's source-release
strategy and license together.
"A few days later I wrote the following:
"Netscape is about to provide us with a large-scale, real-world test of the
bazaar model in the commercial world. The open-source culture now faces a
danger; if Netscape's execution doesn't work, the open-source concept may
be so discredited that the commercial world won't touch it again for
another decade.
"On the other hand, this is also a spectacular opportunity. Initial
reaction to the move on Wall Street and elsewhere has been cautiously
positive. We're being given a chance to prove ourselves, too. If Netscape
regains substantial market share through this move, it just may set off a
long-overdue revolution in the software industry.
So, unlike GNU and the FSF "making history" by turning the corporate
model on its head and inventing a successful alternative, Raymond "made
history" by eliciting positive reactions on Wall Street. Raymond had done
well. His work received an A+ from his market masters.
Stallman was absolutely right when he warned that the greatest threat
to the movement he and others created would come from within, under the
guise of "Open Source":
The largest division in the community is between people who appreciate free
software as a social and ethical issue and consider proprietary software a
social problem (supporters of the free software movement), and those who
cite only practical benefits and present free software only as an efficient
development model (the open source movement). This disagreement is not just
a matter of names - it is a matter of differing basic values. It is
essential for the community to see and think about this disagreement. The
names 'free software' and 'open source' are the banners of the two
positions. See 'Why Free Software Is Better Than Open Source'. The
disagreement over values partially aligns with the amount of attention
people pay to the GNU Project's role in our community. People who value
freedom are more likely to call the system "GNU/Linux", and people who
learn that the system is "GNU/Linux" are more likely to pay attention to
our philosophical arguments for freedom and community (which is why the
choice of name for the system makes a real difference for society).
However, the disagreement would probably exist even if everyone knew the
system's real origin and its proper name, because the issue is a real one.
It can only go away if we who value freedom either persuade everyone (which
won't be easy) or are defeated entirely (let's hope not).
A subsequent email interview indicates that Raymond would most
certainly not be upset if the free software movement and the FSF were
"defeated entirely."
According to Okopnik, "the NSA, the DOD, NASA, NWS, and many other
government agencies are committed to Linux (the DOD, in particular, had
actually made and then cancelled a multimillion dollar contract with
Microsoft, based on the latter being unable to meet their performance
promises.) Sun, IBM, Oracle, Novell, and many other companies are
aligning behind it; hardware manufacturers are now either including
Linux drivers or are making them available on their sites."
So it is not taking a great leap to presume that GNU/Linux,
specifically, the "New Linux," may be on its way to becoming a
"proprietary open source" system. That is, the code will be open, but
someone will own it. The software giant, Novell, bought the GNU/Linux
distributor, SuSE, in December of 2004. We will see how this "open
source" buyout effects the freedom of users of SuSE's distribution of
GNU/Linux.
Seen in this light, the "bazaar" model is not so beneficial to its
users, merely a smart business move. Any corporation that does not go
open source will lose, for they'd be missing out on a huge free
development pool. Then again, how long would that last? Would
user/developers submit bug reports and fixes and improvement hacks to a
company that will incorporate the fixes into their proprietary
software, then charge licensing fees (one to a customer, like the $129
Macintosh Panther "upgrade") to those same user/developers despite
providing this invaluable service? Why bother hiring professional
programmers at all? Perhaps they'd pay small rewards for individual
fixes and hacks sent in by user/developers.
But according to Raymond, such questions are not worth asking, much
less answering, and merely show how little "progressives" understand
the open source movement (I never should have identified myself as a
"progressive"; sounds too namby-pamby, like "liberal"; I should have
described the magazines I read and write for as
anarcho-libertarian-market-conservative. Then again, are readers of
such magazines and web sites as "The Progressive" and "The Progressive
Review" non-persons? Is it somehow more legitimate to identify oneself
as a "conservative"? Conserve what? Body bags in Iraq? Anyway, if
"Progressive" is such a powerful word, imagine what dark emotions are
stirred by the GNU/ prefix to GNU/Linux...)
I wrote to Raymond, "The main point of this two part article is to call
attention to the fact that while "progressives" have been in-fighting
and 'lesser-eviling,' an entire movement has evolved to challenge
corporate control of the desk top - and it's 'winning.' Why do you
think this has gone "unrecognized" by "progressives" in the U.S.?
This is a major demonstration of the power of community over the
corporation."
He replied, "Your question answers itself. Adopting the
self-description "progressive" is, among other things, a way of
announcing 'I am so blinded by a Marxist-derived fear and hatred of
markets that I cannot reason about anything related to economics
without making ludicrous errors!' ... The open-source movement and
corporations get along well because both are fundamentally about the
same thing - voluntary cooperation in markets. The corporate market is
primarily monetized and the open-source one primarily non-monetized,
but that is an unimportant detail... But for 'progressives' to really
understand why it is an unimportant detail they would have to abandon
their most cherished myth, of the market as an exploitation machine run
by malevolent plutocrats. I expect them to get clear about this about
the same time that we start seeing competent biology from Creationists
or competent geography from Flat-Earthers. "
So, corporations are about "voluntary cooperation in markets", and the
monetization of corporations is a "minor detail". I didn't know rampant
corporatization of all business, the destruction of real competitive arenas
and individually-owned shops by monopolies, and all the rest of that
government subsidized corporate socialism had anything to do with markets
in which people actually exchange goods and services, as opposed to selling
their lifetimes to transnational behemoths. I suppose we "progressives" -
something I never identified myself as, actually - have so much to learn,
but since we obviously all think alike, the knowledge such people as
Raymond could impart will spread among us like a virus. And who said
anything about Marxism? Is one always either a "conservative" or a
"Marxist?"
I wrote, "The first part of this article is about the history of
GNU/Linux, Stallman and the GNU programmers (including yourself), the
FSF, "copyleft", the how and the why of the free software movement.
Part Two is about "New Linux" - the immense growth in distribution,
diversity and user-friendly interfaces - supported hardware drivers,
HOWTOs and other documentation, distribution-specific easy-install
GUI's for beginners. First of all, what is your opinion on the
insistence of certain members of the free software community to use the
term GNU/Linux at all times, correcting the majority who refers to the
OS, probably because it's just easier, as "Linux?"
Raymond replied, "Insistence on the "GNU/Linux" label is political
move by people who want to preserve and extend the reputation of the
FSF. Myself, I agree with Linus Torvalds that this is a ridiculous
form of special pleading - anybody who takes their argument seriously
should really honor *all* the historical contributors and call it
"GNU/X/Unix/Linux", or "GNU/X/BSD/Unix/Linux", or even
"GNU/X/BSD/Unix/Multics/Linux'."
Why not Linucks? Or Lynn Ucks? What's in a name? Look at all us
flat-earth "progressives" lumped together like the coal Santa reserves
for the unwashed stockings of incorrigible brats.
I wrote, "Do you think that by becoming more user-friendly, embracing
a larger user base in an attempt appeal to "average users" who just want
word-processor, email and a browser (which Linux offers via KDE and GNOME,
as well as Mozilla and others), Linux is "compromising" its position as a
free operating system - free as in speech, not beer etc., losing it's
'edge?'
Raymond responded, "This question only makes sense within a world-view
that equates being 'edgy' or 'cool' with a sort of surly oppositionism.
Thank you, I would much rather co-opt the bourgeoisie and succeed in
my revolution than sneer at them and fail."
Another "misunderstanding." I meant creative edge. I've never been
into "cool" - or the bourgeoisie, much less the possibility of goading
them into "revolution." But of course, since his entire world view
shifted into package mode and tarred and gzipped me upon mention of
the word "progressive" (I knew I should have just admitted I'm a
burn-down-the-house anarchist; I would have used the word "leftist"
but that particular term scares such people, who fear of failing the
bourgeoisie even as they dream of leading bourgeois revolutions (when
was the last time anyone used that old word, " bourgeoisie," anyway?
Freshman Sociology?), to death.
I wrote, "GNU and the FSF are all about free software. No compromise.
While this served to create a 'revolution,' Linux is now past the
revolutionary stage. In "The Cathedral and the Bazaar" you speak only about
"open source," not "free software." What's the difference, according to
you? "
Raymond replied, "The software, the technology, the developers, and
even the licenses are essentially the same. The only thing that
differs is the attitude and the propaganda - how the results are
marketed to the rest of the world... Early versions of CatB did in fa
KDE Multihead configuration
make fetchmail use procmail
3C509B Does Not Work With Linux -- Problem Solved!
Greetings from Heather Stern
[Sluggo]
I used to install 3C509B cards at a hospital. We always disabled plug &
play and set the base address using the DOS utility on the floppy. We
used 0x300 by default, or 0x220 if there was a conflict.
European Software Patents ![[Picture]](../gx/2002/tagbio/conry.jpg)
Originally hailing from Ireland, Michael is currently living in Baden,
Switzerland. There he works with ABB Corporate Research as a
Marie-Curie fellow, developing software for the simulation and design
of electrical power-systems equipment.
![[cartoon]](misc/collinge/479peace.jpg)
![[cartoon]](misc/collinge/487grape.jpg)
![[cartoon]](misc/collinge/488perl.jpg)
![[cartoon]](misc/collinge/492flash.jpg)
![[BIO]](../gx/2002/note.png)
Part computer programmer, part cartoonist, part Mars Bar. At night, he runs
around in a pair of colorful tights fighting criminals. During the day... well,
he just runs around. He eats when he's hungry and sleeps when he's sleepy.
![[BIO]](../gx/authors/dyckoff.jpg)
Howard Dyckoff is a long term IT professional with primary experience at
Fortune 100 and 200 firms. Before his IT career, he worked for Aviation
Week and Space Technology magazine and before that used to edit SkyCom, a
newsletter for astronomers and rocketeers. He hails from the Republic of
Brooklyn [and Polytechnic Institute] and now, after several trips to
Himalayan mountain tops, resides in the SF Bay Area with a large book
collection and several pet rocks.