 |
||||||||||||
|
|
Table of Contents:
|
||||||||||
|
||||||||||||
|
TWDT 1 (gzipped text file) TWDT 2 (HTML file) are files containing the entire issue: one in text format, one in HTML. They are provided strictly as a way to save the contents as one file for later printing in the format of your choice; there is no guarantee of working links in the HTML version. | |||
|
|||
 , http://www.linuxgazette.com/This page maintained by the Editor of Linux Gazette, gazette@ssc.com
Copyright © 1996-99 Specialized Systems Consultants, Inc. | |||
|
|||
Write the Gazette at gazette@ssc.com
|
Contents: |
Answers to these questions should be sent directly to the e-mail address of the inquirer with or without a copy to gazette@ssc.com. Answers that are copied to LG will be printed in the next issue in the Tips column.
Date: Thu, 27 May 1999 12:33:42 -0230 (NDT)
From: Neil Zanella,
nzanella@cs.mun.ca
Subject: call for article: wireless ethernet
It would be nice if someone wrote an article on wireless ethernet on Linux (eg. WaveLAN). I think it would make a good article.
Best Regards,
--
Neil Zanella
Date: Mon, 03 May 1999 16:33:32 -0500
From: Pete Nelson,
pete.nelson@ci.stpaul.mn.us
Subject: Any inetd wizards out there?
I have been digging for the past several months to try and find any way to bind inetd to one IP / interface. I have a machine with several virtual hosts, and had originally intended for only the main IP / interface to respond to telnet, ftp, etc. The virtuals would only respond via httpd. Unfortunatly, this doesn't seem to be the way it's working - not only can I telnet / ftp to all addresses, it seems like every inetd connection shows up on the LAST IP interface for some reason.
I've looked thru manpages, NAG, websites, and while I know a lot more than when I started looking, I was never able to solve this binding problem.
Anyone have the answer?
--
Pete
Date: Mon, 3 May 1999 13:07:07 -0700
From: Darrin Mossor, darrinm@Model.com
Subject: LILO Lock
I have a Dell PII-450 with an STB4400 Riva TNT video board, 128M RAM. I dual boot Windows (for the kids and some games) and RedHat5.2. I use LILO to handle the booting, with Windows being the default. Occasionally, Windows will lockup (big surprise), especially when playing more recent, graphics intensive, games. When this happens, a reset is required and the magic reset button is
pressed. Most of the time, on the LILO screen, the boot locks, displaying "LIX". A second reset is required to get things moving again.
I'm looking for two things:
1) Possible explanations for what would cause LILO to hang (I suspect the video drivers, but I've tried the ones that shipped with the PC, the latest and even the Detonator drivers from nVidia - no change in the frequency of lockups or the LILO hang.
2) Where can I find out what (if anything) LILO is trying to tell me by displaying "LIX". I have a feeling it's trying to tell me something useful, if I new how to decode it. And I would like to know the source of this information. I have pretty good luck find the answers myself, but this one has eluded me.
Other possible details: SB16 for sound, 13.6G IDE HD.
Thanks,
--
Darrin Mossor
Date: Sat, 8 May 1999 18:09:51 -0700 (PDT)
From: Ariel "Leon",
a_soul@rocketmail.com
Subject: I need some help here, please!
Hi, I wonder if anyone can help me out here with my partitions. I have a P100 with 16RAM, i recently changed my HDD 'cause it died, i replaced it with a 6.4Gb WesternDigital HDD. When i was installing it using EZ-Drive, the setup program detected that my bios wasn't going to support large drives so it installed EZ-Bios, EZ-Drive also partitioned the drive into four partitions (right now one has win95 and the others are free).....when i tried to install debian 1.3.1 the setup insisted in trying to go through the partitioning process but it detected "bad logical partitions".
What can i do to install linux in two of the existing partitions without losing my data (i'd like to run dual boot). One more thing, the D:, E: and F: partitions have recycle bins and i can't get rid of them even when formating them, what's going on here.
Thanks
--
Ariel
Date: Sun, 9 May 1999 19:03:42 +0100 (BST)
From: "D. Lovecraft",
dl19@leicester.ac.uk
Subject: Choosing GUI for users
I have set up my PC to allow all the people in my household (we're students, by the way) to use various accounts in Linux. No problem there.
The thing is the user-interface we use. Everyone uses KDE for their chosen interface, but I prefer Afterstep. I use the kwm login program to allow people to,... well,... login, but it always defaults to using KDE. For the people in my household, this poses no great problem, as that is what they are after. I would like to be able to use Afterstep though.
But try as I might, I cannot get it to load Afterstep just for me. I have tried editing .xinitrc in my directory, and many other things besides, but I cannot get it to go.
Please, oh wise one, what should I do???
--
Dela Lovecraft
Date: Mon, 10 May 1999 22:11:59 +0100
From: "Michael",
michael@cimmj.freeserve.co.uk
Subject: Direct Cable Connection between Win95 and Linux
Just read issue 41 and read the great article about direct cable connections between Win95 and Linux, I tried implementing this method but came across a couple of problems running Windows 98. (4.10.1998)
I can get terminal emulation (using HyperTerminal) running at 38400 baud but 115200 crashes at the password prompt. (115200 works with xon/xoff using kermit as the terminal program).
Can't figure out how to get Windows to dial out over the serial line as in your article. I tried creating a new modem using the modems wizard in the control panel using 'standard serial between 2 PC's' and it goes through the process reporting success at the end but no device appears anywhere.
In control-panel|System Devices|Com Ports another device appears for COM1 so Windows thinks I have 2 COM1's ?
I click on add Dial Up Connection and can't select anything other than the Hayes accura modem I have on COM3.
Any Ideas ?
Thanks in advance for any help you may be able to give.
PS.
I am running RedHat Linux 5.2 and can't find the ftpserver*.rpm. Do you have details on where I can get the sources/binaries (in any package format - I have the alien script and ar) so I can set up an ftp server on this machine.
--
Michael
Date: Mon, 10 May 99 16:05:05 PDT
From: "Ross Waters",
rwaters@tartannet.ns.ca
Subject: Linux and Windows
I am new to the computer world and I only have a 386 laptop running Win3.1. Is there a small linux program I can Install without losing my win3.1. I have 200 meg hard ddrive and 8Megs of RAM.
--
Ross Waters
(Check out the article, "Windows/Linux Dual Boot" by Vince Veselosky in issue 38. --Editor)
Date: Mon, 17 May 1999 13:52:34 -0600
From: Chris Hirsch,
chris@symsystems.com
Subject: Netscape Bookmark Window Width
I'm trying to figure out how to adjust the bookmark window width for netscape 4.51. My problem with the current size is that when looking at bookmarks that have very long descriptions they get truncated in the middle and make the descriptions worthless. Is there some way to dynamically size them? I'll even settle for a static size as long as its bigger than the defautlt.
Any suggestions?
Thanks, Chris
Date: Thu, 20 May 1999 20:30:54 -0400
From: "Jesse Legg",
jesse.legg@axom.com
Subject: Good commercial Terminal Emulation
I'm in need of a good commercial package for Linux and terminal emulation. It needs a *very good* VT320 support and such. Any suggestions?
--
Jesse
Date: Fri, 21 May 1999 18:01:02 -0500
From: Noel Stoutenburg,
mjolnir@ticnet.com
Subject: re: gzipping TWHT-1
I am in the process of switching to Linux, however, I cannot complete the process just yet, in addition, I am in the process of moving, and my linux box is not presently functioning.
I have been downloading and saving the LG issues, using TWDT - 1, and discovered that the last three issues have been gz files, but I cannot figure out how to get these expanded on my win/dos system. Maybe you can point me to a place where I can find out what process to use, and where to get the appropriate software to accomplish the expansion on DOS/WIN. Thanks.
--
Noel
Date: Fri, 21 May 1999 18:04:06 -0500
From: Noel Stoutenburg,
mjolnir@ticnet.com
Subject: PS to re: gzipping TWHT-1
I am in the process of switching to Linux, however, I cannot complete the process just yet, in addition, I am in the process of moving, and my Linux box is not presently functioning.
I have been downloading...[snip]...expansion on DOS/WIN.
Thanks.
P.S. Maybe you could add TWDT 3, which would be an uncompressed file...
--
Noel
(Check this month's 2 Cent Tips for ways to uncompress Linux files using Windows. The HTML file is not compressed and for most issues neither is the txt file. I just started compressing it lately at user's request. --Editor)
Date: Sun, 23 May 1999 20:47:57 -0600
From: "Steven Koch",
kochsb@home.com
Subject: How To Make A Bootable Linux (OpenLinux 2.2) Floppy?
Question: How do I make a bootable OpenLinux 2.2 floppy? I have Windows 95 on my PC right now. I already installed OpenLinux 2.2 on my HDD. I put Linux (Root & Swap) on my Second HDD - D: drive. I did a Full install & works great. But I can't seem to boot to the Linux anymore. I boot straight to Windows 95 (with no problems). I don't know if LILO will work? On my PC (Acer Open - P133) I have EZ-Drive installed in theDC BIOS (my BIOS couldn't handle the 6.4MB WD HDD). I've tried PM's BootMagic, it won't work because of the EZ-Drive. That's why I want to know if it's possible to Boot to Linux from a Floppy? I tried these methods from a Web Site:
I have these 3 files in my C: root drive:
-> Loadlin.exe
-> Vmlinux
-> Linux.bat (Below is what's inside of LINUX.BAT file)....
@echo off cls echo. echo. echo. echo. c:\windows\command\choice /t:y,5 "Do you wish to boot Linux?" if errorlevel 2 goto End c:\loadlin.exe c:\vmlinuz root=3D/dev/hdb4 ro :EndI also made this Boot Floppy (According to the Web Site) & it has these 2 files:
goto %config% :win95=20 SET CTCM=3DC:\WINDOWS SET SOUND=3DC:\PROGRA~1\CREATIVE\CTSND SET MIDI=3DSYNTH:1 MAP:E SET BLASTER=3DA220 I10 D3 H3 P300 T6-> config.sys (Below is what's inside of CONFIG.SYS file)....
[menu]=20 menuitem=3DLinux, Boot to Linux menuitem=3DWin95, Boot to Windows 95=20 menucolor=3D15,1 menudefault=3DLinux, 15 [linux] shell=3Dc:\loadlin.exe c:\vmlinuz root=3D/dev/hdb4 ro [win95]When I Do Boot With The Floppy In The A: Drive, I Receive This Error Message:
Invalid System Disk Replace The Disk, And Then Press Any KeyI Take Out Floppy & It Boots To Windows 95. Am I Doing Something Wrong Here? I Did Exactly What The Web Site Said To Do. I Know It's Something In One OF These Files Or There All Wrong? Or do you know a better alternative? Thanks,
--
Steve
Date: Mon, 24 May 1999 12:58:40 -0400
From: Steve Ickes,
stevei@paonline.com
Subject: Help wanted
I am currently trying to install Star Office so that I may finally do away with my Microsloth products. However, when running ./setup, I get a script error. I have searched and posted but to no avail. I did find reference to using 'ldd' instead of 'exec' when running ./setup.bin. However, being relatively new to Linux, this means very little to me.
Any ideas, help or suggestions? I wouldn't think that this is a big issue. Yes, I am running the appropriate versions of glib and lib and running Red Hat v5.2 with the GNOME desktop and FVWM.
--
Steve
Date: Sun, 9 May 1999 20:48:19 -0400
From: "Timothy Gray",
timgray@geocities.com
Subject: CAD on Linux and X
I have a CAD station that is currently windows crippled. I have a summagraphics tablet and a hp plotter which both work great under WIN95/98 (both are old by most everyones standards.. circa 1989-1990). But, I cannot find anything on the net about using a tablet with X windows, or a plotter. Xfree86's sites all mention mice and never say anything about any other input device. Both items have win/dos/cad drivers along with SCO and VMS drivers.
Is there anything I can find about serious CAD under linux and using my hardware on the net? If I can get this running under xfig I can save thousands and give me one more reason to use my windows CD's as coasters.
--
Timothy
Date: Tue, 11 May 1999 10:36:39 +0200
From: Matthias Mikuletz,
matthias@theo2.physik.uni-stuttgart.de
Subject: Corrupt partition table
I need urgent HELP.
After having deleted a 8gig primary FAT32 partition and reinstalled a 4gig primary
and a 4gig extended FAT32 partition on a 13.5 gig drive the linux partition on the last 5gig
isn't accessible anymore.
Dos Fdisk works properly, doesn't show up anything unusual, but linux fdisk complains about
different logical/physical beginnings/endings and overlapping. Also PartitionMagic 3.0 only tells me about a partition table error #116.
Windows95 works properly on the first two partitions.
Can anyone tell me about a tool to fix the partition table (to scan the disk and guess correct cylinder/head values)?
Maybe the reassigning of the extended FAT32 partition has destroyed the linux partition.
Thanks a lot in advance.
--
matthias
Date: Wed, 26 May 1999 23:37:13 EDT
From:
Robert8005@aol.com
Subject: Video Problems
I new to linux and learning fast. I just got one problem when I use startx or kde my screen just shows Black and gray stripes. I have a Diamond SpeedStar A50 AGP card and a ViewSonic 17EA Monitor. I tried the optiond Caldera said and none worked. ANy help would be great.
--
Robert
Date: Wed, 2 Jun 1999 02:43:24 -0700 (PDT)
From: kenneth kenneth,
monkeydrum_98@yahoo.com
Subject: Red Hat
Can you tell me where can i find the step to install Linux Red Hat 5.2 ....
Date: Fri, 04 Jun 1999 01:31:14 +1000
From: peter,
marshypj@ozemail.com.au
Subject: netled article issue 41, by larry ayers
Zee correct address for Matthew Bevan site and NetLed Program is :
http://mars.ark.com/~mbevan/products/netled.shtml
Date: Tue, 4 May 1999 00:54:19 -0700 (PDT)
From: Felix Morley Finch,
felix@crowfix.com
Subject: Conversation with Craig Burton
I think Mr Burton has a lack of imagination on how Linux can take over a lot of desktops. He claims
Windows growth would have to go to zero and Linux would have to grow exponentially for the next eight to ten years before it would even begin to gain on Microsoft. And until Linux is at 20% market share, no serious developer is going to give it any respect.It might be so if the hundreds of millions of Windows PCs in use now would still be in use eight to ten years from now. But PCs will be replaced several times during that period. Each replacement is another opportunity for Linux.
Most people use Windows for Office file compatibility and games. StarOffice, ApplixWare, and Word Perfect already offer almost complete Word compatibility, and games are beginning to appear. In a year or two, Linux will be reasonable for a majority of uses. A few early adaptors will smuggle Linux into offices, its viability will become evident under practical conditions, and managers will realize they can save money, downtime, and headaches by installing Linux.
Internet compatibility requirements, and resentment over expensive upgrades, will prevent MS from force feeding many more incompatible Office file format "upgrades". Cheaper and cheaper hardware will make the cost of MS software more apparent. Just as MS Works was developed as a cheaper alternative to Office, people will "settle" for Linux for their kids.
Linux doesn't have to replace existing Windows machines. It only has to be a proven viable alternative when people replace old PCs. Faced with forced upgrades by MS's short sighted policies, people will choose inexpensive compatible standards-friendly Linux over expensive incompatible Redmond-protocols Microsft.
--
Felix
Date: Mon, 3 May 1999 18:30:31 EDT
From: Robbo0119@aol.com
Subject: Linux and W98
I use W98 for most of my essential tasks and also use it for "GAMES". I own a lot of games.
HOWEVER i recently started to use Linux as an alternative operating system. It has a steep learning curve , ( at least for me, because I don't seem to own the hardware that it comes ready for and have had to hunt down drivers on the net, and also learn to install them properly.)
The current state of Linux reminds me of OS/2 when it first came out. I liked OS/2 (I had the 3.0 ). BUT . I stopped using it because there were very few (almost none) programs for OS/2 at the time. I considered it a superior OS to Windoze. It actually worked.But you had to learn how to make it work.
I will be really glad if Linux makes it in the market, Be assured that Bill Gates with all of his money is not going to let an Operating System that's essentially FREE take over his market share ( probably he thinks of it as his domain). Good Luck Linux!!
--
robbo
Date: Mon, 03 May 1999 23:58:12 -0500
From: cbbrowne@godel.brownes.org
Subject: LinuxCAD Reviewz
I think that it is a very good thing that you presented the Official Reaction of Software Forge Inc to the previous "LinuxCAD" Review; the quality of the response as well as the advertising material speaks as loudly as any review could. (Including the one claimed to be "fraudulent.")
It is clearly important for Linux Gazette to remain editorially objective; in this case that has been quite successfully done. However badly you may have wanted to use a spell-checker, the community will always remain grateful for your self-control in throttling that impulse. :-).
--
cb
Date: Tue, 4 May 1999 20:41:47 +0200
From: Craig Schlenter,
craig@qualica.com
Subject: NetLED security problem?
I read an article in Linux Gazette about netled and the comment about not prepending /dev/ to any of the command line arguments intrigued me so I thought I'd look at the source code:
From netled.c:
The Mailbag!
char tty[10] = "/dev/";
[snip]
strcat(tty,argv[1]);
if((ttyfd = open(tty,O_RDWR)) < 0) {
fprintf(stderr,"Error opening keyboard %s\n ",tty);
exit(1);
}
[snip]
I'm not an expert in these matters but this would appear to be prone to a buffer-overflow/stack-smashing attack. The fact that it's part of main() and not some subroutine might have some bearing on the matter as I'm not too sure whether exit() will look for some sort of return address on the stack (and no libc source handy to check) but either way it looks like something that needs fixing ...
I'd recommend a
if (strlen(argv[1]) >= 5) {
fprintf(stderr, "argument too long");
exit (1);
}
be added before the strcat. This is especially relevant since you recommend
running the program SUID root. Actually a size of 10 for tty is too low as a
size since you want argv[1] to be "console" ...
I've cc'ed the author of the article, linux-gazette too and one of the security mailing lists maintainers who is probably far more knowledgeable than me about stack overflows to shed some light on the matter. Thank you,
--
Craig
Date: Tue, 11 May 1999 11:12:05 -0600
From: njg@itmin.com
Subject: Desktop Users
I wish to make a request to the editor of the LG and hope others in my
category will support me. I was prompted to do this after reading mail in
your journal. The letter in April
From: "Michael J. Hammel", mjhammel@graphics-muse.org
Subject: Re: a newbie's grief : Erik Refner & Clara Lundqvist: "
is one such example.
(I must admit that in my debut I created a partition with FIPS and installed
RedHat Linux ver 2.1 on my PC in 1995 with only few problems. So it is not
THAT bad really..But I could not get my modem to work!)
Linux is more than a BIG OS for developers and programmers. It has a great future for ordinary PC DESKTOP users like me. Many people in the world cannot afford Microsoft software. The OS and their Offfice suite is very expensive. The restrictions of a single PC means if you have more than one PC the cost increases. Linux is affordable. One copy of the latest version in a library can be shared by many. In poorer countries this will be a great boon. People will learn to manage with the free software that is there to use. Going on the internet will be easy as Netscape, familiar to everyone is available. A simple x-based email client allowing multiple users will be all that is needed, as Netscape does not allow multiple addresses on the same PC. Also viruses are not a problem in linux, as yet!!! :-) I read in the news in lg that Corel was going to build a desktop PC version for ordinary PC users in MAY lg news...
"Ottawa, Canada - April 21, 1999 - Corel Corporation (NASDAQ: COSFF, TSE: COS) today announced an alliance with two major Open Source developer communities to advance the development of its proposed Linux distribution; a user-friendly Linux installation and graphical user interface (GUI) for the desktop PC."
But this may be costly. In the April news there was some hope... "Project Independence: Linux for the Masses, http://independence.seul.org/distribution/ "
Therefore my request. Could you please reserve a little section of your lg for simple desktop uses of Linux, as opposed to programmers, LAN users, Server users etc.? News as well as software reviews specially of value to us could be great! Thanks
--
Nandalal Gunaratne
(I'd be happy to have deskopt uses included. Anyone who submits this type of article can be assured that we will post it. --Editor)
Date: Wed, 5 May 1999 16:53:53 -0400
From: Larry Kollar,
lkollar@my-dejanews.com
Subject: Re: KDE is bloated and slow (not)
I keep hearing all this stuff about KDE is bloated, KDE is slow, KDE put a nasty stain on my favorite T-shirt and I can't get it clean, you get the idea....
I run Linux part-time on a Mac G3/266 (the beige box, "only" 32MB of RAM), with KDE as my standard GUI, and I don't see what people are complaining about. Maybe I'd feel different if I had to run it on a Pentium, or on a Mac IIsi running NetBSD or Linux-68k, but KDE responds well to decent hardware. I recently updated from a beta to 1.1, and it does feel a bit snappier.
I'll admit to shutting down X to compile large projects, but only because of my current RAM limits. Once I add more RAM, I'll probably change the runlevel to 5 and have X + KDE running all the time.
Besides, my wife would kill -9 me if I removed KDE -- she learned how to boot into Linux & start X just so she can play kmahjongg and a couple of the other games. This by itself is a reason to have KDE available; you can spend a few minutes showing newbies a comfortable interface and blunt the irrational fear of not-Windows.
Looking for a 3-button ADB mouse,
--
Larry
Date: Mon, 24 May 1999 14:52:06 +0200
From: Roger
Subject: MTBF for Craig Burton
Craig Burton said "Show me the MTBF figures"
I am used to a hardware background, where we calculate MTBF figures before releasing systems. If nothing else, they give a rougth guide to how many spares you need;-)
BUT, basicly speaking, this calculation is done by taking an MTBF figure for each element (This type of component employed in this manner has this MTBF), which are text book figures derived from statistical analysis, and then you add them all together.
This means if system A has 10 widgets and 6 doofas, whilst system B has 15 widgets and 12 doofas, then system A will have a much lower MTBF.
It may seem a harsh way to calculate reliability, but generaly speaking it works, and one always regards system reliability as being inversely proportional to system complexity. Most of us are not able to review the NT source, but it is believed to be far more complex than Linux, which would suggest that the MTBF is proportionatlely lowwer.
Of course in software there are many other parameters, but nontheless complexity is a major parameter. Another biggie is the language used for development, C programming is far more vulnerable than higher level languages for obscure bugs such as memory leaks, but for performance reasons so low level languages are considered essential for OS work, and so both have the same vulnerability (in fact one can easily find disaster tales of e.g. memory leaks on both platforms).
Another major factor is using tried and trusted methods (or re-using well proven code). Much of the reason for NT's additional complexity is that it has to support so many MS invented protocols designed to render it incompatible with the rest of the world. This is particularly so when one get's out of kernel space into userland, Linux makes heavy (re)use of legacy *nix software such as sendmail which has a very long history.
In a nutshell, there are sound scientific arguments as to why Linux may be more relaible than NT, indeed one of Linus's rallying cries is to keep things simple, and he resists attempts to over complicate the kernel. MS (IMHO) appear to have tied themselves in knots with all thier attempts to do things in a proprietry manner.
I think Craigs comments that imply that people who say Linux never goes down are talking shit and are just Linux worshippers are a bit excessive. Of course Linux does go down, but these people are just reflecting a common appearence that Linux boxes do seem to go months before re-boots (so one forgets when one last re-booted), wheras NT reboots tend to be common enougth to be frustrating (...but we re-booted just a couple of weeks ago). It is a subtle difference, but Linux by being a little better appears to cross the memory threshold.
All I will add is that at work I use both a Linux and NT server, neither are particularly loaded, and both are doing file and print sharing (allthougth the Linux box does handle a mega printer which often has 100's of megabytes in the queue, it was moved from the NT box because it did not work there). The Linux box has only ever gone down during power outages (no UPS), whilst the NT box (which does has a UPS), has gone down several times in the two year period I have been in this environment. Note that the Linux server was just loaded and set up on the fly by ourselves, whilst the NT box was set up, and is maintained, by an outside firm with MS certified personel.
Am I a religious nut for pointing this out?
I think Craigs comments that imply that people who say Linux never goes down are talking shit and are just Linux worshippers are a bit excessive. Of course Linux does go down, but these people are just reflecting a common appearence that Linux boxes do seem to go months before re-boots (so one forgets when one last re-booted), wheras NT reboots tend to be common enougth to be frustrating (...but we re-booted just a couple of weeks ago). It is a subtle difference, but Linux by being a little better appears to cross the memory threshold.
-- Bye for now, And watch out for those low flying Penguins.......
Roger
|
Contents: |
July 1999 Linux Journal
The July issue of Linux Journal will be hitting the newsstands June 11. This issue focuses on Science and Engineering. Feature articles include "Archaeology and GIS", "SCEPTRE: Simulation of Nonliear Electric Circuits", Stuttgart Neural Network Simulator" and "Real-Time Geophysics Using Linux". Also included are an article by Dan York on "Building a Linux Certification Program, one by Jon "maddog" Hall about his visit to Fermi Labs at Spring COMDEX and an interview with Dev Mazumdar and Hannu Savolainen of 4Front Technolgies. Linux Journal now has articles that appear "Strictly On-Line". Check out the Table of Contents at http://www.linuxjournal.com/issue62/index.html for articles in this issue as well as links to the on-line articles. To subscribe to Linux Journal, go to http://www.linuxjournal.com/ljsubsorder.html.
For Subcribers Only: Linux Journal archives are now available on-line at http://interactive.linuxjournal.com/
1999 USENIX Annual Technical Conference
June 6-11, 1999 -- Monterey Conference Center, Monterey, California
The Keynote will be by John Ousterhout, creator of Tcl/TK, speaking on a fundamental shift in software development to applications created by extending existing applications, protocols, frameworks, and devices.
The FREENIX track is devoted to high-level technical discussion of open source software. Peer-refereed papers, expert talks, and evening sessions will be led by leading OSS developers including Linus Torvalds, Kirk McKusick, Theodore Ts'o, Theo de Raadt, and Robert J. Chassell for Free Software Foundation/GNU. (Richard Stallman had planned to lead a BoF but will be in Turkey on FSF business.)
Web site: http://www.usenix.org/events/usenix99
2000 USENIX Annual Technical Conference: Call For Papers
June 18-23, 2000 -- San Diego, California
The Program Chair, Christopher Small, Lucent Technologies-Bell Labs, and the Program Committee seeks to bring together the broad advanced computing community under a single roof to share the results of the latest and best work, find points of common interest and perspective, and develop new ideas that cross and break boundaries. They invite your submission of original and innovative papers. Invited Talk proposals and suggestions and proposals of tutorials are also very welcome.
Paper submissions are due November 29, 1999.
See http://www.usenix.org/events/sec99/cfp.html.
Linux support in Indonesia
PT Cakram DataLingga Duaribu has announced it's first commercial Linux support in Bogor, West Java, INDONESIA. The support includes Linux consultation service, Home PC pre-installed with RedHat Linux, Linux Servers with special configurations.
For more information, contact http://cdl2000.or.id/linux.html or linux-support@cdl2000.or.id.
Linux 3D Gaming Initiative looking for volunteers
The Linux 3D Gaming Initiative ( http://www.linux3d.net) is a pro-bono community resource project initiated by Full On 3D (http://www.fullon3d.com). It is open to and depending on contributors from all sorts of hardware and gaming websites..
Voluteers needed:
Linux Administrators Security Guide 0.1.0
https://www.seifried.org/lasg/
150+ pages, Adobe Acrobat format. An https:-capable browser is required for
download (This means a browser that can view secure webpages, such as recent
versions of Netscape or Internet Explorer.)
There is an LASG FAQ in HTML format, but https: is still required.
https://www.seifried.org/lasg/lasg-faq.html.
sourceXchange: Software-Development Model of the Future
More than just a job-posting or recruiting Web site, sourceXchange is the industry's first vehicle to manage the open-source development process that protects the interests of both corporate sponsors and open-source developers.
The sourceXchange is a Web site that maintains a database of all published project RFPs posted by corporate sponsors, registers open-source developers and their teams, manages RFP responses from the developer community, and manages payment. It also will incorporate peer review and project milestones to ensure quality and reliability of each development project.
SourceXchange, an affiliate of O'Reilly & Associates, was founded in conjunction with HP, the founding sponsor. The two companies plan to launch the service in early summer with an array of open-source development projects from HP that expand its commitment to open-source technologies. Pending a successful beta launch in July, sourceXchange will accept projects from other enterprise sponsors.
See www.sourcexchange.com for details.
Cosource.com: another service to fund Open Source development
Redmond, WA -- Veriteam, Inc., today announced the launch of their web-based service, Cosource.com ( www.cosource.com), which will enable users of Open Source Software to directly influence the development of Open Source Projects.
Cosource.com will launch the beta-testing phase of their service on June 1, 1999. During the beta-testing phase, registered sponsors will nominate seed projects for development by Open Source developers, while programmers will register as potential developers of sponsored projects. After the beta phase, Cosource.com will begin accepting sponsorships for specific projects from consumers of Open Source Software.
Cosource.com allows individuals to offer financial rewards to developers of Open Source Projects in exchange for creating software that meets the individuals' needs. On the web site, a database records the specifications and initial sponsorship amount offered for a project. After the initial sponsorship, other sponsors can easily add their sponsorship amounts to the project, thus increasing the bounty offered for the project.
Once a significant bounty has accrued, developers bid for the right to produce the software according to the specifications detailed by the project's sponsors. The Staff at Cosource.com coordinate the interface between the sponsors and developers, making sure the needs of the sponsors are met and the developers are paid for their efforts. Sponsors make their payments via a secure credit card payment system, and the developer is paid with one check issued by Cosource.com.
O'Reilly "Open-Sources" Sebastopol, CA-O'Reilly & Associates announced today that they a are making the entire new book, ?OpenSources: Voices From the Open Source Revolution freely available (or "open-sourced") on their web site. Open Sources is a collection of essays that offer insight into how the Open Source movement works, why it succeeds, and where it is going.
OpenSources, published in January 1999, has earned considerable critical acclaim. In "OpenSources", Open Source pioneers such as Brian Belendorf (Apache), Scott Bradner (Internet Engineering Task Force), Jim Hamerly (Netscape), Kirk McKusick (Berkeley Unix), Tim O'Reilly (O'Reilly & Associates), Tom Paquin (mozilla.org.), Bruce Peren (Open Source Initiative), Eric Raymond (Open Source Initiative), Richard Stallman (Free Software Foundation), Michael Tiemann (Cygnus Solutions), Linus Torvalds (Linux), Paul Vixie (Bind), Larry Wall (Perl), and Bob Young (Red Hat) share their vision of the Open Source movement.
Pacific HiTech and Computer Associates announce Linux partnership
ISLANDIA, N.Y., and TOKYO, JAPAN, May 18, 1999--Computer Associates International, Inc. (CA) and Pacific HiTech today announced a partnership to broaden the acceptance of Linux and Linux-based applications by corporate users across the Pacific Rim and worldwide.
Under terms of the agreement, CA and Pacific HiTech will create a unique, high-value operating system solution that incorporates both Pacific HiTech's TurboLinux and CA's industry-leading Unicenter TNG management technology. CA will develop versions of Unicenter TNG and Unicenter TNG Framework to support TurboLinux, while Pacific HiTech will promote the use of Unicenter TNG as the premier management solution for its Linux customer base. The companies have also agreed to collaborate closely on engineering multiprocessor clustering and failover support for their respective solutions.
Here's the full press release.
Pacific HiTech and IBM
Pacific HiTech and IBM announced an industry first partnership whereby Pacific HiTech will ship IBM's DB2 Universal Database with its Linux Operating Suite, TurboLinux.
Pacific HiTech will sell its TurboLinux products integrated with IBM middleware - beginning with DB2 Universal Database - through its channels in Asia and North America.
Also announced today was the largest deployment to date of IBM NetFinity servers running Linux. The deployment, which took place at Kyoto Sangyo University, a leading university based in Kyoto, Japan, involves more than 600 IBM NetFinity 3000 servers running on Pacific HiTech's TurboLinux workstation. The installation of this technology will enable the university's students, faculty and researchers to run both the TurboLinux workstation and Microsoft Windows NT operating systems on a single network.
Intel and H-P: Linux on Merced
Intel and HP have announced that the Merced program has included Linux as one of the Operating Systems the chip will be certified on at its release date.
The announcement is on Intel's website.
USALogin web site revamp (pre-configured Linux systems)
USALogin specializes in pre-configured Linux solutions designed to snap into your existing corporate network.
USALogin's solution will
The system is complete and installed into your office with a single low monthly cost.
USALogin's web site is www.usalogin.net.
CTiTEK replaced Windows NT with Linux on a client's webserver
Chesterfield, MO - May 18, 1999 - CTiTEK Inc.
"This is the fourth Linux installation in two months. Others consisted of firewalls and Email servers.
An estimated $2,000 - $10,000 annual savings can be realized when switching to a Linux server. (Includes labor, hardware, and software savings).
A Microsoft FrontPage error on an Email form was the last straw that caused this conversion to Linux.
Instead of consistent errors and copious amounts of time spent on Microsoft's software undocumented 'issues', it was decided to rebuild the system into a Linux machine.
It all started by using Windows NT with Option Pack 4 to run multiple web sites one year ago. The customer wanted to run several websites on one machine, so Windows NT with Option Pack 4 was used.
Today it became necessary to run an Email Form (an area on the website that one can fill-in and the info is sent by email to someone in the company) on the website, and FrontPage was used to keep everything in the MS 'family'. Unfortunately the FrontPage Email Form did not work properly with the webserver. After spending countless hours trying to solve the problem, including several calls to Microsoft, we realized that the Windows NT Operating system will have to be rebuilt with the latest version of the Management Console (An uninstall and installation of the latest option pack did not work).
We selected Linux because it is a robust, free Operating System (benchmark tests with reputable magazines indicate a minimum 75% higher performance).
TRADEMARKS. Microsoft, Windows, Windows NT, and/or other Microsoft products referenced herein are either trademarks or registered trademarks of Microsoft."
CiTEK's website is www.citek.com.
Alpha Processor, Inc. joins Linux International
LINUX EXPO, Raleigh, NC, May 19, 1999 - Alpha Processor, Inc. (API), the leading provider of the world's fastest 64-bit microprocessor and related technologies, today announced it has joined the non-profit Linux International organization, formally pledging its continued commitment to support application development for the Linux operating system.
"In becoming a member of Linux International, API joins industry forerunners dedicated to the mass acceptance of Linux," said Jon "Maddog" Hall, executive director of Linux International. "Offering today's leading high-performance platform for Linux, API is an ideal candidate for membership. This symbol of API's commitment to growing this market undoubtedly will inspire innovations throughout the Linux community."
API is committed to developing enabling technologies to speed adoption and growth of applications built on the Alpha Linux platform. Alpha's superior speed, performance and reliability make it a natural environment for Linux. API's marketing and engineering partnerships and industry standard platform price points are expected to expand Alpha's share in this growing market.
The company's website is www.alpha-processor.com.
Magic Software announces the "Magic for Linux Really Cool Contest"
IRVINE, CA (May 20, 1999) -- Magic Software Enterprises (NASDAQ: MGIC) announced today that it will award a free 10-day cruise for two to Antarctica to the developer who builds the best e-commerce solution for the Linux platform using Magic, the company's highly productive development technology. The contest, titled "The Magic for Linux Really Cool Conte st", runs from May 20, 1999 through October 15, 1999, with all entry forms d ue no later than September 30, 1999. Complete details on the contest can be obtained through the company's web site, www.magic-sw.com.
Ardent Software delivers key data management software for Red Hat Linux
WESTBORO, Mass., May 20, 1999 - Ardent Software, Inc. (Nasdaq: ARDT), a leading global data management software company, today announced a partnership with Red Hat Software, the market leading Linux distributor and service provider. In partnership with Red Hat, Ardent will port key data management software tools to Red Hat Linux (RHL), allowing Ardent's extensive channel of resellers and distributors to make their business applications available to Red Hat Linux users. Among the Ardent products to be available on the Red Hat Linux platform are its UniVerse and UniData relational databases and related development tools, including the System Builder multi-tier 4GL and RedBack Web OLTP environment.
Ardent's web site is www.ardentsoftware.com.
IACT's Freedom of Choice Petition
Join us in IACT's Freedom of Choice Petition, to stop the exclusive pre-installation [bundling or tying] of a single company's software on the computers sold, bought and used across the world. To bring real choice and innovation to the PC market, we should be able to buy and sell new computer systems compatible with Linux and a wide range of software programs, in any combination.
Help us send that direct message to the PC companies, by signing and supporting IACT's Freedom of Choice Petition! We're already getting great support from the Internet community and from users, programmers and resellers of Linux, OS/2, Unix, DOS, BeOS, BSD and yes, Windows, too. To add your name to all of theirs, just use either our on-line form or regular e-mail. Details are at http://pages.cthome.net/iact/iaction-freechoice.html.
Linux Links
Rasterman explains his departure from Red Hat: http://slashdot.org/article.pl?sid=99/05/31/1917240&mode=thread
LuCAS: Spanish-language Linux documentation: http://lucas.hispalinux.es
IBM announces support of four Linux distributions: http://www.theregister.co.uk/990525-000006.html.
SCO's views of Linux and comments on recent press articles
Proven dk bookkeeping program
May 3, 1999 -- Proven Software,Inc. today released Proven dk, Small Business Edition. Proven dk is a single-user quick entry bookkeeping package written specifically for the Linux desktop. The Small Business Edition is priced at $99 (US). An evaluation copy is available on the company's website.
Despite its low price, Proven dk, Small Business Edition is a comprehensive accounting system which includes Sales Invoicing, Accounts Receivable, CheckWriter, Accounts Payable, General Ledger, and Financial Report Generator. This new product provides the general bookkeeping and accounting essentials for most small businesses and organizations.
The company's web site is www.provenacct.com.
EasyCopy: printing and scanning prorgrams for CAD-related industries
SAN JOSE, Calif., April, 1999 - AutoGraph International (AGI) debuted EasyCopy 6.0 at the COE TechniFair with a scheduled late May release to the marketplace. EasyCopy 6.0 is a major rewrite of AGI's flagship, EasyCopy/X, which has an installed base of more than 150,000 users worldwide. With this new generation EasyCopy has taken a major step from a printing solution to a flexible set of image communication tools.
The company says EasyCopy, EasyConvert, EasyCopy/Page, EasyCopy/Scan and EasyCopy/Graphics run on Linux. Pricing of EasyCopy begins at $395.
The company's URL is http://www.augrin.dk.
Other Products
Harlequin Lispworks Beta for Red Hat on Intel (Common Lisp implementation): http://www.harlequin.com/devtools/lisp.
/BriefCase 3.0 Released as OpenSource (Software Configuration Management solution): http://www.applied-cs-inc.com/.
Sylvan Prometric to Deliver New Linux Certification Tests:
Information about the Sair Linux training and certification
program: www.linuxcertification.org
Locations of Sylvan APTCs:
www.sylvanprometric.com
Integrated Computer Solutions, Inc. (ICS) has released its flagship product, Builder Xcessory (BX PRO(tm)), is now available for SuSE Linux. The press release is at http://www.ics.com/about/whatshot/press_releases/bxlinux-suse.html. This is a WSYWIG integrated development environment.
Metroworks Code Warrior software development tool has been ported to Red Hat. http://www.metroworks.com.
Web-4M(tm) 2.5 provides a comprehensive collaboration/groupware environment for Linux. The Web-4M server supports email, news, phone, the Browseable Document Library(tm), the Interactive Slide Show(tm), audio conferencing, chat, a white board, a calendar, scheduler and more. The Web-4M server runs under Linux and other platforms in conjunction with the Apache web server. Clients can be Linux or any platform that supports a Java-compliant web browser. http://www.jdhtech.com.
SuperAnt releases Linux Security CD-ROM: http://www.superant.com.
VariCAD professional CAD system: www.varicad.com.
![[ TABLE OF
CONTENTS ]](../gx/indexnew.gif)
![[ FRONT
PAGE ]](../gx/homenew.gif)
Setting up a Loopback Mount --or--
sites for general disk info? --or--
TCP Sockets --or--
cvs tree for pam --or--
Resizing partitions --or--
Hubs --or--
procmail and saved variables. --or--
RMA for Video Card
Unix Internal --or--
One Bad Sector thats gettin on my nerves! --or--
Server shutdown/restart: 2-key keyboard --or--
hal91 --or--
ping at a differnt port --or--
Hey answer guy!!! --or--
New Kernel Loses Ether Driver;
Dial on Demand and Masquerading
pcmcia install on debian
work-around for gdi printer? --or--
Question about 2 GB max? --or--
Advanced ipfwadm question. icmp forwarding. --or--
RedHat 5.2 Kernel 2.0.36 --or--
Pls spare a minute: --or--
HELP!!!!!!!!!! --or--
"Network Neighborhood" --or--
AOL
Greetings from Jim DennisThose of you who read slashdot (http://www.slashdot.org), the Linux Weekly News (http://www.lwn.net), or other common Linux webazines and forums have undoubtedly tired of reading about the Mindcraft fiasco. If so, maybe you'll skip this and go unto the usual collection of "Answer Guy" questions.
The Mindcraft story has been interesting. As some of my colleagues have pointed out their "attack" on Linux serves more to legitimize Linux as a choice for business servers than to undermine it. In addition it appears that the methodology they used has uncovered some legitimate opportunities for improvement in the Linux process scheduling facilities.
I'm referring to the "thundering herd" issue that results from a large number of processes all doing a select() call on a given socket for file resource -- such as having a 150 Apache servers listening on port 80. However that is not a new issue; Richard Gooch (a significant contributor to the Linux kernel mailing list and code base) discussed similar issues and possible patches almost a year ago:
It looks like some work will go into the Linux kernel and into Apache to resolve some of those issues. In addition I know that Andrew Tridgell and Jeremy Allison (a couple of the principal members of the Samba development team) have been been continuing thier work on Samba.
So the Linux/Apache/Samba combination will show improvement for the general case. Samba 2.0.4 just shipped and already has some of these enhancements. Some of the interesting changes to the Linux kernel might already be present in the 2.3.3 developmental kernel (and might be easily pack ported as a set of 2.2.9 patches). So we could see some of the improvements within a couple of weeks.
Some of these improvements may give Linux a better showing in any "Mindcraft III" or similar benchmark. Maybe they won't. The improvements will be for the general case --- and I don't see much chance that open source developers will sneak in special case code that will only improve "benchmark" performance without being of real benefit.
That's one of the problems with closed source vendors. There's great temptation to put in code that isn't of real value to real customers but will be great for benchmarks and magazine reviewers. This has been detected on several occassions by several vendors; but it would be completely blatant in any open source project.
Frankly, I don't care if we improve our Mindcraft results. I prefer to question the very premises on which the whole discussion is based.
There are three I'd like to mention:
The fallacy of the whole Mindcraft mindset is that we should have "big servers" to provide file and web services. Let's ask about that.
Why?
The reason Microsoft wants to push big servers should be relatively obvious. Microsoft's customers are the hardware vendors and VARs. Most end customers, even the IT departments at large corporations, don't install their own OS. They order a system with the OS and major services pre-installed (or order systems and pay contractors and/or consultants to perform the installation and initial configurations).
So, it is in Microsoft's vested interest to encourage the sale of high end and expensive systems. The cost of NT itself is then a tinier fraction of the overall outlay. One or two grand for the OS seems less outrageous when expressed as a percentage of 10 to 20 thousand dollars.
So, how many customers really need 4-way SMP systems? Are 4-way SMP systems EVER really a better choice for web and file services than a set of four or more similar quality separate systems?
Big 4 or 8 CPU SMP servers are probably the best choice for some applications. It's even possible that such systems are optimal for SOME web and file servers. What's really important, however, is whether such systems are appropriate to YOUR situation.
Back when NT was first starting to emerge as a real threat to Netware it was interesting that the press harped on the lack of "scaleable SMP" support in Netware 3.x and 4.x. I'm sure there are analysts today who would continue to argue that this was the primary reason for Netware's loss of marketshare during the early to mid '90s.
Personally I suspect that the bigger factors in Netware's woes were from three other causes:
Of course, I could be wrong. I'm not an industry analyst. However, I do know that the considered opinion of the Netware specialists I knew back around '93 was that Netware didn't need SMP support. It was plenty fast enough without additional processors. NT, on the other hand, has so much overhead that it needs about 4 CPUs to get going.
So, if we're not going to use "big servers" how do we "scale?"
Replication and Distribution.
Look at how the whole Internet scales. We have the DNS system which distributes (and delegates) the management of a huge database over millions of domains. We don't even bat an eye that an average DNS lookup takes less than a second. The SMTP mail system also has proven scalability. It handles untold millions of messages a day (some of which isn't even spam).
Of course some people are already chomping at the bit to write to me and explain what an idiot I am. There are problems with replicating files and HTML across multiple servers. Some applications are very sensitive to concurrency issues and race conditions. There are cases where the accessor of a file must have the absolute latest version and must be able to retain a lock on it. There are cases where we want to lock just portions of files, etc.
However, these are not the most common cases. Going for the "big server" approach is often a sign of laziness. Rather than identify the specific sets of applications that require centralized control and access, they try to toss everything on the "one size stomps all" server.
In the degenerate case of the Mindcraft benchmarks it would be amusing to pit four low cost PCs running Linux against one "big server" running NT. I say "degenerate case" since the benchmarks used there don't seem to have any concurrency or locking issues (at least not for the HTTP portions of the test).
Needless to say we'd also seem some advantages beyond the scalability of our "hoard of cheap servers" approach. For example we could use dynamic DNS and failover scripts to ensure that transparent availability was maintained even through the loss of three of the four servers. There's certainly some robustness to this approach. In addition we can perform tests and upgrades to one or more systems in these loose clusters without any service down time.
Because these use commodity components it's also possible to keep shelf spares in an on site depot. Thus reducing the downtime for individual nodes and providing the flexibility to rapidly increase the clusters capacity in the face of exceptional demands.
All that --- and it's usually CHEAPER, too.
Naturally there are some challenges to this approach. As I mentioned, we have to configure these systems with some sort of replication software (rdist, rsync) and test regularly to ensure that the replication process isn't introducing errors and/or corruption. There are also the problems with writable access and the needs for the nodes in a cluster to communicate about file locking and application (i.e. CGI) state.
The point is not so much to promote the "hoard of thin servers" approach as to question the premise. Do we really need a "big server" for OUR task?
I've talked about the fundamental disconnect between mass marketing and customer requirements before. "Mass marketing" sells features in the hopes that masses will will buy them. Customers must consider the "benefits" of each "feature" before accepting any arguments about the superiority of one product's implementation of a given "feature" over another.
As an example let's consider Linux' much vaunted "multi-user" feature. To many people this is not a benefit. Many people will never have anyone else "logged into" their system. To people like my mom "multi-user" is just an inconvenience that requires her to "login" and means that she sometimes needs to 'su' to get at something she wants. (Granted there are ways around those). In some way Linux' "multi-user" features (and those of NT, for that matter) are actually a detriment to some people. The represent a cost (albeit a small and easily surmounted one) to some users.
This leads us to the other two issues that I would question.
Apache is not necessarily the best package for providing high speed, low-latency, HTTP of simple, static HTML files.
There are lightweight micro web servers that can do this better. I've also heard of people who use a small cluster of Squid proxy servers interposed between their Apache servers and their routers. Thus the end users are transparently access an organizations Squid caches rather than directly accessing it's web servers. This is a strange twist on the usual case where the squid caches are located at the client's network.
By all accounts SMB is a horrid filesharing protocol. The authors of Samba take a certain amount of wretched glee in describing all of the misfeatures of this protocol. Its sole "advantage" is that it's included, preconfigured with 98% of the the client systems that are shipped by hardware vendors today.
Note: I'm NOT saying that NFS is any better. Its main advantage is that almost all UNIX systems support it.
Personally I have high hopes for CODA. Its about time we deployed better filesystems for the more common requirements of a new millennia.
I'm not the first to say it:
"There are lies, damned lies, and benchmarks"
However, the important thing about any statistic or benchmark is to understand the presenter. Look behind the numbers and even the methodology and ask: "Who says?" "What do they want from this?"
Alternatively you can just reject statistics and benchmarks from others, and make your decisions based on your own criteria and as a result of your own tests.
The scientific method should not be used solely by scientists. It has application for each of us.
-- Jim Dennis
Loopback (localhost) NFS Mounting for FTPFrom Mark S. Turczan on Sun, 02 May 1999
James,
Would you know of a way to setup a loopback mount within a /home/ftp hierarchy?
Or could you provide a better method to achieve the following?
I've got a set of disks setup under software raid, and I've mounted them under /mnt/raid. What I'd like to do is include a link from a directory under /home/pub/Archive to the actual files under /mnt/raid/Archive. I've tried doing this with a symbolic link, but it doesn't seem to resolve it when I connect through ftp.
When you connect as "anonymous" or "ftp" through the conventionally configure FTP service, or as any member of a "guestgroup" to a WU-FTP daemon, you are in a chroot jail. This is intended to prevent you (an FTP client) from wandering around the filesystem peeking into things where you don't belong (as an anonymous or guest user).
Naturally symbolic links don't pierce through a chroot wall.
It's possible to configure your system to act as an NFS server and client (concurrrently) and to export a directory tree (presumably in read-only mode) to yourself.
This is one of several tricks that is referred to as a "loopback mount" (not to be confused with the mount -o loop=... option which is a way of mounting a file image as a filesystem). In this case you're doing a perfectly normal NFS export, and a perfectly normal NFS mount. The only oddity is that the export and mount are on the same machine and are going through the loopback network interface.
So you put a line in your /etc/exports file like:
/mnt/raid/ftparea 127.0.0.1(ro,insecure)
... and possibly some lines like:
/mnt/raid/ftparea/no/ (noaccess)
(to define a set of subdirectories under the exported directory tree to which you want to deny access).
... and then you use a command like:
... or whatever.
Personally I think it's a horrible kludge. But I've done things sort of like this and it does work.
Thanks for any help you can offer.
--
Mark Turczan
General HD Info and Boot CodeFrom Erik Bryer on Sun, 02 May 1999
Hi,
Of course, there are cases where it might be superfluous. If you were to e-mail Linux Torvalds he'd have a pretty good idea where you got his address; it's in the /usr/src/linux tree on millions of computers.
Anyway, linuxvalley.com looks like an interesting site --- if you read Italian. I've seen quotes of myself translated into Italian, Portugese and a couple of other languages --- it's amusing. (I just feel sorry for the interpreters --- any of you out there? I owe you each a beer!).
Do you know of any websites with general hard drive info. More
specifically, and I'm quite happy just with a web page reference if you
like, I wonder if, like dos, unix requires executable code in the boot
sector, if it even has a boot sector. I've tried alta vista, but found
mostly junk. Thanks.
Erik Bryer Calgary
However, I can answer the question regarding boot code.
The PC BIOS requires that your OS, any OS be loaded from somewhere. Your mainstream choices are: hard drive, floppy, network and (most recently) CD-ROM. There are some devices which emulate drives (sold under names like "ROMDisk" et al.).
When loading from a hard drive the BIOS loads the first sector (512 bytes) on track zero. This is called the MBR. It contains two parts: some boot loader code and a partition table. The partition table is in the last 66 bytes of the MBR. Actually there are 4 primary partition entries of 16 bytes each, and there's a pair of "signature" bytes which indicate whether or not the drive has ever been initialized. The other 446 bytes of the MBR contains the primary bootloader code.
As you mentioned, MS-DOS provides its own bootloader. That just looks for the active partition and loads a secondary bootloader from the first sector of that partition.
OS/2, NT, and the various PC implementations of UNIX each provide their own bootloaders. These load code from a "boot manager" (usually a one track partition somewhere on the primary drive).
Linux offers a number of alternatives for loading the kernel. The most common is to use the LILO package. This consists of a program, /sbin/lilo, that reads a configuration file (/etc/lilo.conf, by default), and builds a set of primary and secondary boot blocks, and a set of "maps" and writes the primary boot code and the pointers to the secondary blocks and maps into the MBR. LILO is a very flexible utility. You can store information on up to 16 different boot images, you can pass parameters to the Linux kernel (which can set various boot time options in the kernel, or be passed along to init, and thence to the master environment and to the rc startup scripts). You can password restrict some or all of your LILO boot stanzas, define messages to be displayed at boot time, issue a command that sets an automatic "one time" set of boot parameters (/sbin/lilo -R), etc.
Another option is GRUB, the GNU "grand unified bootloader." This is slated to be the bootloader for the GNU HURD (a free microkernel based operating system which has been under development since before Linus started on the Linux kernel). I've heard that GRUB can be be used now with the HURD betas and with Linux.
One thing that's interesting about Linux, in contrast to other operating systems, is that you can load it in alternative ways. So you can load the PC Linux kernel using LOADLIN.EXE (an MS-DOS program) or directly from Win '9x using the updated LinLoad '95 (??? derived from LOADLIN?). So you can have copies of your kernel in any MS-DOS directory and "run them" from MS-DOS. You can put a Linux kernel straight on a floppy (starting at the first block thereon) and it will be directly loaded.
You can also use SYSLINUX to put a Linux kernel on an MS-DOS formatted floppy and load it from there. (If you mount up a Red Hat installation floppy you'll see a copy of the SYSLINUX.CFG file that the SYSLINUX boot loader reads).
It's also possible to load Linux over a network (given a suitable bootp PROM, installed in a NIC, for example). There is nothing to prevent a computer manufacturer from installing a Linux kernel in their own ROMs --- loading it with initrd (initialization RAM disk) support. There are some people doing this for "embedded" systems already (seems to be primarily in specialized systems, not in commodity PCs).
Igel has been making Linux based Xterminal/etherterminal systems using "Disk on a Chip" drivers for years. (http://www.igelusa.com)
As for finding "mostly junk" .... Yeah! I get that, too. However, a big part of "The Answer Guy's" success is that I sift through enough of that junk to (usually) come up with what I'm looking for. (Sometimes it's even what my correspondents were asking about!)
I hope that helps.
SYN, SYN/ACK, ACK, ACK, ACK: TCP HandshakingFrom Kent S on Sun, 02 May 1999
I need help in finding information regarding how sockets are
established (not how to code them). In other words, I know that
there is a standard procedure followed (SYN,SYN/ACK,ACK) in
getting a device talking with a server.
I am more curious in determining how, where, and who actually
handles this on the Linux server.
As an example - I have inetd looking at port 226 for me that will
start a program that will read from the socket. If this program
terminates (kill,alarm,etc...) then the device attempts to
re-establish (sends a SYN). Then one of two things happens
depending on how the program was stopped. Either the server never
responds until the device sends a reset or the server sends a
SYN/ACK and then sends a packets saying that it is finished
sending data. My questions are on the level of does RESET reset a
port or a socket, and why would a server send a finish sending
data flag if the device is requesting a connection. I have been
unable to find info about the protocols of communications that
should be taking place. Any help would be appreciated!
Kenneth Scott
However, I can take a guess at what you might be seeing.
There is also a three way handshake at the termination of a TCP session. Either side sends a packet with the FIN (final) flag set, and waits for the other side to acknowlege that with another FIN packet.
After the local process as attempted to close the socket (and the TCP stack has sent the FIN packet to the remote system) the process will be listed as being in the FIN_WAIT stat when you do a 'netstat' command. Buggy TCP clients may just close their end of the connection without completing the three way session termination. This seems to be mostly from certain MS Windows FTP clients.
There seems to be no "timeout" for how long a processes will sit in FIN_WAIT. When I managed a busy FTP server farm for McAfee Associates (a shareware company with lots of MS-DOS and Windows products) I used to see alot of zombies which were children of FTP daemon processes that were in FIN_WAIT. I had a skulker script that would find the parents of the zombies, check their age and argument list and summarily kill them.
I don't know the details about the TCP RST (reset) process. I've at the extreme edge of my knowlege of TCP in this message --- so I can't go into any greater detail on this.
However, I've heard that the best sources of information about TCP protocols are a couple of books. One would be the O'Reilly volume by Craig Hunt (the crab book), Understanding TCP/IP [ Actually, the "crab book" is TCP/IP Network Administration, now in its 2nd edition. -- Heather ], the other would be a three volume set by Comer and Stevens Internetworking With Tcp/Ip: Principles, Protocols, and Architecture.
As you've suggested these are written more with the programmer in mind. However the O'Reilly book seems to be more suitable for sysadmins and users (besides being a paperback, and therefore much less expensive than the three volume hardcover text books from Prentice Hall).
One of these days I'll get around to reading that one. I'd been holding out for one that covered IPv6 in the hope that IPv6 would be deployed more widely by the time I got around to learning all the gory details. However, it looks like we'll still be dealing with IPv4 (the current suite of protocols) for the foreseeable future.
PAM chrootFrom Terrell larson on Sun, 02 May 1999
I'm interested in a CHROOT option probably in pam-pwdb and I've
been unable to find it. If it does not exist I may be willing to
implement it IF I can find the current source tree and IF I can
find out where to forward it for general use.
Info will be appreciated...
Thanx
Terrell Larson
It's an interesting question. I presume you're talking about implementing/re-implementing PAM support for an old convention among SVR4 UNIX implementations where specific accounts can be marked for special chroot handling by giving them a '*' as the "login shell"
This is described in O'Reilly & Associates' Practical Internet and Unix Security, p232, Garfinkel and Spafford and most other books on UNIX security.
(For our readers that are unfamiliar with the trick: the login program; upon seeing that the login shell for a given account is set to '*' does a chroot() system call to the directory that's listed as that account's "home" directory. Therein 'login' exec()'s the appropriate copy of 'login' thereunder. This normally would then exec() a normal shell, as listed in the /...(chroot top).../etc/passwd file.)
I was doing some research on a paper (that I still plan on submitting to USENIX, one of these days) when I first read about this convention. My paper was on a completely different use of chroot(), but I was doing a literature search.
Naturally I tried this particular trick on one of my Linux systems. It worked fine. In fact I just tested it, as I write this, on a new Debian 2.1 installation that I've been playing with and it works there.
However on PAM based systems (using pluggable authentication modules) --- notably on Red Hat 4.x, 5.x and presumably the new 6.0 system as well as any where the admins have added Linux PAM after-the-fact --- it doesn't work.
I mentioned this in e-mail to Andrew Morgan, the maintainer and co-ordinator of the PAM development project. There is, of course a listing for a pam_chroot module in the PAM administrator's guide. However, that doesn't do the same sort of thing --- and there's no example of how you'd use it to accomplish the same job. It's also listed as "unwritten." I did run across a file at the following URL that you might want to look at:
http://www.us.kernel.org/pub/linux/libs/pam/pre/forgotten/changeroot.tar.gz
It's from late 1997 and is only about 3K. All it contains is source to a simple command, a man page and a sample configuration file. It seems to be an alternative implementation of the chrootuid program that Weitse Venema wrote years ago (part of his 'logdaemon' package).
This particular program (changeroot) seems to have nothing to do with PAM. I'd also guess (from the parent directory name) that the code is not under active development.
Obviously, you could use something like chrootuid, or this changeroot program or you could write a simple C program (or even a PERL script) that would implement this procedure and use a reference to that in lieu of the '*' that I've been talking about. In other words instead of an entry like:
guest:x:65533:65534:Jailed Guest:/usr/local/jail:*
... where 'login' spots the the '*', performs the chroot() to /usr/local/jail, and exec()'s the copy of /bin/login thereunder; we'd see something like:
guest:x:65533:65534:Jailed Guest:/usr/local/jail:/usr/local/sbin/jailsh
... where jailsh is a hypothetical SUID root program that performs these same steps.
This approach will work with any version of UNIX (so its more portable). Another advantage for Linux under a 2.2 kernel is that this hypothetical jailsh program could be written to use the new "privileges" model (which are listed in the sources under the "capabilities" misnomer --- but let's not get into that peeve).
The disadvantage of this approach is that we have to write a custom program (which I'm calling jailsh). It has to run as 'root' (or with several rootly privileges, setuid(), and chroot() at least). I might toss together something for use on one of my systems (I have in the past) --- but I'd be very reluctant to publish those as solutions that anyone else would trust. I simply don't consider myself a sufficiently experienced and skilled programmer to be writing SUID root code for public consumption.
So, this brings us back to your message. chroot() jails are not used much. You'd expect them to see more widespread use, but they they are a bit of a hassle to initially configure (creating a suitable skeleton tree under the target chroot point, getting the requisite shared libraries and device nodes in place for your applications, etc.). In addition there are ongoing concerns that chroot jails are too easy to break out of. In cases where you want to isolate a root/privileged program --- it's too easy for them to chroot back out of the jail. This concern may be addressed by clever use of the new "privileges" features in the 2.2 kernels. However, since you're asking, I presume you already have your application well considered.
It sounds like you are willing to contribute some code to this. So you might start with a small standalone program (based on chrootuid or the changelog program listed above, if their licenses are amenable to your needs).
- You can find chrootuid at:
ftp://ftp.porcupine.org/pub/security/index.html- ... and there's some some of GNU package called g2s
http://freshmeat.net/appindex/1998/05/11/894932721.html
... that's listed as "an interesting alternative to inetd/tcpwrapper/chrootuid/relay/tcp-env/antispam/etc."
PAM pwdb is maintained by Christian Gafton. The canonical forum for discussions relating to PAM development is the pam-list (pam-list@redhat.com). The canonical web site is at:
http://www.kernel.org/pub/libs/pam
... which is generally inaccessible (as kernel.org is the master site for the Linux kernel --- which gets too much traffic for a reasonable Internet connection). So it should be accessed through one of the mirrors. The Linux kernel crowd use a relatively simple and innovative DNS trick to maintain a list of mirrors that we can use without having to strain our memories. Basically you can use URLs of the form:
http://www.us.kernel.org
... to access a DNS round-robin collection of U.S. mirrors. There are mirrors in many other countries and regions, from Afghanistan (http://www.af.kernel.org) to Zimbabwe (http://www.zw.kernel.org). (Yes, they just use the ISO two letter country codes as a subdomain prefix). Most of these sites mirror the whole kernel.org FTP and web trees. If you have trouble connecting to one of the sites, try again. A check with 'dig' lists about a dozen U.S. mirror sites for www.us.kernel.org. Any decent resolver libraries will cycle through the available addresses until one works (upon successive access attempts). That's part of what allows the whole DNS round robin scheme to work).
These carry sources and links to the many ongoing PAM module projects.
But I digress. Getting back to PAM. Personally I'm somewhat disappointed in the Linux PAM project. I've expressed this to the list and I've discussed it with Christian Gafton in person. He and Andrew will probably be irritated to see this published in Linux Gazette --- and they are invited to compose and submit a rebuttal, or anything they like, to the editors here. (I've courtesy copied them on this e-mail).
My principal complaint is that the PAM project seems to be permanently stuck near version 0.6x. It was at 0.57 about two years ago. The response on the mailing list (and direction from Christian) when I raised this concern was: "So what, it's just an arbitrary version number."
Of course I'm not a programmer or a distribution integrator; I'm just a dumb user, admin and support guy and writer --- so my opinion doesn't count for much. However, it does get published, so others can beat up on me when they disagree. It seems to be that a version number of 0.x still connotes "beta" --- not ready for production use to most people. Red Hat and Caldera are the only distributions that include integrated PAM support. Many authentication dependent packages, like ssh, don't include PAM support "out-of-the-box" and it is non-trivial (read: "scary and difficult") for an "average" Linux user or junior sysadmin to install the PAM suite into an existing system.
As one example if you'd been using Debian, S.u.S.E. or Slackware for your application (with the chroot'd users) and you installed PAM, you'd probably be pretty distressed to find it suddenly broken. [ hint: don't log out until you've attempted to access all your desirable services via the localhost interface and gotten them visible again, minimally telnet or ssh. Yes, I've been there. -- Heather ] Granted, this whole '*' shell chroot business is pretty obscure to the "average" user or the "junior" sysadmin. However, it is documented in most books on Unix security (I reviewed about twenty books at a couple of books stores with the words UNIX and security in their titles --- over half of them described this mechanism and several gave examples).
Another complaint that I have is that the existing PAM deployment doesn't include S/Key or OPIE support, and doesn't even include clear examples of how to add-in and configure any form of pluggable OTP. Given that network password sniffing is one of the most common problems that one might want to solve with PAM this seems like a pretty significant omission.
The response to this on the list and in personal discussion amounted to:
"that's crypto --- and the U.S. government black helicopters are hovering over our heads ready to bomb Red Hat's offices if they include anything like it."
(Yes, I'm paraphrasing). Personally I think this is absurd. Yes, the U.S. federal government's restrictions regarding the "export" of cryptography software are an embarassment to free people everywhere. I'm personally ashamed of our entire political process as a result of the ways in which "my" government was repeatedly thwarted the popular will of the people vis a vis cryptography. However, S/Key and OPIE are not cryptography. They use hashes, fancy checksums, as the basis for their authentication. Specifically OPIE uses MD5 by default. (I guess that the spec for S/Key -- OPIE allows for one to use alternative hash algorithms, MD2, maybe SHA-1, etc. I don't know the details on that). Ironically the code for the standard UNIX password hashing method, use your password and some "salt" as a 56-bit DES key to "encrypt" a string of NULs, is far more easily subverted into true cryptographic use than MD5. Of course both the conventional DES hashing and the MD5 code are already in every major Linux distribution, and always have been!
One compromise would be to include DOCUMENTATION. Give us a URL that points to a script. Have the script walk one through the processing of fetching, installing, and configuring pam_opie. Granted it's not THAT difficult. I was able to perform the task by hand in about an hour. However, it would probably take an "average" sysadmin about twice that and it would probably take an "average" Linux user about four times that. Consequently it probably won't happen in any significant number of sites. So it just doesn't get done at all.
(The argument that OPIE and other OTP, one-time-password schemes, is an incomplete solution is also well considered. It doesn't secure the connection so sniffing will still reveal other confidential data, etc. ssh IS a much better solution. The new FreeS/WAN ipsec implementation is also a much better approach. However, there are enough people out there that can't or won't install strong cryptographic support that some stop gap is indicated. Providing smooth easy installation and configuration of OTP is one thing that PAM could do to address this problem).
By far my biggest complaint about PAM is that it hasn't delivered on its most important promise. It doesn't put Linux on par with FreeBSD, NetBSD, and OpenBSD for authentication.
FreeBSD has supported S/Key compatible OTP "out-of-the-box" for YEARS. (Note: Walnut Creek, the largest distributor of FreeBSD CDs and books and the major sponsor for FreeBSD development hasn't been hit by the "black helicopters").
Beyond just this discussion of OTP, FreeBSD's libraries have provided seams shadow and MD5 password hashing for years. Regardless of PAM I still bump into Linux applications that fail to authenticate because they don't properly handle some aspect of shadowing and MD5 checksums. Just last week one of my fellow techs at Linuxcare was fighting for a couple of hours with that on a Yellow Dog (Linux for PowerPC) installation at the office.
That was the whole idea of the PAM project. However, PAM can't deliver on that promise until it attracts widespread support from the application/utility writers that perform authentication. FreeBSD hides most of the details behind their implemention of the standard library functions that most programmers were already using to perform their authentication (getpwent(), etc.). We can't do that with PAM and glibc --- but we need to straighten out this mess eventually.
So, I would welcome any new blood that got involved in the PAM project. I realize that Andrew will probably say: "Quit your whining and turn in some code!" That's fair enough. (However, as I've said before, you don't want to see any C code from me, yet).
PAM is an ambitious project. It goes beyond Linux (in an effort to implement standards that have been proposed to the IETF by Sun and other vendors). I realize that there is some delay because these proposed standards are in draft form and are still in flux (the XSSO, single-sign-on stuff also seems to be languishing). However, I'd still like to see it deliver more in the near term.
Filesystem Management: What must be "resident" at all times?From peter on Sun, 02 May 1999
I'm familiar with moving a portion of a UNIX file system that doesn't
need to be resident at all times to a larger partition. What's the
safest way to do this for a portion of the file system (/usr ?) that
needs to be resident at all times?
Thanks for your help,
Peter
That's why we have a /sbin directory. Originally we had /bin, which was intended to contain just those files that were necessary to bring the rest of the system online. However, as UNIX systems developed shared libraries a number of the items which were traditionally located in /bin (such as sh --- the shell) came to depend on /usr/lib which was the traditional location of the .so (shared object) files.
So some vendors started creating a /sbin ('s' for "statically linked" --- which theoretically allows one to replace /bin with a symlink or use it as a mount point for its own filesystem. Of course most Linux distributions don't put statically linked binaries in /sbin --- we've moved many of the shared libraries into /lib.
Personally I think the whole arrangement is a bit ugly. The idea of having duplicate but statically linked versions of many commands in /sbin is feasible. Having /bin contain a set of symlinks to the /sbin command is fine (since they will work while nothing is mounted over /bin and the mount of any other filesystem over /bin will then make those symlinks "disappear"). I don't like this insistence on dynamically linked everything since that means that you can't even run ldconfig to fix the /etc/ld.so.cache file if it gets corrupted. You have to boot from a floppy to get anything done.
In any event: let's look at a typical Linux root directory
drwxr-xr-x 2 root root 1024 Apr 16 12:52 bin drwxr-xr-x 2 root root 1024 Apr 16 05:20 boot drwxr-xr-x 1 root root 3072 Apr 25 11:11 cdrom drwxr-xr-x 2 root root 17408 Apr 25 07:00 dev drwxr-xr-x 41 root root 3072 Apr 25 11:11 etc drwxrwsr-x 5 root staff 1024 Apr 19 01:58 home drwxrwsr-x 2 root floppy 1024 Feb 1 04:42 floppy drwxr-xr-x 2 root root 1024 Feb 1 04:42 initrd drwxr-xr-x 3 root root 2048 Apr 16 12:38 lib drwxr-xr-x 2 root root 12288 Apr 16 04:46 lost+found drwxr-xr-x 4 root root 1024 Apr 19 03:41 mnt dr-xr-xr-x 6 root root 0 Apr 18 08:10 proc drwx------ 4 root root 1024 Apr 22 15:42 root drwxr-xr-x 2 root root 2048 Apr 16 12:53 sbin drwxrwxrwt 2 root root 1024 Apr 25 12:41 tmp drwxr-xr-x 15 root root 1024 Apr 16 05:17 usr drwxr-xr-x 17 root root 1024 Apr 17 11:01 var
This is from a fairly new Debian 2.1 installation. Here's the same list with some commentary:
- bin
- contains many common commands. Should be able to put this on a mounted fs. Ironically the mount command is in this directory and is dynamically linked! That's just WRONG. (And I don't care what the FHS says about it).
- boot
- contains kernels and associates System.map files and backups of the boot sector, as created by /sbin/lilo. Oddly enough this can be a mounted filesystem. As I've described many times, Linux doesn't require that its kernel be located on its root filesystem. The System.map file isn't needed during the boot cycle (and isn't "needed" by much of anything --- 'lsof' seems to complain if I don't have one or if it's mismatched to my kernel version but that's about it).
- dev
- contains device nodes. MUST be on root fs. (Richard Gooch has written a special devfs --- sort of like /proc for device nodes. That would allow this to be a mounted filesystem)
- etc
- contains passwd, group files, startup scripts and the mtab (which tracks all of the mounted filesystems).
- floppy
- this is stupid. It's just a mount point. I prefer to put most of my mount points under /mnt --- so I have a /mnt/cdrom, a /mnt/floppy, /mnt/a (DOS floppy), and others.
- home
- This should be either a mount point or a symlink to some directory on a mounted fs. I sometimes use -> /usr/local/home if I have a small number of filesystems to work with.
- initrd
- I'd have put this under /boot. Anyway, mine is empty. This is intended to remount any "initial RAM disk" that was used. (I might do a kernel patch to move this) When a kernel has initrd support enabled (compiled in) then a compressed image of the initrd filesystem is appended to the kernel. The kernel then automatically creates the RAM disk, decompresses and copies the image into it, and runs the /linuxrc program that it should find there. (See /usr/src/linux/Documentation/initrd.txt for details). This doesn't have to be here if you don't want/need access to the initrd after boot.
- lib
- This MUST be on /; it contains your libc.so and other shared libraries on which almost ALL programs on your system depend.
- lost+found
- This must be at the top of every filesystem. fsck will link any "lost clusters" into nodes under this directory; giving you an opportunity to fix them. Indeed, you should probably have a script that periodically checks this and warns the sysadmin any time any of these directories are non-empty.
- mnt
- This is conventionally used as a mount point or as a directory containing a list of mount points. It's where you mount "temporary" and "removable" filesystems.
- opt
- This is a place to store large "optional" packages like WordPerfect, StarOffice, etc. I usually make this a symlink to /usr/local/opt
- proc
- This is a "virtual filesystem" a representation of the system's process state as a set of file nodes. The BSD systems that implement the proc filesystem typically do so much different than Linux. Under Linux you can read much more info from /proc entries, and more of it is represented a plain text. The idea of /proc is that we can have the kernel provide a filesystem/directory abstraction of its state and we can write programs like 'ps' and 'top' to use normal UNIX file semantics to read that information. Linux is unique in that you can also modify many proc entries to changed the system state. The most common case of this is to enable kernel routing using 'echo 1 > /proc/sys/net/ipv4/ip_forward'
- root
- this is the root user's home directory. Handy if you have any scripts or data/configuration files that you want to access during boot or single-user mode when /home will not be mounted.
- sbin
- as I've noted, this should contain statically linked versions of the files that you absolutely need to fix a broken system. Linux, like Solaris and other modern versions of UNIX has gone to the dark side of practically requiring shared libraries for EVERYTHING. While shared libraries are very useful for conversing disk space and memory and offer huge performance benefits --- they are just one extra thing to break (for robustness and security). So a decent compromise is to have a subset of statically linked programs for use when everything is broken. (Having a kernel module or patch that could automatically detect and repair a corrupt /etc/ld.so.cache file would be a pretty good idea, too).
- tmp
- this can be a mounted filesystem or a symlink to a directory on one.
- usr
- this normally should be a mounted filesystem
- var
- this can be mounted or a symlink.
Of course the preceding is all must my opinion. The most authoritative commentary on what Linux filesystems should look like is the FHS --- the Linux Filesystem Hierarchy Standard (co-ordinated by Dan Quinlan), homepage http://www.pathname.com/fhs/.
Ethernet Switches vs. HubsFrom Louan Handke on Sat, 01 May 1999
What is the difference between switch hub and unswitched hubs
In a traditional hub only one system on a given network segment can be "talking" at any given time. The whole network segment is virtually a single wire. Any time two or more systems attempt to send packets at close to the same time there is a "collision." This is called CSMA/CD --- carrier sense (listen for quiet), multiple access (any card and "speak up"), with collision detection.
Whenever a collision occurs the cards involved send a short jamming signal, and then they perform a psuedo random "backoff" delay before attempting to re-broadcast. Since it is incredibly unlikely that two cards will choose the same amount of backoff delay one of them will usually "win" and get to send first. That's fine with only a couple of cards in contention. However, as utilization approaches 20% or more, the number of collisions skyrockets and the overall average throughput drags to a crawl.
The traditional answer was to segment the systems --- putting servers in close proximity to their clients (work groups), put routers between segments, and put lots of interfaces in your workgroup servers (four to eight ethernet interfaces was not unusual for big netware servers).
Etherswitches are used to alleviate some of these problems. On a 24 port etherswitch its theoretically possible for 12 pairs of systems to be concurrently exchanging data frames. This allows for much larger segments (called VLANs --- virtual local area networks).
On the downside, etherswitches are typically much more expensive than their more passive cousins. They have to contain processors, memory, and firmware. In addition their processors have to be pretty quick (usually quick RISC chips with a mess of ASICs I guess). Also there are degenerate cases. If all of your servers are located on one or two legs of an etherswitch then it won't help much. All of the clients will be waiting for that one (or those couple of) port(s) to be clear --- a classic bottleneck.
Again the solution is to have lots of smaller servers --- segment the network, and replicate the data and services so that they clients tend to use local copies of everythings. Hierarchies scale!
(Not to say that etherswitches don't have their place --- its just to say that their deployment should be based on an understanding of the situation and the benefits vs. the costs of the technology. Most vendors have little interest in your needs --- they want to sell you the shiny expensive toy).
MATCH and Replaceable Parameters in procmailFrom Nick Moffitt on Sat, 01 May 1999
So, here's one for the answer guy.
I have a mhonarc user that creates drop points for a mhonarc script to walk by every night and process. Thing is, I don't want to have to edit the mhonarc user's .procmailrc every single time. That is, let's say that I have the following:
:0: * ^Sender: owner-potato-peelers spool/potato-peelers :0: * ^Sender: owner-onion-skinners spool/onion-skinners
Is there some way that I can automate this format? e.g.: