...making Linux just a little more fun!



[ In reference to "FVWM: How Styles are Applied" in LG#127 ]

David Chanters [david.chanters at googlemail.com]

Sat, 14 Apr 2007 23:03:06 +0100

Hey all,

I read with interest the article which explained how FVWM parses its style lines. I've been a FVWM user for about two years now, and this article really inspired me to rearrange parts of my config. I now have everything the way i want it, except for some things, which I want to ask the rest of you:

1. Are any of you using FVWM, and if so, do you have anything useful to share, such as key-bindings, etc? 2. Can I somehow get new window to receive focus even though I am using ClickToFocus? 3. What's FvwmIconMan and do I really need it to replace FvwmTaskBar?

I hope the gang can help with this, and thank you so much for this article. In klnd regards,


[ Thread continues here (3 messages/3.82kB) ]


[ In reference to "HelpDex" in LG#135 ]

Ben Okopnik [ben at linuxgazette.net]

Tue, 3 Apr 2007 09:51:29 -0600

On Thu, Feb 08, 2007 at 01:07:39PM -0500, saallan@wightman.ca wrote:

> I have read your article discussing swf and possible open-source readers and players.
> My Debian Linux machine (a Mac Quadra running Sarge) is nowhere near adequate to
> your suggestions. Is there a swf to jpeg converter that could run on my system?
> Thanks - Larry in the Ontario deep woods.

Hi, Larry - I know it's taken a while to answer, but I've been tied up in a lot of other things, all while trying to find an answer - although it was for reasons different from yours, but a similar problem.

As far as I can tell, the solution for reading SWFs on older, slower machines is to use a viewer other than Adobe's; e.g., 'swf-player', or Gnash (http://www.gnu.org/software/gnash/), or one of the viewers listed at osFlash 'http://www.osflash.org/'. Have you tried any of those yet? I found that swf-player is pretty easy on the CPU and disk space both. Please let us know how it goes.

Coming at it from the other end, I'm using Ubuntu on a 64-bit AMD laptop - and as it happens, I have (well, had) the same problem from the other end: I couldn't view SWFs because there isn't yet a 64-bit Flash viewer for Linux. Well, some people - including GNU - are working on one, but... it's all very alpha and experimental and non-usable (at least by me.) So, after spending a bunch of time on this, I just dropped the whole idea of doing it in 64-bit and built a 32-bit chroot enviroment for those apps which haven't quite made the transition yet. Now, when I type "firefox32", it fires up the chroot, runs the 32-bit version of Firefox, and - voila - I've got Flash and all.

Now, if I could just find similarly easy fixes for my GL and WiFi, I'd be all set...

* Ben Okopnik * Editor-in-Chief, Linux Gazette * http://LinuxGazette.NET *

[ Thread continues here (10 messages/11.81kB) ]


[ In reference to "Build a Six-headed, Six-user Linux System" in LG#124 ]

Ruben Zamora [ruben.zamora at zys.com.mx]

Fri, 20 Apr 2007 08:13:29 -0500

[[[ This post contained tons of extraneous html. Please, send us text, not mini-webpages! -- Kat ]]]

Hi am Ruben

I trying to run a Multi SEAT with 2 MX 4000 or 2 FX 5200.

First I Install Fedora Core 6 in my Desktop. I did all the procedure.

And I the test y can turn on de 2 seat. But when I put all in the GDM, only one Seat goes on.

Driver es "nv" for the card... After that I install the last release of the nvidia driver, I cant go on because gave me a lots o error.. And my computer Freezer.

Any ideal what name of the driver I need to use to my card?????

I read that I need to change for driver "nv" to "nvidia".

Thanks A lot


[ In reference to "2-Cent Tips" in LG#137 ]

Kapil Hari Paranjape [kapil at imsc.res.in]

Fri, 20 Apr 2007 14:29:50 +0530


On Mon, 19 Mar 2007, Kapil Hari Paranjape wrote:

> Here is a way to copy a partition which is mounted without copying
> all the other partitions that are under it.
> Let /patha be the mountpoint of the partition from which you want to
> copy (it could even be the root path /).
> Let /dev/new be the device to which you want to copy the data.
> 	mkdir /var/tmp/src
> 	# The bind mount is the crucial thing!
> 	mount --bind /patha /var/tmp/src
> 	mkdir /var/tmp/target
> 	mount /dev/new /var/tmp/target
> 	cd /var/tmp/src
> 	# I find this a neat way to copy all files
> 	# and permissions
> 	find . | cpio -pdum /var/tmp/target
> 	umount /dev/new
> 	umount /var/tmp/src
> 	rmdir /var/tmp/{src,target}

Actually it turns out (from current experience!) that

 	find . | cpio -pdum /var/tmp/target
is the "wrong" way to do this. The correct way is
 	find . -depth | cpio -pdum /var/tmp/target
This way the files get listed first and then the directory and this speeds up the task.

Another use for this trick is when you want to "re-combine" a partition. Say you created a separate "/usr" partition and then later decided that you have enough space in the root partition for everything.

	mount --bind / /mnt
	cd /usr
	find . -depth | cpio -pdum /mnt/usr/
	umount /mnt
Then edit fstab appropriately to "noauto" out the /usr mount and reboot. After the reboot the "/usr" partition is available for alternate use. (You can avoid a reboot using "init 1" and possibly "pivot_root" but reboot is probably safer!)


Kapil. --


[ In reference to "Getting Started with Linux Mint" in LG#137 ]

Finn [detto_o at freenet.de]

Mon, 02 Apr 2007 13:10:29 +0200

Awesome article, very well written! This is not only a LinuxMint Review, but a very good tutorial for beginners too. Thanks for your work man, i'll recommend this one to some of my buddies that want to give Linux a try. :-)

cheers, deTTo


[ In reference to "Rule-based DoS attacks prevention shell script" in LG#137 ]

René Pfeiffer [lynx at luchs.at]

Mon, 9 Apr 2007 23:58:23 +0200

Hello, TAG!

I threatened to dust off a script that automagically deals with SSH brute forcing. The Linux Netfilter has a module which can match recently seen IP addresses. It's called "recent" and it can dynamically create a list of IP addresses and then match against that list for the purpose of reacting to network probes for example. Let's take an example from one of my servers:

iptables -A INPUT -p tcp --dport 22 -m state --state NEW -m recent --set --name SSH
iptables -A SSH_WHITELIST -s      -m recent --remove --name SSH -j ACCEPT
iptables -A SSH_WHITELIST -s      -m recent --remove --name SSH -j ACCEPT
iptables -A SSH_WHITELIST -s       -m recent --remove --name SSH -j ACCEPT
iptables -A INPUT -p tcp --dport 22 -m state --state NEW -j SSH_WHITELIST
iptables -A INPUT -p tcp --dport 22 -m state --state NEW \
         -m recent --update --seconds 1800 --hitcount 2 \
         --rttl --name SSH -j LOG --log-prefix SSH_brute_force
iptables -A INPUT -p tcp --dport 22 -m state --state NEW \
         -m recent --update --seconds 1800 --hitcount 2 --rttl --name SSH -j DROP
The first rule directs all new inbound packets to port 22/TCP (SSH usually) to Netfilter's "recent" module. In addition to that the rule specifies that the list named SSH is to be used. After that I create a custom chain named SSH_WHITELIST where I collect all IP addresses that shouldn't trigger the automatic defence. After SSH_WHITELIST is defined all traffic from the whitelisted IP addresses gets redirected to SSH_WHITELIST and is allowed to pass unhindered.

The last two rules carry all the magic. Notice that the rules were added to the end of the respective chains which means that everything I described so far is already dealt with. The next line does a matching against all new inbound packets to port 22/TCP against. This time we add the parameters "--update --seconds 1800 --hitcount 2" meaning that every packet that arrives more than once (i.e. twice) within 1800 seconds will match our rule. If it matches the IP address will be added to the list SSH and a log entry with the prefix "SSH_brute_force" will be sent to syslog. Since we use the LOG action, Netfilter goes on to the next rule. The last line does the same, but it drops any packets from the IP address that offended our limit of one connection attempt within 1800 seconds.

The lists Netfilter's "recent" module maintains can be inspected in the directory "/proc/net/ipt_recent/". All the offenders triggering the rules above can be extracted from /proc/net/ipt_recent/SSH along with the UNIX timestamps when they tried to contact us. The lists only live as long as the kernel runs. A shutdown will clear everything. That's why the rule before the last one writes the blocked IP to syslog.

So, TIMTOWTDI is also valid for log parsing in conjunction with the Linux Netfilter. ;)

Happy hunting,


[ In reference to "/tag/2.html" in LG#issue72 ]

Kevin R. Bulgrien [kbulgrien at worldnet.att.net]

Sun, 8 Apr 2007 21:35:26 -0500

"getting volume label for CD" at http://linuxgazette.net/issue72/tag/2.html does not really have a good answer. I suggest something like this:

To find the volume name of a CD or other device, use the volname utility. For example:

$ grep hdc /etc/fstab
/dev/hdc /mnt/cdrom auto umask=0022,users,iocharset=utf8,sync,noauto,ro,exec 0 0
$ sudo volname /dev/hdc
The volume name of the CD in /dev/hdc is "46368_546292".

Kevin R. Bulgrien

[ Thread continues here (2 messages/1.97kB) ]

Talkback: Discuss this article with The Answer Gang

Copyright © 2007, . Released under the Open Publication License unless otherwise noted in the body of the article. Linux Gazette is not produced, sponsored, or endorsed by its prior host, SSC, Inc.

Published in Issue 138 of Linux Gazette, May 2007