...making Linux just a little more fun!

September 2008 (#154):


Mailbag

This month's answers created by:

[ Ben Okopnik, Faber Fedor, René Pfeiffer, Raj Shekhar, Rick Moen, Thomas Adam, Thomas Bonham ]
...and you, our readers!

Our Mailbag


Vectors vs. dynamic arrays

Jimmy O'Regan [joregan at gmail.com]


Thu, 7 Aug 2008 17:35:21 +0100

My C++ sucks, so I need a second opinion :)

We have a user who's using some oddball compiler that doesn't support C99 type arrays, so I'm wondering if it's ok to replace this code:

  double classes_ocurrences[M]; //M = Number of ambiguity classes
  double classes_pair_ocurrences[M][M];
  double tags_estimate[N]; //N = Number of tags (states)
  double tags_pair_estimate[N][N];

with this:

  vector <double> classes_ocurrences(M); //M = Number of ambiguity classes
  vector <vector <double> > classes_pair_ocurrences(M, vector<double>(M));
  vector <double> tags_estimate(N); //N = Number of tags (states)
  vector <vector <double> > tags_pair_estimate(N, vector<double>(N));

As far as I know, it's functionally equivalent, and this test:

#include <vector>
#include <iostream>
 
using namespace std;
 
int main ()
{
        int N = 2;
        int a[N][N];
        vector < vector <int> > b (N, vector<int>(N));
 
 
        a[0][0] = 1;
        a[0][1] = 2;
        a[1][0] = 3;
        a[1][1] = 4;
 
        b[0][0] = 1;
        b[0][1] = 2;
        b[1][0] = 3;
        b[1][1] = 4;
 
        cout << "a: " << a[0][0] << " b: " << b[0][0] << endl;
        cout << "a: " << a[0][1] << " b: " << b[0][1] << endl;
        cout << "a: " << a[1][0] << " b: " << b[1][0] << endl;
        cout << "a: " << a[1][1] << " b: " << b[1][1] << endl;
 
        return 0;
}

gives:

a: 1 b: 1
a: 2 b: 2
a: 3 b: 3
a: 4 b: 4

as expected. I'm just wondering if there's some subtle nuance I'm missing.

[ Thread continues here (3 messages/3.91kB) ]


Followup: [Apertium-stuff] Google patent

Jimmy O'Regan [joregan at gmail.com]


Sun, 17 Aug 2008 15:37:58 +0100

Google have patented their 'Suggest a better translation' feature.

http://tinyurl.com/59b3v3 (TinyURL of a US Patent and Trademark Office URL)

"one aspect of the subject matter described in this specification can be embodied in a method that includes a method for first receiving an indication of when a user-manipulable cursor is positioned in proximity to a first presentation of first text in a graphical user interface (GUI), the first text being in a first language"

or, in other words, use 'onMouseOver' to display the original text. That's patentable?

Most of the rest of the details described are automatic techniques for determining how useful the submitted translation is.

[ Thread continues here (10 messages/17.92kB) ]


One moment in TAG mail administration

Rick Moen [rick at linuxmafia.com]


Wed, 30 Jul 2008 11:59:40 -0700

Readers of the TAG mailing list may recall a 419 (advance-money fraud) spam that hit the mailing list from a "vds2000.com" IP address. Rather than immediately consign the offender to the nether realms, I sent a copy with full headers to the relevant abuse@ address, saying "419 fraud from your IP".

That resulted in my being informed of a "trouble ticket"... and... let's just jump to the end of the story, two days further on -- my closing entry at https://help.thehostgroup.com/index.php?_m=tickets&_a=postreply&ticketid=28748 :

  Just so we're really clear about this, and review:  I'm a system
  administrator who brought to your attention in ticket #28621 an episode
  of 419 fraud mail from your IP, 64.6.241.11, possibly through exploit of
  a buggy PHP page.  Ticket #28621 was immediately closed without any
  indication of resolution, and then (briefly) reopened when I asked what
  the resolution was. 
 
  One day later, I find that my ticketing system login no longer has
  access to that ticket.  I ask what's going on, resulting in this ticket
  (#28748) -- which ticket I find has now also been closed without
  comment.  
 
  So, I will now be setting all systems I administer to 550-reject mail
  from your company's IPs.  Have a nice eternity.

[ Thread continues here (4 messages/7.50kB) ]


Virtualization

Deividson Okopnik [deivid.okop at gmail.com]


Sat, 2 Aug 2008 10:54:44 -0300

Hello everyone.

I'm starting a paper here on Virtualization for my post-graduation, and I'm wondering if any of you use virtualization professionally, for what, what software you use to do it and with what host/guest OS's

[ Thread continues here (8 messages/9.41kB) ]


Followup: Apertium in 'The Guardian'

Jimmy O'Regan [joregan at gmail.com]


Fri, 15 Aug 2008 18:41:30 +0100

There was an article about our Welsh translator in yesterday's Guardian: http://www.guardian.co.uk/technology/2008/aug/14/freeourdata.opensource

"Flummoxed by a document in Welsh? Now you can get a free translation at cymraeg.org.uk. The Apertium-cy software, described as the first free automatic translator from Welsh to English, is the fruit of a multilingual effort involving developers in Spain, Wales and Ireland pushing forward the possibilities of open-source software and, they hope, free public-sector data."

The focus of the article is on how we weren't able to use public data compiled by the Welsh Language Board:

'When we contacted the Welsh Language Board, however, it said the Apertium team couldn't be more wrong. "We welcome re-use," it said. Although the small print forbids unauthorised reproduction, the board says it would be delighted to consider requests. Where feasible, it will make products available under what it says would be "a suitable free non-commercial agreement".'

Well, if they had ever returned any of my phone calls, maybe we could have used their data. Maybe they'll give me an answer now :)

[ Thread continues here (5 messages/9.19kB) ]


Eml to tiff converter

Smile Maker [britto_can at yahoo.com]


Fri, 1 Aug 2008 04:44:58 -0700 (PDT)

Folks:

Do we have any tool in linux which converts eml files to tiff images format

-- 
Britto

[ Thread continues here (11 messages/11.28kB) ]


doubt in accessing serial port

vasavi s [vasavi.naga at gmail.com]


Fri, 29 Aug 2008 12:56:58 +0530

Hello,

I have a problem in accessing the serial port. I am trying to send data to another system using null modem. When we are using the program in loopback method it's working fine like we are able to transmit data and receive the data on a pc. But when trying to communicate between two systems based on linux (using c code) we are not getting the output. When writing to the port it is showing that it has written the data to the port. But on other side (i.e., on another system) we couldn't read the data which we have sent from first system. What to do? Tried h/w flow control & sftware flowcontrol but no use. Till now it was showing error like " error no.11,Could not read , the resourcet is temporarily unavailable. Now It's saying like reading the port successfully. But the number of bytes it's showing is zero. We could nt understand if the data we are writing in first system is reaching the second system with null modem and the other system is having a problem in reading the data or what ? Kindly suggest where the problem could be?

Thanks & Regards, vasavi

[ Thread continues here (2 messages/2.68kB) ]


learning linux

[aldoagresti at optonline.net]


Tue, 26 Aug 2008 13:47:39 +0000 (GMT)

I am completely new to linux and am looking for a good resource. It could be a book or a website. If there is a difference in running linux on a PC versus an embedded application, I would be more interested in the latter. Thanks, Aldo

[ Thread continues here (2 messages/1.99kB) ]


Delivery Status Notification (Failure)

Rick Moen [rick at linuxmafia.com]


Sun, 24 Aug 2008 18:07:19 -0700

Quoting Mail Delivery System (MAILER-DAEMON@mk-outboundfilter-5.mail.uk.tiscali.com):

> The following message to <dirtur@academ01.zac.itesm.mx> was undeliverable.
> The reason for the problem:
> 5.1.2 - Bad destination host 'DNS Hard Error looking up academ01.zac.itesm.mx (MX):  NXDomain'

Wow, this is what we might call "epic fail" on the part of a Italian / UK Internet company, "tiscali.com" Tiscali (S.p.A.). They were sending a bounce message in response to a transparently forged spam message that they received from IP address "189.166.101.220", which was claiming in the envelope header to be "from "tag@lists.linuxgazette.net" (and also an internal "From:" line that claimed that the sender was "vendeporinternet <tag@lists.linuxgazette.net>".

They evidently believed that forged information -- and also didn't bother to check our SPF record in our DNS. So, they spammed us, the innocent party whose address had been forged, with their misdirected rejection message.

I guess I'm going to have to blackhole the tiscali.com sending domain, since their mail system seems to be run by incompetent morons who backscatter-spam innocent third parties. Sorry, Tiscali customers! Quoting their Web page:

   Tiscali S.p.A. (Borsa Italiana, Milan: TIS) is one of the leading 
   alternative telecommunications operators in Europe. With one of 
   the broadest and most interconnected IP technology-based networks 
   worldwide, Tiscali supplies a wide range of services to its customers, 
   both private individuals and companies, namely: Internet access through 
   dial-up and ADSL as well as voice, VoIP, media, added-value services 
   and other technologically advanced products.

Say hullo to Tiscali S.p.A.! Now, say good bye to Tiscali S.p.A.


Followup: [Apertium-stuff] Par iaith newydd: apertium-cy-en / New language pair: apertium-cy-en

Jimmy O'Regan [joregan at gmail.com]


Fri, 1 Aug 2008 18:26:29 +0100

---------- Forwarded message ----------

From: Francis Tyers <ftyers@prompsit.com>
Date: 2008/8/1
Subject: [Apertium-stuff] Par iaith newydd: apertium-cy-en / New
language pair: apertium-cy-en
To: apertium-stuff@lists.sourceforge.net
Cc: Dafydd Jones <dafyddj@gmail.com>, "John D. Phillips"
<john@john.hmt.yamaguchi-u.ac.jp>

(Saesneg isod / English below)

Rydem newydd ryddhau par iaith newydd ar gyfer Cymraeg i Saesneg, apertium-cy-en. Y bwriadau penodol ar gyfer y fersiwn yma oedd:

* I alluogi i ddysgwyr canfod beth yw testun newyddion cyffredinol. * I alluogi canfod pwy ddywedodd be wrth bwy. * I alluogi gwahaniaethu a yw eitem benodol yn ddigon diddorol i gael ei chyfieithu'n iawn. * Dylai brawddegau o tua 5 o eiriau cael ei gyfieithu'n weddol dda o Gymraeg i Saesneg.

Mi rydem yn meddwl ein bod wedi rhagori'r bwriadau yma cryn lawer ac yr ydym yn eitha hapus efo'r canlyniadau. Mae Cymraeg i Saesneg yn par iaith gymhleth gan nad yw'r ieithoedd yn perthyn yn agos, felly tra nad yw'r canlyniadau ddim beth mae pobl yn ei ddisgwyl gan barau iaith Apertium, rydem yn meddwl ein bod yn curo'r gystadleuaeth ac wedi gwneud rhywbeth a fydd pobl yn weld yn ddefnyddiol.

Hwn yw'r par iaith gyntaf i ddibynnu ar ddefodaeth Cyfyngiad Gramadeg VISL ar gyfer rhannol-diamwys o destun a ddadansoddir yn forffolegol. Gellir cael y ffynhonnell ar gyfer hyn yma: http://beta.visl.sdu.dk/download/vislcg3/ mi rydwyf hefyd wedi paratoi pecyn Debian ar gyfer hwn yma:

http://xixona.dlsi.ua.es/~fran/debian/vislcg3/

Mae pecyn Debian ar gyfer y par iaith a'r fersiwn newydd o lttoolbox ac Apertium hefyd ar gael yma:

http://xixona.dlsi.ua.es/~fran/debian/apertium-cy-en/ http://xixona.dlsi.ua.es/~fran/debian/lttoolbox/ http://xixona.dlsi.ua.es/~fran/debian/apertium/

Mi fyddai'n cael rhain i Debian mor gynted a sydd bosibl ar ôl yr arhosiad.

Derbynnir unrhyw ymatebion, profi, cwestiynnau, a sylwadau. Gwnawn ddatganiad i'r wasg hwyrach ymlaen ond ar y foment dyma ychydig o ystadegau isod:

Fran

==Ystadegau==

;Ymdruniaeth:

Wicipedia Cymraeg[1] (615,238 o eiriau): 84.8% PNAW[2] (11,338,509 o eiriau): 95.7% Newyddion BBC[3] (127,948): 91.2%

;Geiriau:

Dadansoddydd Cymraeg: 10,497 lemata Geiriadur dwyieithog: 11,083 gohebyddion

;Rheolau:

Cam 1 (chunk): 72 Cam 2 (inter-chunk): 31 Cam 3 (post-chunk): 9

;Nodiadau

1. http://cy.wikipedia.org/ 2. http://xixona.dlsi.ua.es/corpora/UAGT-PNAW/ 3. http://news.bbc.co.uk/welsh/

**********************************************************************

[ ... ]

[ Thread continues here (3 messages/11.68kB) ]



Talkback: Discuss this article with The Answer Gang

Published in Issue 154 of Linux Gazette, September 2008

Mailbag 2

This month's answers created by:

[ Kapil Hari Paranjape, René Pfeiffer, Rick Moen ]
...and you, our readers!

Editor's Note

In followup to Rick Moen's article in LG153, a collection of the DNS discussion in TAG from July and August.

DNS Exploit: Fix for older Fedora machines??

Rick Moen [rick at linuxmafia.com]


Thu, 24 Jul 2008 19:45:20 -0700

Two posts that help clarify the threat model.

----- Forwarded message from Keith Owens <kaos@ocs.com.au> -----

X-Mailer: exmh version 2.7.2 01/07/2005 (debian 1:2.7.2-12) with nmh-1.2

From: Keith Owens <kaos@ocs.com.au>
To: luv-main@luv.asn.au
Date: Fri, 25 Jul 2008 12:10:40 +1000
Subject: Re: DNS Exploit: Fix for older Fedora machines?? 
"Leigh Sharpe" (on Fri, 25 Jul 2008 11:56:41 +1000) wrote:

> I have a couple of older FC2 machines running bind DNS. Is there an rpm
>available with the fix for the recent DNS exploit? Or am I stuck with
>the choice of compiling from source or upgrading the OS?

You need a version of bind9 that is less than 2 months old. bind8 is not being fixed. If Redhat do not have a recent bind9 for FC2 then get the latest src.rpm and build your own.

Alternatively install a small machine running a newer OS with a fixed DNS server and direct all DNS queries via that machine. It is only the final query (the one that hits the outside world) that needs to come from a fixed DNS server. Add firewall rules to block DNS queries from any other machine to the outside world.

Also turn off recursion for DNS queries that come from outside your site and are not for sites in your DNS. One of the ways that attackers are getting information is by issuing recursive requests to your DNS and pointing back at their machines. If you allow external recursive requests then it is much easier for an attacker to get information about your DNS's internal state.

Not sure how to turn off recursion for external requests? See http://www.cymru.com/Documents/secure-bind-template.html

----- End forwarded message ----- ----- Forwarded message from Keith Owens <kaos@ocs.com.au> -----

X-Mailer: exmh version 2.7.2 01/07/2005 (debian 1:2.7.2-12) with nmh-1.2

From: Keith Owens <kaos@ocs.com.au>
To: James Harper <james.harper@bendigoit.com.au>
cc: luv-main@luv.asn.au
Date: Fri, 25 Jul 2008 11:24:36 +1000
Subject: Re: DNS exploit: watch out for NAT boxes 
"James Harper" (on Fri, 25 Jul 2008 11:04:15 +1000) wrote:

[ ... ]

[ Thread continues here (1 message/5.23kB) ]


DNS exploit: watch out for NAT boxes

Rick Moen [rick at linuxmafia.com]


Thu, 24 Jul 2008 17:22:51 -0700

Again, I'd suggest a direct fix to any suspect nameserver software, rather than iptables wrapping -- but it's good to know that sharp eyes are attempting to ensure that the latter approach can also be made workable.

----- Forwarded message from Keith Owens <kaos@ocs.com.au> -----

X-Mailer: exmh version 2.7.2 01/07/2005 (debian 1:2.7.2-12) with nmh-1.2

From: Keith Owens <kaos@ocs.com.au>
To: Brian May <brian@microcomaustralia.com.au>
cc: luv-main@luv.asn.au
Date: Fri, 25 Jul 2008 10:08:09 +1000
Subject: Re: DNS exploit: watch out for NAT boxes 
Keith Owens (on Fri, 25 Jul 2008 09:52:53 +1000) wrote:

>Brian May (on Fri, 25 Jul 2008 09:17:56 +1000) wrote:
>>Keith Owens wrote:
>>> Bottom line: check if your DNS server is behind a NAT box that does
>>> sequential port mapping.  The 'Check My DNS' widget at
>>> http://www.doxpara.com will tell you if the outside world is seeing
>>> sequential ports or not.
>>>   
>>How does Linux NAT assign port numbers?
>
>2.6.26 should do random port mapping.  It starts off by trying to
>preserve the original (hopefully random) source port number.  If the
>original source port number is already in use by another NAT entry then
>it should generate a random source port number.  I say "should" because
>the code tests for flag IP_NAT_RANGE_PROTO_RANDOM and a quick check of
>the source did not find anywhere where that flag was set, I'm still
>looking.

Recent kernels should do random mapping but they do not. I just ran a test masquerading DNS queries to a small range of source port numbers and it went sequential :(. This has not been fixed as of yesterday's git patch; a bug report is on its way.

Having said that it goes sequential, the fact that masquerade tries to preserve the original source port number will mitigate against this bug. In most cases the original (random) source port number will be preserved, unless you force the source port into a particular range.

----- End forwarded message ----- ----- Forwarded message from hannah commodore <hannah@tinfoilhat.net> -----

Date: Fri, 25 Jul 2008 10:15:02 +1000
From: hannah commodore <hannah@tinfoilhat.net>
To: luv-main@luv.asn.au
Subject: Re: DNS exploit: watch out for NAT boxes
Keith Owens wrote:

>test masquerading DNS queries to a small range of source port numbers
>and it went sequential :(.
>  
>Recent kernels should do random mapping but they do not. 

As mentioned on Dan's blog however, there is a work-around that does create random source ports: http://cipherdyne.org/blog/2008/07/mitigating-dns-cache-poisoning-attacks-with-iptables.html

----- End forwarded message -----


[conspire] Kaminsky presentation slides

Rick Moen [rick at linuxmafia.com]


Wed, 6 Aug 2008 16:57:58 -0700

----- Forwarded message from Rick Moen <rick@linuxmafia.com> -----

Date: Wed, 6 Aug 2008 16:52:29 -0700
From: Rick Moen <rick@linuxmafia.com>
To: conspire@linuxmafia.com
Subject: [conspire] Kaminsky presentation slides
Dan Kaminsky gave his "Black Ops 2008" talk (continuing a series he's been giving for years at LISA conferences and elsewhere) about two hours ago at Black Hat, Caesar's Palace, Las Vegas. No downloadable audio file (one very nice thing about LISA conferences) yet, but Kaminsky has committed PowerPoint: http://www.doxpara.com/DMK_BO2K8.ppt

Major points:

0.  Bad guy induces a nameserver to issue queries for 1.foo.com,
    2.foo.com,... and floods it with forged responses delegating the
    query to claimed nameserver (or CNAME alias) "www.foo.com", and 
    trying to race that info back before the genuine response does.  
    Any response that succeeds and gets cached also carries the 
    (unrequested) "ADDITIONAL INFORMATION" datum that the forward-lookup 
    IP of www.foo.com is $EVIL_IP.  That unrequested info then gets 
    cached for a long time-to-live (TTL).  Voila!  Cache poisoning.
    Notice that the forged, malign data is in-bailiwick for foo.com.
1.  There are a huge number of ways to induce "safe" machines behind
    firewalls to ask about hostnames of an attacker's choosing:
    o  Web hyperlinks, with or without Typhoid Marys Javascript, Flash, 
       Java, etc. (though an attack can use those Typhoid Marys to 
       induce severe mischief by inducing reverse-DNS lookups).
    o  Practically any part of an attempted SMTP mail delivery.
    o  Logfiles that do reverse-DNS lookup (e.g., Web servers).
    o  "Web bugs" in documents.
    o  IDS paranoia that makes them do reverse-DNS lookups.
    (Kaminsky talks at length about ways to make this scale, practical,
    and more revealing of details of company-internal networks.)
2.  Making sure UDP source ports are random is a stopgap, as DNS's
    protocol design leaves it pretty unreliable.  (Duh.)
3.  DNS clients (resolver libs) are a little vulnerable if you
    can flood them with fake responses -- but at least don't cache.[1]
4.  Web (etc.) SSL certs don't necesssarily paper over the problem,
    because of dependency on DNS.  (For example:  Did you make your
    browser trust my Thawte cert for example.com?  Cool!
    That means it'll typically also accept my cert for paypal.com
    that has the same signature.  Or, hey, if I can convincingly forge
    paypal.com's DNS, I can register a Thawte certificate for paypal.com
    myself, because I can make the confirmation mails come to me.
    Ditto, almost everyone's "I forgot my password" link trusts DNS
    to some extent.)
5.  Risks also affect some internal networks, for several reasons including
    active internal code and routing that rely on DNS.  (Duh.)
6.  NAT is a sore point.
 
Choice quotation from the first slide:
 
    "-- I found a really bad bug a while ago.
        o   You might have heard of it...."

As usual for a Kaminsky talk, he's also done quite a great deal to trace out possible ramifications. Recommended.

[ ... ]

[ Thread continues here (1 message/3.83kB) ]


[conspire] DNS vulnerability details

Rick Moen [rick at linuxmafia.com]


Thu, 24 Jul 2008 09:28:43 -0700

----- Forwarded message from Eric De MUND <ead-conspire@ixian.com> -----

Date: Wed, 23 Jul 2008 22:37:55 -0700
To: conspire@linuxmafia.com
X-Mailer: VM 7.19 under Emacs 21.4.1
From: Eric De MUND <ead-conspire@ixian.com>
Reply-To: Eric De MUND <ead@ixian.com>
Subject: Re: [conspire] DNS vulnerability details
Rick,

First of all, a huge thank you for posting this very clearly written report /with prescription/. I'm an expert in some tiny little areas, and DNS isn't one of them. This is useful to me in quickly getting from poor safety maybe not to excellent safety but perhaps to "pretty good" safety.

I appreciate the sharing tremendously. Rick, you are a guy.

] Testing your nameserver's randomness of source port selection: ] ] Or use this Web facility: ] https://www.dns-oarc.net/oarc/services/dnsentropy

Ok, in repeated tests, I'm getting 2/3 POORs and 1/3 GOODs for source port randomness, and all GREATs for transaction IDs. This is Comcast.

    DNS Resolver(s) Tested:
 
    1. 68.87.76.179 (sjos-cns01.sanjose.ca.sanfran.comcast.net)
       appears to have POOR source port randomness and GREAT transaction
       ID randomness.
 
    2. 68.87.76.181 (sjos-cns03.sanjose.ca.sanfran.comcast.net)
       appears to have POOR source port randomness and GREAT transaction
       ID randomness.
 
    3. 68.87.78.131 (utah-cns01.saltlakecity.ut.utah.comcast.net)
       appears to have GOOD source port randomness and GREAT transaction
       ID randomness.

So what DNS-related debian package(s) do I need to get and run?

Regarding my Linksys WRT54G broadband router which is running DD-WRT v23 SP2 (09/15/06) std firmware, I think that if a patch is required, one will be made available shortly.

Regards, Eric

-- 
Eric De MUND   | Ixian Systems           | Jab: eadixian@jabber.org/main
ead@ixian.com  | 650 Castro St, #120-210 | Y!M: ead0002
ixian.com/ead/ | Mountain View, CA 94041 | ICQ: 811788
http://linuxmafia.com/mailman/listinfo/conspire

----- End forwarded message ----- ----- Forwarded message from Rick Moen <rick@linuxmafia.com> -----

Date: Thu, 24 Jul 2008 09:20:00 -0700
From: Rick Moen <rick@linuxmafia.com>
To: conspire@linuxmafia.com
Subject: Re: [conspire] DNS vulnerability details
Quoting Eric De MUND (ead-conspire@ixian.com):

> Ok, in repeated tests, I'm getting 2/3 POORs and 1/3 GOODs for source
> port randomness, and all GREATs for transaction IDs. This is Comcast.
> 
>     DNS Resolver(s) Tested:

Please don't read this as a complaint, but rather as a caution about terminology: Most people reserve the term "DNS resolver" to refer only to the DNS client piece (the one that on Linux is built into libc and has conffile /etc/resolv.conf). Being careful about terminology can help avoid confusing one's self.

[ ... ]

[ Thread continues here (10 messages/42.45kB) ]


DNS source port randomisation

Kapil Hari Paranjape [kapil at imsc.res.in]


Thu, 10 Jul 2008 17:29:27 +0530

Hello,

Most of you must have heard about Dan Kaminsky's discovery of a flaw in the DNS protocol and its standard implementation (in glibc and bind 8).

I thought of a quick fix for source port randomisation for DNS queries using iptables.

http://www.imsc.res.in/~kapil/blog/dns_quickfix-2008-07-10-17-07

Basically, the idea is to use iptables feature of source nat coupled with source randomisation.

iptables -t nat -A POSTROUTING -o ! lo -p udp --dport 53 \
    -j MASQUERADE --to-ports 1024-65535 --random
 
iptables -t nat -A POSTROUTING -o ! lo -p tcp --dport 53 \
    -j MASQUERADE --to-ports 1024-65535 --random

After writing this I realised that the randomisation only works with kernels version than 2.6.22.

Regards,

Kapil. --

[ Thread continues here (12 messages/40.02kB) ]



Talkback: Discuss this article with The Answer Gang

Published in Issue 154 of Linux Gazette, September 2008

Talkback

Talkback:126/howell.html

[ In reference to "From Assembler to COBOL with the Aid of Open Source" in LG#126 ]

Owen Townsend [owen at uvsoftware.ca]


Fri, 01 Aug 2008 09:25:22 -0700

Edgar Howell:

I was searching for an Assembler to COBOL converter and found & enjoyed your article at http://linuxgazette.net/126/TWDT.html

Could you tell me the conversion tool used to convert assembler to COBOL ?

Do you also know of a PL/1 to COBOL converter ?

I, Owen Townsend, owen@uvsoftware.ca, website www.uvsoftware.ca have tools to convert mainframe JCL to Korn shell scripts

& mainframe COBOL to Micro Focus COBOL

& EBCDIC DATA to ASCII preserving any packed/binary data.

I have had questions from prospects asking about assembler & PL/1 conversion so would be interested in finding tools for these conversions.

Please look at my web site. You might be interested in downloading my free 'uvhd' utility from www.uvsoftware.ca/libuvhd.htm

- file investigation utility

- displays data in vertical hexadecimal

- great for files with packed/binary data

- browse, search, select, update

I am listing it in the GNU FSF directory.

Thanks, Owen

[ Thread continues here (4 messages/3.22kB) ]


Talkback:152/okopnik.html

[ In reference to "Review of the Plat'Home OpenBlockS" in LG#152 ]

s. keeling [keeling at nucleus.com]


Wed, 13 Aug 2008 16:11:53 -0600

[Hmm ... I appear to have, yet again, subtly broken your lovely pinehelper.pl script. I mean, should Subject: be that plain? Production version at end. When I mouse-over the link, I see mailto:tag@lists.linuxgazette.net?subject=Talkback:152/okopnik.html, so I must have broken some quoting stuff in the script. Or maybe you already fixed this, and I should check old mail for the fix? Good idea. :-]

But I digress.

Re: Review of the Plat'Home OpenBlockS

You editors make tough reviewers. I imagine the poor guys at Plat'Home are shaking their heads and muttering "never again" over and over.

In the early days of Linux, all the documentation read like it had been written by one of Ted T'so's worshippers, shipped to Germany for reformatting, filtered through Chef, then translated by Vietnamese into English (out of this was born the LDP). Others aren't so lucky as us in this modern age of ours.

I thought it courageous (though perhaps obviously doomed to failure) to ship you their latest for review. Were you trying to buy and use this thing, or did they think you were only reviewing it for publication?

I envy you that secret weapon of yours. It's fascinating reading to hear you two go at translating their dox into meaningfulness. I hope you passed on your notes to Plat'Home?

And, yeah, frankly, telnet/ftp ought to be locked down to the serial interface *until you* open them up! That is good security. Both of them transmit pwords en clair, dammit. Cut 'em some slack (I humbly suggest).

Have you any experience with Soekris boxes or Mini-ITX form factor? That's likely what you're really looking for (if you weren't just offering to review the thing), though they aren't really "palm sized" either. OpenBSD uses Soekris in demos showing their pf firewall running in parallel on two boxes, cleanly failing over when power's cut on one of them, no transmission loss. Slick.

Interesting review. I think I would have taken the thing with a bit more of a grain of salt than you, but I wasn't there. At least I know this is not the next box to try to move Mom to. :-) However, I've been intrigued by it since I heard of it too.

[ ... ]

[ Thread continues here (2 messages/9.62kB) ]


Talkback:110/oregan1.html

[ In reference to "Building a simple del.icio.us clone" in LG#110 ]

Jimmy O'Regan [joregan at gmail.com]


Tue, 12 Aug 2008 15:04:43 +0100

---------- Forwarded message ----------

From: alMubarmij <almubarmij@gmail.com>
Date: 2008/8/12
Subject: Building a simple del.icio.us clone .. Files ?
To: joregan@gmail.com

Hi Jimmy

I like your topic about del.icio.us script in linuxgazette.net: http://linuxgazette.net/110/oregan1.html

But the script is hard for me to understand how to collect it, I hope you send me a compressed file contains all files I need to apply this script

Thank you very much.

[ Thread continues here (2 messages/2.66kB) ]


Talkback:152/lg_tips.html

[ In reference to "2-Cent Tips" in LG#152 ]

Ben Okopnik [ben at linuxgazette.net]


Sat, 2 Aug 2008 22:53:01 -0400

Hi, Greg -

On Sat, Jul 26, 2008 at 11:02:39AM -0700, Greg Metcalfe wrote:

> On Friday 25 July 2008 21:02:51 Ben Okopnik wrote:
> > On Fri, Jul 25, 2008 at 11:35:02AM -0700, Greg Metcalfe wrote:
> > > Regarding "2-cent tip: Removing the comments out of a configuration
> > > file":
> > >
> > > I don't like to invoke Yet Another Interpreter (Perl, Python, etc.) for
> > > simple problems, when I've already got a perfectly good one (the bash
> > > shell) running, and all those wonderful GNU programs.
> >
> > You know, I'm often puzzled when people say that. Whether you have Bash
> > running or not, your script launches another instance of it - *as an
> > interpreter.* The memory footprint of bash plus grep is not going to be
> > much smaller than that of Perl, either. You also lose the capability of
> > (easily) writing the result back to the original file. In what way is
> > this better?
> >
> The bit about launching another interpreter is forehead-slappingly correct, of 
> course. I have systems where bash is the only interpreter present. Sendmail's 
> restricted shell is disabled, etc. I wonder if I'm not subconciously making 
> peace with that situation, rather than growling about it.

That would be understandable, certainly. I'm a big fan of the functional overlap that is afforded by the various programming tools plus the standard Unix toolkit - it means that you can usually get the job done even when you're missing your favorite gadget. Believe me, I have nothing at all against 'grep' - especially when it's wearing that Superman cape with a '-E' option stenciled on the back. :)

> My 'dense' actually does other things via switches, such as reporting on local 
> modifications to config files via a mandated '# LOCALMOD date name reason' 
> standard, etc.
> 
> But it just growed, and most of it is far too nasty (non-standard switches, 
> etc.) to ever be seen by the public. I just grabbed the two most relevant 
> lines, and pasted. You'll have seen my shebang typo, for instance. 
> The 'dense' that's really in use does have the advantage of actually being 
> runable...

Heh. I've done a number of those in my time... although after a certain point, I got into a habit of going back and rewriting them if I found that they kept on being useful. I actually have two projects of that sort on the slow burner right now: my lightweight MTA ('bssmtp'), and the LG mailbag processor. The latter actually has a comment in it that says

[ ... ]

[ Thread continues here (1 message/5.71kB) ]



Talkback: Discuss this article with The Answer Gang

Published in Issue 154 of Linux Gazette, September 2008

2-Cent Tips

Two-cent tip: Starting XWindow at certain virtual terminal

Mulyadi Santosa [mulyadi.santosa at gmail.com]


Sun, 24 Aug 2008 13:08:05 +0700

X is always running at VT 7? Not really. For example, here's how to start it on VT 8: startx -- vt08

Replace "08" with your preferred VT number (2 digits). IIRC nowadays Linux distro opens 12 VT. Also please notice that we put double dash ("--") here, meaning we actually passing "vt" parameter to X server.

regards,

Mulyadi.

[ Thread continues here (4 messages/3.96kB) ]



Talkback: Discuss this article with The Answer Gang

Published in Issue 154 of Linux Gazette, September 2008

News Bytes

By Deividson Luiz Okopnik and Howard Dyckoff

News Bytes

Contents:

Please submit your News Bytes items in plain text; other formats may be rejected without reading. (You have been warned!) A one- or two-paragraph summary plus a URL has a much higher chance of being published than an entire press release. Submit items to bytes@linuxgazette.net.


News in General

lightning boltCourt upholds FOSS licences and community copyrights

In a decision with major implications for the validity of FOSS and community software licences, the U.S. Court of Appeals for the Federal Circuit upheld that FOSS licences are enforceable under the US legal system.

The new ruling reverses a lower court ruling that categorized FOSS licensing as merely a form of contract, without the enforcements associated with copyright and patent protections. A case with copyright infringement allows for statutory damages and stronger remedies, including the right to nullify the license. This is a major legal event.

The case stemmed from the distribution of Java software for Model Railroad buffs, where a user clearly violated the terms of a community license. The original case was called Jacobsen v. Katzer.

From Linux Foundation Legal posting, August 13, 2008 by Andy Updegrove:

"The underlying facts, and counsel, were hardly major figures on the commercial landscape: the open source software at issue had been developed for model train buffs under an infrequently used free and open source license, and the attorney was young and inexperienced. But as often happens, a small case between small parties can have huge implications. And decisions that may make good strategic sense to the parties can also have disastrous consequences for those that are not in the same situation."

Find a more detailed discussion in the standards blog:
http://www.consortiuminfo.org/standardsblog/article.php?story=20080813143330810

lightning boltIntel details Core i7 Architectures, Multi-core "Larrabee"

At the August Intel Developer Forum (IDF), Senior VP Pat Gelsinger detailed the roadmap for Intel's next generation chip architecture, Nehalem. Intel will also re-brand its future chips as "Core i7", with high performance chips slated for both the desktop and server arenas.

The Core i7 micro-architecture features better energy efficiency, refreshed hyper-threading technology delivering up to 8-threaded performance capability on 4 cores in the initial versions and best-in-class memory bandwidth thanks to the newQuickPath Interconnect technology that puts a memory controller in-chip and delivers up to three times the memory bandwidth of previous generation Core architecture chips.

The new Intel Xeon processor X7460 with 6 cores and 16MB L3 cache for servers launching in September has already broken multiple performance world records. An 8-socket IBM System x 3950 M2 server became the first platform to break the 1 million tpmC barrier on the TPC-C benchmark. New 4-Socket performance records include TPC-C on HP Proliant DL580 G5, TPC-E on Dell PowerEdge R900, SPECjbb2005 on Sun Fire X4450 and SPEC-int_rate2006 on Fujitsu-Siemens PRIMERGY RX600 S4.

IDF was also a showcase for new 'ultra mobile PCs' (UMPC) that OEM partners build around the Intel Atom processor, a simplified X86 chip core that can readily run Linux. In a central kiosk, 6 of 8 systems ran Linux and only two ran Windows Mobile. A mobile Linux pavilion had mini-booths from Ubuntu (featuring a slimmed down "Remix" OS), Xandros, and other Linux providers.

The Atom is very power efficient and also is in a 22 mm square package rather than the more common 35 mm square package, allowing for smaller and cooler devices. Intel also showed off new high-end laptops based on a mobile version of its quad-core chip that draws only 45 watts.

For more info, see:
http://www.reghardware.co.uk/2008/08/20/intel_mobile_idf/

lightning boltAMD: Ready to Compete

AMD announced plans for its "Shanghai" next-generation architecture the week before the IDF conference. This will be based on 45 nm circuits and will feature 4-, 6-, and 8-core products. Follow-on plans for 2010 include 12-core processors using DDR3 memory.

AMD executives told the press that many of the features Intel touted for its new Nehalem architecture have been already incorporated into AMD chip architectures. The L3 cache became standard with the AMD Phenom line late last year and use of on-chip memory caches was part of the Opteron chip architecture over 3 years back.

Although AMD will be releasing an integrated CPU and GPU part in 2009, it will not be as integrated as Intel's Larabee, but it will be based on current working parts - separate CPU and GPU cores - and should be free of major errata.

AMD did acknowledge missteps with its quad-core products and that it was a little late getting to 45 nm parts. However, AMD expects to be shipping 45 nm parts before the end of 2008, and to transition to all 45 nm parts in 2009. AMD also expects to be competitive on price and performance as well as profitable. AMD and IBM have an on-going partnership to develop manufacturing processes for 22 nm parts, for products two generations ahead of current technology. AMD's current 45 nm process was co-developed with IBM.

lightning boltProgress on DNS Vulnerabilities, IANA test tool shows gaps

It's been over a month since the industry-wide patching of DNS name servers began and much progress has been made. The following links show an animation of patching progress in the first 3 weeks:
http://www.doxpara.com/?p=1206 and http://www.youtube.com/profile?user=clarifiednetworks&feature=iv

The July work-around patches implement a scheme of port randomization to replace a more limited scheme of ID randomization currently implemented in the DNS protocol. The ID transaction field was only 16 bits wide, allowing for easier exploitation, especially with multiple requests allowed from the same client. The port scheme will now randomize using 27 to 30 bits.

One criteria for patching shows how general the flaw is: if your DNS system uses recursion, it needs to be patched. If an attack based on the DNS vulnerability is successful, an attacker could force any user to arbitrary IP addresses on the Internet.

ICANN has announced a test page, on the IANA site, to test if a domain is vulnerable to the Kaminsky DNS source port vulnerability. Click here to go to the test page: http://recursive.iana.org/

IANA also is providing a FAQ on the bug that has a lot of useful information without digressing into attack details, as so many other writeups do. This FAQ is focused on explanation and practical advice for IT. There is good advice in it, such as pointing out that authoritative name servers should never be configured also to provide recursive name service. This bug is a perfect example of why. See: http://www.iana.org/reports/2008/cross-pollination-faq.html

DNSstuff has also posted a vulnerability test on their page of free DNS tools: http://member.dnsstuff.com/pages/tools.php?ptype=free

"We tested a number of leading distro domains and major companies in the linux space. Most, including sourceforge.org, were not vulnerable to the recusive DNS bug. But there were notable exceptions, including :

-- opensuse.org and Novell.com -- most name servers vulnerable
-- CMP publications -- name severs are recursive but with source port randomization
-- For eWeek.com -- NS2.TECHDNS.COM is vulnerable but NS1.TECHDNS.COM is not - Go figure."

With the dust hardly clearing on DNS issues, the ICANN Board has declared that the U.S. government will not yield the control it now has over changes to the Internet's DNS root zone file.

Kaminsky has been blogging about progress on the vulnerability and the Black Hat conference. In his August 8th entry he notes:

"New attacks are already popping up, only a few days in. Ben Laurie just came out with a harrowing and beautiful advisory against some common OpenID deployments. I knew about the intersection of DNS and OpenID, and I knew about the intersection of DNS and Debian's badly generated certs (a problem which, I'd like to point out, is much harder to patch due to our continuing lack of an effective certificate revocation infrastructure). But it took Ben Laurie to attack 'Secure' OpenID providers using Debian Certs via DNS. Fantastic, excellent work."

lightning boltMozilla's Firefox Wins the "Who's the Next Open Source Idol" Crown at LinuxWorld

Mozilla's Firefox was successful in beating out the other three contestants, reigning champion "Tux" the Linux kernel penguin, "Beastie" the BSD demon and the GNU "Gnu" to become the world's favorite Open Source Idol. GroundWork Open Source (http://www.groundworkopensource.com), announced the results at the end of Linux World.

During the first ever "Who's the Next Open Source Idol?" contest held at LinuxWorld 2008 last week, Firefox proved he was the only mascot capable of bringing down the reigning champion - "Tux" the Linux penguin. After a three day neck and neck race of crazy dancing, bull riding, singing, rapping, and polling LinuxWorld attendees, Firefox left third place "Tux" out in the cold, winning with 48.5 percent of the final vote.

Poll Results:
Tux the Linux Penguin - 6.6%
The Mozilla Firefox - 48.5%
Beastie the BSD Demon - 31.6%
The GNU Gnu - 2.3%


Conferences and Events

Office 2.0 Conference 2008
September 3 - 5, St. Regis Hotel, San Francisco, CA
http://itredux.com/2008/07/03/office-20-conference-2008-registration/
JSFOne Conference / Rich Web Experience - East
September 4 - 6, Vienna, VA
http://www.jsfone.com/show_register_existing.jsp?showId=166
Digital ID World Conference 2008 (DIDW)
September 8 - 10, Hilton Hotel, Anaheim, CA
http://public.cxo.com/conferences/index.html?conferenceID=24
Gartner Business Process Management Summit 2008
September 10 - 12, Washington, D.C.
us.registration@gartner.com
Summit on Virtualization and Security
September 14, Marriott Hotel, San Francisco, CA
http://misti.com/default.asp?Page=65&ProductID=7508&ISS=24037&SID=690850
IT Security World 2008
September 15 - 17, Marriott Hotel, San Francisco, CA
Optional Workshops: September 13, 14, 17 & 18
http://misti.com/default.asp?Page=65&Return=70&ProductID=7154
Zend / PHP Conference 2008
September 15 - 18, Santa Clara, CA
http://www.zendcon.com/ZendCon08
Kernel Summit 2008
September 15-16, Portland, OR
http://www.linuxfoundation.org/events/kernel
Linux Plumbers Conference - LPC
September 17 - 19, Portland, OR
http://linuxplumbersconf.org/
VMworld 2008
September 16 - 18, Las Vegas, NV
http://www.vmworld.com
Open Source in Mobile (OSiM) World
September 17 - 18. Hotel Palace, Berlin, Germany
http://www.osimworld.com/newt/l/handsetsvision/osim08
Oracle Develop and OpenWorld 2008
September 21 - 25, San Francisco, CA
http://www.oracle.com/openworld/2008/develop.html
Backhaul Strategies for Mobile Operators - New York City
September 23, NYC
http://www.lightreading.com/live/event_information.as
Semantic Web Strategies Fall 2008
October 5 - 7, Marriott Hotel, San Jose, CA
http://www.web3event.com/register.php
Mobile Content Strategies 2008
October 6 - 7, Marriott Hotel, San Jose, CA
http://www.mobilecontentstrategies.com/
Optical Expo 2008
October 6-7, Westin Galleria, Dallas, TX
http://www.lightreading.com/live/event_information.asp?event_id=28683
Linux End User Collaboration Summit
October 13 - 14, 2008, Tutu Center, NYC
https://www.linuxfoundation.org/events/enduser/register
LinkedData Planet Fall 2008
October 16 - 17, 2008, Hyatt, Santa Clara, CA
http://www.linkeddataplanet.com/
Scrum Gathering 2008
October 20 - 22, Stockholm, Sweden
http://www.scrumalliance.org
EclipseWorld 2008
October 28 - 30, Reston, VA
http://www.eclipseworld.net/
System-on-Chip (SoC) Conference 2008
November 5 - 6, Radisson Hotel, Newport Beach, CA
http://www.SoCconference.com
OpenOffice.org Conference - OOoCon 2008
November 5 - 7, Beijing, China
http://marketing.openoffice.org/ooocon2008
Usenix LISA 2008
November 9 - 14, San Diego, CA
http://www.usenix.org/events/lisa08/
Agile Development Practices 2008
Nov. 10 - 13, Orlando, FL
http://www.sqe.com/AgileDevPractices/
ISPcon Fall 2008
November 11 - 13, San Jose, CA
http://www.ispcon.com/future/f08_schedule.php


Distro News

lightning boltDebian "Lenny" Dev Tree Frozen

The Debian GNU/Linux 5.0 "Lenny" development tree has been frozen and the focus of the project has turned to bug fixes and infrastructure updates prior to the final release scheduled for next month.

Here are some of the new features in "Lenny": The next Debian is based on the 2.6.25 Linux kernel and supports both KDE 3.5.9 and GNOME 2.20 desktops. It doesn't support KDE 4.1 at this time.

"Lenny" includes recent versions of popular end-user software applications: Firefox 3.0.1, OpenOffice.org 2.4.1, and Evolution 2.22.3.1. It also includes developer and server programs and libs such as glibc 2.7 and Samba 3.2. "Lenny" includes full support for the IPv6 networking protocol and NFSv4 (Network File System). On the server side, Lenny will have LFS (Large File Support) which allows applications access to the largest files supported by the operating system and file system rather than an application-bound file size limits.

lightning boltFreespire will go back to Debian

Xandros has announced the next version of Freespire will be based on the Debian "Lenny" release, arriving 4th quarter 2008. Xandros says it plans to consolidate its various offerings on Debian. Freespire 5 will be followed by Xandros Desktop Professional 5, built on the same open source code base with additional commercial elements primarily for enterprise customers.

Xandros acquired Linspire last month and Freespire has been the free version of Linspire, most recently based on Ubuntu.

lightning bolt Scientific Linux Live CD/DVD 5.2 released for i386 and x86_64

The principal new feature for this release: changes can be stored persistently on a removable storage device. Together with the ability to run the LiveCD from a USB stick, this feature allows you to carry around your own portable Scientific Linux Live System in your pocket.

For more information see http://linux.web.psi.ch/livecd/save.html and http://linux.web.psi.ch/livecd/usbdisk.html

The SLL CD/DVD runs Scientific Linux directly from CD/DVD without installing. It can be downloaded from:
ftp://ftp.scientificlinux.org/linux/scientific/livecd/52.

A list of public mirrors can be found at the Scientificlinux.org download page: https://www.scientificlinux.org/download

lightning boltgOS 3 Gadgets announced

gOS, the Linux distribution that shipped with the famous $199 Wal-Mart gPCs and notebooks announced its latest version, called gOS 3 Gadgets. Google Gadgets is launched on boot, giving the user direct access to more than 100,000 iGoogle and Google gadgets. These Google Gadgets are small, graphically rich applications that can be added directly to the user's desktop in seconds over the Internet.

gOS 3 Gadgets will also come pre-loaded with WINE 1.0 for Windows applications compatibility, and with other Google Linux software to give the user more options.

David Liu, founder and CEO of gOS, says that "With this version of gOS, we are delivering a Linux that is ready for consumers -- a Linux for the rest of us!".

More information can be found here: http://www.thinkgos.com/press-release2.php.


Software and Product News

lightning boltSun Launches openSSO Express

Sun Microsystems announced OpenSSO Express, a new offering that provides enterprise support and indemnification for the technologies available in the OpenSSO project. OpenSSO is the world's largest open source identity management project, providing highly scalable single sign-on, access management, federation, and secure web services capabilities.

New versions of Sun OpenSSO Express will be released approximately every three months to provide fast moving organizations with early access to the latest technologies available in the OpenSSO community. New or existing customers with a Sun Java System Access Manager, Sun Java Identity Management Suite, or Java Enterprise System license or subscription will receive OpenSSO Express at no additional charge. Support from Sun's technical team is available in three different levels: standard, premium, and premium plus.

With more than 700 members, the OpenSSO project is attracting large enterprises with extensive identity infrastructures, who want an open source, identity management solution with Sun's support and indemnification. Founded 18 months ago, theOpenSSO community provides core identity functionality in a single Java technology-based distribution. The community also bases their development on enterprise-focused standards, including SAML 2.0, XACML, and WS-Federation, in addition to creating extensions to OpenSSO through sub-projects around other protocols like OpenID and Information Cards.

For more information and to download OpenSSO, visit: http://wiki.opensso.org.
To access Sun OpenSSO Express, visit: http://www.sun.com/software/products/access_mgr/get.jsp.

lightning boltSun Unveils AMP Stack for Solaris and Linux

At OScon, Sun announced the availability of Sun Web Stack, a fully supported and integrated AMP (Apache/MySQL/Perl or PHP) stack for Solaris and Linux operating systems. The Web Stack software includes the open source software most commonly used for Web-tier application development and services.

The Web stack consists of Web and proxy servers, scripting languages, and a database that enables developers to deploy Web applications quickly and easily. The primary components in the Web Stack include the Apache HTTP Web server version 2.2.8, Apache Modules Memcached 1.2.5 (distributed memory object system), MySQL 5.1 Database, lighttpd Web server v 1.4.18, Tomcat Servlet engine 6.0.16, PHP 5.2.5, Ruby 1.8.6, Rails 1.2.3, RubyGems 0.9.0, Mongrel 1.0.1, fcgi package, RedCloth (text parsing), Perl 5.8.8 and extensions, and Squid proxy server 2.16.x.

Download the Web Stack at http://www.sun.com/webstack.

"Sun's release of their Web and Proxy server code with a BSD license is proof of their involvement and commitment to open source," said Jim Jagielski, co-founder and director of The Apache Software Foundation and a core developer on several ASF projects, including the Apache HTTP Server.

Sun will provide product version control for its supported Web Stack across multiple operating systems so that applications developed for one operating system can be deployed on another with minimal changes. Enterprise support is planned to be available for Solaris in CY08Q3, Linux LAMP support in CY08Q4 with Windows and other OS support to follow.

lightning boltNew Javascript Interpreter to be Launched with Firefox 3.1

Mozilla announced that they are launching TraceMonkey, a JavaScript engine that is considered to be the evolution of the old SpiderMonkey JavaScript engine. By using a Just-in-Time compiler, this new JavaScript engine boosts JS performance by up to 30 times faster, according to Mozilla's benchmarks.

While still under heavy development, TraceMonkey already supports the x86, x86-64, and ARM platforms, meaning it is ready for desktop and mobile use right out of the box.

More details of TraceMonkey (including several benchmarks) can be found here: http://weblogs.mozillazine.org/roadmap/archives/2008/08/tracemonkey_javascript_lightsp.html


Talkback: Discuss this article with The Answer Gang


[BIO]

Deividson was born in União da Vitória, PR, Brazil, on 14/04/1984. He became interested in computing when he was still a kid, and started to code when he was 12 years old. He is a graduate in Information Systems and is finishing his specialization in Networks and Web Development. He codes in several languages, including C/C++/C#, PHP, Visual Basic, Object Pascal and others.

Deividson works in Porto União's Town Hall as a Computer Technician, and specializes in Web and Desktop system development, and Database/Network Maintenance.



Bio picture

Howard Dyckoff is a long term IT professional with primary experience at Fortune 100 and 200 firms. Before his IT career, he worked for Aviation Week and Space Technology magazine and before that used to edit SkyCom, a newsletter for astronomers and rocketeers. He hails from the Republic of Brooklyn [and Polytechnic Institute] and now, after several trips to Himalayan mountain tops, resides in the SF Bay Area with a large book collection and several pet rocks.

Howard maintains the Technology-Events blog at blogspot.com from which he contributes the Events listing for Linux Gazette. Visit the blog to preview some of the next month's NewsBytes Events.


Copyright © 2008, Deividson Luiz Okopnik and Howard Dyckoff. Released under the Open Publication License unless otherwise noted in the body of the article. Linux Gazette is not produced, sponsored, or endorsed by its prior host, SSC, Inc.

Published in Issue 154 of Linux Gazette, September 2008

Hacking a Canon A720IS digital camera with CHDK on GNU/Linux

By Sujith H

This all started with a Slashdot article which described the amazing features of CHDK (Canon Hacking Development Kit). The article re-ignited my ambition to buy a camera and explore its full potential. I decided to go for the Canon A720IS, which supports CHDK. In this article I would like to share the work that I did to compile CHDK in GNU/Linux, install it, and explore its scripting capabilities.

Installation procedure

I downloaded the latest CHDK source from its Subversion repository to a 'chdk' subdirectory in my home directory:

	cd
    svn co https://tools.assembla.com/svn/chdk/trunk 

Since CHDK runs on a platform that's different from the one we're compiling it on, we need a cross compiler. For that, I downloaded binutils (version 2.17) and the GCC compiler (version 3.4.6); I then created a directory called 'arm-elf' and one called 'chdk_cross_compiler' in my home directory, and untarred 'binutils' and GCC inside the latter.

Building 'binutils' required the following steps:

   1) cd ~/chdk_cross_compiler/binutils-2.17
   2) ./configure --srcdir=../binutils-2.17 --target=arm-elf --prefix=${HOME}/arm-elf
   3) make
   4) make install

Next, I added ~/arm-elf/bin to my PATH:

   export PATH=${HOME}/arm-elf/bin:$PATH

Now, to compile GCC:

   cd ~/chdk_cross_compiler/gcc-3.4.6

Next, I applied a patch from 'chdk' which was at ~/chdk/trunk/tools/patches/gcc-3.4-arm.diff.

   patch -p0 < ~/chdk/trunk/tools/patches/gcc-3.4-arm.diff

Now I created a directory named gcc-3.4.6-arm-elf in ~/chdk_cross_compiler and built GCC so that it compiles for the ARM processor as the default target:

   cd /home/sujith/chdk_cross_compiler/gcc-3.4.6-arm-elf
   ../gcc-3.4.6/configure --srcdir=../gcc-3.4.6 --target=arm-elf \
     --enable-multilib --enable-languages=c --enable-clocale=gnu \
     --disable-libm --disable-libc --disable-threads \
     --disable-nls --disable-libssp --disable-intl --disable-libiberty \
     --with-cpu=arm9 --with-newlib --prefix=${HOME}/arm-elf
   unset LIBRARY_PATH 
   unset CFLAGS
   make
   make install

Now that the cross compiler is ready, it's time to compile the CHDK.

   cd ~/chdk/trunk

Since my camera is a Canon A720 IS, I uncommented these two lines of makefile.inc:

   PLATFORM=a720
   PLATFORMSUB=100c

and compiled it using

   make fir

This created a file called DISKBOOT.BIN in my ~/chdk/trunk/bin directory, which I needed to copy to the memory card of the camera. For that, I needed to format the SD-Card to FAT-16, which I achieved in the following step:

   mkdosfs -F 16

As a final step, I needed to make the card bootable by editing its FAT partition. I did this by using hexedit (make sure that the SD card is not mounted while issuing this command). Before we do that, however, we need to find out which device was mounted by using the 'mount' command; for me, it was /dev/sda1.

umount /dev/sda1
hexedit /dev/sda1

In hexedit, I toggled ASCII mode and wrote "BOOTDISK" (without double quotes) at offset 0x40; I then mounted the SD Card again and copied the DISKBOOT.BIN file to the root directory of the SD card, set the SD card write lock (this is a small lock button on the SD Card itself), and inserted the card into camera. The camera booted with the CHDK and displayed a message showing the CHDK firmware. I was now the proud owner of a CHDK-powered camera! I do find it interesting, by the way, that the SD card is write-locked in the camera, but the photos are still written to the card.

Now, switching the camera into the alt mode and pressing the menu button (my camera has a menu button, for other models it might be different) displays the CHDK options: play a game, load a file, Raw image, Histograms, etc.

Scripting

There is a small interpreter in CHDK named UBasic. Let's begin with a 'hello world' script. The filenames will have a .bas extension (i.e., file1.bas).

   @title Hello World
   print "Hello World" 

Here '@title' refers to the title of the program; if it's not given, the filename will be created by CHDK. Copy the program to the chdk/scripts directory on the SD card and load it. On my camera, I had to press the shoot button to run the script. You can see the output on the screen:

Hello World

In order to blink the orange LED of my camera I wrote the following code:

   for n=1 to 5
     print "Led blink ",n
     gosub "ledblink"
   next n
   
   :ledblink
     set_led 7 1 60
     sleep 1000
     set_led 7 0
     set_led 8 1 60
     sleep 1000
     set_led 8 0
     return 

'gosub' is used to go to a subroutine; here the subroutine is 'ledblink'. 'set_led' is the command used to turn the LED on and off, and '7' is the 'set_led' argument which means the orange LED. Similarly, '8' represents the blue LED.

Blue LED is set on:

Blue LED is set on

In order to shoot the photos with a regular interval of 5 seconds, I wrote this small peice of code.

     for n=1 to 6
         sleep 5000
         print "shoot ",n, "of ",6
         shoot
     next n

To put the camera in 'raw' mode, the 'set_raw' command is used. The following code could be used to set the raw mode in the camera and then take a shot.

     set_raw 1
     sleep 1000
     shoot
     sleep 1000
     set_raw 0

You could check the battery voltage using the following code; the voltage is displayed in millivolts.

     for n=1 to 10
         a=get_vbatt
         print "The V is ",a/1000, "V"
         print "The V is ",a, "mV"
         sleep 9000
         a=0
     next n
Voltage

These are some of the hacks that I've done using GNU/Linux and my Canon camera. If you are ready to experiment with your CHDK-compatible camera, this is the right time to do it. A friendly warning - these hacks are not for faint-hearted!!!

Reference

The CHDK Wiki was very helpful during my hacking and the writing of this article. You can go through it here.


Talkback: Discuss this article with The Answer Gang


[BIO]

I have been in the free software community for the past five years, and have always enjoyed the freedom provided by free software. I thank my guru, Mr. Pramode C.E, who had introduced me to the Free Software community. I completed my B. Tech from Government Engineering College Palakkad (Kerala, India). I work with ElinaNetworks Ltd., Bangalore as an R&D Engineer. My blog is at http://sujith-h.livejournal.com. My areas of interest include Python and C.


Copyright © 2008, Sujith H. Released under the Open Publication License unless otherwise noted in the body of the article. Linux Gazette is not produced, sponsored, or endorsed by its prior host, SSC, Inc.

Published in Issue 154 of Linux Gazette, September 2008

Book Review: Blown to Bits

By Kat Tanaka Okopnik

BTB.RVW 20080831
================
%A   Hal Abelson, Ken Ledeen, Harry Lewis
%C   Boston, MA
%D   2008
%G   ISBN-10: 0-13-713559-9
%G   ISBN-13: 978-0-13-713559-2
%I   Pearson Education, Inc.
%O   http://bitsbook.com
%P   366 pages
%T   "Blown to Bits: your life, liberty, and happiness after the digital explosion"

I don't usually get this effusive about any book, but the authors of Blown to Bits have written a must-read handbook on the most important political questions we face regarding the present and future of technology. Whether you're already familiar with these issues because you're the go-to guy for all your less-techie friends, or you're the bewildered by technology sort, Abelson, Ledeen, and Lewis have laid out the background and the analysis with in-book citations as well as pointers to sources and references available on the World Wide Web.

In the preface it is noted, "The book emerged from a general education course we have taught at Harvard, but it is not a textbook." The course they refer to is "Quantitative Reasoning 48 . . . a course on information for non-technical, non-mathematically oriented students". Each chapter starts with a real news story that illustrates the topic, and then continues with discussion. It's all written in a very approachable, almost conversational style, with short, easy to digest sentences. They succeed where many others fail, being informative without being patronizing or pedantic.

Chapter 3, for example, is entitled "Ghosts in the Machine: Secrets and Surprises of Electronic Documents". In 35 pages, they explain preservation of information ("redacted" documents, change tracking, metadata), compression, file formats, secrecy, archives, and a sidebar on "Open Document, Open Source, and Free". Just that section alone is the subject of numerous other books, but Blown to Bits has another five chapters with just as much breadth of information. Chapter 4 covers search engines, Chapter 5 explains cryptography, Chapter 6 discusses copyright and peer-to-peer filesharing. Chapter 7 deals with computer crimes and censorship. Chapter 8 goes into traditional broadcast media and the (U.S.) Fedecral Communications Commission.

The majority of the book deals with the U.S. first, but these issues are transnational, and global impact is not neglected.

In keeping with the net-savvy approach and background of the authors, readers are encouraged to participate in ongoing discussion at the book's Web site (http://bitsbook.com).

Those of us living in democracies bear a responsibility to safeguard freedoms, and the foundation of the power to do so is knowledge. Grab a copy of Blown to Bits and get the insight and vocabulary to explain these important issues to others. Send a copy to your elected representatives - we need people in power who actually know how the Internet and other technologies work, and why it's important.


Talkback: Discuss this article with The Answer Gang


Bio picture

Kat likes to tell people she's one of the youngest people to have learned to program using punchcards on a mainframe (back in '83); but the truth is that since then, despite many hours in front of various computer screens, she's a computer user rather than a computer programmer.

Her transition away from other OSes started with the design of a massively multilingual wedding invitation.

When away from the keyboard, her hands have been found wielding of knitting needles, various pens, henna, red-hot welding tools, upholsterer's shears, and a pneumatic scaler. More often these days, she's occupied with managing her latest project.


Copyright © 2008, Kat Tanaka Okopnik. Released under the Open Publication License unless otherwise noted in the body of the article. Linux Gazette is not produced, sponsored, or endorsed by its prior host, SSC, Inc.

Published in Issue 154 of Linux Gazette, September 2008

WPA Supplicant LEAP

By Nic Tjirkalli

To get Linux wireless to connect using LEAP authentication (yes, yes, yes, I know the choir will tell us that LEAP is not so secure and we should not be using it, but if that's the way the AP is configured, we do not have much option), I did the following. It worked for me and I hope it works for you.

[ The Lightweight Extensible Authentication Protocol (LEAP) was developed for use with wireless access points and features dynamic WEP keys and mutual authentication. -- René ]

These settings worked for connecting to a CISCO Access Point that is configured to:

System

My system is a: On my Slackware machine, the wireless interface is called wlan0, if yours is not, replace wlan0 with the interface name used by your machine in all the scripts and commands below.

See What Wireless LANs Are Out There

To see what wireless networks are within range and to see what security they have enabled, use the command:
iwlist wlan0 scan

If iwlist returns an error saying it cannot scan because the interface is down, bring the interface up with ifconfig:

ifconfig wlan0 up
and then run the scan command again.

Scripts

I connect manually with a script, as opposed to using any of the automated scripts.

WPA Supplicant Configuration

My /etc/wpa_supplicant.conf looks like this:

# This line enables the use of wpa_cli which is used by rc.wireless
# if possible (to check for successful association)
ctrl_interface=/var/run/wpa_supplicant
# By default, only root (group 0) may use wpa_cli
ctrl_interface_group=0
eapol_version=1
ap_scan=1
fast_reauth=1

network={
  scan_ssid=1
  mode=0
  ssid="SSID_To_Connect_To"
  proto=WPA
  key_mgmt=WPA-EAP
  pairwise=TKIP
  group=TKIP
  eap=LEAP
  priority=2
  auth_alg=LEAP
  eapol_flags=0
  identity="Your_User_Name"
  password="Your_Password"
}

In the above configuration file, replace SSID_To_Connect_To with the Service Set IDentifier, or SSID, of the particular 802.11 wireless LAN you want to connect to; replace Your_User_Name with the user name used for authentication; and last, replace Your_Password with the password used for authentication.

Connection Script

On my Slackware machine, the connection script looks like this:

#!/bin/bash

ifconfig wlan0 down
iwconfig wlan0 essid "XXXXXXXXXX"
ifconfig wlan0 up
wpa_supplicant -iwlan0 -c /etc/wpa_supplicant.conf -Dwext -dd

The -dd causes wpa_supplicant to be very verbose in its output - this is useful if there are any issues, but it also tells you what is happening.

Save this connection script (as root) and make it executable, readable, and writable by user root (chmod 700 con_script. The script must be run as root (or via sudo) to be able to play with interfaces.

When run, the connection script will not terminate. To see what is happening and if all is well, execute the command wpa_cli in another shell, or if you prefer a GUI on X, run wpa_gui. To know if you have successfully connected to the wireless LAN look for the line
CTRL-EVENT-CONNECTED - Connection to 00:11:11:11:11:11 completed

Once connected, you can obtain a DHCP address (assuming a DHCP server exists and is functioning on the Wireless LAN) with the command:
dhcpcd wlan0

Hope this was of use to you and helped.


Talkback: Discuss this article with The Answer Gang


[BIO]

Nic Tjirkalli works for one of South Africa's primer internet service providers. He has been using Linux for over 15 years - started with Slackware and has stayed with that.


Copyright © 2008, Nic Tjirkalli. Released under the Open Publication License unless otherwise noted in the body of the article. Linux Gazette is not produced, sponsored, or endorsed by its prior host, SSC, Inc.

Published in Issue 154 of Linux Gazette, September 2008

Software Review: uvhd - file investigation utility

By Owen Townsend

'uvhd' is a binary file investigation utility. It displays the contents of any file in vertical hexadecimal format, and prompts for commands to browse, search, select, update, scan/replace, print, translate, etc. uvhd is an interactive utility with a command line interface and 18 help screens.

'uvhd' is Copyright(C) 1993-2008, UV Software Inc, and is distributed under GPLv3.

Download and Compile

You may download uvhd from http://www.uvsoftware.ca/libuvhd.htm. uvhd requires only the standard ANSI C libraries. Compile as follows:

 cc src/uvhd.c -o bin/uvhd

The above assumes you are logged in to your home directory on Linux or Unix, have set up sub-directories 'src' and 'bin', and stored the downloaded source (uvhd.c) in the 'src' subdir. We will also assume you have added $HOME/bin to your $PATH for the following tutorials.

uvhd Tutorials

This article will present 3 illustrations, using uvhd on 3 types of binary files, demonstrating file display, browsing, searching, selecting, and updating.

In this article, we will not cover the many other features and options which are documented in the reference manual http://www.uvsoftware.ca/uvhd.htm.

A1. Tutorial #1 - investigate an executable binary program
  - search the uvhd program itself (for 'version')
B1. Tutorial #2 - investigate /var/log/wtmp log file
  - logs events such as reboot, shutdown, logins(userids)
  - select records for specified userid, write separate file
C1. Tutorial #3 - investigate a typical mainframe file migrated to Unix/Linux
- customer master file with Name,Address, and 24 packed decimal monthly sales
- search and update 1 record at a time interactively
- or 1 command to search all records replacing 1 pattern with a 2nd pattern

A1. Tutorial #1 - search executable file

If you have downloaded and compiled uvhd (as described above), you can do this tutorial right now. For our first binary file to investigate, let's use the compiled uvhd program. We will also specify options 'r256s3', which specifies 'r'ecord size as 256 and 's'pacing as 3 (space after scale and between groups).


 uvhd bin/uvhd r256s3  <-- execute uvhd to display bin/uvhd with options r256s3
 ====================    - r256 Record-size (256 is the default if omitted)
                         - s3 Spaces between scale and 3 line groups

filename=/home/uvadm/bin/uvhd options=r256s3 records=813 filesize=104126 recsize=256 fsize%rsize(remainder)=62

                10        20        30        40        50        60
 r#  1 0123456789012345678901234567890123456789012345678901234567890123
     0 .ELF..............>.......@.....@.......H[..........@.8...@..... <-chars
       744400000000000000300000B040000040000000450000000000403000401010 <-zones
       F5C621100000000020E010000D000000000000008B100000000000808000D0A0 <-digits
    64 ........@.......@.@.....@.@.....................................
       00000000400000004040000040400000C0000000C00000000000000000000000
       6000500000000000000000000000000001000000010000008000000030004000
   128 ..........@.......@.............................................
       0000000000400000004000001000000010000000000000000000000000000000
       020000000200000002000000C0000000C0000000100000001000500000000000
   192 ..@.......@......9.......9........ ..............@.......@a.....
       0040000000400000E3000000E300000000200000000000000400000004600000
       0000000000000000491000004910000000000000100060000010000000100000

null=next,r#=rec,s=search,u=update,x=rollback,p=print,i=iprint,w=write,e=count ,g=genseq#,c=chkseq#,t=translate(ta=Asc,te=Ebc,tu=Upr,tl=Lwr,tc=Chars,tp=Pers) ,R#=Recsize,h1=char,h2=hex,q=quit,?=help -->

uvhd displays data in 'vertical hexadecimal', 64 byte segments, in 3 line groups (characters, zones, and digits). For example, the 'E' in 'ELF' is x'45' in horizontal hexadecimal. Note that any unprintable bytes are shown as periods on the 'character' line, but you can see the true value on the 'zone' and 'digit' lines. Of course there are some bytes whose zone/digit bits just happen to coincide with an ASCII printable character, such as '@' x'40'.

Also note that the byte offset (zero relative displacement) is shown at the beginning of each 3 line group. For example '128' is the offset of the 1st byte in the 3rd group of 64.

You would also get a warning (only on the 1st record) if the filesize is not evenly divisible by the specified record size. I have not shown it here since it would not be relevant for program executable files, but would be important for fixed length data files (probably migrated from a mainframe to Unix/Linux).

A2. Search command

After the uvhd data display, you are prompted to enter a command. A brief command summary is displayed (null=next,r#=rec,s=search,u=update,...,?=help). You may enter '?' for 18 help screens (options, command formats, etc).

Let's use the 'search' command to search for 'version' (assuming the program contains that word).


 uvhd bin/uvhd r256    <-- execute uvhd with option 'r' recsize=256
 ==================        (r256 is the default if no options specified)

 ---> s 'version'      <-- 's'earch for 'version' anywhere in program
      ===========
                      10        20        30        40        50        60
 r#      276 0123456789012345678901234567890123456789012345678901234567890123
       70400 useful,.but WITHOUT ANY WARRANTY; without even the implied warra
             7766762067725454455244525455445532767667726766276626676666276776
             53565CC025407948F5401E9071221E49B07948F540565E048509D0C954071221
          64 nty of..MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.....
             6772660044544445444445526724454455244524254554454452555545420000
             E490F600D52381E4129C9490F20694E53306F20100124935C1200520F35E0000
         128 See the full description of the GNU General Public License at:.h
             5662766267662667676776662662766244524666766257666624666676267306
             3550485065CC0453329049FE0F6048507E5075E521C0052C930C935E35014A08
         192 ttp://www.gnu.org/licenses......uvhd version 20080807 - Copyrigh
             7773227772667267626666676720000077662767766623333333322246777666
             440AFF777E7E5EF27FC935E353E000005684065239FE0200808070D03F092978
                                                  *******
 found--> s 'version' <--at byte# 229 of record# 276
 rec#=276 rcount=406 rsize=256 fsize=104126 bin/uvhd

 ---> ss     <-- may enter 'ss' to repeat the last 's' search
      ===      - will find 'version' in 2 other records (not shown here)

 ---> 1      <-- could then reset to record# 1 and repeat 'ss' to find again
      ===

B1. Tutorial #2 - /var/log/wtmp search/select

For our 2nd example, let's investigate /var/log/wtmp, a Unix/Linux system file that stores events such as reboot, shutdown, runlevel changes, LOGINs, and userids logging in. This is a binary file with fixed record size 384 bytes.


 uvhd /var/log/wtmp r384   <-- investigate wtmp (recsize=384)
 =======================
 uvhd filename=/var/log/wtmp
 options=r384 lastmod=2008081704 today=20080817143240 print=p1
 rec#=1 rcount=1343 filesize=515712 recsize=384 fsize%rsize(remainder)=0
                      10        20        30        40        50        60
 r#        1 0123456789012345678901234567890123456789012345678901234567890123
           0 ....05..~...............................~~..runlevel............
             0000330070000000000000000000000000000000770077666766000000000000
             10000500E0000000000000000000000000000000EE0025EC565C000000000000
          64 ............2.6.18-92.1.6.el5xen................................
             0000000000003232332332323266376600000000000000000000000000000000
             0000000000002E6E18D92E1E6E5C585E00000000000000000000000000000000
         128 ................................................................
             0000000000000000000000000000000000000000000000000000000000000000
             0000000000000000000000000000000000000000000000000000000000000000
         192 ................................................................
             0000000000000000000000000000000000000000000000000000000000000000
             0000000000000000000000000000000000000000000000000000000000000000
         256 ................................................................
             0000000000000000000000000000000000000000000000000000000000000000
             0000000000000000000000000000000000000000000000000000000000000000
         320 .......................H<.......................................
             000000000000000000008A843900000000000000000000000000000000000000
             00000000000000000000B928C0B0000000000000000000000000000000000000
  1. On the 1st record above, the event is a runlevel change (on a reboot). 'runlevel' is at 44(8) (dsplcmnt 44 0 relative, length 8). On other records this field might be: shutdown, LOGIN, userids, etc).

  2. Note that the time is coded in binary in bytes 340(4b), the Unix epoch time, the number of seconds since Jan 1, 1970. x'8BA98248' is 2008/07/19_19:57:15. The starting displacement is 320+20=340 since the row starts at 320 and the x'8B' lines up under 20 on the scale.

  3. You can use the 'utmpdump' system command to display the file contents

  4. Unix/Linux systems provide the 'utmpdump' utility to display /var/run/utmp and /var/log/wtmp records in a user friendly readable format. utmpdump will convert the binary Unix-times to a human readable format. Try 'utmpdump /var/log/wtmp | more'.

  5. In the next section, we will use uvhd to select records for a desired userid and then use utmpdump to display the contents.

[ If your distro doesn't have this useful command, simply download this tarball, decompress it, and build the program with 'cc -o utmpdump utmpdump.c'. -- Ben ]

B2. Search /var/log/wtmp for userid uvadm


 uvhd /var/log/wtmp r384   <-- startup uvhd for /var/log/wtmp (recsize 384)
 =======================     - will display 1st record (same as above)
                             - not shown here to save space
 --> s 44(5),'uvadm'     <-- search for records with userid 'uvadm'
                           - displays 1st record found as follows:
 r#       74 0123456789012345678901234567890123456789012345678901234567890123
       28032 ........tty2............................2...uvadm...............
             0000800077730000000000000000000000000000300077666000000000000000
             70006F004492000000000000000000000000000020005614D000000000000000
          64 ................................................................
             0000000000000000000000000000000000000000000000000000000000000000
             0000000000000000000000000000000000000000000000000000000000000000
         128 ................................................................
             0000000000000000000000000000000000000000000000000000000000000000
             0000000000000000000000000000000000000000000000000000000000000000
         192 ................................................................
             0000000000000000000000000000000000000000000000000000000000000000
             0000000000000000000000000000000000000000000000000000000000000000
         256 ................................................................
             0000000000000000000000000000000000000000000000000000000000000000
             0000000000000000000000000000000000000000000000000000000000000000
         320 ....................A..H9.......................................
             000000000000000080004C843E00000000000000000000000000000000000000
             00000000000000006F0019489640000000000000000000000000000000000000

found--> s 44(5),'uvadm' <--at byte# 44 of record# 74

We could use 'ss' to repeat the search for the next matching record (as we did in tutorial #1 for 'version'), but now we will demo the select/write command.

B3. Select all records for userid 'uvadm'


 --> w9999 44(5),'uvadm'    <-- Write all records with 'uvadm' in bytes 44-48
     ===================        to a tmp/file
                      10        20        30        40        50        60
 r#     1340 0123456789012345678901234567890123456789012345678901234567890123
      514176 ........tty2............................2...uvadm...............
             0000800077730000000000000000000000000000300077666000000000000000
             70005F004492000000000000000000000000000020005614D000000000000000
                      ----- bytes 64-319 omitted to save space -----
         320 .......................H.8......................................
             0000000000000000000011A4E300000000000000000000000000000000000000
             0000000000000000000050888890000000000000000000000000000000000000

w9999 44(5),'uvadm' 30 written, tmp/wtmp_080817_151157W

  1. The 'w'rite command writes selected records to the 'tmp/' subdir within your current working directory, with a date/time stamp as shown above, and with 'W' suffix to identify as a Write command output.

  2. Note tmp/... is in your current working directory (NOT /tmp). If ./tmp is not present uvhd will create it.

B4. Examine records selected by Write

We can now examine the selected records as follows:


 uvhd tmp/wtmp_080817_153211W r384  <-- examine selected records (user 'uvadm')
 =================================
 uvhd filename=/home/uvadm/tmp/wtmp_080817_153211W
 options=r384 lastmod=2008081715 today=20080817153306 print=p1
 rec#=1 rcount=30 filesize=11520 recsize=384 fsize%rsize(remainder)=0
                      10        20        30        40        50        60
 r#        1 0123456789012345678901234567890123456789012345678901234567890123
           0 ........tty2............................2...uvadm...............
             0000800077730000000000000000000000000000300077666000000000000000
             70006F004492000000000000000000000000000020005614D000000000000000
                      ----- bytes 64-319 omitted to save space -----
         320 ....................A..H9.......................................
             000000000000000080004C843E00000000000000000000000000000000000000
             00000000000000006F0019489640000000000000000000000000000000000000

We can now use 'utmpdump' to display the selected records in user friendly format with the binary times converted to a readable format.


 utmpdump tmp/wtmp_080817_153211W
 ================================
 [7] [03974] [2   ] [uvadm   ] [tty2   [Mon Jul 21 10:37:05 2008 PDT]
 [7] [03936] [2   ] [uvadm   ] [tty2   [Tue Jul 22 07:39:50 2008 PDT]
 [7] [03974] [2   ] [uvadm   ] [tty2   [Wed Jul 23 10:07:30 2008 PDT]
         - - - - - 24 records omitted to save space - - - - -
 [7] [03971] [2   ] [uvadm   ] [tty2   [Fri Aug 15 06:32:59 2008 PDT]
 [7] [03973] [2   ] [uvadm   ] [tty2   [Sat Aug 16 08:06:10 2008 PDT]
 [7] [03973] [2   ] [uvadm   ] [tty2   [Sun Aug 17 04:48:37 2008 PDT]

C1. Tutorial #3 - Customer Master with packed decimal fields

For our third example we will use the file 'custmas1', which you can download from http://www.uvsoftware.ca/custmas1. This is a mainframe-style customer Name and Address that has been migrated to Unix/Linux. It has fixed length records of 256 bytes, with 24 * 5 byte packed decimal fields (monthly sales), and without linefeeds (which are required by the usual Unix/Linux editors). The field layout is as follows:

      000-005 - cust#
      010-034 - customer name
      035-059 - address
      060-075 - address
      077-078 - province
      080-089 - postal code
      090-101 - telephone#
      102-119 - contact name
      120-179 - this year monthly sales 12 * 5 byte packed decimal
      180-239 - last year monthly sales 12 * 5 byte packed decimal
      240-256 - unused

Download the custmas1 demo file from http://www.uvsoftware.ca/custmas1 into the data/ subdir in your homedir.


 uvhd data/custmas1 r256u  <-- execute uvhd on custmas1 with options r256u
 ========================    - option 'u' is required to allow Updates
                             - uvhd displays 1st record and prompts for commands

uvhd filename=/home/uvadm/data/custmas1 rec#=1 rcount=32 filesize=8192 recsize=256 fsize%rsize(remainder)=0

                      10        20        30        40        50        60
 r#        1 0123456789012345678901234567890123456789012345678901234567890123
           0 130140    EVERGREEN MOTORS LTD.    1815 BOWEN ROAD          NANA
             3333332222454545444244545524542222233332445442544422222222224444
             130140000056527255E0DF4F230C44E0000181502F75E02F140000000000E1E1
          64 IMO          BC V9S1H1    250-754-5531 LARRY WRENCH     ..4V|...
             4442222222222442535343222233323332333324455525544442222201357000
             9DF00000000002306931810000250D754D55310C12290725E38000000246C000
         128 .........W0....`........)X}..f3.....\.................4V}...f...
             0000000005300016000000002570063100095000000000000000013570016000
             0C0000C0270D0540C0000C0098D0263C0444C0000C0000C0000C0246D0056C00
         192 .E|...V}.......................f.....<........f.C 19950531
             0470005700000000880000000018000680001300000000694233333333222222
             35C0046D0000C0023C0000C0083C0056D0012C0000C0016D3019950531000000

null=next,r#=rec,s=search,u=update,x=rollback,p=print,i=iprint,w=write,e=count ,g=genseq#,c=chkseq#,t=translate(ta=Asc,te=Ebc,tu=Upr,tl=Lwr,tc=Chars,tp=Pers) ,R#=Recsize,h1=char,h2=hex,q=quit,?=help -->

Note the 24 * 5 byte packed decimal fields from 120-239. The 1st field is x'001234567C', which is $12,345.67+ Packed fields can be identified by the sign x'_C'(+) or x'_D'(-) in the right hand nibble of each field.

C2. custmas1 - Search/Update

For this tutorial, we will Search for incorrect province codes and Update them. The province code in the 1st record displayed above is 'BC' which is correct for British Columbia, but there are some records coded as 'AL' (Alabama), which should be corrected to 'AB' (Alberta).

We will specify the search field as '77(2)', offset 77 (0 relative) and length (2). If we did not have the record layout above, we could determine the offset by adding 64+13=77. i.e., 64 bytes in the 1st segment + 13 bytes into the 2nd segment. The 1st byte of the province code (BC, AL, AB, etc.) lines up under 13 on the scale preceding the record.


 --> s 77(2),'AL'     <-- Search for record with 'AL' in bytes 77-78
     ============       - will display found record and prompt for commands
                      10        20        30        40        50        60
 r#       13 0123456789012345678901234567890123456789012345678901234567890123
        3072 201120    ALLTYPE RENTAL LTD.      BOX 1819                 DRAY
             3333332222444555425445442454222222244523333222222222222222224545
             20112000001CC4905025E41C0C44E0000002F801819000000000000000004219
 'AL'-->  64 TON VALLEY   AL T0E0M0    403-246-5274LARRY ZOLF        ........
             5442544445222442534343222233323332333344555254442222222200000000
             4FE061CC590001C04050D00000403D246D5274C12290AFC6000000000000C000
         128 ..........Fl...Il......................................vl..9q...
             0000000000460014600000000000000000000000000008900000000760037100
             0C0000C0086C0039C0000C0000C0000C0000C0000C0003C0000C0066C0091C00
         192 .4..................%.L.............I...........A 20010731
             1390000000000000000020400810000000004000000000004233333333222222
             24C0000C0000C0000C0054C0095C0000C0039C0000C0000C1020010731000000
      found--> s 77(2),'AL' <--at byte# 77 of record# 13
 rec#=13 rcount=32 rsize=256 fsize=8192 dat1/custmas1
 null=next,r#=rec,s=search,u=update,x=rollback,p=print,i=iprint,w=write,e=count
 ,g=genseq#,c=chkseq#,t=translate(ta=Asc,te=Ebc,tu=Upr,tl=Lwr,tc=Chars,tp=Pers)
 ,R#=Recsize,h1=char,h2=hex,q=quit,?=help -->

 --> u 77(2),'AB'    <-- Update bytes 77-78 with 'AB'
     ============      - re-displays record to confirm Update to 'AB'
                       - Updated record not shown here to save space

 --> ss              <-- repeat previous Search (double letters repeat commands)
     ===               - next AL record not shown here to save space

 --> uu              <-- repeat previous Update
     ===               - Updated AB record not shown here to save space

C3. custmas1 - Multi-Record Search/Update

There could be many records with incorrect province 'AL' to be corrected to 'AB' and yes, there is a faster way to perform multi record Search/Update. We will assume you have restored the original downloaded custmas1 demo file to your $HOME/data/custmas1.


 uvhd data/custmas1 r256u    <-- re-execute uvhd on restored custmas1
 ========================      - displays 1st record and prompts for command
                               - 1st record not shown here to save space

 --> u999 77(2),'AB',,'AL'   <-- Update 77-78 to 'AB', IF existing 'AL'
     =====================     - displays last record updated as follows:
                      10        20        30        40        50        60
 r#       27 0123456789012345678901234567890123456789012345678901234567890123
        6656 318833    TOP NOTCH CONSTRUCTION   BOX 308, STN J           CALG
             3333332222545244544244455554544422244523332255424222222222224444
             31883300004F00EF43803FE3425349FE0002F80308C034E0A0000000000031C7
          64 ARY          AB T2A4X6    403-385-2965HARRY SMIRNOFF    ..85\...
             4552222222222442534353222233323332333344555254454444222200335000
             12900000000001204214860000403D385D29658122903D92EF6600000085C000
         128 ................................................................
             0000000000000000000000000000000000000001100000000000000000000000
             0C0000C0000C0000C0000C0000C0000C0000C0007C0000C0000C0000C0000C00
         192 .....................p...............<..%P......C 20021130
             0000000000000000000017800000000000008300258000004233333333222222
             00C0000C0000C0000C0000C0000C0000C0027C0050C0000C3020021130000000
         EOF, 32 records read, 11 updated u999 77(2),'AB',,'AL'
 rec#=27 rcount=32 rsize=256 fsize=8192 tmp/custmas1
 null=next,r#=rec,s=search,u=update,x=rollback,p=print,i=iprint,w=write,e=count
 ,g=genseq#,c=chkseq#,t=translate(ta=Asc,te=Ebc,tu=Upr,tl=Lwr,tc=Chars,tp=Pers)
 ,R#=Recsize,h1=char,h2=hex,q=quit,?=help --> ** quit request - program ended **

Notes about Multi-Record Search/Update


 --> u999 77(2),'AB',,'AL'  <-- Update 77-78 to 'AB', IF existing 'AL'
     =====================    - displays last record updated (as shown above)
  1. u999 <-- means (search)/Update the next 999 records. Just 'u' with no count would update only the currently displayed record.

  2. u999 77(2),'AB' <-- this (1st 2 operands only) would update all records if operands 3,4 were not specified.

  3. ,,'AL' <-- conditions in operands 3 and 4 for update specified by operands 1 and 2. Note that operand 3 (,,omitted) defaults to op1, but you could specify a different field.

  4. All rules are documented in detail at http://www.uvsoftware.ca/uvhd.htm

Conclusions

I hope these examples give you some ideas on how you might use 'uvhd', and I welcome any feedback on what you use it for.

Thanks for reading this, and I hope you agree with most of my customers who say: "uvhd is our favorite utility".

If you find any bugs or have suggestions for improvements, please email me (Owen Townsend, owen@uvsoftware.ca, http://www.uvsoftware.ca).

References

UVSI Home-Page


Talkback: Discuss this article with The Answer Gang


[BIO]


Owen Townsend, UV Software Inc, 4667 Hoskins Rd
North Vancouver BC, V7K2R3 Canada
owen@uvsoftware.ca www.uvsoftware.ca
Tel: 604-980-5434 Fax: 604-980-5404

Owen has a science degree from Ontario Agricultural College (now University of Guelph), and taught high school science, physics, and chemistry. Owen then switched careers to work many years for Sperry-Univac (which merged with Burroughs in 1986 to create Unisys).

Owen is now the president of UV Software Inc, which was founded in 1993 to develop and market software for converting mainframes to Unix and Linux. For detailed descriptions of the JCL, COBOL,& DATA conversions, please see the web site at 'http://www.uvsoftware.ca'.

Since 1993, UV Software has supplied conversion software, training, and assistance to convert about 50 mainframes to Unix or Linux. Please see the customer list and some customer comments on the web site at 'http://www.uvsoftware.ca/uvintro.htm#G1'.

Owen enjoys jogging on the trails in Lynn Headwaters park in North Vancouver. He has jogged for over 30 years, but only started running 1/2 marathons in 2006. Since then he has run 6 and surprised himself by winning (in his age group), the 2007 Toronto International 1/2 marathon in 1 hour 52 minutes.

You can see a few photos of Lynn Valley, jogging, skiing, kayaking, etc at http://www.uvsoftware.ca/photos.htm. Owen has 3 children and enjoys the 5 grandchildren (ages 1 to 5).


Copyright © 2008, Owen Townsend. Released under the Open Publication License unless otherwise noted in the body of the article. Linux Gazette is not produced, sponsored, or endorsed by its prior host, SSC, Inc.

Published in Issue 154 of Linux Gazette, September 2008

HelpDex

By Shane Collinge

These images are scaled down to minimize horizontal scrolling.

Flash problems?

All HelpDex cartoons are at Shane's web site, www.shanecollinge.com.

Talkback: Discuss this article with The Answer Gang


Bio picture Part computer programmer, part cartoonist, part Mars Bar. At night, he runs around in his brightly-coloured underwear fighting criminals. During the day... well, he just runs around in his brightly-coloured underwear. He eats when he's hungry and sleeps when he's sleepy.

Copyright © 2008, Shane Collinge. Released under the Open Publication License unless otherwise noted in the body of the article. Linux Gazette is not produced, sponsored, or endorsed by its prior host, SSC, Inc.

Published in Issue 154 of Linux Gazette, September 2008

Ecol

By Javier Malonda

The Ecol comic strip is written for escomposlinux.org (ECOL), the web site that supports es.comp.os.linux, the Spanish USENET newsgroup for Linux. The strips are drawn in Spanish and then translated to English by the author.

These images are scaled down to minimize horizontal scrolling.

All Ecol cartoons are at tira.escomposlinux.org (Spanish), comic.escomposlinux.org (English) and http://tira.puntbarra.com/ (Catalan). The Catalan version is translated by the people who run the site; only a few episodes are currently available.

These cartoons are copyright Javier Malonda. They may be copied, linked or distributed by any means. However, you may not distribute modifications. If you link to a cartoon, please notify Javier, who would appreciate hearing from you.

Talkback: Discuss this article with The Answer Gang


Copyright © 2008, Javier Malonda. Released under the Open Publication License unless otherwise noted in the body of the article. Linux Gazette is not produced, sponsored, or endorsed by its prior host, SSC, Inc.

Published in Issue 154 of Linux Gazette, September 2008

XKCD

By Randall Munroe

More XKCD cartoons can be found here.

Talkback: Discuss this article with The Answer Gang


[BIO]

I'm just this guy, you know? I'm a CNU graduate with a degree in physics. Before starting xkcd, I worked on robots at NASA's Langley Research Center in Virginia. As of June 2007 I live in Massachusetts. In my spare time I climb things, open strange doors, and go to goth clubs dressed as a frat guy so I can stand around and look terribly uncomfortable. At frat parties I do the same thing, but the other way around.


Copyright © 2008, Randall Munroe. Released under the Open Publication License unless otherwise noted in the body of the article. Linux Gazette is not produced, sponsored, or endorsed by its prior host, SSC, Inc.

Published in Issue 154 of Linux Gazette, September 2008

The Linux Launderette

Debian package management Sudoku

Jimmy O'Regan [joregan at gmail.com]


Wed, 20 Aug 2008 10:54:36 +0100

http://algebraicthunk.net/~dburrows/blog/entry/package-management-sudoku/

[ Thread continues here (2 messages/0.82kB) ]



Talkback: Discuss this article with The Answer Gang

Published in Issue 154 of Linux Gazette, September 2008

Tux