...making Linux just a little more fun!
The Mailbag
HELP WANTED : Article Ideas
Submit comments about articles, or articles themselves (after reading our guidelines) to The Editors of Linux Gazette, and technical answers and tips about Linux to The Answer Gang.
xine problem?
Mon, 08 Dec 2003 13:07:24 +0530
Vinod Tirur (
v.vinodkumar from licindia.com)
Hello,
I am using RH8 linux and successfully installed xine for video play.
Video cds(.dat format) are functioning well with xine. But I cannot play the video files (in
.dat format) copied to hard disk. The following errors shows on 'xine /home/temp/AVSEQ14.DAT'
-xine engine error
There is no available demuxer plugin to handle /home/temp/AVSEQ14.DAT.
Kindly note that same file on VCD play well in my system in xine.
Please advise me.
VINOD
NT server refused connection while trying to make backup from Linux Server
Fri, 12 Dec 2003 17:29:29 +0100
Imarhiagbe Maxwell (
MIM from iris.ch)
Hi
I have tried several times to backup my new Linux server into an existing
Windows NT server but each time I tried the connection is often refused. I
install the webadmin which makes it much easier but the same problem happens
I tried with the command below from the option in webadmin:
- smbclient //zeus/home/remote/Abacus/Abac -A samba-domain-pw -D trans >dump.tar
- smbclient //terabyte_server/e
- rdump -0u -f server: /dev/nst0 /dump
*where server = name of NT server and /dump a directory in NT server
Etc, all same stories.
Could you please advice me what to do as the Linux and NT Server are of same
domain and with possible solution.
Thanks for your help.
Maxwell
newsfeeds for linuxgazette?
Wed, 10 Dec 2003 16:39:02 -0500
macewan (
macewan from macewan.org)
Forwarded from the mirrors@ mailbox.
-- Ben
rdf's? will you be using rdf formatted xml feeds at any time?
Cheers,
macewan
http://www.macewan.org
There's an RSS feed at http://linuxgazette.net/lg.rss
Every time I try to wrap my head around RDF, my brain ends up screaming
in frustration. Dictionaries with 2-dimensional keys, XML namespaces up
the gazoo, etc. If you can provide a _simple_ description of the format
this particular RDF file requires, and what it does that RSS doesn't do,
we can provide the feed.
-- Mike
GENERAL MAIL
Response to your Defectors article...
Thu, 11 Dec 2003 18:25:39 -0800 (PST)
Dave Bechtel (
kingneutron from yahoo.com)
Re: http://linuxgazette.net/issue97/defectors2.html by Tom
Brown
In Windows, each user has an entry in the Documents and Settings
directory on the "C" drive.
In Windows XP, I know this is true; however, it is not true for
Win98 or previous versions. Dunno about 2000 or ME, don't have
experience with those.
Never login as root (the Linux equivalent of the Administrator in
Windows)! Always login as yourself and use the "su" command to give
yourself root privileges for specific commands.
I login as root all the time, and have only once trashed a
filesystem (typed /dev/hda when I meant /dev/fd0.) You shouldn't do
everything as root, but I do a lot of system maint every time I'm
using linux, and it's just easier than typing sudo all the time. The
biggest concern seems to be file deletion, which is easily abrogated
by ONLY using 'mc' to delete files.
Better advice might be something like: "Do all your normal tasks -
web browsing, listening to music, playing movies, word processing,
etc - as a non-root user, and use root for system config and
maintenance. DO NOT run a GUI for very long as root, it increases
the chance of destabilizing the system. Wherever possible, use
command-line or ncurses-based tools (like mc) when running as root."
/sbin: Programs and scripts used by system itself, and by users to
administer the system.
You may want to add: "Statically compiled / Standalone binaries
that don't depend on external libraries to run. In other words,
critical Programs that can be run even when certain filesystems (like
/usr, if it's mounted on a separate partition) are unavailable."
That may be a bit technical tho.
/dev: Each "file" inside this directory represents a hardware
device on the computer.
The /dev dir is full of stuff that doesn't necessarily exist on
your machine, however. They put it all in there up front so the
device file doesn't have to be created later if you plug one in.
(New users might be confused if the do ' ls /dev -l ' and expect all
those devices to really exist.)
Side note: Did you ever fix the 1GB memory and Promise problems?
Recompiling the latest 2.4 kernel might give you some new options.
Aside from that, I have to pass ' mem=511M ' on my 512MB AMD Duron
box when booting Knoppix. Hdinstalled systems are fine w/o it. With
the Promise controller you might be able to pass an "ide=" parm, or
it may have a native Linux driver by now.
At the risk of offending everybody, vi.
Personally, I use jstar.
It's provided by the "joe" package.
All the common/major distros supply it (it's even in Mepis now, after
I tweaked Warren's arm.)
Anyone who finds a console mode editor that resembles the interface
of older DOS' EDIT.EXE command is welcome to send in a 2 Cent Tip.
-- Heather
You can't just eject the CD-ROM as you do in Windows. You have to
unmount it first.
That directly depends on whether you have a file open from the disc; the
hardware will be advised to resist the user pressing the button if
you're running a program or reading a file from it at the time. The
noticeable difference is that looking at its directories in Explorer
isn't holding the filesystem locked open.
-- Heather
FYI, if you type 'eject /dev/blah' at a command prompt it will
umount it for you. (Depending on fstab permissions, you might have
to root-run it tho.) See 'man eject'. One of the caveats for
unmounting is that no-one's current directory can be the intended
ejection point (if your $PWD is /mnt/cdrom and you try to eject it,
it'll probably fail. CD to another directory 1st. If eject still
fails, do 'lsof|grep $mountpoint' and see who's holding it up.)
If you haven't already, I suggest you try the following:
-
Knoppix bootable and installable Live-CD (Debian):
- ftp://ftp.uni-kl.de/pub/linux/knoppix
BitTorrent download:
http://torrent.unix-ag.uni-kl.de:6969/
-
Support forum:
- http://www.knoppix.net/forum/viewforum.php?f=1&topicdays=0&start=0
-
The Next Big Thing in bootable Linux Live-CD's (we need beta testers!):
- http://www.mepis.org
-
My Linuxtips page:
- http://wolfrdr.tripod.com/linuxtips.html
BTW, thanks for supporting and contributing to the "new" LG.net.
Avoid the .com.
=====
Contents above ThisLine (C)ThisYear KingNeutron Ltd.
===== Check out KNOPPIX Debian/Linux 700MB Live CD:
===== http://www.knopper.net/knoppix/index-old-en.html
Normally I trim out sig blocks entirely, but leaving that in seems the
right thing to do... I've made the logical assumption that he wants the
world to see his note, but folks, if you have copyright notes, please
clarify our permission to publish your words (with or without your name
attached, etc.)
-- Heather
Thankyou for your efforts
Tue, 2 Dec 2003 00:01:45 -0800
Adam Kosmin (
akosmin from nyc.rr.com)
Hello Heather,
I just wanted to send you a very sincere bit of thanks for your efforts
in resisting the "CMSment" of LG. While I know that there are obviously
many others who contributed to the cause, your name was mentioned to me
just the other night by a friend here in NYC and from that news, I got
the impression that you really drove the campaign. I am actually in the
middle of reading this month's issue and love your statement regarding
the CMS proposal:
"I think it's a solution to a problem we don't actually have, and "yet
another slashdot" is not a unique magazine on the scene."
Yeah, I figured Slashdot's a great thing, but somebody else already does
that...
I can't say I was the most annoyed about it, but I was probably one of
the clearest in saying what I didn't like.
I could not agree more! Thankyou once again and keep up the great work.
I hope you'll extend my gratitude to the other members of the team who
helped save this incredible resource
I certainly shall! If you're inclined to do so yourself before I get to
bouncing a copy that way, you can send mail to tag@lists.linuxgazette.net, and
you'll reach the current Answer Gang.
All the best,
Adam Kosmin
WindowsRefund.net
--
# chown -R linux.GNU world
Top notch.
Thu, 27 Nov 2003 22:32:03 +0000
Dean (
dean.wilson3 from virgin.net)
Just wanted to say that Linux Gazette has been an excellent read since i
stumbled on it a good three years ago. You guys do an excellent job and
deserve kudos.
Good luck dealing with SSC.
Dean
[Thomas]
Thanks, Dean, and thank you to all the other readers who have sent in
their kind regards and thoughts over this. On behalf of all of us at LG,
we are delighted.
There were far too many letters of this sort for us to dream of
publishing them all. Just so you know.
-- Heather
new look LG rocks
Sun, 07 Dec 2003 14:14:57 +0530
Raj Shekhar (
rajshekhar from hotpop.com)
Hello TAG!
I was reading through the new issue of LG and it is really nicely done.
The new look is very pleasing and IMHO an example of a well balanced
design.
My congratulations to Tougher, Mike and Ben.
Regards
Raj Shekhar
Strict or not strict editing
Sun, 07 Dec 2003 18:13:58 +0100
Thomas Kappler (
thomas.kappler from stud.uni-karlsruhe.de)
Hello Linux Gazette!
From the Mailbag of issue 97:
If you think LG is too strict -- or not strict enough -- in its
article selection, please let us know.
Please don't make it less strict! It is right at the moment, sometimes
even not strict enough. Perhaps you would like to read a few thoughts
about this.
What I like very much about the Linux Gazette is that it is a "real
magazine" online, not like a news site that gathers seemingly random
bits of information. There is a given time each week when it will be
published, the structure is always the same etc. Another element of that
"magazine feel" is of course the quality of the articles. Please keep up
that up strictly, it is a crucial element of the success you have so
far. A new issue is something that people look forward to. They won't do
that if a new issue means they have to scan the articles first to find
the mediocre ones.
I don't think you have to worry about information kind of "getting lost"
when you reject articles. Linux has gone beyond the crititical mass
concerning representation and information availability on the net. In
fact, I believe it has gone so far beyond that critical mass that it is
an important function of an edited magazine to help its readers sort out
the good writings out of the vast amount there is available. This is
exactly what strict editing does.
Keep up the great work,
Thomas Kappler
Thanks for the support.
Of course, LG is a monthly publication, not weekly. We've sometimes
done it twice a month, and in the mythical future we'd like to see it
published twice a month regularly, but that's not in the cards now.
-Mike Orr (aka. Sluggo)
Yes, that was just a mistake.
Better monthly with high quality than twice a month, but not as good.
And of course we want you to stay motivated rather than tired
GAZETTE MATTERS
A modest proposal
Thu, 18 Dec 2003 20:05:57 -0800
Felix Finch (
felix from crowfix.com)
Original letter copied to webmasters at both linuxgazette.com
and linuxgazette.net, to our editors, and to Phil Hughes
Seems to me this dispute over who should control the words:
Linux Gazette
is a real muddle. Each side's arguments seem pretty clear. It has
been a monthly magazine for a long long time, and one side wants to
continue that. The other side has supported it for a long long time,
and wants to move into the future.
Both sides apparently have enough audience and crew to keep doing
things their way.
Trimming his original down a bit...
-- Heather
A modest proposal, how about both zine change their name,
one to linux gazette monthly, one to linux gazette online.
If you really want to get anal, make (the original sites)
a CGI which chooses the order of the two links randomly, or a cron
program to switch it every minute, or hour, or day.
Then the contested shorter name can point to a simple page
describing both, and people can bookmark either equally.
Our Gang was kind enough to leave SSC out of the reply stream. They can
read it here like the rest of you.
Gentle readers, you really don't want to hear the heated portions of
the responses, and some scufflings based on a few of the Gang being
active among the editorial staff and so up on rather longer discussions
of the topic. So if you can believe it, this is the summarized form...
Linuxgazette.org presently hosts a "portal" site, amount of connection
with Linux unknown. Also note that the two-letter domains lg.com and
lg.net have nothing to do with either "side" - or linux for that matter;
they have their own owners and no awareness of us that I could find.
Nor does that big electronics company with the L inside a big round G and
a dot for their logo (LG Electronics, believe me they're far bigger than
either group involved here). Any references here to these two "short"
names refer to linuxgazette.com (SSC's site) or linuxgazette.net (our
site) respectively.
-- Heather
[Rick Moen]
Felix, Mr. Hughes has made clear that he regards Linux Gazette
magazine's use of any variation on "Linux Gazette" as a violation of his
(alleged, phony) trademark. We've concluded that the proper way out of
this is to disregard (and disarm as required) the bogus trademark claim,
and just concentrate on publishing the magazine.
Thanks for your good thoughts.
[Mike Orr]
A lower-tech alternative would be each site staying at their current URL
(but modifying their popular name slightly) and linking to the other on
the home page. We have repeatedly been willing to compromise
throughout, but our e-mails are met with either intransigence or
silence. If Phil changes his mind and wants to discuss further
compromises, he knows where our mailbox is.
Robos spoke in favor of such a dualsite idea, assuming Phil goes for it.
A few folks expressed this is... unlikely.
-- Heather
[Jason Creighton]
People working together for years without knowing that they disagreed on
the most basic issue, that of control.
He suggested if such a "description only" site is created it may as well
point at any other linux zines around, too. Which would imho be more of an
almanac, or portal, than a "gazette". Now that could be confusing.
-- Heather
[Tom Brown]
Changing the name (and the web address) twice in so short a time can't
be a good thing. Readers new and old need to find LG, not wander around
looking for it in all the wrong places. A significant PR campaign would
be needed to make it work. That's what makes the original proposal in
this thread attractive: the original site gives people a choice. The
trouble with the proposal is that egos are going to get in the way, no
doubt about it. Get over that hurtle, and you have a reasonable
solution. Of course, any agreement needs to be in writing so nobody has
room to waffle in the future.
Musings among the Gang about conditions under which a name change might
be forced, or acceptable, and likelihood of any of these, snipped.
-- Heather
[Tom Brown]
P.S. If this ever does go to court, maybe we can get Groklaw to cover
our side of it.
[Thomas Adam]
...(SSC) ...re-newed the lease for the domain... and may continue to use
it... (haven't seen commercial effects on SSC's site yet)... just because he
has utilised a CMS engine means nothing. All we have is inferences which one
must be careful not to try and personify into 'evidence'.
[Phil]
Again, we don't object to Phil operating a CMS -- or anything else, really.
[Thomas]
He can do whatever he likes. lg.net is the official LG now.
[Jason]
It would have been nice if it [*exactly* stating what SSC's role was to be]
had been done seven years ago, in the same way that world peace
would be nice.
[Thomas]
It is Christmas afterall
Some tussles over whether verbal contract may or may not apply. Certainly
it doesn't apply to most of us, many of whom have never met Phil, much less
worked for him. Regarding what John Fisk passed on, perhaps; but that was
strongly against becoming commercial in this sense -- he was kind enough to
clarify the
historical perspective
when asked.
-- Heather
[Jason]
...of course it was impossible to know that this
would happen 7 years ago, and I don't blame John Fisk for not demanding
that SSC's role be made clearer. There's simply no way he could have known.
[Mike]
Not only that, but what were Fisk's alternatives? LG was on the verge
of disappearing.
Interesting point, that; when we finally decided to take the zine and keep
running it here, we thought that it was once more in danger of disappearing
forever, at least in magazine format, and in fact, that only pressing within
the space of one month would provide the continuity needed to preserve the
magazine at all.
-- Heather
[Rick]
Phil absolutely did LG a huge and vital favour.
Honestly, I think their understanding about LG's non-commercial nature
was perfectly clear back in 1996. It's just that, come 2003, Phil...
Speculation as to what he was really thinking or his motivation for choosing
to apply trademark to this, snipped.
-- Heather
[Rick]
(As I've mentioned
previously, computer geeks have a dismal record for running screaming
in terror from even laughably unfounded demand letters.)
[Karl-Heinz Herrmann]
Right now I'm all for making it a public issue. That way the new site
and the issue gets some popularity. If LG.net is forced or at some point
thinks its simply wise to move away we've some audience aware of the
switch and it's not starting at a point zero with no known name or
link. Right now the public opinion seems to be with us so we get the
sympathy. If this changes and we come over as the stubborn ones without
a case we should resolve the issue one sided by backing down -- again as
publicly as possible.
[Ben Okopnik]
...although the idea has some appeal. ...As it is, we don't really need to
play that game; we do have a quality 'zine, one that people obviously
want to read, and the mechanism of that continues to work for us steadily,
day in and day out. This is one of the major reasons that it behooves us
... just keep doing what we do... the status quo is our friend ... .
I agree that any name change by us would need to be attended by much
fanfare, parades, dancing girls, and political rallies in all the major
world capitals; however, at this point, I see no good reason for it and
several reasons against it (including the political rallies; all the
baby-kissing gets sticky.)
Ashwin M said he'd stand by what the core decides, but would prefer that
we stick with producing the 'zine...
-- Heather
[Ashwin M]
If Phil is very persistent, just change the name to one that
represents the spirit of the gazette and get on with life. Continue to
deliver quality articles to the public and they won't give a s*** what the
LG is named as.
...I just don't want to see LG.net becoming a
turnoff to the readers in the petty quarrel between LG.com and LG.net.
flamage about what "very persistent" or "petty" means exactly, heavily
doused with Halon... snipped.
-- Heather
[K.-H.]
... lets get back to making LG.net. ... I would consider an ideal settlement
if LG.com goes back to their non-monthly posting style they wanted at first
-- then they could simply link us as a monthly edition and we can link
the good articles on LG.com. Phil then will have his low work,
uneditied, "anybody can post" gazette while we can edit and everybody
oose what to read. Then both could even keep going as Linux
gazette. As far as I can judge Phils reactions I don't have high hopes
he will be agreeable to this, but who knows?
I have already seen calls for a boycott of SSC. That's stupid.
[Rick]
I think I can speak for the entire staff in saying that we agree -- and
have said so in numerous places including... [ SSC's forums ]. [Estimate
regarding changing policy of SSC's version, snipped as speculative.]
It's our policy to do nothing at_all_ injurious to SSC's interests. We
take defensive actions only, and regard SSC as our natural friends and
allies. We heartily encourage others to take the same view.
In reply to Mike's comment that Phil knows how to mail us if he feels
inclined to, Felix noted...
-- Heather
I have had no response either, which is disappointing.
I hope my original email didn't sound like I had the answer to
everything. I have no illusions about knowing more than those who are
right in the middle of it. I was hoping that perhaps a suggestion
from an outsider might be some good to keep both sides talking, since
it was not an idea owned by the other side.
Thanks for not chewing my head off
[Mike]
It was an idea that nobody had proposed yet, so you can take credit for
that.
Rick's for sticking to our guns 'til we turn blue; Ben and I fought for
sticking with our name, and considering how long it took TLDP to decide what
to do and continue to carry the magazine at all (which it is
now doing), I'm for staying here for
the long haul. A few expressed support for working with him much more happily
if he stops claiming that his CMS is a magazine but supports one as a
CMS is inclined to behave - crosslinking named threads there, etc. -
possibly contingent on him renaming his site. Among the gang overall,
desire to change our name for good was expressed in the form of an "if"
plus some suggestions as to what names; as far as I can tell that means as
a group, we'll do what we have to do... but right now, that's simply
continuing to have the same great magazine at this site, linuxgazette.net.
We've gotten a lot of reader letters regarding the topic of our name and
whatever its legal status might be, this month. Too many to publish, but
we don't mind. Thanks, everyone, for your support - and for your barbs,
your thoughts, and suggestions. Especially, thanks to those who sought us
out through the twists and turns of the changeover and were happy to find
us again. That'll be a lot easier now that TLDP.org points at both sites.
As for the heat that resulted among the Answer Gang...
-- Heather
[K.-H.]
*I'm* doing what I wanted and
volunteered to do: wait for interesting questions on TAG and try to help
people having more fun with linux -- I'm done with politics, feel free
to decide whatever you want.
The editor gal considers putting up a sign in the TAG lounge stating "no
fighting" -- but that would ruin the lighthearted banter we often see
between Ben's dark glasses and the lot. Various other signs are considered,
but how about the old standby:
"Making Linux just a little more fun."
Thanks, Karl, for I think you hit the nail on the head neatly. Shame
the thing fell on the floor during that tussle over names. Maybe it'll
stay nailed up this time.
For those of you who chimed in - heated or not - thank you for the
encouragement, and your opinions, and for sticking around past any of
the opinions you didn't like. We're not here because we're all the
same; we're here because we all like Linux, but that covers quite a
world of choices... and, for the most part, the fact that we'll have to
make a few. Hopefully the kindest for a maximum number of people.
Happy New Year, everyone.
-- Heather
Linux Gazette
Wed, 10 Dec 2003 09:30:08 -0500
John M. Fisk, N.D. (
jf235 from email.med.yale.edu)
Question by Rick Moen (rick from linuxmafia.com)
Hi Rick, thanks for writing. I'll try to address your questions below.
Dear Dr. Fisk:
You've probably been too busy with real life to notice, but we at
Linux Gazette magazine have been having some problems of late. To
make a long story short, because SSC announced intentions in 3Q 2003
to effectively kill Linux Gazette by transforming it into a
Slashdot-style Web discussion forum, and for several other reasons,
the couple of dozen editors and staff unanimously voted to move the
magazine away from SSC, to http://linuxgazette.net .
Phil Hughes at SSC, Inc. has unfortunately been extremely vindictive
about this, and is retroactively asserting commercial trademark over our
magazine's name, and based on that is attempting to seize our Internet
domain.
It would help us a great deal if you could confirm our understanding
of your intentions in August 1996. Based on your wording in issue #8,
we believe your understanding was that SSC would continue to operate
Linux Gazette as a free, entirely non-commercial magazine alongside
its commercial offering, Linux Journal. Can you confirm this?
This is correct.
Bear with me for a moment and I'll try to provide a bit of background. I had
started the Linux Gazette in early 1995, essentially as a means of learning
HTML and to provide an educational/entertaining resource for other Linux
enthusiasts. I had spent a bit of time lurking around various Linux related
USENET groups and found that although there was a good deal of useful
information there, the signal to noise ratio at times dipped pretty low.
I had no access to the internet, other than a 2400 baud dial up connection to
the Vanderbilt University VAX machine. A physics grad student, Tim, offered
to host it on a site that he was running, and that's where the LG got its
start. Throughout the early life the LG, I was always beholden to others to
the host the content.
My stated intention at that time was to start a monthly online magazine with a
variety of article formats: in-depth articles, short tips-and-tricks, email
correspondance, etc. It was always intended to be open (in the sense of open
to all contributors), free (in the sense of beer AND speech), non-commercial,
and "moderated" only in the sense that no flames or derogatory material were
going to be allowed. At the time, the Linux community was pretty small
(Patrick V. was just getting Slackware well established and Marc Ewing, Erik
Troan, and Donny Barnes were gearing up for RedHat!) and collegial.
It was an almost instant success in terms of community interest and took very
little time for several regular contributors to come forward and offer to
provide monthly articles of good quality. Within a year, I was getting
overwhelmed trying to provide the time to get new editions of the Linux
Gazette ready and sent out to the various hosting sites.
In 1996, I received an unexpected call from Phil Hughes at SSC with an offer
to take over the management of the Linux Gazette. He mentioned that he had
the personnel to handle the editing and distribution aspects and that he would
continue to make it available as it had been started - open, free, and
non-commercial.
Phil was very pleasant and we entered into a "gentleman's agreement" that he
would take over management of the Linux Gazette and I would be able to retire
gracefully and continue to contribute as time allowed (which clearly, it has
not...) No money was exchanged during this transaction and no documentation
was created or signed -- we simply had an mutual verbal agreement.
They were good to their word and Marjorie Richardson did a wonderful job of
handling the early efforts of keeping the LG going. On my part, I returned to
residency in Pathology at Yale and am currently completing a fellowship in
Transfusion Medicine. I was delighted to have someone interested in the LG
and have greatly appreciated their years of dedication to it.
Can you also confirm that you made no agreement with SSC, Inc. to
assign them any trademark?
That is correct: the verbal agreement that Phil Hughes and I entered into was
that the Linux Gazette would continue as it had been started, the only change
being that SSC would take over the day-to-day management of it.
I will stress that we bear absolutely no ill will towards SSC, Inc. or
towards Mr. Hughes. We wish only to prevent his use of belated
trademark claims to harrass the Gazette, after its departure from his
site.
I'm deeply sorry to hear of this situation. Phil was a godsend and I
appreciate his efforts in keeping the LG going. I will demur on comment as to
whether moving to a "Slashdot Style" format is A Good Thing(tm) or not -- it
certainly was not my original intention.
It's unfortunate that a complementary solution could not be amiably arrived
at: a "two-site" Linux Gazette, as crazy as that sounds, wouldn't be entirely
a bad idea. As long as the two sites linked to each other, I could envision
having a Slashdot style site with daily chatter and such, and an ongoing
monthly online magazine as a complementary site for more currated content.
Just a thought...
(The situation is admittedly somewhat more confused than that, but I
was going to omit the gory details.)
Again, sorry to hear about this mess. I hope that it can be resolved in an
amiable fashion and that the community will support, rather than split from,
whatever is decided.
I wish you the best. The grace and wisdom of God be with you.
cheers,
John
--
John M Fisk, M.D.
Transfusion Medicine Fellow, Department of Laboratory Medicine
Yale University School of Medicine, New Haven, CT
For Rob and Thomas
Tue Dec 30 01:22:38 2003 -0800
Heather Stern (
Linux Gazette Technical Editor)
Rob Tougher's family lost a good friend and companion this week; he would
have helped us more this issue but for this. He's already done great by
helping us with stylesheet improvements. Netscape and Phoenix users
should have a better chance at reading LG now.
Thomas Adam, our Weekend Mechanic, has also been helping me out with
preparing TAG; I'm sorry we didn't have an Answer Gang or Tips last
month, for I was going to be out of town and could only prepare Mailbag.
Thomas cheerfully offered to fill in for me, but it turns out that he has
been ill for the last few months, and outstretched his poor health -- he
was too ill to complete them in time, though he had hoped better of himself.
He has pitched in such as he could across this month, but many of the Tips
are last month's material. I am pleased to say that he is recovering now,
but it looks like it may take awhile for him to be at his best again; the
staff is encouraging him to take it easy.
Please join us in offering kind thoughts for Rob and Thomas.
This page edited and maintained by the Editors of Linux Gazette
HTML script maintained by Heather Stern of Starshine Technical Services, http://www.starshine.org/
Published in Issue 98 of Linux Gazette, January 2004
More 2 Cent Tips
See also: The Answer Gang's
Knowledge Base
and the LG
Search Engine
About crypt function in Linux -- Easy Encryption
Tue, 7 May 2002 15:52:47 -0400
Marko Cehaja (
internut from thetaworld.org)
(with minor editing by Ben Okopnik)
I have many files on my hard disk which are important and need to be
encrypted. Once, I left my computer at a client's location while
working on their database, and they tried to crack into it. They got in
with a SuSE boot disk and installed FTPD so they could grab my files.
The only reason they failed was because they didn't know how to crack a
plain PostgreSQL database (which should be simple when you're logged in
as root). Since then, I don't leave any important data un-encrypted in
order to be ready for such incidents.
Since I often use Midnight Commander, I have automated this by creating
a menu item in its menu file (~/.mc/menu) [ Note: This can also be done
via MC's pull-down menu system - press "F9", select "Command", then
"Menu File edit". ] The following entry will pack the entire current
directory and encrypt the result with GnuPG.
See attached encryptdir-gpg.midnight-commander.txt
I've also added an entry for single file encryption:
See attached encrypt1file-gpg.midnight-commander.txt
What if the files are already encrypted? In order to save some time, I
have put following into the extension file located at ~/.mc/bindings
[ Note: 'F9', "Command", "Extension File edit" via the pull-down menu. ]
See attached view-gpg.midnight-commander.txt
Now, when you press F3 (view) on the file with extension *.gpg, it asks
you for the passphrase and shows the contents of the file. Beware,
however: if you are on the network or on a multi-user system, your
memory and swap file (which contain the decrypted text) could be exposed
to attackers.
One good use for this is to put all your passwords into a single file,
and simply remember one passphrase. Be sure to remove the original plain
text files with "wipe" or "shred" rather than "rm" to delete data in a
secure manner.
Adding PHP to apache on Redhat 9.0
Sun, 30 Nov 2003 16:45:31 +0200
Raj (
The
LG
Answer Gang)
Question by Francis Matsika (fmatsika from zdb.co.zw)
I have just installed redhat 9.0 and i am wondering how to configure or
build php
as an apache module
I installed apache and php using rpm's that come with redhat 9.0
[Raj]
If you used RPMs it has already been installed. Create a file in your
/var/www/html/ directory (say self.php), and put this lines into it
<?
phpinfo()
?>
Point your browser to it, (usually by saying http://127.0.0.1/self.php
in your browser) and you will have everything you never wanted to know
about your PHP module in front of your eyes.
[Thomas]
You miss the point completely here. The question was not "how can I test
php"; it was "how can I get apache to utilise it". The answer to that
question is that the RPMs should have already sorted that out for you,
Francis. You'll just have to enure that you:
apachectl restart
[Raj]
Just another example why speed reading is bad for health
. Francis, as
Thomas pointed out, if you have used RPMs for installation, then
everything has already been taken care of. However, if you want to be
sure that good old rpm has not cheated you out what is rightfully yours,
then check for the following files.
The main workhorse for translating the php code into html:
/etc/httpd/modules/libphp4.so
The file which controls how PHP behaves while interpreting php files:
/etc/httpd/conf.d/php.conf
Controls quite a few other PHP features, like security, language options etc. Very well commented:
/etc/php.ini
automatic backup in debian
Sat, 06 Dec 2003 13:53:41 +0530
Thomas Adam (
The LG Weekend Mechanic)
I am a newbie debian user (switched from RH).
I have faced a strange prob. in woody. whenever I modified any file the
previous contents is backedup with a *~* sign and the modified one is saved
with the actual name. like *test.kwd* will be *test.kwd* after modification,
but there will be an extra *test.kwd~* also.
plz suggest me how to stop the generation of this second back-up file.
thanks in advanced
[Thomas]
Well, yet again Joydeep, I am being poisoned with LOIS (Lack Of
Information Syndrome) --
I am going to make an intelligent guess and assume that you are using vi (or in your case vim).
Vim will save backup files, using the caret (~) notation. You can add
the following to your ~/.vimrc file:
:set nobackup
to disable it (in the configuration file the leading ':' is optional).
Of course, if you are not using vi[m] then that means we need to find an
alternative solution -- something drastic I think, like:
cd / && find . -name '*~' -exec rm -f {} \;
You can then add this as a cron entry to run say every 20 minutes?
0-59/20 * * * * some_user cd / && find . -name '*~' -exec rm -f {} \;
Bash Scripting
Sat, 7 Jun 2003 11:45:35 -0400
Faber Fedor (
The
LG
Answer Gang)
Question by Robin Chhetri (robinchhetri from fastmail.fm)
Hi Gang,
I asked another question around one month ago and even though I could not
come up with a answer I decided to come up here again.(Incidentally I
tried it also in linuxquestions.org).
What would be the equivalent to the zsh script given below in bash
$echo ${${(z) $(whereis libcrypto)}[2]}
if the output of $(whereis libcrypto) is
libcrypto: libcrypto.so libcryto.a
it returns libcrypto.so only.
Now I could come up with
$robin=($(whereis libcrypto)); echo ${robin[1]}
But can it be done in one go using some construct?
I am not a shell guru so I wonder if it can be done!
[Faber]
I must be missing something. If you simply want to print to STDOUT,
try this:
$( whereis libcrypto | awk '{print $3}' )
which will print to STDOUT. If you simply must put it into a variable, then:
$robin=$(whereis libcrypto | awk '{print $3}') ; echo $robin
is the shortest way I know of, but that isn't saying much.
I need help, PLEASE!
31 May 2003 08:43:04 +0530
supreet (
supreet from linux-delhi.org)
With comments by Heather Stern (the Answer Gang's Editor Gal)
Well if you need dos boot disks. visit www.bootdisk.com.
It has nice pointers to many flavors of boot or install disks for the
various mswin, a notable floppy-linux or two, and the correct HOWTO out
of TLDP for finding the major distros' floppy images.
-- Heather
Debian's first installer CD can allow access to a prompt, as can several
other distros.
Expect to need to press ALT-CTRL-F2 or another F key to
leave the curses or GUI installer page and find a shell, then poke
around mounting up your partition and chroot'ing in.
Some even allow starting a "rescue shell" tho beware this claimed
feature does not work in all red hat flavors.
-- Heather
Then you can load your boot-loader.
Supreet
Help (Networking)
Wed, 9 Jul 2003 13:49:25 +0100 (BST)
Thomas Adam (
The LG Weekend Mechanic)
Question by sivagnanam munusamy (searchsiva from rediffmail.com)
hello sir,
i am sivagnanam and i completed B.E.,(Computer science)in
University of Madras at tamilnadu in India.
i did some projects in Linux platform. i would like to know
about GRUB loader details ,NFS and DHCP.
please help me.
with regards,
sivagnanam
Hello Sivgananam,
I've forwarded this reply to the Linux Gazette...
You have supplied me with VERY little information to go on, but I will try
and help you...
GRUB (GRand Unified Bootloader), is a GNU bootloader. It offers an
interactive shell in which to configure it. I actually dislike GRUB
immensly and prefer the defacto "LILO" loader, although many distributions
now use GRUB as their default, alas.
The FAQ can be found here:
http://www.gnu.org/software/grub/#TOCfaq
I find the config file confusing, and terse (cf: "man tar" - perhaps the
heaviest man page of them all).
NFS is Network FileSystem, and I use this extensively via PLIP (which is a
Paralell Line IP), which allows you to mount another computer's FS over a
network.
DHCP is a means of automagically having a machine assigned an IP address.
All of these can be found in the LG KB, at:
http://www.linuxgazette.net/tag/kb.html
-- Thomas Adam
By far the most popular reason, in my opinion, is that GRUB takes nice
high resolution pictures, while LILO only handles cruddy resolution of
640x480. Which probably means that its graphics work on more systems,
but gosh, it'd be nice to have the option. If the code costs too much
space though... maybe grub is bigger.
-- Heather
Linux Hotplug for Dummies
Mon, 12 May 2003 18:57:17 -0400
Robos (
the LG Answer Gang)
Question by dokhebi (dokhebi from earthlink.net)
I've tried reading all of the documentation for Linux Hotplug that I can
find, and none of it seems to answer my questions; A lot of it referes
to other documentation that goes off the main topic, and there is nothing that
describes the format of the usb *mapfiles, or how to set up the
auto-mounting of a specific device (in my case a SanDisk Cruzer) What
I really want is a step-by-step configuration guide or a "Linux Hotplug for
Dummies" type of book
Thanks,
Edward Hooper
Well, can't give you that but you reminded me that I wanted to look into
this myself. Here is what I've found so far:
If you plug something into the usb port (that is what most of the time
hotplug is for, in the future firewire and maybe pci hotplug will also come
into the game) the kernel does something and then something else does
something (in the flux, 2.5 is different than 2.4 and I really didn't get it
since it didn't interest me) and then hotplug comes into the game. There are
config files under /etc/hotplug (at least thats the place with debian):
usbusb.distmap, usb.rc, usb.agent and usb.handmap.
usb.agent and usb.rc are for hotplug itself and the interesting parts are
distmap and handmap. Dunno for sure what handmap is for (devices where
modprobe doesn't know what to do?), but in distmap are the devices and their
name equivalents in the form idVendor idProduct and so forth. I have a usb
memory stick which gets handled like this:
scsi emulation needs to be there (sd_mod)
usb-core needs to be there (obviously)
usb-storage needs to be loaded (since the stick is storage)
and maybe the right fs modules like vfat, msdos or whatever
then the thing gets mounted like this
mount -t auto /dev/sda1 /mnt/usbstick
OK, now to put this into the scripts hotplug can handle:
I searched google and found some german LUG that had written some scripts
already. I adapted this for my use. Here it is.
Save the file as /etc/hotplug/usb/usb-storage:
See attached usb-storage.sh.txt
Now for a little (newbie-ish) explanation. The set >> thing writes the
variables that get set by the kernel thingy to /tmp/usb-storage-variables.
Take a look into that,
PRODUCT=c76/5/100
and
ACTION=add
are important and maybe
DEVFS=/proc/bus/usb
DEVICE=/proc/bus/usb/001/007
too.
The echo marks simply where one insert ends and the next starts.
If the variable ACTION is add the next case is triggered which checks if the
product id is c76/5/100. This is my usbstick. Since I want to have this
script also for my girlfriends stick I need to destinguish between them.
If it is my stick ($PRODUCT is c76/5/100) then it gets mounted.
If you unplug it the script should be run again if I understand it
correctly, but this doesn't seem to happen. ACTION=remove never appears.
I want to make it like this later on: a usb-hub connected to our server (in
my apartment-sharing community) where you plug in your usb stick upon
entrance. Then this gets mounted and the other computer you turn on mounts
that from the server and loads e.g. mozillas bookmarks from the stick. If
you trigger a serial mouse button (very handy that they have 3 buttons
mostly - 3 ppl in the community) the corresponding usb stick should then get
unmounted and you can leave the house.
Not a book Edward, but I hope sufficient for the beginning.
Cheers
Robos
He did write me this back. I keep it in the TAG for now, maybe someone knows
something here (although I think most of the ppl here rather like doing
things by hand)
Quote Edward:
I've been able to scope this much out, but I don't like the idea of hard
coding the device (/dev/sda1) because I can't be sure that it will
always be that device. What if this is the second usb-storage device I
plug in? What if I decide to add more SCSI devices (my main system has
an Adaptec AHA-2940UW with 7 devices already) and I don't change the
script? Is there a way to get the device node from the known info? In
other words, is it encoded in /proc/bus/usb/xxx/yyy and I can extract
it?
Well, it says in the docs (linux-hotplug.sf.net or something) that device
info (in $DEVICE) is in 2.5....
Now that 2.6 has released, The Wonderful World of Linux 2.6 in this issue
mentions how hotplug has been improved.
-- Heather
I think the /proc/ stuff can be used for assigning to the right device,
but sort of hard to do with only one stick. Later my flat mate comes back
and I can test with his stick too, then I can tell you more.
I don't want to say this, but for all of Microsofts many faults, they
can at least auto mount without having to go through all of this shit.
I think it's time for the kernal hackers to wake up and smell the
coffee, because Linux will not be ready for the desktop until it can do
want M$ can do, but better, faster, and cheaper.
If you rely on the kernel hackers there you are sort of lost. They are
already having fun hacking the kernel, they don't need anything more. And
this is no longer a kernel-space thing: the kernel informs you already where
and what (if we think /proc is the right thing) but there are simply not the
userspace tools. The usb-stick phenomenon is just coming up really fast
right now ...
Actually, this tip escaped proper mention a few months ago, and I dug it
out of storage. However it seems he is correct; flash chips, memory
sticks, and "thumb drives" have become amazingly popular.
-- Heather
...and up to now this wasn't necessary. As for scsi hotplug, this is
simply rare.
I will mail later if I figured something out.
Cheers
Robos
Thanks for the info so far,
Edward Hooper
Covert HTML attachments to PDF at mail server
Wed, 03 Dec 2003 16:54:38 +0800
Thomas Adam (
The
LG Weekend Mechanic)
Question by Steven Lockhart (linuxoz from yahoo.com.au)
For security reasons I would like to convert all incoming mail
attachments from htm/html to pdf.
( a procmail, ghostscript, ripmime, altermime ) or whatever it takes
solution.
I am sure a lot off mail server sysops would love to do this.
Any ideas would be appreciated
[Thomas]
For security reasons (and sanity reasons for that matter), you should
really be sending all MIME-encoded e-mail to /dev/null. It is more likely
that if you were to do a conversion that you'd only be translating spam
into Yet Another Medium (tm), so why bother?
Doesn't mean we won't answer him, mind you. I chime in here to warn
that just because HTML to PDF tranlators currently ditch javascript bugs
and various browser-bug exploits, that someday the PDF internal
scripting language may grow fancy enough to do some pretty strange
things. Luckily at the moment, PDF's a pretty nice "destination = paper"
kind of format.
-- Heather
[Thomas]
Yep -- again this depends on which filtering tool you would like to use.
Personally, I find procmail the easiest, but that might not necessarily
suit your needs.
I am sure a lot off mail server sysops would love to do this.
Nope, not me. Here's one possible solution (note: not tested).
# Is it html?
:0:
* ^Content-Type:.*html
| html2pdf /some_location/yum.pdf
Probably you want to use some tricks to create a reasonable filename
that won't be overwritten constantly (if there's only one, message ID
ought to do, with .pdf tacked on the end) and you might need to use a
MIME decoder to pull off the portion which is the actual HTML portion.
After that, the trick should be usable for other "readable" attachment
types you feel like converting for sanity, e.g. quoted-printable to
your local character set, etc. You'll need to handle each file format
seperately, unless you have a converter that's smart enough to figure
out the filetype on its own.
-- Heather
Securing a dial in?
Sat, 28 Jun 2003 22:15:44 -0500 (COT)
John Karns (
the LG Answer Gang)
Question by George Morgan (George_Morgan from sra.com)
Hello answer guy,
I need to be able to secure an external modem that has been connect to a
Solaris box to protect against unauthorized calls.. What I mean is that I
want to be able to allow people to connect to the box based purely on the
phone number they are calling from. Is there a way on the modem to only
allow certain calls to go through while rejecting all other calls?
See the "mgetty" open source pkg (http://alpha.greenie.net/mgetty).
It offers this capability, provided that your modem line has caller id.
The pkg includes pretty good documentation as well as good example cfg
files.
linux printing
Mon, 15 Dec 2003 01:22:56 -0800 (PST)
Heather Stern (
The
Answer Gang's Editor Gal)
sanjoy patra (
sanjoy_cal from yahoo.com)
i have one redhat 8.0 linux server and hp1200 laser
printer is attached with this.i want print from other
linux box on same network.printer is printing from
server ok and also it is printing from windows m/c on
same lan but it is not printing from any linux box
[Heather]
First thing, thanks for writing to The Answer Gang.
Secondly, you may not be aware of the resource, but there's this great
site about printing support for Linux called linuxprinting.org. You've
gotten you printer working for at least a couple of machines though, so
perhaps you've already been by there. If not, check it out
So that leaves the nitty gritty good stuff. I'm guessing the topology
is like this, but if it's different, please describe how things are
really connected:
printer[hp1200] ==/parallel/== RH8 --------- other linux boxes
samba
|
windows box
Usually in order to be a printer client, Linux boxes have to be running
something small to make the connection. lpr with their only printer
pointed at the big RH box as a remote printer, for example.
rlpr might be a fast thing to try on one of them.
Please advise if you're using CUPS or lprng. While the general answer
(make sure the clients know who the printer is and have the protocol
loaded) is the same, the details of the answer are quite different. And
the docs at linuxprinting.org
may be handy indeed.
Loads of Linux Links
Mon, 29 Dec 2003 11:41:25 -0800 (PST)
Barbara E. Irwin (
beirwin from shaw.ca)
I am one of the contributors for the Loads of Linux Links project
(http://loll.sourceforge.net/linux/links/index.html).
FYI, this is a GPLed database of 4000+ subject-classified, searchable, and
important Linux and Open Source links for all levels of Linux users. It was
originally a project started for the Victoria Linux Users' Group and is now
hosted by SourceForge.
Barbara
How can you find the correct /dev/hd?? for the C: drive
Thu, 04 Dec 2003 17:18:39 -0500
Neil Youngman (
The
LG Answer Gang)
Question by Michael Brusnahan (michael from commsoftware.net)
Hello
The install for mulinux cannot find the download files.
After the boot command there is a message about /dev/hda?. My pc has
two hard drives with 4 drive letters C, D, E, F
C, E, F are 2 gig partitions on 1 drive
D is a 4 gig drive
The boot command cannot find the C:\mulinux directory with the install
files. It seems the C drive is not /dev/hda1. I have tried hda2, hdb1,
hdb2 etc.
Would you know how I can find out the correct /dev/hd?? for the PC?
Thanks
--
mb
[Neil]
Normally it would be /dev/hda1, however if it is a scsi disk, it could
be /dev/sda1.
-
You may also find an answer at
- http://www.tux.org/pub/distributions/tinylinux/mulinux/faq/faq.html
We don't have enough information to give a really helpful answer, see
http://linuxgazette.net/tag/ask-the-gang.html for hints on how to help
us help you.
Combining multiple PDFs into one
Thu, 5 Jun 2003 21:41:52 -0600
Jason Creighton (
The
LG Answer Gang)
#convert ps files to a pdf file
system $GS, $GS_ARGS, $filelist
and die "Problem combining files!\n";
This did not work no way, no how. I kept getting "/undefinedfilename"
from GS no matter how I quoted it (and I used every method I found in
the Perl Bookshelf).
Hm. I didn't try it, but -
perl -we'$a="ls"; $b="-l"; $c="Docs"; system $a, $b, $c and die "Fooey!\n"'
That works fine. I wonder what "gs"s hangup was. Oh, well - you got it
going, anyway. I guess there's not much of a security issue in handing
it to "sh -c" instead of execvp()ing it in this case: the perms will
take care of all that.
The problem is probably that $GS_ARGS and $filelist are both strings with
multiple arguments in them: Since you're calling system() with more that one
arg, (bypassing /bin/sh) splitting the command line into words is your
responsibility.
Oh, duh. Thanks, Jason; my brain musta been out on loan that day.
You're right, of course.
# Convert string to list - TMTOWTDI, of course...
@a = split / /, "$GS -whatever -long -argument -string -follows";
system @a and die "Famine, sword, and fire! - $?\n";
If this isn't quite clear, some help from a handy script might
work:
#! /usr/bin/env ruby
puts ARGV.inspect
(Actually, I could have witten this as "p ARGV", with does the same thing that
I wrote here.)
Or, for those of you watching at home who haven't installed Ruby yet:
#! /usr/bin/env python
import sys
print sys.argv
Anyway, here's the script in action: (Actually, this isn't either of those
scripts in action: It's a C version I wrote as a programming exercise. But it
does the same thing.)
~$ putargs $(date)
[ "putargs", "Thu", "Jun", "5", "21:23:14", "MDT", "2003" ]
~$ putargs "$(date)"
[ "putargs", "Thu Jun 5 21:23:17 MDT 2003" ]
~$ putargs ls filename with spaces
[ "putargs", "ls", "filename", "with", "spaces" ]
~$ putargs ls 'filename with spaces'
[ "putargs", "ls", "filename with spaces" ]
~$ ls filename with spaces
ls: filename: No such file or directory
ls: with: No such file or directory
ls: spaces: No such file or directory
~$ ls 'filename with spaces'
ls: filename with spaces: No such file or directory
You see? The caller of a program does the splitting. And that means that if
you want to call other programs, you have to do it too, or else your script
will crash if somebody tries to use it on a filename with a character in it
that the shell considers special, like a space or a star, because system()
with one arg is calling /bin/sh behind your back.
So that's the main reason for bypassing /bin/sh: It gives you more flexibility
with filenames: The "security risk" Ben keeps warning everyone about isn't,
IMO, really the issue. It's just good style not to leave that sort of thing to
the shell. Especially if your program is setuid/setgid.
Jason Creighton
what is "no"? (missing prog for binutils compile)
Thu, 29 May 2003 15:53:14 -0700
Faber Fedor, Karl-Heinz Herrmann (
the
LG Answer Gang)
Question by Jim Dennis (the
LG Answer Guy)
with note by Alan Modra (binutils developer)
[K.-H.]
Now -- it's an unbearable situation that my Linux doesn't know "no".... But
I've no idea what it is and you can imagine that a google for "no" even with
linux and some other keywords around are not very helpful.
Any ideas?
[Faber]
Maybe it's called "nein" on your computer? <grvf>
I can't find a "no" on my Red Hat 8 box either.
[JimD]
I think /usr/bin/no was (would be) a counterpart to the old
/usr/bin/yes command:
See attached no.sh.txt
... so "no" could just be an alias or script that calls /usr/bin/yes
with the "no" argument:
/usr/bin/yes no
I realize this sounds silly and stupid, and April 1st is long past for
this year. But I'm not kidding. That Makefile (or whatever) seems to
actually want to pipe an endless stream of "n" or "no" lines into some
other process. (/usr/bin/yes was traditionally used in a pipeline with
fsck to automate the process of repairing a filesystem that need lots
of work -- then they just added the -y option to the GNU/Linux versions
of fsck.
[K.-H.]
I put the question up with bugreports for binutils and got:
[Alan Modra]
/bin/sh: no: command not found
This is a result of binutils being stuck on using old buggy autoconf.
Install a new version of GNU gettext, or configure with --disable-nls.
[K.-H.]
Got a new gettext which includes some "no"'s
khh > find ./ -name "no*"
./gettext-runtime/po/no.po
./gettext-runtime/po/no.gmo
./gettext-tools/po/no.po
./gettext-tools/po/no.gmo
unfortunately with a new gettext (gettext-0.12.1.tar.gz) and nls enabled I
get a linker error for some gettext symbol. The solution without nls works
for getting binutils compiled.
K.-H.
He said he'd try it on the new kernels too, but we're not sure what his
results were.
-- Heather
Odd Behavior When First Launching Netscape Version 4.80
Sat, 7 Jun 2003 15:33:49 -0500
Chris Gianakopoulos (
The
LG Answer Gang)
Hello Gang,
I am now running the SuSE 8.2 Linux distribution on my main system. I
use Netscape 4.80 for browsing my machine (locally) using Apache 1.3.27.
When first launching Netscape, followed by pressing the "Home" button, I
would get a message indicating that a connection was being established to
localhost. I would wait for a long time, cancel the connection attempt,
try connecting to my host name (saturn in this case), and then connect to
local host. Then the connection occurred immediately.
I searched the Web and found that something called asyncronous domain
lookups are automatically enabled in Netscape 4.80 by default. Disabling
this feature fixes my problem. Here is what I did.
edit the file, /usr/X11R6/bin/communicator, and place the following line
in the file:
export MOZILLA_NO_ASYNC_DNS=True
I changed the environment variable in the above file rather than my .bashrc
because I wanted this to take effect systemwide (and via the various tool
buttons associated with my window manager).
So, this might be taken as a 2 cent tip.
Regards,
Chris Gianakopoulos
searching PDFs made from faxes
Tue, 01 Jul 2003 22:25:52 +0200 (CEST)
Karl-Heinz Herrmann (
The
LG Answer Gang)
Is anyone aware of a way to search PDF files that were created from
faxes, e.g. tiff files?
I'm guessing that OCR has to be utilized here, right? I've come across
things like pdftotext, but the fact that the PDF started life as a TIFF
is, I think, a complication.
For the record, I'm putting together a fax server solution for a client.
The ability to search the faxes for text strings would be killer.
your guess is quite right -- if the pdf contains only a large graphic and no
actual text you would need ocr. gocr:
http://jOCR.sourceforge.net
-
or claraocr:
- http://www.claraocr.org
...might come in handy (gocr
seems already trained while clara ocr is a quite different method). gocr
produced reasonable results for me already 1 or 2 years back. BUT: I had
clean 300dpi scans. From a jagged looking Fax..... I guess you are facing
serious problems.
K.-H.
PerlHoo rocks
Thu, 11 Dec 2003 15:07:49 -0800
Rick Moen (
the LG Answer Gang)
Some folks will have noticed me referring people to flat ASCII files
I've squirreled away over the years on my Web server, usually inside
http://linuxmafia.com/~rick/linux-info . While useful, this collection
has always been (1) butt-ugly and (2) disorganised.
I've long realised I needed some sort of proper Web framework for all
that material, and Rob Tougher's work updating the Gazette's HTML showed
me how much improvement the addition of cascading stylesheets (CSS) can
bring with only modest effort[1]. All of these thoughts came together
when I ran across PerlHoo, a Yahoo-like Web directory system implemented
in two simple Perl CGI scripts.
Please see: Description by author Jonathan Eisenzopf <eisen@pobox.com>
in his series of three articles at Mother of Perl,
http://www.webreference.com/perl/tutorial (recommended reading).
PerlHoo is simple, malleable, lightweight, fast (up to some thousands of
documents per directory), and can point to URLs on or off your system.
Its design limitations are:
- No database support. Scaling limited by use of system directory
trees as a data store.
- No searching.
- No multiuser controls or contents versioning / rollback.
If you need those things, there's a follow-on called PHPhoo.
Personally, neither wanted nor needed them, and PerlHoo's exactly right
for my needs.
There were two minor problems with Eisenzopf's design, as I found it
in his most-recent (v. 1.1) tarball:
- Sucky URLs. PerlHoo indexes show up at CGI-synthesised virtual
directory locations, e.g., http://linuxmafia.com/cgi-bin/perlhoo.pl/Apps
for the Apps directory of PerlHoo's document tree. Finding a way to
substitute something shorter for the "cgi-bin/perloo.pl" portion of
those URLs would fix several things at once:
- Simpler, easier-to-remember paths.
- Security-through-obscurity benefit of not advertising your
use of a CGI script that might be attackable.
- Greater Google-friendliness. (Google seems not to index as
enthusiastically trees that give signs of being CGI-generated.)
Fixing this required use of Apache mod_rewrite to make the undesirable
patch element disappear, and a tiny bit of surgery on PerlHoo itself.
- Outdated and somewhat broken HTML. Eisenzopf's CGI-generated
pages lack SGML DTDs, closing "body" and "html" tags, and the required
"ul" pair to go with its use of "li" elements. The page relies upon
setting specific colours by their hexadecimal identities, rather than
using CSS. It also incorrectly used a nested "p" and "h3" structure
to attempt physical markup. I've fixed all of these things, so that
pages generated by perlhoo.pl are now CSS-oriented and pass the W3C
validator as HTML 4.01 Transitional.
Just so other people don't have to reinvent those particular wheels,
I've posted my modified and documented version of PerlHoo at
http://linuxmafia.com/pub/linux/apps/ .
The tarball includes
full instructions on how to configure Apache, including mod_write .
My PerlHoo instance, "Linuxmafia Knowledgebase", can now be found at
http://linuxmafia.com/kb .
To answer the other obvious question: Why, yes, of course I've gotten
Ben Okopnik hooked. I'm no dummy! Ben says he's hacked PerlHoo
separately to support individual stylesheets for each directory of
PerlHoo's index, but I've not yet seen the results.
[1] One difference being that Rob has graphical design talent. I'm
certainly not trying to denigrate Rob's excellent work.
previewing and printing text files
Tue, 17 Jun 2003 20:59:45 -0400
Ben Okopnik (
LG Answer Gang)
There are lots of times when I want to print a text file but don't want
to do it in the Default Ugly Courier font, or want to shrink, say, a
page and a half down to a single page - and word processors are just too
much bother for a simple font/size tweak. Here's a script that lets you
pick font/size combinations until you're satisfied with what you see,
although the fonts are restricted to the AFM types that come with
"enscript" (40 options, more can be added.) I find them to be more than
adequate for my purposes.
See attached preview.bash.txt
Ben Okopnik
If you can scare your OS tell someone who can fix it
Sat, 20 Dec 2003 09:54:00 -0500
Ben Okopnik (
the LG Answer Gang)
Here is a non emergency head scratcher for you.
I was wondering if anyone has any experience with the Sandisk 256mb
USB flash drive and Linux. I got the drive to work once, and ever
since it causes a kernel panic. This is not limited by distributions
or hardware, as I have had it work once on a gateway laptop, then ever
after it would crash any linux machine I plugged it into.
That's pretty impressive, in a bad way.
As you know, it's usually
pretty hard to crash Linux. On the other hand, USB is a special case -
for my money, all of its related problems come from the fact that it
brings user-space uncomfortably close to what was always a root-priv
operation (hardware usage, control over ports, etc.) One of the major
reasons for that separation has always been the security truism of
"physical access equals root access" - and with USB, all our noses are
being rubbed in that lesson. However, everybody seems to desperately
want the stuff, so...
(USB is a nifty technical hack, and serial is way outdated - but
giving the average user the ability to effectively fiddle with the guts
of the machine is Not A Good Idea, IMO. Ditto PCMCIA - and note that
there were a few years when it had pretty much the same problems that
USB is going through now. Surprise, surprise...)
Not that I don't think it's possible to get it right, mind you; it's
just going to take a bit of finer slicing and dicing than (in my
opinion) we've managed so far... USB under Linux is still highly fragile,
although it can mostly be made to work. Note that I'm talking about the
stuff out on the bleeding edge, things that most people don't use: the
more common run of things (printers, mice, keyboards, etc.) is pretty
stable at this point.
However, there are people out there trying to resolve this fragility,
and achieving measurable gains. The important part here is that they
need your help - that is, the help of anyone who runs into a problem
with USB. They particularly (I'm projecting, but with a reasonable
degree of certainty) love to hear from folks like you, who have found
what I call a "reliable problem" - this is the core of what makes Linux
work, and why it is generally as bug-free as it has a reputation for.
You have a problem, notify the maintainers about it, they fix the
problem, you give them feedback - and that problem is gone. Repeat until
the code is washed sparkling-clean, and that chunk of Linux is
bullet-proof.
SO, to wrap up this long-winded expository, please report this
problem to the appropriate maintainer. You can save a bit of time, and
ease their work tremendously, by running "ksymoops" with the copy of
"/var/log/kern.log" that contains the "Oops" from the crash and the
current copy of "/var/log/ksymoops/[whatever].ksyms", and sending them
the results - or at least including those two files in the problem
report.
As I said, this is a general question, I recommend not using Sandisk
to my Linux using companions.
I think it would be better all around if you were to help the
maintainers resolve the problem instead.
This page edited and maintained by the Editors of Linux Gazette
HTML script maintained by Heather Stern of Starshine Technical Services, http://www.starshine.org/
Published in Issue 98 of Linux Gazette, January 2004
The Answer Gang
Contents:
- ¶: Greetings From Heather Stern
Apache LAN woes.
- Preventing Shutdown if NFS Shares Are Open
- SSH tunneling
- about windows and linux...
- checking hard-disk in debian
- question about env vars
- temporary environment changes
Greetings from Heather Stern
Greetings, gentle readers -- welcome to a new year here at Linux
Gazette.
Congrats on finding the world of the Linux Gazette Answer Gang. If you
never felt lost finding it this last month or three, thank you - ever
so much! - for your perseverence.
For those among the Answer Gang whose names were lost when we couldn't
retrieve the old list - Glad to have you back! The signup list is at:
http://linuxgazette.net/mailman/listinfo/tag
If you're new to this magazine, welcome doubled. Have some hot
chocolate and a few software packages. Pull up a chair. Hang out
and share.
To catch everyone up to speed, the Peeve Of The Month refers to the
most common reason, statistically, the querents did not get answered or
didn't like the answer they got... expressed as whatever peeve of ours
they crossed so's to make them lose their TAG lotto ticket.
It in so sense has much to do withas much to do with the toasty crispness
we bring our marshmallows to while roasting our querent's ability to
form a good question when OF COURSE
they dunno the answer already...
At the moment, "statistically not getting an answer" and "peeving the
gang" get different results. Statistically the biggest reason for not
seeing your answer last month might be if you were still looking at the
other site. Just to make it clear, if you like the style of the other
site, visit both of us. Plenty of Linux to go around. But I suspect
you'l find us... ahem a little more fun.
Statistically this month the reason went back to simply not providing
enough information for us to figure out what your question was. With
"not linux" being a close second. Honorable mention for the company who
wants us to take over their "answering service" ... errr, we don't do
general phones, linux based PBX or not.
For those whose question made their way to us - and it isn't as bad as
we feared folks, we got 460 mails in November, and a little less this
time but Christmas time is always light.
Now, I must apologize, Most of this is the Blurb I wanted you folks to
read in December -- and I daresay the condition hasn't changed much.
But I will top off with thoughts for the New Year, as well. (For why we
missed December, please see the Mailbag.)
Now, we've got a new thing to
annoy the heck out of us - after we start answering -
people changing the subject line when the
topic hasn't changed! One fellow not only did this almost every single
message, but also was replying singly rather than to the group. We
can't gang up on problems like that. No single one of us - even the
grizzled among us - are experts at everything. (You want proof? see
the SSH thread, and some of the Tips this month.) If you don't like the
topic you picked at first, tell us inside the message. That's why we
have an editorial staff, so we can do stuff like that to the message and
make it easy to read. But make it easier for the folks who *have*
decided to help to stay on your thread. *sigh*
Chanukah and Christmas both passed by and I've still mostly no
idea what to get my geek friends that apt-get isn't already halfway
to downloading. (Or urpmi,
if they're Mandrake
fans. Thanks to one of the Gang for that tip.) They buy parts for
their computers faster than I do, anyway. Maybe they'd like some nice
parchment editions of the GNU, artistic, perl, MIT, and a few other
licenses to hang on their wall. Jim's mom found a great present though
- a polo shirt with #! as its logo. Not only that, but I think
that ThinkGeek has stopped offering them...
There's one they'll want to steer well clear of, except of course for
the ones who love talking politics and law (and perhaps other things one
doesn't wish to watch being made). But, if you want a good laugh -
a good chuckling belly laugh - and maybe some better understanding of
what's going on in the SCO case, you have got to read the Groklaw site.
I laughed out loud just reading the "Why Groklaw" interview; who
couldn't laugh at "SCO Falls Downstairs, Hitting Its Head on
Every Stair" even just as a title. This is from someone who just has a
lawyer friend with a blog; she claims no special talent in law, sysadmin
tasks, nor coding. Just "the person in the small law firm who knows
enough about computers" to get by. I know you won't believe me, but
we all had to start somewhere. Hanging out with lawyers gives he an ear for
hoping to translate it... and I agree with her - the hunger
to actually undertand what the heck is going on with all these court
cases is real. Specific to SCO, these threads are good too. Better yet
they're not all silly, tho one of these is:
http://www.groklaw.net/article.php?story=20031119041719640
http://www.groklaw.net/article.php?story=20031106164630915
And then there's what Netcraft had to say about it. Make sure your ribs
are all in good order first - they're gonna ache from laughter - and set
your mind to 7 bit ascii:
http://news.netcraft.com/archives/2003/08/23/your_urgent_assistance_required.html
For balance, here are some more serious points to consider. I'm sure in
the case of the GNU philosophy [http://www.gnu.org/philosophy/] we're
singing to the choir, but once curious, may as well sate your thirst:
http://www.osdl.org/newsroom/articles/osdl-second-statement.html
http://www.gnu.org/philosophy/sco/
These do have pointers to other sites as well.
Ahhhh... philosophy. My December was a rather rocky time, full of both
glad things and sad things, troubles and hope. So I think my lesson for
the new year is about choices.
You have to make your own.
In the sense of Linux, there really are a great many. For at least a
couple of years there have been more varieties than you can shake a
stick at. And you know what? They're getting pretty good.
So before you go picking out a distribution, don't just look at what
your geeky pal tells you is the best. Certainly he or she has spent
some time discovering that for themself. Your needs, however - may
vary. Maybe you write all your friends who don't have computers - then
printing and its troubles will be important to you, maybe scanning too
so they can see the silly things your cat is up to. Need to boot from
almost anywhere but don't need much of a console? Maybe cramming a tiny
distribution on one of those USB thumb drives would be the thing. Or
whatever. Don't want to figure out all these scary things, just wanna
surf? Well heck. Try Knoppix.
As a last note - the
holiday season's a crazy time (at least here it is). Drive safe. Pay
attention to people around you and what you're doing. If it's a time
to be thinking of peace, think how best to keep that peace - and if the
bricks fly, to defend it in a way still consistent with your own ethics.
Happy yuletide.
Apache LAN woes.
From Dave Hope
Answered By: Jason Creighton, Benjamin Okopnik
Hello all,
Well, here goes, strange, I feel shy writing an e-mail, I suppose there's a
first for everything... Anyway, I have a VERY basic LAN setup at home, so
basic I should be ashamed to call it one.
[Jason]
Hey, that's why it's called a Local Area Network: It's local! If you
have at least 2 computers talking to each other, you've got a LAN.
Anyway I decided it was finally
time to remove Apache from my desktop machine (which connects to the net) and
put it on an old 500MHz machine of mine (Told you my LAN was small).
Everything was, and to a certain degree, still is running fine. However, I
decided it high time I made this webserver of mine accessable to the world.
At the time, I thought it'd be a trivial task, how wrong I was.
[Jason]
Why did you do this? Not that there's anything wrong with it or
anything, but if your desktop machine can handle the traffic without
causing problems, I don't see any reason why you couldn't run your web
server on it. But....
Anyway, after asking on experts-exchange.com for some help with my iptables
configuration and badgering various people in #hants on irc.blitzed.org I
eventually got traffic forwarded to my webserver. However, when accessing the
webserver from, not surprisingly the web, I get a lovely 403 (See Error
Message
.
I've just set LogLevel to overkill (more commonly known as Debug
-- Thanks for the suggestion, Heather.) in Apache and have what seems to
be useful information (See Access_Log: and Error_Log
. But, alas, I have no
idea where to go from here, any advice would be more than welcome. (For
information on my LAN and general other stuff, see Info
Info:
Server Distro: RedHat9
Desktop Distro: RedHat9
Apache Version: 2.0.40
Diagram: (Yes, it IS that basic).
[Internet]--[Desktop]--[Server]
Error Message:
Forbidden
You were denied access because:
Access denied by access control list.
Access_log:
192.168.1.2 - - [26/Nov/2003:17:26:08 +0000] "GET / HTTP/1.1" 200 2336
192.168.1.2 - - [26/Nov/2003:17:26:08 +0000] "GET / HTTP/1.1" 200 2336
192.168.1.2 - - [26/Nov/2003:17:26:08 +0000] "GET /favicon.ico HTTP/1.1" 404
1009
Error_log:
[Wed Nov 26 17:26:08 2003] [error] [client 192.168.1.2] File does not exist:
/var/www/Default/htdocs/favicon.ico
[Wed Nov 26 17:26:08 2003] [error] [client 192.168.1.2] Syntax error in type
map, no ':' in /var/www/error/contact.html.var for header
error/http_bad_gateway.html.var
[Wed Nov 26 17:26:08 2003] [error] [client 192.168.1.2] unable to include
"../contact.html.var" in parsed file /var/www/error/include/bottom.html
Well, I'm now in an even worse situation. Having just moved from RedHat abck
to SuSE, I cant get as far as I was before. I'm nbow using the following
lines:
iptables -t nat -A POSTROUTING -o ppp0 -j MASQUERADE
iptables -t nat -A PREROUTING -i ppp0 -p tcp --dport 80 -j DNAT --to
192.168.1.1
iptables -t nat -A PREROUTING -i ppp0 -p tcp --dport 443 -j DNAT --to
192.168.1.1
iptables -A INPUT -i lo -j ACCEPT
iptables -A INPUT -i eth0 -d 192.168.1.1 -j ACCEPT
iptables -A INPUT -m state --state RELATED,ESTABLISHED -j ACCEPT
Now, when I try to access apache from my ppp0 ip, I don't get through, it
just doesn't seem to connect. Any clues as to why? (Ohh, and
/proc/sys/net/ipv4/ip_forward is 1).
[Ben]
None, AFAIK; that would be why it's not happening. Here's me forwarding,
both in and out (-s for source, -d for destination) for my iPaq:
...
# Flush iptables
iptables -F
# Masquerade any packets that go our from the specified address
iptables -t nat -I POSTROUTING -j MASQUERADE -s 192.168.0.202/32
# Forward any packets _for_ 202
iptables -I FORWARD -s 192.168.0.202/32 -j ACCEPT
# Forward any packets _from_ 202
iptables -I FORWARD -d 192.168.0.202/32 -j ACCEPT
echo 1 > /proc/sys/net/ipv4/ip_forward
Preventing Shutdown if NFS Shares Are Open
From edal
Answered By: Thomas Adam, Jim Dennis
[Heather] This thread followed us across the move from SSC, parts of it were on
both editions of the answer gang's mailing list...
Hi there
Does anyone have any ideas ? Answers to edal@NOSPAM.freestart.hu please, remove NOSPAM for the address to work.
Thanks.
I run a couple of machines at home, both setup with Fedora, a laptop and
a server which also doubles as a second desktop machine. The laptop
accesses a home directory on the server using an NFS share and the
'mount' command. All of this works just fine apart from one problem.
When the server is shut down and I have an open NFS share on the server
my KDE desktop hangs.
[Thomas]
Yep -- I can see how this might be. I run NFS on my LAN at home, and
although I do not have the same problem as you (fvwm), I suspect the
reason why KDE hangs is because "konqueror" is an integrated (highly
integrated) part of KDE. It is not just a file/web manager, it is also the
backbone. If that hangs, you've had it.
I've done some playing around with the /etc/shutdown.allow file but all
this does is list the people who are allowed to turn the server off.
What I'm looking for is a way to prevent a server shutdown if someone
else is using an NFS share on the machine.
[Thomas]
Hmm, you'd have to do the check before the "unmount -a" command is run
on init 0. There is a file present in all Linux distro's called
"/etc/halt.local" which gets run on init 0. The trick here though is to
know the order in which it is run. Obviously, it'll be no good if it gets
called before the "unmount -a" option. Luckily for you though -- it
doesn't.
So, the steps you might do here is thus:
# touch /etc/halt.local
# vi /etc/halt.local
Add the following...
#!/bin/sh
#halt.local -- ought to get read at init 0
MY_DIR=/dir/that/is/mounted/over/nfs/
[ $(mount | awk '/name_of_dir/ {print $5}') = "nfs" ] &&
{
/sbin/shutdown -c
}
save the file.
But of course, if I had read your question, I'd have realised that
actually, what you ought to have is something like this in your ~/.profile
file (ignore everything previously -- I'm leaving it in for historical
purposes):
See attached thomas.clientside_haltme.bash_profile.txt
Then run:
source ~/.profile
and try running:
haltme 0
Not tested it -- ought to work though.
Perhaps it is my limited knowledge of English (I thought that posting in Hu
ngarian would be a problem) but I do not think I got the question across co
rrectly.
I do not want to do anything with the NFS client, I want the NFS SERVER to
cease a shutdown if one of its NFS shares is in use. Is this what your file
does ?
[Thomas]
No, it negates it the otherway around, and says that if the client NFS is
mounted then do not shutdown the NFS client. Shrug -- OK, so we negate the
problem onto the NFS server... This will be a little more trickier to do.
I suppose you could utilise the /etc/exports file but even then, you'd
have to have a way of testing it.
[JimD]
This symptom is the classic result of NFS hard mounts and without the
"interruptable" option; which are the defaults under Linux.
Change the NFS line(s) in the /etc/fstab to list "intr" in the options
field. Something like:
fserver:/usr/share /mnt/nfs/fserver auto intr,ro 0 0
Feel free to read the fstab man page for details about what these
fields mean; and the mount man page, particularly the section on NFS
options.
Making it "interruptable" will allow process that attempt to access
this export (share) to be killed. By default such processes will
simply be blocked until the NFS share becomes available.
You could make it a "soft" mount --- which would be that the attempts
to access such directories or files would eventually timeout. However,
"soft" mounts are generally considered to be a bad idea. Most programs
will abort and exit on some timeouts; however, some will just exhibit
odd, unpredictable, behaviors on file/directory access timeouts.
When you mount filesystems you should make it a practice to unmount
them when not in use and especially when shutting the NFS server down
or disconnecting that machine from that network (in the case of
laptops).
Keep in mind that NFS was not designed to support laptops, mobile use,
and "occasional use" filesharing. It's built around a set of
reliability assumptions and intended semantics that are not suited to
situations where your fileserver might not be up or might be
inaccessible. It's not suited to "browsers" and interactive file
manager use where attempts to access a directory can result in a "soft"
error.
NFS systems try to open a file or access a directory and they continue
trying FOREVER until they are interrupted (if the intr option is
enabled), the system is restarted or the server becomes available.
I've heard of an old case where a pair of UNIX systems were connected
over NFS, where an unattended job was running on the NFS client while
it's server was down. The server was replaced! The data was restored
to the new server and, when it was brought up on the net the client's
process' woke up and completed their job. (That was a month after the
job started --- it just slept in the interim). I have personally had
an NFS server fail, hard drives fail, brought it down, replaced the
drives, restored from backups, and seen the clients just continue
working on the newly restored system unaware of the change.
It's a different set of reliability semantics that harkens back to a
batch processing computing model.
Eventually some form of AFS, Coda, Intermezzo or some other newer
filesharing protocol (perhaps even NFSv4) may be more appropriate to
your needs. For now, just add the intr option to your fstab and
understand that processes that access those portions of the tree will
block forever unless they implement their own non-blocking and timeout
semantics.
SSH tunneling
From Ben Okopnik
Ah... Ben. You just know it has to be juicy good stuff if
it stumps one of the core Answer Gang like this. Enjoy!
-- Heather
Answered By: Karl-Heinz Herrmann, Rick Moen, Robos, Heather Stern
Hi, all -
This week, I'm teaching at a facility in Baltimore where the admin has decided
that a non-transparent proxy is The Flavor Of The Week. This, needless to say,
is a Huge Pain. I have to define/undefine HTTP_PROXY and FTP_PROXY - and their
lowercase equivalents - and log out and back in when I'm there, and reverse the
process when I'm back in my hotel. Oh yeah, gotta do the proxy settings in
Mozilla, too. Oh, and if I want to use Netscape to test something... Yecch.
<Ron Popeil mode>"But there's more!"</RPm> In order to do anything useful with
files at LG, I have to tweak them locally, then upload them to the border router
(Monsieur Admin saw fit, after much conversation, to give me SSH access to it),
then shove them up to LG from there. This is annoying, to say the least.
So, my question is this: would it be possible for me to set up some sort of an
SSH tunnel from my 'top through that border router? I saw something about
tunneling in the MindTerm dialogs (I'm not really even sure why I'm playing with
MT, except that I was curious about it
, but couldn't figure it out since I
don't understand the basics behind the concept.
I've got "authorized_keys" on the router (which uses port 1022 - hey, might as
well make it interesting, right?); I can download whatever software I need via
HTTP or FTP. No "rsync", no SMTP, no POP, and no direct SSH access, though.
Any advice?
[K.-H.]
So you've ssh access on the router? then you can tunnel whatever you
want, basically. In howfar things are getting more convenient is
something else. Still you've the different setups inside and hotel.
Let's start with improving mail access
from my ~/.ssh/config
[Heather] With some tweaking to sanitize hostnames and make the examples
consistent.
See attached kh-ssh_config.txt
[K.-H.]
One major drawback with ssh tunneling is:
You want to tunnel arbitrary connections like a http proxy, but for
every target you have to setup a forwarded port as the information where
you want to go is lost in the tunnel. Another problem might be that you
need a target from where you can access everything you want. Having a
proxy on that other end helps a lot for http and ftp.
Theres seem to be very recent ssh versions which can improve this
situation, but I'm not quite sure how they handle this. My local version
does not have anything in the man-pages. That might have come up on TAG
-- or maybe somewhere else.
If you want to rsync LG files and this is a defined port you can set up
a forwarding for that too of course.
forward a gateway port 9999 to target:rsyncport
connect to gateway 9999 and tunnel to target:rsyncport
ftp passive should work too -- but http and ftp work via proxy anyway.
ssh to a small set of targets is possbible via a set of forward rools,
one each target. something like:
alias "ssh_target1"="ssh gateway:target1port"
might make it even convenient.
OK... I'm missing something. I'm not sure if I've got this right, but here's
a part of my ~/.ssh/config:
See attached ben_ssh_config.txt
I tried the above - "ssh -p 8022 10.3.99.1" - and got "Connection refused".
(( This is for the local machine (the laptop), right?
[K.-H]
All these hosts and ports are somewhat confusing. Or you might miss the
"GatewayPorts yes" in the config.
You've two possibilities I think:
- You ssh from lap to gateway and activate port-forwarding rules. This
will only make generic access possible, transfer from gateway to
target is unencrypted.
- Or you ssh to gateway and run an ssh there to the target doing the
port forwarding. You point your laptop to gateway:FW_ports for the
connections (requires GatewayPorts yes).
Ah-ha. OK, this is starting to make sense - among all the permissions
stuff, etc. I think that what you're saying is this:
- On the gateway, bind a listener to an unprivileged port and forward
- From the local host, connect to the forwarded port on the gateway
Man, that sounds too simple.
[K-.H]
I explain the first in more details, I think, as this should be enough
for e.g. mail access.
shell one
khh > ssh -f -N -L 8099:mod001.example.com:25 mod017@mod021.example.com
This is being issued on the gateway, right? I understand the
"port:host:port" syntax: 8099 is mod01:8099, which is being forwarded to
mod021:25 (the remote machine).
[K.-H]
shell two
khh > telnet localhost 8099
Trying ::1...
Connected to localhost.
Escape character is '^]'.
220 mod001.example.com
Sendmail 5.65v4.0 (1.1.3.9/23Jul93-0336PM) Tue, 9 Dec 2003 21:51:33
+0100
shell one reacted to the connection:
The following connections are open:
#3 direct-tcpip: listening port 8099 for mod001.example.com
port 25, connect from ::1 port 33813 (t4 r2 i0/0 o0/0 fd 12/12)
mind the localhost as other interfaces are not "local".
khh > telnet khhlap 8099 ## khhlap is me too
Trying 192.168.2.3...
telnet: connect to address 192.168.2.3: Connection refused
What you do now is run one ssh from the lap to the gateway
- does it connect?
- what does "-v" tell you about forwarded ports
- finally on the lap what does:
telnet localhost 8025
do ?
point fetchmail (or MUA directly) to localhost port 8995 and you should
be able to read mail instead of working
[Rick]
I'm tempted to suggest proxytunnel, corkscrew, or httptunnel, as
mentioned in http://linuxmafia.com/~rick/linux-info/firewall-piercing .
http://proxytunnel.sourceforge.net
http://www.agroman.net/corkscrew
http://www.nocrew.org/software/httptunnel.html
Get in touch with your inner BOFH, Ben.
I actually ran across "corkscrew" on a Debian list; however, its description
(from "apt-cache show corkscrew") sounds exactly like the Perl script that
Frodo sent in, requiring HTTPS and support for the "CONNECT" method. I
hadn't run across either of the "*tunnel"s, and will check them out if
Karl-Heinz' method (which sounds like it _should work!) doesn't pan out.
[Robos]
OK, I still have very little clue about networking, but here in my
appartment my flat-pal set up a vtund (a tun) over which we pass everything
when we go wireless. This is a tunnel over ssh. Ping, dhcp, http, ftp,
everything goes through this. Isn't this what you need? Sorry if I
misunderstood it.
Hum. I just tried this on the laptop - I'm not at work anymore, so I'm a
little restricted in my experiments.
ben@Fenrir:~$ ssh -fNL 8995:localhost:995 target.example.com
It did what I thought it should - backgrounded itself.
ben@Fenrir:~$ ps ax|grep "[s]sh "
657 ? S 0:00 ssh -fNL 8995:localhost:995 target.example.com
Then I tested it -
ben@Fenrir:~$ mail -sfoo ben@linuxgrrzette.net
Foo!
Cc:
ben@Fenrir:~$ fetchmail -vvv --ssl -uben -P8995 localhost
Enter password for ben@localhost:
#*******************
ben@Fenrir:~$
Wow, cool. That worked. However... I'm still trying to figure out how
it'll work with three machines. Would it be something like this?
# Issued on the gateway
ben@gateway:~$ ssh -fNL 8995:localhost:995 target.example.com
# Issued on the laptop
ben@Fenrir:~$ fetchmail --ssl -uben -P8995 gateway
[K.-H]
At least you got a working setup going. The ssh commandsequence I gave
you was a sllightly different concept as the one you tried, that's why
we still do not talk about the same thing.
I was trying to setup a connection like this:
lap runs a tunneling ssh to gateway. lap is 10.* so private, gateway is
10.* but should be able to route to outside, or it wouldn't be a
gateway. So if you set up a ssh from lap to gateway
at lap> ssh -L 8995:OUTSIDETARGET:995 gateway
<