Editor: Michael Orr
Technical Editor: Heather Stern
Senior Contributing Editor: Jim Dennis
Contributing Editors: Ben Okopnik, Dan Wilder, Don Marti
![[tm]](../gx/tm.gif)
,
http://www.linuxgazette.com/
Comments on: Play with the lovely netcatI've forwarded these comments about my Jan article in Linux Gazette: Play with the lovely netcat. Could you post it in your Mailbag? Thanks!
zw
Date: Thu, 3 Jan 2002 16:05:19 -0700 (MST)
From: Bruno Melli <bruno from fc.hp.com>
Hi zhaoway,
I was enjoying your column in the latest Linux Gazette and came upon your description of /usr/bin/yes. I'm by no mean a Unix historian, but from what I understand the yes command had a very basic purpose:
The original rm command didn't have a -f option. So if you did rm -r /some/dir (or rm * where the current dir had lots of files) and if the permissions weren't set right you ended up having to type in a bunch of 'y' because rm asked you if you wanted to overwrite the permission.
Try it:
touch /tmp/haha chmod 000 /tmp/haha rm /tmp/haha
Imagine how annoying that becomes if you tried to rm hundreds of files at once.
The solution, if you didn't have access to the rm source, (or took the basic philosophy of Unix to the extreme):
yes | rm -r
bruno.
Date: Wed, 2 Jan 2002 16:21:27 -0800
From: "Golden_Eternity"
<bhodi_jabir from yahoo.com>
In your article "Play with the Lovely Netcat: Reinvent /usr/bin/yes" you comment on the anonymity of the author of Netcat.
I could be wrong, but I'm fairly certain that the author is Hobbit of the l0pht (currently @stake). There's a Win32 version by Chris Wysopal, as well.
http://www.atstake.com/research/tools/index.html#network_utilities
LG #74 Mailbag: Desktop supportWe got two messages on this topic.
Date: Fri, 28 Dec 2001 20:23:50 +0000
Luke Worthy (lukew from linuxmail.org)
re: Winning the Battle for the Desktop
Dude - quit you're Linux laptop whining...heh - jk
and btw: try Mandrake, it has excellent PnP - they at least have a chat-style site for support, and it's all pretty good - just make sure you're winmodem is supported:
http://www.linmodems.org
That's usually the most important thing.
Luke
Date: Thu, 17 Jan 2002 02:54:19 -0800
Iron (LG Editor)
There are two major classes of desktop: home and office. The former is novices and hobbyists (who help the novices). The latter has help desks.
Linux's economics have little chance of winning over novice desktops. That's because the cost of tech support for the few is borne by everyone who buys the software. Thus, a $50 package can afford to bear a 15 minute tech support phone call, and still turn a profit.
Actually, they cannot. The retailer and distributor will take 20-50% off the top. That leaves $25. Even with low-paid support staff, a 15-minute call can't cost less than $5 unless it's a simple answer (in which case the call would have taken one minute) and all the infrastructure costs to main the help desk and its resources are externalized as overhead. If they sell one copy, they would not have enough profit to take the call, unless the company was tiny and had a tiny customer base (in which case the customer-service staff or other staff would double as tech-support staff, so they would have to be employed anyway).
If they sell a hundred copies (or whatever the number is), they can take that 15-minute call. If the person calls back, they will have lost all of their profit on those hundred copies. If another of those hundred customers also calls in, the company will lose money.
That's why unlimited free tech support has disappeared, why limited free tech support has long been in danger, and why so many companies have put their knowledge bases online and run product newsgroups. It's much cheaper to have support staff monitor a newsgroup two hours a day than to wait by the phone, in terms of the number of customers that will be helped during that time, because others with the same question (or who may have the same question in the future), will see the answer. Actually, that's how The Answer Gang works too....
There are exceptions. The author of MetaKit (http://http://www.equi4.com/metakit/index.html), a non-SQL database server, offered unlimited free technical support, although I assume it was e-mail support rather than phone support. He did it because he wanted to hear how clients were using the product and what kinds of problems they encountered: he considered that his payment because it helped him improve the product. I'm not sure whether he still offers this--the web page now points users with questions to a mailing list. But there's obviously an upper limit on the number of customers you can offer "free unlimited support" to.
Linux is complex enough that the price really needs to be higher to support all the included software.
True, although this is more a responsibility of the distributions that market to newbies than a responsibility of the Linux community as a whole.
On the other hand, Linux could do okay in the corporate desktop, where in-house helpdesks keep people away from the "free" tech support you get from the vendors. (It's not free if you're paying someone to wait on tech support.) The simpler Linux apps are easier to "fix" when errant users make mistakes, and with VNC, the service can be done remotely. Plus, overall stability pays off with fewer internal support staff.
---- John Kawakami
If the in-house help desks know Linux. Often, the only people who know Linux are the IT staff who run the servers. -- Iron
Good attitude!Regarding: LG 74, 2c Tips #26
I really like the attitude expressed by the whole answer gang, and a subtle rtfm after the question is answered is a good thing, I think. Before the answer it's a provocation, afterwards it becomes good advice. Happy New Year,
Mike List
Mountpoint permissionsUse chown, chgrp and chmod to change the owner, group and permissions on the mount point.
Err, no. The querent actually stated that he tried those; I'm willing to believe him (the same situation obtains when you mount a VFAT partition; the owner/perms of the mount point are irrelevant.) I don't have a Samba setup at hand right now, and it's been a while since I had to do one, but I'm pretty certain that Mike Martin's suggestion - setting the "uid/gid" parameters in the conffile - is the right thing to do. -- Ben
Sorry / SaludosPerdon!!
Me he confundido al pinchar el mensaje que queria responder.
Sorry, I mispelled when I picked the message to reply (This awful M$ Outllok
Express...)
By the way, I found some things on Linux Gazette very useful.
Congratulations
Usted escribe un buen español!!
Saludos
Andres Legarra Albizu
attn: Ben Okopnik et alhttp://www.linuxgazette.com/issue63/okopnik.html
That url saved my ass. Thank you so much!
Cotton
Tux' GenderWe got two messages on this topic.
Date: Wed, 02 Jan 2002 04:50:22 -0500
Rachel Rawlings (rrawlingsw from nyc.rr.com)
That might refer to Linus' original comment that penguins are happy because they have just stuffed themselves full of herring or have been hanging out with lady penguins. We only /know/ that Tux is stuffed full of herring, but we can assume Tux hangs out with lady penguins. -- Heather
Which actually doesn't get say definitively whether Tux is male. Tux
could hang out with lady penguins cf. Marlena Dietrich, or be a
high-class drag king.
However, speaking as a dyke with a largish stuffed animal collection (one of whom is a female Peter Rabbit named Katja) my Tux is male. Other users' Tuxen may vary according to the needs of the user, much like their kernel configurations.
Interesting. I wonder if Eric Raymond's enhanced kernel configurator will have a question for which sex your kernel should be built as. -- Mike
Date: Fri, 18 Jan 2002 11:26:17 +0100
patrick.op.de.beeck (patrick.op.de.beeck from belgacom.be)
But, we couldn't publish his very cute note because it was marked confidential. Sorry folks! -- Heather
More 2¢ Tips!
pseudo-chroothi,
in issue 74 there's a question from Faber Fedor asking about how to setup an environment so that a user can't wander from their home directory.
i believe the person asking the question was looking for something along the lines of a restricted shell. tell the person asking the question to look at the "-r" option to bash, smrsh, and/or do a google search for "restricted shell".
best regards,
trevor
See LILO only when you need itHello gazette,
Being a new Linux administrator, I had "hardened" down my install by implementing a "protected" and "password=<pass> entry in my /etc/lilo.conf file to keep people just as dangerous as myself out of single mode.
I also rem'd out the timeout= value so my install would always boot straight into Linux.
My question for the day was "how could I boot Linux Single if I had to? a Boot and Root set would work, but I discovered this...
After the BIOS Mem check, hold down either control key and the LILO boot "screen" is displayed! And of course, you'd need the password=<value> to use it...
Wow, Now I am scary on 2 platforms.
-- Thank you,
John R. Jones
3, if you count that he's an Oracle DBA. -- Heather
Active Directory...OpenLDAP is the Linux equivalent of Active Directory.
Regards.
John
There's been enough small-comment interest in this, it would probably be good to see an article on the subject of setting up this sort of environment the Linux way. -- Heather
CSS2? Try XML and its kin insteadOk,
If the feature is unique to CSS2 then you won't replicate it with CSS1 and cross-platform browser support for either is restrictive ...
so .... I would suggest using Xml, xsl, xslt and either DTD or xsd schema formats ...
this is more completely supported ... just a little (mabye a lot) more work ... Check out the books by Benoit Marchal ...
regards
XunDog
Linux with win2000Anybody please tell me about installation of linux with win2000. I already installed linux 7 on my pc. now i want that without format my system i install win2000 on my pc.
any body pls give me any utility. don't tell me FAQ. this is boring for me. if anybody wants help me out than pls provide me utility.
If you find reading FAQ's boring, I don't think you're going to like Linux too much.
Three recommendations:
For disk partition manipulation:
For installing and running Windows (MSW) with Linux.
3) VMWare
It would be nice to be able to avoid MSW entirely, but since my work demands it, using VMWare allows me to run it without having to reboot and leave the Linux environment.
-- John Karns
Cable Modem SetupOn January 3, 2002 I'm having a external cable modem installed. I've been looking around for some simple suggestions on what needs to be done, confuguration wise, to my Linux machine. Can you help? Naturally, the normal statement has been made - "We don't support Linux". The Linux machine that it's being connected to has a second NIC installed and I've accessed the machine via the second NIC to that's all set up. Where do I go from there?
We can't know the next step until you have the instructions for how to connect using the cable modem. If you are using Debian GNU/Linux, a simple way to prepare for running a masquerading gateway is to install the ipmasq package, but we don't know if you need PPPOE, DHCP, or some special login methods. A useful resource may be http://www.cablemodeminfo.com/LinuxCableModem.html
Good luck! -- Yann
The extra Ethernet card should be all you need. Beyond that, just follow the Windows dialogs in the manual and see whether it's dhcp or a static IP, which nameservers to put in /etc/resolv.conf, etc.
Yann is right about setting up masquerading if you have a local network. I don't think of that as "setting up a cable modem" though. That's another step, connecting a local network to the Internet.
Be glad you have an external modem. It would be much harder to set up if it were internal, because it would probably require some proprietary DLL that isn't available for Linux. -- Mike
read a timestamp... the EASY wayI was looking for a solution to extract the timestamp of a file with plain shell methods.
... (Lots of all-too-complicated suggestions followed)
What's wrong with
date -r file
Which only goes to show that we really need a friendly way to query the vast obscurity which is Unix documentation... sigh.
<Joe
<laugh> Bravo! Well done, sir!
This illustrates the point that I often make to folks just learning Unix: the tools are in there, somewhere. It's finding them that's the problem. -- Ben
......... the original querent replies .........
Indeed.
Especially when some of your man pages are out of date. In my case,
date --help
would have given the solution, while
man date
just keeps this secret. Sob.
-- Regards, Fakir
How to manually label a tape in linuxI manually backup my linux server every day for that i need to put a label on my tape according to the date, I backup my server. Does anyone know how to manually label a tape in linux is there any command for doing that.
Please help
Thanks in Advance
Franco.F
Well, my approach to this is to create a directory called /tmp/TIMESTAMP, and, just before you make a backup, clear out all the files, then use
touch /tmp/TIMESTAMP/`date +%Y%m%d-%a%H%M%S`
This wlil give you a label for the backup which you can read without having to actually load any data.
Cheers, jra
Problem faced while using script to backupI have created a automated script to backup my server for that i want my log file to display the date it backsup my server every day. My script has this line ,
echo " BACKUP OF fileserver STARTED " >> /var/log/bkuplogs/fileserver/mainlog
Is there any parameter which has to be put like %m %h %d. Any kind of help will be highly appreciated
Try
echo " BACKUP OF fileserver STARTED $(date +'%c') " >> whatever
See
man date
for other format strings. -- Dan Wilder
Posters for [LG 72] help wanted #7Brian Keyse (bkeyse2 from yahoo.com)
I feel I must recommend O'Reilly's "Anatomy of a Linux System" poster. It is a large, colourful poster giving a rough overview of how things fit together and recommending (O'Reilly, of course) books.
Their address is http://www.ora.com but I didn't find the poster in their product list; it is probably promotional material which you'll have to ask them for. -- Yann
It's available as a PDF file:
ftp://ftp.oreilly.com/pub/poster/oreilly_linux_poster.pdf
-- Brian Koyse
I saw some sort of a thing like that for Linux. Is it 3 or 4 feet in diameter and it shows the ring structure of the operating system? You know..., the kernel in the middle, with the applications at the outer ring? If that's the thing, it's kinda cool. I think that I am gonna get one of those. -- Chris G.
Hmmm. The one I saw was just of the Linux kernel sources. Core memory management and scheduler in the center and VFS and core networking support forming a second tier, with filesystems and specific device drivers on the periphery. That one was a sort of a fractal star or "peacock." -- JimD
I'll have to look at the chart when I go back to work next week. There's a book entitled "The Design of the Unix Operating System" by Maurice Bach. The poster that I saw, for Linux, looks like the structure on the cover of that book.
Regards, Chris G.
The Answer Gang
How does one examine a core file
Greetings from Heather Stern... you stand there waiting for Heather to look up from her keyboard...
Oh! Hi everybody! It's certainly been an active month here with The Answer Gang. We had almost 700 slices of Gazette related mail come past my inbox. The longest thread (not pubbed this month, look forward to it next time) was over 50 messages long. Less than 20 people got no answer whatsoever (not counting the occasional spammer) and the top reason for not getting a post answered, appeared to be simply a lack of interest in that message. Crazy attachments are down a LOT since our sysadmin improved the filters. Ben did a bit more cleanup on the TAG FAQ and Knowledgebase and we have a new posting guidelines page which I hope you find easy to read.
In the land of Linux I'm pleased to note that the 2.4 series kernel is resembling stable since 2.4.17 is over a month old now. A lot of work is being done in 2.5.
Flu struck my area and melted my mind back down to a mere single CPU when I'm used to being an SMP system. Bleh! And before you ask ... yes, I'm feeling better. Lots of liquids, chicken soup, all that.
It appears as though Ghostscript is my evil nemesis of the month. I haven't had time to finish compiling support for that new color printer of mine. In a moment of foolishness I upgraded my Dad-in-law's box and the next few days were completely nuts since kword and gs refused to agree on what fonts to print, or even to get the metrics right so margins would work. They're happy again since I forced ghostscript to uninstall completely and then reinstall. And we still wonder what the heck happened to gnucash in Debian/Woody, though I admit, I haven't looked very hard.
Cheerfully for my mortgage I've had a lot of consulting work this month. Between 600 plus messages and all that, though, there wasn't time for me to fit the usual ten pack (this blurb and nine of the juiciest TAG threads) in under a tighter than usual deadline. Mike will be enjoying a Python conference much of this next month. I hope it counts for a well deserved vacation on his part.
I've not left you completely wanting, though. Here's a few days in the life of The Answer Gang, troubleshooting one of those day to day things that drives everybody nuts once in a while -- segfaults.
Core files are a mess. Good thing we have a dustbin around here.
How does one examine a core fileFrom Faber Fedor
Answered By Jim Dennis, Dan Wilder, John Karns,
with side comments from Ben Okopnik and Heather Stern
I've got a problem with a RH7.1 machine and no error messages to look at, so I'm wondering how does one debug a problem like this?
Moved a machine from NY to NJ yesterdy. When I left it last night, everything was running, esp. Apache. This morning, normal maintanence occurred at 4:02 AM, and when the system (syslog?) went to restart httpd, the restart failed. It's been failing ever since too!
The only http related message in /var/log/messages is
Dec 22 12:27:13 www httpd: httpd startup failed
Access and error logs for httpd are empty.
Running /usr/sbin/httpd (with and without command line parms) generates the message
Segmentation fault (core dumped)
and the requisite core file:
core: ELF 32-bit LSB core file of 'httpd' (signal 11), Intel 80386, version 1, from 'httpd'
File size and date of /usr/sbin/httpd matches my local copy.
Any ideas where to look next?
-- Regards, FaberJim Dennis pontificates about troubleshooting apache's startup... -- Heather
[JimD] First, I would run /etc/init.d/httpd or /etc/init.d/apache, or whatever it is on your system. Run it with the "start" option.
(Actually I'd read the /etc/init.d/ start script for that service, and probably I'd manually go through it to figure out what I needed to do in order to run this particular installation of Apache correctly).
Did that. That's what I meant by "it crashed at the command line with
and wothout parameters.
#!/bin/bash exec strace -f -o /tmp/apache/strace.out /usr/sbin/httpd.real "$@"
This definitely goes into my bag of tricks (once I
decode it
)
I'd look through the strace.out file for clues. Don't leave this running in this fashion for too long. The strace.out files will get huge very quickly; and your performance should suffer a bit.
Considering that it used to work, you did a shutdown, moved the system, brought it back up, and then, presumably, CONFIGURED IT FOR A NEW NETWORK, I'd look very carefully at network masks, routes and related settings.
Very close! The problem turned out to be that the name server the box
was using is no longer accessible (the box is there, but dig returns "no
name servers were found") and there were no backup name servers in
/etc/resolv.conf (mea culpa).
I wouldn't have expected apache to segfault under those conditions, but it did.
[Faber]
I just got my hands on it earlier this week so I'm still evaluating it.
[Faber]
Normally, that's what I do, but we needed to upgrade to PHP4 ASAP and it
was alot easier to upgrade the whole system to 7.1 (from 6.2).
thanks again!
Regards,
Faber
... while Dan took a different approach, considering the core file itself. -- Heather
apachectl configtest
No doubt there's nothing there. But if there is, you are not apt to find it by examining core files, etc.
If you're an expert C developer
[Faber]
At one point in my life, I might have said that, but then only to
impress women like Heather.
That's ok, I fixed it. That's what editors are for, at least sometimes. I'm more impressed by how people solve problems than by whether they're an expert in everything around them. It's nice if they can solve my problems, though. -- Heather
[Faber]
IOW, no, I don't want to do that.
I've spent many a happy and well-paid hour trying, sometimes without success, to track backwards from fault to error. And when you find the error, you may still a long and winding road back to the defect which caused the error.
Defect ---------> Error -------------> Fault
(Improper (Something bad (Result becomes
code construct) happens) observable as
unexpected result)
Unless you're an expert C developer, and patient and lucky as well, it's more likely you'll find the problem by a process of elimination.
1) What's changed recently? New application? Change in httpd.conf? New module installed? Try backing out any recent changes, one by one. Restart apache after each thing you back out.
2) Is it possible there's filesystem corruption? Corrupted binaries often fail to run well. Take the machine down and run
fsck -f
on all filesystems. If you find anything amiss, determine what files were affected.
3) Reinstall apache just in case, anyway.
4) Could the machine have other hardware problems? If you have the kernel development packages installed, build the kernel eight or ten times. If you get "died with signal 11" or other abnormal termination, proceed with hardware troubleshooting procedures.
5) Figure out what area of apache is affected. Save your httpd.conf and start with a default one. Will apache start? If so, re-introduce features from the running copy of httpd.conf a few at a time until apache begins dying at startup.
Let us know how you do. Depending on where you find trouble, the gang can offer further advice. -- Dan Wilder
Jim has quite a bit to say about using strace -- Heather
#!/bin/bash exec strace -f -o /tmp/apache/strace.out /usr/sbin/httpd.real "$@"
The distinction between exec()'ing a command and invoking it in the normal way is pretty important. Normal command invocation from a UNIX shell involves a fork() (creating a clone process which is a subshell) and then an exec*() by that shell to transform that subprocess into one which is running the target command.
Meanwhile the parent shell process normally does a wait*() on the child. In other words, it sits there, blocked until the child exits, or until a signal is received.
When we use the shell exec command, it prevents the fork() (there's no creation of a subprocess). The "text" (executable binary code) of the process that was running a copy of your shell (/bin/bash in our case) is overwritten by the "text" of the new program; all of the heap and stack segments (memory blocks) of the old process are freed and/or clear) and the only traces of the old memory image that remain available are the contents of the process' environment. In other words, the exec command is a wrapper around the one of the exec*() system calls (there are several different versions of the exec*() system call which differ in the format of their arguments, and the preservation/inheritance versus creation of environments).
Actually I think that Linux kernel implements execve() as a wrapper around its clone() system call, and that libc/glibc provides the handling for all of the variations on that. The three "variables" on these exec variations are:
- format of the command argument list:
- (which is either done through C varargs --- like printf() and friends, or is a pointer to an array of NUL terminated strings), (execv* vs. execl*)
- environment handling:
- whether the process keeps its current environment or overwrites it. The execle() and execve() versions have an extra parameter pointing at an NUL terminated of NUL terminated strings.
- path searching:
- The first argument of the execvp() and execlp() functions can be a simple command basename --- while all other variations require a qualified path. The "p" versions will search the PATH as a shell would.
It appears that you can either search the PATH or create a new environment, but not both. Of course you can use a simple execl() or execv() to do neither. Of course you can read the man exec(3) manual pages in the library functions section of your online docs to read even more details about this.
When I'm teaching shell scripting I spend a considerable amount of time clarifying this worm's eye view of how UNIX and the shell handles fork()s and exec*()s. I draw diagrams representing the memory space and environment of a process, and another of a child process (connected by dotted lines labeled "fork()"). The I crosshatch most of the memory space --- leaving the environment section, and label that exec*().
When I do this, people understand how the environment really works. The "export" shell command moves a shell variable and its value from the local heap "out" to the environment region of memory. Once they really understand that, then they won't get too confused when a child process sets a shell variable, exports, and then their original process can't see the new value. ("export" is more of a memory management operator than an inter-process communications mechanism; at best it is a one-way IPC, copying from parent to children children).
After than I generally have to explain about some implicit forms of sub-process creation (forking) that most people miss. In particular I remind them that pipes are an *inter-process* communications channel. So, any time you see or use a | operator in the shell, you are implicitly creating sub process. That's why a command like:
unset bar; echo foo | read bar; echo $bar
while read bar; do echo $bar; done < fileloop. This nails down the other end. Very cool.(Scribbling notes in newly acquired Palm Pilot)
The "$@" ensures that the arguments that were passed to us wil be preserved in count and contents. If we used "$*" we'd be passing a single argument to our command. That single argument would contain the text of all of the orginal arguments, concatenated as one string, separated by spaces (or by the first character from IFS if you believe the docs). If we used $* (no soft quotes) we'd be having the current shell resplit the number of arguments --- they'd have the same contents, but any arguments that had previously had embedded spaces (or other IFS characters) would be separated accordingly.
The "$@" handling is the most subtle part of this script. An unquoted $@ would be be the same as an unquoted $* (as far as I can tell). It is just the "$@" that gets the special handling. ($* and "$*" aren't special cases, they are expanded and split in the normal way; "$@" is expanded and sort of "internally requoted" to preserve the $# --- argument count).
If you were going to need to do this frequently we might write a "strace.wrapper.sh" shell script which would work a bit like this:
#!/bin/bash OLDMASK=$(umask) umask 077 TMPDIR=/tmp/$(basename $1)$$ mkdir "$TMPDIR" || exit 1 ## make a temporary directory or die umask $OLDMASK TARGETCMD="$1" shift exec strace -f -o "$TMPDIR/strace.out" "$TARGETCMD" "$@"
In this example we call strace.wrapper.sh with an extra argument, the name of he command to be "wrapped." We then fuss a little with umask (to insure that our process' output will have some privacy from prying eyes, and doing an atomic "make a private dir or die trying" (This is the safest temp file handling that can be managed from sh, as far as I know).
Then we restore our umask, (so we don't create a Heisenbug by challenging one of our target command's hidden assumptions about the permissions of files it creates). We than grab our target command, shift it off our argument list (which does NOT disturb the quoting of the remaining arguments) and call our strace command as before --- with variables interpolated as necessary.
Mind you I don't use this script. I don't bother since I can do it about as easily by hand. Also this script wouldn't be the best choice for CGI, inetd launched, or similar cases. In those cases we're better renaming the original binary.
Of course we were all happy when Faber found what it was! We encouraged him to send in his bug report -- Heather
I wouldn't have expected apache to segfault under those conditions, but it did.
Well, as I told Jim, the fact that it couldn't find a name server
caused it to segfault. Weird; you would have thought it would have
exited wih a message at least.
...and of course we congratulated him on his success, with some extra thoughts on general troubleshooting. -- Heather
That's what I call the "natural history approach". Examine carefully the behavior and habitat of the creature in question, and think carefully about what you've observed.
I've probably fixed a lot more bugs in my life by the natural history method, than I have by the method of examining core files, or for that matter running under a debugger or emulator.
Strace, mentioned separately in this thread, is a little harder to classify. A program that attaches itself to a running process and dumps out information about system calls, it affords a level of information about a program that may sometimes come close to what you'd see using a debugger.
Mostly it doesn't, but sometimes it provides that key observation not available by other means which allows us to finally come to grips with a bug. I'd group it with natural history tools, perhaps as an analog to a radio collar. You know where the animal's been, but maybe not why, or what it did there. -- Dan Wilder
|
Contents: |
Submitters, send your News Bytes items in PLAIN TEXT format. Other formats may be rejected without reading. You have been warned! A one- or two-paragraph summary plus URL gets you a better announcement than an entire press release.
February 2002 Linux Journal
![[issue 94 cover image]](misc/bytes/lj-cover94.png)
The February issue of Linux
Journal is on newsstands now.
This issue focuses on Small Office/Home Office (SOHO). Click
here
to view the table of contents, or
here
to subscribe.
All articles through October 2001 are available for
public reading at
http://www.linuxjournal.com/magazine.php.
Recent articles are available on-line for subscribers only at
http://interactive.linuxjournal.com/.
Jon Johansen Indicted by Norwegian Authorities
Regarding DeCSS
It appears that the case against Jon is unusual in that he is being charged under laws which are generally applied in cases involving breaking into computers and theft of electronic records or company files. Pressure from the MPAA and the US entertainment industry appears to have encouraged the Norwegian authorities to try this experimental attempt to secure a conviction.
The Electronic Frontier Foundation have extensive resources on this case. Particularly interesting are some legal arguments as to why no offence has been committed under Norwegian law and transcripts including Jon Johansen's testimony at the 2600 Magazine trial in New York under the DMCA (July 20, 2000).
A mailing list has also been set up to discuss issues concerning the case, including how to support Jon and how to protest against the indictment.
The sorry truth is that cases like this are likely to become more common in the future. Governments internationally are harmonising their intellectual property laws through measures such as the WIPO copyright treaty which will come into force in March (having recently secured its 30th signatory). The result will be that all countries might eventually enact legislation akin to the DMCA to protect the media multinationals' intellectual property and access-control technologies. Countries attempting to resist this trend will not be well received. Slashdot reported recently that Ukraine is subject to US trade sanctions for not using an "optical media licensing regime" for blank CDs and CD recorders. The best way to resist at an individual level is to make your voice heard and start lobbying and writing letters. Your local LUG could form a focus for this activity.
Support From Washington
Another elected representative who seems to understand a thing or two is Rep. Darrell Issa, a member of the US House of Representatives' Judiciary Committee. Speaking to Linux Journal's Don Marti, he indicated that the SSSCA was "dead on arrival". Though this is encouraging, it might be foolish to get too relaxed until the grave is actually occupied. Don comments that Issa also seemed well informed on other issues in this area (DMCA, etc.,).
Perhaps when campaigning on issues of concern, it would be wise to be alert to good as well as bad news. Elected representatives careers are based on achieving public support and they can be very sensitive to public opinion. It could not hurt to mail guys like Boucher and Issa to tell them if you like what they are doing.
UCITA
LWN reported that UCITA is back again. The main issue for the free software community would be that the UCITA, if it came into US law in its current form, would prohibit the distribution of software to consumers without warranty. This would mean that by distributing a free software utility, you could be held responsible by consumers for any flaws in the product (even though you have disclaimed all warranties, etc.,). This story was also reported by TheRegister, who linked to this article by Richard Stallman on "Why We Must Fight UCITA".
Legislative Links
Indianapolis' attempt to keep minors from playing violent video games in public arcades was ruled unconstitutional, at a cost of $318,000 to taxpayers.
NY Times review of the year in tech law, which makes a nice lead in to their preview of what might be to come. Both articles feature the input of various experts from the field, and both require registration.
Essay on cryptome.org by Mike Godwin on digital rights management and the battle between computer companies and entertainment companies. (Courtesy Crypto-Gram)
Jun Jungho mailed to announce a LG Korean translation site at http://www.whiterabbitpress.com/lg/. He and fellow volunteers have tested this site for 5 months, and would now like to inform others. "I wish that this site gives more fun & infomation to Korean Linuxers."
ASCII: American Standard Code for Information Infiltration by Tom Jennings. A very interesting, and in-depth article. Covers history of ASCII, and its various developments over almost half a century.
Courtesy crypto-gram is a link to a review [pdf] of the year in vulnerabilities. This contains a list of all the operating systems and applications with vulnerabilities.
Newsforge has a story on one person's experiences with Gentoo Linux , a distribution that requires the user to start the installation by compiling new compilers. In a similar vein, DistroWatch have a review of Sorcerer GNU Linux, which again compiles much of the system from source during install.
ZDnet asks `is Linux ready for the desktop?' While Cio.com tell us how to run a Microsoft-free shop.
Linux Journal have looked back over the problems exposed in SSH during the past year, and the solutions which have resulted.
Some links and stories that appeared on SlashDot over the past month:
Linux Today have featured the following links which you may be interested to follow:
TheRegister's Thomas Greene reported on getting superior benchmarks for Quake-3 FPS on Linux as opposed to Windows. Hardly a scientific test, but nice to see none the less.
From the O'Reilly stable of websites, the following may interest you:
Scientific American article on really bad patents. If you find those interesting, you might like to look at IBM's new patent for a toilet reservation system highlighted by Hartmut Pilch on the patents mailing list at aful.org.
What to do after a computer break-in.
Some Linux Weekly News highlights:
Two IBM whitepapers (here and here) on security issues relating to "Linux in Enterprise Systems" (and we are not talking about Klingons off the starboard bow). Both pdf's, and quite large. IBM appears to be strengthening their support for Linux. Slashdot reported that IBM's new $400,000 Z-series mainframe will not be sold with z/OS, but rather with Linux.
Listings courtesy Linux Journal. See LJ's Events page for the latest goings-on.
|
LinuxWorld Conference & Expo (IDG) | January 30 - February 1, 2002 New York, NY http://www.linuxworldexpo.com/ |
|
The Tenth Annual Python Conference ("Python10") | February 4-7, 2002 Alexandria, Virginia http://www.python10.com/ |
|
Australian Linux Conference | February 6-9, 2002 Brisbane, Australia http://www.linux.org.au/conf/ |
|
Internet Appliance Workshop | February 19-21, 2002 San Jose, CA http://www.netapplianceconf.com/ |
|
Internet World Wireless East (Penton) | February 20-22, 2002 New York, NY http://www.internetworld.com/events/weast2002/ |
|
Intel Developer Forum (Key3Media) | February 25-28, 2002 San Francisco, CA http://www.intel94.com/idf/index2.asp |
|
COMDEX (Key3Media) | March 5-7, 2002 Chicago, IL http://www.key3media.com/comdex/chicago2002/ |
|
BioIT World Conference & Expo (IDG) | March 12-14, 2002 Boston, MA http://www.bioitworld.com/ |
|
Embedded Systems Conference (CMP) | March 12-16, 2002 San Francisco, CA http://www.esconline.com/sf/ |
|
CeBIT (Hannover Fairs) | March 14-22, 2002 Hannover, Germany http://www.cebit.de/ |
|
COMDEX (Key3Media) | March 19-21, 2002 Vancouver, BC http://www.key3media.com/comdex/vancouver2002/ |
|
FOSE | March 19-21, 2002 Washington, DC http://www.fose.com/ |
|
Game Developers Conference (CMP) | March 19-23, 2002 San Jose, CA http://www.gdconf.com/ |
|
LinuxWorld Conference & Expo Singapore (IDG) | March 20-22, 2002 Singapore http://www.idgexpoasia.com/ |
|
Software Solutions / eBusiness World | March 26-27, 2002 Toronto, Canada http://www.softmatch.com/soln20.htm#ssebw |
|
SANS 2002 (SANS Institute) | April 7-9, 2002 Orlando, FL http://www.sans.org/newlook/home.htm |
|
LinuxWorld Conference & Expo Malaysia (IDG) | April 9-11, 2002 Malaysia http://www.idgexpoasia.com/ |
|
LinuxWorld Conference & Expo Dublin (IDG) | April 9-11, 2002 Dublin, Ireland |
|
Internet World Spring (Penton) | April 22-24, 2002 Los Angeles, CA http://www.internetworld.com/events/spring2002/ |
|
O'Reilly Emerging Technology Conference (O'Reilly) | April 22-25, 2002 Santa Clara, CA http://conferences.oreillynet.com/etcon2002/ |
|
Software Development Conference & Expo, West (CMP) | April 22-26, 2002 San Jose, CA http://www.sdexpo.com/ |
|
Networld + Interop (Key3Media) | May 7-9, 2002 Las Vegas, NV http://www.key3media.com/ |
|
Strictly e-Business Solutions Expo (Cygnus Expositions) | May 8-9, 2002 Minneapolis, MN http://www.strictlyebusiness.net/strictlyebusiness/index.po? |
|
Embedded Systems Conference (CMP) | June 3-6, 2002 Chicago, IL http://www.esconline.com/chicago/ |
|
USENIX Annual (USENIX) | June 9-14, 2002 Monterey, CA http://www.usenix.org/events/usenix02/ |
|
PC Expo (CMP) | June 25-27, 2002 New York, NY http://www.techxny.com/ |
|
O'Reilly Open Source Convention (O'Reilly) | July 22-26, 2002 San Diego, CA http://conferences.oreilly.com/ |
|
USENIX Securty Symposium (USENIX) | August 5-9, 2002 San Francisco, CA http://www.usenix.org/events/sec02/ |
|
LinuxWorld Conference & Expo (IDG) | August 12-15, 2002 San Francisco, CA http://www.linuxworldexpo.com |
|
LinuxWorld Conference & Expo Australia (IDG) | August 14 - 16, 2002 Australia http://www.idgexpoasia.com/ |
|
Communications Design Conference (CMP) | September 23-26, 2002 San Jose, California http://www.commdesignconference.com/ |
|
Software Development Conference & Expo, East (CMP) | November 18-22, 2002 Boston, MA http://www.sdexpo.com/ |
Euro Support
Long-term, the best solution may be a move towards Unicode. This is particularly the case when interoperability with Windows systems is required.
Athlon/Duron and Linux Bug
Linux Adoption
TheRegister.co.uk recently reported that Korea is to convert 120K civil servants to Linux desktop use. This appears to be as much a fightback by local favourite Haansoft (producers of Hancom Linux, and HancomOffice) as a victory for Linux, but it is still good news.
In a separate development, NewsForge reports that Red Hat India is helping to introduce GNU/Linux as part of a scheme to meet the software needs of the Indian education system. The program will include not only software, but also free training to help get the scheme off the ground.
Spinning the globe again, this time to China, we see more penguins on the march. Linux Today have a report that Linux is making an impression on many in China. Apparently the Chinese Academy of Sciences have published a report highlighting the savings which could be achieved by using Linux as an alternative to Microsoft solutions. This follows a Gartner report that Microsoft recently lost out on a major IT investment in China, while indigenous firms including Red Flag Linux were favoured.
Penguin Art
A new issue of TUX (Terminator Unit X) online comic is now available at: http://www.thelinuxreview.com/TUX/. the reports of TUX's death have been greatly exaggerated.
Also in the artistic vein, IBM have updated their Linux Cartoons page. Flash or Real Player required.
Linux Trojan Found
DOSSIER, Documentation Source
DOSSIER is a convenient new way to get printed documentation for Free and Open Source software. Current topics include "Email", "File Systems", "Kernel", PostgreSQL", "Python", and "Text". The demand-printed volumes may be ordered from BSDMall. The motivation and rationale for DOSSIER are covered in " DOSSIER and the Meta Project (Part 1)", in Daemon News.
BrlSpeak
Author: Osvaldo La Rosa, freely distributable, UMSDOS mini-distribution, size: 36MB, available as: zip or iso, website: en, fr, nl. Any contributions welcome!
Debian
It is a good idea to keep an eye on http://security.debian.org/ or to subscribe to the debian security announce mailing list. There have been quite a few security announcements in the past month.
Debian Weekly News reported that new "Debian on CD" Web Pages have been launched. These replace the old pages on cdimage.debian.org, which "were often criticised by visitors of the website". The new pages feature improved documentation, direct download links for images, a CD vendor list Apart from an extended FAQ, the new pages offer direct download links for CD images, a list of CD vendors, artwork, and info on jigdo, the new distribution scheme for downloading CD images from any normal Debian mirror.
Linux Today highlighted a report on the size of Debian 2.2, which includes more than 55,000,000 physical SLOC: The COCOMO model estimates that its cost would be close to $1.9 billion USD to develop Debian 2.2.
Also highlighted by Linux Today was this bugreport, which comments on vulnerability notification and the Debian Social Contract. "Over the past few months, the GNU/Linux community has slowly adopted a way of dealing with security issues which closely resembles the approach suggested by Microsoft last year: more-or-less systematic hiding of security problems from end users, at least for some time. Some Debian maintainers seem to participate in this process, and hold back security fixes, waiting for events to happen which are external and not related to the Debian project (for example, other distributors being ready to publish fixes)."
Mandrake
Linux Planet have started a 'Month Later' addition to their Distribution Watch section. The first distro to receive this second look is Mandrake 8.1. The review discusses the process of getting settled in and smoothing out the routine bumps and curves of this distribution.
Red Hat
GUI Based DSSSL/XSLT DocBook Tool Released
Command Prompt is pleased to announce the release of DocPro 0.2.0. DocPro is a tool for professional technical authors whom maintain a large amount of SGML/XML based documentation. DocPro will take any DocBook document and transform it into a user defined format (Postscript, HTML etc...).
DocPro will correctly transform multiple documents, to multiple output formats. It includes the capability to arbitrarily set font sizes, margins, callout definitions etc... via a GUI interface.
DocPro currently runs on x86 Linux only, though there will be a release for YellowDog Linux (PPC) and MacOS X shortly. The Deluxe version of DocPro comes with the popular DocParse tools for converting HTML to DocBook.
Adobe GoLive 6 Integrates Zend PHP Debugger
Adobe Systems will include Zend's PHP Debugger in its new release of GoLive 6, its flagship product for Web site development. This will give GoLive developers integrated access to advanced PHP debugging for their toughest applications and dynamic Web sites using scripting languages.
CxProtect
CxProtect is an AntiVirus Solution for Linux Mail Servers. It is a binary based solution that using the Command AntiVirus API. The software offers detection and disinfection of attachments being transported via the Linux Mail Server. The only change required to the existing Sendmail.cf is to register CxProject as the MDA. Post-install configuration is done via a web browser interface.
Download available at http://www.calibretechnologies.com/downloads/CxProtect.tar.gz
Mahogany 0.64 Released
A new release of Mahogany, has been made. Mahogany is an OpenSource cross-platform mail and news client, available for X11/Unix and MS Windows platforms. It supports many of the internet protocols and standards, including POP3, IMAP4, SMTP and NNTP. Mahogany also supports MIME and many common Unix mailbox formats.
Source and binaries for a of Linux and Unix systems as well as binaries for Win32 are now available.
A recent article "Internet Printing - Another Way" described a printing protocol which can be used with some Brother printers. It enables users of Windows machines to send a multi-part base-64 encoded print file via email directly to a Brother print server.
The article went on to show how the functionality of the Brother print server can be implemented in simple Perl program which periodically polls a POP3 server to check for jobs whose parts have all arrived. When such a job is detected, its parts are downloaded in sequence and decoded for printing.
A subsequent article "A Linux Client for the Brother Internet Print Protocol" showed a simple client program which can be used on Linux workstations for sending print jobs to a Brother print server. That program was implemented as a shell script which split an incoming stream into parts and placed them in a scratch directory for subsequent encoding and transmission.
I have since developed a Perl client program which processes the incoming stream on-the-fly and requires no temporary storage. This is, of course, a much neater way to do things. The down-side is that there is no way of ascertaining the total part-count until the last part is being processed. A slight modification to the server program was therefore required to accomodate an empty "total-parts" field on all except the final part.
The whole arrangement as outlined above has been in use at my place for several months, and has saved us a whole lot of time and trouble. However, as pointed out by one reviewer, what we really have here is a security hole big enough to drive a truck through! Anybody in the whole wide world can send celebrity pictures to your color printer, and there's not a lot you can do about it.
Somebody else asked why we go to the trouble of splitting a large job into parts without first trying to compress it. And indeed there are a great number of jobs whose size can be significantly reduced through compression.
Then there were the Windows (and other) users, who thought that everything should be written in Perl for portability. And the Standards Nazis, who thought that the job parts should be sent as 'message/partial' entities in accordance with RFC 2046.
Of all the issues outlined above, the most serious is indubitably that of client authentication. And the solution is blindingly obvious; why not use one of the Public Key Encryption mechanisms now available? What we need here is for the sender to digitally sign the entire message using his private key. Upon receipt at the server, the message can then be authenticated by application of the sender's public key. There's no need for any secret key-entry rites at the server, so the whole server operation can be automated.
A message signed in this fashion can be signed in 'clear' form; the message itself is then sent as is, with a digital signature appended to its end. If you elect not to use 'clear' signing, the message will (if usual defaults are accepted) actually be compressed and the signature will be incorporated therein. This comes pretty close to what we need!
There is a set of Perl modules (Crypt::OpenPGP) which can perform the necessary signature and verification procedures, so we can actually write the entire client and server programs in a portable form. I had some difficulty with installing these, since they require that a number of other modules be installed, and they require the 'PARI-GP' mathematics package. I elected instead to use pgp-2.6.3ia; GnuPG-v1.0.6 will also work with the programs in this article.
There are a couple of Perl modules (Crypt::PGPSimple and PGP::Sign) which can be used to call pgp-2.6.3ia and its equivalent executables, but each of them creates temporary files, and that's something I try to avoid where possible.
RFC 3156 ("MIME Security with OpenPGP") describes how the OpenPGP Message Format can be used to provide privacy and authentication using MIME security content types. In particular, it decrees that after signing our message by encrypting it with our private key, we should send it as a 'multipart/encrypted' message. The first part should contain an 'application/pgp-encrypted' message showing a version number in plain-text form; the second part should contain our actual PGP message.
This is a bit over-the-top, but the overhead is small, and the whole deal is easily done using the Perl MIME::Lite module, as shown in the 'SEPclientPGP.pl' program hereunder.
So how do we send a long message which needs to be broken into parts for passage through intermediate mail servers? RFC 3156 tells us we should use the MIME message/partial mechanism (RFC 2046) instead! I think what they actually mean is "as well". So our output from 'SEPclientPGP.pl' is actually fed into the 'SplitSend.pl' program (also hereunder) which extracts the message "To:" and "Subject:" lines and replicates them into each sequentially numbered 'message/partial' component that it generates.
Here's the client program. It's pretty much self-explanatory. A pipe to the 'SplitSend.pl' program is opened for output. If the passphrase is supplied on the command-line (dangerous, but sometimes necessary!), it is planted in an environment variable.
The multipart MIME message as previously described is then constructed, taking its second body part from a pipe fed by the PGP executable. If the executable doesn't find a suitable passphase in the appropriate environment variable, it requests it in a terminal window.
#!/usr/local/bin/perl -w
# @(#) SEPclientPGP.pl Secure Email Print client program. Ref: RFC 3156.
# Takes incoming stream and generates PGP-signed message
# which is piped to split-and-send program for email
# transmission to server. Requires 'pgp' program.
# Graham Jenkins, IBM GSA, Dec. 2001. [Rev'd 2001-12-30]
use strict;
use File::Basename;
use MIME::Lite;
use IO::File;
use Env qw(PGPPASS);
die "Usage: ".basename($0)." kb-per-part destination [passphrase]\n".
" e.g.: ".basename($0)." 16 lp3\@pserv.acme.com \"A secret\" < report.ps\n".
" Part-size must be >= 1\n"
if ( ($#ARGV < 1) or ($#ARGV > 2) or ($ARGV[0] < 1) );
my $fh = new IO::File "| /usr/local/bin/SplitSend.pl $ARGV[0]";
if( defined($ARGV[2]) ) {$PGPPASS=$ARGV[2]}
if( ! defined ($PGPPASS)) {$PGPPASS=""} # Plant passphrase in environment and
my $msg = MIME::Lite->new( # create signed message.
To => $ARGV[1],
Subject => 'Secure Email Print Job # '.time,
Type => 'multipart/encrypted');
$msg->attr ( "content-type.protocol" => "pgp-encrypted");
$msg->attach( Type => 'application/pgp-encrypted',
Encoding=> 'binary',
Data => "Version: 1\n");
$msg->attach( Type => 'application/octet-stream',
Encoding=> 'binary',
Path => "/usr/local/bin/pgp -fas - |");
$msg->print($fh); # Pipe the signed message into a
__END__ # split-and-send program.
Here's the split-and-send program. The main loop at the end works just as described above - extract the destination and subject fields, accumulate lines until we are about to exceed the message-size limit supplied as a parameter, then feed what we have to an output routine.
The output routine needs to re-insert the destination and subject fields, and also insert a message-identifier, part-number and total-part-count. The total-part-count is only required on the final part. All fairly easy - except we don't know whether the current part is the final part until we look for the next part. So we get around this by using a double-buffer arrangement, where we don't actually output a buffer's contents until we have the next buffer.
Using MIME::Simple in this program is really overkill; however, what it does accomplish is that it tries to find an appropriate mailer program on whatever platform it executes.
#!/usr/local/bin/perl -w
# @(#) SplitSend.pl Splits and sends an email message (Ref: RFC 1521, 2046).
# Graham Jenkins, IBM GSA, December 2001.
use strict;
use File::Basename;
use MIME::Lite;
use Net::Domain;
my ($Id,$j,$Dest,$Subj,$part,$InpBuf,$OutBuf,$Number,$Total);
die "Usage: ".basename($0)." kb-per-part\n".
" Part-size must be >= 1\n" if ( ($#ARGV != 0) or ($ARGV[0] < 1) );
$Id=(getlogin."\@".Net::Domain::hostfqdn().time) or $Id="unknown_user".time;
$Number = 0; $Total = ""; $OutBuf=""; $InpBuf=""; print STDERR "\n";
sub do_output { # Output subroutine.
die basename($0)." .. destination undefined!\n" if ! defined($Dest);
$Subj = "" if ! defined($Subj);
if ($OutBuf ne "") { # If output buffer contains data,
$Number++; # increment Number, and check whether
$Total=$Number if $InpBuf eq ""; # it is the last buffer.
print STDERR "Sending part: ", $Number,"/",$Total,"\n";
$part = MIME::Lite->new(
To => $Dest, # Construct a message containing the
Subject => $Subj, # output buffer contents.
Type => 'message/partial',
Encoding=> '7bit',
Data => $OutBuf);
$part->attr("content-type.id" => "$Id");
$part->attr("content-type.number" => "$Number");
$part->attr("content-type.total" => "$Total") if ($Number eq $Total);
$part->send; # Send the message.
}
$OutBuf = $InpBuf; # Move input buffer contents to
$InpBuf = "" # output buffer and exit.
}
while (<STDIN>) { # Main loop.
if ( (substr($_, 0, 3) eq "To:") && (! defined($Dest)) ) {
$Dest = substr($_, 4, length($_) - 4); chomp $Dest; next }
if ( (substr($_, 0, 8) eq "Subject:") && (! defined($Subj)) ) {
$Subj = substr($_, 9, length($_) - 9); chomp $Subj; next }
if ( (length($InpBuf . $_)) > ($ARGV[0] * 1024) ) {do_output}
$InpBuf = $InpBuf . $_
}
foreach $j (1,2) {do_output} # Flush both buffers and exit.
__END__
There is no guarantee that the segments of our print-job will arrive at the server in the same order as they left the client. We cannot be sure that there will even be the same number of segments, since message-transfer agents along the way are allowed to re-assemble message/partial entities as they see fit. So what we have at the server end is a set of jigsaw puzzles, with the pieces of each puzzle being related by a common message-identifier, and their placement within that puzzle being determined by their part-numbers.
For a full listing of the 'SEPserverPGP.pl', see the attached text version. I haven't bothered to replicate all of it hereunder, since much of it is the same as the program shown in "Internet Printing - Another Way".
Basically, the program is intended for invocation via an entry in '/etc/inittab', and loops continually thereafter, with half-minute pauses between each loop. During each loop, it visits the mailboxes of one or more printer-entities on a POP3 server, and deletes any stale articles therein before tabulating the message-id's and part-numbers of the remaining articles. When it finds a full set of message/partial entities, it sucks each of them in part-number sequence from the server, and throws their contents into a pipe. The program-extract hereunder shows what happens then.
The relevant message content is deemed to begin at the "-----BEGIN.." line in the first part. For subsequent parts, it begins after the first blank line once an "id=.." line has been seen.
Once in the pipe, the composite message content passes to the PGP executable for validation/decryption, and thence to an appropriate printer. Validation output is passed to a scratch file, and then recovered from there for logging. A validation failure results in no output to the printer.
for ($k=1;$k<=$tp{$part[0]};$k++){ # Check if we have all parts.
goto I if ! defined($slot{$part[0]."=".$k});
}
$fh=new IO::File
"| /usr/local/bin/pgp -f 2>$tmp | lpr -P $user >/dev/null" or goto I;
for ($k=1;$k<=$tp{$part[0]};$k++){ # Assemble parts into pipe.
$message=$pop->get($slot{$part[0]."=".$k});
$l=0; $buffer=""; $print="N";
while ( defined(@$message[$l]) ) {
chomp @$message[$l]; # Part 1: start at "-----BEGIN",
if( $k == 1 ) { # stop before 2nd blank line.
if( @$message[$l]=~m/^-----BEGIN/ ) { $m=-2; $print="Y"}
if( $print eq "Y" ) {
if( @$message[$l] eq "" ) { $m++; if( $m >= 0) {last} }
$buffer=$buffer.@$message[$l]."\n"
}
} # Part 2,3,..: skip 1 blank line
else { # after "id=", then start; stop
if( $print eq "Y" ) { # before next blank line.
if( @$message[$l] eq "" ) {last}
$buffer=$buffer.@$message[$l]."\n"
}
if( @$message[$l]=~m/id=/ ) {$print="R"}
if((@$message[$l] eq "") && ($print eq "R")) {$print="Y"}
}
$l++;
}
print $fh $buffer or goto I;
}
$fh->close || goto I;
open $fh, $tmp;
while (<$fh>) { chomp; syslog('info', $_) }
close $fh;
for ($k=1;$k<=$tp{$part[0]};$k++){
$pop->delete($slot{$part[0]."=".$k})
}
goto I;
}
J: }
}
I:}
In the scheme outlined above, there is nothing to prevent a determined trouble-maker replicating and replaying an entire authenticated message. To cover this possibility, you need to retain each log entry for a week or so, and to reject any incoming message having a corresponding signature and signature-date.
If, in addition, you wish to prevent someone from viewing the actual data travelling to your printer as it traverses the Internet, you need to change the PGP executable parameters at the client end so that the data is encrypted with the server's public key as well as signed; you will also need to feed a passphrase into the PGP executable at the server end.
I have a mental image of somebody reading this and saying: "How come he's using pgp-2.6.3ia if he doesn't like un-necessary temporary files?" It's a good question, because pgp-2.6.3ia creates temporary files both during encryption and during decryption.
To get around this, or to comply with whatever laws are applicable in your country, you may wish to use GnuPG-v1.0.6 (or later version of the same) instead. In the client program, you will need to change the parameters with which the executable is called. And you won't be able to plant your passphrase in an environment variable.
I have attached for your interest a 'Lite' GPG client program which will execute on Windows machines with 'out-of-the-box' ActiveState Perl or IndigoPerl, and requires no extra modules.
During decryption to a pipe, the 'gpg' executable actually outputs data to the pipe until (and in some cases, after) it encounters a problem. So you will need to send your output to a scratch file - then send that scratch file to your printer if the decryption process completed satisfactorily.
Graham Jenkins
Last time, we took a look at the life and some of the achievements, and near achievements, of Charles Babbage, the Godfather of Computing. Babbage made great leaps in our understanding of what would become the field of computer science by considering, and then demonstrating, that mathematical processes could be carried out quickly, repeatedly and without error through mechanical means. This was such a simple idea, but it was ground breaking in its implications. Babbage had been frustrated by the errors that crept into the lookup tables that serious mathematicians used for their calculations. His drive to create calculating machines grew out of the desire to remove these errors from the process of creating those tables. Babbage was ahead of his time. He was a pioneer of the 19th century. If his work hadn't been rediscovered, his achievements would have been almost entirely forgotten by the time the idea of automatic calculations through machines began to take hold in the 20th century.
One of the proponents of such automatic, mechanical, calculations was a mathematician in King's College, Cambridge; a young Alan Turing. It's almost a natural progression for this series to move from the cog wheel brains of Mr. Babbage to the theoretical thought machines of Alan Turing. Out of the necessity to answer one of the most critical mathematical questions of his time, Turing started down the road of what would become the fields of modern computer science and cryptography. As one of the single men whose achievements helped turn the tide of World War II, he is a hero. As developer of some of the original ideas about digital computers and for helping solve Hilbert's final question of Mathematics, he is a genius. Being human, his life is ultimately marked by complexity and, unfortunately... tragedy.
This article will focus on Alan Turing's life leading up to, and including, his invention of the "Turing Machine." Next month, we will tackle his achievements in cryptography during World War II, his ideas on the digital computer, and the controversial events that led to this hero's, one of my heros, tragic death.
Alan Mathison Turing was born to Julius Mathison Turing, an Indian Civil Service officer, and Ethel Stoney on June 23, 1912 in Paddington, England. Alan's father was still under active commission in India and feared the risks of raising family in the remote provinces over which he held jurisdiction. After Alan's birth, his father decided to leave his family in England instead of risking those uncertainties, choosing instead to make the trip back and forth between India and England while leaving his family with friends in England.
Like Babbage (and many others in this field), Turing showed early signs of, what I like to call, the "personality disorder" that leads to a such vocations as engineering and mathematics. Alan's natural inquisitiveness was often confused with mischief, where "planting" broken toys in hopes of resurrecting them was probably interpreted as "getting rid of the evidence." At a very early age, he is said to have taught himself to read in only three weeks and his discovery of numbers brought about the distracting habit of stopping at every street light in order to find its serial number. At the age of seven, while on a picnic in Ullapool, Scotland, Alan had the idea of gathering wild honey for the afternoon's tea. By plotting the flight paths of the bees among the heather, he was able to find the intersection point that marked their hive and provide an unexpected treat for the family.
There's another anecdote that made an appearance in Neal Stephenson's spectacular work of fiction, The Cryptonomicon, in which Turing plays a supporting role. It seems that Alan had a bicycle that had a problem with its chain. He discovered that the chain would dislodge itself from the gears after a regular, repeatable, number of revolutions. At first, the young Alan would count the revolutions of the gears throughout his ride until it was time for the chain to be forced to derail. He would then get off his bike and re-adjust the chain. As this got to be cumbersome over longer treks, he finally rigged a mechanical device that would maintain the count and readjust the chain itself. Supposedly, it never occurred to him to just buy a new chain to solve the problem. I believe that it is more likely that the chain's issues presented a unique problem set for Turing's mind to solve. It challenged him to think in a different way. It was challenging and fun; buying a chain was not.
At the age of six, Alan's mother enrolled him in a private day school, St. Michael's, in order for him to learn Latin. Thus began Alan's introduction into the system that would shape his intellectual and personal development for the next fourteen odd years. The English educational system would prove to be both a conflict and a collaboration with Turing's sensibilities. The collaboration is epitomized by his early respect for rules and their relationship to his concept of fairness. These ideas are probably best illustrated by an anecdote of his mother skipping part of The Pilgrim's Progress. Judging one section to be too theologically weighty for the youngster, she had skipped it while reading aloud in order to spare him. Alan objected and felt that the story was ruined; skipping parts, in his sensibility, was against the rules of reading.
The conflict, in his relationship with the English school system, was partially rooted in Alan's resolve that he was nearly always right. Personal opinions were held as closely as fact. He was one of those people that knows something and doesn't think, feel or have an opinion on them. This type of mind set was definitely at odds with an education system built on tradition and firm in the belief that it knew what was best for its charges.
Early on, Alan was marked with the label of "genius" by the Headmistress of St. Michael's, a proclamation that would be echoed a few years later by a gypsy fortune teller. Despite such proclamations, Alan was required to follow the natural order of the English school system and, upon finishing his studies at St. Michael's, followed his brother's path to his next school, Hazelhurst and then to his first public school, Marlborough. Public school showed the ugly side of the English school system and Alan had his first troubles with bullies, proclaiming that he learned to run fast in order to "avoid the ball."
Alan was introduced to science through Edwin Tenney Brewster's Natural Wonders Every Child Should Know. Brewster's book sought to introduce topics that help children understand their place in the world and what they had in common and how they differed with and from other living things. This discovery, and that of mathematics, would sustain Turing in a life-long love affair. The rules and discoveries of science and mathematics fit his general sensibilities of the world; it had order and could be explored with reason. Sense could be made of life if observed in the correct way. Brewster's book was probably is the first to link the concept of machine and biology in Alan's mind, explaining that the human body was a complex machine with complicated processes that carried out the duties and chores of maintaining life.
While school offered many torments, it also opened up a world of knowledge to the young Turing. He showed an early interest and ability in languages, especially French, and treated it as a code that would allow him to carry on covert communications. Also, having always had a fascination with various process oriented activities, Alan was exposed to chemistry for the first time and fell instantly in love. Turing would go on to dabble in chemistry for the rest of his life, often co-opting family basements and guest rooms as chemistry labs. His habit of concocting various chemical solutions would later play a part in his untimely death as a adult.
At the age of 13, Alan was enrolled to attend the Sherborne boarding school. At the time of the school's summer term of 1926, England had just been brought to a stand still by the first day of the general strike. No buses or trains were running. Turing ma