linux magazine uk 009

INTROCOMMENT

9 · 2001 LINUX MAGAZINE 3

General ContactsGeneral Enquiries 01625 855169Fax 01625 855071

www.linux-magazine.co.ukSubscriptions [email protected] Enquiries [email protected] [email protected]

Editor John [email protected]

CD Editor Richard [email protected]

Staff Writers Keir Thomas, Dave Cusick ,Martyn Carroll

Contributors Alison Davis, Richard Ibbotson,Luke Leighton, Colin Murphy,Alison Raouf, Richard Smedley

International Editors Harald [email protected] [email protected] [email protected]

International Contributors Simon Budig, Mirko Dölle,Albert Flugel, Björn Ganslandt,Georg Greve, SebastianGunther, Pablo Gussmann,Andreas Huchler, Patricia Jung,Oliver Kluge, Lars Martin, JoMoskalewski, Christian Perle,Thomas Ruge, RonaldSchaffhirt, Fabian Schmidt, TimSchürmann, VolkerSchwaberow, Stefanie Teufel,Christian Wagenknecht

Design Renate Ettenberger vero-design,Tym Leckey

Production Bernadette Taylor, Stefanie Huber

Operations Manager Pam Shore

Advertising 01625 855169Carl Jackson Sales [email protected]üro [email protected]

PublishingPublishing Director Robin Wilkinson

[email protected]

Subscriptions and back issues01625 850565

Annual Subscription Rate(12 issues) UK: £44.91. Europe (inc Eire) :£73.88 Rest the World: £85.52Back issues (UK) £6.25

Distributors COMAG, Tavistock Road, WestDrayton, Middlesex England UB7 7QE

Print R. Oldenbourg

Linux Magazine is published monthly by Linux New Media UKLtd, Europa House, Adlington Park, Macclesfield, Cheshire,England, SK10 4NP. Company registered in England.

Copyright and Trademarks (c) 2000 Linux New Media UK Ltd

No material may be reproduced in any form whatsoever in wholeor in part without the written permission of the publishers. It isassumed that all correspondence sent, for example, letters, e-mails,faxes, photographs, articles, drawings, are supplied for publicationor license to third parties on a non-exclusive worldwide basis byLinux New Media unless otherwise stated in writing.

ISSN 14715678

Linux is a trademark of Linus Torvalds

Linux New Media UK Ltd is a division of Linux New Media AG,Munich, Germany

DisclaimerWhilst every care has been taken in the content of the magazine, thepublishers cannot be held responsible for the accuracy of theinformation contained within it or any consequences arising from theuse of it. The use of the CD provided with the magazine or anymaterial providied on it is at your own risk. The CD is comprehensivelychecked for any viruses or errors before reproduction.

Technical SupportReaders can write in with technical queries which may beanswered in the magazine in a future issue, however LinuxMagazine is unable to directly provide technical help or supportservices either written or verbal.

We pride ourselves on the origins of our magazinewhich come from the very start of the Linuxrevolution. We have been involved with Linux

market for six years now through our sister European-based titles Linux Magazine (aimed atprofessionals) and Linux User (for hobbyists), and through seminars, conferences and events.

By purchasing this magazine you are joining an information network that enjoys the benefit ofall the knowledge and technical expertise of all the major Linux professionals and enthusiasts. Noother UK Linux magazine can offer that pedigree or such close links with the Linux Community.We're not simply reporting on the Linux and open source movement - we're part of it.

CURRENT ISSUES

DISTROFEVERThis month sees the release of a variety ofnew Linux distributions, some of which wereview in this issue. These releases have, ofcourse, been precipitated by the recentrelease of the 2.4 kernel. Each newdistribution builds on the one before it and isbetter than the last, with advances beingmade either in ease of use or in functionality.The promise of added functionality naturallynecessitates an upgrade — but whichupgrade to choose and how to manage it?

If I remain with one distribution I gain thebenefit of being very familiar with it —anticipating its shortfalls and fully exploitingits strengths. Sticking with one boxset wouldfree me from the constant race to keep upwith new developments — with so manydistributions coming out I would need toinstall almost daily to keep up with everyinnovation and so would lose productivity.Also, my day job allows me to use Linuxexclusively and so I need a stable system.

On the other hand, I wouldn’t like to missout when other distributions race ahead.Sticking with one system may mean that thevirtues of another’s tools pass me by andchanging between distributions has theadvantage that I am always up to date.

Fortunately, I can resolve this dilemma quiteeasily: With development systems at home, anda stable system at work, I am lucky enough tobe able to run many environments and so cantry out differing distributions as and when theyare launched. This odd arrangement means Ican keep up to date with what is new and onlychange my work machines when finally Icannot manage without that must-have utility.

Eventually, most distributions seem tomerge. Although they all have their ownnuances, their collective similarities ultimatelyoutweigh individual differences. SuSE has itsYaST configure system, Debian its packageapt-get tool and Mandrake its drake tools. Allgood. All worth having. All missed when onanother machine — but equally allcircumvented on other systems. It leaves mewanting a combination of everything and so,like most other users of Linux, I add packagesand modify files until the system ends up asthe hybrid I require. Another user may love orloathe my systems — but they’re my systems,and so, my choice.

This exercise left me thinking just howmany distributions are available. WovenGoods for Linux lists some 71 distributions.However if we count differing systems ratherthan distributions then, as everyoneconfigures there own machine, there could besaid to be at least 175858 distributions. Whythis figure? Well, this is the most conservativefigure based on the number of people whohave registered on the Linux counter(http://counter.li.org). Although not everyonewho is registered is still using Linux, a farhigher number are not registered who do useLinux. The site estimates up to a hundredfoldfactor for each country, giving England some685,400 active Linux users. Quite acommunity. Now if only I can find someone tofinish off the vCard standards...

John Southern, Editor

003welcome.qxd• 08.05.2001 8:54 Uhr Seite 3

NEWS

6 LINUX MAGAZINE 9 · 2001

As part of their E-Business Infrastructure (EBI)initiative, which aims to help businesses inimplementing, extending and maintaining complexe-business infrastructures, Compaq and Oraclehave announced plans to deliver infrastructuresolutions for the Oracle9i platform. These willinclude consulting services and support.

Michael Rocha, Senior Vice-President of thePlatform Technologies Division at Oracle said,”This joint initiative and resulting configurationshelp decrease the time, cost and resourcescustomers spend deploying and managing theircomputing infrastructure, while providing foroptimal e-business functionality. We’veextended our relationship with Compaq to offerassurances that together we will provide thecomplete set of Internet application services

provided by Oracle9i, including clustering, datamanagement, portal, wireless, and cachingservices optimised for Compaq servers.”

Mike Winkler, Executive Vice-President,Global Business Units at Compaq added, ”Manycompanies urgently need to Web-enable theirenvironments to become nimble and flexible indecision making and to remove the costs of thedevelopment and maintenance of e-businessinfrastructure. Two industry leaders have joinedforces to offer engineered, integrated andtested solutions for the most demanding e-business environments.”

At the same time, Compaq and Oracleannounced a reference configuration for clusteredsolutions. It is planned as the first in a series of jointreference configurations from both companies. ■

Compaq and Oracle mean business

Locked in LinuxOpen Source security companyGuardian Digital has announcedInternet security solution, EnGardeSecure Linux. EnGarde offers a suite of

Open Source tools that providebusinesses with a foundation for

building a secure online presence. Featuresinclude intrusion detection capabilities and

improved authentication and access controlmethods, as well as strong cryptography, and SSLsecure Web-based administration capabilities. Thesolution can manage thousands of email and DNSdomains and offers a suite of e-businessapplications based on AllCommerce.

Benjamin D. Thomas, EnGarde Secure Linuxproduct manager said, ”The ability to quickly andsecurely generate e-commerce storefronts andvirtual websites, as well as manage email and DNSservices for an entire organization, is a verypowerful feature for our customers.” ■

Vmware to run underNetBSDWasabi Systems has enabled its VMwareemulation software package for running underNetBSD. VMware enables users of the i386platform to run a guest operating system within avirtual machine based on another operatingsystem, so, for example, NetBSD users could runWindows on a Linux-based system. Perry Metzger,Chief Executive of Wasabi Systems said, ”WasabiSystems created the VMware compatibilitypackage because we feel VMware is a valuabletool for the NetBSD community. Unfortunately, wewere forced to do it without assistance fromVMware Inc, so we can’t offer a natively compiled,packaged and supported version. Luckily, NetBSDhas the ability to run Linux binaries, and so byporting the Linux kernel modules supplied byVMware it was possible to make VMware rununder NetBSD.” Metzger also expressed his hopethat someday VMware would ”recognise the sizeof the BSD marketplace and choose to cooperateon making a native, supported version of thesoftware available.” Frank van der Linden, a seniordeveloper at Wasabi Systems, commented:”Having the option to run a different operatingsystem on NetBSD without having to restart theone that you are currently using is a powerfulfeature. For example, it makes running Windowsapplications easy – you just start up a completeWindows session using VMware. I have put thisfeature to good use myself already on a regularbasis, and am happy to provide it to the NetBSDcommunity.” Wasabi was founded by members ofthe NetBSD project. ■

Data visualisation, numerical analysis andEnterprise software solutions providerVisual Numerics has released the latestversion of its JWAVE client/server solution.JWAVE 3.5 aims to increase the productivityof JWAVE developers with support for JavaServer Pages and advanced graphicsfeatures. JWAVE uses Sun Microsystems’Java components to develop applications

and deploy them throughout the enterpriseacross the Internet or an intranet. MargaretJourney, the JWAVE product manager atVisual Numerics commented: ”The bigpicture benefit of JWAVE 3.5’s JSP supportis that it will now be even easier for JWAVEdevelopers to build Web-based applicationsthat help their end-users solve complex problems.” ■

JWAVE 3.5 released

006news.qxd• 08.05.2001 14:38 Uhr Seite 6

NEWS


Streaming is freeOpen source community SurePlayer.org has

announced the release of its nonproprietary,MPEG-1, Java-based, audio and video player. Theplayer is available under the GNU General PublicLicense. Sureplayer is offering its source code andsample video demos for download at its website.

Alan Blount, driving force of the SurePlayer.orginitiative, said: ”The goal of SurePlayer.org is tobuild a streaming video player that works on 96%of all browsers. The player is the first non-proprietary, open-source video player that playsdirectly out of a Web page without a download orinstallation.” Jon Orwant, Chief Technical Officerof O’Reilly & Associates, commented, ”SurePlayerhas the potential to be the most widely deployedvideo player on the Internet. Finally, users canwatch video in their Web browsers as easily as theycan read text. It’s about time.” ■

InfoThe player and source code are available at:http://www.sureplayer.org/resources.html

■

AlphaServer all kitted upCompaq is offering Linux developers an AdvancedDeveloper’s Kit (ADK) for use with its AlphaServerGS Series systems. The ADK follows the recent portof Linux to the AlphaServer GS series and providesdocumentation and software, including the toolsand patches required for running the Linux 2.4kernel with either SuSE 7.0 or Red Hat 7.0 onAlphaServer GS systems. Rick Frazier, Vice-Presidentof Marketing for Compaq’s Business Critical ServerGroup said, ”With its strengths in handling data-intensive and other high-performance applications,Linux is gaining increased acceptance in theenterprise. With the ADK, we are responding torequests from customers who want to evaluateLinux on a high-end multi-processor configurationor run Linux applications in a mixed environmentwith our Tru64 UNIX operating system.”

Dirk Hohndel, Chief Technology Officer at SuSELinux AG said, ”SuSE and Compaq are workingtogether in many areas to move Linux more into thehigh end of computing. Among the highlights inthis cooperation is our work on support for theNUMA architecture, as well as improvements to thescheduler and other key kernel components tomake it better utilize the enormous potential of theAlphaServer GS systems. Having the ADK availableenables us and our customers to implement Linux-based solutions for their high-end computingneeds.” The ADK is available for download athttp://www.support.compaq.com/alpha-tools. ■

New tricks forYellow DogTerra Soft Solutions, a developer of Linux solutionsfor PowerPC microprocessors, is to bundle LXP,Command Prompt’s PostgreSQL application serverwith the latest release of its Yellow Dog Linuxsoftware. The LXP application server features a suiteof services to help Linux Web developers to createdynamic, easy-to-manage websites. Featuresinclude direct fallback to the PHP language,persistent query execution, data parsing, and XMLand content management. Kai Staats, ChiefExecutive of Terra Soft Solutions said, ”In additionto the nearly complete YDL 2.0 book, we arepleased to expand the function of Yellow Dog Linuxwith Command Prompt’s quality product. While it isour goal to take YDL 2.0 into the hands of thosenewer to Linux, LXP adds to the server anddevelopment OS foundation we have built withChampion Server.” Joshua Drake, Co-Founder ofCommand Prompt, added, ”Terra Soft SolutionsYDL 2.0 is an exceptional distribution that will helpincrease the viability of Linux and LXP. It is ourpleasure to include our LXP application server withtheir distribution.”

Infowww.linuxports.com

■

New BlueCat out of the bagOpen source and true real-time embeddedsolutions provider LynuxWorks has announced thelatest release of BlueCat Linux featuring MIPSsupport. BlueCat Linux 3.1 features tool-chainsspecifically for the MIPS R3000 and R4000microprocessors. These simplify the embeddingprocess to help reduce time to market. LynuxWorkssees the addition of MIPS support as another steptowards the next generation smart devices,communications and consumer products marketsfor its operating system, as MIPS suppliesmicroprocessors for those markets.

Other architectures supported by LynuxWorksinclude Intel Pentium, Xscale and x86 compatibles,ARM family (including Thumb extensions),StrongARM, PowerPC (including PowerQUICC) andHitachi SuperH. Doug Agnew, Product Manager atLynuxWorks said, ”LynuxWorks’ support for theMIPS architecture is a critical component of ourLinux strategy. Deployment of Linux-basednetworked devices and digital consumer appliancesis exploding and BlueCat Linux gives developers theperfect choice of OS, tools, and now the broadestarchitecture support, for developing the next waveof breakthrough applications.” ■


NEWS


Kompany codingTheKompany.com has released its C++ GUI IDE, KDEStudio Gold Beta 3. The release offers codecompletion, dynamic syntax highlighting and pop-upfunction parameter look-up, as well as new featuresand additions requested by users, including simplifieddebugging and documentation.

Developers are not limited to KDE projects, as therelease can also handle custom projects (in which nomakefiles are generated, instead everything is basedon Autoconf/Automake), as well as console, X11 andTrolltech’s Qt Designer. It also enables developers toimport projects from directory structure.

New features include code folding, a highlightengine enabling developers to modify and addcustom highlight by editing the XML file and pluginsfor class diagram, as well as quick project file creationusing the existing directory structure.

Infohttp://www.thekompany.com/products/ksg/

■

Egenera’s cutting edgeInternet infrastructure solution provider Egenera has

unveiled its soon-to-be-released Internet datacentre solution. The Egenera BladeFrameSystem supports up to 96 high-end Intelprocessors, which can be deployed entirelythrough software. The system features a24x30x84in chassis with 24 two-way and/or

four-way SMP processing resources(Egenera Processing Blade), redundantcentral controllers (Egenera Control

Blade), redundant integrated switches(Egenera Switch Blade) and a redundant

interconnect mechanism (Egenera BladePlane).BladeFrame combines with the Egenera

Processing Area Network Architecture, whichconsolidates and simplifies the allocation andmanagement of computing power, to adjustprocessing while the machine is running, as well as

to support new applications or accommodatevariable demand on existing applications. VernBrownell, Chief Executive Officer at Egenera saidthat during his years as Chief Technology Officer atGoldman Sachs, the company’s use of technologyas a key business driver grew considerably and thatthis meant that the agility and performance of datacentres became increasingly mission critical. Hecommented, ”In our efforts to reduce applicationtime to market, ensure availability and becomemore flexible, server deployment was a primaryhurdle. Realising that nothing short of a totally newprocessing architecture could solve the problems mymanagers and system administrators routinelyencountered, I founded Egenera. We believe thatour comprehensive approach to improving the datacentre will resonate with customers and find favourin the marketplace.” ■

Until 30 June 2001, SGI and Platform computing areoffering savings of up to £17,000 to businesses whobuy the new SGI EDA Technical Compute Farm forLinux. The solution is based on SGI’s 1100 server with32 1 GHz Pentium III processors. It has a 2GB memoryper node and a Cisco Catalyst 3524-PWR XL GigabitEthernet switch, providing efficient job distributionand data access for all nodes. The package alsoincludes Red Hat Linux 6.2 and SGI managementtool, Advanced Cluster Environment (ACE).

Phil Weaver, President and Chief OperatingOfficer of Platform Computing said, ”SGI has

embraced Linux to a degree unmatched by othertraditional UNIX operating system vendors. Itdelivers comprehensive, cutting-edge solutions forLinux and is a solid contributor to the open-sourcecommunity. Using Platform LSF to managedistributed resources, the SGI EDA TechnicalCompute Farm for Linux offers a total solution withvery attractive price/performance characteristics.”

The list price for the solution starts at £113,000for 32 CPUs. However, until the end of June, EDAusers can save up to £17,000 per rack when theybuy EDA Technical Compute Farm for Linux. ■

Farm offers savings harvest



New LynuxWorksEnvironmentLynuxWorks has announced its CodeWarriorIntegrated Development Environment (IDE) Editionaimed at developers working in Linux and Solarisenvironments to deploy on LynxOS and BlueCatLinux targets.

CodeWarrior combines an editor, codebrowser, compiler, linker, and debugger in oneapplication, all accessed within a Graphical UserInterface (GUI.) Greg Rose, director of productmanagement for LynuxWorks said, ”DevelopmentTools will help our customers speed the productdevelopment phase and introduction of their newproducts to market. Additionally, this CodeWarriorIDE announcement is the first of a series of newannouncements we will be making in 2001 underour new LynuxWorks expanded tools initiative.” ■

Bynari’s insightTexas-based open standards software developerBynari has announced its new Insight line ofmessaging and collaboration products, claimingthat the Insight tools will allow Linux and UNIXdesktops within an enterprise to work withmessaging products such as Microsoft Outlookand Lotus Notes. Previous releases of Bynari’sLinux-based messaging and collaboration clientapplication had to access Windows messagingcomponents across a Windows NT Server proxy tointeroperate with Outlook. The new Insight clientworks directly with Outlook without requiring aproxy. Bynari Chief Executive Mike O’Dell said,”This breakthrough opens up a world of newopportunities for integrating the Linux and UNIXdesktop user community into the Windows-centricenterprise. Insight provides the capability to simplyand cost effectively upgrade a company’s Linuxand UNIX users with an easy-to-use, integratedapplication that interoperates with Outlook andprovides Internet standards-based email, IMAPshared files and folders, LDAP global addressbooks, scheduling and calendar managementfunctions.” At the same time Bynari announced itsInsight client-server solution. The server nowprovides messaging and collaboration services toInsight clients, for improved collaborationbetween workgroups and individual users. InsightServer also supports Outlook clients. ■

Infohttp://www.bynari.net

■

Business software solution provider NuSphere hasreleased its Web development platform for smalland medium-sized enterprises. The NuSphereMySQL Advantage 2.0 features open sourcecomponents, giving developers the choice ofbuilding, maintaining and deploying Internetapplications under Linux, UNIX or Windows.Technology enhancements include support forfinancial transactions, essential for buildingbusiness-critical Web applications. Advantage 2.0also includes RPM support for RedHat Linux,encryption support for Windows and enhancedMySQL version 3.23.36, with the beta release ofGemini, aimed at highly granular, transaction-intensive database applications. Gemini enablesautomatic crash recovery, failover clusters, tableand site replication, and backup. It also featuresthe bug database Bugzilla. Carl Olofson, program

director, information and data managementsoftware research at IDC commented, ”NuSphereand this open source RDBMS, with substantialenhancements for transaction management andother enterprise-class database functionality,enable companies to build cost-scalable, stableenterprise-class eBusiness solutions and Webservices. Market pressures in favor of rapidlyexpanding eBusiness functionality are driving arequirement for greater Internet functionality andcapacity, but these must be developed with an eyetoward both upward scalability and costcontainment. The growing range of open sourcesoftware components, including, and incombination with NuSphere technology, will allowIT systems to meet this requirement, yet remaincost effective and scalable while exploiting thelatest trends in database software.” ■

NuSphere’s advantage


NEWS


New Heroix suiteIT infrastructure management software developerHeroix has released its new management suite.The Heroix eQ suite enables Windows 2000,Windows NT, UNIX and Linux systems to beunified for monitoring and maintenancepurposes. Features include the task-orientedExpress Wizard interface, which prompts for therequired information while providing context-sensitive help, and Application Autodiscovery,which automatically detects application andworkload changes for improved scaleability of themanagement suite. Howard Reisman, ChiefExecutive of Heroix said, ”The Heroix eQManagement Suite responds to the sharpupswing in IT complexity that enterprises aregrappling with today. While Web-enabledbusiness, powerful distributed servers, and open-source platforms have ushered in tremendousadvantages, they also pile on layers ofmanagement issues... One of the most significantways Heroix delivers on this vision is byencompassing the three most widely used serverenvironments: Windows, UNIX, and Linux.” ■

Caldera’s sneak previewThe Santa Cruz Operation (SCO) and CalderaSystems, have announced a technology previewrelease of their commercial 64 bit UNIX operatingsystem for Intel Itanium processors. AIX 5L version5.1 is the result of Project Monterey, a cooperativeeffort between SCO and IBM, to develop the nextgeneration UNIX operating system for IntelItanium processors.

Caldera Chief Executive, Ransom Love, said thatCaldera sees the importance of a stable 64 bitoperating system as the backbone supportingmission-critical business applications on Intelplatforms. He added: ”Offering AIX 5L to our high-end Intel OEMs and resellers allows Linux to reachanother bar on the enterprise ladder. AIX 5Lprovides choice and flexibility for our customerswhile leveraging their current investments.” ■

Red Hat releases version 7.1Red Hat has announced version 7.1 of its Linuxproduct, which features a kernel update. Thelatest release also features Red Hat Networkconnectivity, including software manager witherrata alerts and RPM updates that advise users ofnew RPM packages. The new 2.4 kernel combinesimproved SMP support with new configurationtools to help users set up and administer DNS,Web and print servers.

Billy Marshall, product manager for Red HatNetwork said the software manager was an aid toproductivity. ”Every enterprise, regardless of size,is challenged to deliver better services to theircustomers using the Internet. Software Managerincreases IT productivity in meeting this challengewith this set of customisable services that improvethe reliability and security of the Red Hat Linuxsystems that power many enterprises’ Internet infrastructure.” ■

LinuxIT makes new appointment

Vendor independent open source solutions providerLinuxIT has appointed Dr David Hodges as chieftechnology officer. Until earlier this year, Dr Hodgeswas head of systems for London-based globalinvestment firm, Antfactory. His appointment willbring more than eighteen years of experience inoperational management, with nine years in theLinux marketplace.

Peter Dawes Sales Director of LinuxIT said, ”Weare delighted that David has joined LinuxIT... Davidhas unique experience in the management anddelivery of IT solutions, and he will be able toleverage these strengths for LinuxIT and assist us indelivering Linux and Open Source solutions to ourgrowing customer base.” ■

The Board of the Embedded Linux Consortium (ELC)has announced plans to release a single unifiedspecification for an embedded Linux platform to itsmembers.

The proposed unified specification wouldreference existing specifications including the POSIX1003.13 PSE 52 and PSE 53, the Single UNIXSpecification, and the Linux Standard Base. The ELCsays it must also include the basic OS servicessupported in any compliant embedded Linux system.

The ELC will distribute an outline of its proposalto its 124 member companies and once theircomments have been received, it plans to make thefull document publicly available.

It is hoped that this will help to establish Linuxas a viable open, multi-vendor software platformalternative to other single-vendor embeddedsolutions, such as Windows CE, PalmOS or VxWorksand further accelerate the adoption of Linux inemerging post PC applications. ■

All together now


COVER FEATURE DISTRIBUTIONS TEST


Focusing completely on the latest Linux distributionsis not without its problems. One of the hardestdecisions is surely the choice of when to conduct atest series. Since the manufacturers of Linuxdistributions bring their latest collections of packetsto market at various times and (with fewexceptions) at intervals which are also hard topredict, it is hard to avoid the fact that distributionsthat have only just come out enjoy a certainadvantage in terms of newness compared to theircompetitors, which may have been on the marketfor a while already. These circumstances frequentlyalso affect the test result as a whole.

We nevertheless feel it is worthwhile, evennecessary, to subject the various distributions atregular intervals to as fair an evaluation as possible.This kind of comparison test is designed to helpyou decide which distribution is best for you. Nor,though, should the responses that such tests can

trigger among the manufacturers of distributionsthemselves be underestimated. Even two yearsago, most distributions could only be installedusing really monotonous console menus, whichwere also hard to understand. Administration ofthe system was mainly done through console-based scripts, if at all. Nowadays a graphicalinstallation program forms part of the standardrepertoire of most distributions. Certainly, in thepast few years some technical specifications haveimproved. But the fact that now almost alldistributors make every effort to enable installationand configuration to be as easy as possible and alsovisually attractive, is also due to the increasedexpectations of a rapidly-growing group of Linuxusers. As we write this article Red Hat 7.1 andMandrake 8.0 have both recently been released(and are reviewed in this issue) and CalderaopenLinux workstation is released as beta. ■

Linux Distributions for newbies/users

THE WIDERTHE CHOICE...

ANDREAS HUCHLERWord has got around by now

that Linux not only performs

reliably as a server operating

system, developer platform or

embedded system, but is also

regarded more and more as a

serious alternative to

commercial operating systems

for desktop users. But which of

the numerous Linux

distributions available on the

market is best suited to the

requirements of a desktop user

is a matter that is frequently

still unclear. Linux Magazine

risks a topical evaluation of

the market situation.

044Distintro.qxd• 09.05.2001 9:54 Uhr Seite 44

COVER FEATUREDEBIAN 2.2 R2


Debian, unlike most common distributions, is notcompiled and updated by a distributor with acommercial interest, but survives on the voluntarycommitment of a world-wide community of developersand compilers. The product – the official release, whichis regarded as extremely stable – can be downloaded infull from the Internet. As an alternative to this, variousDebian resellers offer distribution packages, with whichthey sometimes include, in addition to the officialrelease CDs, a manual or supplementary CDs. But weare only going to look at the official release.

Installation

Going against the general trend towards graphicalinstallers, the developers of Debian 2.2 continue toinsist on the tried and tested menu-supported orconsole-based installation routine. This would notbe so bad if at least a passable automatic hardwarerecognition was integrated. But unfortunately thisstill does not exist, and so only experienced or well-read users can get through the installationmarathon, so that when they first log in, at least themost important hardware components arepreconfigured for use. For the ISDN configuration,for example, there is no explicit configuration mask.Thus you have to know in advance that most ISDNcards can be run with the Hisax kernel module byspecifying a few card-specific parameters, so thatone loads them in at installation in the

corresponding module loader submenu by hand.Packet selection is equally unusual in its concept,with the menu-based standard packet managerdselect. Nevertheless, pre-defined packetcombinations are offered for a palette ofimplementation scenarios (tasksel). For the Linuxnewbie and user-only, though, this installationprocedure seems cryptic and off-putting.

Initial configuration

Not only is there no automatic hardware recognition,after the first console login you will also search in vainfor a configuration tool which is at least menu-supported. The X-server configuration can bemastered (if you know about this) with the classicxf86config or with XF86Setup. There is a USB mouse,which can be installed with a bit of manual work (seeboxout). Without a modicum of experience ofmanually editing major Linux configuration files, onewould soon give up at this point. But one thing has tobe said for Debian: The configuration files are mostlyneatly structured and adequately documented.

Expandability

Once you have become accustomed to the interplay ofthe packet management tools apt (alternatively:GNOME front-end GNOME-apt) and dselect, theexpansion and updating of Debian packets becomes areal pleasure. Because in Debian it is not the rpm formatwhich is used as standard (though conversion with alienis possible), but its own format with the ending .deb,which, among other things, can also resolve packetdependencies by itself. So with a few precautions,effortless online updates are possible withoutjeopardising the consistency of the whole system.

Stable, but cryptic

Linux newbies and non administrators would be betteroff keeping away from Debian 2.2. Although inprinciple it can also be used as a desktop operatingsystem, the initial configuration hurdles are not to beunderestimated. For newbies and users, CorelLinux OS,Stormix or Linux by Libranet would be of greaterinterest. These are based on Debian and come withgraphical installers. Most of these Debian add-ons,though, are not at present right up to date or else areonly adapted for USA requirements. ■

Debian/GNU is regarded

by many Linux fans as a

tricky hacker system.

Linux Magazine has

nevertheless attempted

to install the latest

Debian for desktop use.

Debian 2.2 R2 on Test

THE PURIST’SALTERNATIVE

ANDREAS HUCHLER

Figure 2: With a bit of manual work,Debian can also be used as a desktopsystem, here with packet managerdselect and apt-setup

Debian 2.2: menu-basedinstallation without automatichardware recognition

Debian 2.2 R2+ Can be obtained at a goodprice+ very good expandability- installation and initialconfiguration not easy- CD distribution is now out ofdate.

Short introduction: Commissioninga USB mouse under Debian 2.21. Making a device file• mkdir /dev/input• mknod /dev/input/mice c 13 632. If necessary, reload the following USB

kernel module with modprobe:• usb-ohci or usb-uhci (depending on the

USB controller)• mousedev, usbmouse3. Adapt the pointer section in

/etc/X11/XF86Config:• Protocol ”IMPS/2”• Device ”/dev/input/mice”• and wheel support too, if necessary, by

buttons 4 and 5

045Debian.qxd• 08.05.2001 9:23 Uhr Seite 45

EasyLinux 2.2 has been available for several monthsnow. According to information provided by themanufacturer, eIT, though, it may still take sometime before a new packet version is available on theGerman market, although there is an English-language version, 2.4.

Installation

Although in principle EasyLinux can also be installedvia a SCSI-CD-ROM drive, it is still advisable to usean IDE drive. After installation, the packet manager

eProfile could not get anywhere with our SCSI-CD-ROM drive in any case. The now relatively old kernel2.2.16 of EasyLinux, despite diverse kernel patches,cannot persuade all the current USB mice to co-operate. Our test mouse would only work with theaid of a USB-PS/2 adapter, naturally without afunctioning mousewheel. But having onceovercome these initial installation hurdles, the restof the installation process is easy. Thanks to theorderly hardware recognition, it is usually enough toconfirm the pre-set values with a mouse click. If youare puzzled by anything, there is also an adequateonline help (eHelpAgent) available. But inretrospect, we discovered, purely by chance, thatthe partitioning tool ePartition signals both theWindows partition and the Linux data partition as‘active’ by default. Although Windows did continueto run up in an orderly fashion, in somecircumstances this kind of partition entry could bevery annoying.


As in the forerunner version, one is still greeted inEasyLinux 2.2 immediately after first log-in by aconfiguration dialog, the eHelpAgent, with the aidof which the impending configuration steps can be

COVER FEATURE EASYLINUX 2.2


EasyLinux 2.2+ In many cases, simple installation /

initial configuration+ For Windows migrants: eSystem with

diverse eTools- Basic system is now outdated- Limited expandability of the system

The forerunner version of this Linux distribution from German-speaking

countries was praised a year ago by a whole range of reputable journals as

surprisingly beginner and user friendly. We were naturally eager to find out

if the latest version, 2.2, could follow up this success.

Figure 1: EasyLinux stands out for its easy-to-understand

graphical installer

EasyLinux 2.2 on test

TITLEDEFENDER

ANDREAS HUCHLER

046easy.qxd• 08.05.2001 9:41 Uhr Seite 46


dealt with step by step. What’s special aboutEasyLinux is that the developers have reallysucceeded in lending the KDE desktop what is inmany respects an amazing similarity to thecustomary Windows interface. This starts with thesystem control eSystem and extends to a registryimitator. Using the e-tools, too, an astonishingamount of exotic hardware, such as certain TVcards, can also be integrated; but don’t expect anymiracles from them. Otherwise, the only reallynegative thing that struck us is the fact that thekeyboard layout is almost unusable in a standard X-terminal.

Expandability

If this important aspect is included in the evaluationof EasyLinux it takes a lot of the shine off EasyLinux.

The packet manager for distribution-specificpackets eProfile (interestingly, this bears a markedsimilarity to SuSE’s YaST2) requires the firstEasyLinux CD at every installation/ uninstallation ofpackets. So frequent changes of CD are also pre-programmed. We also missed an explicit function,with which online updates such as the one on KDE2.0.1 (EasyLinux homepage) could be dealt with inone go.

For packets from other distributions, there is anRPM database (and it’s already filled). But RPMpackets can only be installed later or else only bymeans of an older version of the console tool rpmor the KDE front-end kpackage. Since EasyLinuxrests completely on KDE, the basic system still lacksthe necessary libraries for the successful integrationof gtk+ based (GNOME) applications.

Original, but outmoded

In principle, the concept of EasyLinux does havesomething to be said for it: What could be wrongwith putting together a Linux system which doesnot differ too widely in its external appearancefrom the Windows interface which is familiar tomany PC users, but which finally offers crash-plagued Windows users a more stable systemenvironment? In the case of EasyLinux 2.2, in fact,only the fact that the packet has now becomevery outdated. If the developers of EasyLinux reactmore quickly in future than in the past to majorinnovations in the Linux scene (Kernel 2.4, USB,XFree 4.x with 3D-acceleration, KDE 2.1, etc.),then EasyLinux could become the system ofchoice for many migrants from Windows to Linux.In the meantime, though, the manufacturer eIT istrying its luck with an EasyLinux 2.4 Englishversion. It is available fromhttp://www.easylinux.com/ for $49. ■

COVER FEATURE EASYLINUX 2.2


Figure 2: The now outdated KDE-1.2 desktop of EasyLinux 2.2

with ‘System control’ eSystem

1/3 Anzeige

84 x 185 mm


The distribution with

the Red Hat is

estimated at present to

be the world’s most

frequently used Linux

distribution. Linux

Magazine has just

taken a closer look at

the brand new Red Hat

7.1

COVER FEATURERED HAT 7.1 (DOWNLOAD VERSION)


Red Hat 7.1 on Test

THE INTERNATIONALMARKET LEADERANDREAS HUCHLER

Red Hat 7.1 (Download Version)

+ Brand-new system togetherwith USB hot-plugging+ Relatively beginner-friendlyinstallation/initial configuration- GNOME 1.4 not yet integrated- Online updates paid for afterbrief grace period

At the date of this test there was not yet a boxedversion of Red Hat 7.1 available. To test we got holdof the download version (2 CDs). Available will be aDeluxe Workstation Version (costing approx.£59.15) as well as a Professional Server Version(costing approx. £147.89). The former comes withimmediate support for laptops and multiprocessorsystems and contains 9 CDs and two manuals.

Installation

Red Hat 7.1 caused no problems at all duringinstallation, thanks to its very good automatichardware recognition. Both the SCSI-DVD drive aswell as the USB mouse worked right from the start.And the nVidia graphics chip was recognisedimmediately. Developers at Red Hat favour theGNOME desktop. So it is surprising that thedevelopers are no longer integrating the newGNOME 1.4 desktop together with Nautilus filemanager in Red Hat 7.1. Red Hat continues to rely on the tried and trustedpartitioning tools DiskDruid and fdisk. Since Linux isstill operated in most cases in parallel with anexisting Windows partition, the recommendedautomatic partitioning, which deletes all existinghard drive partitions, would only be sensible in therarest of cases. Red Hat is still bucking the generaltrend by doing without the journaling file systemReiser-Fs. The graphical installation program leavesthe impression of being mature and clearlydesigned. Because of its useful pre-sets it is enoughfor the inexperienced user to click on the Continuebutton. The online help is available at all times.


The GNOME desktop, does seem really neat,though which administration tools Red Hat hasavailable would be helpful. There is a program iconon the desktop for configuring Internet access bymodem. Under the menu item Programs/Systemthere are more configuration tools. That the X11-based control panel does exist as a central startingpoint for the configuration tools, is something thata newbie only finds out after logging onto KDE.Apart from Linuxconf, you will find in the controlpanel some innovations such as configuration ofany ADSL modems present. Basic configuration

steps, can be dealt with easily with the controlpanel. On first login, Red Hat makes icons forfloppy, CD-ROM and Zip drive on the desktop andthese also function immediately.

Expandability

You can install pretty much everything that can betracked down with the ending i386.rpm. Red Hatcontinues to rely on the rpm front-ends GnoRPMand kpackage. It recommends membership to it’sown Red Hat Network. Every buyer of a full version,receives free access to the RHN Software Managerfor a few weeks. This is a big software pool, kept upto date by Red Hat with respect to new programreleases and corrected bugs. This update system byRed Hat considerably simplifies the task of systemupdating. After the free test phase expires, though,Red Hat asks the user to pay for this extra service.As a matter of fact, as a member one also has topay another price: As the result of the relativelysynchronous updates and bugfixes, the Red Hatsystems registered in the RHN become morehomogeneous and thereby in future more open tolarge-scale attacks from the Net. Although Red Hathas always championed GNOME as standarddesktop, a desktop user fairs noticeably better ifthey select the brand-new KDE 2.1.1 as standarddesktop. Could this fact potentially hide a smartmove by the Red Hat strategists, to bring about asignificant increase in the number of RHNregistrations through the GNOME 1.4 updates?

Playing with fire

Among the most important innovations must be theintegration of the new Linux kernel generation(2.4.2). It is now possible for the user to swap theplugs of his USB devices without rebooting. Ownersof the latest graphics cards (except PowerVR chips!)will be glad that the current latest XFree86 4.0.3has been included. In the security domain, too, RedHat has included a new firewall configuration tool,with which new firewall rules can be defined in arelatively easy way. As long as Red Hat’s paid onlineRPM update services remain optional and does notbecome obligatory for systems to work correctly,the distribution will also continue to find a followingof enthusiastic supporters. ■

049RedHat.qxd• 08.05.2001 9:47 Uhr Seite 49

The new version 8.0 came outjust before we went to press, sothat only the download versionwas available for testing. ThePowerPack Edition of LinuxMandrake, like the previousversion, comes with not only themanual but also severaladditional CDs with free andcommercial (demo) programs(including the full version ofIBM’s speech recognition

software, ViaVoice) and costs about £40. TheProSuite Edition which is also available aims to be aprofessional server solution especially for small andmedium-sized enterprises. At the time of going topress, it was still not clear whether Mandrake willalso be selling a standard version in Europe, whichmight be somewhat cheaper than the PowerPackEdition. The present success of Linux Mandrake canbe attributed to two fundamental decisions by themanufacturer MandrakeSoft: the choice of Red Hatas basic system and the decision to place all thedistribution-specific administration tools (includingmanuals) under the conditions of the GPL. Thedecision in favour of (almost) 100% Red Hatcompatibility means the user has access, apart fromMandrake’s own rpm packages, also to the wholerange of Red Hat rpms which are widely availableon the Web. The large following of subscribers to

the GPL philosophy also contributes to the fact thatan increasing number of users and developers aretaking advantage of the comprehensive onlineoffers and the rapid availability of Pentium-optimised Mandrake rpms.

Installation

Thanks to the very good automatic hardwarerecognition, both the SCSI-DVD drive and also theUSB mouse were fortunately recognisedimmediately on our test system, so we were ableto get started straightaway. The graphic installerhas only changed slightly in terms of appearancewith respect to the previous version (7.2). But interms of functionality it has been heavily revised.First of all, there is now a large question marksymbol, which provides, after a mouse click,additional instructions for the user. Compared tothe previous version, the developers have nowmanaged for the first time - taking in their stride afew limitations of co-determination - to ensurethat, even as a non-expert, one can now putoneself in the hands of the installation class‘recommended’ with a fairly easy mind. Theinstaller no longer spoon-feeds the naïve user whoclicks on recommended as much as it used to inprevious versions, but simply rushes him past a fewqueries, which may be somewhat confusing forraw beginners. But whether it was all that clever

COVER FEATURE LINUX MANDRAKE 8.0


Linux Mandrake 8.0 on test

THE INNOVATIVESOCIAL

CLIMBERANDREAS HUCHLER

Linux Mandrake, a Red Hat offspring of

French origins, which two years back was still

treated at best as a secret tip in the Linux

communities, has recently turned into a real

cult system for many users. Linux Magazine

has looked at the brand new version 8.0 on

your behalf.

050Mandrake.qxd• 08.05.2001 9:54 Uhr Seite 50

to leave practically the entire X11 configuration ofthe automatic hardware recognition in therecommended mode, will remain to be seen inpractice. Anyone who wants, after first log-in,optimal resolution with maximum image repetitionrate on his own monitor, will presumably preferthe expert mode, in which the X11 configurationcan also be performed manually. According tomarketing reports, it is now also supposed to bepossible in Mandrake 8.0 for the first time for 3Dgraphics enthusiasts to enjoy 3D hardwareacceleration ”without additional configurationeffort”. Unfortunately we were unable to try thisout with the download version, which was fairlylimited in terms of packages. But it must beassumed that this long-awaited feature will be anoption in the PowerPack Edition. The image hasalso changed when it comes to packet selection.The pre-defined implementation scenarios are nowdifferentiated considerably. So apart from the maincategories of Workstation and Server, there nowalso exists a whole range of specificimplementation scenarios such as OfficeWorkstation, Games Station or Network Computer(client). This fine-tuning is certainly welcome inprinciple, but the choice of packets is somewhatoverloaded as a result. Mandrake now offers, likeSuSE, a summary after the one-off run through ofthe hardware configuration, in which the user cansee at a glance which hardware components havebeen successfully configured. It is also possible tojump back to the respective question marks. If oneoverlooks the still-not-quite-perfect interventionoptions in the recommended installation class, theMandrake installer mainly gives a good impression,mostly thanks to the fine hardware recognition.


The Mandrake developers have considerably jazzedup the graphic configuration tools DrakConf forversion 8.0, not only in terms of appearance, but alsofunctionally. The central configuration tool is nowcalled the Mandrake Control Centre and combines,under five main drop-down headings, just abouteverything that can be changed when Linux is runningwith respect to existing hardware and softwareconfiguration. The greatest gem, and so far unique toLinux, is surely the HardDrake hardware configurationtool, which is significantly refined compared to theprevious version, and offers an overview of all thehardware components found in the system. Andwhen doing something like installing a new PCI card,it also sometimes provides the user with manual driverselection. But the central configuration tool ofMandrake has lots more to offer besides. So the Linuxstart procedure (boot manager, system utilities, etc.)can be adapted to individual requirements at the clickof a mouse. Obviously, the hobbyist-administrator willalso find graphical configuration tools here, which willhelp to set up Internet access by modem, ISDN and

even xSDL (although this was not tested). It is preciselyin the domain of Internet connection via ISDN andxSDL that one was usually left high and dry byMandrake in the past. But MandrakeSoft has nowfinally put its shoulder to the wheel and presents theuser with an easy Internet configuration tool, togetherwith comprehensive provider database and nice dial-up program. More advanced administration taskssuch as the configuration of an Internet gatewaycomputer (DrakGW) or a personal firewall(tinyfirewall) are no longer a problem with Mandrake8.0. System administration under Linux has neverbeen so simple!

Expandability

In terms of system expandability, too, Mandrakeputs you on the safe side as a desktop user. BecauseMandrake is now drawing even with Red Hat 7.xand equally risking the rpm version leap to Version4.0. and the gcc version change which is beinghotly disputed in the developer scene (gcc 2.96).This means that practically every rpm packetavailable on the WWW ever built for Red Hat 6.2 /7.x runs under Mandrake 8.0. Mandrake’s own rpmfront-end RpmDrake has, by the way, also beenconsiderably jazzed up in terms of appearance andif required, will fetch security updates and packetupdates from the free Mandrake server (or a mirror).Obviously, it is also possible to read in and managerpm packages from other source media with thepackage manager. As with the Debian community,at MandrakeSoft there are now three degrees ofmaturity of distributions: Cooker (in development),MandrakeFreq (mainly stable) and the officialrelease. Anyone who does not want to wait for thenext official version from Mandrake can get it onlineor on MandrakeFreq CD.

State of the art as Linux desktop

A glance at the new features of the downloadversion is enough in itself to be able to determinethat MandrakeSoft has succeeded in pulling off asurprise coup with the brand new Mandrake 8.0,again. Mandrake 8.0 thus offers practicallyeverything one needs as a desktop user foreveryday administration work under Linux. And thisis also at the very latest level with GNOME 1.4! ■

COVER FEATURELINUX MANDRAKE 8.0


Linux Mandrake 8.0 (Download Version)+ Very up-to-date and comprehensive

system+ Central X11 administration tool

DrakConf+ Easy expandability with RpmDrake- Installer still has room for

improvement

050Mandrake.qxd• 08.05.2001 9:55 Uhr Seite 51

Since version number 7.0, SuSE has been splitting itsdistribution into two versions. Since then the former,full version has been sold, together with a DVD, atthe increased price of £49 as the Professionalvariant. So as not to lose the ordinary, price-conscious Linux user, SuSE is also offering a trimmeddown variant (for differences, see box) at a price of£29 as the Personal Edition for (purely) desktop use.

Installation

The better-than-average hardware recognitionmeans the first CD even booted up from our SCSI-DVD drive immediately. The USB mouse, too, wentto work without complaint after the graphicalinstaller appeared. Basically, SuSE gives you thechoice between a new installation and a (moretime-consuming) upgrade of an already existing oldSuSE system.

When setting up the data partition(s), in thePersonal Edition one can also choose between theclassic ext2 file system and the new journaling filesystem Reiser-fs. The selection of packages offersenough flexibility, both for newbies (with roughcategories like Standard with Office), as well as foradvanced Linux users (up to the selection ofindividual rpm packages), even if clarity does suffersomewhat as a result.

There is also a choice of kernel: a refined andpatched kernel 2.2.18 or, again, the new (alsopatched) kernel 2.4.0 with all its advantages andperhaps some bugs that have not yet beencorrected? It’s a sound idea, but on the other handin practice presumably fairly unusual for the bootmanager to be installed by default on a bootdiskette. Anyone who prefers, after switching onthe computer, without inserting a Linux bootdiskette, to be able to choose between the installedoperating systems, must therefore explicitly say soat installation (in a fairly fiddly way). Equallytiresome, but nevertheless sensible, is the fact thatthe installer compels you to enter at least one valid

COVER FEATURE SUSE 7.1


SuSE 7.1 Personal on Test

KILLER PACKAGEANDREAS HUCHLER

The distribution from SuSE Linux UK Ltd is

identiifed to all intents and purposes by many

Linux newbies as the Linux operating system. We

have taken a somewhat closer look at the latest

Personal Edition on your behalf.

Figure 1: SuSE’s installationprogram shines, particularly

because of its flexible selectionoptions, such as here, the

choice of the kernel and of thepackages to be installed

052suse.qxd• 07.05.2001 10:48 Uhr Seite 52

user together with the root password in anappropriately secure form, before the installationcan be continued. Overall the SuSE installationprocedure is increasingly coming to resemble that ofWindows - the positive thing about this is that thereis far-reaching automation and a user dialog whichis fairly comprehensible. But less worth copying arethe over-vigorous warning instructions togetherwith the need for reboots even during theinstallation procedure.

Relatively exceptional, though, is the fact thatthanks to SuSE, as owner of a new 3D graphics card(in this case: nVidia Geforce 256) by simply tickingon Activate 3D-acceleration you can enjoy thebenefits of a (though not always completely stable)3D hardware-accelerated X-server.

In all, despite the menu guidance thatsometimes takes some getting used to, SuSE’s latestinstallation procedure is convincing, especiallybecause of its clarity and error-friendliness. Becauseof the Braille support, now even the blind canperform a SuSE installation on their own.


The initial configuration of the main hardwarecomponents turned out to be a piece of cake. Thecompulsory manual commissioning of ISA cardsmight, though, overtax a Linux newbie somewhat.Central configuration tools such as SuSE’sYaST/YaST2, though, do have some disadvantages:Especially whenever one has to leave ready-madeconfiguration menus for whatever reason, perhaps toget an existing exotic hardware component to workunder Linux, one comes up against the limitations ofdistribution-specific configuration tools. It cansometimes happen with SuSE that YaST(2) soonoverwrites configuration files which have beenpainstakingly edited by hand, because of the built-inscript automation. Another disappointment was theannounced USB support: For the USB ZIP drive, theredoes exist (in Kernel 2.4.0) in principle a suitablekernel module; but one searches in vain for acorresponding entry in the /etc/fstab. Neverthelessthe new YaST2 Control Centre may be just the rightthing for migrants from Windows as a passablealternative to the system control.

Expandability

On both binary CDs there is an acceptablerepertoire of Linux application software, even if italso sometimes still needs supplementing fromother sources. Extremely tiresome when installingrpm packages later: The YaST2 package managerfirst needs, on every later installation of packages,the first SuSE CD, regardless as to on which CD thepackage to be installed is ultimately found. So DJ-use is pre-programmed here! Otherwise, due towide-ranging binary compatibility, the system isrelatively easy to expand in a normal case with Red

Hat 6.2-compatible RPMs and also, if necessary, bydirect compilation of source packets.

A question of cost

SuSE 7.1 currently combines, better than mostother common distributions, administrability withrelatively low requirements and the fact that it is asup to date as possible. The central administrationconcept of YaST(2) also enables Linux newbies tobecome productive as quickly as possible on thedesktop. On the other hand, as an advanced, Not-Just-A-User, one feels increasingly restricted in aSuSE system in terms of design freedom. ■

COVER FEATURESUSE 7.1


Figure 2: With each new SuSEversion, the X11-based configurationtool YaST2 replaces a bit more of themenu-based predecessor version

Which is it to be then: Personal or Professional?The SuSE Professional Edition comes with the following additionalfeatures:• Installation DVD• additional know-how manual (635 pages)• New CUPS printer system • additional developer tool / autoinstaller• C/C++-IDE KDevelop 1.3• LDAP Server• Server Tools• IP Videotelephony• Clustering• Longer installation supportIn particular, advanced desktop users considering buying a new SuSEdistribution should ponder whether the first mentioned extra features ofthe Professional Version are worth the extra cost of £20.

In the OfficeHaving tried all the different distributions in the office it is fair to say thatthe SuSE Professional is the version we use for the everyday production ofLinux Magazine. The sheer number of packages provided (and so tested towork first time) is a little overwhelming at first, but means that the fullsystem is always to hand. The YaST2 configuration interface does takesome time to get familiar with, but is no hindrance. At a recent Londoncomputer fair, SuSE gave demonstrations. The system was installed half adozen times by users new to Linux to show how easy it was to configure.One SuSE user did express concern about doing a minimal install butrunning through at the show installed the system fine. As SuSE typicallyhave a four-month period between launches we guestimate that, with afair wind, their next version (7.2) will hit sometime early July.

SuSE 7.1 Personal+ Very up to date system+ Central configuration toolYaST/ YaST2- Tedious CD changing whenlater installing packages- Relatively high price for‘trimmed down’ distribution

052suse.qxd• 07.05.2001 10:49 Uhr Seite 53

COVER FEATURE DISTRIBUTION-TEST


Debian 2.2 R2 easyLinux 2.2Manufacturer URL www.debian.org www.easylinux.comSupply source Linux Emporium EasyLinux.comFull version price £29 $49Number of CD’s 6 - 9 5CDs with free binary packages 3 2CDs with commercial binary packages depends on reseller 2CDs with source texts 3 1Boot diskette included - 1Number of pages in manual 343 345Overall impression of the Manual good-satisfactory very good-goodKernel 2.2.18pre21 2.2.16XFree86 3.3.6 3.3.6KDE - (now included) 1.1.2GNOME 1.0.51 -Overall impression of the system satisfactory-adequate adequate3D Graphic card activation no noSCSI-card PCI yes noISDN-card PCI no yesExternal modem yes yesSoundcard PCI yes yesTV card PCI no PartlyPrinter drivers lpr CUPS, lprUSB support method Kernel 2.2.18 Backport-PatchUSB Hot Plug compatibility no noUSB Wheel mouse no noOverall impression installation: Features good good-satisfactoryOverall impression installation: Operability adequate very good-goodStandard desktop Console / GNOME KDEMounting procedure for removable media manual / automount manualOverall impression: Desktop clarity good goodAutomatic HW recognition no noCentral configuration tool no eSystemOverall impression: Basic system administering adequate goodStandard packet manager dpkg rpm 3.0.3Packet manager frontend dselect / gnome-apt kpackageCPU-optimised i386 not foundAutomatic resolution of packet dependencies yes in distribution’s own packetsOnline update function Using apt noOverall impression: Handling of binary packages very good-good satisfactoryFree manufacturer support Mailing-Lists, IRC (unlimited) 90 day installation supportOther support centres Debian Consultants on requestStart places for online updates packages.debian.org ../download/update.phpOverall impression: Support very good good-satisfactoryOverall assessment: 2,00 2,58Current newbie/user-friendliness of distribution (higher is better)Remarks Distribution updated by freelance developers Version 2.4 English only

Weighting factor Debian 2.2 R2 easyLinux 2.2Manual 10% 2,50 3,50Is the system up to date 20% 1,50 1,00Installation features 5% 3,00 2,50Installation operability 20% 1,00 3,50Desktop clarity 5% 3,00 3Basic administrability 20% 1,00 3Handling of binary packets 10% 3,50 2,00Support 10% 4,00 2,50Total score 2,00 2,58

054table.qxd• 08.05.2001 9:58 Uhr Seite 54

COVER FEATUREDISTRIBUTION-TEST


SuSE 7.1 Personal Mandrake 8.0 Red Hat 7.1 Deluxewww.linux-mandrake.com/ www.redhat.com

SuSE Linux Emporium LinuxLand, ixsoft£29 Unknown £593 N/A N/A2 N/A N/A- N/A N/A1 N/A N/A2 N/A N/A63 + 118 + 288 272 + 290 (previous version) 163 + 485 + 9 (previous version)very good-good good (previous version) good (previous version)2.4.0 / 2.2.18 2.4.3 2.4.24.0.2 3.3.6 / 4.0.3 4.0.32.0.1 2.1.1 2.1.11.2 1.4.0 1.2.4very good very good very goodyes mostly sometimesyes yes yesyes yes yesyes yes yesyes yes yesno sometimes noLPRng CUPS, lpr LPRngKernel 2.2.18 / 2.4 Kernel 2.4.3 Kernel 2.4.2 (+Patches)no no yesno yes yesvery good-good very good-good very good-goodgood good very good-goodKDE 2.0.1 KDE GNOME 1.2automount supermount Kernel autoloadersatisfactory good good-satisfactory yes kudzu kudzuYaST / YaST 2 DrakConf control-panelgood very good-good goodrpm 3.0.5 rpm 4.0 rpm 4.0YaST(2) / kpackage rpmDrake gnorpm / kpackagei386 i586 i386in distribution’s own packets in distribution’s own packets novia YaST2 rpmDrake up2date (RHN)good-satisfactory good satisfactory 60 day installation support 60 days MandrakeExpert installation support 60 days RHN, 60 days InternetAlso commercial Mailing lists, MandrakeExpert Also commercial../de/uk/support/download/index.html ../en/updates/ ftp.updates.redhat.com (for a charge)good very good-good good-satisfactory 3,10 3,38 3,15

SuSE also sells the £49 Professional Edition. Special feature: Only the download version was tested here. But the Only the download version was tested here. But the Support for the blind (Braille). basic system should be largely similar to the Powerpack basic system should correspond to that of the Deluxe

Edition. Special feature: 3D hardware acceleration; many variant. Manufacturer updates and bugfixes after 60 days graphics cards are supported automatically are charged for; special feature: USB hot-plugging

SuSE 7.1 Personal Mandrake 8.0 Red Hat 7.13,50 3,0 3,03,50 4,0 4,04,00 3,5 3,53,00 3,0 3,52,00 3,0 2,53,00 3,5 3,02,50 3,0 2,03,00 3,5 2,53,10 3,38 3,15

054table.qxd• 08.05.2001 9:59 Uhr Seite 55

LM What current software are you working on?BP Primarily spreading the Open Source

movement. I have promised to help Debian with thebootstrap system and ensuring that HP keep ethical.I think I could do better than Python and Perl and somay write a language called ‘O’ but it may never becompleted. I am also writing a tutorial series onBusybox.

LM What are the problems facing HP?BP HP has a very able competitor in IBM. It is

not so much challenges as opportunities such asworking with the community and the IA64processor.

LM What wins have you had at HP?BP Adopting the Open Source policy. Enabling

hardware with Open InterfacesHP has now released the Print Server Appliance

4200. This contains Samba and is IP click and print.HP is sponsoring to the tune of $26M the OpenSource development lab along with IBM, Intel andothers. This allows developers time onmultiprocessor systems with load simulations thatthey would otherwise not be able to afford.

LM Where do you see the Open Sourcemovement going?

BP IBM owns 10 per cent of software patents inthe US. It is easy to stop an individual. Ogg Vorbismade a format to circumvent the Fraunhofer codec.The developer is now being threatened and cannotafford a day in court. Businesses that plan to makebig bucks out of Open Source should help theindividual developers.

LM What do you hope to achieve in the comingyear?

BP More Open Source such as the Deskjetdrivers. Because HP is cross patented with otherpeople, we are trying to remove those other patentsso we will be able to release as Open, and notrestrict the community with others patents.

LM If I wanted to buy a HP computer today Icould not buy without Windows. Do you see this asa problem for HP?

BP No Linux on HP laptops this year, but in theserver market HP has standardised on the Gnomedesktop, as has Sun.

LM What is there left for HP to do?BP Lots of stuff is left to do at HP. HP-UX is our

enterprise offering and will be supported as long ascustomers require it. Personally speaking, I thinkLinux will be able to handle the enterprise marketwithin three years.

LM Will Linux make it to the desktop?BP We are already being used on the desktop

by engineers and Office workers will soon besurprised

LM What do you consider the most vital pieceof software that needs developing for Linux?

BP Now we have office suites, a Quicken-likeprogram is needed to help home finance. Greaterease of use and ease of installation. A tax calculationprogram, but that would depend on each country.

LM What is holding back Linux? BP With the rate of acceptance nothing stands

in the way. ■

INTERVIEWHP SENIOR STRATEGIST


Bruce Perens

HP SOURCEBruce Perens is Hewlett-Packard’s Senior

Worldwide Strategist for Linux and Open Source.

He is the founding father of the open source

community and drafted both the Debian Social

Contract and the Open Source Definition.

Software includes Electric Fence and he is

credited in A Bug’s Life and Toy Story films

011perens.qxd• 08.05.2001 8:59 Uhr Seite 11

Rusty was born in London and left for Oz when hewas three years old. He has spent most of his life inAdelaide and still lives there with his parents. Hebecame interested in computers at the age of eight,when his father studied them as part of his medicalcourse. Rusty knew he wanted to be a programmerfrom the age of 10, and so, naturally, when he gotto university he chose Electrical Engineering withComputing Science. After graduating, he took toprogramming and never looked back.

Rusty went on holiday to Italy for four weeksbefore beginning his grueling schedule and then onto Madrid for Linux World, followed by a trip to aSantiago computer conference, Xuventude GaliciaNet. If you have a look at his diary on the Internetyou will see that, as part of his itinerary, he went tothe VA Linux offices in Amsterdam where he wasable to have a long talk with Wichert Akkerman.Wichert is the developer who used to be in chargeof the Debian project. Rusty says that this chat wasthe highlight of his tour. Let’s hope that all of usLinux users, and particularly the Debian fans, willbenefit from this meeting.

Two UK stops were included on the tour, one atthe University of Aberystwyth and the other atSheffield. We were extremely privileged to attend ofone of these presentations, held in Sheffield’sBlackwell’s bookshop, in which Rusty explained thenetfilter that he has written for the 2.4 kernel.

The lecture was well attended, with manypeople travelling from all over the country to hearhim speak. There were some heavyweight technicalpeople in the audience including attendees fromthe Manchester and West Yorkshire users’ groups.

Rusty opened by explaining that he has workedon ipchains as well as iptables. He is alsoresponsible for producing, or working on, filehierarchy standard 2.2, network address translation2.4, the kernel hacking unreliable guides andkernel locking. If you’re a kernel coding person it’sextremely likely that you will have come across hiswork at some time.

His explanation of netfilter and iptables wasbrilliant from beginning to end. The talk was well

received and those present showed theirappreciation by way of a warm applause.Afterwards, I talked to him over a pint ofTheakston’s Old Peculier and asked him a fewquestions.

Rusty explained that he started on the 2.0firewalling code in Slackware at a time when he wasworking on his own as a UNIX consultant. InJanuary 1997 he decided to go to a Usenix session.Linus Torvalds was there along with Steven Tweedie,Alan Cox and a few other Linux luminaries. Rustywas hooked and has worked on Linux kernel codeever since. He wrote the packet filtering stuff forearlier kernels and later on became involved withwriting code for network address translation.

Rusty was attracted to kernel coding because,for him, this enterprise represented a fresh projectand a means of self improvement. Issues of Internetownership and control also loomed large in hisreasons for getting involved.

I asked him why he worked in Oz and notsomewhere else. He says that anyone who wants tobe successful goes to Silicon Valley. They don’t haveas much talent as they would like to have over there,and so they are willing to pay people. He thinks thatit’s not too hard to telecommute and so he prefersAustralia where the scenery is great and the peopleand the beer are things he understands. His ownkernel project has contributed to the growth of theInternet, which he can then use to work with peoplein many countries without actually travelling tothem. We also discussed the controversial subject ofdocumentation in Linux and agreed that someoneought to sort out the docs, although just who coulddo this no one really knows.

For all of us mere mortals here in Sheffield itwas something of a religious experience to seeRusty walk along the street from the pub and takethe tram to Sheffield Midland Station so that hecould catch a 747 to go to work. We hope he’llcome back sometime.Richard is chairman and organiser of the SheffieldLinux User’s Group. You can view their site athttp://www.sheflug.co.uk ■

INTERVIEW RUSTY RUSSELL


Rusty Russell

POPPINGKERNELS

RICHARD IBBOTSON

Paul ‘Rusty’ Russell, one

of the leading lights of

kernel development,

recently undertook

a whistle-stop tour of

Europe to explain his

latest projects. Linux

Magazine caught up with

him on en route back to

Australia.

Info

Rusty gives a talk in Sheffieldhttp://www.sheflug.co.uk/apr01.html

Rusty’s Diaryhttp://netfilter.filewatcher.org/diary

http://antartica.penguincomputing.com/~netfiler/diary

Rusty’s Kernel Hacking UnreliableGuide

http://kernelbook.sourceforge.net/kernel-hacking.pdf

■

Talking kernels in a Sheffieldbookshop

Paul ‘Rusty’ Russel

012rustysbd.qxd• 07.05.2001 10:01 Uhr Seite 12

INTERVIEWXIMIAN


Miguel is the founder of the Gnome Foundationand a board member of the Free SoftwareFoundation. He is presently CTO of Ximian. Ximianwas previously Helixcode, which Miguel co-foundedwith Nat Freidman. Miguel has known Nat for along time from the Linux.net IRC network. The ideato create a company that would work on GNOMEcame from Nat in early 1999 (for those of us whodon’t know, GNOME means GNU Object ModelEnvironment). GNOME is a sub-project of the GNU

project. Helixcode came into being to makeGNOME more accessible and to extend the GUIenvironment for the Linux desktop. Miguel alwayslikes to explain that the GNU/Linux desktop is theplace where we need to improve user friendlinessand on other Unices as well. He likes to think thathis own younger brother could use a Linux desktopwithout a problem.

Last year Helixcode was the company that wasat the centre of the GNOME object model. Both Sun

Miguel de Icazza began his

life in the south side of

Mexico city. He certainly

didn’t think that he would

eventually become one of the

leading lights of the Open

Source and Free Software

movement of the early 21st

century.

Miguel de Icazza

DELIVERINGINTELLIGENCE

RICHARD IBBOTSON

To contact Ximian in the StatesXimian, Inc. 401 Park Drive, 3 WestBoston, MA 02215 General information: [email protected] information: [email protected]: [email protected]: [email protected] and pictures by Richard Ibbotson, the Chairman of Sheffield Linux User’s Group. You can viewtheir site at www.sheflug.co.uk. Sheffield Linux User’s Group is sponsored by SuSE Ltd atBorehamwood http://www.suse.co.uk.

013miguel.qxd• 07.05.2001 9:58 Uhr Seite 13

INTERVIEW XIMIAN


Microsystems and the Free Software Foundationwere and are interested in their ideas. The Red Hatlabs also did quite a bit of work with Helixcode. EliotLee is the person to speak to if you want to knowmore about that. Much more development work isin progress and we expect more in the future. SunMicrosystems worked closely with Miguel on StarOffice. Quite a few of the Star Office componentsuse software that is based around the GNOMEproject. Sun have taken their Star Office suite andgiven it away as Open Office. This means that a freeoffice suite will be made available and the code canbe changed by anyone who wants to join in with theOpen Office project. This will in fact preserve all ofthe ideas and principles that were part of theOriginal Star Office project before Sun got hold of it.

At the time of writing, Ximian GNOME has justcome into being. Many of us expect greatdevelopments in GNOME in the future.

One of the main objectives of the GNOMEproject was to provide a graphical user interfacethat would make Unix and Linux more accessible.Miguel has personally put his best efforts intopopularising the Linux desktop phenomenon and tomake Unix user friendly rather than the kind ofthing that only highly-educated technicians can

understand. A trip to the Gnome site will reveal thatthere are applications such as Gnome Office andothers like Gernel which make kernel configurationa point and click experience for those of us whoaren’t Linux developers. A fine example of GNOMEsoftware is an application called Evolution. It looks alot like Outlook Express but without all thatMicrosoft nastiness included. Some Linuxdevelopers see the command line as the only way towork, but how will the end user understandanything about the command line? As Miguelexplained to me over the phone from his office inMassachusetts, ”As things stand Unix is suckingvery badly. We need to make it more attractive tothe general user rather than leave it as a developer’senvironment where only academics may tread.Further development of Gnome components willlead to greater ease of use and even my ownyounger brother will be able to understand how touse Linux”. I also asked him about office suites:”This is part of the Bonobo thing. In future bothOpen Office and Gnome Office will come togetherand be a part of the same project”.

Ximian and the products that it advertises are allset to become a major success. It has already beenselected by Hewlett-Packard as the desktop softwarethat will come preloaded on all HP-UX workstations.Ximian also have a new finance officer – Tod Miceli.They have secured $15m funding for their projects.The CEO of the company is David Patrick, who hasspent the past twenty years marketing and sellingsoftware. He is the best choice for the job ofintegrating free software into the American andinternational business community. Nat Freidman,who was one of the founders of Ximian, willbecome the Vice President of Product Development.This will provide a more rounded structure to thecompany’s management team.

Gnome 1.4 has just been released in its finalversion. You might want to download it and try it.There are also official Ximian CDs available, in nicelyfinished jewel cases with the Ximian logo on thefront. Where did the picture of the monkey comefrom? You can get those from Ximian as well.

Gnome 2.0 is at the planning stage. Miguel haspublished his own ideas about this on the Web forpublic consumption. GNOME 1.4 introduced anumber of interesting new technologies. GNOME2.0 looks as though it might repair some of thethings that are broken just now and will most likelylead to something quite different, but similar.Miguel himself has a belief that we shouldn’t breakthings if they are not already broken.

Miguel would like the following information tobe made public – the Bonobo chimps are alsoknown as the Pigmy Chimpanzees and they live inthe Congo, but they are in danger of becomingextinct. I encourage you to visithttp://www.gsu.edu/~wwwbpf/bpf/ for moreinformation on them and the ways in which you canhelp save them. ■

Info

http://www.ximian.comhttp://primates.ximian.com/~miguel

http://primates.ximian.com/~miguel/gnome-2.0http://www.openoffice.org

http://www.sun.com/software/gnomehttp://www.gnome.org

http://www.gnu.orgTo contact the Red Hat labs write to Eliot Lee at [email protected]

■

013miguel.qxd• 07.05.2001 9:58 Uhr Seite 14

Effective data backup makes sensible datamanagement necessary, especially in view of theexplosive growth in the size of files. Modern databack up is much more than just copying data onto atape cassette. It concerns not only the selection ofbackup software and hardware, but also theconfiguration of the data server and the behaviourof the user.

Most users would rather not need worry abouttechnology themselves; they take the attitude thatthe administrator should handle those kinds ofproblems on their own. But disk space fills up soonerrather than later. Co-operative users can contributeto clarity by tidying up, compressing and packing.

Long term archiving

Offline storage of data should be distinguished froma backup. When it comes to back up, the usualassumption is that only data that is fairly recent (say,three months old) needs to be restored. However,this does not apply to archiving. Candidates forarchiving are those files containing data that is notcurrently needed but will (or could) becomeimportant again at a later date. Archives – possiblyexisting on several media as clones – should be partof your standard repertoire when it comes tomanaging data on a computer network. Thisfunction does not necessarily have to be performedby the backup system in use. A tar or cpio on severalredundant tapes with labels is usually enough.

Hierarchical storagemanagementA very exciting technique, well worth discussing, isHSM, such as the one employed by Veritas or SAM-FSfrom LSC. This involves copying data at a predefinedinterval from the hard disk onto slower and cheapermedia. This step is referred to as ‘archiving’.

Data which is not accessed for a certain lengthof time is removed from the online medium (or‘released’). The file system entry is retained, but thedata blocks disappear.

Later accesses to data which is no longer on thehard disk lead to staging. This means that the data

is retrieved, and made accessible, completelyautomatically from the slower media, which can ofcourse take some time. HSM cannot be realised bythe file system without support, as the proceduresdescribed are intended to be invisible to the userprocesses and/ or their system calls.

HSM in its simplest form does not replace backup. If the data has gone from the online medium, itnow only exists in a single copy. If the tape on whichit is stored then fails, it will have to be restored fromsomewhere else. HSM systems therefore offer theoption of producing several copies at once.

Backup scope

The results of your daily work must be backed up.But certainly, the backup capacities should notnecessarily be stuffed full of things which are stillavailable on CD or the Internet. This includes suchthings as operating systems. But a computerenvironment will not normally be equipped withunaltered system installations. Adaptations to therespective requirements are always necessary.

The software should, apart from the back up of alldata, also be able to handle the incremental mode.This means that only the files that have changed sincethe last back up are written into the backup.

Often, additional back ups of the type Level-Nare also possible with N = 1, 2, etc. With a Level-Nback up, all data which has changed since the lastback up with the same level is backed up. As youmight imagine, a total back up is Level 0 and anincremental is Level infinite.

With a Level-3 back up everything new sincethe last Level-3, Level-4, or an incremental back upis backed up. The software Afbackup by this authorevaluates it differently, so that one can be open tohigher levels.

Typically, a complete back up is done at theweekend with incremental back ups every night.Another option is complete back ups every firstweekend in the month and a Level-1 back up on theother weekends with incremental back ups eachnight. The longer it is since a complete back up, thelonger restoring is likely to take. In principle, nobacking up should be done while lots of people are

COVER FEATURE BACKUP PRINCIPLES


Even the most reliable

hard disk will give up

the ghost one day. Only

by making regular

backups can you

protect your data

against the worst case

scenario. The following

overview sheds some

light on the various

strategies.

Data back up on the network

BETTER SAFETHAN SORRYALBERT FLÜGEL, OLIVER KLUGE

016backup.qxd• 09.05.2001 9:05 Uhr Seite 16

working, since this represents a considerable loadfor the computers and the network concerned.

It may be desirable to back up several computersat the same time. But if the data is being sent to justone single backup server or a tape drive, the backupsoftware must support this type of operation. Ifseveral computers have a lot of data, a parallel start,especially of incremental back ups, is very useful.Another example is that of many backup clients,which back up on a central server via slow lines, butin this case you only benefit from parallelisation,when the flow rates can add up on the server.

Tapes do break now and then. So quite a fewadministrators tend to configure the use of a newtape for each full back up. In this way, there isalways a complete backup available, which wasdone not more than two full back ups ago, even if asingle tape does fail. Multiple backups of the samedata on various media can benefit the user, apartfrom the higher level of redundancy.

If one configures just one full back up on disks(in the case of backups on tape stored for a longtime), the current files can be restored more quicklyfrom the hard disks with security at the same time.

Getting it taped

Considering current prices of hard disks it’s worththinking about storing data on hard drives. Thethroughputs achievable, even with slow disks, arehigher than with the usual tape technologies.Nevertheless, there is a considerable price differencein favour of tapes: A DLT with approximately 35GBcapacity without compression costs about £50, andyou would not get a disk of that capacity for the samemoney. Tape changes are also easy to automate.

Tape technologies

Before buying a tape drive or a changer, there aresome tough choices to make. Many technologies tryto court the buyer. The main ones are presentedbelow. The choice of one of the technologiesdescribed should primarily be made on the basis ofthe amount of data to be backed up, rather than onthe price of the drives and tapes.

Quarter inch cartridges

QIC now plays a very small role in systemsmanagement, but in private use there are still plentyto be found, because the drives are especially cheapand offer acceptable capacities for home users.

QIC makes serpentine linear recordings, thetape is drawn at high speed past the head, and assoon as the tape comes to the end, the head is liftedand the whole tape is run through again. So with aneconomical system you get both capacity andspeed. But when buying such drives, make sure theycan cope with read-after-write for the sake of datasecurity.

Exabyte

Derived from the technology of Video-8, the tapeswere seen as susceptible to wear and tear due tothe narrow tape guides, loose head contact and theresulting strain. In newer products these problemsare supposed to have been corrected, but there areothers. If you insert a tape to be read into a drivewith a different construction, the reading does notalways work. This happens even with drives fromthe same manufacturer.

This is nothing to do with the typical problem ofcorrect adjustment of block sizes, which often cropsup in newsgroups. If a drive does fail there shouldthus be a matching replacement within reach.Exabyte is now achieving capacities of up to 60GBper tape (uncompressed).

DAT

The capacity specifications for DAT are usuallyworked out using unrealistically high compressionrates. In practice, it is only the uncompressed valuethat is relevant. Because of the comparatively largewastage, as a result of bad spots on the tape(drops), the real quantity achieved is normally less.Plus, to make things harder, DAT drives to the DDS-3 standard usually recognise and reportcontamination of the head too late.

A phenomenon which is occurring increasinglyoften is that the markings on the tape are overlooked ina fast search. This can lead to data not being found orin the worst case, parts of the tape being overwrittenunnoticed. From DDS-3 on, the head is cleanedautomatically in the drive during relatively frequent use.

But this should not result in any excessive wear.It is strongly recommended that you keep to thecleaning intervals with DAT advised by themanufacturer in the accompanying documentation(but not exceed them). DAT can theoreticallyhandle, with DDS-4, 20GB uncompressed.

Digital linear tape

DLT has been developed for high densities, lowmechanical wear and high recording speeds. There

COVER FEATUREBACKUP PRINCIPLES


TapeCartridge

Hard Disk

OpticalMedia

HSM

Archiving

Staging

Sun3 June

4 June

Tue5 June

Fri8 June

Full Backup

Incremental Backup 1



Set 1 = Week 1

Set 2 = Week 2

Set 3 = Week 3

Set 4 = Week 4

1st

Wee

k

Figure 2:Backupstrategies

Mon

Figure 1: Overview ofhierarchical storagemanagement


can be problems from time to time with the tapegetting out of line; the second spool is in the tapedrive. The start of the tape can come out in sympathy,as the result of which it becomes unusable. The startof the tape contains information managed by thedrive. If this cannot be evaluated, the drive will noteven accept the tape when it is inserted. For thisreason, in the AIT technology from Sony a writeablechip has been built into the cassettes.

The way to data back up

One simple and effective variant is to connect thedrive directly to the respective file server. This alsomeans there is no load imposed on the network andthere are no security worries with respect to databeing overheard. But if the server goes up in smokethe tapes cannot be saved. This problem can bemitigated somewhat by regularly taking them outand storing them elsewhere. The crucial question iswhat periods without backing up are acceptable.

If you want to guarantee security even if thebuilding collapses, online data and backup must begeographically separated. The administratorachieves this by means of back ups over thenetwork or the use of a suitable bus technologybetween computer and drive.

The commonest way is to back up via a networkto a computer which then acts as backup server. Ifthis is not to impose a heavy load on the networkvia which the computers of the users are beingoperated, you could consider the option of anadditional network connection between the twocomputers. If security is an important aspect, all thetypical problems in network services are relevant.

Correct access rights

Can the backup data only be read and written bythose authorised to do so? Are there back doorsinto the system resulting from the architecture? Canbugs (such as buffer-overflows) lead tounauthorised access? In any case, the permissionsof the devices must be tested in /dev.

Normally everyone has writing permissions ontapes; even big-name backup products work like thisor give no instructions in the documentation. If it is notpossible to limit permissions here without the backupsoftware refusing to work, you must consider barringthe backup server to any login by normal, potentiallymalicious users. Of course, this consideration does notapply only to backing up via the network.

Storage area network back ups

Another option has been becoming fashionable forsome time: Backup in a storage area network. SANmeans that there is not only a connection betweena computer and mass memories as on a SCSI bus,but that several computers with several massmemory systems – possibly also via several

redundant paths – are networked. In this way, fastconnections from all connected devices can be usedas alternatives, similar to the communicationbetween computers in a LAN.

Backup devices (usually jukeboxes) can beconnected to a SAN. The back up of the data thenruns, not via the file server, but direct from theonline mass memory to the backup system. In thisdata transfer, neither the file server computer northe network outside the SAN is put under strain.

But since most data is backed up from a filesystem, the controlling software is given anadditional task: neither the mass memory nor thebackup device know the file system structure. Thisinformation is in the exclusive possession of the filesystem driver in the server operating system. If a fileis backed up, the mass memory is informed whichblocks it should send to the backup device. Therestore function is more time-consuming: Thehardware components involved in such installationsare in the rack format and the software is expensive.There is no way that someone who wishes to investin such a solution will be able to avoid working outhis own individual strategy.

Here is a brief sketch of one other variant: There aredevices (for example Celerra from EMC2, Server fromNetwork Appliance or devices from Transtec), whichcombine mass memory and logic in one housing, sothat on the network they appear as a pure fileserver(network attached storage). They typically offer noother services and nor can one log on. If their back updoes not run via the file service in the network, thenthere is still the option of connecting drives andchangers directly to these devices. Backup software onthe devices themselves and control software on acomputer in the network (NetApp NFS-Server andVeritas NetBackup) then enable the back up.

When backing up via NFS-Mounts at least oneread-only-root-export must be available at the timeof back up, as otherwise read-protected data is notbacked up. When restoring, root must even be ableto write via NFS. Since a forged UDP packet with thesender of the NFS client is all it takes to manipulatedata on the NFS server, this is a potential security risk.

Handling the media

If the quantity of data to be backed up at one go isgreater than the capacity of a tape, you ought toacquire a changer (stacker, jukebox or a tape library).The simplest stackers for example have a drive and sixcompartments or slots for tapes that the robot can thenchange. Large jukeboxes have a hundred slots and sixor more drives. Frequently there are several loadports orloadbays as well. They considerably alleviate the workof the administrator when assembling the device.

With respect to the backup software, on securitygrounds, one should find out from the manufacturerwhether the changer is supported. Usually however,changers implement at least one subset of a standardprotocol, with which the hardware can be driven via

COVER FEATURE BACKUP PRINCIPLES


Info

Website on afbackup incl. generalHOWTO & FAQ:

http://www.afbackup.orgftp://www.vic.com/af

Yellow Guide at Transtec:http://www.transtec.co.uk -> Guide ->

Mass StorageGeneral details on back up and

storage:http://www.backupcentral.com

Overviews of backup software forLinux:

http://linux.tucows.com/conhtml/adm_backup.html and

http://www.linux.org/apps/all/Administration/Backup.html

Legato homepage (Product»Networker«):

http://www.legato.comInfo on Budtool (now also belongs to

Legato): http://www-ftp.legato.com/Products/html/budtool

.htmlInfo on BRU:

http://www.estinc.com/bruinfo.phpVeritas homepage:

http://www.veritas.com/uk/products/Websites on ADSM from IBM:

http://www.storage.ibm.com/storage/software/adsm/adsmhome.htm

EMC2: http://www.emc2-uk.co.uk/products/networking/

Networking appliance:http://www.netapp.com/

■


the SCSI bus. In terms of software, it is also possible to use the programsavailable in source code mtx or stc (for Solaris).

Software

Freely available packets such as Amanda, Burt or Afbackup by the authorsare just as interesting as commercial software.

In principle, when it comes to choosing software, the same rules applyas with all other products. Anyone who believes what a manufacturer sayswithout having verified the facts in a test is taking a risk. You shouldalways conduct a test installation, in which you should test with marginalconditions which are as realistic as possible. The problems that really hurtonly come to the fore in conditions of higher complexity, usingcombinations of features or in connection with other components.

So far it has been tacitly assumed that certain functionalities will bepresent: These assumptions include the facts that a ‘verify’ (such ascomparison of the content of the backup with the file system) is possible,or that when archiving (when the tape is subsequently read) such acomparison takes place. But this is not necessarily the case.

One fairly expensive backup and archiving product reads the tapefollowing a back up and sends the data over the network to the computerfrom which the data originates. A comparison with the file system is notdone, though. The evaluation of how important any advantage ordisadvantage of a product is for the respective purpose is a decisive factor.If security features are important, one should not shrink from using strace,tcp-dump, lsof, truss, snoop, or other tools on the respective system.

Also, the permissions with which the software is installed must betested. For example, if there is no Set-UID-bit in programs which users canstart (this does not necessarily have to be Set-UID on root) and if theshared version of the Libc is used (test with ldd), then internallyimplemented access restrictions are pretty certain to be worthless. Theseare really easy to get round by redefining functions such as get-uid withthe aid of the environment variable LD_PRELOAD.

Potential index problems

One typical quality of most products can turn out to be an Achilles’ heel: Sothat one can target specific data to restore and the systems administer anonline index. This stores the entire structure of the backed up directory trees.With the appropriate program, users or administrators can navigate in thebacked up data as in a file browser and make a selection for restoring.

If the same restrictions on rights are to be as effective here as whenworking in the file system, the rights, owners and ACLs ought to be insafe storage. Plus, information has to be managed, such as date of backup, storage location of the data and the flag, as to whether the file systementry can be restored.

Basically, a file system without datablocks is constructed here, but withadditional information. The more entries there are in the file system to bebacked up, the bigger the index. If there are only empty files or Symlinks inthe original directory, this online index, which is also in a file system, cannottake up any less space than the original data. It is also subject to consistencyrequirements, like a file system.

This means that if a process which manipulates the index expiresuncontrolled, the index can be inconsistent. Then it has to be tested andrepaired. Thus run a type of fsck. In this case it has to be restored or else youwill lose the option of navigating in the backup. Safe storage of the flags forselection in the index is a problem. This can mean that one cannot run parallelrestores on the same client, although this is supposed to be theoreticallypossible. A selection in the restore front-end leads to another, previouslymade, selection being cancelled. This is seen by the fact that parts of the firstrestore are not restored, as the flags have been deleted in the meantime. ■

1/2 hochAnzeige

90 x 260 mm


Assuming that you have switched off the mostimportant (or most useless) services, as described inthe last issue, we can now turn to protection for theremaining daemons. We will achieve this by meansof a firewall that controls outside access.

The subject of firewalls is notorious for beingextremely complex - unfortunately with somejustification - but for home use you’ll be up andaway with only a few lines. Administratorsconfiguring large servers for companies or providersneed to take many peripheral conditions and specialservices into account that are of no, or only minor,importance to home users.

For our example, we are using a computerdialing to the Internet via an ISDN card. Ourinterface is ippp0 and the IP address assigned by ourInternet provider is 192.168.1.1. Modem userssimply need to leave out the ‘i’ in the device name;the modem interface is normally called ppp0.Network cards can also be used in the same way,but substituting eth0. The procedure itself is alwaysthe same.

The firewall acts as a filter between networkdevices, such as modems or ISDN and networkcards, and the internal area. Which data ends upwhere is determined using filter rules. There are four

FEATURE SECURITY WORKSHOP


After the mayhem we caused in part

one, where we got rid of most

daemons, we will now build a simple

firewall that should insulate us

against the last remaining few gaps.

Firewall: firewalls are used wherever private networks meet public ones, forexample on company servers providing Internet access. Firewalls are meant to

ensure that unauthorised access to the internal, private area is impossible.Depending on the complexity and size of the network, set up can take several

days. However, firewalls are also sensible for domestic use if you want to protectyour own computer against attacks from the Internet.

Masquerading: primarily used on servers providing Internet access for localnetworks. Masquerading assigns the server’s IP address to all queries from

internal networks. The replies are translated back, so that internally there is noapparent difference between masked and unmasked connections. However, the

local machines are not accessible from outside, as their IP addresses are notrevealed, and queries can therefore only be made to the masquerader’s IP, which

ends up on the server itself. Masquerading is commonly used for leased line orflat rate connections that are used by more than one machine. Providers normally

only give out one IP address per connection, which can only be used to addressone machine. All other machines use private IP addresses and the masquerader

attaches their own IP to Internet queries and handles the delivery of replies.

■

Protecting Linux systems against attacks: part 2

CLOSE BULKHEADS!

MIRKO DÖLLE

030firewall.qxd• 07.05.2001 10:21 Uhr Seite 30

basic areas for these rules: all rules entered in theinput section are applied to any incoming datapackets in sequence, like a chain, while the rulesunder output are applied in turn to any outgoingdata packets. The forward rules are used particularlyfor masquerading. In the fourth area it is possibleto set up your own sections and rules. This is notnormally required for home use, and we will dealwith masquerading in a separate article.

The standard kernel of most distributionsalready contains firewall support, so no newcompilation is necessary. The required packageipchains is set up for virtually all standardinstallations; if not, it can be found among thenetwork utilities and installed personally.

We want to close the bulkheads and only giveaccess to a few selected services. There arefundamental disadvantages to this method, whichwe will discuss in detail when looking at therespective rules. You can examine the rules thathave been set up at any point using ipchains -n -L.To start with, everything is permitted:

linux:~ # ipchains -LChain input (policy ACCEPT)Chain forward (policy ACCEPT)Chain output (policy ACCEPT)

Policy describes the basic attitude towards datapackets. When all rules in the chain have beenapplied to the packet without it being re-directed

somewhere else, it is accepted with ACCEPT ordiscarded with DENY. Our aim is to deny everythingthat is not expressly permitted – therefore we willset the input policy to DENY:

ipchains -P input DENY

Rules are always processed in sequence of entry, sowe need to specify what we will accept from ippp0before discarding the rest. When a rule thatobviously does not contain any errors doesn’t work,it is usually due to an incorrect sequence. Once apacket has been discarded you cannot get it back inthe next rule.

Now, nothing is working at all: any data isdiscarded, no matter whether received via thenetwork, ISDN, modem or locally. In order to beable to use all our local services, and to keep ourgraphical interface working, we must exceptourselves from being discarded:

ipchains -A input -i lo -j ACCEPT

FEATURESECURITY WORKSHOP


ICMP: Internet Control Message Protocol – used in case of unavailability to sendan appropriate message to the originator of a query. For instance, ping sendssmall data packets with ICMP echo-request (request for return) to thedestination, in order to receive back the same data, via ICMP echo-reply (reply).This allows it to calculate the time lag between send and receive.

■

[top]Figure 1: Colourful activities: Mostdaemons can be recognised by the ‘d’ on the end, but also includeportmap, cardmgr and cron

[below]Figure 2: Utilities which (almost) no-one needs: In /etc/inetd.conf too,there are hidden daemons, which arestarted completely automatically


The parameter -A specifies that we are adding arule, input indicates the required section: allincoming data. Then follows the actual filter rule. -ilo applies to any data coming in via the loopbackdevice, which can only be accessed by programsrunning locally on our machine and seeking aconnection to other programs or services on ourcomputer. Finally, with -j we stipulate what happensto the packets: they will be accepted.

Sealing ourselves off completely doesn’t onlyhave positive effects. For instance, we will no longerreceive messages when we cannot reach a server.However, these messages are very important forsmooth Internet traffic. Consequently we willpermit them initially, from any direction:

ipchains -A input -p icmp -j ACCEPT

The parameter -p icmp indicates the ICMP protocol,responsible for transferring these messages; -jACCEPT again represents the processing: accept.

Clear nameserver access

Another very important service is the Domain NameService, or DNS for short. The DNS servers,nameservers for short, handle the resolution of, forexample, www.linux-magazine.co.uk to the server’s

IP address, in this case 195.99.156.130. Without thisIP address you won’t get anywhere on the Internet,so we must give access to our nameservers.

You will need the script in Listing 1, which youshould save as resolv-list in the directory/usr/local/bin. Please don’t forget to make itexecutable with chmod a+x /usr/local/bin/resolv-list.resolv-list provides us with a list of nameserversused, which we then make accessible in our firewallusing the following commands:

for ns in ̀ /usr/local/bin/resolv-list`; doipchains -A input -s $ns 53 -d 192.168.1.1 U

1024: -i ippp0 -p udp -j ACCEPTipchains -A input -s $ns 53 -d 192.168.1.1 U

1024: -i ippp0 -p tcp -j ACCEPTdone

The difference between the two ipchains lines is inthe protocols specified with -p, in this case UDP andTCP. The nameserver in our example is192.168.2.1. Your IP will be different, depending onyour Internet provider. You can enter severalnameservers. Linux can cope with up to three.

The data source address is specified with -s. Inour example the variable $ns was entered. Afterthat follows the port number, or service ID, ”53”.Finally we name the destination, -d, with thepossibility of restricting the permitted range ofport numbers. By entering 1024: we arepermitting any port number from 1024 upwardsto 65535. Ports below 1024 have a special status,but more about that later.

If you now enter ipchains -n -L, you shouldsee the list in Listing 2 on the left-hand side ofthe page. Don’t be put off by the second line.Even though it looks like everything ispermitted everywhere, this is not the case. Thisoutput format does not display the devicename to which the rule refers, and during setup we had specified the local loopback devicewith -i lo.

Access encouraged

We also want to permit known users to log ontoour system. In order to stop user names andpasswords from being captured we will only allowthe use of the encrypted Secure Shell or SSH forshort. We deliberately spared the relevant daemon,sshd, when we were killing daemons in the lastissue. Access is given using the rule:

ipchains -A input -d 192.168.1.1 ssh -p tcp -Ui ippp0 -j ACCEPT

The parameter -i ippp0 makes the rule applicableto any data coming in via the ISDN card. If wehad another network card with further Linuxmachines attached to it, no one could log on tothe system from those, as the rule is restricted tothe ISDN card and we are, by default, rejectinganything else.



UDP: User Datagram Protocol – a connectionless protocol, which means that datapackets are not acknowledged by the recipient. The sender also doesn’t repeat

the data. This is used, for example, when querying DNS servers to find out the IPaddress associated with a host name. UDP is very fast, as no connection is

established. UDP data cannot be sent directly through the Internet and aretherefore normally wrapped in IP packets.

TCP: Transfer Control Protocol – a frequently used Internet protocol. It is oftenwrongly referred to as TCP/IP, even though these are two protocols (TCP and IP).

TCP ensures, among other things, that data is assembled in the correct order.IP: Internet Protocol – ensures the transfer of data packets on the Internet. This is

where the IP addresses come in, which uniquely identify sender and recipient.UDP, ICMP and TCP data packets are wrapped in IP packets and provided with the

addresses of sender and recipient before being sent through the Internet.

■

Listing 1: /usr/local/bin/resolv-listif [ -r /etc/resolv.conf ]; thenset – `grep -i nameserver /etc/resolv.conf`while[ $# -ge 2 ];

doecho $2shift 2

donefi

Listing 2:Chain input (policy ACCEPT)target prot opt source destination portsACCEPT all ——— 0.0.0.0/0 0.0.0.0/0 n/aACCEPT icmp ——— 0.0.0.0/0 0.0.0.0/0 * -> *ACCEPT udp ——— 192.168.2.1 192.168.1.1 53 -> 1024:65535ACCEPT tcp ——— 192.168.2.1 192.168.1.1 53 -> 1024:65535Chain forward (policy ACCEPT)Chain output (policy ACCEPT)


This rule will admit any data packets destinedfor the SSH service of machine 192.168.1.1 andentering the system via the ISDN card ippp0. As thepacket has now been accepted, no other rules willbe applied. ipchains -n -L now gives us:

Chain input (policy ACCEPT)target prot opt source destination UportsACCEPT all ——— 0.0.0.0/0 0.0.0.0/0Un/aACCEPT icmp ——— 0.0.0.0/0 0.0.0.0/0U* -> *ACCEPT udp ——— 192.168.2.1 192.168.1U.1 53 -> 1024:65535ACCEPT tcp ——— 192.168.2.1 192.168.1U.1 53 -> 1024:65535ACCEPT tcp ——— 0.0.0.0/0 192.168.1U.1 * -> 22Chain forward (policy ACCEPT)Chain output (policy ACCEPT)

Web server access

If we want to make our Apache Web serveraccessible from outside, we require anotherACCEPT rule:

ipchains -A input -d 192.168.1.1 http -p tcp U-i ippp0 -j ACCEPT

As you can see, the pattern is the same, only theservice entry has changed. The rule listing isextended by one line:

Chain input (policy ACCEPT)target prot opt source destination UportsACCEPT tcp ——— 0.0.0.0/0 192.168.1U.1 * -> 80

Ports and services

Anything that is not permitted is denied. This, at themoment, includes anything that is not a nameserverreply or SSH connection – even standard surfingactivities. So we will have to consider what else weneed to permit, to enable normal operations. This isnot possible without knowledge of ports.

Behind the entries for services such as ssh orhttp in our examples lie the port numbers. In theexample of how to give nameserver access weactually worked directly with the port number, 53.

Imagine a large block of flats in which all theletter boxes have been numbered sequentially –they all have the same address (IP), and letters canonly be delivered correctly on the basis of theletterbox number (port number) or the name on theletterbox (service description). You can find outwhich service corresponds to which port numberfrom the file /etc/services.

Ports 0 to 1023 have a special role: thesenumbers are reserved for privileged services. Thedaemons behind them are normally running withroot privileges. These ports are generally notavailable to normal users.

Replies to Netscape queries always originatefrom ports starting at 1024. We still need to giveaccess to these. However, we can restrict the wholething a bit further: it is not necessary during surfingfor anyone to connect to us, as we are querying theserver and it returns the reply through the sameconnection. Incoming connection requests aretherefore not accepted (! -y):

ipchains -A input -d 192.168.1.1 1024: -i ippUp0 -p tcp -j ACCEPT ! -y

There is still one catch: the user’s SSH client willnormally try to open a second channel in the rangeof ports 600 to 1023 once it has logged onto theserver. This is no longer possible, as everything up toport 1023 has been sealed off. For some helpfuladvice, see the SSH and Firewall box.

Practical effects

To summarise: we are accepting SSH connectionsthrough the ISDN card, as well as requests to ourApache Web server. ICMP messages, DNS serverreplies and requested Internet data are also letthrough. On the other hand, any externalconnection that is not routed through SSH or theWeb server will always be ignored.

These settings will only have a minor impact onthe user sitting at their machine. Even if the talkdaemon has not been switched off (as discussed inthe last issue) users can no longer be addressedfrom the Internet. External administration via swator linuxconf is not possible, however it is noproblem from the user’s own machine. The onlylimitation is with IRC: we can no longer send data

FEATURESECURITY WORKSHOP


Table 1: Service access rulesNameserver:ipchains -A input -d IP 53 -p udp -i Interface -j ACCEPTipchains -A input -d IP 53 -p tcp -i Interface -j ACCEPT

SSH access:ipchains -A input -d IP ssh -p tcp -i Interface -j ACCEPT

Telnet access:ipchains -A input -d IP telnet -p tcp -i Interface -j ACCEPT

Sendmail access:ipchains -A input -d IP smtp -p tcp -i Interface -j ACCEPT

Apache Web server:ipchains -A input -d IP http -p tcp -i Interface -j ACCEPT

FTP access:ipchains -A input -d IP ftp -p tcp -i Interface -j ACCEPTipchains -A input -s 0/0 ftp-data -d IP 1024: -p tcp -i Interface -jACCEPT

ICQ:ipchains -A input -d IP 4000 -p tcp -i Interface -j ACCEPT

IRC with DCC:ipchains -A input -d IP 1024: -p tcp -i Interface -j ACCEPT

This rule is to be used with care, as it allows an external connection to beestablished on non-privileged ports. If this rule is implemented, no otherrule for TCP protocol and ports from 1024 upwards must be active.


via DCC or otherwise. Our FTP server is also nolonger accessible to outsiders.

Table 1 is a list of permission rules you can buildinto a firewall to allow access for individual services.

Automatic activation

A huge problem in building a domestic firewall isthat your own IP address changes each time you logon - and consequently needs to be corrected in thefirewall rules. Most firewall configuration toolsmake no provisions for changes in the IP addressand are therefore not suitable for home use.

Ideally, the rules would be activatedautomatically after each login, with the correct IP, ofcourse, and deactivated once you log off.

The required scripts into which we can integrateour rules are called /etc/ppp/ip-up and /etc/ppp/ip-down. ip-up is called as soon as login has occurred,and ip-down once you have logged off. We aremaking use of the fact that parameter $1 gives usthe modem or ISDN interface and $4 our assignedIP address. Since the lines for set up and removal ofthe firewall rules are almost identical, we will

combine the rules in the file /etc/ppp/inet_chains,using the appropriate variables for IP and interfaceused. You can see a relevant example on the CDunder LinuxUser/firewall/inet_chains. There youwill also find the access rules mentioned in Table 1,commented out with a hash (#) at the beginningof the line and therefore not active. Should youwant to give access to individual services you onlyneed to remove the hash. The file/usr/local/bin/resolv-list from Listing 1 is no longerneeded for this by the way, inet_chains has its ownfunction for this purpose.

The call to inet_chains should be entered nearthe start, preferably in the second line, of/etc/ppp/ip-up and /etc/ppp/ip-down:In /etc/ppp/ip-up,

test -x /etc/ppp/inet_chains && /etc/ppp/ineUt_chains up $@

In /etc/ppp/ip-down,

test -x /etc/ppp/inet_chains && /etc/ppp/ineUt_chains down $@

Conclusion:

In regard to standard installations, distributors havea lot of catching up to do. Only Mandrake possessesa useful mechanism that will switch off virtually anyservice at a paranoid setting. With most otherdistributions even security profiles are little help.Distributions especially aimed at beginners, startingwith the SuSE 7.0 personal edition, ought to bebetter suited to their end users’ requirements. Itmust be hoped that the next versions from the bigdistributors will take this on board.

Nevertheless, no computer is really secure. Evenif the possibilities described above provide you withreasonable external protection, one day the errorthat will invalidate everything may be found. Andthere is one thing you ought to know: the Internetis evil, and it gets everybody eventually. ■



Info

Firewall manual by GuidoStepken with many examples:

http://www2.little-idiot.de/firewall/

Notes and extensions by DirkHaase for users of EasyLinux

for the first part of Closebulkheads!:

http://members.tripod.de/kridsoft/easyl/ha/ha005.html

■

Figure 3: Almost all utilities weresuperfluous: we need http-rman for

the SuSE help system, swat stands infor the system administration

program linuxconf of otherdistributions.

Figure 4: Activation and deactivation isdone differently from one distribution

to another – here for example inlinuxconf under Red Hat (left) and

DrakConf under Mandrake.

SSH and firewallSSH will normally try to establish a second channel through a port between600 and 1023. However, as we have prevented this with the firewall set upin the article, SSH would not be able to connect. There are two solutions:either call SSH with the parameter ‘-P’, or amend the rights for SSH.Normally any SSH connection is established with root permissions in orderto be able to use a port below 1024. Using the command chmod u-s ̀ whichssh’, you can ensure that SSH will be started with your user rights in future– and automatically uses a port upwards of 1023 as the return channel.


The IT world has always been preoccupied with thesubject of uniform, centralised user administration,and it is more topical than ever these days, thanksto developments such as Single Sign-On and PublicKey Infrastructures. In order to ensure uniform useradministration, administrators nowadays use NIS oryellow pages.

Should your requirements be more substantial,however, or if you would perhaps like to includeapplications in a centralised user data concept, onlya scaleable solution will do. This will include facilitiesfor data replication as well as for creatingdistributed architectures. LDAP (LightweightDirectory Access Protocol) provides the foundationfor such a solution in its role as a central networkinformation service.

LDAP is integrated into NDS (Novell DirectoryServices) and Microsoft’s Active Directory. It is anopen standard for an information service based on atree-like database structure. Compared to a normaldatabase, its main advantage is attribute-relatedstorage. LDAP has developed from X.500DAP, but ituses the TCP/IP stack instead of the OSI stack. Itsdevelopers have tried to simplify the data structureas compared to X.500, which means, for instance,that data is stored as plain text. This storage methodalso simplifies the interrogation of LDAP trees, asthe client side does not have to deal with anycomplicated encoding.

LDAP provides a link to X.500, and at the sametime minimises the effort for networks and networksoftware (clients). Version 1 of LDAP was created atMichigan University. Only since version 2 has it beenpossible to use LDAP in the classic client/servermodel without putting the main burden onto theclients. In the meantime, there is already a white

paper for version 3, and its essential principles arebeginning to enter LDAP implementations, leadingto improvements in the data model.

Data structure

In the LDAP data structure an object class defines acollection of different attributes, which can be usedto describe a directory entry. There are predefinedobject classes that can be used for defininglocations, organisations or companies, people orgroups.

Object classes can be used to create entries. Atypical entry in an LDAP tree looks something likethis:

cn=Volker Schwaberow, ou=IT, o=MyCompany, c=DE

This is what is called a Distinguished Name (DN), orunambiguous name, in an LDAP tree (see figure 1).The entry shows the attributes cn, ou, o and c.

You will notice at first glance that LDAP isstructured hierarchically, with the DN being readfrom right to left, similar to the structure of theDomain Name Service on the Internet. As hasalready been mentioned, attributes are used withina DN. Common attributes in the default LDAPschema are: Common Name (CN), OrganisationalUnit (OU), State (S) and Country (C).

These attributes are each assigned to an objectclass through definition. Frequently used objectclasses are, for example, Organisation,organisationalUnit, Person, organisationalPersonand Country. The defined object classes determinewhat an entry can contain. The entry for a personon the LDAP tree can, for instance, contain thetelephone number of the person, their General

FEATURE OPENLDAP


OpenLDAP: Practical application

ORGANISINGPRINCIPLE

VOLKER SCHWABEROW

The Lightweight Directory Access Protocol directory service

brings structure and order to the chaos of server

administration. And with OpenLDAP and Linux, administrators

don’t even need to incur any licence costs in the process.

035openldap.qxd• 08.05.2001 9:03 Uhr Seite 35

Public Key or, if required, a JPEG picture that can bedisplayed by an LDAP client. The possibilities arevirtually endless, only depending on the respectiveapplication. If the solution to a requirement doesn’talready exist as an attribute or a class it must beimplemented in the server’s LDAP schema.

User or organisation data can be set up in thisschema using text files in LDI format. LDIF(Lightweight Data Interchange Format) has a largevariety of different applications. Data entry is oneexample, another is exporting existing LDAP treesinto LDIF files. Due to their LDI format it is easy tomaintain LDAP data. A useful overview of LDIF canbe found at Netscape. This relates specifically to theNetscape Directory Server, but also containsgenerally useful information.

After these LDAP basics, let’s get down to business:OpenLDAP. This open source project emerged severalyears ago from a server project at Michigan University.OpenLDAP consists of a scaleable server with matchingLDAP clients and since version 2 it finally supports theprotocols in the white paper for LDAP version 3.

Installation of OpenLDAP

After downloading the current source distribution,there are some more requirements to meet before youcan compile. One of these is a database compatiblewith LDAP’s own LDBM. LDBM-compatible databasesare, for instance, Berkeley DB2 or GDBM (GNUDatabase Manager). OpenLDAP can also make use ofother backends. Since all distributions contain one ofthe two databases mentioned above, there should beno big problems here.

Now you might as well unpack the sources:

tar xvfz openldap-stable-DATUM.tgz

Change to the directory where you have unpackedthe source and execute

./configure -prefix=/usr/local/

If that has worked, execute:

make dependmake

Once OpenLDAP has been compiled, you ought torun the functionality tests. To do this, change to thedirectory tests below the source tree and start make.

If the tests (database, server functionality, etc.)are completed successfully, you can install theOpenLDAP servers and clients with the usual

make install

command. The following is now located under/usr/local: slapd and the replication daemon slurpd,along with gateways for X.500 (fax, mail, etc.) are inlibexec.

The OpenLDAP clients can be found under bin.Here, the following three commands are ofparticular interest:• ldapadd for adding entries to an LDAP directory• ldapmodify for amending entries• ldapsearch for searching the LDAP tree

These commands work locally as well asremotely with access to a remote LDAP server.

Configuration of OpenLDAP

First of all, for simplicity reasons, move the directory/usr/ local/etc/openldap to /etc/openldap so that theconfiguration files are in the right place. Nowchange to /etc/openldap, where you will find thefollowing files for the supplied OpenLDAP clients: • lldap.conf, basic client settings• lldapfilter.conf, LDAP search filter configuration• lldapsearchprefs.conf, other object-related filter

settings

FEATURE OPENLDAP


Figure 1:The LDAP tree for the

example as a diagram.

Configuration 1: slapd.conf # See slapd.conf(5) for details on configuration options.# This file should NOT be world-readable.#include /etc/openldap/slapd.at.confinclude /etc/openldap/slapd.oc.confschemacheck onreferral ldap://myserver.mycompany.de/pidfile /var/run/slapd.pidargsfile /var/run/slapd.args############################################################# ldbm database definitions############################################################database ldbmsuffix "o=MyCompany, c=DE"rootdn "cn=Manager, o=MyCompany, c=DE"rootpw mypassworddirectory /var/ldap/openldap-ldbmdefaultaccess noneaccess to attr="userpassword"by self writeby * compare

access to *by self writeby dn=".+" readby * none

access to *by dn="^$$" noneby * read


• lldaptemplates.conf, display-related clientsettings

The following files are for OpenLDAP servers:• lslapd.conf, configuration for the slapd daemon• lslapd.at.conf, predefined attributes• lslapd.oc.conf, predefined object classes

Firstly, open slapd.conf and amend it as shownin the Configuration 1: slapd.conf box. You don’tneed to touch classes and attributes at this point.But before you start working with OpenLDAP, youshould at least have a look at the default attributesand classes.

Should you need to change the model,perhaps due to the incorporation of special serversoftware (such as Netscape SuiteSpot products),you can set up additional attributes or classes inthe slapd.conf file using include File Name. Notealso that your manager password should of coursenot be stored as plain text in slapd.conf as it isshown in the example in Configuration 1.OpenLDAP accepts SHA, MD5 or CRYPT aspassword encryption.

The two include statements in the slapd.conffile are used for loading the standard attributes andclasses. The database line is important. In it, anLDBM-compatible database is selected as thebackend. The keyword suffix defines the DN forqueries that can run against our server.

The entry rootdn should be self-explanatory, thisDN has all operating rights and is used by theadministrator to bind to LDAP tree operations. Thedirectory line determines where slapd deposits itsdatabase. This directory needs to be createdbeforehand and must be assigned the file rights rwxfor the user (chmod 0700). The following linescontain the access rights or ACLs (Access ControlLists) for the LDAP tree. The default access is none.Each authenticated user is then given self writerights to the attribute userpassword. Thus each usercan change their own password within the LDAPtree. The last ACL permits anonymous binds, so thatan address book application without a dedicatedLDAP tree user can access the server.

After you have implemented the basic settingsfor the slapd server, you should try to start it:

/usr/local/libexec/slapd -f /etc/openldap/slUapd.conf

Now check whether the server has started correctly,ideally using ps -ax |grep slapd. By default, the LDAPservice runs on port 389. That should also bedocumented in /etc/services, of course. Please notethat SLAPD can be compiled with TCP wrappersupport to create additional security.

First directory entries

Once the server is running you can make the firstentries in the directory. In order to do this, transferthe contents of the Configuration 2:MyCompany.ldif box into a separate file with theextension LDIF. First, the organisation needs to beset up. In our example it is o=MyCompany, c=DE.Note that correct formatting of your LDIF file iscrucial and that it must be created exactly asspecified in the example for the entries to work.

For the sake of simplicity, save your initial LDIF inthe /etc/openldap directory as well - in case youneed it again at a later point. The finished LDIF file isthen imported with the command line

ldapadd -D "cn=Manager, o=MyCompany, dc=DE" U-W < LDIF-Filename

After the manager account has been declared, twomore organizational units are set up, the IT andFinance departments. Finally, two people are

FEATURE OPENLDAP


Configuration 3: MyCompany_modified.ldif dn: cn=Volker Schwaberow, ou=IT, o=MyCompany, c=DE changetype: modify replace: telephonenumber telephonenumber: 0209/4716512

Configuration 2: MyCompany.ldif dn: o=MyCompany, c=DE o: MyCompany l: Gelsenkirchen streetaddress: Emscherstr. 41 postalCode: 45891 telephonenumber: 0209-4711 objectclass: organizationdn: cn=Manager, o=MyCompany, c=DE cn: Manager sn: Manager objectclass: persondn: ou=IT, o=MyCompany, c=DE ou: IT objectclass: top objectclass: organizationalUnitdn: ou=Finance, o=MyCompany, c=DE ou: Finance objectclass: top objectclass: organizationalUnitdn: cn=Volker Schwaberow, ou=IT, o=MyCompany, c=DE objectclass: top objectclass: person objectclass: organizationalPerson objectclass: inetOrgPerson cn: Volker Schwaberow sn: Schwaberow telephonenumber: 0209/4712dn: cn=Bernd Schlaefer, ou=Finance, o=MyCompany, c=DE objectclass: top objectclass: person objectclass: organizationalPerson objectclass: inetOrgPerson cn: Bernd Schlaefer sn: Schlaefer telephonenumber: 0209/4713


assigned to these departments, one is the author,and the other is one Mr. Bernd Schlaefer.

When the entries have been added you canperform your first directory search. This is doneusing the command ldapsearch. Assuming youwant to search and list all entries in the directory,the correct command is:

ldapsearch -D "cn=Manager, o=MyCompany, c=DEU" -b "o=MyCompany, c=DE" "(objectclass= *)"

Note that in large installations this should be usedwith care. Now search for all occurrences of cnbeginning with the string Vol - that should return anentry. The command for this is:

ldapsearch -D "cn=Manager, o=MyCompany, c=DEU" -b "o=MyCompany, c=DE" "(cn=Vol*)"

One thing that should be apparent from these twoexamples is that search attributes require roundparentheses.

Of course, the author’s telephone number oranother value could change. In this case you shouldcreate an LDIF file along the lines of the example inthe LDIF Modify File (see Configuration 3:MyCompany_modified.ldif box) which contains theauthor’s data, including the amended telephonenumber. This LDIF file is imported into the systemusing the following command:

ldapmodify -D"cn=Manager, o=MyCompany, c=DE"U-W < LDIF-File

The method shown does not distinguish itself interms of user friendliness for one entry, but can bewell worth it for large-scale changes. Debuggingallows you to detect annoying error sources beforemodification.

Directory interrogation by mailclientsAfter performing these three local standardoperations on the directory, you should try tointerrogate it using a mail client. Type the followingURL into your browser:

ldap://myserver.mycompany.de/o=MyCompany, cU=DE??base

Netscape will ask whether you want to add thisserver to your LDAP setting. Once it has been setup, the LDAP server can be interrogated via theAddress Book. If addressing has been configuredcorrectly, the entire LDAP directory will be searchedfor hits whenever a name is entered in the mailclient’s To field. After entering

ldap://myserver.mycompany.de/o=MyCompany, c=UDE??sub

FEATURE OPENLDAP


Listing 1: PHP-Demo <?

// LDAP Example by V. Schwaberow// for Linux Magazine 2001echo "<html><head><title>LDAP Test</title></head><body>";//Establish TCP connection with LDAP database.//This is the IP address of the LDAP server.$connection = ldap_connect("192.168.10.248");if ($connection){// Anonymous bind, sufficient for query according to ACL!// However, amendments require a valid DN.$result = ldap_bind($connection);// Search for all CN attribute entries in LDAP tree.$search = ldap_search($connection,"o=MyCompany,c=de","cn=*");// Array of search results.$entries=ldap_get_entries($connection,$search);echo "<table cellspacing=\"0\" cellpadding=\"0\" border=\"2\">";// Table loopfor ($i=0;$i<$entries["count"];$i++){$cn=$entries[$i]["cn"][0];$dn=$entries[$i]["dn"];$phone=$entries[$i]["mail"][0];echo "<tr>";echo "<td align=\"right\">".$i."</td>";echo "<td>".$cn."</td>";echo "<td>".$dn."</td>";echo "<td>".$phone."</td>";echo "</tr>";}// Close server connection.ldap_close($connection);

}else {

echo "Connection to LDAP server cannot be established!";}echo "</table></body></html>";

?>

The author Volker Schwaberow is the

Internet Security Engineer ofSozialwerk St. Georg e.V, a

social service provider that ispart of the German charity

organisation Caritas. He dealswith LDAP, PKI and SSO,

amongst other things. His firstLinux experiences were gained

in 1995. Since 1998 he hasbeen working with it on a

daily basis and prefers it to anyBluescreen, in private as wellas for work.. The author likes

reading books, listening tomusic and programming under

C/C++, Java, Perl and PHP.


in the browser, the whole directory is represented asHTML.

Amendments using an editorinstead of LDIF filesSo what happens if you only want to amend a smallentry? You would need a lot of patience to doeverything through LDIF files. This is where LDAPeditors come in useful. Some recommendations areGQ for Gtk and Kldap. An LDAP browser allows therepresentation of the LDAP tree as a structuraldiagram, which simplifies amendments.

Programming languages and LDAP

LDAP’s support by various programming languagesoffers interesting possibilities. It’s quick to create anextensive address management system for yourhome intranet with these, if you use languages suchas PHP. Listing 1 shows an LDAP tree listing byanonymous bind using PHP.

That would be enough to create a simple emailaddress management system for a user. The LDAPtree could even be administered via a PHP script; youcould, for example, give another department generalaccess to the telephone numbers in the LDAP tree.

Perl also offers many opportunities ofintegrating LDAP into a script. The CPAN archivecontains the Net-LDAPapi interface. However, thePerl module Net-LDAP, which can be found atsourceforge, is much more useful. You can find ashort Perl example in Listing 2. There is, of course,also the possibility of programming LDAP-bindingsunder Java or C/C++; in which case the author’ssympathies lie with the Java variant.

Other possibilities and securityaspects In centralised network information services it ispossible to bind standards to an authentication forthe specified directory. This is done by exchangingthe login PAM module. Linux server logins can beverified against a directory. This solution is also validfor Apache, Squid, Qmail and other server services.

The market is overrun with vendors selling suchSingle Sign-On solutions for a lot of money.However, this feature is also available free, forexample in the Plugable Authentication Modulefrom PADL Software. It is open source, and performsbetter in everyday use than many an expensive SSOsolution. OpenLDAP can also be used as a PKI server(Public Key Infrastructures). The Oskar PKI projectdeserves a special mention in this context.

You should already be familiar with the accesscontrol lists (ACLs), which restrict access toattributes according to various criteria. However, atthe moment access to the directory service iscompletely unencrypted. That can be changedusing something called an SSL wrapper. By default,

LDAP servers use port 389. Most clients also supportSSL-encrypted LDAP. A frequently used SSL wrapperis, for example, Sslwrap.

The future

Looking at what the common current networkadministration methods you will notice that thereare too many different services that keep setups anduser data locally on servers. Centralising this datawould simplify things considerably. That alsoexplains why enterprise products come completewith an LDAP interface.

We can only hope that companies will recognisethe potential of Linux, and open source in particular,in this area. The integration of directory servicesbased on open source solutions can minimise costsand improve the stability and reliability of thesystem at the same time. ■

FEATURE OPENLDAP


Listing 2: Net::LDAP #!/usr/bin/perl# # Net::LDAP Test for Linux Magazine#use Net::LDAP;# New Net::LDAP Object

$ldap = Net::LDAP->new(`myserver.mycompany.de'); # anonymous bind

$ldap->bind;# The query

$state = $ldap->search ( base => "o=MyCompany, c=DE", filter => "(objectclass=*)"

); # Entry output

foreach $buffer ($state->all_entries) {

print $buffer->dump; }

Info

IETF - Internet Engineering Task Force: http://www.ietf.orgRFC1779 - A String Representation of Distinguished Names: ftp://ftp.isi.edu/in-notes/rfc1779.txtRFC1778 - The String Representation of Standard Attribute Syntaxes: ftp://ftp.isi.edu/in-notes/rfc1778.txtRFC1777 - Lightweight Directory Access Protocol: ftp://ftp.isi.edu/in-notes/rfc1777.txtLDAP project of Michigan University: http://www.umich.edu/~dirsvcs/ldap/index.htmlOpenLDAP project: http://www.openldap.orgNetscape hints on LDIF format:http://developer.netscape.com/docs/manuals/directory/admin30/ldif.htm#1043950LDAP browser/editor V2.8.1: http://www.iit.edu/~gawojar/ldapGQ - LDAP-Browser for Gtk: http://biot.com/gqKldap - LDAP browser for KDE: http://www.mountpoint.ch/oliver/kldapNetLDAPapi - Perl-API for LDAP access: http://search.cpan.org/searchNet::LDAP - Perl-API for LDAP access: http://perl-ldap.sourceforge.netPADL’s LDAP PAM: http://www.padl.com/pam_ldap.htmlOskar PKI: http://oscar.dstc.qut.edu.auSslwrap: http://www.rickk.com/sslwrapJens Banning: LDAP under Linux, Addison-Wesley, ISBN 3827318130

■


When you start Gimp for the first time, you will bemet by a series of dialogs to help you create someimportant settings. At this stage the most importantsettings are on the fourth page. The size of thememory store is the maximum RAM consumptionof Gimp. If you have plenty of RAM in yourcomputer and are the main or sole user of thecomputer, you should consider allowing Gimp touse more than the preset 32MB RAM. About 75%of the available memory is a rule of thumb here. IfGimp should need more memory storage, it swapsimage data to the hard disk. Especially if your homedirectory is integrated via NFS – thus over a network– you should change the settings for the swapdirectory and set, for example, /tmp or /usr/tmp.There is then no need to access the network toswap files, and the speed stays passable.

On the next page you can set details for screenresolution. This is only important when you setgreat store by, for example, wanting to processscanned images at exactly their original size. Afterthat, the Gimp start dialog greets you. You have towait a bit longer when you start it for the first time,since Gimp collects data on all the installed plugins.From the next time you start, this data will be readfrom a single file - this goes considerably faster.

The first thing you should do is position thewindow which now pops up sensibly on the screen(Figure 2). We prefer to place the window at theedge and leave the space in the middle for imagewindows. In any case, it’s worthwhile reserving aseparate workspace or ‘virtual screen’ for Gimp. Butthis does not work in the same way from one

window manager to another. Oh yes: read the Tipsof the Day – they are very helpful, especially fornewbies.

To repeat the first tip from Gimp: If you give aright-click in an image window a comprehensivemenu will appear. Unlike the menu in the toolboxyou can also save an image here. To distinguishbetween the two menus, the location will always begiven first in angle brackets like so<Toolbox>/File/Open and <Image>/File/Backup.

Toolbox

Let’s take a look at the central station of Gimp: theToolbox. In Figure 3 you can see the toolbox, inwhich the most important painting tools aremarked in red. Here you can see the pencil, thepaintbrush, the eraser, the airbrush and the ink tool.The two areas at the lower end of the toolboxindicate which colours and paintbrush are set, andoffer rapid access to the corresponding selectiondialogs.

Open a new image using <Toolbox>/File/New;you can happily accept the presets, but if necessaryyou can also create a somewhat larger image, Forexample, 500x500 pixels. With a click on thepaintbrush symbol in the toolbox, you activate thepaintbrush tool and can start painting in the imagewindow. The paintbrush tool uses a really thick,round paintbrush to do this by default. Of coursethis is not suitable for all requirements, but Gimpoffers a rich assortment of different paintbrushes(Figure 4). With a click on the small preview in the

FEATURE GIMP 1.2


Plugin: a little program, which is as itwere ‘plugged’ into Gimp and adds

image processing functions to Gimp.Pixel: is an abbreviation for PICture

Element and is the smallest unit of animage. Gimp processes pixel imagesalmost exclusively - unlike programs

such as Sketch, which constructimages out of mathematically-

defined elements.

■

Image processing with Gimp, Part 2

UNDERSTANDINGGIMP

SIMON BUDIG

If you ask about image processing under Linux, you will

more than likely be referred to Gimp. Gimp (Gnu Image

Manipulation Program) is a very flexible program. But first

of all, you have to learn how to handle this flexibility. This

is the second part of a series in which we will look at

various aspects of Gimp. In this part, we’ll be covering

various tools and selections.

040gimpsbd•.qxd 09.05.2001 10:08 Uhr Seite 40

lower right area of the toolbox, you can call up thepaintbrush dialog. Here you can choose thepaintbrush with which you want to work. Whenexperimenting, you will also come acrosspaintbrushes that behave somewhat differently tonormal paintbrushes, as shown last month. Withthe slide adjuster Distance you can set here how farapart the individual paintbrush images are to beplaced.

Softly softly

The pencil tool behaves at first glance in a similarway to the paintbrush tool, with the differencebeing that paintbrushes allow soft edges, whilethe pencil offers hard contours. This is especiallyimportant when you want to control images downto each individual pixel. Normally though,considerably better results are achieved with thepaintbrush tool.

The airbrush is comparable to the paintbrushtool, but applies the colour much more slowly to theimage. If you hold down the mouse button overone spot for a long time, more and more colour willbe applied - just like a spray can in fact.

From our present point of view the eraser isnothing more than a paintbrush tool which always

paints with the background colour. I will not go intoit any further at this point. That should be enoughto start with.

The last of the painting tools is the ink tool,which simulates an ink pen. Unlike the otherpainting tools, it ignores the currently set paintbrushcompletely. On the other hand the thickness of thestroke depends on the speed. This tool takes on anew dimension when it is used together with agraphics tablet.

All the painting tools are considerably moreflexible than they may appear right now. After adouble-click on a tool symbol, the tool optionsopen. Here it is possible to set more precisely howthe tool should act, especially how heavily thecolour is applied and should be combined with theexisting image. Try out all the options, to get afeeling for the possibilities. But don’t be surprisedthat the options for pressure sensitivity with anormal mouse are ineffective.

Colourful

Now let’s turn to colour selection. In the toolbox atbottom left you will see two colour areas: Theforeground and the background colours. One ofthese two areas appears to be ‘pressed in’, and this

FEATUREGIMP 1.2


[left]Figure 1: Starting Gimp

[right]Figure 2: First distribute dialogs...

[left] Figure 3: Gimp painting tools

[middle] Figure 4: First paintings.

[right] Figure 5: One of the colourselection dialogs


is the so-called active colour, which can be changedat various places. If you click on the active colour, acomprehensive colour selection dialog appears,which you can look at in Figure 5. You can switchbetween various types of dialog using the tabs.With a bit of background knowledge (see theColour models box) you should soon be at homewith the first dialog.

Selected

One area which is very important, especially forreprocessing photos is selections. One does notnormally always want to cover the entire imagewith an effect or correct the colours. You have tosomehow delimit the area to be processed - themore flexible tools there are, the better.

We have highlighted the basic tools in Figure 7in red. From left to right: The rectangle and theellipse selection tool, the free hand lasso, the magicwand and the ‘intelligent’ scissors. Other importanttools can be found under<Image>/Selection/....

Select the rectangle selection tool and use themouse to drag a rectangle up in the image window.A broken line (the so-called marching ants) nowmarks the selected area, which you can drag backand forth using the mouse by clicking in the areaand then moving the mouse with the mouse buttonpressed down. By clicking outside you can againanchor the area to the image. When an area isselected, the painting tools can only change thisarea. Try it out: Select an area and paint diagonalstrokes over the image using the paintbrush tool.The strokes are only visible within the area. Theellipse tool works in a similar way.

If you want to select perfect circles orrectangles, you can press the Shift key whiledragging the area up. It is important that you onlypress the key after first clicking with the mouse.With the Ctrl key you are defining that the firstmouse click has defined the centre point of theellipse/ rectangle.

Combining selections

Of course, not every shape you want to select isperfectly rectangular or elliptical. To adapt theselection as closely as possible to the desired shape,you can combine the various tools with each other.If, at the start of the mouse click the Shift key ispressed, the area will be added to the existingselection, with the Ctrl key the area will besubtracted. With both pressed at once the averagewill be formed. In Figure 8 a perfect circle is addedto a selection. Gimp helps to remember the keycombinations: A little plus sign shows that we arenow adding to the selection.

Please note that these two actions are reallyindependent of each other. The combination withthe available selection is defined by the keys at thestart of the click, the regularity of the selection isdefined by the keys at the end of the click. So if youwant to drag a perfect circle out of the selection,press the Ctrl key, then the left mouse button,release the Ctrl key, press the Shift key, drag thecircle to the requisite size and then release themouse button.

A Button

Is your head buzzing by now? Sorry, but thesebasics are too important just to cover superficially.Perhaps we should start a little project togethernow, so as to see how something like this couldlook in reality. The aim is to paint a button for awebsite. So that it invites the viewer to click on it, itshould look slightly three-dimensional.

Open a new image, about 400x200 in size(<Toolbox>/File/New). Select, in the middle, arectangular area (rectangle selection tool) and set asforeground colour a medium grey (colour dialog).Select the fill tool (the colour bucket) and click inthe selected area: The rectangle is filled with grey.

FEATURE GIMP 1.2


Colour models

If an image is to be coloured, you are definitely going tohave to get involved with colour modes. For Gimp, twocolour models are decisive in this: RGB and HSV. We willalso go into a third colour model (CMYK) at this point,which is unfortunately not yet supported by Gimp, but isvery important in practice.

The RGB colour model is used by monitors to display colours. Physically, thisis based on an additive colour system, which means colours are added toblack (a switched off monitor is always black), until, at the maximum, whiteis produced. In accordance with the perception in the eye, the colours red,green and blue (RGB) are used here. This is sufficient to show the majorityof colours. The drawback is that it can be difficult to guess the right depthof colour in order to obtain a certain hue.The HSV colour model goes a different route, which makes it possible tocreate slightly different shadings and similar hues. A colour is defined hereby stating the hue, saturation and value. Usually the hue is specified bymeans of a colour circle – you can see this circle in the outer area of the‘triangle’ colour dialog. If you adjust the saturation downwards, the colourbecomes more and more grey, with the value you can darken the colour. Inthe ‘triangle’ colour dialog you can see the relationship between thecolours: the side opposite the coloured corner has a saturation of 0, theside opposite the black corner has the colour value of 100% (Figure 6).The CMYK colour model plays a central role in the printing world. Thephysical basis for this is the subtractive colour model, which means forexample, colours are gradually ‘subtracted’ from a ‘white’ sheet of paper,until one arrives at black, so it is as it were the opposite of the RGB colourmodel. In this case, colours are composed out of cyan, magenta and yellow.But since this only works brilliantly in theory, in practice black (key) is stillused so as not to obtain merely a dirty brown as the darkest colour.Neither the RGB nor the CMYK colour model are sufficient to reproduce allthe colours which occur in nature on paper or monitor. In fact, in the CMYKmodel one is more likely to come up against barriers. Here, so-calleddecorative colours are used to expand the spectrum that can be shownfurther. But that’s a science in itself...

Figure 6: The HSVtriangle

Figure 7: Theselection tools


A click on the black and white symbol atbottom left of the two colour fields in the toolboxresets the colours to black and white. Select theairbrush and a gently tapering paintbrush. With anopacity power of about 50% (in the tool optionswhich pop up when you double-click on theairbrush), move along the lower and right edge ofthe selection. The selection prevents you frompainting into the white area. After that, click on thedouble arrow at top right of the two colour fields toswap the foreground and background colours. Withthe white colour, repeat this on the upper and leftside of the rectangle.

Text

You have now created the slightly three-dimensional-looking basis for a button. All we reallyneed now is a colourful caption. For this we can usethe text tool. Click on the ‘T’ in the toolbox andthen on the grey rectangle. In the dialog thatappears, you can enter text and select a font type/size. Since we tend to have one-track minds, wehave entered ‘Gimp’ here. Century Schoolbook I hasbeen selected as the font, which comes with thefreefont packet in many distributions. In my case,the size is 64 point. If you now click on OK, the textappears in the image, although rarely at the spotwhere you want it. Move the mouse cursor to thetext (it turns into a little cross) and drag it to theright place.

You will have noticed that the text is alsoselected. We can now take advantage of this. Pick anice bright colour and the paintbrush tool. Thensimply drag a couple of strokes diagonally over thetext (Figure 9). Due to the selection, you are onlypainting on the text itself and can thus provide itwith a decoration. Incidentally, you can cancel thelast steps with Ctrl+Z if you have made a mistakesomewhere.

The text is still a so-called floating selection,which means that it can be moved around with aselection tool, without the image informationunderneath it (our grey button) being destroyed. Inorder to anchor this floating selection to the imageagain, you can either press Ctrl+H or set therectangle selection tool and click outside the text inthe image. The selection borders disappear, and thetext is fixed to the image.

Pattern

Now the button just has to be tailored to its finalsize and saved. To do this, select the cropping tool,which is represented in the toolbox by a scalpel andis found next to the magnifying glass. In a similarway to selecting a rectangle, draw a frame aroundthe button. It’s all right if it’s a bit too big, as you canchange the area by clicking on the four cornerhandles or entering the co-ordinates numerically inthe dialog box. In our case an automatic shrink is

enough to adapt the box precisely to our button.The image size is changed with a click on ‘cutting’.

Lastly, we save the image: With<Image>/File/Save as... the save dialog appears.Here you can simply enter a file name. Dependingon what ending it has, Gimp searches for thecorresponding format. I would suggest at this pointthat you use the JPEG format with the ending .jpg,the quality 0.90 and smoothing 0.05. In the imagewindow, you can assess in advance how the imagewill look afterwards (the JPEG format creates visibledefects in some circumstances). The other optionsare of a more technical nature and can be left in thedefault settings. Voila – our button is finished.

Outlook

We won’t hide from you the fact that this is a verytedious way of creating such buttons, but youshould have an idea by now of how to make simplethings with Gimp. In the next installment we willlook at additional features in connection withselections and prepare scanned images. ■

FEATUREGIMP 1.2


The authorSimon Budig has known Gimpsince Version 0.99.10 and hasrecently tried out Version 0.54just for fun. What a laugh.When he is not writing Gimparticles or giving lectures onGimp, he is trying to completehis degree in mathematics atthe University of Siegen.

[below]Figure 8: Here a perfect circle is beingadded to a selection

[bottom]Figure 9: Two steps in one: Createtext and colour it...


In the lab, Linux Magazine used an IDE-Raid, inorder to feed data to the streamers at the highestpossible speed. The data content consists on theone hand of easily compressible files (sources fromthe latest SuSE distribution), and on the other hand

of hard-to-digest MPEG videos. The data mix on thelab Raid is a fairly good reflection of the reality of acorporate server.

The capacity details of the drives areuncompressed, thus guaranteed, values. The usual2:1 or even 4:1 assumptions of the manufacturersare unrealistic fantasy values, and under nocircumstances should you rely on them.

Tandberg SLR-60

Tandberg, with its SLR devices, relies on the triedand tested system of linear recording. The principleis identical to QIC, but as the result of refinedmechanisms and fully automatic recordingcontrollers with read-after-write, Tandberg offersdata security which is bang up to date.

The drive (Figure 1) stands out because of itsgreat robustness, and even the cassettes do nothave the fragility of DAT cartridges and willcheerfully put up with rough handling. The drivehas a wide SCSI connection and 8MB buffer.

Tandberg SLR-60Capacity: 30GB Back up rate: 210MB/minPrice: approx. £1200http://www.tandberg.com

Tandberg SLR-60 Autoloader

The speedy Tandberg (Figure 2) also comes withautomatic changers. The rig costs just under £4000,but for this you also get 180GB uncompressed

FEATURE BACKUP HARDWARE


Streamers from £250 to £4000

COMPARISONOF TAPE DRIVES

OLIVER KLUGE

Extending the reach of SCSI devices There are many solutions for getting the data onto the backup device. Aswell as dedicated backup servers there is also the option of running severalSCSI devices on one server and to extend the range of the SCSI interface soas to distribute the locations of the devices.One product this would be possible with is the Storage Net SCSI-Extenderfrom Storagetek. With this device, the very short length of the cable of theSCSI can be extended to an impressive 20km, if a length of fibre-optic cableis used. When WAN networking is used, it is even possible to achieve 200km.Both backups on streamer drives and also disk and Raid reflections can bedone via the wide SCSI connections thus obtained, and at the same timethe mirror images – accommodated in separate buildings – even guaranteefire protection.http://www.storagetek.comStandards: SCSI, Wide and Ultra-SCSI.

Tape drives, so-called streamers, are still the backup medium of

choice. Value for money and with a large capacity, they

have maintained their position for decades. We

tested a representative sample of a few of the

current models.

bild1.jpg Figure 1: The Tandbergdrive is robust and fast

020streamerNew.qxd• 07.05.2001 10:13 Uhr Seite 20

capacity. In the extremely long housing, tapes areinserted very practically with the aid of a cassetteholder, so you can change a set of six tapes at astroke. This turns the archiving of even hugequantities of data into affordable child’s play.

At twelve seconds change time, nor does it takean eternity to change a tape, and the back up rate isidentical to the single drive.

Tandberg SLR-60 AutoloaderCapacity: 180GB Tape change rate: 12 s Back up rate: 205MB/min Price: approx. £4000http://www.tandberg.com

Ecrix VXA-1

VXA (Figure 3) from the US manufacturer Ecrix usesa new tape cassette. This contains a tape, which isthreaded into the drive where it is helically recorded,just like with DAT or Exabyte. The broad tape givesthe impression of being markedly more robust thanDAT media. The drive processor has to manage withan input buffer of just 512K. Ordinary server harddrives have more to offer than this.

In the test, though, the drive proved to be reallyfast: 201MB/minute is a decent figure.

VXA-1Capacity: 33GB Back up rate: 201MB/minute Price: approx. £800http://www.ecrix.com/

Ecrix VXA Autopak

Ecrix also manufacture VXA drives as autoloaders.The devices, called Autopaks (Figure 4), offer amplespace. The tested device has 15 slots for cassettes,so that the capacity is 495GB uncompressed. Thismeans that it can be used to back up even largerserver environments.

The speed is practically the same, but can bedoubled by having a second drive in the changer. Inthe test it was 198MB/minute, as the result of thetime it takes to change tapes.

VXA AutopakCapacity: 495GBTape change rate: 13 s Back up rate: 198MB/minutePrice: approx. £3500http://www.ecrix.com/

Travan NS 8

Travan Network Storage uses the Seagate NS-8 asdrive, which still shows clear signs of the Connerpast (Figure 5). The Travan drive stands out becauseof its low price. But do not expect any three figure

back up speeds for this. On the other hand, thisdrive has nothing whatsoever in common with theleisurely ways of earlier QIC floppy streamers.

In the Linux Magazine Test it bulldozes away at39MB a minute, a figure at which an individualserver can certainly be backed up on tape in anacceptable time. When installing you need to takecare that the computer is not too exposed, becausethe Travan cassette protrudes out of the drive bythree centimetres. If it gets pulled out during thesave, that’s the end of your backup ■

Travan NS 8Capacity: 4GB Back up rate: 39MB/minute Price: approx. £250http://www.seagate.com

FEATUREBACKUP HARDWARE


[left]Figure 2: The autoloaderfrom Tandberg offerscassette holders

[right]Figure 3: VXA uses newstyle cassettes and makeshelical recordings

[above]Figure 4: Autopak is thename of the roboticchanger from VXA. Itoffers a spacious 495GB

[left]Figure 5: Travan offersacceptable speed at alow price

Bigger libraries Just before going to press, the Linux Magazine was sent details on StorageTechnologies’ new tape library L20 (http://www.storagetek.com/products/tape/L20/). This device was conceived as the entry-level model in the L-series, and provides exceptionally high capacities.It starts off with 10 or 20 slots. Even with these, a respectable 2TB can besafely stored uncompressed. The bigger models with up to 80 cassettes anda maximum of eight drives can even put away 8TB without compression.The speed is remarkable: According to the manufacturer it is 920MB perminute for uncompressed files and tape drive. These enormous quantitiesare managed via a built-in Web interface.The tape formats used are DLT 1, 7000, 8000 and Super-DLT. LTO Ultriumcan also be processed. The devices include a standard barcode reader forsecure identification of the tapes. Apart from the SCSI-3-LVD connection,the (optional) high-speed interface fibre channel is also interesting.

020streamerNew.qxd• 07.05.2001 10:13 Uhr Seite 21

Data produced using Linux is no less valuable than anyother. Anyone who does not choose their software forbackups with care will probably soon regret it. Thefollowing performance comparison of two well-knownproducts should make it easier for you to choose.

Arcserve

Arcserve from Computer Associates (CA) has been afixture on the market for a long time now. Firstappearing under the label Cheyenne, it was thebackup solution for early operating systems. Linux isnow a worthwhile platform for the server specialists.

Arcserve makes some demands of the system.Without a Korn shell and Apache Web servernothing whatsoever will work. The latter is requiredfor the Web-based GUI. Circumstances that meanconsiderable additional expense for an individualserver becomes an advantage in a server cluster:Administration from any point on the network is noproblem, even without a client. CA uses Java appletsfor display. The installation script tests for the correctinstallation of the necessary components.

Despite the initially gaudy impression given by theGUI, with large icons for various objects and groups,Arcserve clearly presents lots of setting options. Withthe aid of the large icons, often-needed functions canbe called up rapidly and directly, which gives theadministrator enough flexibility to construct a solutionfor new demands quickly.

Arkeia

Arkeia from Knox is seeking to become the marketleader in this field under Linux. The programbehaves very modestly during installation. It does itsduty within 10 minutes without any great orgies ofinstallation – although this does not include theconfiguration. That takes somewhat longer.

The installation procedure itself seemssomewhat antiquated. Certainly this is no backupsoftware for the home user, but nowadays, evensystem administrators do not want to cut and pastethe necessary installation command sequences outof a readme file into a shell. A small shell scriptwould not be asking too much, nor would thestoring of an icon in the KDE.

ON TEST BACKUP SOFTWARE


Arcserve versus Arkeia

THE DUELOLIVER KLUGE

Backup programs for servers are

complex products and are also

usually specially produced for

specific domains of application.

This article compares two well-

known packages and

introduces two alternatives.

The HTML interface ofArcserve looks garish, but it isstill nice to use. This makes iteasy for the administrator to

seek out special solutions

056arkeia.qxd• 08.05.2001 14:53 Uhr Seite 56

But the program immediately makes up for theseminor inconveniences. The graphical speed controlis handy, especially if the tape drives are far away inthe server room.

Arkeia is of modular construction right down tothe last tiny detail and all elements of a back up canbe combined into groups. In this way, anadministrator can monitor all tasks which arisecentrally: from the total back up of a workstation,via the incremental databank copy up to networkedenterprise back up strategies.

The extreme flexibility of the program does havethe disadvantage, though, that solving a short-termproblem which has just cropped up becomes fiddlybecause a lot of adjustment has to be done beforethe streamer starts to whirr.

The hierarchies in Arkeia are somewhatunusual. Many options can be defined both in thecorresponding element, as well as in the overridinggroup (the command as to whether subdirectoriesare to be searched or not, for example). This is adouble-edged sword. It can lead to confusion if theprogram behaves unexpectedly, while on the otherhand, it does allow for particular flexibility whenadapting to specific corporate needs. ■

ON TESTBACKUP SOFTWARE


Arkeia offers many detailed setting options for system administrators

Quadratec Time Navigator

The name of the product is derived from a feature: The user can ‘travel back in time’ when restoring and can thus see inadvance the state of the data at any point in time. Time Navigator comes with a great deal of equipment and is designed for large corporate networks. Installation goessmoothly and quickly. The modern GUI design is striking, and is especially seductive because of its clarity. Although TimeNavigator also offers an exceptional number of detailed setting and control options, it is still simple and logical to use, with awizard to help if there are any remaining unclear points.Wherever groups are formed (server, drives, tapes and so on), Quadratec uses impressive icons. The user can at any time clickon the information they need and click away the rest – thereby obtaining an overview. Tracking jobs that are runsimultaneously or spread out is also no problem with this GUI concept.The software appears expensive at first (from £3000). But Quadratec has a completely different price structure from thecompetition. The firm uses linear scales, as hardware and software structure increases in size (agents). As the result of this,Time Navigator becomes cheaper for large installations. http://www.quadratec-software.com.

Product Overview Arkeia Arcserve

Manufacturer Knox Software Computer AssociatesSales SuSE CATelephone 020 8387 4088 0161 928 9334Internet http://www.arkeia.com http://www.ca.com/arcservePrice from £430 from £1000

UseGUI Administration yes yesWeb-Interface no yesCentral administration yes yesCommand line yes yes

SchedulerCalendar planning yes yesRotating Jobs yes yesPrioritisation yes yes

DevicesAutomatic recognition no yes (SCSI)Barcode support yes yesTrailer management yes yes

ExtrasVirus testing no yes

Veritas Net Backup Business Server

Just before going to press we receivedthe new program from Veritas. The greatstrengths of this package are, firstly, thedistinctly broad platform support andsecondly, the many optional agents. Thismeans Oracle, Symbase and Informixserver can be copied in the same way asLotus Notes databases. With clients forall the latest operating systems, thepackage offers a good basis for centraladministration of locally performedbackups too. http://www.veritas.com

056arkeia.qxd• 08.05.2001 14:53 Uhr Seite 57

Before we come to the basic elements, the co-ordinate system used by OpenGL must first beexplained in more detail. This is a Cartesian co-ordinate system.

The x and y-axes form a plane, something likethe visible surface of a monitor. The z-axis adds thethird dimension - spatial depth.

In the case of our monitor this would now bethe depth of the picture tube. A point P thus needsthree values (x,y,z) in order to have a fixed positionin our co-ordinate system.

Basic 3D elements

As demonstrated in the first part, the generalcommand structure of OpenGL in order to drawsomething looks something like this:

glBegin(...);glColor3f(..);glVertex3f(...);glColor3f(..);

glVertex3f(...);...glEnd();

glBegin(TYPE) tells the machine which basicelement (also referred to as a primitive) it shoulddraw from now on. A complete illustration of allOpenGL primitives can be seen in Figure 2.

In OpenGL there are five different basic elements,from which all objects must be composed. In detail,these are points, lines, triangles, quadrangles andpolygons. Variations can be formed out of all theseelements (apart from points), mostly simplecontinuations as the result of defining additionalvertices. So a simple triangle can turn into a so-calledTRIANGLE_STRIP or a quadrangle (GL_QUAD) canbecome a QUAD_STRIP (see Figure 2).

This has the additional advantage that theoverlapping vertices in the composed element donot have to be loaded into memory and calculatedtwice. So if we want to draw four coherenttriangles, it is sufficient to specify six points - savingthree sides and six points.

Colours

A colour in OpenGL is normally based on the RGBprinciple, thus it consists of the components Red,Green and Blue. So all visible colours from Black toWhite can be mixed.

Examples of OpenGL coloursGreen: glColor3f(0.0f, 1.0f, 0.0f);Violet: glColor3f(0.6f, 0.0f, 0.4f);Black: glColor3f(0.0f, 0.0f, 0.0f);Grey: glColor3f(0.4f, 0.4f, 0.4f);White: glColor3f(1.0f, 1.0f, 1.0f);

The first example shows all 10 of the primitive typesmentioned above.

FEATURE OPENGL


OpenGL Course: Part 2

POINTS, LINES AND

POLYGONSTHOMAS G. E. RUGE, PABLO GUSSMANN

This part of the OpenGL

course firstly concerns the

basic graphical elements

from which 3D objects are

constructed. It will also

explain how the objects

created can be correctly lit.

Figure 1:The Cartesian co-ordinate system

022opengl.qxd• 07.05.2001 10:06 Uhr Seite 22

The second example from the last part of the courseserves as the basis for this. So it is again based onGLUT, the OpenGL Utility Toolkit.

Let there be light

Objects such as the teapot from the first part consistof triangles

or polygons. To make them look more realistic,these must be lit and thus appear brighter or darker,depending on the angle formed between them andthe source of light. OpenGL fortunately takes overthis part of the maths for us, but it still requiresadditional information. And this is in the form ofnormal vectors, thus a vector that stands verticallyto a surface.

Figure 3 shows an image of a normal vector onan area. An area consists of at least three points.The vectors u and v are the vectors from P1 to P2,and P1 to P4 respectively. But it doesn’t matterwhich point is used to form u and v, since if thepoints are correctly oriented with respect to thearea, the normal vector is always the same.

The cross product

The normal vectors of an area can be calculatedusing the cross product.

vNorm.x = u.y * v.z - u.z * v.yvNorm.y = u.z * v.x - u.x * v.zvNorm.z = u.x * v.y - u.y * v.x

So that the normal vector is also pointing in theright direction, it is again necessary for thesequence of points (P1, P2, P3...) which define thearea to be consistent.

But this leaves the normal vector still only half-finished, because it still has to be standardised. Thisis necessary to ensure that all normal vectors havethe same length. This then looks something likethis:

length = sqrt( vNorm.x * vNorm.x + vNorm.y * UvNorm.y + vNorm.z vNorm.z)vNorm.x /= lengthvNorm.y /= lengthvNorm.z /= length

This should, of course, not be calculated anew foreach frame because the computing time takenwould be enormous. These normal vectors shouldbe calculated just once at the start of the program,because they do not change (in most cases).

Using glNormal3f(vNorm.x, vNorm.y, vNorm.z);these values are transferred to OpenGL, so this isjust the same as with colour values.

Light in OpenGL

Of course, in order to show illumination withnormal vectors, you also need a source of light. Forthis we need a few details about its position and

colour values (the light source need not, of course,only give out white light). The following variablescontain the necessary values for the position of thelight source:

GLfloat LightPosition[] = \{0.0, 0.0, -1.0, 1.0f };

The first three values specify the position and thefourth is a sort of switch, which should stay at 1.0.

The next two variables contain the values forthe ambient and the diffuse components of thelight:

GLfloat LightAmbient[] = \{0.2, 0.2f, 0.2f, 1.0f }; GLfloat LightDiffuse[] = \{0.3f, 0.3f, 0.3f, 1.0f };GLfloat LightSpecular[] = \{.9f, .9f, .9f, 1.0f };

FEATUREOPENGL


[left]Figure 2: OpenGLprimitives

[right]Figure 3: Normalvectors

Listing 1, Primitives.cThe program is compiled with:

gcc -I . -c Primitives.cgcc -o Primitives Primitives.o \-L /usr/X11R6/lib/ -lGL -lglut -lGLU

The program is really very simple to explain: You can select the type of primitive using keys1..9. This is done in the callback function (see Part 1) for drawing. Primitives are alwaysdrawn with different colours. The case query in the keyboard callback sets the value forthe primitives in the variable draw_type, which is then queried in turn in callback for thedrawing. The following commands from the program draw a red triangle.

glBegin(GL_TRIANGLES);glColor3f(1.0f, 0.0f, 0.0f);glVertex3f(-100.0f, 0.0f, -100.0f);glVertex3f(-100.0f, 100.0f, -100.0f);glVertex3f(0.0f,100.0f, -100.0f);glEnd();

Most routines have been taken over entirely or expanded from the last part of the course.The program run has remained the same. During navigation it sometimes happens thatwhen surfaces are drawn they are not always visible. This happens if the surface is turnedaway from the onlooker. Normally the sequence of vertices of polygons is defineduniformly, clockwise or anticlockwise.

This is prevented by the command glPolygonMode(GL_FRONT_AND_BACK, GL_FILL).So both sides of the polygons are declared as visible.


Here, the first three values specify the Red GreenBlue (RGB) values at which the light should shine.

The ambient component of the light is the partof the light that comes from no particular direction. Itarises, for example, when light falls into a space andthe rays strike everywhere and are reflected until theyare no longer coming from any definable directionand are only present in the form of background light.

The diffuse portion of the light comes from aspecific direction and is reflected evenly over an area.Areas which are tilted towards the light source appearbrighter than those turned away from the light.

The specular part of the light also comes, likethe diffuse part of the light, from one direction butis reflected unevenly over an area. As the result ofthis, bright spots of light are created on surfaces.

These values are now allocated as follows to thelight source GL_LIGHT0:

glLightfv(GL_LIGHT0, \GL_AMBIENT, LightAmbient);glLightfv(GL_LIGHT0, \GL_DIFFUSE, LightDiffuse);

glLightfv(GL_LIGHT0, \GL_SPECULAR, LightSpecular); glLightfv( GL_LIGHT0, \GL_POSITION, LightPosition );

Using

glEnable(GL_LIGHT0);

the light source and with

glEnable(GL_LIGHTING);

the lighting calculation are started by OpenGL. Nowthe area no longer appears just in the full colour, butbrighter or darker, depending on how they stand withrespect to the light. OpenGL provides a maximum ofeight light sources. These can have different coloursand positions and be switched on or off.

So that the light source also works on colouredareas (only very few are white), OpenGL still has tobe instructed on how to apply the light calculationto the colour values of areas.

glEnable ( GL_COLOR_MATERIAL );glColorMaterial ( GL_FRONT_AND_BACK, GL_AMBIUENT_AND_DIFFUSE );

Below is a short sample program, which draws,lights and rotates a dice made of GL_QUADS. Using‘l’ and ‘o’ the light source can be turned on and off.Rotation can also be modified: ‘s’ for stop and ‘g’ tocontinue rotating. ■

FEATURE OPENGL


VectorForwards: glNormal3f( 0.0f, 0.0f, 1.0f);Backwards: glNormal3f( 0.0f, 0.0f, -1.0f);Right: glNormal3f( 1.0f, 0.0f, 0.0f);Left: glNormal3f( -1.0f, 0.0f, 0.0f);Up: glNormal3f( 0.0f, 1.0f, 0.0f);Down: glNormal3f( 0.0f, -1.0f, 0.0f);

Info

OpenGL-Homepage:http://www.opengl.org

OpenGL and GLUTinformation:

http://www.xmission.com/~nate/opengl.html

■

Listing 2, Light.cThe program is compiled with:

gcc -I . -c Light.cgcc -o Light Light.o \-lGL -lglut -lGLU

The sample program draws an illuminated dice and rotates it. The light source is situated behind the(transparent) onlooker and lights the dice from the front. It is easy to see how the areas becomebright and dark. The code for the set up of the light sources and of the lighting, as described above,is in myInit(). Firstly, values are defined for the position and the properties of the light source andthen they are assigned to the light source. The dice is now drawn in DrawScene(). But first therepresentational matrix is created and translated backwards using:

glTranslatef(0.0f, 0.0f, -5.0f);

and then rotated

glRotatef(rtri,.0f,1.0f,0.0f);rtri+= .1f;

The dice consists of 6 GL_QUADS and is so simple that normal vectors do not have to be calculated ona large scale. These are simple vectors, which point forwards, backwards, right, left, up and down:

Each GL_QUAD is assigned a different colour, so that the sides are easy to distinguish. Obviously,a dice is not exactly a complex object, but one with 20,000 polygons would be beyond the scope ofany printer. The dice serves as the basis and can be expanded with a bit of effort. But the calculationof the normal vectors should not necessarily be undertaken manually, but automated. That’ssomething we will come to in a later installment of this course.

The plan for the next part is an explanation of the world of matrices in more detail. Then it will bepossible to program more complex procedures than a mere dice rotating about its own axis.


When it comesto email so many people,

even those who should know better, makedo with a monolithic email program, software whichtakes all of the responsibilities of creating, processingand displaying your email. This goes very much againstthe grain for a UNIX/Linux system, where modularity isthe order of the day, where all of the separate processesneeded for a particular service (in this case email) arehandled by individual programs.

This article will describe how you can set up avery basic email server for a dial-up Linux machinewith no other network connections. We will have toassume that you have already configured yoursystem to connect to the Internet. This is thesimplest example for the most common ofsituations, where the basics can be learnt. Fromhere you can further configure to suit your ownneeds. All this article can really hope to do is giveyou the impetus to start the ball rolling.

There is an ever increasing range of softwarethat you can use to run as your email server and thisvariety can be enough to dissuade people from everstarting what can be quite a simple and rewarding

task of running (or should that be tinkering with)your own mail server. It would be pointless for us tosuggest which software you should choose becausethat depends so much on your requirements. Theserequirements differ from case to case, even if onlyslightly. We’ve chosen packages here fordemonstration purposes only, you really should dothe homework, look at what’s available and makeyour own choices for your own situation. Our choiceof packages, Postfix and fetchmail was made mainlyon the grounds of availability - we expect most ofthe boxed set distributions to include them - and abalance between ease of configuration and power.You will also need a package to read and write youremail with. For this you might like to reconfigure thesoftware you currently use, or better still, experimentwith a new package during a testing phase. We’ll beusing Kmail as an example here.

Postfix

Postfix is an MTA (a Mail Transport Agent) withresponsibility for moving mail around from place toplace, most importantly, moving new email that youhave created from your machine to the big badworld of the Internet. You may already have an MTAinstalled, if it is Postfix then all well and good. If it is

PROGRAMMING MAIL SERVER


Installing a basic mail server.

POSTMASTER

COLIN MURPHY

Is there some element of your email

software that bugs you? Do you get

the feeling that you’ve lost control

of how your machine exactly

handles your email? Maybe you

should consider, or reconsider,

running your own email server and

taking back control.

026software.qxd• 08.05.2001 14:45 Uhr Seite 26

some other MTA, Sendmail being a likely candidate,some work will need to be done first. Use RPMs toinstall Postfix, if there is another MTA installedalready, your package manager will complain andyou will know what to uninstall beforehand.

Postfix comes with lots of documentation whichyou should at least look at, but don’t be put off if itseems unclear, the most basic configuration whichwe are dealing with doesn’t require very much of it.The upshot of it all is that you need to add somelines to one or more of the Postfix command files toconfigure it. The most important file is ‘main.’which will most often be found in the /etc/postfix/directory. If it’s not there try running locate main.cfas a command line to get some clues as to where itmight be hiding.

relayhost = [mail.ispname.com]defer_transport = SMTPdisable_dns_lookups = yes

with mail.provider.com from the first line changedto the address to which you upload your mail at themoment to your ISP. Details of what this is could befound by checking your ISP’s support pages or bylooking at the configuration details of your currentemail program. For example in Kmail look underSettings/ Configuration/ Network/ Sending Mail. Itwill be something like post.demon.co.uk orsmtp.uklinux.co.uk

Explaining what all this is:1. The relayhost is the name of your ISP’s mail server,

which we are going to take advantage ofbecause, hopefully, your ISP is always connectedto the Internet

2. Defer_transport is present because we are notalways connected to the Internet, so we will haveto take responsibility for when our mail servershould try to send its mail

3. disable_dns_lookup because, not beingconnected to a local network, we are unlikely to

have our own local DNS server running, solooking for it would cause problems

On occasions things go wrong and it is usually betterto know about it than to bury your head in the sand.Sometimes things will go wrong with email and themail servers, your local one or those outside willwant to tell someone about it. The mail servers willsend email to the postmaster, a special user on thesystem. Obviously you are not going to want to login as this special user just to wait for something badto happen, so arrangements are made for themessage for the postmaster to be sent somewheremore convenient, say, to your own login. This is doneby setting up an alias in the file /etc/postfix/aliases,which you again need to edit, changing thepostmaster entry from root to your most frequentlyused login name. We should be safe in assumingthat root is not your most frequent user.

If your ISP supplies the facility to use anunlimited number of email address and if you havetaken advantage of this you may want to set upmore aliases for those other email addresses. Ifthere is more than one user for your machine youshould set up aliases for them as well so that theirpost will go directly to their login account, unless,by some happy coincidence their email user name,(the bit before the @) matches their login name,then it will happen automatically.

Once you have edited the /etc/postfix/aliases filewith your information, you need to create adatabase from it by running the command

postaliase /etc/postfix/aliases

This database is required by postfix, so, even if youhave decided not to make aliases for your users, youstill must run this command as part of theconfiguration process.

To make sure that Postfix looks again at the newconfiguration you need to restart it with thecommand

PROGRAMMINGMAIL SERVER


The config file for Postfix.With an editor you need toadd the following details tothe main.cf file, at the end ofthe file will do fine


/etc/rc.d/init.d/postfix reload

We just need to set up Kmail to pass any new emailto the server that has been installed, so go back tothe configuration screen and set Kmail to use/usr/sbin/sendmail instead of sending directly toyour ISP’s mail server directly, that’s if you wereusing Kmail previously. The /usr/sbin/sendmail hereis actually still part of Postfix, it’s just a neat way ofallowing Postfix to take over tasks that have beenconfigured for the real Sendmail package. Whileyou are still in Kmail configuration screen you

should also make sure you have sensible info set upunder the identity tag.

Compose an email, either to yourself, or betterstill to an email echo server, like [email protected],which, on receipt of your message just sends it backto you, but with all the message headers on display- useful for tracking down any unusual activity.Compose your email and send it from Kmail, but dothis while offline.

To get Postfix to actually send the mail, onceyou have made an online connection, you need tofire off the command

/usr/sbin/sendmail -q

which is fine for testing purposes, but wouldbecome a real pain if you had to type it every timeyou wanted to send some mail, which is why thereis an automatic way. Back in your editor, add to orcreate the file /etc/ppp/ip-up.local with

#!/bin/bash/usr/sbin/sendmail -q

and make sure that this file is executable with thiscommand

chmod +x /etc/ppp/ip-up.local

So now, every time your Internet connection startsup, this script will be run and Postfix will be told tosend its stuff. If you can think of any other programsor utilities that you use online you could also addthem to this script.

Configuring fetchmail

Postfix and all the other MTAs can look after themovement of emails, in either inward or outwarddirections using a Simple Mail Transport Protocol -but usually only for machines that have apermanent connection to the Internet. The majorityof ISPs expect their dial-up users to retrieve emailusing a different protocol, usually something calledPOP3 but others are possible too, which is why weneed to call upon the uses of Fetchmail.

Make sure you have fetchmail installed and, ifyou have it available, the stand alone graphicalconfiguration tool for fetchmail, calledfetchmailconf which takes what little pain theremight have been in configuring away completely.

At its most basic, fetchmail needs to knowwhere to collect your mail from, so you will need toknow the address of the mail server from which youwill download your mail, details of which will befound on your ISPs support pages, or can beplucked from the configuration details of yourcurrent email program. For example, in Netscapeyou would look at Edit/ Preferences/ Mail Servers/Incoming Mail Server. It also needs to know youruser name and password that you use to log intoyour ISP.

fetchmailconf &

PROGRAMMING MAIL SERVER


[right]Starting to configure

[below]Initially choose Novice

You will need toconfigure fetchmail as

root, so either log in asroot or become a Super

User with the sucommand at the terminal

prompt. To startfetchmailconf, if you

have it, just type


at the command prompt of your terminal. Choosethe Novice Configuration option and enter thename of your ISP’s mail server, then your user nameat your ISP, then your password. You may also wantto check the box to Suppress deletion of messagesafter reading initially, until you are confident that allis working, minimising the chances of loosing any ofyour email. OK all of this information and save theconfiguration file. Go online and hit the Testfetchmail button and wait a little while. It will take afew moments for fetchmail to talk to your ISPs mailserver, so the output in the fetchmail run windowwon’t appear until your email has downloaded.Hopefully, you will see some output which hasfetchmail: normal termination, status 0 near theend, meaning all went well, or status 1 meaningthat you don’t have any email to download, so sendyourself some and try again. Anything else meansyou have a problem - look the status number up inthe man page for fetchmail for clues.

poll pop.ispname.net protocol pop3 username U”YourUserName” password ”YourPassword”

changing the ispname, YourUserName andYourPassword parameters to your details. Save itand then, at a command prompt do

chmod 600 /root/.fetchmailrc

which will stop anyone other than the root userfrom looking at the file and seeing your password.

To test it, go online and at a root commandprompt enter

fetchmail -d0 -v --nosyslog

Just like with Postfix, you won’t want to be messingaround with running fetchmail from the commandline every time you want to see if you have mail, soyou need to add a line to the /etc/ppp/ip-up.localfile

fetchmail -d [600]

will poll your mail server every 10 minutes to checkand download any new mail.

You should also add to the file /etc/ppp/ip-down.local

fetchmail --quit

to stop fetchmail when you log off, otherwise it willstart complaining about not being able to find aDNS server. ■

PROGRAMMINGMAIL SERVER


Enter the ISP details

[far left]Choose the protocol.

[left]Is your password safe?To configure fetchmailwithout the use of thegraphical configurationtool, you will need to edit afile called /root/.fetchmailrcwhile logged in as a rootuser so that it reads

Info

Postfix http://www.postfix.org/Fetchmail http://www.tuxedo.org/~esr/fetchmail#Alternative documentation http://www.redhat.com/support/docs/faqs/RH-postfix-FAQ/book1.htmlhttp://www.mandrakeuser.org/docs/connect/cmail.html

■


In autumn 1999, whenBorland announced a Linux

version of Delphi and later ofC++-Builder as well, there wasgreat astonishment, even

among the developers in theirown company. After all, theseproducts were software, whichlives very much by its visual

nature and should thereforedepend heavily on Windows.

The launch date was initiallyplanned for one year after theannouncement, but this was

exceeded by about six months inview of the high cost ofdevelopment. The US retailversion just completed can nowshow whether the developmentperiod was neverthelesssufficient to be able to follow inthe successful footsteps ofDelphi.

Windows past

The promise made by Borlandwas to offer the options ofDelphi for Linux. In a laterversion an equivalent to C++-Builder is intended to followas part of Kylix. But what

does Delphi do now? The aids of the Delphi IDEsimplify, in all product variants, the easy creation ofgraphical user interfaces (GUIs). Here controlelements are no longer created by a functioncommand in the program code, but the drafting ofa window, dialog or form is simplified in a formdesigner for selecting the control elements from acomponent palette and the visual determination ofposition and size by mouse click.

A properties editor, which can be opened at anytime as a free-floating window, displays all theproperties of the currently-selected components inthe form of a table and enables the directmanipulation of these properties by keyboard andmouse; the changes can be seen immediately in thedesigner.

The more expensive versions of Delphi alsooffer, purely for designing forms - where ordinarywindows and dialog boxes are also referred to asforms - more besides: with the aid of databasesupport, control elements can for example be linkedto a field of a data table; the Web support allowsthe dynamic creation of Web contents, and thesupport of COM/ DCOM/ActiveX and CORBA underWindows makes it possible to develop real multi-layer database applications.

Linux future

So how does Kylix convert this to Linux? Firstly, thesoftware package will have to be installed; this canbe done using the very well-known installation

COVER FEATURE KYLIX


Kylix 1.0: Delphi for Linux

DEVELOPMENT-CAPABLE

SEBASTIAN GÜNTHER

Now at last, after being constantly postponed,

the first version of Kylix, Borland’s Linux porting

of the development environment Delphi has

reached the UK. The conversion has only partly

succeeded, so there are lots of problems to spoil

the fun of working with what is truly a very

powerful development tool.

058Kylix.qxd• 07.05.2001 10:28 Uhr Seite 58

program from Loki Entertainment Software, eithervia Gtk-based graphical user guide or by commandline. Overall, it performs well: Among other things,it checks at the start whether all the requirementsare met. So a kernel from at least the 2.2 seriesmust be used, Glibc from version 2.1.2 and Libjpegfrom 6.2 are absolutely essential.

A full installation takes up about 200MB on thehard disk, and this can only be reduced noticeablyby doing without the online documentation, whichwould roughly halve it.

Old wine in new bottles

The long load times when you start the integrateddevelopment environment are an early clue: The IDEis not so much a newly-developed Linux application,it’s just that with the aid of the Wine library the old,familiar Delphi IDE has been ported onto Linux.

Wine, the imitation Windows programmerinterface for Unix-type systems, does allow a veryrapid conversion of Windows software onto(among others) Linux, but it does bring a number ofconsiderable disadvantages with it: Long load times,high memory consumption, slow initiation andsluggish reaction by the graphical user interface,and font problems with many X11 installations. Ifpossible, therefore, it is advisable to use TrueTypefonts from an original Windows installation.

But whether Wine is also responsible for theover-frequent crashes of the IDE, is a questionnobody can answer.

After the start, in any case, four windowsappear for the user, which float on the desktop: Thecommand centre is in the form of a long narrowwindow at the top edge of the screen. It containsthe menu bar, symbol bars and the component bar.Also opened: a form in the design mode, a sourcetext editor and the Object Inspector. All registeredclasses of components, spread over several pages,are shown in the component bar in symbol form.

This bar is important in connection with adesigner, a sort of form designer: A component, forexample a simple button, is selected from thecorresponding category by a mouse click. Anothermouse click in the form view inserts a newcomponent of the type selected at the site of theclick. Each component can be moved later bymouse; it is also easy to change the size directly.

By clicking on a component in the designer, thiscomponent is selected; the Object Inspector alwaysrepresents the corresponding properties and eventhandling routines of the currently-selectedcomponent. The Inspector window always presentsthem in two columns: The first contains the namesof the properties, the second the correspondingproperty values. A click on a value makes it editable.Unfortunately Kylix can only show properties aspure text, but a graphical representation of certaintypes of property such as colour values would surelybe more user friendly.

Four sections of the component bar are devotedto the purely visual components. Behind this ishidden, basically, all the types of control elementalready familiar from Windows: buttons, menus,symbol bars, but also complete dialog boxes forthings such as file selection. Three additionalsections serve as database support: Specialdatabase-capable variants of the normal controlelements can be connected to a data sourcecomponent.

Flexible database support withdbExpressThis data source forms the link between controlelements and data set components: for example,during development of the application, should itever become necessary to change from an SQL tableto an SQL stored procedure, to do this it is only

COVER FEATUREKYLIX


[top]The IDE after creating a simple MDIapplication: As well as the commandcentre and an editor window, a formeditor and the property editor canalso be seen

[above]The automatically-created basicframework of the MDI application isin fact ready to run. But even herethe first errors crop up


necessary to specify the data source of a new dataset component - all control elements connectedwith the data source then automatically access thenew mechanism.

Kylix offers several alternatives as data setcomponents, but there have been some majorchanges in comparison with Delphi under Windowsin this area: In place of the old BDE (BorlandDatabase Engine) and MIDAS there are now a goodhalf dozen new components named dbExpress.They use their internal, special Kylix database driversto execute the new commands. Drivers for thefreely available databases MySQL and BorlandInterBase are delivered from the factory as well asfor the well-known commercial products IBM DB2and Oracle 8i.

Friends of older database systems seem at firstto have been left out in the cold, because unlikeDelphi, so far under Kylix there is no support for ageneral interface standard like ODBC or ADO,although this would be perfectly possible withUnixODBC, as for example StarOffice demonstrates.This gap will surely be closed very quickly byinterested third-party suppliers.

As data set sources, dbExpress offers the usualdatabase objects: Direct read and write access totables, the result data set volume of a storedprocedure or the result of a manually coded SQLquery. But a data source cannot be linked to a tableto create a master-detail relationship: The tabledisplays all the data sets which correspond in a fieldto the current value of a selected field of the masterdata source.

A classic example of this: A master tablecontains customer data, while a calculation tableacts as a detail table. The customer number of acalculation is linked with the customer number ofthe customer data table. The master-detailrelationship ensures that the detail data set alwaysrepresents exactly the calculations of the currentlyselected customer.

Also of interest are the so-called Client DataSets. These enable the use of a simple database inthe memory, swapping into a file on the usercomputer, but also complex mobile solutions, inwhich a client does not always have access to thedatabase server in a network.

Rapid development for networkand Internet

The last big area of the component bar concernsthe development of network or Internetapplications: As well as components whichencapsulate the TCP/IP or UDP/IP sockets, the Web-dispatcher distributes HTTP queries to various data-producing components called producers. TheseHTTP queries can be differentiated according to thetype of command (such as get, head, post, put) andthe address (URI).

Since there are also components which exist asproducers that can create HTML pages or tablesautomatically from a database, whole Web serverscan be created using Kylix. But equally, it is alsopossible to create just one CGI application or anexpansion module for the Apache server.

For further reaching Internet and networksupport Borland supplies the new Linux version ofthe well-known open source component library Indy(formerly known by the name of Winshoes) alongwith Kylix. This allows access to practically allrelevant Internet protocols: TCP/IP, UDP/IP, daytimeand time servers, DNS, Echo, finger, FTP and TFTP,Gopher, HTTP, ICMP, POP3, NNTP, QOTD, SMTP,SNTP, Telnet and WhoIs. Raw Sockets forcommunication under TCP or UDP are alsosupported by Indy.

Servers for corresponding protocols can also berealised easily, those supported being TCP/IP, UDP/IP,Chargen, daytime and time servers, DICT, DiscardProtocol, Echo, finger, Gopher, Hostname, HTTP,IMAP4, IRC, Portmapping, NNTP, QOTD, Telnet,TFTP, IP Tunneling and the WhoIs service. 21additional components also provide help functions,such as encoders or decoders for important codingslike Base64 or UUEncode.

Development means more than just clicking

A relatively large part of applications developmentdoes consist of clicking together existingcomponents into data modules or forms andplacing the corresponding properties in the objectinspector. A great many assistants and specialcomponent editors continue to support the creationof complex applications. But at some point, gluecode will have to be written, to bond, hold togetheror expand the structure.

This is where the powerful source text editorand the object Pascal compiler come into play. Forevery object that can be created in the largedesigners (such as for forms or data modules), aunit is created automatically. In Pascal, largerapplications are not simply distributed over severalsource text files, but a clear distinction is madebetween the main program and the add-onmodules – the units. Each unit can be independentlycompiled and integrated into various applications at

COVER FEATURE KYLIX


When editing, built-in programming aids such as code-completion are extremely useful. Here youcan see what happens if, after entering the point, you hesitate: Kylix displays which elements theglobal application object possesses. You can now select a method, such as MessageBox, from the list


the speed of light. The split into main module andunits is, by the way, the main reason for thegenerally very short compile time of these sorts ofPascal compilers, as here it really is only the parts ofan application which have actually changed thathave to be recompiled.

Editing at a higher level

The IDE creates the basic framework for unitsthemselves, where a new class of the respectivebasic class is derived for each form or data module.The components used here now all reappear asfields within the new class. The programmer caneven save a bit more typing work: The codedeveloped most often will be one that is intendedto respond to specific events. The object inspector,though, as already hinted at, lists not only theproperties of a component, but also all possibleevents. A simple double-click on one such evententry causes the IDE automatically to insert anevent-handling routine in the source text of thecorresponding unit. This now only needs to be filledwith code.And this is a real delight with the easy-to-use editor:Because, as befits a development environment fromthe superior class, it offers more than just syntax-highlighting and adaptable keyboard layouts. If, forexample, a certain keyword is typed in and thenCtrl+J is pressed, the editor recognises this as a copycommand and replaces the keyword with a morecomplex expression. Thus an forb plus Ctrl+J turnsinto a complete block for ...:=... to ... do begin ...end.

Borland combines other programming aidsunder the name Code Insight, all based on anevaluation of the source texts during editing. Code-completion becomes active after a short pause afterentering a point or pressing Ctrl+Enter. It shows aselection list of all the appropriate continuations atthe current cursor position – for example after thename of an object variable and a following pointthe list shows all properties and methods for thisobject. The editor recognises the type of variablefrom its previous declaration.

If a procedure or a function is now called up andif the parameter list is to be entered, here again theIDE helps: A brief hesitation during input leads to adisplay of the declared parameter list. There is nowno need to guess or look it up in the documentationto find the correct parameter. And even duringactual programming the IDE provides a built-insymbol browser, the Code Explorer, which candisplay the structure of a module in real time.

Easy debugging

During troubleshooting via the integrateddebugger, the ToolTip support is useful as it isfamiliar from other development environmentsunder Windows. If the mouse pointer in the editor

stops over a symbol name, the value of this symbolis calculated and displayed in a ToolTip. So in manycases it is no longer necessary to work laboriouslyover the additionally available expression evaluationor the watch list.

The debugger turns out to be an indispensabletool during application development, it supportspractically everything that could be expected of amodern debugger, including an in-builtdisassembler.

For handling larger projects, which are spreadover several applications or modules in the sharedobject format (.so), the IDE has a project manager. Itcombines all binary modules (files with executablecode) into a project group, for which an individualmakefile is created. On the other hand, in order tocombine a group of components as smaller unitsinto a SO-module, packages can be produced. Apackage combines several units with componentsand there is also a comment as to which otherpackages this package depends on.

This technology makes it easy to use largercomponents from several applications incombination via a SO-file. The components suppliedwith Kylix are even installed in such packages.

An application created with Kylix finds andloads the necessary package SOs at run time byitself – no registration in the system is necessary.New packages and components though, do have tobe registered in the IDE, so that they can beimplemented in applications.

The online documentation leaves a mixedimpression. Borland has licensed a tool here thatmakes it possible to show Windows help files underLinux. The documentation thus corresponds, interms of structure, to that of Delphi. But thedescriptions are not error-free or complete andgenerally the help texts could easily be a bit morecomprehensive in many places. Also, many things

The IDE provides a powerfuldebugger. Since Kylix uses a real compiler, there isalso a display of the CPUregister and a disassembler

COVER FEATUREKYLIX



are described only from a very high level ofabstraction. Anyone interested in the internalmethod of working will not find much information.

VisualCLX outside, Qt inside

Borland has developed a component library forKylix, for use on several operating systems, calledCLX (pronounced clicks). It is derived from Delphi’sVCL, the Visual Component Library, and also workswith Delphi 6 on Windows.

CLX is split into several parts: The BaseCLXcontains general classes and routines (for file accessesor loading and storing components for example). Thispart is relatively independent of the operating system,as it largely relies on the underlying Run-Time Library,or RTL, which itself abstracts most of the functionality.

The same holds true for NetCLX - the networkcomponents - and for DataCLX, as this is merely alink between dbExpress and VisualCLX. Thisultimately contains all visible components, thusmainly control elements. It rapidly turned out to bea new wrapper for an old acquaintance: TrollTech’sQt-Library, which is also the basis for the popularKDE-Desktop environment.

The sense and nonsense of this decision may bedisputable, because Qt is still far more than just aGUI library. When all’s said and done, the entirefunctionality of BaseCLX is also reproduced hereone way or another, but, mainly for reasons ofcompatibility with Delphi, is not used by VisualCLX.

The online help is based onthe help files familiar

from Windows, which havebeen extended according

to the scheme which you may know from Delphi

COVER FEATURE KYLIX


Visual development environments

In the last few years a new method has been becoming ever more popular: Instead ofwriting software complete, line by tedious line manually, advanced development packagessupport or replace this process with a range of visual help programs. These attempt toreduce applications development to combining ready-made components plus a bit of classiccode as glue.

For example Microsoft, with Visual Basic, scored a direct commercial hit in this field,whereupon suppliers of countless additional components shot up out of the ground likemushrooms. But other firms too, such as Borland, were developing similar solutions at thesame time. Borland was formerly mainly known for two products: the C/C++ compilers(starting with Turbo C) and Borland Pascal, the amalgamation and further development ofthe classics Turbo Pascal and Turbo Pascal for Windows.

Visual Basic (VB), though, had to combat a number of deficits: For a long time, VB wasnot really a proper compiler, but the code was interpreted at run-time, which did notexactly have a positive effect on the execution speed. On top of this, the component modelused was anything but fast or memory saving. The upshot was that VB applications on thecomputers of that time turned out to be very large, memory-guzzling and slow. But on theother hand application development was extremely simplified, which in many cases morethan compensated for the greater demands on hardware.

Borland read the signs of the times, and so, in a tour de force, Borland Pascal, arepresentative of the classic method of programming, was expanded into an easydevelopment package for modern, graphical applications.

Two things were necessary for this: Extending the language of Pascal for better supportof objects and components - the language variant Object Pascal was created - and a high-powered integrated development environment (IDE) together with special support forcomponent technology for rapid application development (RAD).

The finished package with RAD-IDE finally came out under the name of Delphi and wasnow available only for Windows, while Borland Pascal also supported DOS. In parallel, aproduct was created, with C++ Builder, which on the basis of the same component librarymade it possible to work with the language C++ instead of Pascal.


COVER FEATUREKYLIX


The variant of the programminglanguage Pascal, originally createdfor educational purposes, on whichthe modern Pascal compilers such asDelphi, Kylix or even Free Pascal arebased, was christened by Borlandwith the name of Object Pascal. Incomparison with the classic ANSI-Pascal standard it was mainlyexpanded by options for object-oriented programming (OOP).Borland was in fact introducingobjects in Turbo Pascal 5.5 more thanten years ago, but with Delphi theOO-capabilities were considerablyextended.

An example demonstrates some ofthe new capabilities using a class togenerate random numbers:

program ClassDemo;

typeTRandomGenerator = classprivateFMaxValue: Integer;function GetValue: Integer;

publicconstructor Create;property MaxValue: Integer read U

\FMaxValueUwrite FMaxValue;

property Value: Integer read GetUValue;end;

constructor TRandomGenerator.Create;beginRandomize;MaxValue := 10;end;

function TRandomGenerator.GetValueU: \Integer;beginResult := Random(MaxValue + 1);

end;

varRandomGenerator: TRandomGenerator;i: Integer;begin// Create random number generatorRandomGenerator := TRandomGeneratoUr.\Create;tryRandomGenerator.MaxValue := 99;

WriteLn(`10 Random numbers in the rUange \0..9U9:’);

for i := 1 to 10 doWriteLn(RandomGenerator.Value);

finallyRandomGenerator.Free;

end;WriteLn(`Done.’);end.

One of the extensions in Object Pascal isthe properties, which exist in addition tothe normal methods and object fields(the variables within an object): Aproperty has, like a field, a data type. Fora property, though, no code is created,nor is memory space reserved in theobject - the property is a virtualconstruction, which can be applied in theprogram code almost like a field.

To now give the property a meaning,the programmer states where it receivesits value in a read access, or what is tohappen to the new value in a writeaccess. In both cases it is possible,separately in each case, to define a fieldor a method as source or destination. Inthe example the property MaxValuecorresponds precisely to the internalfield FMaxValue, while value can only beread - each read access would beidentical to calling up the methodGetValue.

Properties were mainly created forcomponent-oriented programming,since run-time type information iscreated for all properties within apublished extract (an extended publicextract): At run-time the list of allproperties in a class can be queried. Buteven without RTTI the properties have afew advantages: So one could easilyextend the sample program so that awrite access on value leads to aninitialisation of the random numbergenerator at a specified value. In exactlythe same way, MaxValue can also bechanged later to method access, withoutthe rest of the application having to bechanged.

Compared to C++, it is noticeablethat objects are always stored on theheap, so they cannot be placed on thestack and automatically constructed anddeconstructed. But this is only adisadvantage in a few cases, for examplewhen simple data structures (such as arectangle structure: x1, y1, x2, y2) are toreceive a simple OO-wrapper.

By way of compensation, a few of thecomplicated C++ peculiarities such asdefault- and copy-constructors in ObjectPascal could be dropped. As a rule,

though, that is, with storage on theheap, practically identical procedures areused in the various compilers.

As can be seen from the example,Object Pascal also supports exceptionhandling. The functional method isextremely similar to that of C++ or Java:If an error occurs (exceptional condition),an appropriate exception object withadditional information is created. Thesecan now be caught via a try/except block,while a try/finally-block allows the code,which is also executed if an errorcondition arises within the try-section, tobe specified:

tryAnyfunction;excepton e: Exception doWriteLn(`error: ̀ , e.Message);

end;

This mechanism allows, for example, thereliable release of previously reservedareas of memory or objects – as is typicalof compilers, Object Pascal uses noautomatic memory management.

Borland has also added a few morethings to the Pascal language: ANSI-strings increase the maximum length ofPascal character strings from 255characters and manage copies of thesesame strings very efficiently (Copy-on-Write). Unicode strings can be stored in aWideString variable. The length of thenew dynamic arrays can be defined andaltered at run-time, if necessary withchecking for correct array-indices (byrange checks).

Variables of the variant type storealmost any other data type; This typewas really mainly introduced to supportCOM/ ActiveX under Windows, but isalso available, slightly limited, in Kylix. InKylix, a variant cannot, understandably,point to a COM-object.

One innovation which may becontroversial: Pointers no longer have tobe de-referenced with \^{ }, if the sourcetext nevertheless remains unequivocal;this is certainly something to do with thedevelopment that languages like Javaprefer memory management todisappear completely into thebackground - and pointers just do not fitinto this concept.

Object Pascal


Besides, Qt is a C++ library, which cannot beused directly with the Kylix compiler - a C-wrapper isneeded, which repackages all the classes, methodsand functions of Qt into normal C-functions. TheseC-functions can then be imported by a Kylix unit, sothat ultimately VisualCLX can use Qt.

This solution was certainly the fastest solutionfor Borland to get Kylix ready for marketing, but italso means that visual Kylix applications need morememory and are dependent on countless libraries:Starting with Kylix’s Qt-Interface-Unit libqtintf viaQt2 itself and all sorts of X11 libraries to the C++run-time library.

So it will be especially interesting to observehow far Kylix applications will operate reasonablyunder older or future Linux installations. To

complicate matters, Borland itself provides nosupport for the creation of installation programs, asis the case with Install Shield Express in Delphi.

Quo vadis Pascal?

Kylix is not completely free from competition underLinux: Firstly, there is the C- and C++-compiler withever more powerful IDEs such as KDevelop.Secondly, in the server field the importance ofcompiler languages is certainly going to continue tofall, when more and more special scriptinglanguages like PHP or highly-specialised visualdevelopment environments succeed.

And finally, Borland should also keep an eye onthe field of classical programming: Kylix is certainly

COVER FEATURE KYLIX


Interview with Jason Vokes, Director, Rapid Application Development at Borland

Linux Magazine: What made Borland decide to developKylix?Jason Vokes: I regard the Linux operating system literally as agolden opportunity to reach new developers. We began withDelphi and ended up with a cross-platform system. Linux Magazine: Borland wanted to introduce Kylix a yearafter the announcement. The deadline was passed by aboutsix months. Why?Jason Vokes: There were two main reasons for this. Firstly,there was no rapid application development environment.Under Windows, we were used to the tools and advantagesavailable there. Here we had to start with rudimentary thingssuch as gcc and gdb. Once our own debugger and our IDEwere available, productivity increased. The second point wasthat the various Linux distributions all behave in differentways. It took longer than planned to complete it.

Linux Magazine: Was the porting of the IDE with the aid of Libwine, which has now beendone, your second choice? Jason Vokes: We originally only planned Delphi for Linux, but before we really started, wenoticed that the market needs more, namely a cross-platform environment. That’s why wedeveloped the component library CLX.Linux Magazine: Is it your intention that the Kylix-IDE will one day also run with CLX? Isthere a specific deadline?Jason Vokes: The use of Libwine was a time-to-market decision. We wanted to be fast. Infuture there will of course be a complete CLX-IDE. It is only internally that there are precisedeadlines.Linux Magazine: Have the stability problems with the IDE anything to do with Libwine?Jason Vokes: These problems lie primarily with the Linux loader. Our developers havesuggested numerous fixes to the Linux community and sometimes also even done themthemselves. Many were adopted and are available and some have yet to penetrate theLinux distributions. When they do, stability will improve. This has nothing to do withLibwine. Linux Magazine: When will the no-charge version of Kylix for the development of freesoftware be available?Jason Vokes: By the middle of this year. We are not announcing a specific date at this time,though.Linux Magazine: Borland has made parts of CLX open source. Will there also be othercomponents, too? Jason Vokes: No, there are no plans for that.

Jason Vokes


suitable for the creation of command line-basedtools, too, and the good editor and debugger are agreat help in this. Nevertheless, there is stiffcompetition in this field with the two free projectsGNU Pascal and Free Pascal; in fact, the latterprovides not only compilers for several operatingsystems, but overall comes with a considerablybroader palette of additional units and C-Headerconversions. It is only in the IDE field that Borland,despite the said problems, has a clear advantage.

Prices and licences

Borland is demanding truly beefy prices for Kylix,which are scarcely justified in comparison with themarkedly more stable and more complete Delphi:Buying Desktop Developer would cost some £800 -even though this version still lacks the full NetCLXfor developing network and Internet applications.This is reserved for the Server Developer edition,which costs twice as much at about £1600.

But Delphi offers considerably more in this priceclass, for example support for ActiveX (Windows-specific) or the not-insignificant CORBAarchitecture, which could also be used under Linuxwithout any problem.

And yet Borland has announced that from thesummer a version which is free of charge (but notfree) - probably from the release for DesktopDeveloper - will be on offer for the development offree software under the GPL licence for download(or on CD for about £80). CLX received a doublelicence for this: Borland’s commercial No-NonsenseLicence and the GPL. This could have far-reachingconsequences: Firstly, it is to be expected that aflood of programs under GPL licence will crash in onLinux. But it remains to be seen whether, in view ofthe problems mentioned with library dependencies,this will be a curse rather than a blessing. And onthe other hand many component developers whowant to port their products from Delphi onto Kylixwill also have to consider the use of such a doublelicence if they want to build up a substantialfollowing of users.

Conclusion

Kylix is currently definitely the most comprehensivesoftware for rapid development of applications(RAD) under Linux. It should give the operatingsystem a bit of impetus, because developingapplications has never been so simple. Ultimatelyhowever, Kylix has to be described as a very hastyporting of the old, familiar Delphi. The commercialversion is anything but refined, and a few extramonths for error corrections really would havemade all the difference.

The main aspects of Delphi can also be found inKylix, but behind the scenes the first version comesacross like a botch job, which becomes apparentthrough the instabilities of the development

environment and some of the errors in the CLX run-time library.

The frequent crashes of the IDE and the CLXbugs are something Borland will eventually get togrips with. It would certainly be very helpful if theIDE was converted from Wine to CLX itself, butVisualCLX still lacks some urgently requiredcapabilities to do this, such as support for dockablewindows. But Borland should not take too long to come upwith these improvements, because the free IDEs forC++ are getting better all the time and the teams ofGNU Pascal and Free Pascal are not sitting idle. Onemajor problem for Borland could be that the freedeveloper community will not restrict itself todeveloping components and utilities for thecommercial product Kylix. It will - because of the many Kylix bugs, but also onprinciple - appreciate a free compiler and a free IDEmore. And Borland cannot simply release both, asthey are the essential foundation of the company’sbusiness. ■

The author Sebastian G¸nther is technicaldirector of Areca SystemsGmbH in Munich, a serviceprovider involved withnetworking, the Internet andof course, Linux. For aestheticreasons he is a great fan of thelanguage Pascal for its ownsake and especially themodernised variants. His firstcontact with the Pascalcompilers of Borland was withTurbo Pascal 5.5.

COVER FEATUREKYLIX



Due to very simple syntax on the one hand and semantically powerfullanguage elements on the other, Scheme is excellently suited toformulating abstract concepts. For this reason Scheme is one of thefavourite didactic vehicles in the teaching of students: “Represent itwith Scheme and play around with the defined functions, then youwill better understand what it’s all about.”

In this article we would like to introduce two examples of thisdidactic approach. The first concerns calculation with infinite objects,and the second deals with the area of Web programming. In bothcases we will express our ideas in Scheme and use interactive Schemeprogramming as a means rather than an end.

We have used Chez Scheme for the implementation. This can bedownloaded free from http://www.scheme.com/ as Petite ChezScheme. The conditions of application are described there.

Calculating Infinity – Representing infinite objects with finite memory

The statement that computers can only handle finite objects is normallytaken for granted. For instance, rational numbers are generallyimplemented as fixed-point numbers. However large the mantissa, arecurring decimal fraction like will be ruthlessly truncated from acertain decimal digit onwards. The dots or overscore in the finite notationindicate that the threes continue indefinitely. Due to truncation, not evenrational numbers, let alone real ones, are represented adequately bycomputers. Consequently, you end up working with approximate valuesrather than the actual quantities. This means you are limiting yourself tomachine numbers, for which some of the mathematical laws that applyto rational numbers have no effect. Clearly, the capacity for infiniteobjects is limited by the always finite memory.

Or perhaps not. Looking at the equivalent fraction instead ofyyt , it offers a finite, “dotfree” representation of the same number.This observation leads to the idea of representing rational and evenreal numbers by the method used for their creation. In the case of 1/3:‘Divide 1 by 3’.

A warning: The aim is not to perform an algorithmic operation,but rather the definition of a number through the (where necessarycontinuous) operation employed in its creation. But how is acalculation with numbers represented in this way supposed to work?How much is, for example, ? Do the respective operationsneed to be added to each other in this case?

Data type “stream”

In the following text we will be introducing an abstract data type“stream” (a conceptually infinite list or sequence), which ischaracterised as follows:

A stream is a pair whose first member is any Scheme object (such asa numeral), but not a stream and whose second member is a stream. Weaccess the first member with stream-car and the second with stream-cdr.

The reader is strongly advised to refrain from questions regardingthe implementation of language elements for streams at this point.Let’s just assume that everything we require is available (or built in).

To create an actual stream we are using a constructor, stream-cons. This expects two arguments, the two members of the pair to becreated as mentioned above.

Let’s look at two example streams:

(define integers(letrec((integer-stream-maker(lambda (from)(stream-cons from (integer-stream-maker (+ from 1))))))

(integer-stream-maker 0)))

Now we would like to look at 10 elements of this numeric sequence.

> (stream-print integers 10)

displays

0, 1, 2, 3, 4, 5, 6, 7, 8, 9

on the screen.

PROGRAMMINGSCHEME


We’ve already covered quite a lot of ground in just a few

Scheme articles, dealing with fairly advanced procedures such

as first-class objects, macros and GUI programming.

Other programming languages however, are a little more involved.

Scheme is unsurpassed in the level of abstraction it requires.

Scheme as a teaching device

LEARNINGCURVE

CHRISTIAN WAGENKNECHT & RONALD SCHAFFHIRT

075scheme.qxd• 08.05.2001 10:11 Uhr Seite 75

The second example concerns the Fibonacci number sequence, i.e.

1, 1, 2, 3, 5, 8, 13, 21, 34, ...

The n-th Fibonacci number is defined by the following simple rule: thefirst two Fibonacci numbers are 1. Each subsequent number is the sumof the two previous ones. This is easily written as a Scheme procedure.

(define fib(lambda (n)(if (< n 2)

1(+ (fib (- n 1)) (fib (- n 2))))))

Calculate (fib 29) and see how long it takes your computer to do this.Now let’s define the (infinite) sequence of Fibonacci numbers using

(define fib-stream(letrec((fib-stream-maker(lambda (from)(stream-cons (fib from) (fib-stream-maker (+ from 1))))))

(fib-stream-maker 0)))

and then display the first 30 members of this sequence:

> (stream-print fib-stream 30)

As expected, this takes even longer than (fib 29) above. The result is:

1, 1, 2, 3, 5, 8, 13, 21, 34, 55, 89, 144, 233, 377, 610, 987,U1597, 2584, 4181, 6765, 10946, 17711, 28657, 46368, 75025, U121393, 196418, 317811, 514229, 832040

If we now evaluate the same expression again (stream-print fib-stream30), the result is returned without any noticeable use of computing time.This is a welcome efficiency advantage caused by the fact that elementsof a stream are not re-evaluated once they have been calculated.Instead, Scheme ‘remembers’ already calculated stream elements.

Evaluation concepts

Before we continue to work with streams we should look at the reasonfor this odd evaluation behaviour. By default, a Scheme expression inthe format

(Operator Operand_1 Operand_2 ... Operand_n)

is evaluated according to the following rule: evaluate all elements ofthe list and then apply the operator to the operands. The sequence ofevaluation for the individual parts of the expression is not fixed. Allthat matters is that the operands are evaluated before the (evaluated)operator is applied to them. This is called applicative order evaluation,which has efficiency advantages compared to normal order evaluation(from left to right), as demonstrated by the following example:

((lambda (x) (x (x 5))) ((lambda (w) w) fib))= ((lambda (x) (x (x 5))) fib)= (fib (fib 5))= (fib 8)= 34

Normal order evaluation would first apply the expression ((lambda (w)w) fib) to the left hand side (twice, once for each x) and then continueto reduce the resulting expression.

((lambda (x) (x (x 5))) ((lambda (w) w) fib))= (((lambda (w) w) fib) (((lambda (w) w) fib) 5))= (fib (fib 5))= (fib 8)= 34

This obviously leads to a loss of efficiency through multiple evaluationof one and the same part of the expression. In our example ((lambda(w) w) fib)) is evaluated twice.

This advantage of applicative order evaluation has led to thestrategy being built into all common Scheme systems. The efficiencybenefits are rated more highly than correctness when reducingparticularly unusual Scheme expressions, like

((lambda (x) 3)((lambda (x) (x x))(lambda (x) (x x))))

which are relatively rare. The (applicative order) evaluation will notreach a result, even though the normal order evaluation terminates:

((lambda (x) 3)((lambda (x) (x x))(lambda (x) (x x))))

Each x in expression 3 is replaced by ((lambda (x) (x x))(lambda (x) (x x))).Since expression 3 does not contain any x at all, there is nothing to do.

However, there is an efficiency problem with the standard Schemeevaluation itself that is tackled in other functional languages (such asGofer) by a change in strategy. The value of the expression

((lambda (w x y z) w) 1 (fib 29) (fib 29) (fib 29))

is 1. The three elaborate calculations of (fib 29) are completelyunnecessary.

This leads to the idea of only ever performing evaluations when thevalue in the expression in question is actually required. Sometimes - asin the example above - it is never needed. This strategy is known as callby need. In contrast to the eager evaluation implemented in Scheme asstandard, call by need is a delayed evaluation (lazy evaluation).

The realisation of delayed evaluation in Scheme simply requirestwo (built-in) language elements, delay, to create a delayed expression(called promise), and force, to force the evaluation of a delayedexpression.Compare the following two versions of crazy

(define crazy(lambda (w x y z)x))

(define crazy-lazy(lambda (w x y z)(force x)))

> (crazy (fib 29)(fib 29)(fib 29)(fib 29))832040

> (crazy-lazy(delay (fib 29)) (delay (fib 29))(delay (fib 29)) (delay (fib 29)))

832040

and try to interpret the different computing times.There is another advantage to delayed evaluation. An expression

that is forced to evaluate using force is not re-evaluated, as we’vealready seen above when we were working with streams. A smallexperiment will emphasise this message.

> (define x (delay (fib 29)))> (force x)832040> (force x)832040

The calculation of (fib 29) for the first force takes noticeably longerthan for the second one.

PROGRAMMING SCHEME



Implementing language elements for streams

Everything is now ready for implementing the language elements usedabove to work with streams. Since streams are closely related to (alwaysfinite) lists, we shall use an analogy between the two.

The definition of stream-cons poses a problem for us: The approach

(definestream-cons(lambda (head tail)...))

is not much use, because when calling stream-cons, tail would also beevaluated, instead of being delayed. We resolve this problem with thehelp of a macro.

(define-syntax stream-cons(syntax-rules ()((stream-cons head tail) (cons head (delay tail)))))

Another useful language element for streams that we have alreadyused above is

(define stream-print(lambda (stm n)(cond((= n 0) (printf “...~%”))(else(printf “~s, “(stream-car stm))(stream-print (stream-cdr stm) (- n 1))))))

stream-print is used to return the first n elements of a sequence. If youare only interested in the n-th member, then

(define stream-n-print(lambda (stm n)(if (= n 0)(printf “~s~%” (stream-car stm))(stream-n-print (stream-cdr stm) (- n 1)))))

will come in handy.

Stream representations of real numbers

For irrational numbers , with natural , interval nestingbbbbb with nnnnnnn for and rational interval boundariesq can be specified.

For example, ***Ima can be constructed using the split-halfmethod.

, if else .

and apply for the initial valuesThe procedure itvs deals with interval nesting.

(define itvs(lambda (a)(letrec((interval-stream-maker(lambda (left right)(stream-cons(cons left right)(let ((middle (/ (+ left right) 2)))(if (< a (* middle middle))

(interval-stream-maker left middle)(interval-stream-maker middle right)))))))

(interval-stream-maker 1.0 a))))

Therefore (infinite!) interval nesting (itvs 2) defines the real number

> (define sqr2 (itvs 2))> (stream-print sqr2 10)(1.0 . 2), (1.0 . 1.5), (1.25 . 1.5),(1.375 . 1.5), (1.375 . 1.4375), (1.40625 . 1.4375),(1.40625 . 1.421875), (1.4140625 . 1.421875),(1.4140625 . 1.41796875), (1.4140625 . 1.416015625)

That makes sqr2= , even though we only get approximate values for asufficiently large i when looking at the rational intervals (with stream-printor stream-n-print). Terminating/non-terminating continued fractionexpansions are also used for defining rational/irrational numbers. There areother theoretical construction methods for defining real numbers, theimportant thing is that we can perform (exact!) calculations using the realnumber sqr2= in Scheme.

Calculating with stream-represented numbers

We are going to demonstrate this for the division of the irrational numbers and , with and .

Because of and ,

applies. It is also possible to show that interval lengths become as small asyou want. These theoretical considerations lead directly to the followingScheme procedure, the result of which is a stream.

(define itv/(lambda (stm1 stm2)(stream-cons(let ((head1 (stream-car stm1))

(head2 (stream-car stm2)))(cons (/ (car head1)(cdr head2))

(/ (cdr head1)(car head2))))(itv/ (stream-cdr stm1)(stream-cdr stm2)))))

As an example, we are going to calculate ,

> (define sqr2/sqr3 (itv/ sqr2 (itvs 3)))

and look at the twentieth interval.

> (stream-n-print sqr2/sqr3 20)(0.8164958693703516 . 0.8164973191071839)

As you can see, it is possible to calculate with the defined infiniteobjects. We shall leave the sum to the reader as an exercise.If you are going to attempt exponentiation of these numbers, pleasebear in mind that the interval boundaries do not remain rational.

The sieve of Eratosthenes

Two final examples from the field of number sequences will illustratehow powerful this concept is. The first one concerns the set of prime

PROGRAMMINGSCHEME


Language elementslist stream

structure (head . <list>) (head . <stream>)first element (car <list>) (define stream-car car)remaining list (cdr <list>) (define stream-cdr

(lambda (stm)(force (cdr stm))))

constructor (cons x <list>) stream-consempty object ‘() ‘()Predicates list? (define stream? pair?)

null? (define stream-null? null?)


numbers, which can be defined as an (infinite) number sequence:Take a sequence of natural numbers starting with 2: 2, 3, 4, 5, 6,

7, ... = (stream-cdr (stream-cdr integers)) Filter out all multiples ofwhatever is the first member of the sequence: 2, 3, 4 , 5, 6 , 7, 8 , 9,10 , 11, ... = (filter-out (lambda (x)(divides? 2 x) (stream-cdr (stream-cdrintegers))) 2, 3, 5, 7, 9 , 11, 13, 15 , 17, ... = (filter-out (lambda(x)(divides? 3 x) (stream-cdr (stream-cdr integers))) etc. The remainingnumbers are the prime numbers.

(define divides?(lambda (t n)(zero? (remainder n t))))

(define filter-out(lambda (praed stm)(if (praed (stream-car stm))

(filter-out praed (stream-cdr stm))(stream-cons(stream-car stm)(filter-out praed (stream-cdr stm))))))

(define sieve(lambda (stm)(stream-cons(stream-car stm)(sieve(filter-out(lambda (x) (divides? (stream-car stm) x))(stream-cdr stm))))))

The prime number sequence results from

> (define prime-numbers (sieve (stream-cdr (Ustream-cdr integers))))

Let’s display the first 100 prime numbers on the screen:

> (stream-print prime-numbers 100)2, 3, 5, 7, 11, 13, 17, 19, 23, 29, 31, 37, 41, 43, 47, 53, 59, U61, 67, 71, 73, 79, 83, 89, 97, 101, 103, 107, 109, 113, 127, U131, 137, 139, 149, 151, 157, 163, 167, 173, 179, 181, 191, U193, 197, 199, 211, 223, 227, 229, 233, 239, 241, 251, 257, U263, 269, 271, 277, 281, 283, 293, 307, 311, 313, 317, 331, U337, 347, 349, 353, 359, 367, 373, 379, 383, 389, 397, 401, U409, 419, 421, 431, 433, 439, 443, 449, 457, 461, 463, 467, U479, 487, 491, 499, 503, 509, 521, 523, 541

Sequence of quotients of neighbouring Fibonacci numbers

If you calculate the quotient of any pair of neighbouring Fibonaccinumbers, you will find that it seems to settle around a certain value,1.61803.... Before calculating the respective limit, the quotientsequence helps to establish the hypotheses.

(define fibquot(lambda (stm)(stream-cons(/ (stream-car (stream-cdr stm))

(fixnum->flonum (stream-car stm)))(fibquot (stream-cdr stm)))))

> (stream-print (fibquot fib-stream) 18)1.0, 2.0, 1.5, 1.6666666666666667, 1.6, 1.625, U1.6153846153846154, 1.619047619047619, 1.61764705288235294, U1.6181818181818182, 1.6179775280898876, 1.6180555555555556, U1.6180257510729614, 1.6180371352785146, 1.618032786885246, U1.618034447821682, 1.6180338134001253, 1.618034055727554U

Summary

Infinite objects can be defined, stored and processed using streams.The components of these objects (intervals, sequence members, etc.)always form a potentially infinite (e.g. set of all real numbers) orcountable set (set of all integers). In contrast to uncountable sets,countable sets have as many elements as there are natural numbers.

The entire set of real numbers cannot be stored on a computer.That has given us some pretty abstract insights. The Scheme

procedures that we developed and implemented helped us to put thefacts in concrete terms and (hopefully) contributed to theirunderstanding.

HTML programming with Scheme

Anyone who has ever created or updated HTML documents without aWYSIWYG editor, by just working on the plain source text, will soonnotice a certain lack of clarity, even within files they’ve writtenthemselves, and begin to search behind the multitude of tags for theactual content they were meant to be updating. If there were anoption of defining the content at the beginning of the document andof specifying the structure and formatting later on, this task would bemuch easier. But HTML is set in its ways and relatively inflexible.

The Scheme HyperText Generator allows the generation of HTMLdocuments using Scheme. This involves what is more or less a newScheme-based scripting language: HTSS (HyperText Scheme Source)provides powerful language elements from the Scheme world,together with the option of adapting and extending it. Schemelanguage elements make it possible, for example, to organise thedocument contents in an abstract way to begin with and to deal withthe translation into a concrete structure and formatting afterwards. Inthis way, the source text remains clear and changes to the appearanceof similar elements only have to be made once, because they are goingto affect all of these elements.

As you will see, HTSS enables you to build up a documentdescription language which bears no relation to HTML, apart from theend result.

The idea of creating HTML documents with Scheme comes fromKurt Normark, who already presented his adaptation (LAML) in theissue 8. In contrast to his approach of providing easy-to-use languageelements for document generation, SHTG is aimed at the creativeapplication of Scheme programming knowledge. In this article we aregoing to show how higher functions can be implemented with existingprocedures, in order to demonstrate how powerful HTSS is.

SHTG

HTML is a language that describes the structure and formatting ofcontent with tags and Cascading StyleSheets (CSS). The tags should becorrectly nested and ideally result in an HTML tree. This hierarchical tagstructure will be represented by similarly nested Scheme procedures fromwhich SHTG (Scheme HyperText Generator) generates an HTMLdocument. However, unlike HTML tags, Scheme procedures can beextended and redefined, which makes them considerably more powerful.

The basic principle is to assign a Scheme procedure of the same nameto each HTML tag. (with the exception of the tag <map>, which becomeshtml-map, because a procedure called map already exists in Scheme.)These procedures can now be used to generate HTML documentsdirectly, or as a basis for implementing more powerful languageelements, which constitute the main strengths of this approach.Furthermore, tags can be adapted to language-specific requirements.

PROGRAMMING SCHEME



HTSS

The language used in connection with SHTG is called HyperTextScheme Source, or HTSS for short. To begin with, let’s look at a simpleexample that only uses standard procedures:HTSS HTML(html <html>(head <title>window-title</title></head>(title “window-title”)) <body (body bgcolor=”#000000”

text=”#ffffff”>`(bgcolor “#000000”) Content</body></html>`(text “#ffffff”)“Content”))

That is more or less a 1:1 translation of a tiny HTSS document into aHTML file, which naturally doesn’t show the real strengths of HTSS.You will already notice, however, that with HTSS there is no need toworry about closing tags - when a bracket is closed, so is the tag,although there are exceptions where no closing tag exists (such as<img ...>), but HTSS takes these into account.

Of course, tags can also contain attributes. While this happens in theform of </tag name=value> in HTML, specification in HTSS is handled asfollows: (tag ̀ (name value) ...), where the value type can be symbol,number or string. The character before the list is not a quote but abacktick (the key to the left of 1), and is the short form of (quasiquote<list>). This allows us to evaluate variables within the list, which must beidentified by a leading comma. Instead of the three dots other attributescould, of course, follow with the same format. Once all attributes havebeen specified, the content follows, which must always be a characterstring. If further functions are nested within the structure, their returnvalue will still be a string. Let’s have a look at an example:

(define colour1 “#ff0000”)(define colour2 “#0000ff”)(define text1 “... red text on black background”)

(html(head (title “window”))(body`(bgcolor “#000000”)`(text ,colour1)`(link ,colour2)(big text1)))

As you can see, the colour specifications (colour1 and colour2) in theattribute lists of the body tags are marked with a comma in order toevaluate them within the list, i.e. to insert the respective definitions from thebeginning of the document. That allows ordered global formattingchanges, if these variables are referenced several times in larger documents.

Defining your own functions

We are going to demonstrate the extendibility of HTSS throughdefinition of new procedures with an example:

;==================================; define required procedures;—————————————————(define webpage (lambda (t . k)(html (head (title t))

(apply body k))))(define chapter (lambda (x)(string-append (p _) (h1 x))))

(define picture (lambda (source text . size)(let ((width (if (> (length size) 0)

(car size)#f))

(height (cond ((= (length size) 1) (car size))((> (length size) 1) (cadr size)))))

(if width(img ̀ (src ,source) ̀ (alt ,text )

`(width ,width) ̀ (height ,height))(img ̀ (src ,source) ̀ (alt ,text ))))))

(define section h2)(define heading h3)(define text p);===========================; and this is the source text;—————————————-(webpage “My Homepage”(chapter “Introduction”)

(section “Who am I?”)(heading “General”)(text “My name is ... and I was born in ... “)(heading “Hobbies”)(text “I am especially interested in ...”)

(section “What do I do?”)(text “Within my ...”)(picture “work.gif” “Me at work” 300 200)

(chapter “My Projects”)(section “Project 1: ...”)(heading “Terms of Reference”)(text “Drawing up ...”)(heading “Preparation”)(text “Before starting with ...”))

First of all, the procedure webpage receives the name of the page as itsfirst parameter (t), which is then displayed as the window title. Allremaining entries are combined in the second parameter (k). The firstvalue is used to call the function title, which in turn is located withinhead. Then body is applied to the actual body of the text with apply.An interim evaluation step will clarify this. First, we process the call(webpage “My Homepage” (chapter ...) ...)

(html(head(title “My Homepage”))(body(chapter ...)...))

In the next step (“Introduction” chapter) is evaluated. There should bea blank line before each new chapter. We achieve this using an emptyparagraph. In HTML this would be <p> </p>, whereas in HTSS itsimply looks like this: (p _). Underscore is a predefined variable for anon-breaking space. After this blank paragraph we would now like theactual chapter heading with the largest possible font size. Each of thefunctions p and h1 returns a character string, just like all other tagprocedures. The same is true of the procedure chapter, of course, so itmust append the two strings with string-append first:

(html(head(title “My Homepage”))(body(string-append “<p> </p>” “<h1>Introduction</h1>”)...))

PROGRAMMINGSCHEME



We shall not go into details regarding the function for insertingimages. Suffice it to say that it receives a path for the image,alternative text and optional size information. The specification of onlyone number results in a square image of the appropriate size, while inthe case of two values the first one is the width and the second onethe height.

The remaining functions are self-explanatory since they correspondto their HTML counterparts.

It should be clear by now that it is possible to ignore HTML itselfentirely, as long as the relevant procedures are loaded. You coulddevelop your own page description language and use only that. Allyou need to do is implement the appropriate language elements once(or have them implemented for you). Should you ever find that one ismissing, it is easy enough simply to fall back on the standard HTMLtags, which are also still available.

Now we are going to demonstrate the special capabilities of HTSSby creating more powerful functions. Scheme offers a wide variety ofopportunities that can be utilised in HTSS. Let’s assume that we wantto perform certain calculations with a sequence of numbers and todisplay the result as a table on the WWW. In the example we arecalculating the Fibonacci numbers (2nd column) from i (1st column)and the quotients of two consecutive Fibonacci numbers (3rd column).You already know the Fibonacci sequence from the first part of thearticle when we were discussing streams.

;=======================; required procedures;———————————-(define fib(lambda (n)(if (< n 2)

1(+ (fib (- n 1)) (fib (- n 2))))))

(define line(lambda (i)(tr (th (number->string i))

(td (number->string (fib i)))(td (number->string (/ (fib i) (fib (- i 1))))))))

(define table(lambda n(html(head (title “Table”))(body(div `(align center)(table `(border 1) `(cellpadding 5) `(cellspacing 0)(tr (th “i”)

(th “fib(i)”)(th “fib(i) / fib(i-1)”))

(apply string-append (map line n))))))));=============; “source text”;——————-(table 1 2 3 4 5 6 7 8 9 10)

The procedure map applies the specified function (line) to theparameter list n. The return value of map is a list containing strings.They are no use to us as a list, however, as we can only work with thestrings themselves. By applying string-append to the entire list, allstrings contained are concatenated and we receive the desiredcharacter chain with the results. This is done using apply. If we try thisnow, we will receive a table containing the values we were looking for.

By making a few amendments, it is also possible to avoid a staticrepresentation of the calculation formulas like above, but rather toinclude them in the call. That would already provide considerablefunctionality. Without referring to the actual Scheme procedures indetail, the call could then look like this:

(calculate‘((x . “Nett Price”)((* x 0.07) . “VAT (7%)”)((* x 0.16) . “VAT (16%)”)((* x 1.07) . “Retail Price (7%)”)((* x 1.16) . “Retail Price (16%)”))

‘(15.78 29.80 14.26 39.03 45.12 19.25 33.45 22.34 25.56))

Libraries

The required procedures will be collected in an extendible library andre-used later. This is not possible for the CGI variant, since all of yourdefinitions only apply to the current session. That is different for theinstallable version, where functions can be combined in files, whichcan be loaded as required. An example for such a library can also befound on the SHTG Web page.

Order and structure

In contrast to HTML, SHTG uses the bracket-structure that is typical forScheme. On the one hand this takes care of controlling the structures, onthe other it makes them difficult to handle without the support of a specialeditor, e.g. providing features such as highlighting matching brackets.Once you have about 20 brackets in a row, it becomes impossible to tellwhich tag is closed where. This is particularly annoying when you want toinsert something. In HTML it is completely obvious from the closing tags.For this reason, SHTG offers the possibility of marking bracketsappropriately, thereby considerably increasing the clarity of the source text.This is done by inserting the tag name as a symbol before the closingbracket. Symbols can be recognised by the apostrophe or backtick. Werecommend the use of backticks, which we already know from theattribute lists. There is no syntax checking, however, so that evennonsensical names will be formally accepted at this point.

(html(head (title “Main_Window”) ̀ head)(body(div ̀ (align center)(p “Table 1”)(table ̀ (border 1) ̀ (cellpadding 5) ̀ (cellspacing 0)(tr(td “field 1”)(td “field 2”))(tr(td “field 3”)(td “field 4”))`table)`div)`body)`html)

Without the identification of the last four brackets, the characterchain ‘field 4’ would be followed by six closing brackets and it wouldnot be immediately obvious which one belonged where.

Style sheets

In order to apply a certain style to a HTML file you can use the font tagor create a consistent document layout with style sheets. The W3consortium recommends the latter, of course, the reason being thatshould the entire layout of a finished HTML file that has beenformatted with font need to be amended, each individual font tag willhave to be adjusted. If the same file had been formatted using a style

PROGRAMMING SCHEME



sheet, only this would need to be changed. Furthermore, several filescan access the same CSS, which means that a certain consistency isapparent within a project that is not only aesthetically pleasing, butalso points to a connection between the contents.

Nevertheless, there is still an orderly and standardised way of usingthe font tag in HTSS. Due to the ability to define new procedures, ortags, it is equally possible to attach certain style properties to thesetags. Let’s define a few new p-tags:

(define p-cn(lambda x(font ̀ (face “courier new, courier, monospaced”) (apply p x))))

(define p-blue(lambda x(font `(color “#0000ff”) (apply p x))))

This variant is almost as consistent as style sheets and almost as easy toamend, but unfortunately not as powerful. Admittedly, it is possible todo a whole lot more with CSS. However, the aim of HTSS it is not toreplace style sheets - you can use style sheets just as easily in pagescreated with SHTG as in any other HTML documents. A page createdwith SHTG contains its entire content and therefore also - hence the‘almost’ - all its formatting. The only advantage becomes apparentwhen downloading such pages. If the CSS file for a downloaded Webpage is missing or cannot be found, the page can sometimes lookpretty bad compared to the original on the Web, something thatwon’t happen with SHTG-generated documents. Why don’t youexperiment a bit for yourself!

Summary

You have learned about Scheme as a means of HTML programming withthe capacity for wide-ranging extensions. With Scheme we were able todescribe the structure of complex source texts in an orderly manner,without worrying about actually producing the final document. Due tothe importance and popularity of Web programming this is also anapproach to generate interest in Scheme and its possibilities.

With regard to teaching, SHTG also has the advantage of allowingstudents with Scheme knowledge to look at the paradigm of scriptinglanguages from a structural perspective.

The authors

Professor Christian Wagenknecht teaches Theory of InformationTechnology, Programming Paradigms, Web Databases , Scientific WebPublishing, etc. in the Information Science and Technology faculty ofthe Technical University of Zittau/Gorlitz. For over 20 years he has beenstudying the use of non-imperative programming (Logo, Scheme,Prolog, Smalltalk, Java) from a didactic perspective. He bought the firstSuSE Linux distribution as a set of diskettes in 1993.

Ronald Schaffhirt is one of Professor Wagenknecht’s students andhas developed Scheme for Web programming (CGI) and SHTG. Theresulting material will be included in the course “ProgrammingParadigms” (section: scripting languages). He is currently in his fourthsemester of studying Information Technology while continuallydeveloping SHTG on the side. ■

PROGRAMMINGSCHEME


1/2 Anzeige DIGITAL NETWORK

not SuSE


SOFTWARE KIDS’ LINUX

Children are more curiousthan adults, making the

considerations different. Ifthe PC is ‘just’ for the kids they

can play around and break theinstallation as their parents have

probably done in the past. However, ifthe machine is shared with adults, it must be lockeddown to protect work. Most parents would feeluneasy about letting their children loose on theirfavourite UNIX clone.

It’s worth considering an extra machineexclusively for children. A 486 or early Pentium maycost only £50 or so, but it will be adequate for mostyounger children’s needs. They can always use yourPC for 3D games or resource-monsters like Mozilla.

Most distro disks include applications for youngerchildren. Oneko, Xpenguins, Gcompris, CircusLinuxand Mathwar are available in Debian unstable. Thenext stable release of Debian will contain a specialsection just for young people - debian-jr - aiming to

make Debian GNU/Linux appealing to people aged 2-99. Initially, the project is concentrating on making adistribution for 2 to 8 year-olds and those who willadminister their machines. All the software concernedis also available for other Linux distributions as sourcetarballs or RPMs.

Now I understand

Gcompris (pronounced j’ai compris) is a skills-building game for children aged 3 years old and up.As well as typing, arithmetic and time-telling, ithelps to build mouse skills. Gcompris aims to be acentral user interface for many small educationalapplications - set out as boards within the game.The user manual even gives instructions ondeveloping new boards.

A mouse skills board involves clicking on fishbefore they swim off the screen. My children foundthe Learning Clock board a little confusing, as thehands are the same length. Make the Puzzle is ajigsaw game featuring famous paintings (so you caneducate your children in art history while they play).

Typing skills and co-ordination are coupled withcounting and arithmetic in a series of boardsinvolving typing in the correct answer before theobject falls to the ground - letters in the case ofSimple Letters and whole words in Falling Words.Another board involves counting the spots on a dieand typing the number in time.

These games keep children amused for hours,all the while developing their skills. Meanwhile, ifyou would like to sharpen your C skills, code a newboard.


Games for education. Games for fun.

YOUNG ATHEART

RICHARD SMEDLEY

Children take PCs for granted. Those of us

administrating a child’s GNU/Linux desktop don’t

have that luxury. Here we take a look at applications

for younger computer users with three games -

Gcompris, CircusLinux and MathWar.

And the band played on...

096linuxkids.qxd• 07.05.2001 12:13 Uhr Seite 96

SOFTWAREKIDS’ LINUX

Oh what a circus

Circus linux is the famous clown jumping, balloonpopping game, ported by Bill Kendrick. It is a cloneof the Atari 2600 game, Circus Atari. A clown isfired out of a cannon onto a see-saw, whichbounces a second clown into the air to popballoons. It accommodates one or two players, andhas different difficulty levels. Windows and Macversions are available pre-compiled.

Moving the slide accurately from the keyboardis extremely difficult. However, if your children areadept, they will quickly take to this addictive game,with its jolly circus-style music and sound effects.Very amusing - it makes all the young visitors to ourhouse laugh. And as a great aid to improving hand-eye coordination, you can excuse the hours you mayfind yourself playing the game too.

Adding up to fun

MathWar is good for those just learning their sums.Numbered pairs of cards are presented along with a+, - or X operator. You must submit the answer at apredetermined time. The computer may submit aguess itself if you take too long. Whoever answerscorrectly gets the points. If the computer guessesyou can decide whether the computer’s guess is

right for extra points. The game ends after anumber of rounds (default 20). Set the levels soyour child can just beat the computer if they like achallenge. Easy configuration of the settings meansthat I can maintain a difficulty level that keeps mysix year-old daughter interested.An HTML manual with well-written, simpleinstructions is a delightfully surprising addition toany piece of software. Well done Ken Sodemann. ■


Info

Gcompris http://gcompris.sourceforge.net/CircusLinux http://www.newbreedsoftware.com/circus-linux/Linux for 2-8 year olds http://www.debian.org/devel/debian-jr/Find rpms of the games you want at http://rpmfind.netAll games were tested on a P233/32MB RAM/640x480 VGA running DebianGNU/Linux with a 2.2.18 kernel.

■

How smart would youlike your PC?

[left]Gcompris

[right]Catch a falling letter

[left]Make the Puzzle - a jigsaw with culture

[right]Learning Clock - but which hand is which?

All in the mix

096linuxkids.qxd• 07.05.2001 12:14 Uhr Seite 97

SOFTWARE DESKTOPIA

We all know the scenario: Something in the systemis hanging, and a tedious look into the log filesunder /var/log/ is necessary to track down theevildoer. Even when there are no acute problems, itis clearly better to be kept informed at all times soas not to have to go troubleshooting in the log fileswhen it’s too late. With Root-tail, all the informationyou want from log files you can obtain, withoutmouse clicks, on the desktop background.

Something special

There are numerous tools which track log file entriesand report their (hopefully) good news. But whowants to keep a window open on their desktop all thetime, just to note the sign of life from the syslog every20 minutes? Surely it would be much nicer to havethis directly on the desktop: No separate window,which has to be closed, opened or moved around,and nothing to interrupt the beloved backgroundgraphics. Such a program does exist: Root-tail.

Off we go!

If your own distribution does not have a finishedroot-tail packet among its baggage, it will help if yougo to the source code of the program or take a lookat http://www.goof.com/pcg/marc/root-tail.html.The archive that you can get there is easy to install.The basic requirements are (as ever) the X-Includes,which can be found in SuSE in the xdevel packet. Ifthe X-Includes are on the hard drive, the first step inunpacking the archive is done. After that, create aMakefile with the tool xmkmf, which the followingtool make uses to read off exactly what needs to bedone. Consequently, you don’t need a lot ofexperience, as your system does everything for you.After that, a make install and make install.manfollow, with which just the completed program andits documentation are copied to the right places andthe correct rights are set:

jo@planet ~$ tar xvzf root-tail-0.0.10.tar.gzjo@planet ~$ cd root-tail-0.0.10jo@planet root-tail-0.0.10$ xmkmf -ajo@planet root-tail-0.0.10$ make

jo@planet root-tail-0.0.10$ su -Password:root@planet ~# cd /home/jo/root-tail-0.0.10root@planet root-tail-0.0.10# make installroot@planet root-tail-0.0.10# make install.manroot@planet root-tail-0.0.10# logout

Nothing happening?

The syntax to start Root-tail is simple: As withalmost all programs, you obtain information on thisby entering the option ”–help” as you go along –thus ”root-tail –help”. Anyone who wants it a bitmore precise and extensive should consult the manpage, which can be found via ”man root-tail”. Ifyou want to place the popular log file/var/log/messages on the desktop, you might usethe following command:

root-tail /var/log/messages

But since, as a prudent Linux user, you do not startan X-session as ”User root”, a problem arises: root-tail answers with a curt ”/var/log/messages:Permission denied”. Quite right too, because thesefiles are nothing to do with the normal user. Soroot-tail has to be started with root-rights to do this.

Super

A good tool allowing a user to start a specificprogram with root-rights is super. super shouldcome with every distribution. super is configuredwith the file /etc/super.tab, in which we simplyallow the user jo also to start root-tailas superuser:

root-tail /usr/X11R6/bin/root-tail jo

The first word states which command is involved (inthis connection new names can also be invented),followed by the command to be executed, andlastly the name of the user who is to be authorisedto start the command as root (additional usernames can be added easily, separated by a comma).After this simple configuration, root-tail starts withroot rights via the command


Only you can decide how

your Linux desktop looks.

We take you with us on a

journey into the land of

window managers and

desktop environments,

presenting the useful and

the colourful, viewers

and pretty toys.

Jo’s alternative desktop

ROOT-TAILJO MOSKALEWSKI

098desktopiasbd.qxd• 07.05.2001 12:38 Uhr Seite 98

SOFTWAREDESKTOPIA

super root-tail /var/log/messages

But here again, the desired log file still does notappear on the user desktop, and instead root-tailresponds with ”Error opening display (null).”:

Accessing the X-Server

Even root cannot simply use some other desktopillegally as output medium: The X-server has its ownaccess control. This is governed in the hidden file~/.Xauthority and as the user root can read the dataof every user, it can simply make joint use of that ofthe user. The simplest variant of this is the setting ofthe environment variable XAUTHORITY:

export XAUTHORITY=/home/jo/.Xauthority

But that’s not all: As root has not started an X-server, this permission is insufficient because ourprogram cannot make use of this until it also knowsthat an external display is to be used. Here again,the setting of a variable helps:

export DISPLAY=:0.0

Before what is now being described is pulledtogether, here is a little test, which illustrates thenecessary basis and ought to function:

jo@planet ~$ su -Password:root@planet:~# export XAUTHORITY=/home/jo/.XUauthorityroot@planet:~# export DISPLAY=:0.0root@planet:~# root-tail /var/log/messages

In this case, root-tail can be ended with the keycombination Ctrl+C.

Puzzle

Since now as root two variables still have to be setbefore starting root-tail, this can no longer occurwith a simple command. A little script can help here– although it is then no longer root-tail, but theentire script which is started via Super (the variable,too, must set root, if they are valid for it). It is best tomake a file /usr/local/sbin/root-tail.username withthe following content:

#!/bin/shexport XAUTHORITY=/home/username/.Xauthorityexport DISPLAY=:0.0/usr/X11R6/bin/root-tail /var/log/messages

Since scripts called up via tools such as Super caneasily be misused as the result of modifications, thefile should only be read/write for root (otherwiseanyone who could change the file and start it viasuper could start any programs they liked in itsimply by adding!). Therefore type as root:

chown root.root /usr/local/sbin/root-tail.uUsernamechmod 700 /usr/local/sbin/root-tail.username

And then adapt the configuration file super.tab:

root-tail /usr/local/sbin/root-tail.username jo

And from now on /var/log/messages appears on theuser desktop after entering super root-tail.

Admittedly, because of the user rights and theaccess to the X-server, there is a lot of work initially,but once you have understood and applied this, it’seasy: super releases any programs for one or moreusers, and a script allows graphic output. Thismethod can be transferred to countless programs –to your favourite file manager for example, whichyou can then place a second time, but with rootrights, in the Start menu. This then starts withoutany additional password challenges whatsoever.And that’s worth a bit of effort.

Personal edition

root-tail can obviously be adapted to your ownrequirements. The most interesting options herecould be the following:

-g states where Root-tail should appear on thedesktop, and also the number of characters to beshown is defined hereby. A ”-g 120x13+20+20”moves Root-tail by 20 pixels away from the edge ofthe desktop and sets its size at 13 lines, each with120 characters. Another helpful option here is -frame, which can be used for test purposes todisplay a frame until the optimal geometryspecification has been found.

-color sets a standard font colour. Each log filecan also be given its own, by specifying a colourname when calling up the log file:”/var/log/messages,green” (see Figure 2).

-font: By their nature, fonts with a fixed widthare most suitable here, thus 5x7, 5x8, 6x10 etc upto 12x24. Exactly which ones are available dependson the distribution being used. The tool xfontsel canhelp with the selection.

-shade gives the letters a shadow. ■


Note with respect to KDE 2

KDE 2 lays a frameless windowover the entire desktop andthus covers everything anotherprogram paints onto thedesktop. We do not know ofany solution for using root-tailin conjunction with KDE 2.

[left]Figure 1: Root-tail on the desktop

[right]Figure 2: root-tail -g 120x13+20+20 -colormistyrose1 -fn 6x13 -shade/var/log/messages/var/log/kern.log,red

098desktopiasbd.qxd• 07.05.2001 12:38 Uhr Seite 99

SOFTWARE OUT OF THE BOX

Mini-distributions, even if they are often largelyignored in the shadows of their bigger siblings, areuseful tools. The spectrum ranges from the specialdistribution, which system administrators like to use

for diagnosis and correcting faults, to the almost-complete Linux desktop for older hardware (see theOther Mini-distributions box also).

HAL91 is specially conceived for somewhatolder computers and is an ideal playground for allthose who want to control their system without anygraphical tools. This distribution can also be used asan emergency system, too, or general installationdiskette (with a little manual work).

The requirements to run HAL91 turn out tobe correspondingly modest. It can be started withany processor from the 80386 onwards,equipped with at least 8MB RAM. It was alsoimportant to the developers not to use thehigher density diskette format, since a fewdrives have problems with this. HAL91 wasdeveloped by Øyvind Kolås and since January2000 it has been undergoing refinement bymyself (Christian Perle).


Mini-Distribution

POCKET LINUX

CHRISTIAN PERLE

There are thousands of tools and

utilities for Linux. Out of the Box

chooses the pick of the bunch and

suggests a little program each

month that we feel is either

absolutely indispensable or unduly

ignored. To keep in line with the

main focus of this issue we are

bending our rule a bit this time

round and devoting ourselves

entirely to just one, entire

distribution - but one which

nevertheless runs from a single

diskette: HAL91.

Higher density: Formatting a diskette with more than the usual 1.44MBcapacity (about 1.72MB).

Disk-Image: The image of a complete diskette as a file. With suitable programsthe diskette including Bootsector can be created from this.

Bootsector: The first sector on a diskette or another data medium which cancontain executable code to start an operating system (boot).

dd: This Unix command serves for direct read/write of block-oriented devices. Thedata read can if necessary be converted into the format.

BIOS: Basic Input/Output System. This minimal system sits permanently in thecomputer and ensures it is possible to load an operating system from diskette or

hard drive.

■

100ootb.qxd• 07.05.2001 12:49 Uhr Seite 100

SOFTWAREOUT OF THE BOX

What do you need?

On the HAL91 homepage http://home.tu-clausthal.de/~incp/hal91/ you will find the Disk-Image hal91.img. If you do not yet have Linux onyour computer and have to install fromDOS/Windows, you will also find the DOS programrawrite2.exe there.

How do you install it?

Since we are dealing with a ready-made disketteimage, all we have to do is write this on a formatteddiskette. If you already have Linux up and running,the following dd command (to be entered by theroot administrator) is sufficient:

dd if=hal91.img of=/dev/fd0

Under DOS/Windows you should instead userawrite2.exe:

rawrite2 -f hal91.img -d a:

Start me up

To boot from the diskette, you may need to changethe boot sequence in the BIOS setup of yourcomputer to A:,C:. With the HAL91 diskette in thedrive, re-start your computer. After about 60 seconds,the mini-Linux is loaded and announces itself with alogo in the console (Figure 1). The diskette can thenbe taken out of the drive after booting because thesystem runs completely in the RAM.

As in the ‘big’ distributions there are also severalvirtual consoles available in HAL91 (reached via ALT-F1 to ALT-F4). There is no need to log in, as a Shellwith root privileges is running on all consoles.

Especially with older computers, there is rarelyanyone who actually remembers what hardware isactually inside them. HAL91 helps to identify manycomponents. So IDE hard disks, ATAPI CD-ROMdrives, NE2000-compatible network cards and


Figure 1: The HAL91 console

Shell: One of the most important components of every Unix system - thecommand line controlled user interface of the system.Kernel: The operating system acts as the interface between hardware and anyprocesses running. It also makes multitasking and memory managementavailable. The real Linux is only the kernel.ext2: The Second Extended Filesystem is now the most commonly used filesystem under Linux. It provides files and directories with rights and assigns themto owners and groups.Manpage: Manpages (short for Manual pages) are an online referencehandbook for Unix commands. They are called up using man commands. Thereare no manpages included in HAL91 due to lack of space.Mount: Under Unix systems, data media are not assigned drive letters, butmounted in the file system. A directory provided for this (the Mountpoint) servesfor access to the content of the data medium.Shell script: A text file with commands which are automatically processed insequence by the shell.Nullmodem cable: A cable to connect two computers directly via the serialinterface. Unlike normal serial cables, in this case the send and receive lines arecross connected.PPP: The Point to Point Protocol connects two computers via a serial line (modemor null modem) with the TCP/IP protocol.

■

Listing 1: Extract from the kernel messageshda: TOSHIBA MK1924FCV, 518MB w/128kB Cache, CHS=1053/16/63ide0 at 0x1f0-0x1f7,0x3f6 on irq 14Floppy drive(s): fd0 is 1.44MFDC 0 is an 8272APPP: version 2.2.0 (dynamic channel allocation)


SOFTWARE OUT OF THE BOX

diverse PCI devices can be recognised and usedfrom time to time.

The commands dmesg to display the Kernelmessages and cat /proc/pci, which lists the PCIdevices. Listing 1 shows an extract from the kernelmessages on a Toshiba 100CS Notebook.

These messages are telling us that an IDE harddrive (hda, thus the first device on the first IDEcontroller) which is a Toshiba with 518MB, split into1053 cylinders, 16 write/read heads and 63 sectorsper cylinder, has been found. The next line showsthat only one IDE controller (ide0) is present. Thereis also a diskette drive (fd0), which is connected tothe controller FDC 0. The last line of the extractrelates the support that exists in the kernel for PPP.

What else?

The command e2fsck for patching up the ext2file systems, is included, with which you might beable to resuscitate wounded Linux installations. Youmust, however, first read the associated Manpage.

So that you can also mount hard diskpartitions, diskettes and CD-ROMs, the commandsmount and umount are included. ext2 (Linux), vfat(for long filenames from Windows 95/98) andiso9660 (for data CDs) are all included.

Small, but networked

HAL91 can also make contact with the worldaround it, to a limited extent. If the computercontains an NE2000-compatible network card, thiscan be configured using the commands ifconfig androute, to work with telnet, ftp or ncp on remotecomputers or to transfer files. The program ncp hasalready been discussed in an earlier Out of the Boxarticle (Linux Magazine Issue 3 p.114). You can find

an example of using ifconfig and route in the Shellscript init.net in the/bin directory.

If there is no network card, you can still makeuse of the Nullmodem cable. Using the shell scriptppp-nullmodem - which can also be found in the/bin directory - make a PPP connection betweentwo computers running under HAL91. This willinvolve having to swap the IP address used in thescript on one of the two computers, so that thepppd commands look as follows:

pppd /dev/ttyS1 115200 asyncmap 0 noauth persUist local passive nodefaultroute 192.168.0.1U:192.168.0.2

on one and

pppd /dev/ttyS1 115200 asyncmap 0 noauth persUist local passive nodefaultroute 192.168.0.2U:192.168.0.1

on the other computer.

An editor for all seasons

A text editor is also part of the package withHAL91. The Unix standard editor vi was quitedeliberately chosen for this. This may not be as easyto learn as other editors, but it has the mostfunctions in proportion to its small memory spacerequirement. A good introduction can be found athttp://www.infobound.com/vi.html. Experimentwith this editor, it’s worth it!

From this point of view, HAL91 is also a suitablesystem for dry runs with Linux. So long as nothingelse is mounted, everything runs in the RAM and is,unbreakable. Finally, it is also possible to find outwith no risk what happens if libc.so.5 is deleted.

For the advanced student

Having once discovered this toy/tool, you may wellwant to make your own adaptations. HAL91 isbased on kernel 2.0.36 and libc 5.3.12. To compileyour own kernel for this distribution it is best to stayin line with the existing configuration, which isstored on the diskette as the file kconf. In any event,support for the Initial Ramdisk (initrd) should be partof the compilation.

To swap programs you will have to change thecontent of the compressed RAM disk (initrd.gz). Todo this, copy the file onto a hard disk partition anduncompress with gunzip, in order to then mount itvia the Loop Device.

Now you can potter about to your heart’scontent in the file, deleting or adding programs.When you do though, bear in mind that theprograms can, at the most, be linked to libc 5.x,libm 5.x or libtermcap. Also, after unmounting andre-compression using gzip -9 the file must not betoo big for the diskette. That also sets the limits forHAL91: A graphical user interface with X11 thusfalls victim to the requirements of space. ■


Loop device: With the loop device it is possible to mount files like partitions. Asyntax example of this reads mount -t ext2 -o loop initrd /mnt - where the file

initrd is mounted as ext2 file system on the directory /mnt.Router: A router is used for passing on (forwarding) IP packets to specific

destination IP addresses. From its Routing Table, it knows which route a packetshould take, depending on the destination address.

■

Other Mini-distributions

Of course, there are other mini-Linuxes apart from HAL91. Threespecialised examples are worth mentioning in this respect: tomsrtbt (Tom’sRoot Boot Disk) is especially good for use as a rescue system, while withmuLinux an attempt is made to capture as many applications as possible onone diskette, and fli4l provides a complete ISDN router solution on adiskette. Reference sources are http://www.toms.net/rb/home.html fortomsrtbt, http://sunsite.dk/mulinux/ for muLinux and http://www.fli4l.de/for fli4l.


CONFERENCE UKUUG


You are looking for a recommended

financial advisor. Who do you trust

to tell you which one is well

informed and impartial: their clients

or other advisors, your friends or an

independent financial agency? Do

you trust those recommended

opinions? How do you evaluate

those opinions and what weight

should you give them?

You maythink word ofmouth is

enough, but doesit quickly tell you

everything you need to know?Can word of mouth be automated by a

computer? Can word of mouth be digitally signed?The practice of finding resources for every day

business and personal issues is so common-place thatno-one has considered what it might be like to havethe same capability available to them via the Internet.Trust Metric Evaluation is likewise a simple concept: itallows for the automated evaluation of people’sopinions - in a Web of Opinions, with far-reachingconsequences for the day-to-day way in which weconduct our business, across the world.

Trust Metrics is a means to evaluate a chain, orweb, of opinions. Evaluation of a Web of Trustrequires that you specify whom you trust implicitly foropinions. This becomes the centre of your web - theseeds. The seeds have specified their opinions ofother people, or the things that other people havedone, said, written, performed etc., and then thosepeople have specified their opinions etc. Trust MetricEvaluation limits the chain of ‘opinions of opinions’ asit were, resulting ultimately in a means to provide anunbiased, verifiable, and reasonably impartialappraisal.

The only way for an individual to receive a betterevaluation is to actually do something that isworthwhile for someone who is reasonably close tothe centre of the Web of Trust to express theiropinion of them or their actions. Equally, if they dosomething contrary to the trust that has been placedin them, the opinion can just as easily be revoked...

Imagine that you require the services of afinancial advisor. You have no idea how to go aboutthis or who to trust. So, you go to

myfavouritefinancialadvisors.com and lo and behold,they are running Trust Metric evaluations of financialadvisors. Other financial advisors, their clients, andthe Independent Financial Advice Bureaus of 15 U.S.States and 10 separate countries across the world areinvolved with this site, expressing their opinions as tothe reliability of the advice given by the financialadvisors listed on the site.

You conclude, ”hmm: I only really trustIndependent Financial Bureaus, but there was ascandal with one of them recently, so I am notinterested in their opinions”. So you select sevenbureaus you’ve heard of, and seven that you haven’t,as the seeds for the Evaluation you wish to perform.Setting these 14 bureaus at the centre of your Webof Trust, you ask the site to perform an evaluation.You ask it to list the top 100 financial advisors it cancome up with, that have had Reliability opinionsexpressed on them from at least two bureaus, four oftheir peers, and at least five clients. You wait a fewseconds, and lo and behold, there are only 10financial advisors that meet your exactingrequirements.

Well, that’s good enough to start with. So, youstart to explore these people a bit more, browsingtheir credentials online. Click click hmm, funny: fiveof them all seem to work for the same company. Ah,but wasn’t there some sort of financial irregularityabout that company in the news, recently? Whoops,don’t think I’ll be using them! Ahh yes – I see whythey came up so high in my criteria. A number oftheir former clients have made use of this site toexpress their dire opinion of this company’s activities.Oh dearie me, it looks like the bureaus haven’t gotround to revoking their certifications of these peopleyet. Ah well. Maybe they are trustworthy, but I’m notusing them.

Click, what about this one? He’s a small-timefinancial advisor, but he has ratings from (click click)five Bureaus that say that he gives sound advice andsome of his peers have also rated him as very good.Let’s see – yes, they too are all rated by at least two ofthe original 14 bureaus I specified as the seeds, and hehas reports of quite varying degrees from hiscustomers. Yes, they’re all pretty good, except for one

Take it on trust

TRUST METRICS

LUKE KENNETH CASSON LEIGHTON

068metrics.qxd• 07.05.2001 11:02 Uhr Seite 68

client who says his advice was completely useless:must ask him about that if I ring him. Where’s histelephone number (click), ah yes, here it is.

This is such an incredibly powerful and liberatingexample of the use of computing that it is in someways quite frustrating to know that, though it istechnically possible, Trust Metrics are only being usedin experimental ways at sites such as advogato.org,skolos.org, sourceforge.net and a few others.

The possible applications and potential of TrustMetrics are quite amazing. For example, it can beused as a search engine - one that you can actuallytrust because it gives you an impartial amalgamationof other people’s evaluations. And as if that isn’tenough, where you absolutely have to know that theopinions being expressed are real and concrete, whynot have the people who enter in their opinions intothe Trust Metric Engine digitally sign those opinions?That way, any opinions that are not digitally signed -and verifiably digitally signed - can be automaticallyexcluded when the Trust Metric evaluation isperformed.

Combining Trust Metric evaluations with DigitalSignatures leads to interesting possibilities. Imaginethat you request a Trust Metric evaluation, but you donot really trust the computer performing theevaluation to give you the right results. You ask theengine to give you a digitally signed copy of theresults, along with the original Certification Webfrom which it performed the calculation. You canthen give that to another Trust Metric evaluationengine and ask it to double-check it! Not only that,but imagine that there is a Certification type whichcan be applied to evaluation engines, which certifiesthem as to the reliability of those engines to performevaluations. This process of cross-checking couldeven be automated, by the Engines themselves,which would be essential in a distributed Trust Metricenvironment.

There are field-based military intelligenceapplications for Trust Metrics, too. Imagine that allsources assess each other as to the reliability of theinformation coming from their peers. A source out inthe field is cut off from communication with theirusual base, which they would normally use as theirseeds for the centre of the Web of Trust. They stillneed some assessment as to the sources available tothem. So they select the sources closest and mosttrusted that they are still able to contact and ask for aTrust Metric evaluation of their immediateenvironment. Untrusted sources not linked to thetrusted seeds via the Web of Trust are automaticallyexcluded. Compromised sources which provide falseinformation are soon discovered by their nearestpeers who act on that information, and upondiscovering that a source has been compromised,they immediately revoke their Reliability Certification,with the result that the compromised source isquickly excluded.

A slightly different version of this approach wasthe original reason behind the development of Trust

Metrics: to solve the problem inherent with trustingcertificate authorities, and to provide a more secure,trustworthy and scalable way to handle DNS DomainName Registrations and Updates. The problem at themoment is, can you really trust the Public KeyCertificate Authorities, especially given that veryrecently, someone fraudulently obtained a DigitalCertificate that allowed them to digitally sign Active-X components as if they were Microsoft.com? Active-X components are downloaded and runautomatically on Internet Explorer - if they are signedby one of the Trusted Certificates.

What alternatives are there? Trust Metrics. BruceSterling’s Science Fiction novel, Distraction, describesa reputation-based nomadic community that actuallyuses digitally-signed Trust Metrics in order to evaluatewho should be given responsibility to lead thecommunity. The better the individuals actually fulfillthe role assigned to them, the more TrustCertifications they will receive by their communitypeers, and the more responsibility they gain. Abuseof the trust placed in them results in theircertifications being revoked, and they are relieved oftheir position. The interesting thing is that, asmentioned in Bruce Sterling’s book, there is almostalways more than one possible candidate for aparticular leadership role, as recommended by theTrust Metric Evaluation. This makes peopleinterchangeable, and therefore replaceable, andtherefore less likely to abuse their position. Especiallyas the certification records are digitally signed -forever. Bruce Sterling’s book also makes it clear howpointless it is for an opposing organisation to attemptto target, persecute and remove individual leadersfrom such a community, as alternative candidates forexactly the same job are just one or two steps downthe Trust Metric list...

The key strength of Trust Metrics is that they relyon peer-evaluation, as opposed to centrally, implicitlytrusted evaluation. With centrally-controlledevaluation, trust begins to wear a little thin, andultimately carries less and less weight as the size ofthe community the centrally-controlled authorityserves grows ever larger: ironically, it becomessomething of a contradiction in terms to trust acentralised Trust Authority. As the size of thecommunity they serve grows, the trust required tobolster their position may lead the organisation toextreme measures that are way out of line, way outof proportion, which compromises their integrity andeffectiveness but still maintains their position. Wecan see this quite clearly for ourselves out of thenumerous over-bureaucratic or over-zealousorgranisations in the world that could be cited asperfect examples.

With digitally signed Trust Metric Certifications,other than the limits of the capacity of the computersused to perform the evaluations, the ability toperform reliable evaluations scale as the size of thecommunity grows to world-wide proportions, andyou still get answers that you know you can trust. ■

CONFERENCEUKUUG


068metrics.qxd• 07.05.2001 11:02 Uhr Seite 69

BEGINNERS KOFFICE-WORKSHOP


In order to make the material abit less dry and dusty for you, this

time we will also explain the waysKWord works and functions by a

little example that you canparticipate in. Following this, the front

page of the newspaper, The PenguinEcho, will be produced. This page will be

given a big headline, two columns of body text

and a little eye-catching graphic. Before theWorkshop starts round two though, we would liketo expressly remind you that KWord is still indevelopment and therefore crashes (especiallywhen using the layout and frame functions below)are not all that rare. You should therefore back upyour documents at regular intervals and in generalnot entrust any important data to KWord (cf. thefirst part of our Workshop).

Like The Penguin Echo

In KWord, all elements such as graphics, formulas,tables and even text are each filed in their own,appropriate, frame. This somewhat unusual method,which is unlike other word processing programs, ishighly advantageous whenever you want to create amore complex document such as a club newsletter.With ordinary word processing programs, you mayfor example be faced with a problem, if you want toinsert a text box into your document later on. Youcan find lots of examples of these additional boxes in

Workshop summary

1. Word processing with KWord - Part 1:A business letter

2. Word processing with KWord - Part 2:A newspaper

3. Tables and diagrams with KSpread andKChart

4. Graphics and images with KIllustrator5. Presentations with KPresenter

While the last part of our KOffice Workshop concentrated on the

simpler text functions of the KWord components, this we’ll be

turning our attention to the more complex layout functions.

Using the example of The Penguin Echo, we will delve more

deeply into the handling of frames, which until now have

been rather neglected.

KOffice Workshop: Part 2

PRACTICAL EXERCISES

WITH K. IN THE OFFICE

TIM SCHÜRMANN

070koffice.qxd• 07.05.2001 11:16 Uhr Seite 70

BEGINNERSKOFFICE-WORKSHOP

Linux Magazine. If you want to compare theworking methods of KWord with those of anordinary word processing program, you should, as atest, try to copy the box associated with this article,‘All that’s left’. Under KWord, all you need to do forthis is create a new text frame using Tools/Createtext frame, drag this to the desired position and theright size and finally just enter the desired text.Unlike other word processing programs, underKWord the formatting and editing options availablefor this are not restricted. So all the functionsaddressed in the sample letter in the last installment(see Linux Magazine Issue 8) can be applied to anytext in a frame. Even if KWord did cleverly conceal itsworking method in the first part of the Workshop,even there, the text was entered into a text frame.

It is precisely when producing a newspaper ornewsletter that it can be an advantage, instead ofbeginning with a single, large frame, to start withseveral smaller text frames arranged in columns. Byproviding suitable templates, here again KWordoffers an ideal starting point.

In order to be able to understand theWorkshop, after starting KWord you should createsuch a multi-column document via File/New. To dothis, on the Publishing list, select the templateSimple Layout. As you can now see, KWord hascreated a new document with three text frames,whose arrangement already somewhat resemblesthe typical layout of a newspaper.

Mode confusion

As already mentioned in the last part, KWord workswith two different input modes. In the so-called‘text editing mode’ you can enter your text in thecorresponding frame, while on the other hand the‘frame editing mode’ allows you to modify thelayout of the document and thus to adapt the sizeand position of any frames.

After starting, KWord goes by default into textediting mode, as can be seen from the switched-on top symbol in the toolbar on the left-hand side.If on the other hand the second symbol from thetop is highlighted, this means the frame-editingmode is active. Since in our first step we want toinsert the title ‘The Penguin Echo’, you shouldchange, using Tools/Edit frame into the mode ofthe same name. Alternatively, a click on theaforementioned symbol in the toolbar will achievethe same thing.


[left]Figure 5: Every newly created frame must be given a designation

[right]Figure 6: The finished title

[left]Figure 1: Selecting the righttemplate for our newspaper

[middle]Figure 2: KWord after startingthe selected template

[right]Figure 3: Reduce the left frameto about this height

Figure 4: The frame drawn up for our title



Shunting depot

The three text frames set up by the template alreadyoccupy the whole page, so at first there is not aspare inch of space left for our title. To make a bit ofroom, click on the top left frame with the mouse.This should now be highlighted, as can be seenfrom the eight little boxes round its edges. Nowposition the mouse cursor on the little box in themiddle of the top edge. It is important that themouse cursor takes on the form of a double arrowand not that of a cross, as otherwise you would shiftthe whole frame with the following procedure. Nowpress the left mouse button and hold it down. Movethe mouse downwards, which will automaticallyreduce the size of the text frame. As you will note,when moved, the frame border always snaps intothe position specified by KWord.

Reduce the text frame until there is plenty ofroom above it for a header (roughly until the value4.5 is reached on the left ruler). Repeat this processwith the right, long box, so that its upper edge is atroughly the same height as that of the left box.

In the frame

The next step is to create a new text frame for ourheader. To do this, select from the menu the itemTools/Create Text Frame, or click on thecorresponding symbol in the toolbar. Now place themouse cursor, which has in the meantime turnedinto cross hairs, in the top left-hand corner of thepage. But when doing so, keep a bit of distancefrom the actual edge of the page. Then hold downthe left mouse button and drag up a frame, as inFigure 4.

As soon as you release the mouse button, asettings window opens. Each frame in yourdocument is assigned a name, which the user canchoose at will. Think of a suitable designation forour example such as ‘Title frame’ and enter it in thelower input box provided for this purpose. Thisname will be needed again later on in ourWorkshop series. Leave all the other settings on theindividual listings of the window in the defaultsetting and click OK.

Change back to the frame editing mode andadjust the size of your frame in the now familiarway. If you do not like the frame, you can remove itagain at any time, when it is selected,usingEdit/Delete Frame. Now switch to text inputmode and click on the frame just created. In theactive box, enter the title ‘The Penguin Echo’. Markthis text (for the exact method, see Workshop Part1), increase its font size and then centre it. Toachieve this latter step, you can either use thecorresponding symbol from the symbol bar or go tothe menu Format/Paragraph and there on the Flowslisting, select Centre. The font size should be setsuch that the text roughly fills the entire text frame.

Connecting

Once our title is in place, the rest of the framesshould also be filled with content. As you have


Figure 7: An example of thelinking of two frames: The

text in the frame on the upperleft is now automatically

continued in the lower frame

All that’s left

In addition to the functions mentioned in the article KWord also offers a few more designoptions. Here by way of example is a brief description of how to create headers and footersand the implementation of styles.To create a header or footer, select the menu item View/Header or View/Footer. KWordthen creates, on the top or bottom edge of the page respectively, an additional text framein which you can enter your header or footer text.So-called ‘styles’ are formatting templates that also exist in a similar form in other wordprocessing programs. If your document contains repetitive, time-consuming formatting, youcan save this as a style. To adapt the text you enter later to the desired layout, all you needdo is activate the corresponding style. KWord comes equipped with a few styles of its ownfor various purposes. You can activate a style by selecting the desired template from the listin the associated symbol bar at the far left. To make a new style template for yourself youmust call up the menu item Extra/Stylist and then click on Add in the newly opened window.There, using the corresponding buttons, you can set all the text attributes which your styletemplate is to include and click on OK. These should immediately be available for selectionin the list mentioned above in the symbol bar.


BEGINNERSKOFFICE-WORKSHOP

already seen with the title, you can select a textframe by simply clicking on it. Now try to enter alittle text in each of the three text frames alreadymade. You will not be able to do this in the longtext frame on the right, because this has beenlinked by KWord with the bottom left text frame.This means that the text, if it is too long for the leftlower frame, is automatically continued in the long,right-hand frame.

Next, as an example, the left upper frame willbe linked to the left lower frame. To do this, changeto the frame-editing mode and mark the left upperframe by clicking on it with the mouse. Then selectEdit/Reconnect Frame from the menu. In thewindow that pops up, you can change a fewsettings relating to the behaviour of the inter-linkedtext frames. For our example, accept all the defaultsand change to the listing Connect Text Frames. Hereyou will see a list of all the text frames included inyour document. The frame you have clicked on ishighlighted in colour in this list. By the way, you willalso find the exact names you entered whencreating the text frames here. These designationsnow make it easier to identify the link candidatesconcerned. The three pre-set frames from ournewspaper example were created from thetemplate and thus bear the standard names pre-setby KWord. Select the list Frameset 2 and click OK.The two frames should now be linked together inthe same way as the left lower one and the right,long one previously (cf. Figure 9).

Bulleting

The content of our newspaper is intended to appearin the left upper

box already set by KWord in the form of a smallbullet list. To do this, select the menuFormat/Paragraph and (on the listing Numbering)the item Arabic Numbers.

In the lower part, under Start at (1,2,...) enterthe figure ‘1’, as the result of which the first bulletpoint will start with the number 1 instead of 0. Clickon OK and enter a few fictional items of content inthe text box, which are intended to appear in ThePenguin Echo. Whenever you press the Enter keywhile doing so, KWord automatically creates a newbullet point. If you have entered all the points, callup Format/Paragraph again and select, in the listingNumbering, the item No numbering. You can makea list considerably faster (but with fewer settingoptions) via the corresponding symbol from thesymbol bar. Click on this once, and a list is createdautomatically. You can leave the bullet mode thusactivated just as quickly by simply clicking again onthe symbol.

Eye catcher

All we need now is a little graphic, placed exactly inthe centre of the page to round off the overallimpression of our newspaper. Give in to temptationand, in text input mode, insert a graphic via the

[left]Figure 8: Two frames are linkedtogether

[right]Figure 9: After the frames have beenlinked as described in the article, thetext is continued in the respectivefollowing frame


Points of view

Every application from KOffice is able to show different views of a document at the sametime. To do this, the corresponding application must be running without the KOfficedesktop. If so, select the menu View/New view. This opens a new application window withthe same content. Via View/Split View you can now divide this window into two furtherwindows. This makes it possible to view two different parts of the same document at thesame time and thus omitting all that fiddly scrolling. In the View menu, there are, by theway, a few other sub items with which you can control these views.



menu item Insert/Picture in your text. Any graphicinserted in this way will be treated like a normalsymbol in the text. This mainly means that you willfind it difficult or even impossible to alter theposition and the size of this graphic. Instead, createa graphics frame via the toolbar (fourth symbolfrom the top). Alternatively, the menu commandTools/Create Picture Frame also leads to thecorresponding dialog window. After selecting theimage file to be imported, the mouse cursor, as itdid when the text frame was created, turns intocross hairs. Now click on the place in yourdocument where you’d like the graphic inserted. Assoon as KWord has placed the image in thisposition, you will notice that the object cannot bechanged, either in size or position. KWord seems tobe holding tight to this graphic. This behaviour isattributable to the still-active text-editing mode. Toget back to frame-editing mode, click in the toolbaron the second symbol from the top or selectTools/Edit Frames from the menu. Now you can clickon the graphics frame just created and modify itssize and position.

To change the size of the marked object,position the mouse cursor, exactly as with the textframe, on one of the little boxes, until it turns into

an arrow with two points. Hold down the leftmouse button and then drag the object to therequisite size. The graphic can be moved to adifferent position in a similar way: Place the mousecursor on the object until it turns into a doublearrow. Now, keeping the left mouse buttonpressed, you can bring the image to its newposition.

Should the graphics overlap other text frames,KWord can allow the text contained therein to flowaround the graphics object. You can activate this bypressing the right mouse button over the text framein which the object concerned is located. In thecontext menu which appears, select Properties andthen the listing Text Run Around. Here you can sethow the text flows round the object.

With this sample newspaper, so too ends thepresentation of the word processor KWord. As youhave seen, the frame-based approach, whichcertainly takes some getting used to at first, is agood starting point for creating really complexdocuments in a relatively simple way.

Next time we will be taking a look at the no lessinteresting spreadsheet, KSpread, whose range offunctions is already a match for many professionalprograms. ■


Info

KDE homepage:http://www.kde.org/

Koffice homepage:http://www.koffice.org/

Workshop Part 1 in LinuxMagazine Issue 8

■

[left]Figure 10: Creating a

bulleted list

[right]Figure 11: The completed first page of The Penguin

Echo, with the text flowinground the graphics

The author Tim Schürmann is a student of

IT at the University ofDortmund and wonders why

the Linux penguin does nothave feathers, but a highly-

polished exterior?

Creating your own templates in KWord

Creating your own template in KWord by means of the corresponding assistants is almostchild’s play. First make a KWord document in the usual way, containing precisely the contentwith which the template is later to be created. To do this you can use all the tools andfunctions available in KWord. Then select from the menu the item Extra/Create TemplateFrom Document. In the window now shown, give your template a name in thecorresponding box. In the list below this you will find all the groups to which you can assignyour template. When selecting the templates, the overriding group corresponds exactly to alisting on which later the individual, subordinate templates will be offered for selection. ViaAdd group you can create a new listing. If you have decided on a group, simply click OK.From now on, when creating a new document you will also be able to select your owntemplate.


You’ve bought your new computer. You’ve takenthe plunge and decided not to go down theMicrosoft route, but instead you have got a copy ofLinux. You need to install it and would like someoneto hold your hand and talk you through it every stepof the way. This is the book for you. The bookassumes no technical knowledge whatsoever andeven explains jargon in use in everyday speech,mouse mat, menu and window are examples.

Linux in No Time consists of a series of tutorialstaking you from first putting the disc into the drive,through the process of starting up and configuring aLinux machine (in this case running CalderaOpenLinux). Later chapters include KDE applicationsand utilities; installing software; working with StarOffice; the Internet and networking with Linux. Eachtutorial is clearly set out, first telling you what it willcover and then going through it step by step withplenty of clear screenshots and an illustration of themouse showing you which button to click on what.Even individual icons are clearly shown, so that thereis no excuse for clicking on the wrong thing.

Chapter one deals with installation and coverspartitioning, creating a boot disk, graphics settingand passwords, chapter two starts up the newly-installed program and deals with the desktop, themouse, windows and the help function. The nextcontinues with starting a program, virtual desktopsand closing a program. Chapter four is starting toget more complicated and covers KDE configurationand modification of the desktop and windows, butits step-by-step instructions remain easy to follow.

Chapter five is more technical and explains filesand directories as well as the trash bin. Lots of tipsand definition boxes make it easy to follow, if a little

obvious. The next section goes further into KDE andformats text with the editor and tries out the paintpackage. It creates a diary as well as an addressbook. The chapter ends with some light relief bydescribing the games and toys on KDE with briefdescriptions of how to play some of the games.

Chapter seven covers printing and systeminformation. Chapter eight installs and uninstallsprograms and introduces Star Office. Star Office iscontinued in the following chapter with tips onusing the various packages. Chapter ten takes youonto the Internet using Netscape, and coversdownloading, searching and email. Networkingand using Samba are dealt with in chapter eleven.The book concludes with a section ontroubleshooting, covering common problems thatreaders may come across.

The appendix includes a list of Linux-compatibleprinters, as well as a list of websites, including thebook’s only mention of other Linux distributions.Most of the sites would be a little beyond what isneeded by the book’s target audience.

The most noticeable thing about Linux in NoTime is how clearly it is set out; it leaves no room forerror, and explains everything to the point ofoversimplification. The screenshots show youexactly where you should be at any given momentand the mouse pictures show exactly what youshould be doing. Instructions do not get morestraightforward than this. It must be acknowledged,however, that most Linux users do not need quitesuch basic instructions and the style may grate withsome. It is, perhaps, padded out with someunnecessary definitions but on the whole it is a veryattractive textbook. ■

BOOKS REVIEW


LINUX IN NOTIME BY UTE

HERTZOG ALISON DAVIES

Info

Published by Prentice HallPriced at £19.99

■

082bookssbd.qxd• 07.05.2001 11:31 Uhr Seite 82

BEGINNERS ANSWER GIRL


The fact that the world of everyday

computing, even under Linux, is often

good for surprises is a bit of a

truism: Time and again things don’t

work, or not as they are supposed

to. Linux Magazine’s Answer Girl

shows you how to deal elegantly

with such little problems.

$HOME: The home directory of therespective user is stored in the

Environment variable HOME. With a $before the variable name, you canreach its content. So echo $HOMEoutputs the home directory of the

enquiring user on the command line.Backup Medium: data carrier reserved

for the recording of backup data; on alarge scale this is usually magnetic

tapes and hard disks.Rotation: To face the risk of a totalfailure of the backup medium with

equanimity, you should if at all possibleuse a different medium for each

backup run. But since this is highlyimpractical (and data still becomes

obsolete anyway at some point), youshould use a number of media in

rotation, such as, Monday is alwaystape 1, ..., Sunday is always tape 7.

■

The Answer Girl

SHOVELINGDATA

PATRICIA JUNG

You have probably heard more than enough of thewell-meaning litany about making a backup. Atwork or at university there may be some justificationfor leaving responsibility for this tedious activity tosystem administrators, but what happens to yourdata at home?

A tape drive is pretty rare at home, a backup onCD requires a CD burner, and if there isn’t a blank inthe drive at all times, don’t even think aboutautomation. Data backup on diskette? You mightdo that with the letters from the Inland Revenue,but hardly with your 100-page thesis and theexchange of emails with past loves, which has bynow grown into several MBs.

Storage strategies

With the current size of hard disks, you can certainlyspare the room for a dedicated partition and use itexclusively as backup space. Bad news if the harddisk goes off to the great cyber hunting grounds inthe sky, but better than nothing at all.

Better yet is a second disk – even with the six-year-old GB from the cast-off computer you can goa long way. As long as the computer does not get

stolen or go up in flames, this is not bad at all.But by no means should you underestimate the

(safer) alternative, of not mothballing the oldcomputer in the first place, but turning it into yourown personal backup cupboard. Of course thiscould also be a notebook, on which data worthpreserving is always kept in a second copy. To dothis will not need more than a little LAN.

And yet, thanks to flat-rates, ADSL etc., even anaccount at college or the Internet computerbelonging to your partner is a suitable storage placefor selected data. Those not wanting to back uptheir entire 2GB installation but wishing to stick tohand-optimised configuration files and the best of$HOME, can presumably make a backup via ISDNor modem. In case of doubt there is still an updateto SuSE or Red Hat waiting after the next disk crash.

In the face of such heretical statements, anyconscientious system administrator will of coursescream blue murder, but hand on heart: You have stillnot got to grips with any proper backup software haveyou? Even if you have, this is not backing up your homecomputer anyway. If you are one of the shiningexceptions the question arises, when did you last checkwhether your backup could actually be restored?

084answergirls•.qxd 07.05.2001 11:42 Uhr Seite 84

BEGINNERSANSWER GIRL

Backup or data reconciliation?

So what we are looking for is an alternative whichmay not be quite so secure, but on the other hand iseasier to manage. Regular backups are usuallyperformed as so-called incremental backups. Thismeans that once (or better, at regular intervals) acomplete security copy of all data is made andbetween two full backups, only the differences withrespect to the previous version are saved in each case.

Plus, the backup media is rotated, so if lateron something breaks or otherwise turns out to beunusable, you will hopefully be able to fall back onthe next oldest backup copy.

If this is applied to our home data, this is ofcourse also the ideal situation but for rotation,several disks or even computers would be necessaryfor our impossible demand for backup on hard disk.The keyword ‘incremental’, on the other hand,certainly has its attraction for us – after all, we don’twant to back up the data from new every timewhen it hasn’t even changed.

Anyone wanting to have files ready in variousprocessing versions cannot, however, solve thisproblem using a incremental backup. They wouldbe better off using a version control software suchas cvs, so that they can settle for a situation wherethe target system contains precisely the data whichwas in the source directories before the datareconciliation – no more, but no less either.

So what we want is a simple mirroring of thedata, preferably via the network and, if at allpossible, in such a way that the data (and especiallythe password) are encrypted. For a simplerestoration of the data to be possible, there shouldnot be any accumulation of files in the targetdirectories, which have already been deleted fromthe source directories. This means that before eachdata reconciliation we must be sure that all previousdeletions were correct – that is the price to be paidfor not rotating backup media.

Your choice of which directories to back up shouldbe determined by the following criteria: The capacityof the target system, the form of network connectionbetween the two computers and your personalevaluation of which data is actually worth backing up

A question of software

If there is an FTP server running on the targetsystem, you can of course use it, but this meanstransmitting password and data in clear text overthe network. Also, FTP-client programs aren’tusually capable of transferring the most recent dataonly, or automatically deleting data that no longerexists in the source directories. If you have to useFTP as the method of transfer, it’s best to stick tomirror software, which provides proper backupprograms.

The Secure Copy program scp, which comeswith the Linux version of the SecureShell or its

open-source pendant OpenSSH, is certainly suitablefor this. Here, all the data travels over the networkencrypted. A secure shell server, the daemon sshd,should nevertheless be on every Internet computeron which you do not wish to work only from thelocal console. Nevertheless, some of the criticism ofFTP clients also applies to scp: It should not be usedfor a data reconciliation.

Anyone who has been involved with Unix for awhile may recall that the unencrypted pendant ofscp is called rcp. Many people were irritated by thefact that this cannot perform a data reconciliation,and these included Paul Mackeras and AndrewTridgell, the latter being better known from Samba.And because their rcp substitute (called rsync) canalso perform an encrypted data reconciliation viassh, it’s worth a trip tohttp://rsync.samba.org/rsync/download.html, if thedistribution does not come with a suitable packet.

Decrypting

A man rsync intervenes initially, so that in theSYNOPSIS chapter all combinations of data transferoptions are presented schematically:

rsync [OPTION]... SRC [SRC]...[USER@]HOST:DESTrsync [OPTION]... [USER@]HOST:SRC DESTrsync [OPTION]... SRC [SRC]... DESTrsync [OPTION]... [USER@]HOST::SRC [DEST]rsync [OPTION]... SRC [SRC]...[USER@]HOST::DESTrsync [OPTION]...rsync://[USER@]HOST[:PORT]/SRC [DEST]

As usual in the case of the Backus-Naur Formnotation used in manpages, options in squarebrackets can be left out. The three dots do not

Client: ‘customer’, making use of the services of a server. The term is used torefer both to the computer on which a client program is running, as well as forthis program itself. This means a computer can be both client and server at thesame time.SecureShell: A safe replacement for the traditional Remote-Login or r-servicesTelnet and RSH (Remote Shell). A remote login, such as logging onto a distantcomputer, makes it possible, while working on a local computer, to access acomputer connected via the network as if you were sitting right in front of it. Todo this, one starts a remote login client on the local computer (such as telnet, rshor ssh), which converses with the remote server (telnetd, rshd or sshd). With asecure shell connection, unlike Telnet or the r-services, all data is transmittedencrypted.Console: The unit forming part of a computer, consisting of (local) screen andkeyboard.Samba: Windows computers can allow mutual access to their files and/orprinters. The exchange of data is transacted according to the rules of the ServerMessage Block network protocol, where messages travel back and forth in blocksbetween server and client computers. Samba is software that implements thisprotocol and thereby also gives Linux and other Unix computers the option ofallowing such SMB accesses and/or access to approved resources.

■




exactly correspond to a scientifically precisenomenclature, but it does make clear what theauthors want to say: There can be more details ofthe type just described written here (for exampleadditional options).

Just as easy as decrypting the [OPTION]...placeholder as ”any number of the options listedbelow in the section OPTIONS SUMMARY”, is thedemystification of [USER@] name and a following@) and HOST. These are the optional specificationof a user and the numeric or textual IP-Address ofthe remote computer respectively.

With our expectations of file and directorytransfer, the only way to interpret SRC and DEST isas Source and Destination files/directories. Since wewish to transfer our data via the SecureShellprotocol, the last option does not interest us, - thatof addressing an rsync server on the Port PORT, sothat we can forget the last line.

Are you local?

We’ll begin with the last and simplest case: Thedirectory ~/article is to be copied as backup ontoanother partition mounted under /mnt/backup.

[trish@lillegroenn ~]$ rsync article /mnt/backupskipping directory /home/trish/article/.

That was not exactly a rush of copying: There is nota single file in the destination directory/mnt/backup. Now we must look, for the options:

Options[...]-r, —recursive recurse intodirectories

Anyone wanting to copy entire directories togetherwith their content should thus also specify a -r or–recursive at the same time:

[trish@lillegroenn ~]$ rsync -r article /mntU /backup

The disk noise does indicate that something ishappening, but what?

write failed onarticle/LM/LM0501/ootb/gramofile-3.html : NoU such file or directoryunexpected EOF in read_timeoutunexpected EOF in read_timeout

A fast df (disk free) confirms our fears:

Filesystem 1k-blocks Used Avail Use% U Mounted on/dev/hda2 643959 610690 5 100% /U mnt/backup

The partition is full! So we first delete the failedbackup with rm -rf /mnt/backup/article completelyand recursively.

The thing to do now is to find out using duwhere the miscreants are hiding. To prevent the

thousand sub and sub-sub-directories rushing rightpast us, we shall limit ourselves to the first twodirectory levels under ~/article:

[trish@lillegroenn ~]$ du —max-depth=2 article[...]1924 article/LM/LM050151 article/LM/LM060173270 article/LM [...]84049 article/designer/qt-designer2 234 article/designer/qt-designer1 100112 article/designer[...]

The numbers in the first column, the size of thedirectory contents in Kbytes, are still extremelyunclear. The miscreant is quite certainly more than1MB in size, and luckily du has the option -m, withwhich the size details are stated in rounded wholeMB.Then there’s a whole series of zeroes for thedirectories that are smaller than 1MB. To see onlythe larger directories, we set awk to work:

[trish@lillegroenn ~]$ du -m —max-depth=2 arUticle | awk ‘$1 > 1’[...]2 article/LM/LM050172 article/LM [...]82 article/designer/qt-designer298 article/designer[...]

awk now filters out all du output lines in which thefirst column ($1) is greater than 1, and does notdisplay the rest at all.

In this way we have detected that the miscreantis ~/article/designer/qt-designer2 and as thisdirectory contains only test software, we can alsodo without the backup of it. With the -exclude flagwe now tell rsync that it should ignore all filescontaining a qt-designer2 in the path or file name.But this time we are more cautious and do a dry runfirst with -n (not actually to be executed):

[trish@lillegroenn ~]$ rsync -rn --exclude "qU t-designer2" article /mnt/backup

The emergency without the -n precaution option iscausing problems again, though:

[trish@lillegroenn ~]$ rsync -r --exclude "qtU -designer2" article /mnt/backup[...]skipping non-regular file article/designer/qU t-designer1/qt-2.2.3/include/qxml.h

A look, using ls -l, at the suspect file brings theexplanation:

lrwxrwxrwx 1 trish users 17 Dec U 21 05:32 article/designer/qt-designer1/qt- 2U .2.3/include/qxml.h -> ../src/xml/qxml.h

The file in question is a link which was simply notcopied with the others. But there is also a remedy

IP Address: Unique identity of acomputer on the Internet – either as a

combination of numbers. In thecurrent, commonest Version 4 of the

Internet Protocol a maximum of four,three-digit numbers separated by

dots or as text, consisting of domainand computer name, such aswww.linux-magazine.co.uk.

The conversion of numerical andtextual IP addresses is taken over by

Nameservers, also known as DNS(Domain Name System) servers.

Port: If all planes/trains arriving atroughly the same time at a large

airport or station were to go to thesame gate/platform, there would berather a lot of collisions. A computer

offering various services (server) isconfronted with a similarly precarious

position with respect to networktraffic. This is why every server process

(daemon) eavesdrops at a different‘gate/platform’ – the port. When a

daemon listens out for a port which isreserved for its service, a Wellknown

port, the client does not normallyneed to state a port number. But if

the server uses a different port (a Webserver using 8080 instead of 80), theclient must be told of this explicitly.

If it is written in the GENERAL sectionthat both lines with the double colon(::) equally require an rsync daemon,

it is only the first three lines which areof interest to us:

1. Copy local files/directories into adirectory on a remote computer.

2. Pack copies of remote data into alocal directory.

3. Mirror local data in a different localdirectory

~: The tilde is an abbreviation of theshell for the home directory of thepresent user. If there is a username

after the ~, this means the homedirectory of this user.

■



BEGINNERSANSWER GIRL

for this: with the rsync option -l, with whichsymbolic links are retained.

The manpage, in the section USAGE, also kindlyexplains that the archive option -a simultaneouslycopies recursively, retains links and doesn’t changeattributes, rights, the owner details, or any devicefiles either. Exactly what we want for backup! Quiteincidentally, we also learn here about the verbosityoption -v, which we shall also use from now on inour tests.

There is still one problem: If we don’t bear inmind that files deleted in the source directory alsodisappear from the backup, multiple deletions willat some point fill up the backup partition. Quiteapart from that, when a backup is really necessary, itis tedious clearing up all the files which had longsince been thrown away, after playing back thedata.The corresponding rsync option, which deleteseverything at the destination site that no longerexists at the source site, is called – delete. So let’smake a full backup, then rename a file from~/article for test purposes and see what happens:

[trish@lillegroenn ~]$ rsync -av --exclude ”qUt-designer2” article /mnt/backup[many files]article/LM/LM0601/Answergirl_0601.html[many files][trish@lillegroenn ~]$ mv article/LM/LM060U1/Answergirl_0601.html !#:1_new mv article/LM/LM0601/Answergirl_0601.html arUticle/LM/LM0601/Answergirl_0601.html_new [trish@lillegroenn ~]$ rsync -av --delete --exUclude ”qt-designer2” article /mnt/backupbuilding file list ... donearticle/LM/LM0601/deleting article/LM/LM0601/Answergirl_0601.htmlarticle/LM/LM0601/Answergirl_0601.html_newarticle/LM/LM0601/wrote 43868 bytes read 32 bytes 29266.67 byUtes/sectotal size is 26953280 speedup is 613.97

rsync dutifully reports that it is deleting the fileAnswergirl_0601.html which no longer exists in~/article/LM/LM0601 in /mnt/backup/article/LM/LM0601 too and instead is creating the new fileAnswergirl_0601.html_new.

With !# we are telling the Bash that it shouldinstead implement everything which has been onthis command line until now ( mv article/LM/LM0601/Answergirl_0601.html). Thanks to :1 we aresomewhat more selective and tell the shell torestrict itself to argument number 1 (the secondargument article/LM/LM0601/Answergirl_0601.html).

Anyone who likes to play safe and wants toretain a safety copy of all amended files (thus eventhe deleted ones) in the backup directory, willpresumably become familiar

with the rsync option -b. This is by no means asubstitute for version control, but could be ofinterest to more than just the nervous. By default,the backup files are given a tilde after a file name.

Off in the distance

We do not really need much more if we are limitingourselves to the local mirroring of data. But it isalways safer to have a copy on a different computer.If we recall the synopsis, this was also very easilyrealised by rsync: If the usernames are different onthe source and destination computers, the lattermust be stated with a following @ before theaddress of the remote computer. There is also acolon at the end, after which the destinationdirectory can be written - or nothing, if we aresettling for the remote home directory:

[trish@lillegroenn ~]$ rsync -av --delete arUticle [email protected]:

Since there are hopefully no r-services running onthe remote computer, there ought to be an errormessage. We’re better off going via SecureShell atthis point, provided there is a sshd running onbackup.linux-magazine.co.uk. To get rsync totransfer via SecureShell, there are the options -e(”execute”) or –rsh (”substitute for rsh”). Theformer wants the ssh command after a space, thelatter wants an equal- sign (–rsh=ssh):

[trish@lillegroenn ~]$ rsync -av --delete -e sUsh article [email protected]:

If your ssh command does not lie in the search path, youmust of course state the full path, -e /usr/local/bin/ssh.So you don’t want to make the article directory on thedestination computer directly underneath pjung’s homedirectory? Then we must also explicitly specify thedestination parent directory, such as:

[trish@lillegroenn ~]$ rsync -av --delete -Ue ssh article [email protected]:~/backup

The USAGE manpage section revealed, if you canrecall, that the data is transferred compressed with -z. This certainly plays a role now as our data is goingvia the network, which is why we are adding thisoption, before actually pressing the Enter key:

[trish@lillegroenn ~]$ rsync -avz --delete -Ue ssh article [email protected]:~/[email protected]’s password:[enter password]building file list ... done

Better with script

Repeatedly typing in this whole rigmarole – well,we’re much too lazy to do that. Anyone wanting toback up several directories or even individual files(such as the bookmarks of a Web browser) will belonging for a little script, which – once written –can if possible even be processed automatically bya Cronjob.It is best if we write the files to be backed up as a listseparated by spaces in a variable named

.rm -rf: One of the most notoriousUnix commands of all: It deletes,without challenge, (-f stands forforce) an argument directorytogether with all subdirectories.Before you set this command off,then, you should be really sure thatyou have not included any typingerrors: An rm -rf /mnt/backup leavesjust an empty /mnt behind, if backupwas previously the only directoryentry in /mnt.Path: The sequence of directories viawhich one must go if one wants toreach a certain file in the file tree.Bash: The ‘Bourne Again Shell’ is usedby most distributions as the standardcommand line interface. A Shellaccepts user inputs and transformsthem so they turn into orders(program commands) for the kernel.r-services: See explanation onSecureShell in this article.Cronjob: Task in a Cron table, whichis executed by the Cron daemons at aspecified time repeatedly andautomatically without any action onthe part of the user. cf. the manpageson cron(8), crontab(1) and crontab(5).

■




BACKUPFILES, while remote user name, @, theaddress of the remote computer, the colon and thedestination directory are easy to amend inBACKUPTARGET. For the script equivalent to thecommand

[trish@lillegroenn ~]$ rsync -avz --delete -Ue ssh article .netscape/bookmarks.html [email protected]:~/backup

the variable contents therefore look as in Listing 1.But wait – why is the .netscape subdirectory

now missing in backup.linux-magazine.co.uk in the~/backup-directory, so that bookmarks.html issuddenly present as ~/backup/bookmarks.html?Because we, as the rsync manpage shows, forgotthe option -R (relative), which makes sure that onthe destination computer exactly the same relativepaths are installed as on the source computer.

No password

If, for example, one wishes to automate the datareconciliation using a Cronjob (cf. Crontables, LMIssue 6 p.108ff.), entering a password turns into aproblem. It can be resolved, even if security fanaticsmight need to close one eye.

The keyword is Public Key Cryptography: One hasa pair of keys, of which one of the keys is kept secretand the other is publicly distributed. Authentication isonly possible when both secret and public key cometogether. As we can see from the manpage on ssh,our chosen method of transfer supports this.

What we have to do first is to generate the keyfor the computer executing the backup script. We

could almost have guessed it: The command for thisis called ssh-keygen (”ssh-key generation” -creating the ssh key).

[trish@lillegroenn ~]$ ssh-keygenGenerating RSA keys: ..................ooooUooO.................ooooooOKey generation complete.Enter file in which to save the key (/home/trUish/.ssh/identity): [Enter]Enter passphrase (empty for no passphrase): U[Enter]Enter same passphrase again: [Enter]Your identification has been saved in /home/Utrish/.ssh/identity.Your public key has been saved in /home/trishU/.ssh/identity.pub.The key fingerprint is:f7:68:22:9f:a3:be:37:7c:7f:92:c2:fb:a1:86:ffU:fe [email protected]

Anyone wanting to save their secret key in thesuggested file ~/.ssh/identity, simply confirms withjust the Enter key, otherwise a file name, preferablywith path, is necessary.

It gets critical when it comes to the request forthe password: Normally we would set one toprotect the private key, but then we would have toenter one again – an infinite circle. That’s why thistime we are going to swallow the bitter pill andagain type only Enter. Also, at the last request torepeat the (now blank) password it is stillappropriate to enter nothing but Enter. Anyonefinding the no-password key unsettling can stillincrease security by frequently generating anddistributing a new key.

We shall now take the public key (saved withthe ending .pub) and transfer it to the backupcomputer via SecureShell, of course (thus with scpor by copy & paste, while logged onto ssh). It mustin any case be entered into the file there~/.ssh/authorized_keys, like this:

[trish@lillegroenn ~]$ cat ~/.ssh/identitUy.pub | ssh -v [email protected] cat - > ~/.ssh/authorized_keys

This fiddly procedure, instead of a simple scp~/.ssh/identity.pub [email protected]:~/.ssh/authorized_keys is necessarywhen ~/.ssh/authorized_keys is alreadyaccommodating other keys on backup.linux-magazine.co.uk, too. As the result of the double >what we achieve is that the standard input which isoutput with the second cat of ssh (symbolised by a -) is attached to the end of ~/.ssh/authorized_keys.

Where does this entry for ssh come from, whichpasses the latter on to the remote command to beexecuted cat - > ~/.ssh/authorized_keys? The pipe |is responsible for this, which shoves the output ofcat ~/.ssh/identity.pub into the ssh command.

All that’s left now is to test whether the scriptactually functions without a password. If so, there isno further obstacle to a backup Cronjob. ■

rsync 2.4.6


Reciprocal data reconciliation

Notebook owners often get annoyed about inconsistencies in the data stored ondesktop computer and notebook. The solution sounds simple: A script as in Listing1 is installed on both computers, and depending on which computer was lastedworked on, the data on the other computer is updated ... and in the worst case,overwrites a more recent version on the destination system with the old one.Here the rsync option -u (update only) can help. This ensures that files with a morerecent time stamp on the destination system than on the source system are notoverwritten. One important point here: the computer time on the two systemsabsolutely must be synchronised.

Listing 1: Backup script

#!/bin/sh# files and directories to be backed up, starting # from the home directory BACKUPFILES=”article .netscape/bookmarks.html”# Backup targetBACKUPTARGET=”[email protected]:~/backup”cd # Change to home directoryrsync -e ssh -aRvz —delete $BACKUPDIRS $BACKUPTARGET

Replace the italic details, save the file, and use chmod u+x to give it the necessaryexecution rights for yourself. Then the script can be executed by calling up itsname (if necessary with path details).


BEGINNERSKORNER


Linux rule of three made easy

The program, by Javier Campos Morales, providesconfigure-fatigued users with everything necessaryto compile and install from the source code in theusual KDE look and feel applications. The latestversion of the compiler aid can be found on thehomepage of the author athttp://kconfigure.sourceforge.net/.

The way kconfigure works is simple: Open theprogram with a kconfigure in any terminalemulation of your choice, and marvel at thewindow as shown in Figure 1.

After that you have the choice as to whether

you wish to use your graphical compilerassistant via the buttons or the menu bar. But first,you must trawl, by clicking on the folder icon,through the unpacked source directory of theprogram to be installed and there select theconfigure file. Unfortunately, unpacking the sourcesis not something kconfigure will do for you; here,the K-tool karchiver can help you along.

If you want to give the configure command anargument such -with qtdir=/path/to/qt-directory, itis advisable to take the route via the menu bar. Todo this, select the item Build/Configure witharguments.... In the dialog window which thenplops open (Figure 2) you can enter the required

Figure 1: Compile me!

Figure 2: Always the right argumentsFigure 4: ... once without errorsFigure 3: Once with and ...

Constantly entering the famous/infamous Linux rule of

three of configure, make, make install can become very

tedious. If you’d like to avoid this task, or provide your

less skilled friends with a graphical user interface for

compiling Tar-balls, Kconfigure is just the thing.

K-splitter

ADMINISTRATIVEMATTERS

STEFANIE TEUFEL

089ksplitter.qxd• 07.05.2001 13:24 Uhr Seite 89

BEGINNERS KORNER


options. Anyone who is not really sure about theindividual options can access these at any time, byclicking on Build/Configure help in the top half ofthe window kconfigure.

If you started the configuration process via themenu bar or by clicking on the Configure button,the program will immediately set to work withoutany further challenges. You can monitor progress inthe upper half of the window, while error messagesor warnings appear in the lower half (Figures 3 and4).

The commands make and make install aretreated exactly like the configure command bykconfigure. With one small but special difference:Before the actual installation the application checkswhich user you have logged on as. If you aretravelling as a normal user, kconfigure will still atfirst confront you with a dialog box, as in Figure 5,in which you must enter the root password before itcontinues.

If you want to interrupt one of the commands

you have given, all you need to do is click on thebutton Kill Process.

Cleared up

Anyone who has become too carried away by thesimple handling of kconfigure may now break outin beads of sweat when taking a look at the amountof space occupied on their hard disk. If you areplagued by a bad conscience, you should risk a lookat Kleandisk. The latest version of this easy-to-usedisk cleaner can be found athttp://www.casema.net/~buursink/kleandisk/.

Contrary to normal practice, though, at thispoint you should download, not the latest version

Kleandisk-2.0beta1, but its predecessor Kleandisk-1.2beta2. The reason: The new version providessupport for the first time for the removal of unusedrpm packets. Unfortunately, though, this leads toproblems with some versions of rpm, so that onvarious computers - for example on Red Hat 7.0 -the program will not compile.

Call up kleandisk either via the K-button/Applications/ Kleandisk or by entering kleandisk &in a terminal emulation. After that you will see awindow, as in Figure 6.

Click there on the button UDG Viewer in theClean Up tab. The ominous abbreviation stands forUser Defined Group. In the next window you candefine the directory which kleandisk is to clean upfor you, and also the file types, which the programis to give their marching orders. kleandisk then setsabout searching for the less useful files on yoursystem and sooner or later presents you with itsinventory in the lower half of the window, as inFigure 7.

At that point I decided that I really do not needthe core-file indicated below, and also informedthe disk cleaner of this decision by clicking on thegreen box next to the core file. After that it isenough to click on the Cleanup button. kleandiskthen begins to communicate cheerfully with you. Itdutifully asks you window by window (as forexample in Figure 8), whether you want to move,delete or archive the selected files, if you mightperhaps prefer to make backups of the files to bedeleted, and if so, where should they go.

In the last step, you find out how much spaceyou are saving overall as the result of making thesedecisions. To get rid of the file now once and for all,click on Finish, which lets kleandisk off the leash...

Permission granted

Wanting rights and getting rights under Linux as atruly multi-user system are two different kettles offish. As you may already have noticed, your systemdifferentiates very precisely as to who exactly canread, write or execute the diverse files andprograms on your computer.

And to avoid confusion, information is storedwith each file as to whether the owner, groupmember or other users can read, write or executethe respective file. With the command chmod youcan obviously change these access rights at anytime.

There is a graphical front-end for this commandat http://www.leeta.net/kchmod/ in the KDE-Looknamed kchmod, with which the setting of accessrights is twice the fun (Figure 9).

Simply select, via File/Open, the file you want toedit and choose between the options on offer. Is thefile to become writ(e)able, read(able) or executable?The choice is yours. After that, quickly save thechange with File/Save and it’s a done deal - if only itwere always so simple to guard one’s rights. ■

Tar-ball: The program tar is an archiving tool which is well-known under Unix. Acollection of data packed together with this into a file is usually called a Tar-ball and has

the file ending .tar.gz or .tgz, if it has been put together with tar and compressed withthe program gzip.

core-file: The last memory retrieval of a crashed program is retained for posterity in filescalled core. Experienced programmers can find out the cause of the crash from these

with the aid of a debugger, but for anyone else these files are simply a waste of space.

■

Figure 9: Everything legal?

Figure 5: Identification, please

[left] Figure 7: The big clean-up begins

[right] Figure 8: Better safe than sorry...

Figure 6: And off it goes

089ksplitter.qxd• 07.05.2001 13:24 Uhr Seite 90

BEGINNERSKORNER


This month’s installment of K-splitter covers

Kleandisk, a tool which you can use to make

a bit of space on your overstuffed disk.

However, it really isn’t necessary to fill up

your disk, so this article is devoted entirely

to Karchiver, a program which will help you

to compress data and files simply.

K-tools

WELLPACKED

STEFANIE TEUFEL

Maybe one or two of you have already worked withthe forerunner karchiveur. But you should still riskan update. karchiver might have lost the u from itsname, but in other ways it has only gained.

karchiver 2.0.3 co-operates smoothly with KDE2.0. Besides, with diverse wizards, a few littlehelpers have been brought in to make life eveneasier for you. And a lot has stayed the same:karchiver still turns working with compressed data -whether tar-, gz-, bz2- or zip files - into child’s play.And in the new version you can use this tool to lookat all these files, unpack and repack them. The latestKarchiver can be downloaded fromhttp://perso.wanadoo.fr/coquelle/karchiveur_en.shtml. Also, the packages/programs gzip, bzip2,

unzip, zip, lha, rar and/or arj should be on yourcomputer. That’s no problem anyway, sincecommon Linux distributions always come with theseon board. They just have to be installed.

Packing

Start your graphical archiver by simply entering akarchiver & in a terminal emulation, and off it goes.karchiver first supplies, in a separate window, sometips, which may or may not be helpful. If these botheryou, though, you can quickly chase them away bydeselecting the box Display tip of the day at next start.

Admittedly, the introductory window (Figure 1)does not exactly look spectacular. But the first

[left] Figure 1: karchiver says Hello

[middle] Figure 2: Faster access thanks tothe archive browser

[right] Figure 3:Meaningful

091ktools.qxd• 07.05.2001 14:24 Uhr Seite 91

BEGINNERS KORNER


impression is misleading. In the new version, the so-called archive browser opens automatically, whichhelps you quickly select the tgz-, zip etc. files onyour hard disk (Figure 2).

If you want to know more about the inner life ofa compressed file, all you need to do is click on it inthe archive browser. Alternatively, select File/Open inthe menu bar and troll through the old familiar KDEselection box until you reach the right file. Dependingon the size of the archive, karchiver presents you,sooner or maybe a bit later, with the content of thefile, including useful information such as the size,date and permissions of the individual files (Figure 3).

Once invited into the karchiver, it’s entirely up toyou to choose what you want to do with thearchive. You can find the various options all neatlylisted under the menu item Archive.

Let’s assume the file is to be unpacked. Simplyselect Archive/unpack to, and you can immediately

define, in a window as in Figure 4, where all thefiles, or only the files you are looking for, are to beunpacked. As soon as you have decided, click onthe bold Unpack button, and off it goes.

karchiver would not be a proper KDE program ifit didn’t offer even simpler methods. As is so oftenthe case, these are revealed by the drag and dropability of KDE applications. To create a new archive,select File/New or click on the page icon in themenu bar. Then simply drag the files or directoriesof your choice out of a Konqueror window into thisempty archive. If you wish to add data to an existingarchive, drag it in exactly the same way into theopen archive.

Options

karchiver also proves to be flexible with respect tocompression levels and lets you define, with theaid of the menu item Configuration/Settings, howthorough the programs implemented, gzip andbzip2, should be in each case (Figure 5).Under Tar you can specify the behaviour of theprogram of the same name in more detail (forexample whether subdirectories are to be created ornot), under Icons the icon size can be set, andPacker answers the crucial question: ”Have I reallyinstalled all the pack programs?” In directories youdefine in which directory ($HOME, the last directoryetc.) karchiver should unpack the archive by default.

Cutting your cloth...

All this compressing may be very nice: But even withthis, disk space will run short at some point.Wouldn’t it be fantastic if you could also trim biggerfiles so that they would fit onto completely normaldiskettes? Then we could safely wipe them off thedisk drive. The command line command split doesjust that.So that you don’t have to read up first on itscommand syntax, karchiver provides the Diskettemenu item. If you want to split a file into bite-sized,

[left]Figure 4: Unpack me!

[right]Figure 5: Optional

gzip: This tool compresses the files specified by you with the Lempel-Ziv coding(LZ77). This automatically renames the packed file as file.gz, normally retaining

access rights and timestamps, but ignoring symbolic links.bzip2: bzip2, like gzip, allows data to be compressed. Since, due to the fact that

it uses a different algorithm, better compression can often be achieved, thisprogram has been increasingly given preference recently. Files compressed with

bzip2 can be recognised by the ending .bz2.Compression level: Determines the quality and speed of compression; the lowestvalue, 1, produces a fast compression, but bigger files. 9 is the maximum and leads

to higher/longer computing times, but smaller (better compressed) files.$HOME: The environment variable HOME contains the location of your Home

directory. The $ symbol in front allows (e.g. within a shell) access to the variablecontent.

Patches: Using so-called patch files, you can upgrade from one version of aprogram to the next. These are text files, in which there is an exact description of

the places at which the individual files of the source code must be altered. Thepre-requisite for patching a program is that the complete and unaltered source

code of the respective previous version exists. The advantage of patch files: Theyare relatively small and so save you the sometimes very large and thus expensivedownload of a new program version, in which maybe only one file has changed.

■


BEGINNERSKORNER


or rather diskette-sized, morsels, selectDiskette/Split. Now simply specify, in the selectionbox that appears, the file to be split, and karchiverautomatically parcels it out into morsels 1.4MB insize and any remainder respectively. You can thencalmly shovel each of these pieces, which are giventhe suffixes .01, .02 etc., onto a diskette. If youwant to piece the data back together, chooseDiskette/Combine instead.

Pure magic

The various wizards are a completely new feature ofthe latest karchiver release, with which karchivertakes you by the virtual hand and helps you to dealwith your archives.

For example, if the selected file contains thedata necessary to patch a source code directory,simply let the appropriate wizard guide you step bystep. Another task that can be dealt with by thewizard is that of completely installing a source textarchive (meaning: unpacking everything and thenapplying the Linux installation rule of three –

configure, make and make install). And if you wantto convert an archive into a different format, this iswhere to come.

First, select the archive file you want to edit, andthen click on the menu item Archive/Start wizard. Awindow appears, as in Figure 6, in which you canselect which karchiver (or rather wizard) shouldorganise next with the corresponding file.

As an example, let’s convert a file into adifferent format. To do this, we click on the itemConvert archive format. Now we need to activatethe Next button to continue. In the window fromFigure 7 we can now select which format our fileshould have from now on. How about a .ziparchive for the ex-Windows users among us?After that, you have the option of giving the babya new name. If you want to leave it with the oldname, you need do nothing at all. To finish off,karchiver asks you if you want to delete theoriginal archive (Figure 8). Decide for yourself. Youshould now find a file with the same basic name,but in the format and with the ending .zip onyour hard drive. ■

[left]Figure 6: Which wizardshould it be?

[right]Figure 7: Being wellzipped is halfthe battle

K-toolsK-tools presents tools, month by month, which have proven to be especially useful whenworking under KDE, which solve a problem that otherwise is deliberately ignored, or are justsome of the nicer things in life that - once discovered - you wouldn’t want to do without.

Figure 8: Rather not delete it?


BEGINNERS GNOMOGRAM

Red Flag joins theGNOME Foundation

Red Flag Software, known for itsdistribution Red Flag Linux, which is also

used by the Chinese government, hasjoined the GNOME Advisory Board and will be

contributing to the translation of GNOME intosimplified Chinese. But there will be no support

from Red Flag for traditional Chinese, which iscommon in some Chinese cities and Taiwan.

Red Hat and Eazel co-operate

Since Nautilus is becoming part of GNOME 1.4,nobody is surprised that Red Hat is also supplying it.Eazel and Red Hat have, however, agreed to includeadditional official Red Hat packets in the Nautilussoftware catalogue and to integrate the Red Hat

Network into Eazel Services. This will mean it ispossible to update one’s Red Hat system easily viaNautilus.

Ximian and KDE

Anyone searching for ‘KDE’ does not usually expectto find Ximian, but thanks to Google’s Adwords, atext-based advertisement, that’s exactly what didhappen. Ximian had in fact registered this and similarkeywords such as Konqueror for itself. After an openletter from some KDE supporters Ximian withdrewthe Adwords and itself published a reply. A similar,now cleared case also occurred in 1999, when MartinKonold took control of gnome-support.de andreferred all visitors to KDE. Fortunately, Ximiandisplayed somewhat more sensitivity when dealingwith Hewlett-Packard, which, as announced in SanJose, will replace CDE at the end of 2001 with XimianGNOME as the standard desktop.

New GNOME versions

After a bit of a delay, on 3 April GNOME 1.4 wasfinished at last. One of the reasons for the waitingperiod is the file manager Nautilus, which is thegreatest innovation in GNOME 1.4. The rest ofGNOME has also changed somewhat, but we don’tanticipate too much here.

The next big version leap is GNOME 2.0, aboutwhich Miguel de Icaza has already expressed someconcerns. But these concerns are by no meansdamning - the timing of the GNOME 2.0 releaseand what’s new about it remains to be seen.

Sodipodi

Sodipodi can be used to create vector graphics inthe SVG format (Scalable Vector Graphics). In vectorgraphics it is not the individual pixels and theircolour information, but forms themselves which arestored, which has the advantage that images can beenlarged as much as you like without any loss of


News from the GNOME garden

GNOMOGRAMBJÖRN GANSLANDT

GNOME and GTK have been attracting more and more followers in recent years.

There are now programs for almost every task and new ones are being

added daily. Our monthly Gnomogram column is the place to find all the

latest rumours and information on the pearls among the GNOME tools.

Figure 1: Tux, reduced to vectors

094gnomogramsbd.qxd• 07.05.2001 11:53 Uhr Seite 94

BEGINNERSGNOMOGRAM

quality. Of course, this process is not suitable for alltypes of image, but graphics with clear forms andsimple colour gradients can be compressed verywell in this way.

SVG is XML-based, which is no great surprise, asthe format was developed from W3C. Since SVGfiles are, when all’s said and done, nothing morethan text files, they can easily be createddynamically, and it is possible to change theminteractively via Javascript. Unfortunately thestandard is still at a very early stage and is notsupported by most browsers.

As well as rectangles, ellipses and free forms,Sodipodi also supports embedded graphics that donot exist in a vector format. All objects can bescaled and rotated as desired, although this rapidlymakes imported graphics look pixelly. Free formscan be changed at so-called ‘node points’, or theline delimited by the node points can beautomatically straightened, rounded off orotherwise edited. To simplify working with largedocuments, Sodipodi can combine several objectsinto a group, which can then be edited as an object.Apart from the normal colour information, it is alsopossible to alter the transparency of an object usingfill style and in the same dialog the object can beprovided with a border. With the aid of Gnome-print, the graphics created can be printed veryeasily, and thanks to Bonobo it is possible to viewthe whole thing from other programs.

Red Carpet

After a long wait and many promising screenshots,Ximian has finally released a Beta of the new packetmanagement tool Red Carpet. Version number 0.9 isin itself unusual for the first version, but since poorpacket management can lead to serious damage,Red Carpet has been very thoroughly tested inadvance and hopefully cleared of any serious faults.

Software is combined in Red Carpet into so-called ‘channels’, to which the user can subscribeand which function similarly to an entry in Debian’ssources.list. So for example Red Carpet offers achannel for the installed distribution, where it doesnot matter whether the system is based on RPM ordpkg. Of course it is also possible to install orremove new packets working from Red Carpet.Unlike the old Ximian Updater, though, Red Carpetis able to resolve conflicts created thereby or, withthe aid of GnuPG to check packet signatures. LikeEvolution, Red Carpet can download the latestnews from the Net, which is probably the prelude toXimian’s future source of money, services. It ishoped that these will not lead to conflict with Eazel,as they also offer services and update software viaNautilus. Since Red Carpet, with the aid ofGtkHTML, uses a lot of HTML, it would in any casehave what it takes to become a sort of Internetportal. Whether this would make sense is anothermatter.

Session management underGNOME

GNOME uses a session manager so that you can pickup your work where you left off and so that certainprograms are called up directly on start-up. A sessioncan be stored at any time underConfiguration/Session/Save current session or in thelog off dialog, where only GNOME programs areincluded in the session. Other programs can beentered in the control centre under Session/Startsequence. To edit the GNOME session, you shouldnot touch ~/.gnome/session directly, but call upConfiguration/Session/Session manager properties.The program then shows the session with allcurrently active programs. From here, you can changethe sequence of the programs to be started and thestart style. Most programs use the normal start style,which starts a program at each new session, butallows the program to be closed within the session.The new start style on the other hand also starts aprogram that has been closed or crashed during thesession again immediately. Programs with the recyclestyle are not restarted at all, but merely given theopportunity to save their data. Last of all, there is astyle for settings and thus programs that restorespecified preferences at the beginning. ■


The authorBjörn Ganslandt is a studentand a passionate bandwidthsquanderer. When he is notbusy trying out new programs,he reads books or plays thesaxophone.

Figure 2:Red Carpet in the Ximian Channel

URLs

www.redflag-linux.comnews.gnome.org/gnome-news/980366651www.redhat.com/about/presscenter/2001/press_eazel.htmlwww.granroth.org/ximian.htmlwww.ximian.com/google.php3www.ximian.com/newsitems/hp-partnership.php3primates.ximian.com/~miguel/gnome-2.0sodipodi.sourceforge.netwww.ximian.com/apps/redcarpet.php3www.gnupg.org

■

094gnomogramsbd.qxd• 07.05.2001 11:53 Uhr Seite 95

The ancient war between vi and emacs may still beraging, but the battle between BSD and System Vhas effectively been settled by POSIX. The POSIXguidelines give a standard for UNIX-like operatingsystems. Although few pay the certification fee,many OSs aim for POSIX-compliance. This meansthat programs written for one UNIX-like systemshould compile on another with little trouble. Ournew column gives Linux Magazine readers a view ofsome alternative OSs, most of which offer the Bashshell and other GNU tools, but first some history.

UNIX grew quickly in the 1970s and early1980s. This was largely due to its portability and theease with which it could be enhanced. Anothercentral factor was the open availability of the sourcecode, which had been rewritten in C, the new highlevel language of choice.

In the 1970s, AT&T was prevented fromprofiting from computer development by the USgovernment, due to their telephone accessmonopoly. By the end of the decade severalcompanies were making their own versions ofUNIX, based on the AT&T code. Looking for a wayto commercialise UNIX, AT&T established UNIX

System Laboratories (USL) to develop a productversion. This resulted in the 1983 release of SystemV Release 1 (SVR1), a new commercial baseline.

The following year AT&T ended its monopolycontrol over telephone access and entered thecomputer business, marketing its own commercialUNIX and releasing SysVR2.

BSD

Meanwhile, the open development of UNIXcontinued in academia. Bill Joy and Chuck Haley, ofthe University of California at Berkeley (UCB),started working with UNIX in 1975, leading twoyears later to the first Berkeley Software Distribution(1BSD). 2BSD followed in the next year with a newfull screen WYSIWYG text editor called vi. Workwith DARPA and the American Department ofDefence lead eventually to the 1984 4.2BSD withvirtual memory and TCP/IP networking. TheBerkeley Domain Name Server, included in the 19864.3BSD release in 1986, expanded the number ofsites able to implement Internet networking.Commercial uptake of BSD was strong, howevervendors needed to pay AT&T a licence for theSystemV code included in it. Licence costsincreased, whilst many vendors only wanted theBerkely code. In 1989, UCB published NetworkingRelease 1 containing their TCP/IP networkingsystem for the first time without any AT&T code andreleased under an open license, allowing free sourcecode modification and distribution. The next releasewas a full rewrite of hundreds of AT&T utilitieswithout any AT&T code.

At the same time, groups such as X/Open andIEEE POSIX tried to prevent AT&T UNIX standarddomination. In 1987, AT&T entered into an alliancewith Sun Microsystems to develop a standard UNIXversion. Two years later they released SVR4, which

COMMUNITY FREEWORLD


Close enough to UNIX

POSIXCOMPLIANT

RICHARD SMEDLEY

Although GNU/Linux is

the most popular free

UNIX-like operating

system (OS) on the

block, it’s not the only

one. With so many

interesting free OSs

offering Linux-

compatible programs,

even the most penguin-

fixated can choose

alternative ways of

doing things.

Success storyDozens of different operating systems have been developed, but only UNIXhas so many varieties. Four factors have facilitated this growth:Portability: The first widely used operating system written in a high levelprogramming language, making it easier to port to different hardwarearchitecturesModifiability: Written in C, modifications and enhancements are easilymadeOpen Source: Developed at AT&T Bell Labs, a non-profit researchinstitution, enabling publication of source codeOpen System: Designed as an open, modular system, with a host offeatures to assist with the development and integration of applications

106freeworld.qxd• 08.05.2001 10:16 Uhr Seite 106

integrated the System V and BSD UNIX baselines.Vendors of other commercial Unices reacted withalarm and united to form the Open SystemFoundation (OSF). The UNIX wars effectively endedin 1993, when AT&T sold System V to Novell, whoassigned the rights to UNIX to X/Open. In 1996 TheOpen Group was formed by the merger of OSF andX/Open. The Open Group now works with the IEEEon the POSIX family of standards.

POSIX

”The nice thing about standards is that there are somany of them to choose from.” - Professor AndrewS. Tanenbaum (among other things, the author ofMINIX)

POSIX.1 (IEEE1003.1), published in 1988, setout a standard Application Programming Interface(API) enabling source compatibility amongst severalUNIX and UNIX-like systems. Torvalds aimed forPOSIX compliance from the earliest development ofthe Linux kernel. This enabled GNU tools and manyapplications from BSD and other Unices to be used.This same compliance means that today we cantake many applications written for Linux andcompile them for AtheOS, BeOS or OSX (Darwin).POSIX.2 (IEEE1003.2) is an enhancement ratherthan a replacement of the original. Even thoughLinux is not certified as POSIX compliant the aim ofcompliance, where appropriate, ensures that POSIXremains a meaningful standard.

No alternative?

GNU/Linux continues to improve in scalability andperformance and is a wonderful general purposeOS, which is also adapting well to embeddedsystems. However, one tool won’t always be the bestfor every job. By choosing different design goalsother OSs are often better adapted in particularareas of performance. It will be the purpose of this

column, over the coming months, to explore thepotential of some of these alternative OSs.

A new desktop UNIX

Apple’s decision to abandon Copland for OSX, andmove to a FreeBSD core, named Darwin, running onthe Mach microkernel, made many in the Linuxworld take notice. Apple’s leadership in perceiveduser-friendliness of the GUI and the robustness ofUNIX sounds like a winning formula to many. As theApple developers and open source communitycontribute bug-fixes and improvements OSX will bewatched with interest. It could even mean MicrosoftOffice and Internet Explorer running on a desktopUNIX - an interesting thought to say the least.

And then there were three

The common view is that FreeBSD is robust, NetBSDis on every platform and OpenBSD is secure. FreeBSDvs Linux is certainly the new Holy war for the UNIXcommunity. In the commercial world, however,uptake of FreeBSD has been seen due in part to thelicence, which allows closing off of the source codeinto proprietary software - something which the GPLdoes not permit. For many, this difference is far moreimportant than the different development model forFreeBSD or indeed, technical considerations.

Whilst the BSDs (including Apple OSX) are themost obvious alternative to Linux, many smallerprojects have considerable merit. A trawl of theWeb reveals dozens of OS projects that are littlemore than an alpha kernel and a bootloader writtenin assembler, but there are many serious projectsout there, some with impressive pedigrees (seeWhat’s on the Bootloader Today box). Next monthwe start by examining real-time OSs.

”Those who don’t understand Linux aredoomed to reinvent it, poorly.” - Anonymous ■

COMMUNITYFREEWORLD


What’s on the bootloader todayOperating System CommentsAtheOS UNIX-like with consistent GUI, written from the ground upBeOS Awaiting release of hardware OpenGL and new network stack. Excellent multithreading and

large file handling for demanding media apps. Proprietary, but binaries freely downloadableCommercial Unices (eg AIX, HP_UX, Tru64 et al) Some good enterprise-level OSs, but mostly expensive and closed sourceDarwin Very interesting project, particularly the i386 portecos Now managed by Red Hat. Supports many embedded platformsFreeBSD Powers Yahoo, Google and many other seriously busy sites without breaking into a sweatGNU Hurd Closer to usability than it was 10 years ago but don’t hold your breathMINIX No longer under active developmentNetBSD Runs on anything. Try it on your toaster.Oberon Small, modular OS, written in Oberon. Open source for non-commercial use.OpenBSD The only OS to have every line of code security audited. Secure out-of-the-box.Plan 9 Opened the source too late and failed to develop enough interest.QNX Very mature commercial real-time OS, availble to download and as a single floppy editionRTEMS Real-time executive developed for the U.S. ArmySolaris Solaris8 binaries are available for download under a restrictive licenceV2_OS Written in i386 assembler to be fast and light. Active development since open sourcing.

Info

The Portable ApplicationStandards Committee of theIEEE develops the POSIX familyof standards and can be foundat http://www.pasc.org.

■

FeedbackOver the next few months weshall be featuring articles onthe BSDs, OSX, QNX, Atheosand microkernels. However wewelcome suggestions and inputfor coverage in the Freeworldcolumn.

106freeworld.qxd• 08.05.2001 10:16 Uhr Seite 107

GNU Pipo BBS

Those who believe Bulletin BoardSystems (BBS), also often referred to as

Mailboxes, are dead, are mistaken. The GNUProject contains the GNU Pipo BBS, a BBS under

the GNU General Public License.The ancestry-line of the GNU Pipo BBS reaches

over YAWK (Yet Another Wersion of Citadel) backto Citadel, although it is completely independentcode-wise. In fact it was a disagreement withKenneth Haglund, author of YAWK, because ofcopyright-problems that triggered the developmentof the GNU Pipo BBS.

The original development-team were GregoryVandenbrouck and Sebastien Aperghis-Tramoniwho worked on the GNU Pipo BBS with help fromvolunteers like Sebastien Bonnefoy. After Gregoryresigned, Sebastien Aperghis-Tramoni became theofficial maintainer of the project.

The GNU Pipo BBS contains support for forums,direct messaging, mail, chat, Web access and bots. Forthe amusement of the users, the bots come in differentpersonalities like a parrot, a dog or a pseudo-user.

It’s interesting to note that these juiced-up BBS-systems might offer users a viable alternative toWeb portals as a homebase on the Net.

The GNU Pipo BBS is ready for production useand is being used by the Atlantis BBS in Marseilles,France. But since Pipo contains a significant amountof old code, Sebastien plans a code freeze in orderto revise the code. The use of libraries especially is tobe increased, since in some places the wheel hasbeen reinvented - which is not good for themaintainability of the code.

The only really weak point is thedocumentation. The system does have systemmessages in different languages, but the code stillrequires better comments. Also the homepage andthe manual require authors and translators.

Larswm

larswm is a window manager by Lars Bernhardssonthat is interesting for several reasons:

First of all, purists should expect to fall in love withit, because it is very simple and minimalistic in the wayit looks and uses resources. It is solely based on ANSI C

COMMUNITY BRAVE NEW WORLD


Welcome to another issue of Georg’s

Brave GNU World, where we reveal

news about several projects which you

may not have heard of yet.

The monthly GNU Column

BRAVEGNU WORLD

GEORG C.F.GREVE

108gnuworld.qxd• 08.05.2001 10:21 Uhr Seite 108

with standard Xlib-functions and completely avoidsusing widget libraries like GTK+ or Qt.

But more importantly, it offers an alternative tothe known, windows-like desktops. Even thoughthese are widely spread, the user interface isdefinitely something where innovative concepts arerefreshing.

The Free alternatives like KDE or GNOMEessentially limit themselves to imitating theWindows desktop, although KDE is much closer tothe original than GNOME. This is not an argumentagainst KDE or GNOME, because they make theshift to GNU/Linux much easier and open avenuesthat were previously closed.

But GNU/Linux especially, is a platform that iswell suited to innovative user interfaces and larswmgives new impetus, following its motto: ”Becausemanaging windows is the window manager’s job!”

The desktop is split into two parts. The left partis bigger and normally contains a single windowpossessing the focus, which means that key pressesand other input are directed into this window. Theright side contains the rest of the windows asequally sized tiles, which is the reason larswm iscalled a ‘tiled window manager’.

The keyboard support is also very good - if onlyusing key driven applications, the fingers never haveto leave the keyboard.

larswm definitely takes time to get used to, butit does have a well-deserved group of fans andeveryone interested in alternative concepts shoulddefinitely give it a try.

There is one problem about larswm, however.Since it is derived from the 9wm, it was forced to useits rather ugly licence. This licence does speak of FreeSoftware, but there are clauses that most likely makeit incompatible with the (L)GPL. Also it is legallyweaker, as the right to modification is only grantedimplicitly - just as the protection of freedom.

The project was officially finished in January2001 by the author. larswm has been an experimentto try a new user interface concept. In the long run,he hopes to be able to replace all 9wm code withhis own so that larswm will become a trulyindependent window manager. This could also helpin solving the license problem. Additionally, Larshopes to inspire other authors of window managersand to motivate them to implement similarconcepts in their programs.

GNUstep

GNUstep is an object-oriented framework andtoolkit for program development, that is alreadysuccessfully being used on many platforms. Thefunction of a toolkit is to supply prefactoredcomponents for the graphical user interface soprograms can be written faster and moreeffectively; also programs based on a certain toolkithave a similar look and feel. Two classic examples oftoolkits are GTK+ and Qt.

GNUstep is based on the original OpenStep-specification by NeXT, Inc. (now Apple), so it profitsfrom years of professional experience especially byNeXT Computer Inc. and Sun Microsystems Inc.; theAPI is very high-level and well-defined. By now thereare several success stories where developers wereable to write complex applications with GNUstep inminimal time.

It is also very helpful that GNUstep provideshigh level APIs around some of the best FreeSoftware packages like gmp, OpenSSH and tiff.Additionally, it gives the term WYSIWYG newmeaning, as GNUstep uses a common imagingmodel called Display PostScript, which is related tothe Postscript printer language, for all graphicaloutput.

Although the GUI is still in the beta stage, it isready for production use and people successfully doso. Developers not afraid of something that is a littledifferent from the rest should feel encouraged togive GNUstep a try.

Currently, development is mostly undertaken bythree to four people with a group of 30 to 40developers committing bugfixes, patches andcomments. The libraries are published under theGNU Lesser General Public Licence – tools andisolated programs use the GPL.

At the moment, development is focused oncompletion of the GUI and a port to MS Windows.Since GNUstep is API-compatible with MacOS X(Cocao), it is already possible to develop programsfor Unix and MacOS X parallel. With a port toWindows, programs could be developed for allthree platforms simultaneously.

Also interesting is the GNUstep Web part, whichuses a system similar to the Apple WebObjects andmakes it easy to create dynamic Web pages withconnections to databases. Even though this part isstill rather new, it is already almost completelyusable.

COMMUNITYBRAVE NEW WORLD


Some of the We Run GNU logosavailable.


W3Make

The XML Web publishing system, W3Make, byStefan Kamphausen, is one of those small butrather useful projects. In this case it should proveuseful for users of small to middle-sized Web pages.

Many XML-based approaches like, for instancesaxon, allow only a single input file, so automaticlinking is lost. Thanks to W3Make several XMLsource files can be piped through an XSL stylesheetwith the help of saxon and written into severalHTML output files.

The central core is a GPL-licensed Perl script thatparses W3Makefiles. As the name already suggests,these are rather similar to the standard Makefilesyntax, which allows you to use the Makefile modeof your favorite editor to edit them.

The author himself is using it successfully for hisemployer’s websites and his personal homepage. Itis definitely ready for production use. What hewould like to include in future releases is a linkchecker that will canonically detect relative,absolute and local links and transcribe one into theother. Also he plans to start using the Perl XML::*modules instead of the saxon XSL parser. Whilemaking that shift, he is considering creating aplugin interface so it becomes possible to use DSSLinstead of XSLT.

OpenWebSchool

Wilfried Romer and Hans-Peter Prenzel started theOpenWebSchool project in Berlin, Germany. Thegoal is to establish cooperation between elementaryand high schools and make school resourcesavailable online.

Based on the principle of Free Software usingthe GNU General Public License and the GNU FreeDocumentation License, students of the highergrades create learning units for students of thelower grades and elementary schools.

This allows the students of higher grades togain experience in program development and Webprogramming. Thinking about pedagogical aspectswhen creating the units also helps students toreflect on their own way of learning. Additionally,the project introduces students to computers andthe Internet via topics that normally have no directconnection with these areas.

Students of the lower grades and elementaryschools gain an interesting addition to the normalclasses that also helps in familiarising them with themedium.

The website, central point of theOpenWebSchool, already contains some lessons indifferent topics, but due to the nature of the projectand its youth, it is of course not complete. There is aneed for more developers and the usability couldalso be improved.

The OpenWebSchool is definitely a verypromising project that will most probably see re-

implementation in other countries. An internationalcooperation, where students of one country createunits for their native language to be used bystudents of other countries, seems to be the nextlogical step.

Free Software FoundationEurope updateAs covered in issue five, a group of progagonists ofFree Software is currently creating the Europeansister organization of the FSF.

By now the original team consisting of PeterGerwinski, Bernhard Reiter, Werner Koch andmyself has been joined by Frederic Couchet,Alessandro Rubini, Jonas Oberg and Loic Dachary;the next step to enlarge the team is alreadyplanned.

The central point of our work in the past weekshas been finding the right organisational structureand realising it with the constitution. Since weconsider transparency to be very important, we’dlike to introduce some results at this point.

In the middle of the FSF Europe is a centralorganization, the so-called Hub, which provides theEuropean coordination, the office and all tasks thatcan be centralised. Connected to the Hub arenational organisations that work on the local tasksand provide local points of contact for politics andpress.

In order to be independent of popularism, themembership policy of the FSF Europe follows that ofthe FSF. New members are only being appointed bya majority of the current members.

To allow working together with volunteersbetter and more closely than the model, the localorganisations, the so-called Chapters, are in closecontact with societies which are open to everyonein general.

Those organisations, called FSFE AssociateOrganisations, do a lot of the basic work and are invery close contact with the Free SoftwareFoundation Europe. As it is possible to haveAssociate Organisations with different orientations,there can be several in one country.

Very often, these Associate Organisations arealso tied to the FSF Europe Chapters personally. Agood example for this is France, where FredeicCouchet as the President of APRIL is also FSFE-Chancellor, which is the highest representative ofthe FSFE in France. APRIL itself has been establishedin France for several years now and has been doingvaluable work there. It has now joined the networkas an Associate Organisation of the FSF Europe.

In this way existent local structures are beingprotected and networked with each other throughthe FSF Europe. Additionally this allows everyone towork closely with the FSF Europe.

The personal structure is designed in such a waythat all members of the FSF Europe are members ofthe Hub and meet once a year. At these meeting the

COMMUNITY BRAVE NEW WORLD



guidlines binding all parts of the FSFE are discussedand decided. Every second year the Europe-widepositions of president and vice-president and the‘head of office’, who is responsible for all office-related matters, are elected.

The election of the local representatives, thechancellor and vice-chancellor, is done by the localchapters at their yearly meetings.

The responsibilities of the president and hisdeputy, the vice-president, are the political andpublic work on the European scale, the coordinationof the Europe-wide cooperation and on demandthe support of the chancellors in their tasks.

This structure has been written down into aconstitution with the help of a lawyer and, at thetime of writing, it is at the tax authorities inHamburg, Germany to be checked for the grantingof charitable status.

After the last necessary steps have beenperformed to complete the legal founding, themain target will be the creation of the localorganisations. The Germany, France, Italy andSweden Chapters are already being prepared,Austria and the U.K. should probably not take toolong as well.

Parallel to this, it will also be my task tointroduce the Free Software Foundation Europe intodiscussions and speeches and to establish contactwith local organisations and politics. If you would

like to meet with me at one of these occasions, youcan inform yourself about my planned and fixeddates at my homepage.

Enough for this month

That’s it for this month, as usual I’m asking forplenty of mail to the well-known address below andhope to receive interesting suggestions, ideas orproject descriptions. ■

COMMUNITYBRAVE NEW WORLD


Info

Send ideas, comments and questions to Brave GNU World [email protected] of the GNU Project http://www.gnu.org/Homepage of Georg’s Brave GNU World http://brave-gnu-world.org”We run GNU” initiative http://www.gnu.org/brave-gnu-world/rungnu/rungnu.en.htmlGNU Pipo BBS homepage http://www.gnu.org/software/pipo/Pipo-BBS.htmlLarswm homepage http://www.fnurt.net/larswm/GNUstep homepage http://www.gnustep.org/W3Make homepage http://www.skamphausen.de/software/w3make/OpenWebSchool homepage (in German) http://www.openwebschool.de/Free Software Foundation Europe homepage http://fsfeurope.org/Conference Page - Georg C. F. Grevehttp://www.gnu.org/people/greve/conferences.html

■

Anzeige

inhouse


linux magazine uk 009

Documents

linux new media ukltd

linux user

division of linux new

oldenbourglinux magazine

richard ibbotson

editor richard

technical help

technical supportreaders