My name is Jeff Rohloff, and I am the IT manager of the detention center
here in Las Vegas, NV. I am involved in a project that uses Oracle DB
and application servers. We have investigated the deployment of this
app on a server running Linux, and have been very excited what we have
found so far. We have presented this to the executive staff and they
too are excited. My last hurdle is do a risk assessment of the
deployment of Linux into our environment that is primarily Microsoft.
Do you know of a site, or do you have info that you maybe able to share
that might help me put this document together. Thanks in advance..
This is extremely situation
dependent. You should at least ensure that the people that'll be using
this database are trained to do so.
-- Thomas
In my experience, Oracle in a mixed Windows/Linux environment works
quite well. I recently taught a class on Linux implementation at the
CapitalOne bank headquarters where they're converting to exactly that
setup. Their tech people were highly positive in their reactions to my
questions about the integration process; it eliminated several of the
problems they'd experienced under Wind0ws (I can't recall exactly what
the former problems were, but they had something to do with failing to
service a query during high traffic periods.)
You're definitely not riding the bleeding edge with this; many companies
have implemented this configuration by now, and you could certainly
benefit from their experience. Oracle themselves probably have case
studies on file that you could examine, although it may require a bit of
digging and prodding.
-- Ben
Perhaps our readers could point out some specific resources that Jeff
could use while making his decision about their Oracle setup.
But it does raise a neat idea for an article. The core of any good
advocacy (in my not too humble opinion) is the ability to take the
other viewpoint(s) and examine all the data from a broader perspective
- what will really serve the needs best from the options available.
Soooo... a good article on risk analysis, itself, with managers like
Jeff and businesses in mind, would be a welcome sight. Any takers?
Read our Author Guidelines - then contact our articles@ staff.
-- Heather
Sorry if we're a bit light on the tips this month, folks.
As mentioned in a past issue, people have been asking us for more Tips that
are the little bitty tidbits you can nibble on, the quick answer, the really
handy pencil to tuck in your Linux pocket. Some of our meatier tips come
from The Answer Gang, maybe a little too meaty for some tastes. The fact is
the very best of the tidbit-style Two Cent Tips come from you, dear readers...
Send 'em in! mail your tip to tag@lists.linuxgazette.net. Ideally, they aren't
faq's, aren't obvious (until you see them, at least), but give you a "wow!
I wish I'd known that a few weeks ago" feeling.
Thu, 21 Oct 2004 08:48:02 -0400
linuxham (linuxham from wowway.com)
Answered By Raj Shekhar, Thomas Adam, Mike Orr, Jason Creighton
Debian, ahhh Debian. Don't care about any cutesy install, easy enough IMHO.
[Mike]
I managed to stay out of this thread so far because the author is so
closed-minded, but just to set the facts straight, Gentoo's install is
less cutesy than Debian. No curses dialogs to guide you through.
There is one little dialog program you can run to configure the network,
but it's optional. Everything else is done by hand the old-fashioned way
or by running little console programs. What more do you want?
[Jason]
Alternatively phrased, what less do you want?
For instance, the only thing in the Crux install that doesn't happen on
the command line is a curses-based package selection program. Everything
else (creating the target filesystem, mounting it, installing a
bootloader if you need to, etc.) you did yourself.
Which, oddly enough, I found to be simpler than trying to figure out how
someone else designed an installer.
I had not realized that Gentoo had a minimal install. Sounds like I
might like it. (If only I had the bandwidth...)
[Mike]
Gentoo is not the first or only compile-it-yourself distro, but it
happens to be the one that's supported enough to make a lot of
first-time compile-distro users try it out. So it's creating a
"market" for a different kind of distribution. Something like that
deserves press coverage. Will it remain in that privileged position
forever? Probably not. I first encountered Red Hat some months after
it appeared when a guy recommended it saying, "These guys actually test
their distribution." RH brought a new level of quality control to
Linux, which SuSE and others then stepped up to compete with. No doubt
other distros modelled after BSD ports will appear too, and the binary
distros may start focusing more on their (already existing) option of
letting users install from source if they wish.
Rock Linux is another compile-it-yourself distro, and last time I looked
at it, it had an install similar to Gentoo's. You might also look at
Slackware, which is more simplistic than Debian (and I mean that in a
good way), although it's more cutesy than Gentoo.
Gonna stick with it because
1. It is FREE, never gonna have to pay for it in any way, really a strange concept...
[Mike]
Gentoo is free, and Rock and Slackware and Fedora and...
[Raj]
...so is the Mandrake Community Edition (it lacks the
acrobat reader, crossover office and other proprietary stuff)
2. APT works sooo well. Just install Woody base, set sources to testing, and invoke aptget ugrade dist to get Sarge installed. Then aptget for whatever else over the net
[sic] folks. Debian's actual command (to do mass upgrades without breaking holds or allowing package removals for apps that changed drastically) is:
apt-get upgrade dist
-- Heather
[Raj]
You can do that with yum too. MDK provides rpmuri (might have got the
name wrong). I am surprised that people still complain about the RPM
dependency hell. Then there are some people who can run apt on redhat
too, but I have not looked at it.
[Mike]
Debian can justly be proud of its pioneering work in distro technology.
It was the first distro to create a package searcher/downloader like
apt, a program many of the RPM-based distros have now adopted. Debian
was also the first with individually-upgradeable packages (the dpkg
system), although rpm came out not long after. I think Debian was also
the first distro with dependencies.
But these all must be weighed against the much larger set of quirky
Debian technologies and policies which have not been universally
adopted. Debian has very specific and complicated policies for how
software must be packaged, which files go where, how the application
must behave, etc -- these policies fill two whole books (the Debian
Policy Manual, the Developer's Reference, and we should add the New
Maintainer's Guide and the smaller doucments: Emacs policy, Perl policy,
Spelling Dictionaries and Tools policy, etc). These provide a steep
learning curve for package maintainers, as well as for those who just
want to use dpkg for their own private software. Automated tools exist
now to help with this, but they do so much magic it can be hard to
figure out what all they're doing. Last time I tried to build a
package, you even had to make a PGP key to sign it with, as if that's
necessary for private packages. All this complication regularly results
in (1) Debian packages with broken dependencies: e.g., packages that
depend on themselves, packages that depend on packages that don't exist,
(2) lots of fixer releases to get the minutae of the policies correct,
(3) months or years between releases, and (4) several-month periods
where you can't install two favorite packages simultaneously because one
uses a newer version of a library than the other. Debian was my primary
OS for nine years, so I've had lots of experience with this. When a
package is broken, you have to decide whether it's worth spending
several hours fixing the package, or spending the same several hours
building the upstream software locally and waiting for Debian to catch
up. The latter is fine for really standalone programs, but it's a pain
if it's a library or program that lots of other packages depend on.
3. When Sarge goes maninstream, gonna set cron to update automatically any
packages that get security fixes.
[Raj]
Again yum can be made to run from cron too.
Do not want to start a distro-flamewar, but yes most distros do provide
a very decent method of upgrading/installing packages now. And some
utils do provide means to manage source installs too. (checkinstall is
one from the top of my head). Linux is out of the dark ages now
Not that I recommend letting cron change how production systems work - or don't - every night. brrrrrr... I have enough cares when upgrading while a sysadmin is present.
-- Heather
[Mike]
That may be safe with Debian Stable, but you definitely don't want to do
that with Unstable or you may wake up to a hosed computer. I would
never let any distro automatically upgrade packages without me being on
hand to monitor for problems, not unless I'd had success with that same
package version on other computers, but if you really want to, you can
put "emerge sync" and "emerge world" in Gentoo's cron too.
can the others boast these wonderful qualities? Not sure I care, but it would
be good to know. I installed Suse, and about went to the bathroom to retch
when I realized I had installed a proprietary system. It is still there on my
hd, but I haven't used it.
[Mike]
Some of us are like Linus: we care less if our computer is 100%
politically correct than if it has the software we need. I strongly
prefer free software, but the BSD license is good enough for me; I don't
need GPL (or Lignux). And I'm not against installing RealAudio or Wing
IDE/Komodo or a semi-commercial office suite if there's no adequate free
alternative.
[Jason]
I don't understand this. The BSD license has less restrictions on use
than the GPL. Could you please elaborate?
[Mike]
Bad wording on my part. The GPL fanatics think the BSD license has holes big
enough to drive a proprietary truck through. Users can make closed-source
derivatives of BSD-licensed products, and that really gets the free
software purists' goat.
As an example, last week in LWN there as an article
(http://lwn.net/Articles/106353) about Jeff Merkey's (ex-Novell) offer
to buy a BSD-style license for a certain version of Linux (assuming
all the kernel copyright holders were locatable and agreed, which is
about as likely as Ben Okopnik selling you a bridge in Brooklyn). That
would allow Microsoft to incorporate portions of Linux into Windows if
it desired. There are rumors MS already did this with BSD code, in
Windows 95's TCP stack and telnet/FTP utilities. Does that bother me?
No, I'm just glad they borrowed quality code rather than using whatever
homemade crap they might have come up with otherwise. Actually, what
I care more about is compatibility and interoperability, and borrowed
code at MS has a better track record in that regard than homemade stuff.
I've made some contributions to Cheetah (http://cheetatemplate.org),
a template system for Python, which has a BSD-style license. So nothing
is keeping MS from using Cheetah in MS Office or making a commercial
Cheetah derivative. Does that bother me? No, I thought about that
before I released the code. Their making money off it doesn't hinder me
from using it for free, and I'm glad if it gets wider use, that's why I
wrote it.
Back to answering our reader...
-- Heather
[Mike]
Why didn't you realize SuSE was "proprietary" before you installed it?
It's hardly a secret that its closed-source install/upgrade tools are
what make SuSE SuSE. (Or does SuSE provide the source somewhere? RH
provides the source to all its tools.) Or are you referring to the
third-party software SuSE bundles with a one-user license, software
which completely optional and in no way required for a functional SuSE
system?
[Jason]
nods What works, works. I'm don't use free softcare because it's free
("free" in the "free speech" sense of the word), I use it because it
isn't broken.
Thanks for the great articles!!
Ed
Thanks, Ed. It's always good to hear from our readers.
I was really tempted not to pub this. It's lively, but our Gang aren't
really argumentative with each other about our choices, we just know
how to enjoy a juicy debate. We know there are fans out there for
every distro. Each one's got its good points, some of those are even
much the same. And for others, "good" is in the mind of the beholder.
For users who crave the lumbar support that sitting in the driver's seat
of a commercial distro brings, we seem to have more of those every year.
A few of us will continue to enjoy our hot rods and race around in the
desert of really new software, trusting our experience to be our roll
bars, and expecting - some even enjoying the chance - to hit a few
potholes now and then. Open source gives us that choice.
In spite of my recent hardware problems, there's been a very pleasant
and positive change in my computing experience over the past few months;
namely, the amount of spam that I have to "handle" (i.e., false
positives and negatives) has gone to nearly zero. I wanted to mention it
here, since Neil's article was responsible for getting me started down
this path.
Here's the snapshot of what it took:
1. Followed the recommendations in the article, all except DNS
blocklists. Biggest surprise: the amount I could reduce the spam point
threshold (currently at 3.0) without any resulting false positives. I
could probably go even lower...
2. Training the Bayesian filter on the odd false negatives became
trivial once I set up the Mutt macros:
macro index \eb "|sa-learn --spam^M"
macro pager \eb "|sa-learn --spam^M"
Other than that, I've built up its database by dumping my spambox into
it when it exceeds 100 emails:
sa-learn --spam --mbox /var/mail/spam
3. Whitelisted those of my friends who routinely BCC mails to me.
As a result of all of the above, plus a very simple procmail recipe -
other than basic sorting into my various mailboxes, it considers as spam
anything that is not sent to one of my valid addresses - the last 1000
emails have resulted in 0 false positives and 2 false negatives. Given
that 57%+ of the total (so says a quick analysis of my
/var/log/procmail) was spam, those are pretty impressive results.
Thanks for the initial push, Neil!
[Neil]
I'm pleased to have been some help.
A couple of things I've learnt since I posted the article.
SpamAssassin has a maximum database size and frequently expires tokens in the
database, so the database won't grow too large. this size can be tuned with
the bayes_expiry_max_db_size setting in the configuration. The value seems
to be the number of tokens, rather a size in bytes.
If you've misclassified something and you need to relearn it there's no need
to use sa-learn --forget. If you've classified ham as spam, sa-learn --spam
will automatically forget the learning as ham when told to learn it as spam
and vice-versa.
[Mike]
Good to know, I've been meaning to look at SA's scoring more closely.
My ISP recently went to rejecting mail with more than fifty recipients in
the headers, and that alone cut down my spam by 75%. They also use
Postini, but there was a huge shrinkage in my Postini spambox after they
did this. As in, down from a thousand messages a month to fifty.
Re: How to Reset forgotten Root passwords
Fri, 22 Oct 2004 21:18:07 -0400
Suramya Tomar (LG Article Author)
Additional Info from Ihar 'Philips' Filipau (filia from softhome.net)
Got this email from Philips with some additional information about my
article in LG 107 on how to reset root passwords. He talks about a
special case where the process I described wouldn't work.
He has graciously give me permission to share this with you and since I
think you might find this interesting I am cc'ing this to the TAG.
What do you think, would it be too hard to reset passwords on SELinux?
- Suramya
[Ben]
Nope. Just as you would pass "init=/bin/bash" or whatever on the command
line, you could pass "selinux=0" to completely disable the SELinux
features. You said it in your article: "physical access equals root
access."
Sure, there are things you can do that would definitely prevent somebody
from modifying your /etc/shadow - a large rusty axe vigorously applied
to the hard drive comes to mind (encrypting the entire HD would be a
close modern equivalent) - but we're talking about very rare exceptions.
People who run specialized secured systems but haven't built up a kit of
tools to take care of the now-different set of problems have only
themselves to blame, while the rest of us laugh at them.
Thing here, it wasn't something specialized, but rather normal setup
of Fedora Core 2.
People didn't knew a thing about SELinux, besides /promotion/ on RH
site that FC2 is secure as it wasn't ever before. Then just realized
week later that they have forgotten root password. I did precisely what
you have said with 'init=/bin/bash' (I beleive selinux=0 was a default,
/etc/rc.d/rc was activativating and configuring SELinux before anything
else - it has a flag in /etc/sysconfig) and after reboot no-one was
able to login into system.
Everything worked Ok with disabled SELinux.
If any-one wants to make a correction to article, best of all is to
warn users that some security systems a-la SELinux do store checksums on
files, what can make file unaccessible if it was changes outside of
given security system. To make file accessible again they will need to
consult manuals on how to do that.
Hi,
Thanks for emailing me with this info. I haven't yet tried SELinux so
I wasn't aware of this problem. Apparently whats happening is that
changing the password file trips a checksum or something in SELinux
stoping people from hacking the system.
I think it would still be possible to get past it by disabling SELinux
at statup, changing the password and then do a proper password reset and
then activate SELinux. We could also try edting the sudo file to give a
particular user su rights and then use that login to change the root
password.
You would not do that on system, where you do care about security. Wouldn't you?
Would you mind if I posted your comments on my site as followup on the
article? I will of-course credit you for it but I think that this info
would be useful to others also. I would also like to post this to the LG
TAG mailing list so that they know about this too and who knows this
might show up in next months LG as reader feedback.
Do what ever you like at your discretion.
Spell checking is welcome
* Boot into single-user mode (easiest, least risky)
* Boot using a boot disk and edit the password file
* Mount the drive on another computer and edit the password file
On SELinux enabled system, all this methods will make system unusable.
Have had negative experience with on one of the Fedoras - due to
some kind of bug/feature, SELinux was refusing to accept foreignly
modified /etc/passwd - no-one was able to read /etc/passwd. I believe
that was one of the problems why Fedora removed SELinux from default
installation.
I cannot be sure how to fix that, since I didn't manage to repair
those Fedora. Fedora's FAQ has command to repair file label (whatever it
is called in SELinux, used to track file modifications) - but it was
failing for me. Another option was to turn off SELinux, but I
(mischieviously) used this problem as reason to /upgrade/ system to
SuSE And it worked
Re: stunnel article in the Linux Gazette
Sat, 23 Oct 2004 20:11:30 +0100
Barry O'Donovan (LG Article Author)
Additional Info from Michal Trojnara (Michal.Trojnara from mirt.net)
Hey guys,
When ever I write an article on something I usually send an e-mail to
the developers/maintainers/webmasters/etc of whatever I write about
letting them know it's on the Gazette in case they wish to link to it.
In the case of last months stunnel I e-mailed the author of stunnel
(Michal Trojnara) to which he replied below (and gave his permission to
have it reproduced in Mailbag if Heather so wishes).
Michal Trojnara, Saturday 23 October 2004 19:31
Barry,
Your article is just great. It's very clear and easy for beginners.
Some hints could possibly be added like:
- disabling the Nagle algorithm for improved performance
- creating special user/group just for stunnel instead of nobody
Best regards,
Mike
[Barry]
By the way: Nagle's algorithm is used to decrease the number of packets
sent over a connection by buffering smaller messages so that only a
single packet will be transmitted instead of one for each message.
Although "nagling" addresses some network problems it can be
undesirable in highly interactive environments.
Thanks again for your comments Mike - and your permission to print.
Kind regards,
Barry
[Ben]
Nice! I always like getting the comments "from the horse's
mouth"; much like historical research using primary sources, it has good
solid authority behind it. Thanks for forwarding it, Barry - it'll make
a nice Mailbag item (and adds the benefit of knowing that your article
was vetted by *the* expert.)
It's actually a really good idea in general, on reflection. I've added
it, as a suggestion (original idea credited to you) to the bottom of the
author FAQ.
and rejoice as javascript-enabled browsers are provided with a list of
articles from the current issue of Linux Gazette.
Comments, complaints, etc. are welcome.
Nice, Jimmy. This might be something to note in, what, Gazette
Matters? Our adoring fans will want to know. Might be worth adding right
after your RDF, etc. notes on the front page, too.
-- Ben
It's added there too, now. Thanks Jimmy!
-- Heather
This page edited and maintained by the Editors of Linux Gazette HTML script maintained by Heather Stern of Starshine Technical Services, http://www.starshine.org/
The Answer Gang
Linux Gazette 108: The Answer Gang (TWDT)The Answer Gang 108:
...making Linux just a little more fun!
The Answer Gang By Jim Dennis, Karl-Heinz Herrmann, Breen, Chris, and...
(meet the Gang) ...
the Editors of Linux Gazette...
and
You!
We have guidelines for asking and answering questions. Linux questions only, please.
We make no guarantees about answers, but you can be anonymous on request. See also: The Answer Gang's
Knowledge Base
and the LGSearch Engine
Greetings, and welcome once again to the world of The Answer Gang, give
or take that incredible moon we have spinning round it. If you missed the
lunar
eclipse I'm sorry to hear it, the time in shadow looks only a smidge
brighter than a new moon, and the red penumbra is... well, if you're a
Peanuts fan I
suppose the Great Pumpkin really did rise over the patch this year, only a
few days off.
Far from being the "final frontier" in the space of open source,
A trip to freshmeat.net's
Astronomy topic shows
more cool apps for astronomy fans than you can spot with a telescope.
The night may be an ephemeral thing, but I say go enjoy it sometime this
month. Look outward, upward, and remember there's a reason your cellphone
works, we can get IRC in half our deserts, and ships actually get to where
they're going while carrying the trade goods of all nations.
Politics aside, it's a smaller world than we think. We could use a few more
of them, but so far, it's the only one we've got. Sharing's a good thing -
and the typical open sorceror knows this without thinking about it. I'm glad
we've a few juicy threads to share with you this month. Enjoy!
Automatically selecting matched lines.
From Thomas Adam
Answered By: Tim Chase
This is a question that I posted to the Vim mailing-list. Tim Chase was
kind enough to reply, and in some detail, so it ends up here. Thanks, Tim!
-- Thomas Adam
Hello, all -
I'm trying to get Vim to automatically select (hilight) lines in a file
that start with a particular phrase. Basically, I want it then to run a
command over the selected text. Doing this manually is not a problem, but
I am having a lot of trouble trying to automate it.
I was under the impression that "V%" is what I was after, yet each time I
try it, Vim responds with: "V% is not an editor command". I'm overlooking
something, but what?
[Tim]
I don't think Vim supports disjoint selecting like what I
understand you want to do...in a single pass. However, each
disjoint piece can be passed to your external program if you
want. Perhaps something like:
:g/^\s*\n>/+,/^>\@!/-1! extern_command
Broken down, that's:
:g on every line that matches
^\s*\n> an empty line followed by a ">" on the next line
+ begin a range on the next line (the one with the ">")
, through
/^>\@!/ the next line that doesn't begin with a ">"
-1 adjust the 2nd range argument to be the previous line
because the previous search found the next line that
doesn't have a leading ">" so we have to backup a line
! pass the contents of the range through
external_command and replace the original contents with the
output of "external_command"
Thus, if you wanted to make your quotations in the mail-file all
sound like B1FF (assuming you have the bsd-games collection
installed), you could do
:g/^\s*\n>/+,/^>\@!/-1! b1ff
Any Ex command can take the place of "! b1ff" there, so if you
just want to do normal Vi/Ex commands instead, they all work. If
you want to indent those ranges one shift-width, you can do
:g/^\s*\n>/+,/^>\@!/-1>
Or if you want to delete all quotations, you can do
:g/^\s*\n>/+,/^>\@!/-1d
You can even selectively search and replace only in quotations
with something like
:g/^\s*\n>/+,/^>\@!/-1 s/foo/bar/g
All sorts of handy combinations of things.
Or maybe I didn't understand your original post correctly, and
all this is just a pedantic exercise in the joy of Ex
Exim with Dynamic IP - 2 Questions
From Balbir Thomas
Answered By: Neil Youngman
Dear Answer Gang,
I am using exim to deliver mail form my local host. I have a dynamic
IP address and am using zoneedit as my dns server. So mail to
my userID@my.domain is delivered straight to me. However I have trouble
sending mail to certain address as their ISPs/Postmasters have decided
to block emails originating from dynamic IP address to reduce spam.
For example AOL. I would be greatfull if you could suggest means to
solve this problem, short of paying for a static IP (which I don't
need but for this reason). Talking to my ISP (RoadRunner) has been
a waste of time.
[Neil]
It's certainly possible. The Exim FAQ at
http://exim.org/exim-html-4.30/doc/html/FAQ_3.html has an example of setting
up routers to send local mail to hosts on the local network and everything
else to a smarthost. this should be easy to adapt to do what you want.
If all else fails read the documentation. The Exim documentation, though
large, is very informative. You just need to read it selectively and pick the
relevant chapters.
My second question is how to set up postmaster at my local host.
My current exim config accepts mail sent to postmaster@my.domain
however it does not accept mail to
postmaster@dhcp-xxx-xxx-xxx-xxx.columbus.rr.com
which is my hostname assigned by my isp. The xxx being the ip
address which can change. Is there a way to make exim accept mail
sent to this email address such that the ip address (i.e.
in this case domain name) part is updated automatically.
[Neil]
I don't know about getting it to update the address automatically, but you can
have it match a pattern like postmaster@dhcp-*.columbus.rr.com on the basis
that it's unlikely anyone else's postmaster mail will be directed to your IP.
Frankly I wonder who would send postmaster email to an address like that
anyway.
In the default exim 4 config this is accepted by the rules:
According to the documentation '@' ... 'is a special form of entry which means
the name of the local host, so this should normally match, but I guess
your system is set up to use "my.domain" as the hostname, instead of the
RoadRunner host name.
As an alternative, it may be that adding dhcp-$interface_address.columbus.rr.com or some variation thereon to local-domains will achieve what you want. I have not tried this, so I can't be sure it will work. If you try it, be sure to let us know whether it
worked.
Re: Question re; Fvwm xintric
From Jay Hamilton
Answered By: Thomas Adam
The following was an e-mail sent to me, having read my article in the
linuxgazette from a few months ago.
-- Thomas Adam
[Thomas]
I see you're using FvwmSaveDesk or FvwmDesk modules to save the layout of
your windows? No?
That last bit I added hoping that it would make it a default however it
seems to have no effect at all.
[Thomas]
Not quite. What you're wanting to do is have all those applications start,
and then load fvwm. However, there are two things which you must be
aware of:
*) new.xinitrc is only specific if you have certain Fvwm modules loaded.
If you don't the file is not read [1].
*) The last two commands you have there -- "fvwm" and "DesktopSize 5x5"
are out of context here.
So- I must misunderstand something. I believed that I could add
instructions to this file and they would become the default that didn't
happen so I got it wrong.
[Thomas]
What you want, then (and you were close) is to move all your commands to
~/.xsession [2], so that it looks something like this:
Having saved that file as "~/.xsession", you should ensure that you run
the command "chmod 700 ~/.xsession". What this will do is when you login
(via startx, or some DM) this file is read and will execute all of the
above, including the launching of fvwm.
All that this leaves is the last command you had "DesktopSize 5x5". The
reason it was out of context both in your modification of 'new-xinitrc'
and indeed any ~/.x{session,init} file is because it is specific to
Fvwm. That is, only Fvwm itself will understand what you're meaning. It is
not a command. You should therefore add "DesktopSize 5x5" somewhere within
your ~/.fvwm/fvwm2rc file.
Also when in xconsole I type FvwmBacker Black [or black] the screen
background turns blue- yet I can get a black background via gnome
settings.
[Thomas]
I am not planning to cover the use of Modules for a while yet. However,
there are a number of ways you can do what you want. If you want all of
your pages for all of your desks to have the same colour, then you need to
do two things:
1. In your ~/.fvwm/fvwm2rc file, you'll see a function called
'StartFunction' and it looks like something like this:
AddToFunc StartFunction
+ I Exec exec xsetroot -solid gray66
+ I Test (Init) Module FvwmForm Login
+ I Test (Init) Exec exec unclutter
When fvwm loads, apart from locating its configuration file, one of the
first things it does is to look for this function and execute whatever is
within it. So here, you can see that I have told it to load "xsetroot"
(which does more or less what FvwmBacker does), and a few other things.
What you want is to add to this definition and add:
+ I Module FvwmBacker
for your own StartFunction definition. If you're wondering what the syntax
means, then:
"+". I think of as meaning "belonging to" a function or definition.
"I". This stands for 'Immediate' and means that it will execute
immediately once the function is invoked. There are other types of
attributes which I won't cover here.
"<command>". Whatever follows after that is a command to be run.
But this is not enough -- all you have done by adding the above line to
"StartFunction" is tell Fvwm to load the module. You haven't told it what
to do with the module. For that, we have to configure the module. The way
that is done is like this:
You can add that directly into the file as-is if you like. What it does is
sets every page on every desk to a solid colour of darkgrey (grey66). You
can replace 'grey66' with whatever colour you want.
When you have done all that, restart fvwm, and all (hopefully) should be
well.
Hope That Helps,
[1] This is only if new.xinitrc is not a symlink to ~/.xinitrc or
~/.xsession, of course.
[2] The reason why I'm advocating ~/.xsession over ~/.xinitrc is that
startx will default to ~/.xsession if no ~/.xinitrc file exists. This has
advantages when using XDM as a display manager, etc.
Cannot talk using "talk"
unless we tell it to?
From Jaye Inabnit ke6sls
Answered By: Thomas Adam, Benjamin Okopnik, Kapil Hari Paranjape
Hey guys:
I'm just getting 'round to reading this months Gazette. Anyway, about the
'talk' and 'talkd' issue, make sure you also mention that probably every
distribution these days disables 'messages', which means that users wouldn't
even be notified that someone is trying to 'talk' with them. Check it with
an xterm or in console:
[Thomas]
Actually, it is the default for it to be on, for any Linux system that I
have come across, but I am not going to argue the point.
jaye@librabogus:~$ mesg
is y
jaye@librabogus:~$
The way I fixed this issue was to modify my global preference file
'/etc/profile' (within Debian systems):
EDITOR=/usr/bin/vim
PAGER=/usr/bin/less
umask 002
mesg y
[Thomas]
Adding it to /etc/profile is not something I would do - it should not
be a system-wide policy - making it a local user issue is a better idea.
Leave your poor users alone.
[Ben]
WHOOPS. As Thomas has already pointed out, this is a very poor
practice in most cases. There's not much wrong with setting the PAGER to
"less", but making "vim" the default editor means that new users can get
horribly confused by an unresponsive beeping application that they don't
know how to exit. Worse yet, setting the umask to 002 sets up a security
risk every time a user creates a file - one of which they will usually
be unaware. These things should not be set by policy (i.e., in
/etc/profile) but via an informed, per-user decision; that's why
individual .profile mechanisms exist.
By adding the last line to your 'profile', users messages are turned on by
default. I also modify my local '~/.bash_profile' file with the same entry
since KDE and friends sometimes don't play nice with the global settings
[Ben]
Admittedly, setting a global "mesg y" is not something that'll
accidentally destroy the world, but tweaking /etc/profile, as a rule of
thumb, is to be approached with much forethought, trepidation, and a
stout shock prod.
[Thomas]
As to why KDE is ignoring this, you need to make sure that you either
start $SOME_TERMINAL_EMULATOR invoked as a login shell, so that the
global files are read. Or, alternatively, source ~/.bashrc from
~/.x{session,initrc}
[Ben]
Thomas, to the best of my knowledge, /etc/profile is read as soon as you
log in, as long as your login shell is anything that had the Bourne
shell in its family tree. The question of whether you ran an xterm or
not shouldn't even be applicable. Do you have some information to the
contrary?
[Thomas]
It is if you login to a console -- not via a DM. Kdm and friends are
notorious for this. This is why so many people get confused as to why
their nice $PS1 prompts don't appear in xterms and the like.
So you either force the shell to be a login-shell, or if you have
defined various environment vars in ~/.bashrc, to source this from
within ~/.x{session,initrc}
[Ben]
Wow, evil. I've got to say that I'm a bit shocked - why the heck would
they break a working system that way?
All the more reason I'm glad I've avoided *dm for all these years,
then...
[Thomas]
Break? No, That's exactly the way it should be, Ben. Sure, when you
open up an xterm, the subshell is supposed to be inheriting environment
variables from somewhere, but then that's why the user sets it up.
[Ben]
The broken part is, why would it have to be set up twice? If I've spent
time configuring my CLI environment, it shouldn't change if I decide
that I now want to start X via *dm. Sure, sourcing the rc files from
~/.xsession isn't that hard - but you have to know enough to do it.
[Thomas]
The X startup files are not supposed to source anything shell related such
as /etc/profile by default. Why? It has no reason to -- that operation
is to do with shells only.
Of course, as I have said, this is where ~/.xsession shines.
[Ben]
Except that, by allowing the user to log in without doing so, it now
changes his environment without any reason for it - and violates the
programming principle of doing "the least unexpected" thing.
[Kapil]
As far as I can see, this is one of those "active developer/backward
compatability" (AD/BC) issues. The AD wanting to move to GUI (yes, it
was a while ago but we CLI types don't die easy
) Unfortunately,
when the "shell" was designed it was assumed (ah-ha!) that no one would
run programs (except daemons) other than from the command-line or from
other running programs and so on recursively.
One solution. Have a file say $HOME/.environ and ensure that it is
sourced at all session-startups CLI or GUI.
[Thomas] But this is why /etc/environment is used. If PAM is setup to use it, then it will. We're fortunate that /etc/environment in this instance is the only shell-agnostic file available. So it is ideal for these sorts of situations. Although it should not be mis-used. It's also not very portable.
[Kapil]
So why not use $HOME/.profile instead. Not because of (t)csh folks
The problem would be that a .profile could do a number of CLI specific
thnigs---in fact shell users have had extremely complicated .profile's in
the past. It is a mess as any AD/BC issue generally is.
The problem with TLU thing is to decide who the target user is---the one
who read the part of the manual which said "keep .profile simple" or the
one who read the juicy bits about all the fancy features of the latest
shell and didn't enclose those in "if [ -n "$PS1" ] ... fi". The latter's
X session will probably crash if her/his .profile is sourced.
I think there was long thread on Debian once about /etc/environment but
IIRC the idea was dropped. Perhaps (I tremble to start another war here)
PAM's session mechanism could be used to setup session variables.
Heh, I avoided *dm's too until I started back to scewl (~40ish hippie strikes
again). I was using pure Debian, then I upgraded entire system hardware and
decided to use LibraNet. I was so pleased with Libranet that I put it on my
new-2-me laptop too.
This has been an interesting thread. Thanks for the responses.
One trick I learned about for KDE's Konsole is adding
"%i %m -ls" to the Command stanza on the Execute tab (Properties). With this
little tweak, the .rc files are read on launch. My brother added some very
handy Debian-centric stuff that I'm lost without these days, and it's nice to
be able to use Konsole with its tabbing capabilities. If I was a better
person, I'd spend some time to learn what each of those little dewhickymobobs
do!
Submitters, send your News Bytes items in
PLAIN TEXT
format. Other formats may be rejected without reading. You have been
warned! A one- or two-paragraph summary plus URL gets you a better
announcement than an entire press release. Submit items to
bytes@lists.linuxgazette.net
Legislation and More Legislation
DMCA
As reported some time ago, Lexmark has been attempting to use the
DMCA to prevent other manufacturers from producing compatible ink
cartridges for Lexmark printers. Essentially, the DMCA comes
into this business due to the inclusion of electronic protections
into the actual cartridges. To produce a replacement cartridge
a manufacturer must, obviously, circumvent this technological
protection: an action that exposes them to potential attack under
the DMCA.
The Register has reported that on October 26th the US Courts
of Appeals, Sixth Circuit, has overturned an earlier decision and
will allow SCC to continue to sell replacement cartridges pending
the final resolution of the case. The Electronic Frontier
Foundation has
an online archive of documents relevant to the case.
e-Voting
Well, this is a time when voting is on everybody's mind (not just
in the US). It will be interesting to see how the disparate
voting and vote-counting systems in use across the States perform
and their relative robustness. Of course, many informed
observers in the technology community, and in particular the FOSS
community, recognise the importance of having open standards and
verifiable methodologies in e-voting systems.
The Register reports
that US manufacturers are inching towards appearing to
provide the kind of verifiability and accountability required
from systems at the heart of democratic infrastructure. I
recommend you read the article yourself to see how far short of
an adequate solution the companies' suggestions fall.
O'Reilly has an analysis of the recent malware RedHat-hoax
email that has been circulating, and what this might mean for the
future of GNU/Linux security. There is
a longer analysis at NewsForge.
Linux Focus, an online
GNU/Linux magazine that we have linked-to regularly in the past,
has made a few changes in their publishing style. From now on,
the magazine will switch from its bimonthly publishing schedule
to a new continuous publishing model. So now you've even more
reason to take a regular look at this fine publication.
Ubuntu Linux
is a new Linux distribution based on the architecture of Debian.
The aim is to have a new release every six months, and in this
way to continuously have an up-to-date stable distribution. This
distribution is aimed particularly at desktop users.
Originally hailing from Ireland, Michael is currently living in Baden,
Switzerland. There he works with ABB Corporate Research as a
Marie-Curie fellow, developing software for the simulation and design
of electrical power-systems equipment.
Before this, Michael worked as a lecturer in the Department of
Mechanical Engineering, University College Dublin; the same
institution that awarded him his PhD. The topic of this PhD research
was the use of Lamb waves in nondestructive testing. GNU/Linux has
been very useful in his past work, and Michael has a strong interest
in applying free software solutions to other problems in engineering.
GRUB cannot boot the Knoppix CD if booting from the CD-ROM is disabled.
This is a feature that the GRUB developers should consider adding. See my previous article in the October 2004
Linux Gazette.
However, GRUB (current version 0.95) can generate a floppy to boot Knoppix
after a full install to hard disk - something LILO may have problems with,
due to its inability to find files, and due to the kernel and initial
RAMdisk growing past diskette size.
Assume Knoppix is installed to hard disk but that its partition is not
bootable, for whatever reason. You need a floppy to boot Knoppix, and here
is how to make it with GRUB:
General case: disk visible to BIOS
You can use a simple GRUB diskette that boots to a GRUB command line. From
this command line, you can issue commands to boot your Knoppix on the
non-bootable partition.
This simple GRUB boot diskette can be prepared with the
grub-floppy script. It is very quick to prepare, but does not
carry a filesystem, so you cannot do much with it. You cannot write to it,
and you will have to type quite a bit after booting to the GRUB prompt.
A more comfortable solution is given by the script
grub-install, which requires a formatted diskette. A
DOS-formatted diskette will do, and you will be able to modify it from DOS
- quite an advantage. Mount the diskette, e.g., to /floppy, and issue the
command:
grub-install --root-directory=/floppy fd0
The script will create /floppy/boot/grub and copy to it the image files
required for booting. Some of them can be deleted, since you do not need
support for half a dozen filesystems.
Now, the best part of it is that you can write to /floppy/boot/grub a text
file by the name of menu.lst, which is the configuration file
for GRUB. Here, you put all the instructions you want for booting your
Knoppix, and that's it. (The endline sequence may be DOS-style or
Linux-style.) It boots fairly quickly - or rather, it boots very quickly if
you reduce the timeout to 1 sec and suppress the menu.
Abnormal case: disk not visible to BIOS
Let us now get around to a conjurer trick that looks a bit puzzling.
The hard disk where Knoppix is installed is not visible to the BIOS. Why
not? Because the disk is explicitly set to 'none' in the BIOS, for some
peculiar reason. Or because the old BIOS cannot see partitions past 8GB.
Wonder: Linux can boot, see the disk even though it is invisible to the
BIOS, and plant its root on it.
The preparation of the GRUB diskettes for the trick goes actually the same
way as before, but some additional fiddling is required.
Let us focus on the case where a DOS-formatted boot diskette has been
prepared with grub-install.
First, you copy your Linux kernel (name it vmlinuz) to a hard disk visible
to the BIOS, e.g., the first hard disk, first partition, which GRUB call
(hd0,0).
Second, you must guess the proper Linux designation for the Knoppix
partition, when Linux is running. Remember that Linux calls the SCSI disks
/dev/sda, dev/sdb, etc., and the IDE disks /dev/hda, /dev/hdb, etc. The
partitions are then appended to them as numbers, e.g., /dev/hda1,
/dev/hda2, etc. It can get complex, depending on the devices you have in
your PC. In any event, you must find the proper designation for the Knoppix
partition, since it is invisible to the BIOS and GRUB. Assume for the sake
of an example that the correct Linux designation is /dev/hdb1.
Now, write menu.lst to the floppy, directory
/boot/grub, as follows:
# start of menu.lst
# GRUB boot for Knoppix 3.6/kernel 2.6.7
# Knoppix is installed to hdb1
# hdb1 is not bootable, indeed not seen by BIOS
# By default, boot the first entry
default 0
# Boot after 1 second, no menu
hiddenmenu
timeout 1
# first and unique entry
title knoppix36267
kernel (hd0,0)/vmlinuz root=/dev/hdb1
# Should an initial RAMdisk be required,
# the last line would be, for instance:
# kernel (hd0,0)/vmlinuz root=/dev/hdb1 initrd=/initrd/ird.gz
# end of menu.lst
We are not finished yet. GRUB has on the floppy an auto-generated file
device.map, listing all devices known to it. In this abnormal case, it is a
good idea to check the map file; it may need revision by hand. Indeed, it
must include that device unknown to the BIOS but destined to carry the
root. Note that the map file is simply a translation between GRUB device
names and Linux device names.
That's it. Boot the GRUB diskette and it will pull vmlinuz from your first
hard disk: vmlinuz will run and will recognize and use the partition
/dev/hdb1 even though /dev/hdb is unknown to the BIOS.
Can anyone explain it? If the kernel can see partitions invisible to the
BIOS, why can't GRUB? GRUB has in the boot sector a tiny program called
stage1 that does nothing but trigger stage2.
Since stage2 is more than 100K, shouldn't it be able to detect
available devices the same way the kernel does?
GUI is an acronym for Graphical User Interface. You can choose
your GUI in Linux. The working title for this topic was
Non-Standard GUI Desktops, but two things are true: First, choice
is sometimes good. Second, in many people's minds, "Non-Standard"
often implies sub-standard. Nothing can be further from the
truth.
In most other popular operating systems, the GUI is both
mandatory and relatively fixed. In Microsoft Windows®, you
have... well, Windows. You can apply themes and styles, and make a
few changes to appearances, but the system is designed to run only
in the provided graphical interface. You can't really change out
the Windows interface for some third-party layer. Apple Computer
is, as far as I know, much the same way, with its new Aqua®
desktop GUI over the top of OS X® (I will admit complete
ignorance of the Apple way. It's entirely possible that
Aqua is just a window manager running on top of the X server
running as an application over the Mach-derived core, but I don't
know the first thing about it).
Rick Moen comments: Aqua is actually the
name of the look and feel effect, resulting from running a
proprietary "Display PDF"-oriented 2D display engine named Quartz
(as well as 3D extensions dubbed "Quartz Extreme") — a direct
descendant of NeXTStep's Display PostScript engine. There are only
a limited number of third-party tweaks one can make to the Quartz
framework. E.g., a friend has retrofitted one to restore the
ability he enjoys in Linux to have virtual desktops. The important
thing to remember is that Quartz is not X11 at all, though recent
versions have added the ability to seamlessly image X11
applications using an integrated copy of XFree86 for PPC. (I
believe this bundle starts something called "quartz-wm" as default
display manager, but that you can change it.) I'm not 100% clear on
details, because I run my iBook almost entirely in Ubuntu Linux,
instead. Note: Because the term "X" is such an overloaded term in
the Mac OS X context, the Unix-standard X Windows System is most
often referred to as X11 to disambiguate it, despite the extremely
small amount of inaccuracy entailed.
When it comes to the GUI, Linux really is different. Display
servers provide the interface between the GUI and the hardware
(video card). Then there are window managers and desktop
environments that are the graphical presentation layer within which
applications run. There are many choices for each of these
categories. Let me guide you through these options, before we talk
about changing the way you work in the GUI.
Display Servers
A display server performs the basic functions of working with
the video display hardware, as well as pointing devices (mice,
touchscreens, tablets, etc.) and keyboards. It encompasses both the
operating system interface and drivers necessary to talk to
specific video hardware. Linux display servers are variants of the
X Window System (X), which originated at MIT in 1984, long before
Linux itself. X has spawned many children, some open source and
some proprietary. The most popular X server software for Linux,
through the first quarter of 2004, was the XFree86 server (http://www.xfree86.org/). Due to a
licensing change and developer conflicts, most Linux distributions
(including Fedora Core 2) at this writing are migrating to the
X.org server (http://www.x.org/),
an open source fork of the XFree86 codebase. I strongly recommend
that you stay with the vendor-recommended X server software for
your distribution: Migrating to a new display server is not for the
faint of heart.
Way back in the late 1990s, it was taken for granted that Linux
would not run the latest, fastest, hottest video cards. It would
take 6 to 12 months for some dedicated soul to engineer a driver to
use the special functions of a new video card, usually without any
help whatever from the card manufacturer. As Moore's Law trebled
itself in the video card arena, two things changed: First, video
chipsets gained capabilities so quickly that open source developers
couldn't keep pace. Second, the field of manufacturers narrowed
dramatically. Skip forward to today. There are two main players:
Nvidia and ATI. Both provide capable video cards, and, more
wonderfully, both provide drivers that work with current kernels
and display servers to interface Linux to almost all of the hottest
new cards. These binary-only drivers have compiled interfaces that
allow the drivers to be used with current kernels and X servers. In
addition, both manufacturers appear to be working with open source
coders to provide stronger support for cards that are no longer top
of the line (thus avoiding perceived competitive disadvantage).
Window Managers
A window manager (WM) provides basic services for GUI
applications running on a display. An application window is framed
and usually has a title bar with widgets for opening, closing,
minimizing, and what-not. Windows have focus (to be typed into) and
other attributes as well. Finally, a WM provides application menus
of some kind, and settings for such things as themes, styles, and
backgrounds. Some window managers handle more capabilities, like
tabbed windows, or extreme customizability, desktop icons,
taskbars, and even scripting capabilities. At the "low end" there
is the minimalist window manager, which is said to provide a place
to display multiple xterms, and use the mouse to point at the one
to type in. Blackbox, Fluxbox, and OpenBox all fit into this end of
the pool, as does TWM, the first X window manager. The most extreme
light WM I know of is called RatPoison, and is designed to be used
keyboard-only. The best advantage of light window managers is that
they add very little load to the system for the services that are
provided, both in terms of CPU and memory usage. Speed is good.
In the middle bit of the pool are such window managers as IceWM,
AfterStep, and WindowMaker. These are variously similar to
interfaces provided on other operating systems, and are more
customizable, while staying lean and trim with regards to system
resources. The single most powerful WM I've experienced is FVWM2.
It is agile, mutable, scriptable, and overall a real joy to work
in, once I've wrapped my head around it properly. But when I'm not
experimenting with other options, I come home to Fluxbox.
Desktop Environments
Also known as an Integrated Desktop Environment (IDE), these are
the Galaxy-class workspaces for the Linux GUI. Not nimble, and
desirous of as much processor and memory as you can throw at them,
IDEs provide capabilities similar to that of the latest Windows and
Apple operating environments. There are two players in this space:
KDE and Gnome. Okay, Gnome and KDE! I've said it with BOTH first,
in order to keep the flamage to a minimum. Asking the "Gnome or
KDE?" question on the wrong mailing list is a bit like asking "vi
or Emacs?", and nothing at all like asking "cake or ice cream?"
The correct answer to that last question is, of course,
"Both!"
KDE was the first of the IDE projects. Based upon a widget
toolkit called Qt, KDE 1.0 was the first look at the future of
Linux desktops, and many people liked what they saw. But some
people saw a dark cloud around that silver lining: At the time, the
Qt libraries weren't "free" in the open source (aka Free Speech)
sense. This problem lead to the creation and fast ascendence of the
GNOME Project, an alternative IDE build upon the underpinnings of
the GTK+ toolkit, free and powerful. After some heavy competition
on capabilities and equally heavy flame-wars on a number of mailing
lists, blogs, and other fronts, an important event took place:
TrollTech, the creators of Qt, made Qt available under the
OSI-certified QPL license. Had this taken place earlier, GNOME
would never have been. But the race between them has benefitted
both, by many measures (although some commentators have noted that
the sheer energy of duplicated effort might have been better spent
elsewhere). Today, with some noisy exceptions, there is
considerable work going on to integrate the deep ends of both
environments, so that applications created for one can participate
more easily in the other.
KDE and GNOME each provide a lot of features. These start at the
surface, with lots of eye candy like translucent menus, tooltips,
desktop file managers, and deeply extreme customization. Under the
surface, both GNOME and KDE offer variations on CORBA/DCOM-type
capabilities. This permits inter-application communications and
control, application and document embedding, and many other
features. If your goal is to come up to speed as quickly as
possible in Linux, when you've already had lots of time in front of
Windows machines, then either KDE or GNOME will suit you fairly
well, with possibly the lowest of learning curves.
Of course, almost every distribution has "chosen sides", and
preferentially load one or the other IDE as default. Red Hat, in
both the commercial and open versions, offers up GNOME by default,
themed with a package called Blue Curve. Optionally, you can
install KDE and select it as your default desktop. Blue Curve is
the default theme there, too. Debian leans towards GNOME, too,
while SUSE, Mandrake, and others choose KDE as primary. In some
cases, what makes a distribution special is coded explicitly for a
particular environment: This is true of Xandros and its
customization of KDE.
Making Changes
Now I'll show you the options you have for selecting GUI
desktops other than GNOME, and how to install them in Fedora Core,
the example Linux for this book. Briefly, at the end of this
section, I'll discuss ways of installing alternate window managers
and desktops in a few other distributions. For the purposes of this
discussion, I'm using a clean install of Fedora Core 2, Workstation
configuration. I'll grant you the desire for a GUI on a server, but
not the need to spend time mucking around with alternatives there:
Use the RH GNOME and associated tools, there. They are designed for
and work best in that environment, and best emulate the experience
you'll have if you use the RHEL family of products.
KDE
Installing KDE in Fedora is a snap, in a couple of different
ways. First, of course, you can easily select it during the
installation. First, after the package configuration step, select
the option to customize your package selections. Then continue to
the Package Group Selection dialog, as shown in illustration 1.
Illustration 1
Select KDE during Fedora installation
Then, once the installation is complete, KDE is one of the
options from the initial login screen (in the list of available
sessions). But that's assuming that you're doing a clean install of
Fedora Core. What if you've already installed, and now you want to
add KDE?
Log in to Fedora as your normal user. Click on the menu icon in
the task bar (by default, that distinctive red Fedora), then choose
System Settings, then Add/Remove Applications. After filling in the
password prompt box to get administrative access, the Add/Remove
Applications dialog box appears, looking virtually identical to the
Package Group Selection dialog shown above. From there, check the
KDE box, and have a look at the Details link to see if you want to
add the KDE Administrative Tools. They're omitted from the
defaults, but I recommend it. Continue with the installation, and a
set of packages for KDE and supporting cast are installed. My only
gripe was having to swap twice: First disc 2, then disc 1, then
back to disc 2. When all is said and done, log out, then back in
again. This time, before putting in the password, look at the
options revealed by clicking on the Sessions link at the bottom of
the login screen. There's KDE, ready to be selected. Do so, then
login. Spend some time spelunking around in the interface and
through the menu trees. Observe the differences, and the
similarities. Of all the Linux distributions, Red Hat puts the most
effort into making KDE and GNOME as nearly alike as possible, on
the surface, anyway. Now let's have a look at something from the
Atkins-friendly side of the menu....
Xfce4
I can hear it now. "That isn't one of the window managers he
wrote about a couple of pages back!" Yup, you're right. But it is
the only other one that is included with Fedora Core 2, besides
GNOME and KDE. So instead of using the Application manager to try
to find and install it, I'll drop down to the command line and use
the tools that underpin the network updates and application package
management for Fedora Core: yum.
Note: Yum is short for Yellow Dog Updater, Modified, originally
from the Yellow Dog PowerPC Linux distribution. Yum adds a layer of
dependency checking and a number of other handy tools atop the RPM
package layer. Type man yum at any
command prompt to learn more.
[root@gael root]# yum install xffm\* xfwm4\* xfce\* xfdesktop
Gathering header information file(s) from server(s)
. . .
.Dependencies resolved
I will do the following:
. . .
Is this ok [y/N]: Y
Then the appropriate packages are downloaded from the official
Fedora mirror sites, checked, and installed without further ado. A
note of thanks: I picked up the yum shorthand for this particular
installation from an article on FedoraNews.org. Two files need to
be created, for the login session manager to pick up XFCE. Use your
favorite text editor.
In /etc/X11/dm/Sessions/xfce.desktop:
[Desktop Entry]
Encoding=UTF-8
Name=XFCE4
Comment=This session logs you into XFCE4
Exec=startxfce4
Icon=
Type=Application
In /etc/X11/gdm/Sessions/XFCE:
#!/bin/bash
exec /etc/X11/xdm/Xsession XFCE4
Both files need to have their permissions set properly:
This sets read/write/execute for the file owner (root), and
read/execute for everyone else. Then you can log out, and select
XFCE from the Session manager during login. It loads much more
quickly than the two desktop environments, so what's missing? Well,
all of the Fedora-specific menus, for one. To use this on a daily
basis, I'll need to heavily customize the menu system to match what
I need from the installed Red Hat administrative utilities. But
there's more good news!
What a difference a lighter WM makes! Just after reboot and
login each time, with one terminal window and one SSH session
running, here are the respective memory usages for the three
choices we have:
WM vs.
Mem
Gnome
KDE
Xfce4
MemTotal
257072 kB
257072 kB
257072 kB
MemFree
2284 kB
3852 kB
56480 kB
Buffers
21316 kB
22404 kB
20804 kB
In a 256 MB environment, both KDE and GNOME fill things right
up. That's not all of the available data, of course: There wouldn't
be room to write any more prose on the topic if I duplicated the
memory and CPU data to demonstrate full load characteristics. But
clearly, Xfce4 uses less memory for the desktop, leaving more room
for running applications before resorting to swap. In a severely
memory constrained machine, I'd seriously consider not running X at
all (in the /etc/inittab file, this line:
"id:5:initdefault:", change the '5' to a '3', and reboot) to
conserve resources. When I tested this, I came up with 181 MB of
free RAM. Of course, the better choice there is to get a more
powerful machine, or at least more RAM. How do you value your
time?
IceWM
Why one more window manager? The best reason is that this one is
compiled from external sources, built locally, and installed using
the package manager for ease of future updating. So it's a great
example for lots of concepts. First, go to the home page for IceWM
(http://www.icewm.org/) and
follow the links to pull down the latest stable source file for the
product. At this writing, the stable revision is 1.2.14. Put the
file into /tmp, open a terminal window, type
su - and the right password to become
the root user. Then use these commands:
Feign an unconcerned demeanor, as warnings and apparent compile
errors fly past your eyes. It only matters that the job completes
— most of the warnings are put there by the program's author
to remind him of places in the code that still need work. This step
can take quite a few minutes, depending on processor and available
RAM. When it's done, the last few lines of the job tell you where
the RPM files were written. That's where we're going next, to
install the freshly built RPMS.
[root@gael tmp]# cd /usr/src/redhat/RPMS/i386/
[root@gael i386]# rpm -ivh icewm*
How did I know that was going to work...? Usually there are
dependency problems, no? I knew that the packages built to
completion, so they must have built in the context of the required
other software being present. Otherwise, the compile would have
failed with a hopefully useful message telling me what was missing.
There was no problem this time. Next, again, we have to create and
set permissions for the following files:
In /etc/X11/dm/Sessions/icewm.desktop:
[Desktop Entry]
Encoding=UTF-8
Name=IceWM
Comment=This session logs you into IceWM
Exec=/usr/bin/icewm
Icon=
Type=Application
In /etc/X11/gdm/Sessions/ICEWM:
#!/bin/bash
exec /etc/X11/xdm/Xsession IceWM
The results I see after a reboot and login are a clear
improvement even over Xfce4, nearly 20 MB more free. But the same
issue with Red Hat menu integration exists.
Pros and Cons
The real upside for many people in installing a non-default GUI
on their machine is about control. It has been said many times that
Linux is about choice, and people who run and live in Linux like
making those choices for themselves. Additionally, a large number
of users don't want all of the eye candy and other "features" that
seem to stand between them and getting the job done. If the CPU is
bouncing a little deforming icon up and down, then it's not hard at
work starting your application, is it? That brings up the other big
advantage of light window managers: loading speed. If you're in and
out of the box all day, the time spent waiting for the GNOME and/or
KDE environments to completely initialize can be excruciating.
Light == Fast == Good.
The downside is that most distributions, and the Red Hat /
Fedora ones in particular, heavily customize the preferred
environments to match and support the GUI management tools they've
implemented. A perfect example of this lies in the Xfce4
implementation. Yes, it ships on the disks with the rest of Fedora
Core 2. But it doesn't have any of the menu customizations that
give easy access to the administrative tools. They're not hard to
discover independently, by looking into the menus for KDE or GNOME,
but you're on your own.
Other distributions like Debian and Gentoo are much more
desktop-agnostic than the big commercial distributions. There, it's
easy to install so many desktops, window managers, IDEs and things
to work with them, that it is hard to get any work done at all if
you're not careful. While it is relatively easy and fun to
experiment with adding desktops and associated utilities, it's
important to remember that you're working with a tool for getting a
job done. It doesn't matter what the paint job on the delivery van
looks like each day: If four hours of each day is spent repainting
part of the van, then it's not out making money or doing anything
productive during that time. Balance is important. Experiment for
yourself, make a decision, and stick to it... for a while, at
least!
Brian is a SysAdmin and Author, occasionally human, and a recent convert
to the Church of TAG.
Brian Bilbrey is thoroughly Californicated, being the third generation
born in that state of unreality in 1961. The Kennedy assasination rumors
aren't true - there was no stroller on the grassy knoll that fateful day,
and besides, he was in a completely different time zone. Growing up in the
San Francisco Bay Area, Brian became a voracious reader, as well as a Star
Trek and Monty Python fan. He first got into programming with an early TI
calculater. His first "real" computer was an IMSAI 8080, although he was
never able to contact WOPR in Cheyenne Mountain with it.
After a checkered career in college (mostly at the lovely yet dangerous
UC Santa Cruz campus), Brian started working in assorted technical fields,
and gravitated naturally into Systems Administration and other
computer-assisted fields such as CAD and CAE. He and his spice, Marcia,
committed a rightward move in 2002, landing in Bowie, Maryland, just
outside the Washington DC beltway. His current employment is at
(nfr)(security) as SysAdmin for a collection of Linux, OpenBSD and Windows
boxen.
Brian has been using Linux since early Yggdrasil days. He
currently runs Gentoo Linux on his main home workstation, Xandros Linux on
the laptop, Debian Linux on the home file server, White Box Enterprise
Linux on the backup server, and OpenBSD on the test hardware. That isn't
obsessive, is it?
Preparing For My Interviews Part 1: MySQL and Perl
I got laid off, so I am doing a couple of things to ready myself for interviews:
A lot of Perl interviews involve questions about multiple inheritance.
Even though nobody ever uses multiple inheritance, interviewers always like
to ask questions about it. Thus, I decided to make a module to answer any
and all questions about multiple inheritance for a given class in Perl. If
anybody asks me questions about multiple inheritance, I will just show them
the Perl module I wrote. This Perl module will probably be called
Class::Inheritance if it gets accepted into CPAN. I already started the
process for it.
I needed a quick script to play my mp3s in random order.
I am studying for the MySQL Professional Certification, so I decided
to do two things regarding the exam:
Make a bash script to install MySQL over and over again. In the future,
all I have to do is just change the version number and the script should
install new versions automatically. I always like to download and install
software instead of using RPMs; I want to know how they built the stuff.
Write a Python script to execute a bunch of commands that represent
similar things to the ones asked during the MySQL Professional Exam. This helps
me to remember the commands, and hopefully will give other people a good
idea of the type of commands they need to practice to learn MySQL.
Thus, this article is centered around my experience studying for
MySQL certification and what I did to help me out during Perl interviews.
(UPDATE: I ended up passing the MySQL Professional Exam. The examples I made
really helped out a lot. Also, I ended up placing my
Class::Inheritance
module in
CPAN under the
06_Data_Type_Utilities/Class
category. It's somewhat crude, but it's a good start. I plan on redoing
it completely because of some ugly code.)
Multiple Inheritance module Class::Inheritance
After going through a few interviews, I decided to write a module to answer
any and all questions about multiple inheritance given a class and method.
If someone asks me anything about multiple inheritance, I will just
show them the module I wrote for CPAN. This module probably has very little
use outside of interviews; however, I do plan on adding a bunch of methods
to the module to make it so you can debug multiple inheritance issues
easily and maybe even manipulate the inheritance environment.
This module is just in its baby stages. In the future, it should be at
http://cpan.perl.com.
How does multiple inheritance work in Perl? Well, when you use inheritance
in Perl, you need to create a package. A package is more a less a bunch of
functions put together to form a "class" (or multiple classes).
A class is more or less a name for a bunch of functions (and sometimes
variables). Your class is what is used to create objects in Perl.
So what is inheritance? Let's say you create a package called "package1"
and it has a bunch of functions (methods). You want your second
package "package2" to have all the functions of the first package but
you don't want to rewrite them all. When you use inheritance, that is exactly
what you do: you grab all the functions (methods) from the first package
and absorb them into the second package without having to rewrite the
functions. You do this by specifying the name of the first package in the
"@ISA" array.
So what is multiple inheritance? Well, it's what you get when you get your
functions from more than one package.
So when you inherit the functions (methods) from multiple packages, how
does Perl choose the method if there's more than one with the same name? It
grabs the function (method) from the first package in the "@ISA" list which
has that function and stops there. Thus, how you list your packages in the
"@ISA" list will determine which packages get looked at first to find a
function.
By the way, what is a method? A function that is part of a class.
Where is this @ISA thingy defined? It is defined in each package. Each
package has its own @ISA list. It is effectively empty if you don't do
anything to it. If you define it to contain any number of package names,
your package will inherit methods from those packages.
If I have a huge chain of packages inheriting from one another, will the
last package get all the functions (methods) from its parents, grandparents,
great grandparents, etc? Yes, but it will "climb" up the family tree and stop
at the first relative that has the function (method).
For the files listed below, we have two chains relative to package
"package6". Package6 contains two packages it inherits from: package5 and
package5_2. Each of these packages inherits from package4, which inherits
from package3, which inherits from package2, which inherits from package1,
which inherits from CGI.
The whole goal of the script "Inherit_Test.pl" is to show the
family tree of the package "package6" and to show where package6 gets the
method "param" from. You can modify it to suit your own needs.
Download all the files below and then execute
"perl Inherit_Test.pl package6 param". You can change "package6" to any
package name and you can change "param" to any function name. It will
error out properly if no package or function exists.
The expected results for "perl Inherit_Test.pl package4 param":
We assume the filename for the package is in 'package4.pm'. Looking at the
function (method) 'param' in class 'package4', we learn that function
'param' comes from class 'CGI'.
Parent Tree is: package3 package2 package1 CGI
Original sources (defined) for 'param' are: CGI
The expected results for "perl Inherit_Test.pl package6 param":
We assume the filename for the package is in 'package6.pm'.
Looking at function (method) 'param' in class 'package6'.
Function 'param' comes from the class 'package5'.
Parent Tree is: package5 package4 package3 package2 package1 CGI package5_2 package4 package3 package2 package1 CGI
Original sources (defined) for 'param' are: package5 CGI package5_2 CGI
A quick Python script to play my mp3's for Real Player
I only wrote this script because my website, http://myopenradio.com, got moved to a
much better computer and rather than figuring out if the website was
working, I just wanted to make a quick Python script which would let me play
my mp3s in a random order. The file "/usr/local/RealPlayer8/realplay.bat"
does two things:
Executes my Python script to create a "/tmp/temp1.smil" file which is
a listing of my mp3s in a order random order.
Then it executes RealPlayer and points it to that file.
This script shows you how to use regular expressions, how to get a list
of files in a directory, how to filter the list of files using the
regular expression, and how to loop through a list in a random order.
Also, you could combine it with known URLs of NPR radio shows or other
media streams and mix them in with your mp3s; that's how you can create
your own radio. Your radio could play a list of songs, then some shows,
and then more songs, etc. Perhaps, if you can stream it legally to customers,
you could include ads.
# NEW FILE:
### Save this as /usr/local/RealPlayer8/realplay.bat
/usr/local/RealPlayer8/realplay.py
/usr/local/RealPlayer8/realplay /tmp/temp1.smil
There are two different levels of MySQL Certification. The Core certification
covers general SQL and as well as MySQL specific stuff. For a senior
DB person, it doesn't take much studying to pass. However, for the MySQL
Professional Certification, you really do want to study all the commands,
even the ones that you will never use, because the exam is going to cover
them. Studying for the exam gives you a nice overview of MySQL and makes
you take notice of stuff you would never have bothered with.
Getting MySQL-certified now is good because there aren't that many people
listed. After you pass an exam, it might take a couple of weeks before you
get publicly listed. After you pass your exam, you need to log in and let
people view which exams you have passed.
You
find the list of the MySQL Professionals here.
Preparation for the Advanced MySQL Certification
I highly recommend you get the study guide from MySQL Press; it's a
good book. Usually certification books contain a lot of garbage, but this
one is actually very useful (in my opinion).
After you have passed the Core Certification and you are ready for the
Professional Certification, you should execute the scripts I list below.
The "Compile_MySQL.bat" script is just a bash script. It will blow away any
previous installation in case you want to run the script multiple times.
The "Post_Mysql.py" script will create a log of all the commands it executes
so that you can go back and do them one-by-one on your own. It would take
too long to explain what each command does, so I strongly advise you to
read the online
MySQL Documentation or the study guide
to understand what each command does.
Installing MySQL 4.1
The purpose of this script is to show you how you can install MySQL
easily. Basically, in the future, all you have to do is change some of the
"export" variables in the script when a new version of MySQL comes out,
and it should install the new versions just fine. A similar approach
can actually be taken to install any piece of software, like Apache, Perl,
Python, Zope, etc. I usually make an installation script, and later when I
need to upgrade, I backup all my data and software, modify the script
slightly, and then execute it. Often, if you don't write down all your
commands as a script, it becomes very painful to figure out how you
installed the software last time.
The script should execute as long as you don't have any missing software.
First, download the 3 config
files and then download this script. Execute the script as follows:
bash Compile_MySQL.bat
My Python script to execute sample code for Certification
The purpose of this script to execute commands after a fresh installation
to test a list of MySQL commands for the MySQL Professional Exam.
I really didn't explain each command, but it's all clarified in the
Study Guide and the online documentation I've recommended above.
This script will alter the MySQL environment. It will run a series of example
commands and restart the MySQL service which will require you to use the
new passwords when you try and connect to MySQL in the future. I suggest
you change the passwords for all accounts after you get done with this
script.
After you run this script, you can connect as:
mysql -u root -p'this is a dumb password, please change.'
Execute as follows:
python Post_Mysql.py /usr/local/mysql4.1
Next Month: Clustering, Master/Slave, Stored Procedures in MySQL
Title says is all, except for the fact I will be using MySQL 5.0 to test
the stored procedures.
Conclusion
Class::Inheritance is a pretty cool module (please visit CPAN for the
latest version.) The one listed for this article was just a primer I used
to get myself started. By the time I got finished with this article, I
added a lot more stuff and fixed a few bugs. I am still unhappy with the
module and think there is a lot of work to do to make it more accurate and
efficient. If you study the module and figure out how it works, you are
set for any multiple inheritance question an interviewer will throw at you.
I plan on adding a lot more methods to the module to do a bunch of more
stuff.
About the Python script to play mp3s, I hope this little script helps
people understand how to use Python. Python is a very cool programming
language and is my language of choice. It has a lot of potential.
About the MySQL scripts: I probably should have explained the MySQL
commands a little bit more in detail, but if you buy the book or read the
online documentation, you should be able to understand it. If you manage to
execute my scripts correctly, look at the log files in the Output directory
from where you run the Post_Mysql.py script. It should have a couple of
files with all the commands it executed so that you can go through them one
by one. Ideally, you should execute the commands one by one and see what
they do. You should also follow along in the study guide for MySQL (MySQL
Press) as you do so.
Mark Nielsen was enjoying his work at cnet.com as a MySQL DBA, but
is moving to Google as a MySQL DBA.
During his spare time, he uses Python heavily for mathematical and web
projects.
It is commonly known that netfilter/iptables is the firewall of the
Linux operating system. What is not commonly known is that iptables
has many hidden gems that can allow you do things with your
firewall that you might never have even imagined. In this article I
am going to introduce many of these features with some practical
uses. If you are not au fait with the basics of iptables
then you should read my previous article in the Gazette, "Firewalling with netfilter/iptables".
The following features are discussed:
Specifying multiple ports in one rule
Load balancing
Restricting the number of connections
Maintaining a list of recent connections to match against
Matching against a string in a packet's data payload
Time-based rules
Setting transfer quotas
Packet matching based on TTL values
All of the features discussed in this article are extensions to
the packet matching modules of iptables. I used only two of these
extensions in the previous article: the --state module
which allowed us to filter packets based on whether they were
NEW, ESTABLISHED, RELATED or
INVALID connections; and the multiport
extension, of which I will go into more detail on in this
article.
Some of the modules introduced in this article (marked with an
asterisk) have not made their way into the default Linux kernel yet
but a netfilter utility called "patch-o-matic" can be used to add
them to your own kernel and this will be discussed at the end of
the article.
1. Specifying Multiple Ports with multiport
The multiport module allows one to specify a number of
different ports in one rule. This allows for fewer rules and easier
maintenance of iptables configuration files. For example, if we
wanted to allow global access to the SMTP, HTTP, HTTPS and SSH
ports on our server we would normally use something like the
following:
-A INPUT -i eth0 -p tcp -m state --state NEW --dport ssh -j ACCEPT
-A INPUT -i eth0 -p tcp -m state --state NEW --dport smtp -j ACCEPT
-A INPUT -i eth0 -p tcp -m state --state NEW --dport http -j ACCEPT
-A INPUT -i eth0 -p tcp -m state --state NEW --dport https -j ACCEPT
Using the multiport matching module, we can now write:
-A INPUT -i eth0 -p tcp -m state --state NEW -m multiport --dports ssh,smtp,http,https -j ACCEPT
It must be used in conjunction with either -p tcp or
-p udp and only up to 15 ports may be specified. The
supported options are:
--sports port[,port,port...]
matches source port(s)
--dports port[,port,port...]
matches destination port(s)
--ports port[,port,port...]
matches both source and destination port(s)
mport* is another similar extension that
also allows you to specify port ranges, e.g. --dport
22,80,6000:6100.
2. Load Balancing with random* or
nth*
Both the random and nth extensions can be
used for load balancing. If, for example, you wished to balance
incoming web traffic between four mirrored web servers then you
could add either of the following rule sets to your
nat table:
-A PREROUTING -i eth0 -p tcp --dport 80 -m state --state NEW -m nth --counter 0 --every 4 --packet 0 \
-j DNAT --to-destination 192.168.0.5:80
-A PREROUTING -i eth0 -p tcp --dport 80 -m state --state NEW -m nth --counter 0 --every 4 --packet 1 \
-j DNAT --to-destination 192.168.0.6:80
-A PREROUTING -i eth0 -p tcp --dport 80 -m state --state NEW -m nth --counter 0 --every 4 --packet 2 \
-j DNAT --to-destination 192.168.0.7:80
-A PREROUTING -i eth0 -p tcp --dport 80 -m state --state NEW -m nth --counter 0 --every 4 --packet 3 \
-j DNAT --to-destination 192.168.0.8:80
or:
-A PREROUTING -i eth0 -p tcp --dport 80 -m state --state NEW -m random --average 25 \
-j DNAT --to-destination 192.168.0.5:80
-A PREROUTING -i eth0 -p tcp --dport 80 -m state --state NEW -m random --average 25 \
-j DNAT --to-destination 192.168.0.6:80
-A PREROUTING -i eth0 -p tcp --dport 80 -m state --state NEW -m random --average 25 \
-j DNAT --to-destination 192.168.0.7:80
-A PREROUTING -i eth0 -p tcp --dport 80 -m state --state NEW \
-j DNAT --to-destination 192.168.0.8:80
The nth matching extension allows you to match the nth
packet received by the rule. There are up to 16 (0...15) counters
for matching the nth packets. The above four (nth)
rules use counter 0 to count every 4th packet. Once the 4th packet
is received, the counter is reset to zero. The first rule matches
the 1st packet (--packet 0) of every four counted, the
second rule matches the 2nd packet (--packet 0), and
so on.
The random matching extension allows you to match
packets based on a given probability. The first rule from the set
of random rules above matches 25% (--average
25) of the TCP connections to port 80 and redirects these to
the first mirrored web server. Of the 75% of connections not
matching on the first rule, 25% will match the second and a further
25% will match the third. The remaining 25% will be caught by the
fourth rule.
Another use of the random extension would be to
simulate a faulty network connection to evaluate the performance of
networking hardware/software, etc.
3. Restricting the Number of Connections with
limit and iplimit*
The limit matching extension can be used to limit the
number of times a rule matches in a given time period while the
iplimit extension can restrict the number of parallel
TCP connections from a particular host or network. These extensions
can be used for a variety of purposes:
to protect against DOS (denial of service) attacks such as
preventing a flood of HTTP requests to your web server while
ensuring all your customers have unlimited access;
to prevent a brute-force attack to guess passwords;
to limit Internet usage by staff during working hours;
and many many more.
Let's take the case where we want to limit the Internet usage of
our employees during working hours. We could use a rule like:
-A FORWARD -m state --state NEW -p tcp -m multiport --dport http,https -o eth0 -i eth1 \
-m limit --limit 50/hour --limit-burst 5 -j ACCEPT
This rule assumes that we are acting as a proxy server where the
external connection is via eth0 and eth1
connects to our office network. The rule limits all of our internal
computers to only 50 new HTTP or HTTPS connections per hour and the
use of --limit-burst prevents any one employee from
using up all 50 in one go. Packets can be matched
/day, /hour, /minute or
/sec.
The --limit-burst parameter can be quite confusing
at first. In the above example, it will ensure that if all
employees are trying to access the Internet throughout the hour
then only 5 connections are made every 5 minutes. If 30 minutes
pass with no connections and then there is a sudden rush for the
remaining 30 minutes, only 5 connections will be permitted every
2.5 minutes. I once heard it explained as follows:
For everylimitrule, there's
a "bucket" containing "tokens". Whenever the rule matches, a token
is removed and when the token count reaches zero, the rule doesn't
match anymore.
--limitis the bucket refill rate. --limit-burstis the bucket size (number of tokens
that it can hold).
The iplimit extension allows us to restrict the
number of parallel TCP connections from a particular host or
network. If, for example, we wanted to limit the number of HTTP
connections made by any single IP address to 5 we could use:
-A INPUT -p tcp -m state --state NEW --dport http -m iplimit --iplimit-above 5 -j DROP
4. Maintaining a List of recent Connections to
Match Against
By using the recent extension one can dynamically
create a list of IP addresses that match a rule and then match
against these IPs in different ways later. One possible use would
be to create a "temporary" bad-guy list by detecting possible port
scans and to then DROP all other connections from the
same source for a given period of time
Port 139 is one of the most dangerous ports for Microsoft
Windows® users as it is through this port that the Windows file
and print sharing service runs. This also makes this port one of
the first scanned by many port scanners or potential hackers and a
target for many of the worms around today. We can use the
recent matching extension to temporarily block any IP
from connecting with our machine that scans this port as
follows:
-A FORWARD -m recent --name portscan --rcheck --seconds 300 -j DROP
-A FORWARD -p tcp -i eth0 --dport 139 -m recent --name portscan --set -j DROP
Now anyone trying to connect to port 139 on our firewall will have
all of their packets dropped until 300 seconds has passed. The
supported options include:
--name name
The name of the list to store the IP in or check it against. If
no name is given then DEFAULT will be used
--set
This will add the source address of the packet to the list. If
the source address is already in the list, this will update the
existing entry.
--rcheck
This will check if the source address of the packet is
currently in the list.
--update
This will check if the source address of the packet is
currently in the list. If it is then that entry will be updated and
the rule will return true.
--remove
This will check if the source address of the packet is
currently in the list and if so that address will be removed from
the list and the rule will return true.
--seconds seconds
This option must be used in conjunction with one of
--rcheck or --update. When used, this
will narrow the match to only happen when the address is in the
list and was seen within the last given number of seconds.
--hitcount hits
This option must be used in conjunction with one of
--rcheck or --update. When used, this
will narrow the match to only happen when the address is in the
list and packets had been received greater than or equal to the
given value. This option may be used along with `seconds' to create
an even narrower match requiring a certain
Linux and Oracle
Automatically selecting matched lines.
Greetings from Heather Stern
[Tim]
I don't think Vim supports disjoint selecting like what I
understand you want to do...in a single pass. However, each
disjoint piece can be passed to your external program if you
want. Perhaps something like:
DMCA ![[Picture]](../gx/2002/tagbio/conry.jpg)
Originally hailing from Ireland, Michael is currently living in Baden,
Switzerland. There he works with ABB Corporate Research as a
Marie-Curie fellow, developing software for the simulation and design
of electrical power-systems equipment.
Brian is a SysAdmin and Author, occasionally human, and a recent convert
to the Church of TAG.
![[BIO]](../gx/2002/note.png)
Mark Nielsen was enjoying his work at cnet.com as a MySQL DBA, but
is moving to Google as a MySQL DBA.
During his spare time, he uses Python heavily for mathematical and web
projects.