linux magazine uk 23

New Worldhave responded to this interestby choosing articles with amore advanced level and byadding several new themedsections.

We’ve added the Newssubsections Insecurity andKernel to inform you onsecurity holes in commonOpen Source software and thelatest kernel developments.The new Sysadmin articlesection covers system andnetwork management issues,with a strong focus on practicaluse. Further, the old section Beginners is now called Linux User.The point is that we are delivering useful information on thepractical use of Linux, not an introduction for newbies.

Expanded Geographic CoverageAlthough Linux Magazine was originally started as a UK-onlypublication, it has gained quite an international following. Tobetter serve all readers and to reflect the international aspect ofthe Linux Community, we are expanding our geographiccoverage in both content and distribution. To ensure thateveryone can get the magazine delivered to them quickly, wehave implemented a much more convenient subscription systemwith expanded options.

Updated WebsiteThe Linux Magazine website has also been updated to reflect thenew look and changes in the magazine. Take a look at the newwebsite at www.linux-magazine.com.

With all these changes, it’s easy to feel that nothing has stayedthe same. To the contrary, the most important aspect has notchanged: our goal to bring you the Linux information that youwant and need to improve your work with Linux.

We would like to thank all readers for their valuable feedback,and the entire Linux Magazine team for the hard work they haveput into this relaunch.

We are very interested in your opinion on the new LinuxMagazine and your suggestions for the future. Have a good look through the magazine and send your comments to [email protected].

Enjoy!

COMMENTRelaunch

3www.linux-magazine.com September 2002

Dear Linux Magazine Reader,

Welcome to the new and improved Linux Magazine!

The magazine you are holding in your hands is the result ofmonths of planning and our response to your wishes asexpressed in the recent reader survey as well as to generalchanges in the Linux market.

As the acceptance and professional use of Linux increases andthe market matures, the service that the Linux Communityexpects from our magazine changes. We felt it was time torelaunch the magazine to better meet those needs. Our goal is tocontinue in our tradition of providing high-quality, useful Linuxinformation while adapting the magazine to meet higher designand technical standards.

Here is an outline of the most important changes that takeplace with this issue:

CoverdiscThe reader survey shows us that the coverdisc was becomingless and less important. Therefore, we decided to reduce distrib-ution costs by removing the CD from newsstand copies. We will,however, still produce a monthly CD that will be included insubscription copies free of charge.

Lower PriceThe cover price has been lowered from a previous £4.99 to just£3.99. In addition, the subscription prices have been reducedsignificantly, especially for readers outside the UK.

New Design and LayoutWe felt that it is important for the cover design and layout of themagazine to emphasize the practical use of the content.Therefore, the new design is cleaner, better structured, and trueto the motto “form follows function”.

Advanced ContentThe average reader is increasingly more knowledgeable in Linuxand therefore interested in a higher technical content level. We

Brian OsbornBusiness DevelopmentManager

Hans-Jörg EhrenProject Manager

John SouthernEditor

We pride ourselves on the originsof our publication, which comefrom the early days of the Linuxrevolution.Our sister publication in Germany,founded in 1994, was the firstLinux magazine in Europe. Sincethen, our network and expertisehas grown and expanded with theLinux community around theworld.As a reader of Linux Magazine,you are joining an informationnetwork that is dedicated to distributing knowledge and technical expertise.We’re notsimply reporting on the Linux and Open Source movement,we’re part of it.

COMMENTBlindtext

Virtual Atoms

With the ability to edit molecules andcompile under Qt 3.x, the Kmovistomolecular viewer is developing fast.KMovisto imports Gaussian 94 or 98 filesand can handle XYZ files. For viewing ofimages KMovisto exports to POV-Ray filesfor rendering high quality presentations.If you need to produce a 3D presentationthen KMovisto can export VRML outputfor browser manipulation.

Calling homeKSetiwatch is now at version 2.50. In anattempt to eliminate all the sorts of

configuration problems with the latestrelease, an updated source package hasbeen made available. This packageshould now be preconfigured for KDE3and configurable with older versions ofautoconf. If you had problems with theprevious package, you can get the newone from ksetiwatch.sourceforge.net.

GnomeICU 0.98.3 ReleasedGnomeICU 0.98.3 has been released. Thisis the latest version of GnomeICU for theGnome 1.4 desktop platform, and proba-bly the last release for this desktopplatform. You should only get this if youare still running Gnome 1.4 instead ofGnome 2, as we are going to have aGnome 2 preview release soon. WithinGnomeICU 0.98.2 you can now createnew users perfectly.

Fixed user info receiving, and the UI ofit. Better user authorization support.Stable server side contacts list support.User interface cleanups..

SVG in GTK+With the release of Gnome2 the developersare now setting sites on features for Gnome2.2. A suggestion has been made toincorporate the SVG graphics supportlibrary (rsvg) into GTK+. One obviousadvantage would be the use of scalableinterfaces for those with high resolutionsrather than the standard bitmap themes.See developer.gnome.org/news/summary

O'Reilly releases Ant“I have to confess that I had absolutelyno idea that Ant, the little build tool thatcould, would go as far as it did and makesuch a mark on the Java developercommunity,”James Duncan Davidsonsaid, the creator of Ant, in the new book“Ant: The Definitive Guide”. “It might bethat the key to Ant's success is that itdidn't try to be successful. It was a simplesolution to an obvious problem.

In 1998, frustrated by his efforts tocreate a cross-platform build of Tomcatusing the tools of the day (GNU Make,batch files, and shell scripts), Davidsonthrew together his own build utility on anaeroplane flight. Named Ant because itwas a little thing that could build bigthings, James's quick-and-dirty solutionto his own problem of creating a cross-platform build has evolved into the mostwidely used build management tool inJava environments.

Qt C# binding make newversion

Qt# has released version 0.4. This is acollection of cross-platform C# bindingsfor Trolltech's Qt GUI toolkit that is aimedat both the Mono and Portable.NETprojects. There is now some preliminarysupport for Microsoft.NET along withobject tracking, support for events andmultiple custom slots. Interested partiesshould visit qtcsharp.sourceforge.net.

Sight for sore eyesKDE 3.1 Alpha is a new developmentbranch that has been announced. Thisrelease sports everything from wonderfulnew eye candy to tons of popular newfeatures including new and exciting“Easter eggs” (aka bugs) just waiting tobe discovered.

Those wanting a more stable life shouldbe using KDE 3.0.2. For more info seedot.kde.org/1026405852.

Quick FishSherman's Aquarium is a window makerand gnome applet. It draws an aquariumwith some randomly positioned fish. Thefish are done by Jim Toomey, the authorof the “Sherman's Lagoon” comics. Thetemperature scale on the right side showsthe CPU load.

It can also be configured to display thetime and show the status of numlock, cap-slock and scrollock. It can be downloadedfrom aquariumapplet.sourceforge.net.

6 September 2002 www.linux-magazine.com

NEWS Software

KDE 3.1 alpha showing Tabbed browsing, ToolTipfile previews and enhanced file downloads inKonqueror

Software News

Logged signals dialog

Ant: The Definitive Guide Complete Build Management for Java By Eric M. Burke, Jesse E. Tilly; ISBN 0-596-00184-3;288 pages; £24.95; www.oreilly.co.uk


NEWS Software

O'Reilly releases XMLSchema

Many developers see W3C XML Schemaas the principal language for defining thecontent and structure of XML documents,while others resist the specification asunnecessarily complex, preferring to usetools such as DTDs, Schematron orRELAX NG. Eric van der Vlist, the authorof the newly released “XML Schema: TheW3C's Object-Oriented Descriptions forXML”, approaches this controversy witha sober and objective view: W3C XMLSchema, he says, is both essential andpotentially dangerous for XML.

“XML Schema is the most complexspecification ever published by the W3C”van der Vlist says. “The technology itselfis complex, and the specification waswritten in a way that's very difficult toread. Many experts lack the objectivitynecessary to show the limitations andpitfalls of the technology. My book is anhonest attempt to provide a description ofW3C XML Schema that is neither bashingnor praising.”

Involved in developing ISO standardsas the editor of the DocumentSchemaDefinition Languages Part 5 specification,which describes “Object Oriented XMLSchema languages”, van der Vlist is anXML consultant and developer, creatorand chief editor of XMLfr.org, as well asbeing a regular contributor to XML.comand xmlhack.com.

Helping othersFollowing on from a letter 'ComputingFor The Disabled' on page 17 of issue 2,Barry Coates, an Access TechnologyTrainer at the RNIB kindly wrote withsome helpful news.

The first link he gave was http://www.braille.uwo.ca/speakup/ which is helpful,certainly if the person in question isprimarily a speech user. OK, it does meanno X Windows – which isn't too big adeal given that neither KDE or Gnomeenvironments are fully accessed from thekeyboard – but you still have full accessto the substantial number of commandline applications especially Lynx, Pine,EMACS etc.

Basically, the Speakup project providesa customised version of Red Hat fordownload, and, if the PC user has anexternal synthesizer, this is probably themost accessible Linux system around fornow. Speakup support has also beenbolted on to Zipslack, the 100Mb versionof Slackware. This is called Zipspeak andagain it will run with an external synthsuch as a Dectalk or an Apollo.

Last but not least, there is also theEmacspeak project which again might beworth checking out:• www.linux-speakup.org/ftp/disks/U

slackware/zipspeak• www.cs.cornell.edu/Info/People/U

raman/emacspeak/emacspeak.htmlHe is hopeful that with Gnome 2 andimportantly the Section 508 legislation inthe States the incentives will be there toput accessibility and usability issueshigher in the agenda!

Presenting projectsAgnubis is the GNOME PresentationProgram comparable to such programs asMicrosoft PowerPoint or Corel Present. Ithas been developed and designed for the

GNOME 2 platform and is created tointegrate well with the rest of thecomponents in the GNOME Office suite.

The Agnubis team is currently workinghard to get the first release (0.1) out ongeneral release. The application is nowstarting to take shape in the CVS tree. Formore information see www.gnome.org/projects/agnubis.

Apple iPod support forLinux

tex9 announced the public release of theirsoftware that provides full operation ofthe Apple iPod on the Linux operatingsystem. tex9's software is a plugin for thextunes program (see www.tex9.com/software/xtunes.php), a popular tex9 freesoftware product.

The plugin allows simple drag-and-dropof songs and playlists from the xtuneslibrary onto an iPod. It is currently pricedat $10.00 per copy and can be purchasedat www.tex9.com.

Kylix 3 by BorlandBorland has launched Borland Kylix 3, aRapid Application Development (RAD)solution for C++ on Linux. Linuxdevelopers can quickly create GUI, data-base, Web, and Web Services applicationsin C++. Kylix 3 includes expandedsupport for Web Services development.

Kylix 3 extends RAD for Linux to themore than two million developers in theC++ community world wide. “WithKylix 3, Borland has brought industrystandard, and powerful enterprise tools tothe Linux development community. Theaddition of C++ support in Kylix meansthat any class of Linux application, fromGUI to database to Web Services, can becreated quickly” said Jeff Bates, co-founder of Slashdot.org and director ofOSDN Online..

xtunes now linking the Apple iPod to Linux

Agnubis showing its own summary

XML Schema – The W3C's Object-Oriented Descriptions for XML By Eric van der Vlist, ISBN 0-596-00252-1,400 pages, £28.95, www.oreilly.co.uk

September 2002

Business NewsSuSE groupware serversupports 6,000 clients

SuSE announced the release of anupdated version of the SuSE LinuxGroupware Server which supports up to6,000 clients per server. The interweavingof the Linux operating system with thenewly released Lotus Application Server5.0.10 makes the SuSE Linux GroupwareServer the most powerful Lotus solutionfor Intel and AMD 32-bit processors.

The SuSE Linux Groupware Servercombines the stability and security of theSuSE Linux Enterprise Server operatingsystem with the functionality of LotusDomino. With over 85 million Notesusers, Lotus is undisputedly number onewhen it comes to both the groupware andmessaging market.

SuSE Linux Groupware Server is builton the SuSE Linux Enterprise Server 7operating system with the new kernel2.4.18. Lotus Application Server 5.0.10provides efficient tools for documentmanagement, workflow management,messaging, and scheduling. Furthermore,the Lotus Application Server constitutes aflexible basis for the development of itsown web and messaging applications. Aspart of ongoing system maintenance,SuSE delivers all relevant patches, fixes,

and updates for the server operatingsystem in a quality assured and welldocumented form.

SuSE Linux Groupware Server helpsimplement infrastructure inexpensively,reliably, and securely on a long-termbasis; certifications of leading hardwareand software providers keep their validityeven after updates.

The recommended retail price of£2,239 plus VAT for one server includesextensive documentation, 30 days ofproduct support and 12 months of systemmaintenance. For more details see www.suse.co.uk/uk/products/suse_U

business/groupware_server/index.html. ■

Caliach, a developer of manufacturingmanagement software systems for smalland medium-sized enterprises, ismaintaining its reputation for innovationwith the launch of version 1.10 of its ERPsoftware Caliach Vision on Linux. CaliachVision brings to Linux users a fullyintegrated, state-of-the-art system whichis easy to use and can be maintainedwithout dedicated IT staff. It features aclass leading user interface and integratedInternet capabilities and provides allrequired to automate the management ofa manufacturing business.

Caliach’s road to Linux began when itneeded to replace an Apple Mac serverwith a Linux version. Managing director,Chris Ross, wanted the Mac server fordevelopment work and also wanted to

experiment with the Linux platform,especially as Omnis Studio on whichCaliach Vision is based, has introducedtheir own Linux development suite.

So he called in Paul Nash, a Linuxdeveloper, to swap over the server to runthe Mandrake 8.0 version of Linux. Paultransferred file serving and the Sendmailmail server and other functions includingFTP server (for customers to downloadupdates), Web server, Print server (on amixed Apple and Windows network) andMajordomo (for users mailing lists). Theserver also runs programs such asAnalogue, for gathering web statistics,and daily back-up to a removable disk. Inaddition, Caliach decided to load Linuxon to a number of PCs in its training suiteon a dual-boot basis with Windows.

Once Linux was up and running, Paulassisted Caliach with getting to grips withLinux, although he says this did not taketoo long: “Chris picked up Linux veryquickly and he obviously feels verycomfortable with its reliability, the lowhardware requirements and flexibility.“Chris has developed the Linux version inresponse to customer enquiries andCaliach Vision represents another killerapplication by providing a comprehensiveERP suite on Linux.”

Caliach Vision has been fully tested atCaliach’s training centre using differentversions of Linux including SuSE 7.3, RedHat 7.2, and Mandrake 8.0. A fullyfunctional Linux version of CaliachVision is available for downloading at theCaliach web site at www.caliach.com. ■

Manufacturing management with vision

UK Government supportfor Open Source Software

The UK Government has announced itslong awaited Policy statement on theusage of Open Source software within UKgovernment. The announcement comesafter a similar statement from the EC.

The EC published a paper on thepooling of Open Source Software byadministrations and declared they shouldshare costs on an open source licensingbasis, to cut eGoverment IT costs.Graham Taylor, Programme Director forOpenForum Europe, said “The statementis essential and very welcome but it mustbe seen as a first step”.

“Now is the time to rapidly developbest practice and ensure the UK can playits full part in the European opportunity.We are keen to bring the wide experienceof our partners to assist in acceleratingthe use and adoption of OSS.”

OpenForum Europe was launched inMarch this year and includes amongst itsmembers major suppliers and usergroups. It enables the government andprivate sector users to assess impartiallythe true viability and cost of ownership ofthe OSS Business Model, and gain realevidence of the commercial benefits thatcan be achieved. ■

9www.linux-magazine.com

Business NEWS

www.linux-magazine.com

NEWS Business

This ambitious project, scheduled torun for 24 months, is now beingimplemented in close collaborationwith acoustics and musical researchcentres as well as the Free SoftwareFoundation Europe. By developing arelease specifically designed for theprofessionals in the musical industry,Red Hat wants to enable authors andcomposers, as well as simple amateurs,to free themselves from technologicaland cultural constraints. By givingmore freedom to artists, the company’saim is to expand the global nature ofmusic even further and to extend theconcept of Open Source Software toOpen Source Music.

This distribution will be available asa download and on CD-ROM. The firstBeta version will be released on theInternet by the end of 2002 atwww.agnula.org. ■

Arkeia demonstrates newbackup solutions

Arkeia Corp., a supplier of enterprise net-work backup software, will beshowcasing its new beta version of itsArkeia 5 backup software and VirtualBackup Server Solution.

The new Arkeia 5 now features smoothnetwork integration, including automatichardware detection as well as a greatlyimproved new user-friendly interface.Arkeia 5 is now scalable from SMEbusinesses through to large enterprises.Its new modular plugin structure can nowsimplify specialised tasks, such as thebackup for open file databases and onlineservers. To simplify data security andreduce costs, Arkeia 5 can channel datafrom multiple servers onto a single tapelibrary.

Arkeia’s Virtual Backup Server solutionprovides a new array of local and remotedata protection services especiallyadapted to ISPs, telecom specialists andcable operators. By using Arkeia’s VirtualServer capacity, ISPs can now offercomplementary services to currentclients, plus the ability to attract newbusiness from expanding companies thatwant to avoid the expense of their ownhardware purchases. ■

Xandros brings life to CorelLinux Global Partners (LGP), a NY basedsoftware investment firm with financialholdings in eight Linux desktop andserver application companies, launchedXandros in August 2001.

Xandros is developing a customizedDebian-based Linux distribution that isderived from version 3.0 of Corel Linux. Itwill support both the KDE and Gnomedesktop environments. In addition to thefeatures that Linux users expect, Xandrosplan to distribute significant additionsand enhancements. Xandros is alsocreating an enterprise managementsolution that will reduce the total cost ofownership. This solution is complete “offthe shelf”, but Xandros can customizeand integrate the products and provideadditions to legacy systems as needed.

Xandros will offer a support package.They acquired Corel Linux division late inAugust 2001. ■

In tune with Red HatAgnula turns to Red Hat Linux todevelop a new distribution aimed atboth professional and amateurmusicians. Red Hat, Inc. is directlyinvolved in Project Agnula (AGNU/Linux Audio distribution), whichis being subsidised by the EuropeanCommunity, They will use this to createa new Open Source distribution basedon the Red Hat Linux.

With its numerous professional andmultimedia audio applications, thispackage will be distributed free ofcharge under the name ReHMuDi,which stands for Red Hat MultimediaDistribution. Entirely designed withinthe concept of Free Software, this newversion will at the same time be easy toinstall and update, and will also offerall the tools required for the musicalcreation and production, compilationand distribution.

Three year supportThe Danish subsidiary of Telia, TeliaConnect has agreed to a long termmaintenance contract with SuSE for itsIBM zSeries G7 mainframe systems.

In 2001 Telia Connect moved fromusing a 70 Unix server farm to one IBMS/390 to handle over 400,000 customersinternet accounts. By using the virtualmachine capabilities of the z Series, eachcustomer has their own SuSE LinuxEnterprise Server to operate on. As SuSELinux Enterprise Serverallows the modifications ofthe network and hard diskconfiguration while thesystem is active, TeliaConnect customers areprovided with an almostunlimited virtual servercapacity which has azero downtime.

“The combination ofIBM zSeries machines andSuSE Linux EnterpriseServer not only meets ourhigh standards withrespect to the stability andone hundred per centavailability,” explains ArneLarsson, CEO of Telia

Connect. “In SuSE Linux EnterpriseServer we have also found an operatingsystem that allows us to react flexibly toour customer’s demand for performance.Through the system maintenance and theproduction support, SuSE Linux AG givesus the security we need in order to meetour customers’ expectations regarding thequality of our services.” ■

10 September 2002


Business NEWS

Caldera partner ConectivaCaldera International, Inc. announced anew comprehensive partnership withConectiva, Inc. that will expand Caldera’spresence in Brazil. Under terms of theagreement, Conectiva’s sales force andreseller channels will sell all Caldera’sproducts and services.

Specifically, Caldera will provide theVolution product and services family ofmessaging and systems managementsolutions, as well as the company’s OpenUNIX and OpenServer UNIX solutionsinto Brazil, with future possibilities ofextending the relationship to the rest ofthe Latin American market. In addition,Conectiva and Caldera will partner toprovide customer support, training andprofessional services for the companies’mutual customers.

“Expanding our relationship withConectiva was a natural extension of theUnitedLinux initiative,” said DarlMcBride, president and CEO of Caldera.“With 70 per cent of the Linux marketshare in Latin America, Conectiva is in abetter position to more economically andefficiently service the business customersin this important market. This will alsofacilitate business with customers andpartners who need to seamlessly deploybusiness solutions throughout theAmericas by facilitating a united product,service and support model.” ■

Ensim software givespartners more control.

Dedicated Servers, announced that all ofits Windows and Linux servers will beincorporating Ensim Corporation’sWEBppliance software as standard.

As part of its ongoing drive to provide ahigh quality and innovative service thatnot only meets but anticipates its clients’needs, the large investment in Ensim’ssoftware is in order to allow customerseven greater control of their servers. Thewide range of features included withWEBppliance is of interest to resellers ofhosting services, web designers andsystems integrators as it is designed toallow these businesses to manage theirclients effectively, and in turn, allow theirclients to administer their sites with ease.

WEBppliance’s customisation settingswill let the partners offer private-labelhosting with specially tailored controlpanels and layouts to help reinforce theirown brand image and place their clients’focus solely on them. Support calls canbe reduced by directing customers tocontext-sensitive online help pages viathe control panel, monitoring and themanaging of bandwidth usage is alsosimplified through the tools provided,and the software greatly simplifies theconfiguration and deployment of newcustomer accounts. For more informationsee www.dedicated-servers.co.uk ■

NEC UK has announced the launch of anew Data Storage Division and unveiled arange of floppy disk drives, optical andtape backup solutions, including newtwo-terabit capacity tape backup devices.The company has also announced itschannel marketing strategy and futureproduct roadmap.

NEC Corporation has a long 40-yearpedigree in the design, manufacture andmarketing of high performance, highreliability storage products, both in Japanand in other European markets. Thecompany has now established a new UKoperation to serve the storage market.

NEC tape drives use Linear Tape Open(LTO) technology to ensure high-speedbackup, accuracy, longevity as well asreliability. All solutions are automated for

maximum ease of use and are fieldupgradeable for future technologies. NECalready has Mount Rainier-capableoptical disk drives. Mount Rainierprovides OS support for simple draggingand dropping of data. In addition, NEC’snew DVD-RW drives will be among thefirst in the UK capable of writing both+RW and -RW formats.

Other new developments willinclude 50-Gigabit blue laserdevices for data-intensiveusers; combinationDVD-RW / CD-RWdrives for theportablemarket;and NetworkAttached Storage (NAS)

SixTRAK IPm OpenController

The SixTRAK IPm is the ultimate processcontroller with the power of open Linuxsoftware. It’s powerful communicationsand advanced programming capabilitiesmake it the perfect solution for processcontrol, SCADA, or DCS application.Though it is built on the open Linux oper-ating system, no knowledge of Linux isrequired in most applications. Allowingyou to get all the benefits of open Linuxwith no extra effort. The SixTRAK IPm is100% compatible with SIXNET’s legacySixTRAK Gateways. All existing ISaGRAFuser programs will load and run in anIPm without any changes.

IPm is the SIXNET trademark for alarge family of flexible automationsolutions based upon open-source Linuxsoftware. They have upgraded thefirmware in the RTU and processcontrollers to run on a remarkableembedded Linux subsystem.

Now, in addition to all the powerfulfeatures of the pre-integrated SCS(Scalable Control Systems) technology,the systems have the power of opensource Linux. These new capabilitiesincludes a web server, advanced Ethernetservices and the ability to add your ownapplications programs or share in thewealth of free software provided by theextensive Linux community. ■

NEC UK launches Data Storage Divisionand Storage Area Network (SAN) solutionsfor large businesses. ■


Insecurity News

NEWS Insecurity

Computer Emergency Response Team(CERT), a security network based atCarnegie Mellon University, warned thatsystems using the affected code shouldimmediately apply patches or disable theaffected services.

Cory Cohen and Jeffrey Havrilla fromCERT report that the integer overflow inthe library can lead to buffer overflowsthese in turn can allow unauthorisedusers to compromise the system by eitherexecuting other program code, takingdata or taking down a system. With theKerberos 5 administration system anunauthorised user could take control theKey Distribution Center authenticationfunctions. The Kerberos developmentteam at MIT has issued a warning andpatch on their website. Patches are alsoavailable from CERT, Apple or the Linuxdistributors' websites. ■

Util-LinuxThe Red Hat Network site at rhn.redhat.com/errata/RHSA-2002-132.html reports avulnerability in the util-linux package.This security error was discovered by theBindView RAZOR Team. By exploitingthe flaw it is possible to allow a local userto use privilege escalation when theptmptmp file is not removed properlywhen using the chfn utility.

The util-linux package contains a hostof utilities such as fstab, mkfs, and chfn.Because setpwnam.c inadequately locksa temporary file that is used when it ismaking changes to /etc/passwd, a racecondition could be used by the exploiterto elevate his privileges on the system,and so compromise security. This newvulnerability is not limited to the Red Hatdistribution alone.

PHP errorsA vulnerability has been discovered inPHP versions 4.2.0 and 4.2.1. It is fearedthat this vulnerability could be used by aremote attacker to execute arbitrary code

or crash PHP and/or the web server. Thevulnerability occurs inside the portion ofPHP code, which is responsible for thehandling of the file uploads, specificallymultipart and form-data. However, bysending a specially crafted POST requestto the web server, an attacker could nowcorrupt the internal data structures usedby PHP. In this way an intruder couldcause an improperly initialized memorystructure to be freed.

In most cases, an intruder could thenuse this flaw to crash PHP or the webserver. Under some circumstances, anintruder then might be able to takeadvantage of this flaw and executearbitrary code with the privileges of theweb server.

This vulnerability was discovered bythe e-matters GmbH team and this isdescribed in great detail in their securityadvisory. Stefan Esser of e-matters GmbHhas indicated that fortunately intruderscannot execute code on any x86 systems.The vulnerability is not limited to just theRed Hat distribution alone. ■

Systems that use Sun Microsystem's XDRsoftware are vulnerable. This applies toMS Windows, Apple Mac OS X and Unixbased systems. It is possible to gain rootaccess and so take control of your system.The XDR library is available and usedacross a range of operating systems, sothe flaw is not limited to any one OS inparticular and even extends to Kerberosauthentication systems.

The problem is widespread because itaffects some implementations of XDR(external data representation) libraries,used by many applications as a way ofsending data from one system process toanother, regardless of the computersystem's architecture.

The affected libraries are all derivedfrom Sun Microsystem's SunRPC remoteprocedure call technology, which hasbeen taken up by many vendors. The

Mandrake

ApacheA Denial of Service attack was discoveredby Mark Litchfield in the Apache web-server. While they were investigating thiscommon problem, the Apache SoftwareFoundation also discovered that the codefor handling invalid requests that useschunked encoding might also allow somearbitrary code to be executed on 64bitarchitectures. All versions of Apacheprior to 1.3.26 and 2.0.37 are vulnerableto this problem.

MsecThe Mandrake Linux Security tool usuallycalled msec has a potential securityvulnerability. The msec utility will restorethe default property settings during aperiodic system audit. These defaultsettings being 755 mode for each user'shome directory. CERT/CC does notbelieve that this utility represents anysecurity vulnerability as this behaviour isaccurate and maintains the configuredsecurity policy. This is consistent with theproduct documentation. ■

Trojan OpenSSHCERT Advisory CA-2002-24 CERT hasreceived confirmation that some copies ofthe source code for the OpenSSH packagehave been modified by an intruder andcontain a Trojan horse. The followingthree files were modified to include themalicious code: openssh-3.4p1.tar.gzopenssh-3.4.tgz openssh-3.2.2p1.tar.gz .

These files appear to have been placedon the FTP server which hostsftp.openssh.com and ftp.openbsd.org onthe 30th or 31st of July, 2002. TheOpenSSH development team replaced theTrojan horse copies with the original,uncompromised versions at 13:00 UTC,August 1st, 2002. The Trojan horse copyof the source code was available longenough for copies to propagate to sitesthat mirror the OpenSSH site.

The Trojan horse versions of OpenSSHcontain malicious code that is run whenthe software is compiled. This code isused to connect to a fixed remote serveron port 6667/tcp. It can then be used toopen a shell running as the user whocompiled OpenSSH. ■

Security flaw hits Windows, Mac, Linux

Red Hat


Insecurity NEWS

dietlibcThe RPC library which is used by thedietlibc package, being a size optimizedlibc, has had an integer overflow errordiscovered. The RPC code is derived fromthe SunRPC library. By exploiting thissecurity flaw it is possible to gain rootaccess to any software which is linked tothis library code.

These problems have now been fixed inversion 0.12-2.2 for the current stableDebian distribution (woody) and also inthe version 0.20-0cvs20020806 for theunstable distribution (sid). DebianGNU/Linux 2.2 (potato) is not affectedsince it does not contain the dietlibcpackages. The vulnerability is not limitedto the Debian GNU/Linux distributions. Itcan occur in any system in which thepackage has been installed.

tinyproxyA small bug has been found by theauthors of tinyproxy, a small sized HTTPproxy program, in the way that it handlescertain invalid proxy requests. It might bepossible that in some cases the invalidproxy request may result in the freeing ofan allocated memory block to happentwice. This in turn could then lead to theexecution of arbitrary code.

This problem has been fixed in version1.4.3-2woody2 for the current stabledistribution (woody) and in version1.4.3-3 for the unstable distribution (sid).The old stable distribution (potato) is notaffected by this problem. This securityvulnerability is not limited to DebianGNU/Linux alone.

superThe super package which can be used toprovide certain system users access toparticular users and programs has beenfound to have a vulnerable use of formatstrings. By exploiting this bug a local usercould possibly gain root access.

This problem has been fixed in version3.12.2-2.1 for the old stable distribution(potato), in version 3.16.1-1.1 for thecurrent stable distribution (woody) andin version 3.18.0-3 for the unstabledistribution (sid). The vulnerability is notlimited to Debian alone. ■

SuSE

wwwoffleSuSE reference SuSE-SA:2002:029 TheWWWOFFLE, World Wide Web OfflineExplorer, program suite acts as a HTTP,FTP and Finger proxy to allow users withdial-up access to the internet to do offlineWWW browsing. The parsing code ofwwwoffled that processes HTTP PUT andPOST requests fails to handle a ContentLength value smaller then -1. It isbelieved that an attacker could exploitthis bug to gain remote wwwrun accessto the system wwwoffled is running on.

Temporarily, the wwwoffle daemon canbe disabled in the following way (asroot): rcwwwoffle stop.

bind, glibcA vulnerability has been discovered insome resolver library functions. Theaffected code goes back to the resolverlibrary shipped as part of BIND4; codederived from it has been included in laterBIND releases as well as the GNU libc.

The bug itself is a buffer overflow thatcan be triggered if a DNS server sendsmultiple CNAME records in a DNSresponse.

This bug has been fixed for the gethost-byXXX class of functions in GNU libc in1999. Unfortunately, there is similar codein the getnetbyXXX functions in recentglibc implementations, and the code isenabled by default, but, these functionsare used by very few applications, suchas ifconfig and ifuser, which makesexploits less likely.

Until glibc patches are available, youshould disable DNS lookups of networknames in nsswitch.conf. Simply replacethe line containing the tag “networks:”with this line: networks: files. If havingconfigured a name to network mappingvia DNS, copy this information to/etc/networks.

The resolver bug is also in the libbindlibrary included in BIND. This library isused by the bindutil package. ■

www.cert.org/www.vulnwatch.org/rhn.redhat.com/errata/www.linux-mandrake.com/en/security/www.suse.de/uk/support/security/index.html

INFO

galleryThe gallery program, which is a web-based photo album toolkit, has had avulnerability discovered. It is possible toremotely pass in the GALLERY_BASEDIRvariable. By doing this, it is possible toexecute commands and so compromisethe system under the uid of the webserver. This has been fixed in version1.2.5-7 of the Debian package andupstream version 1.3.1. The vulnerabilityis not limited to Debian alone.

mmSebastian Krahmer and Marcus Meissnerhave both discovered, as well as fixed, atemporary file vulnerability in the mmshared memory library. This error couldbe exploited to gain root access onto amachine which is running Apache that islinked against this library and if shellaccess to the user “www-data” is alreadyavailable (and this could be also triggeredeasily through PHP).

This problem has been fixed in theupstream version 1.2.0 of mm, which willbe uploaded to the unstable Debiandistribution while this advisory isreleased. Fixed packages for potato(Debian 2.2) and woody (Debian 3.0) arelinked below. The vulnerability is notlimited to Debian alone.

libapache-mod-sslThe libapache-mod-ssl package providesSSL capability to the apache webserver.Recently, a problem has been found inthe handling of .htaccess files, allowingarbitrary code execution as the webserver user (regardless of ExecCGI /suexec settings), DoS attacks (killing offapache children), and allowing someoneto take control of apache child processes– all through specially crafted .htaccessfiles.

More information about this securityvulnerability can be found at online.securityfocus.com/bid/5084

This error has now been fixed for thelibapache-mod-ssl_2.4.10-1.3.9-1potato2package (for potato), and also in thelibapache-mod-ssl_2.8.9-2 package (forwoody). The vulnerability is not limitedto Debian alone. ■

Debian


Zack’s Kernel NewsNEWS Kernel

Quick freezeA 2.5 feature freeze is planned for Octo-ber 2002, as decided at the recently heldLinux Kernel Summit. A code freeze willfollow, in which only bugfixes will beaccepted into the kernel; and finally, 2.6will be released, amid joy and jubilationaround the world. That is the plan. Thereality, however, will almost certainlyprove somewhat different.

Earlier transitions from unstable seriesto stable releases have all taken muchlonger than anyone expected, and thishas been recognized as a problem foryears, not just in kernel development, butin many other large open source projectsas well. In open source, there are manydevelopers working at all times to addfeatures, rewrite various existing portionsof the kernel, port the system to otherarchitectures, and so on.

As long as the development series is infull swing all is well. These developersmay work and work at their own pace,concluding their work when the time isright. But the 2.6 kernel cannot bereleased until all the various tendrils ofdevelopment have been brought together,at least somewhat, or the system wouldnot work at all.

It’s quite common for kernels in thedevelopment series to be broken and noteven to compile successfully. This isbecause work in one area may be at a

particularly invasive stage, while a newrelease is required in order for otherdevelopers to continue merging theirwork. Before the transition to a stableseries, however, all the developers mustbring their portions of the code to roughlyequal status, as complete and as stable asthey can get them.

Naturally there is always a big push toget just one more feature in before thedeadline, and in earlier years Linus wouldoften make such exceptions, which thenneeded time to stabilize, during whichother people would protest the exclusionof their own patches. If 2.5 does success-fully freeze in October, it will be theshortest development cycle on record,and will indicate a shift in the way it hasbeen handled. ■

Joining up FilesystemsFilesystem capabilities are makingprogress. There’s been partial supportsince 2.2, with several individuals andgroups working on the problem eversince. Now it looks as though completesupport may arrive within the 2.5 timeframe. The 2.5 Virtual Filesystem (VFS)has supported extended attributes (EAs)since 2.5.3, and plan to implement POSIXcapabilities within the EA framework.

However, the Linux Security Modules(LSM) project has been coming at theproblem from the opposite direction,implementing capability support, without

yet handling the link between the EAframework and capabilities. It seems thatall that remains is to meet in the middle,which does not seem such a long way off.POSIX capabilities allow root privileges tobe split up into atomic privileges thatmay be granted or withheld individually.

A given program may run with thecapability to delete a file on the system,but not to modify it. Extended attributesare a general purpose method of storingmetadata within an inode on disk. Eachattribute is composed of a name and acorresponding value, stored with the file.

Doorway to BitKeeperPavel Machek has set up a CVS gatewayto BitKeeper, so developers who want touse only free software, can use CVS tocommunicate with the BitKeeper treesmaintained by Linus and others.

Ever since Linus began using BitKeeperto organize development, the kerneldevelopers have been split into twocamps. One camp feels that BitKeepersolves a lot of problems and is a goodthing to use, especially as there is no freealternative; while the other camp feelsthat Linus, as spokesman for the entirecommunity, should not compromise theethics of free software by giving such acentral role in kernel development to acommercial product .

The most visible advantage to Bit-Keeper is that each new kernel release isnow accompanied by a completedescription of the patches that went intoit. But many people feel that this andother advantages are outweighed by thefact that BitKeeper is a commercial,closed source product.

Various alternatives to BitKeeper havesprung up recently, but none of themhave achieved the technical maturity ofBitKeeper, and Larry McVoy (BitKeeperowner) predicts that it will take years todevelop a free alternative to BitKeeper. SoLinus and a number of other kerneldevelopers continue to use it. ■

As with many new Linux features,capabilities, extended attributes andAccess Control Lists have been extremelycontroversial at times. The developerstend to take a unique approach to allaspects of system design. It is notunheared of them to reject the acceptedstandards, if they feel a better solution isavailable. As a result, the question ofwhether to add a particular feature likecapabilities often boils down to details ofimplementation and behaviour that maynot have been envisioned by its originaldesigners and developers. ■

The Kernel Mailing List comprises the core ofLinux development activities.Traffic volumesare immense and keeping up to date with theentire scope of development is a virtuallyimpossible task for one person. One of the fewbrave souls that take on this impossible task isZack Brown.Our regular monthlycolumn keeps you up todate on the latestdecisions and discussions,selected and summarizedby Zack. Zack has beenpublishing a weeklydigest, the Kernel TrafficMailing List for several years now, reading just the digest is a time consuming task.Linux Magazine now provides you with thequintessence of Linux Kernel activities straightfrom the horse’s mouth.

INFO

probably only release 2 or 3 additionalversions, and will almost certainly stopwith 2.0.42.

Amusingly, Mikulas Patocka recentlyrefused to take over as maintainer of the0.01 tree. Last September, while playingaround on the earliest version, Mikulasdiscovered a bug and posted a fix onlinux-kernel. A lot of folks’ eyes poppedout of their heads over that one, andLinus offered to let Mikulas be the officialmaintainer of that tree.


2.0 marches onSomeone recently suggested droppingsupport for the old 2.0 kernels. DavidWeinehall, the 2.0 maintainer, said hewould continue to patch 2.0 bugs as longas people continued to send fixes to him.He said, and Alan Cox (2.2 maintainer)agreed, that maintaining these kernelsdid not drain development effort frommore current projects, primarily becausethere was so little required to maintainthem. David predicted, that so little workneeded to be done on 2.0, that he would

Kernel NEWS

Time for a changeEver since Ingo Molnar wrote his fastnew process scheduler, there has been atremendous push to see it included in the2.4 kernel. But for six months the main-tainers have resisted including it.

A number of Linux vendors haveincluded the patch in their distributionswith no problems, so that most Linuxusers in the world have probably beenusing the patch for some time, but amongthe kernel developers there is reluctanceto include such an invasive change intothe 2.4 series, which is supposed to bekept as stable as possible.

Any patch to modify a fundamentalcomponent as the scheduler, would makethe kernel less dependable, because itwould be less well tested. Ingo hopes isthat the patch will receive more testing,and be shown to be truly stable, beforebeing included in the stable kernel series.

Some developers feel that the patchshould wait for the 2.6 series. Thesedevelopers point out that the defaultscheduler currently in use in the 2.4series is perfectly usable, and doesn’tneed to be replaced.

It is impossible to think about thisissue without recalling Linus’ decision toreplace the entire Virtual Memory sub-system early in the 2.4 series. This was avery invasive change on the order ofreplacing the scheduler, and was metwith harsh criticism and much bitterness.

In addition, the VM subsystem at thattime still had many problems, and wasimproving only very slowly. In the event,it turned out that Linus’ decision toreplace it, led to a more robust system,though many developers felt he shouldnot have taken such a big risk. ■

Stable DetectionHardware detection is reaching stasis. Inthe desire for a fully developed plug-and-play system, the question occasionallycomes up, of how to automatically detectall hardware currently installed, and howto detect hardware that is hot-pluggedinto and out of a running system.

Current kernel policy is to detect allhardware that it is possible to detect, butnot to make assumptions about the waysthat hardware will be used. For instance,it would be a security risk for the kernelto automatically mount all filesystems itdetected at bootup. The decision of whento mount the filesystem is left to theadministrator, even though most Linuxsystems mount their filesystems atbootup, it is controlled by user-level con-figuration, not by the kernel.

The situation is made more complex bythe fact that Linux runs on a great varietyof systems, which don’t all support thesame kinds of hardware detection. Somesystems, such as s390, s390x, x86 andia64, are now able to hot-plug CPUs inand out of the system at will, while othersshow no promise for such a thing.

For a long time, developers despairedof ever being able to hot-plug regular PCIcards, until Compaq demonstrated aLinux system capable of this in Januaryof 2001. Within a couple months, patchesfor this were in the mainstream kernelsources. But it remains dangerous to hot-plug certain pieces of hardware. On somehardware, plugging a mouse or keyboardinto a running system may break thosecomponents. There is nothing the operat-ing system can do about those situations,because the problem occurs at a morefundamental level. ■

Temporary unstable fixThe 2.5 IDE disk code is being entirelyrewritten for 2.6, and is currently in abroken state, which has been causingdelays in other areas of development.

Some developers attempting to testtheir own work on recent 2.5 kernelshave been unable to do so, because IDEsupport has been removed during theextensive changes. Recently it wasreported that system lockups and evendata corruption could result from testingthe current 2.5 IDE code.

While this is not uncommon for adevelopment series, it has caused somefrustration among various developers,and recently inspired Jens Axboe to portthe 2.4 IDE code up to 2.5 and maintain itas a separate patch. He did this in orderto be able to test his own projects, butthought other folks might find it useful.

In fact, many people were overjoyedby this development. Some developershad been too frightened even to try any2.5 kernels, but with IDE temporarilypatched up, they felt they could begin toreach tentatively into doing 2.5 work.

Jens was careful to add in hisannouncement, that the IDE maintainerwas doing a very good job, and that Jens’patch was simply a temporary expedientuntil the real IDE code stablized. It is thistactful acknowledgement that probablyprevented an angry flame war.

The IDE rewrite has been controversial,because it has had to get worse before itcould get better. Most large rewrites haveeither not entailed long periods of break-age, or else have involved less centralsystems, whose breakage would notinconvenience too many developersinvolved in doing other work. ■

Then it was Mikulas’ turn to have hiseyes pop out of his head, and sadly, herefused to honor. Maintainership hasoften been delegated based on interest.Alan became 2.2 maintainer primarilybecause he insisted on producing patchesfor it. David became 2.0 maintainerbecause he objected when Alan decidedto stop maintaining 2.0 himself. As far asI know, Marcelo Tossatti (2.4 maintainer)is the only person to actually go througha selection process. ■

Letters to the editor

Write Access


NEWS Letters

Image accessI have been given a new camera for

work. The camera is a HP PhotoSmart215 which is not listed as supportedunder gPhoto. Can I extract the imagesusing Wine or Lindows. Alan Slater, by e-mail

It maybe possible to use Wine or runan emulator such as VMware to accessA

Q the HP software for image extraction.However after a quick web search weturned up a page where someone has justthe same camera. www.sonic.net/~rknop/linux/hp215.html We then tooka trip to our local PC store and purchaseda Dane-Elec PhotoMate Combo USBcompact Flash reader. By simply plugging

this device into the USBport and mounting thedevice as a SCSI drive wewere able to browse thecamera contents.

mount /dev/sda1 U/mnt/flashcd /mnt/flashls

We then used midnightcommander (mc) to copythe files and viewed themwith Electric Eyes orother image software. ■

No Change I have set up a new Linux machine

and want to change the IP address I use

ifconfig eth0 192.168.0.1 U

netmask 255.255.255.0

This works fine until I next reboot whenthe previous IP address appears. How doI write a script so I do not have to keeptyping this. Erik Bildt, Tromso, Norway

Rather than write a new script youjust need to change your currentbootscript. On both Mandrake and RedHat Linux distributions this is in the/etc/sysconfig/network-scripts/ifcfg-eth0and can be changed with either theDrakConf utility or with the NetworkConfiguration tool. Whereas, on the SuSELinux distribution the file is found in/etc/sysconfig/network/ifcfg-eth0 and inthis case is best changed by using theYaST2 / Network Basic / Network cardconfiguration option. ■

A

Q

Deutsche PostWorld Net

Your views and opinions arevery important to us. We wantto hear from you, about Linuxrelated subjects or anythingelse that you think wouldinterest Linux users! Please send your letters to:Linux MagazineStefan-George-Ring 2481929 MunichGermanye-mail:[email protected] tell us where you arewriting from.

Figure 1: mc copying from the Compact flash to a hard drive


Letters NEWS

MultibootsI run a mixed OS on my desktop. I

have installed SuSE 8.0 but BootMagicdoes not see it and Linux will only bootoff a diskette. How should I reinstallBootMagic. Jeff Millese, Gatineau, Canada

When you installed the SuSE Linuxdistribution you told it to place the bootloader on to a floppy disk. In this case

A

Q

Missing in actionI have just upgraded my Red Hat

Professional Linux and although it workssmoothly I have no LinuxConf. This is akey tool for controlling my system. Whatshould I do?C Singer, by e-mail

Quoting from the RH 7.1 manual “Oneof the most powerful tools you can usefor system administration is Linuxconf.You can use Linuxconf for adding andmanipulating accounts, monitoring sys-tem activities, controlling the way yoursystem starts, and more.” So what havethey done with it? In RH 7.3 the package was finallyremoved after being deprecated in 7.2.This was due to many users complainingit was not functioning for them and sonow we have a more tightly Integratedutility in ServiceConf. For those who justcannot live without there belovedLinuxconf it is still available from www.solucorp.qc.ca/linuxconf ■

A

Q

BootMagic, when it starts, cannot see theLinux loader. Start your Linux with thefloppy disk and then use the YaST2/System/BootLoader configuration optionto put the bootloader onto either thebootsector of the boot partition or theboot sector of the root partition. Do notput this onto the Master Boot Record asthis is being used by BootMagic, which is

now sold as part of thenew Partition Magicprogram under thePowerQuest brandname, and so you donot want to overwritethis. Now when yourerun your BootMagicdisk and it should seethe Linux loader on thehard disk. For those of you whodo not want to pay fora System loader pro-gram, they can alwaysdownload the XOSL(eXtended OperatingSystem Loader) athttp://www.xosl.org/

although this is stillunder development. ■

Figure 2: SuSE Linux’s YaST2 boot configuration utility that lets you savethe boot loader where you want.

Accessing all areasI am forgetful. Just the usual but it is

annoying. I download a file and save it.Fine, you say, but if I do it under Win-dows how do I get it under Linux when Ireboot rather than downloading and fill-ing up my hard disk again. Steve Hall, Bilston, UK

You need to mount the Windowspartition as another Linux device. Thenyou can access all the files and data. Wehave in our Filesystem table (/etc/fstab)file the line

/dev/hda1 /mnt/windows vfat U

noauto,user 0 0

Now use the mount /mnt/windowscommand to gain access to the FAT32windows partition on hda1. The noautooption means that it is not mounted bydefault when you boot the Linux system.The user option means users can mount itand not just root. The two 0’s mean that adump command will not attempt tobackup this partition and when mountedthe fsck command will not run. Lookingat it from the other side you could alwaysaccess your downloaded data stored onyour Linux partitions while using theExplore2fs utility. ■

A

Q

To many man pagesI know that Linux comes with lots of

documentation, sometimes I think thereis too much. If I forget the name of a com-mand I can waste ages flicking throughman pages trying to find it. Is there aneasier way to look them up?Mark Day, by e-mail

The man pages are a fine resource andeveryone really should take some time tomake sure they know how to make fulluse of it. The information in a single manpage can be broken up into sections, like'synopsis' and 'description'. With someline switches added to your mancommand, you can get to search throughthis information. For example, if youknow there is a command to back up anext2 file system, but you are unable toremember its name:

man -k ext2

will list of all of the man pages that have'ext 2' in their description text. ■

A

Q

Figure 3: Red Hat Linux's ServiceConf tool for allyour control needs

although the added value has stayedmore or less on the same level.

Until about two and a half years agofresh Red Hat boxes were available foraround £30 to £40, however, now eventhe Personal box with its lean contentcosts up to £50. The increase in price forthe Professional version, which nowweighs in at around £180, has been evenmore alarming. New Professional andPersonal versions appear twice a year ona fairly regular basis.

Red Hat NetworkThe Red Hat Network is the centralinstrument for keeping a Red Hat systemreliably up-to-date. A basic subscription

now costs US $60 a year. The customer isregularly notified of patches for thisamount and can apply them via a GUI.Preferential access to the ISO images ispart of the package and this is useful attimes when FTP servers are feeling thestrain. The Enterprise version comprisesgenuine system management features:allowing you to group servers by task,also to manage the privileges for multipleadministrators, setup local proxy serversin enterprise networks and so on. Thosewishing to subscribe to the Enterpriseversion of Red Hat Linux will have to payabout US $240 annually.

It is interesting to note how the Red HatNetwork has been hardened over the


When Bob Young and MarkEwing founded Red Hat backin 1995 their goal was, above

all, to make people think “Red Hat” whenthey thought Linux, just like they thought“Heinz” when they thought aboutketchup. The Red Hat was intended as asymbol, a synonym for Linux and OpenSource. Of course this is not quite whathas happened – an operating system isnot as simple as tomato ketchup whetherviewed from the technical or from themarketing perspective.

What is left over from the Young era isthe strong business orientation; Red Hatnever has been a Geek to Geek business.The commitment to Open Source and theGPL is what is mainly responsible for thebenevolent attitude the Community hasshown – despite there having been sometechnical and strategic decisions whichmight be considered to be questionableemanating from the main company head-quarters in Raleigh.

Red Hat and the ConsumerRed Hat has concentrated almost entirelyon the business to business market forthe past 3 years, working on the premisethat profits in that area are more easy tocome by than on the OTC market. But alarger user base is important to the longterm success of a software product. Noproblem, anyone can download ISOimages of the current distribution. Endusers who insist on buying a box arebeing asked to spend more each year,

Although it was only just released in time to make this issue, Red Hat, the

US market leader’s, Advanced Server distribution is the subject of an exhaustive

test. Its aim – to find out whether Red Hat purchasers are in good hands.

BY ULRICH WOLF

Red Hat’s future

Red Hat Unwrapped

Red Hat introCOVER STORY

Red Hat Advanced Server test . . . . . . . . . . . . . . . . . 20We put Red Hat’s flagship product througha series of grueling tests to see if it lives upto its promise.

Scott Harrison Interview . . . . . . . . . . . . . . . . . . . 24Scott is the director of Red Hat’s NorthernEurope division. We managed to ask hisviews on the future.

COVER STORY

years. Anonymous access was originallyavailable via the up2date update agent;mandatory registering for the service wasthen introduced in 2001. The service leveldemo still allowed you to use up2date tokeep your Red Hat system up to datewithout paying the registration fees. Butthis backdoor has since been closed. Thepurchasers of the Personal and of theProfessional distributions now have timelimited access to the basic version of theRed Hat Network.

For companies and private usersXimian’s Red Carpet is an alternative thatworks with various distributions, thatoffers more packages and is often muchmore up to date.

Training and CertificationRed Hat has managed to establish theRHCE (Red Hat Certified Engineer) as aquasi-standard for Linux certificationsand training. In contrast to the LPI (LinuxProfessional Institue) multiple choicetests available previously, the RHCEexams are practically oriented. The testcandidate is required to solve the types ofproblems that real-world administratorsare faced with. The inclusive systemadministration courses cost around£1,600 or just the exam for £480; studentsand teachers at recognized schools canapply for a 50 percent reduction.

Courses are also available for other RedHat products such as the PostgreSQL

based Red Hat Database, Webserver, theOnline-Shop, Interchange, or theirEmbedded Tools for the eCOS realtimeoperating system.

Red Hat does not automatically leadyou to thinking about embedded systems.However, the former Cygnus developersare responsible for a major portion ofturnover. The Services division forEmbedded Systems has returned a doublefigured million dollar sum each year. TheSony Playstation 2, which was developedusing Red Hat’s compiler technology, isone of the prestige projects in this area.For Embedded Systems with a smallmemory base Red Hat does not use Linuxbut eCOS. But the eCOS operating systemis also Open Source.

ForthcomingFrom a business point of view Red Hat iscertainly an attractive proposition,especially in comparision with the otherLinux and Open Source enterprises thatstarted up in the 90s. However, expectingprofitability does not seem to be a veryrealistic option at present.

Although Red Hat has returned neutraloperating results in some quarters, thecompany is still struggling with a largeproblem common to many enterpriseswho went on shopping sprees during theNew Economic boom: namely write offson goodwill and immaterial items relatedto acquirements. These figures may ruinthe balance sheets for some time to come.Red Hat closed the last financial year,which ended in February 2002, with aloss of US $140 million, with a turnoverof only US $79 million.

The most recent turnover figures showno signs of a drastic slump, Red Hat doesseem to be riding the storm prevailing inthe IT sector more comfortably than othersoftware companies. Times of crisis mayalso be a good opportunity for value formoney Open Source solutions. On theserver side of the business, competitionfrom other Unix systems still plays amuch more important role than theMicrosoft landscape, and although RedHat is a player on the mainframe Linuxscene, the company does not seem tohave risked its neck as much as its Linuxrival SuSE, for example.

More recently, it seems that Red Hat’sfocus may be shifting to the corporatedesktop and there have been someannouncements concerning “advanced”

(that is more expensive) desktop andworkstation distributions that wouldseem to confirm this trend.

When it comes to database systemsRed Hat is apparently incapable of steer-ing a straight course. On the one handRed Hat has its own Open Source basedRed Hat Database product in its portfolio,and this product is probably equal tomost tasks. On the other hand Red Hatseems to be assisting the database giant,Oracle, in an attempt to open some doorsto the large enterprise market. The logicalresult of this is an unusual hesitance tomarket their own product.

Despite their efforts to make their namesynonymous with both Linux and OpenSource in general, Red Hat will have toaccept being measured on the strength oftheir Linux distributions. Their priceswould seem to indicate that they are byno means lacking in self-confidence. ■


Red Hat is planning to compile a portfolio ofsoftware patents for strategic reasons. At thesame time the company intends to continueactively opposing software patents.A welcome side effect of this is that analyststend to rate an enterprise by the amount of“intellectual property”it has collected. Andpatents are the units used to measure intel-lectual property.The fact that the principleof free software is diametrically opposed tothis and the fact that intellectual property isimpossible to quantify does not seem totrouble Red Hat too much.Red Hat has promised not to pursue patentinfringements if these occur in a Freewarecontext.This promise was formulated in theclassical form of a legal statement of intent,but it will prove difficult to pursue Red Hat inany way, should the company then decidethat it is going to renege on this promisesome time in the future.

Red Hat and the Software Patents

Bob Young: Thecharismatic Red Hatfounder and formerused automobilesalesman, Robert F.Young, was one ofthe first to discover

the commercial potential of free softwareway back in 1995. After handing over hisoffices to Matthew Szulik in 2000 he wasstill actively involved with the Red Hat boardbut has gradually sold a major part of hisRed Hat shareholding.He is now the owner of a small businesscalled Lulu Enterprises that organizes techni-cally oriented events whose fun factor andproximity to the participants distinguishesthem from traditional events.The first“LuluTech Circus”will be taking place September27 through 29 in Raleigh, North Carolina, onRed Hat's home territory and the site of alarge IBM branch.

Colin Tenwick: Whilehe was responsiblefor Red Hat's Euro-pean activities,Tenwick was nevershort of a catchyphrase, much in the

tradition of Larry Ellison or Scott McNealy.But he did not stick to this position for long.He is now CEO of the Stepstone onlinecareer and recruitment service that is alsoknown for it disposition to loud marketing –although this line of business does require acertain amount of discretion at times.

What ever happened to…

COVER STORYRed Hat intro


Remember Red Hat for Oracle orRed Hat for SAP? These were bothavailable as separate products and

certified by the appropriate ISVs (Inde-pendent Service Vendors). To prevent thislist from running into the middle of nextweek, the Marketing guys in Raleigh havecome up with the Advanced Server. Atleast 20 ISVs have given the go aheadwith the list including major players likethe IBM Software Group, applicationserver specialist BEA and SAP. Addition-ally, Red Hat is asking the hardwaremanufacturers to climb on board.

As the SuSE Linux Enterprise Serverproves, certification justifies a muchhigher selling price in its own right. Butin contrast to their competitor, Red Hathave added some technical enhance-ments and are pushing the productsscalability on SMP machines, cluster sup-port, load balancing via Piranha and highavailability. In order to do justice to RedHat’s technical claims we decided tofocus our activities on setting up a clusterto provide high availability with two nodefailover.

The availability of the distribution itselfwas not too hot. Although we waiteduntil well after our editorial deadline, RedHat was unable to deliver a boxed prod-uct to our test lab. So our test is based onthe CDs we created from the ISO imagesthat Red Hat finally managed to upload toour FTP server.

InstallationThe installation procedure for AdvancedServer is very similar to the procedurealready used in Professional 7.3. Red Hatuses the same GUI installation programfor both distributions. The welcome pagenow additionally offers the AdvancedServer option, in contrast to the variousserver and workstation variants availablein the Professional edition.

Advanced Server is an internationalversion providing multi-lingual support,although the documentation is entirely inEnglish.

The character based installation doesnot seem to be any different from the

Red Hat’s latest flagship goes by the name of Advanced Server. Approved by

major software publishers and equipped with enterprise features such as high

availability and clustering the Advanced Server targets the more demanding

customer, but despite the version number 2.1 it is quite obviously a newcomer.

BY MIRKO DÖLLE, ULRICH WOLF & ACHIM LEITNER

Red Hat Advanced Server 2.1

Advanced Level

Advanced Server testCOVER STORY

Tourismus,Frutigen,visipix.com

Professional 7.3 Red Hat distributions,although you may discover one or twoissues (as we did), if you need specialkeyboard layouts.

Setting up a firewall on a cluster ismore complex than on a single machine.You cannot perform the installation justusing the defaults (medium securitylevel, allow no services or just DHCP)because the defaults will interfere withthe cluster configuration. We recommendomitting the firewall installation at thisstep and manually adding customizedrules for the cluster at a later stage.

Red Hat distributions still use theGnome desktop, although a KDE option isavailable. But production systems willtend to be managed remotely, and thatmakes the GUI redundant. To install atext-based environment, you simply dis-able the Gnome package during theinstallation.

Hardware en masseThe documentation describes a two nodefailover as a typical setup for AdvancedServer 2.1, so we decided to base our teston this scenario. The cluster for our testsystem comprised two Dual Athlonmachines running at a clock speed of1.533 and 1.666 GHz respectively, bothequipped with an Adaptec 29160 U160SCSI controller. We installed the Red Hatsystem on the internal hard disks of bothmachines.

There were no complaints regardinghardware, although a Promise Fasttrack100 RAID 0 system was recognized as twoseparate disks. This meant having tobreak up an existing RAID array or

replace it with a software RAID array.And there was a slight APIC issue withthe Asus A7M266-D board in the firstmachine. The kernel kept on crashingduring initialization, but the “noapic”boot parameter soon sorted that out.

Two Channel SCSIWe stored data for the cluster services onan Easy-RAID X12 by Starline Computers[2]. This SCSI / IDE RAID system (seeFigure 1) features a dual channel SCSIhost controller and twelve 120 GB drives,although we used only the first four.When we attempted to mount the totalcapacity of 1.44 TB, we could not accessthe device. Linux complained about readerrors on “/dev/sda”. To allow bothmachines simultaneous access to all thepartitions on the RAID system we thenconfigured the four disks as a large share.

Red Hat supports fiberchannel systems,which you would need to configure forparallel access. NAS systems are notcurrently supported and the cluster con-figuration will not talk to network drives.

Network Power SwitchRed Hat’s “Cluster Manager Installationand Administration Guide” [3] recom-mends the use of a power switch, tocompletely power down a faulty machinein case of node failure. The idea is to pre-vent the common RAID system fromfreezing. APC kindly provided us with aMaster Switch AP9212 (Figure 2), whichfeatured eight switchable outlets. Weattached the power switch to the networkleaving the serial port unused.

However, we found the cluster softwarewas unable to control the power switchcorrectly: Instead of powering off a failedmachine (Immediate Off) the clustermerely emitted an Immediate Rebootsignal, causing the failed machine topower off for a few seconds before it thenpowered on again.

Depending on the BIOS configurationthe computer may attempt to restart, andin this case a damaged SCSI controllercould lead to the RAID system freezing.Since the software will not transmit asecond signal, this would take the wholecluster down.

Cluster InstallationThe configuration of the cluster softwarewith the “cluconfig” console tool isdetailed in the Cluster Guide. Althoughthe software has outstripped the guide insome places, this should not give theadministrator too much of a headache.

You should be cautious of following allthe sample configurations given withoutconsidering your options. The ClusterGuide recommends the activating of the“Relocate when preferred member joinsthe cluster” option for an Apache config-uration on page 126, but fails to mentionthat the relocating will drop any currentsessions. This causes active downloads tofail when the primary node rejoins thecluster after a failure.


Figure 1: Two mode failover cluster configurations require a dual channel SCSI RAID or fiberchannel solu-tion that can be accessed simultaneously by both nodes.

COVER STORYAdvanced Server test

Figure 2: The Master Switch AP9212 can switch eight power circuits individually. The integrated webserver provides administrator access to the management software via SNMP or telnet.

that the hardwareaddress of the clus-ter will change tomatch, and needs tobe accounted forwhen configuringswitches or routers,and also that redun-dant services willneed an IP addressof their own.

Hidden HeartbeatYou will need toconfigure at leastone heartbeat channel for the clusteroperations. The nodes use the heartbeatchannel to check how the other nodesrespond, if a node fails to update thetimestamp on the quorum partition.

The heartbeat channel is unused in thecurrent 2.1 Version of Advanced Server.Only the status output from “clustat” or“cluadmin” (Figure 5) shows you if theheartbeat channel is online or offline. Youcannot define any actions for these cases,and there was no sign of scripting access.Red Hat has stated that this feature willbe available in the following version.

The cluster software does not offer anyoptions for launching customized actions

on failure of a service or device. You canuse the status function in the services initscript only to implement a verificationfunction. The cluster software calls theinit script with the “status” flag set at pre-defined intervals and the Cluster Managerdetermines whether to restart the servicebased on an analysis of the return value.The administrator can specify whatdetails the status check covers. TheApache script, for example, checkswhether the daemon is running.

Relocate or bustBut don’t expect a failed status check tolaunch a “relocate”. If the script detects


The nodes use quorum partitions totransfer status information, for which nodetails are available. The partitions,which are about 10 MB and mounted asunbuffered raw devices, store statusinformation on the clusters and activeservices. You need to use separate RAIDpartitions for your data to provide theredundancy for individual services. Thenode that owns the process will mountthe partition assigned to the process.

Interrupted ConnectionsWe used an Active-Active configurationfor our Cluster comprising one machinewith an NFS drive as its primary node,and the other with an Apache web server.In this constellation one machine wouldtake over the service that had failed onthe other machine. Failover means therestoring of services of the failed node asquickly as possible, but this does notmean necessarily that active connectionswill be kept. Our clients could only con-tinue working unaffected by the failure ifthey were using connectionless protocols(such as NFS).

When a node fails over, the IP addressof the cluster service is assigned to theother machine. The address is thenbound to the network device responsiblefor the subnet by IP aliasing. This means

Advanced Server testCOVER STORY

Figure 3: In case of interrupted network services, the services cannot betransferred and therefore fail.

Figure 5: The cluster status can be queried using “clustat” or interactivelyusing the “cluster status” flag with cluadmin. The service section shows howthe services are distributed across the cluster nodes.

Figure 6: Although only the network connection to the second cluster nodehas failed, the power switch status is unknown. This effect also occurs if youhave not configured a power switch.

Figure 4: Both servers have redundant connections to disk system(s), but Red HatLinux Cluster Manager controls access.

LAN/WAN

App X

App Y

Failover

Heartbeat

Private

Failover

Data A

Shared FC Disk System

ApplicationServer A

BootDrive

BootDrive

ApplicationServer B

Data B

an error condition that would necessitateswitching to a backup system, you haveto launch this action using the “cluadmin– service relocate service” syntax. Thecluster server handled a total node failuregracefully; depending on the service theywere using, the clients simply had torepeat a file transfer process.

But a partial failure caused a wholebunch of unanticipated problems.Although the affected node did a cleanreboot after disconnecting the SCSI sub-system, there seems to be no way to dealwith a disconnected network cable.Although the heartbeat channel and theSCSI connection were both active, themissing network link between the twonodes meant that it was impossible torelocate a service to a backup machine:“cluadmin” kept on reporting errors (seeFigure 3). Figures 7 and 8 show ourattempts to relocate the service via theconsole.

While we were searching for the causeof this problem with “tcpdump”, wenoted that “clupowerd” continually talksto its neighbors via TCP/IP port 4004.The daemon seems to be responsible forpower switches and that would explainthe “unknown” status in Figure 6, wherethe network connection is down.

While relocating a service we noticedsome traffic between the nodes on port4002, i.e. the port the Cluster ServiceManager “clusvmgr” listens on. It seemsthat service relocations are negotiated viathis connection, and that means a failureis inevitable if the network connection isdown. We will need to check the sourcesto be sure, though, because we could not

find any man pages for the Cluster Tools,or any documentation anywhere else forthat matter. Even the “--help” switch onlyworked on rare occasions.

So Red Hats failover solution onlyworks as advertised in case of total sys-tem failure, and that is not our idea of ahigh availability solution. The remedywould seem to be a script that uses apower switch to power a node off. Or as acolleague put it “All we need is someoneto watch the machine and blast it with ashotgun if something goes wrong.”


COVER STORYAdvanced Server test

Figure 7: Following a failure of the network connection to “lab2”, there wasnot even a manual option available for relocating Apache to a runningmachine.

Figure 8: When a service needs to be relocated, the cluster software obviouslyattempts to contact the other node via Ethernet. A faulty route could take thecluster down.

Scope: 4 CDs, 2 manuals

Support: 12 months Red Hat Network andmaintenance

Basic: 12 months support for installation andconfiguration

Standard: 12 months all-in support, 4 hourresponse time (weekdays)

Premium: 12 months all-in support, 1 hourresponse time (24x7)

Price: US $800 (Basic), US $1,500 (Standard),US $2,500 (Premium)

Red Hat Advanced Server 2.1

[1] Red Hat: http://www.redhat.com

[2] Starline Computer: http://www.starline.de/produkte/easyraid/easyraid_x12/easyraid_x12.htm

[3] Easy-RAID X12: http://www.phertron.com/products/easyraid_x16/erx16_fc.htm

[4] Cluster-Guide: http://www.redhat.com/docs/manuals/advserver/RHLAS-2.1-Manual/cluster-manager

INFO

ConclusionAdvanced Server 2.1 is a tried and trustedsolution, that is in line for certification byhardware and software manufacturers. Ifyou need this and are also a faithful RedHat customer, the Red Hat flagship isyour only option. However, the highavailability features were not convincing.The cluster can only manage two nodesand despite the additional hardwareresources required it seemed incapable ofdealing with error conditions apart fromthe total failure of one server. ■


of mind, to make their own lives easy.Often the best option for them was tobuild a cheap old Intel box with Red Hat,configured as a Samba server or what-ever was needed. The reliability ofthe server meant that it justhummed away and no one evernoticed it, because it was nevera problem.

This was happening with oursmaller users and our enterprisemarket, that was the nature ofthe Open Source business.

The thing that has changed for ushas been the downturn in the economy.We’ve seen some of the investment banksand even retail banks taking a muchcloser look at the cost of infrastructure,when putting in new applications into

their mission critical computer systems.The demands for these systems arefundamentally different to the peripheralservers and, more importantly, they areprepared to pay, on a per server model,for the services they now require.

Can you explain how those demands change ?

There are a few key differences.One key thing, the support by

independent software vendors and theircertification around the platform, andpart of that is how we behave around ourproduct. This has been one of thechallenges as we started to engage withthe more mission critical enterprisemarket. We started to get feedback fromthem and when we would approach theISVs for certification, we would also getrequests. The nature of the request wasvery common, they would all say that theLinux companies were producingtechnology at such a fast pace that theycouldn’t keep up. They couldn’t andnever would want to update their systemsevery six months, the average turn

around for the release of a Linux distribu-tion, which was seen to be neededbecause of the development of Linux.This didn’t matter to the backroom guys,who could take the decision to upgrade

A

Q

What are the main opportunities forRed Hat in the coming year ?

We always knew that the market for Linux was getting bigger and

bigger, the question was how could wemake money from that growth as a Linuxprovider. You can see how the hardwarevendors benefit and the big softwarevendors too.

A lot of commentators would ask “Howdo Linux providers make their money”.They could see how money was madethrough selling boxes, training, support,but it was hard to see how they couldreally be successful, while, at the sametime, remaining true to the Open Sourceethics that Linux providers had built theirbusinesses on.

That was always the dilemma wefaced, being true to the open sourcecommunity and, at the same time beingtrue to the shareholders, especially forRed Hat, as a public listed company, wehave a responsibility to be financiallysuccessful. Quite a challenge.

The thing that has changed has beenthe adoption of the enterprise customers.Historically, the enterprise market wehave addressed has not been handledwith an enterprise capacity, both as avendor and also in the way they haveused our technology, which, often hasbeen in the back room, undercover,without any official endorsement, as mailservers, DNS server, web servers, edge ofthe network type services.

The customer could go down to PCWorld and buy one of our packages andgo and install it on as many servers asthey wanted. Many companies wouldalso put some people on Red Hat training,but the majority of the machines beinginstalled would not need mission critical,24/7 support, the customers wouldback-up their own machines, and so, RedHat wasn’t seeing any support revenues.

How does a company like Red Hatscale its business around this type

of business practises ?

We kept thinking that these servers must be more critical, if it is a big

name company, they must need supportand, it proved that they didn’t. Theservers being installed were by the back-room guys who were taking the decisionto do a Linux install for their own peace

A

Q

A

Q

We managed to catch up with Scott Harrison, Red Hat’s director for Northern

Europe, working out of Guildford in the UK. Scott has brought 15 years of

enterprise accounts management skills to Red Hat, having worked for Sybase

and Powersoft before that. BY COLIN MURPHY

Scott Harrison interview

Crystal Gazing

Scott Harrison, Red Hat’s director for NorthernEurope

“The main thing required by a Unix

Infrastructure Manager is stability.”


Red Hat interviewCOVER STORY


their distribution only if it offered some-thing they needed for the server tasksthey were running.

A Unix Infrastructure Manager has a fardifferent set of criteria. If he is thenresponsible for the ‘gate’ that everyserver has to step through in order to bedeployed in the datacenter as either anapplication or database server, he willwant to go through a checklist of items tomake sure it won’t cause a problem.Linux has only been on the outside ofthat ‘gate’ up until now. Now we have thesponsors in these big companies sayingthat they want to take Red Hat servers,the ‘gatekeepers’ have been saying “No –not unless you can show that you satisfyall of the things on my checklist.”

The main thing that is required by the‘gatekeeper’ is stability, of the versionand of the certification of that version.The ‘gatekeeper’ will only be looking formajor updates every 2 – 2.5 years. Theidea of having to do an upgrade every 6month is just too unpalatable.

How do you provide for this stability at Red Hat ?

We now produce two product lines, the standard package, Red Hat 7.3

at the moment, which, in turn will moveto version 8 and 8.1, 8.2, etc. Usuallythere is a major version number jumpafter x.2, so the next version after 6.2 was7.0. This will continue to be revised everysix months or so, as has been the case inthe past. The major change in versionnumber means that there has been amajor and fundamental change to thetechnology in that package. This meansthat by the time version X.2 has comeout, it will have been tested fully and bugfixed the most and will be the most stableand secure version.

New and separate from this is theAdvanced Server, which is only the firstin a line of Enterprise products. This isbased on the standard package of Red Hat7.2, and it is our expectation that the nextversion of the Advanced Server will bebased on 8.2, three release cycles, or 18months away. More importantly, for ourcustomers, we have committed tosupporting the Advanced Server productsfor a minimum of 3 years. As a result, thiswill also guarantee the support and thecertification from the 15 or so ISOs thatwe work closely with: Oracle, Veritas,

A

Q

BMC, and IBM Software, etc., who havecommitted to the platform and theircertification for it. After all, they had thesame problem keeping up with us withtheir certification schemes.

This is where we see the future of ourbusiness, because it is customers likethese that have been paying us the largestamount of money.

Have there been any advantages to the technology in Red Hat through

this certification process ?

Yes, because of the relationships built, we are getting much more

feedback from the ISVs. We now havededicated people in Red Hat who act as aconduit for the ISVs. TheISVs no longer just tellus that a product iscertified, but theymake suggestions asto how it could workbetter with theirproduct.

A case in point iswith Lotus Dominoand the number ofconcurrent users atany one time. 18months previously themaximum support was for 50 concurrentusers, but once we started getting feed-back, this changed to 400 and then to7,000 concurrent users very quickly.These were all little changes, but withoutthe feedback, we would have been nonethe wiser.

What is in the Advanced Server and how will you be charging for this

new service ?

The makeup of Advanced Server includes new technologies, like

clustering, thanks to having on board thedevelopers who originally worked onConvolo Cluster, which became MissionCritical Linux. We have also backportedsome of the version 2.5 Linux kernelfunctionality including asynchronous I/Owith the help of Red Hat kernel engineerslike Alan Cox. This helped to dramaticallyimprove the performance of products likeOracle 9i to the point where Oracle 9i onAdvanced Server is posting some industryleading performance benchmark figures.We are no longer in a catch up mode

A

Q

A

Q

with the Unix vendors in terms ofperformance, we have overtaken themand left them way back.

We will provide Advanced Server to themarket in a slightly different way to ourother products. We will ask people to signand accept an agreement with us for perserver installations for which we willcharge an annual subscription, whichincludes the provision of the media forinstallation and access to the Red HatNetwork. The Red Hat Network is theexclusive way customers will be able toupdate their servers. Accepting theagreement means that you can only useour product on the servers the customerhas paid for.

Added to this are three categories for

support. The Basic package, whichincludes the installation media and somebasic installation support is US $800 perserver per year. Adding on to the basicpackage support during normal businesshour will cost US $1,500 per server peryear and for 24x7 support, for those withcritical systems it’s US $2,500 per serverper year.

We have developed a model that meanspeople can derive value on each serverannually, which includes the mechanismfor updates and management through theRed Hat Network. They will now also beable to get the type of support that theenterprise market needs, including theservice level agreements.

We must make per server revenue tomake back the costs to us for all of thedevelopment work, like the cost of theISV engineers that have helped to gainthe certifications.

Because of the certification implicit inAdvanced Server, if the user has a bug ora problem with one of the ISVsapplications that they are using, thatvendor will be able to offer support

“For the momentwe will hedge our bets on

StarOffice, but we will mostlikely push forward

OpenOffice.”

COVER STORYRed Hat interview

always be a stumbling block, for whichStarOffice doesn’t quite meet their needs.

We have not actively tempted thatmarket, we have waited for them to cometo us. When they are looking for analternative, they are much more likely topass over some of the shortfalls that theLinux desktop might have, rather than uspushing the product to say it is acomplete replacement for the Microsoftdesktop. That way they are much moreopen minded.

Maybe in the next six months youshould see a formal commitment to aworkstation / desktop product in theEnterprise line, which will be forcustomers who are prepared to pay for us

to behave in a different way –getting certification for cus-

tomer, getting libraries fordevelopers, etc.

The big problem mostpeople have is the lack ofa Domino Notes client,and there is increasingpressure being put on

Lotus by their customers,to provide it.

Desktop migration can only be helpedby the stance that Microsoft haveadopted, treating their customers asbuckets ful of money that they can justdip their hands into. The way they canjust change a line in their licensing meansthey can just hoover up more money.People will start to look for viablealternatives.

Are there any big stumbling block that will hold people back from

migrating to Linux ?

The one key thing that is stopping the massive wave of movement

away from Windows is applicationavailability. This is the thing we found onthe Server platform, which is why westarted our ISV program, so they couldstandardize on one of our products fortheir server applications. Windows musthave the most amount of applicationswritten for of any other OS. As it standstoday, I can’t see the the average homecomputer user taking to Linux unlessthey are really enthusiastic.

Has OpenOffice and StarOffice 6 made much of a difference to aid in

the migration from Windows ?

Q

A

Q

I personally am still a user of StarOffice 5.2, so personally I can’t

comment on usability. But, some of thethings that Sun are doing aroundStarOffice 6 is one of the reasons why weare putting support into OpenOffice. Iunderstand that it is the corporatedecision makers that are behind the wayStarOffice 6 has been licensed.

We are going to put all of our effort andsupport behind the development ofOpenOffice. We don’t believe that Sun aregoing the right way about StarOffice 6. Ihave recently heard from some reportsthat Sun hope to make 60% of theirrevenue from software sales and that alarge proportion of this will be from salesof the StarOffice suite. That’s justbecoming another Microsoft and we don’tthink that that is the way it should go.

The concern is this is the thin end ofthe wedge, because, once you have alicense, and you have established that itis a licensed product, then it is just aquestion of how much.

The danger is what would happen ifSun created a large user base, with peoplelocked into the product, they becomeeasy targets for exploitation.

The hard thing for any company thathasn’t built their business model on opensource is getting their head around OpenSource. Red Hat , from day one, launchedits business as an Open Source company,while Sun is, fundamentally, aproprietary company.

Sun have seen that healthy softwarecompanies derive much greater profitsthan healthy hardware companies andthat software is probably a good place tobe. Now they are looking for the ‘killerapplication’ on Linux to improve theirposition further. Our view is that this isnot the way to drive it forward, what willhappen is Scott McNealy will become amini-Bill Gates.

For the moment we will hedge our betson StarOffice, but we will most likelypush forward OpenOffice.

As long as Sun continue to behave in aconstructive way, then all well and good.The great thing about Open Source is thatit does keep people honest. But there isenough skepticism about Sun to keep theOpenOffice development very healthyand lively.

What pressures can you put on companies like IBM to help bringQ

Abecause they know they are dealing witha known and recognized system. If theyare asked to solve a problem on anunlicensed machine, they will be muchmore reluctant, because they have noidea what is really on the machine, so theproblem could be coming from anywhere.

Do you still see a market for the desktop for Linux ?

Yes, Red Hat do still see a future for Linux on the desktop. As a Linux

company we have been big supporters ofthings like the Gnome project, partlyfearing the way that KDE suggested thatthey wanted to go proprietary until they

saw sense. But now we have two healthydesktop environments. We are also partof the Eclipse project which helps withdevelopment and helps to produce thetoolsets that developers need to produceapplications for the desktop. Eclipse alsohas support from IBM with some of itsJava tools.

We have been doing quite a lot tosupport the desktop, behind the scenes,mainly from within our Open Sourcedevelopment side of Red Hat. We haven’tyet felt that we can generate worthwhilereturns by producing a desktop specificproduct, so we have spent a lot of ourtime pushing the Advanced Server. Butnow, a lot of the companies that haveaccepted the Advanced Server model arenow coming to us for desktop solutions.Some of our big customers have actuallysaid that their ultimate goal is to have aMicrosoft free system. So, we are nowlooking with them for solutions tocorporate needs on the desktop.

They are finding problems with thechore of licensing issues and the need torun bloated software just to send anemail or write a few letters. 80% of theneeds for the corporate desktop areavailable now, there are those powerusers of Excel or Powerpoint that will

A

Q

“We see the competition not being the other Linux distributors,

but Sun and Microsoft.”


Red Hat interviewCOVER STORY


forward new versions of Java that willwork with code compiled with GCC 3.1 ?

Being part of the community we do a couple of things. We encourage

these people to bring out code that willsupport it.

Under our Red Hat Advanced Serverguise, the ISVs that we have a close rela-tionship with have accepted theresponsibility to bring out code that wecan certify against.

The other thing that we do, especiallywith companies like IBM and Dell, is toask them to release non-critical software,things like drivers, that we can look at, todetect any problems. They understandthe need for a working and compatibledriver to make sure they can sell thehardware that will rely so heavily upon it.We are encouraging the hardware andsoftware vendors to release as much asthey can, so that it can be betterscrutinized by all of the Open Sourcecommunity. So we bring pressure to bare.

LM: Do you think that this will increase, that these companies will

accept more of the open source ethic ?

They will release some of it. I think the challenge they face is that they

are a bit embarrassed by their code,because a lot of it gets rushed out and isquite badly written, especially whencompared against the flowing, selfdocumented code that the open sourcecommunity manages to generate. Weeven know of some cases where theyhave re-written the code before releasingit to the community just to make itmore presentable.

Sun are bringing out their own version of Linux. What will this do

to the market ?

Our understanding, what we’ve heard and been told is that Sun are

taking a version of Red Hat and justmaking a few modifications to it. If Sunare going to contribute resources andefforts and become a part of the opencommunity then we welcome that. Anyhardware vendor that produces their owndistribution, is that going to work in thelong run?

IBM must have had thoughts aboutbringing their own distribution out, I

A

Q

A

Q

A

think the reason they didn’t is because ofthe very things that were not in place,and only now addressed by our AdvanceServer products, a common platform, thatwill be certified by multiple vendors,including all of the hardware vendors. IfSun bring their own version out theywon’t benefit from this. What they willhave is Sun’s version of Linux, which is aRed Hat derived product.

I haven’t seen open commitment fromSun to say that they will do a lot of thedevelopment work, which would suggestthat all they are going to do is leach offthe work that Red Hat has done with thecommunity. Unless they are prepared toput in, then they are not going to be seenas a contributor and part of the Opencommunity. If they just take out, and linkto proprietary hardware then that is notgoing to be seen in a very positive light,by Red Hat or by anyone else.

Time will tell. The sensible thing forthem to do would be to work with theLinux distribution companies and saythat we want to certify out Intel or Sunbased hardware against this and workwith us, that way they would get thecertification.

For Sun, as a hardware vendor, to saythat they are going to bring out their ownversion of Linux flies in the face of whatis happening and evolving in the opencommunity today.

Sun is a company that is thrashingaround trying to figure out what has gonewrong, having had a terrible time in thelast couple of years. Part of their reactionto seeing the way that Linux is going is tosay that if we can’t beat them, we’llbetter join them.

But, if they are going to be takenseriously, they have got to join it in theright way.

What about UnitedLinux, how will this change the Linux world ?

Our view of UnitedLinux is that it was a reaction to the Red Hat

Advanced Server, crystallizing thethought of the other Linux distributioncompanies, that they were not beingtaken seriously and getting certified byapplication companies.

Our conception of Red Hat AdvancedServer came about through discussionswith enterprise users, like investmentbanks, and the ISVs that they use. With

A

Q

the virtue of being early with ourenterprise customers, who forced us tohave those discussions, we started todevelop our thinking about the enterpriseproducts. There was a year’s worth ofdiscussion and work before weannounced the Advanced Server.

Once this process had started, the ISVssaw that this was a far better model forthem to work with. So, when SuSE comealong to get their latest version certified,just six months on from the previousversion, I think the likes of Oracle andVeritas gave them the cold shoulder andtold them to work in a similar way to us.

Our understanding from the ISVs wasthat they were saying that Red HatAdvanced Server will be the onlyplatform we certify against because it’sthe only platform that is acting in anenterprise fashion.

Some of the smaller Linux distributioncompanies, like TurboLinux, might notever get certified again, because thereturns on investment were so small. Itjust wasn’t worth their time to go throughthe certification process.

SuSE, while being the next mostrespected distributor of Linux realizedthat they didn’t have the coverage inareas like the AsiaPac market, so apartnering with Caldera, Connectiva andTurboLinux would boost that coverage.

By bringing them together and unifyingthe code base, they now have somethingpresentable to offer ISVs for certification.

What we have is two enterprise versionof Linux, both now acting in a verysimilar way.

Do you see this as competition to Red Hat ?

We see the competition not being the other Linux distributors, but

Sun and Microsoft. We are very openabout all of the various Linux options andinvited them to take a look at the otherLinux vendors so that they can maketheir own mind up.

There is some healthy competitionbetween the Linux companies, but we allrealize that if we scrap about in the Linuxmarket that is available to us at themoment then we will not get anywhere. Ifwe were to do that we would be missingthe point, it’s the massive piece of piethat’s owned by Sun and Microsoft thatwe need to focus on and so all benefit. ■

A

Q

COVER STORYRed Hat interview

Tinkered is not how I would describe it. The strategy that we

settled on was to be as standard aspossible with everything else that is outthere. Linux has appropriate momentumof it’s own, and we have just fallen rightinto place with that. We are Red Hatcompatible, we have been running RedHat applications on our systems andhaven’t found any problems. We havesome Sun management tools, but we willbe following all of the standardmanagement interfaces.

The LX50 uses the standard RPMinstallation tools and we support all ofthe Intel hardware and software protocolslike IPMI. The interfaces will be familiarto anyone who has administered a Linuxsystem on x86 before.

How closely does Sun work with the Open Source community ?

We work very closely with theOpen Source community. We are

one of the biggest contributors of code tothe community. We have supportedproducts like OpenOffice, NetBean, theGrid Engine product and Gnome. Wehave contributed the NFS file systemand funded the NFS v4 port to Linux.We also funded the Blackdown Java

project. There are lots of others too. Weplan to ramp up our efforts with OpenSource even more.

Most of our Linux engineers from ourCobalt division are guys that are very wellconnected to the Linux and Open Sourcecommunity. These guys lead some of themajor driver and module projects that arebeing developed.

How much of the LX50 will remain proprietary ?

None of it will remain proprietary. We are following standard industryA

Q

A

Q

A

Linux, and that includes all of thepractices that come with it. We willrelease all of the code available and any-one can run it on suitable hardware. Wewill play by the rules.

Will Java ever be made open source ?

Ha ha! I can not answer that. Ha ha...

Will the Sun Fire servers become more compatible with products like

the LX50 due to the work that has beendone with LinCAT ?

We have a clear strength with the compatibility issues. LinCAT is a

product released around March of thisyear. We have a very comprehensiveLinux/Unix compatibility strategy. Wewant to be aggressive to the entry servermarket. By doing this we can bring someimpressive technology to bare. First: Ourworld class Unix – Solaris, available onSPARC and x86. Second: Our enterpriseready, standard Linux for x86. Third:Great Linux to Unix compatibility.

There are a couple of layers to how weensure this happens. Most important isthe Java layer. Writing to Java, the J2DEedition from the Sun ONE stack is ourway to ensure true cross platformindependence. Adhering to all thestandards like XML and SOAP. As theindustry matures, developers are writingfor these APIs, which are just one layer ofabstraction above the operating system.We will focus a lot of attention to makesure this becomes a standard. We willalso make sure that we have fullapplication compatibility between Linuxand Solaris.

What we also do is ensure good API, orsource compatibility between Linux andSolaris. We will build into Solaris, APIscompatible to those in Linux, so thatrecompilation stops being an issue.LinCAT is a code analysis tool. It allowsdevelopers to check for differences orproblems that might occur and helpscreate code that is source compatible.

We also have a package that ships withSolaris for x86 called lxrun that allowsyou to run the same binaries on thedifferent platforms. We have a lot ofengineering underway to ensure thiscompatibility. ■

A

Q

A

Q


What can you tell us about the new hardware for Sun’s BigBear Linux ?

The product’s name is going to be the LX50. It will be a 1U form factor

dual processor server. There will be morethan one configuration offered. It will bebased on the x86 architecture, so it usesIntel chips in the product.

Is there a reason why is it limited to just the one type of hardware ?

This is just the first announcement of our first x86 product, it’s by no

means the only product that we haveunder development. We acquired theCobalt Network organization almost twoyears ago now, the company has beenshipping Linux appliances based on thex86 architecture for almost 4 years. Thecompany is arguably the most successfulLinux systems company ever, havingshipped well over 100,000 units. We have acouple of different products in thatportfolio, the webserving type product

“RAQ”, used by lots of Internet ServiceProviders, telecommunications companies.

We also have a ‘customer premisesappliance’, the Qube – a neatly packagedinternet server. We also have the SunCobalt Control Station, used in managinglarge installations, usually made up of“RAQ servers”. All of these are based onx86 and do use the Linux OS.

Is it true that the OS with the LX50 is really just a standard Red Hat 7.3

that you have ‘tinkered’ with ?

Q

A

Q

A

Q

Jack O’Brien, manager of the Linux business office at Sun Microsystems, is the

man behind Sun’s new Linux strategy. BY COLIN MURPHY

Sun’s new Linux strategy

Dawn of an era

Sun InterviewREVIEWS

“We want to beaggressive to the

entry server market.”

At a press conference in SanFrancisco, Sun unveiled the LX50,an entry-level server using x86-

architecture. The system will bepre-loaded with Sun and Open Sourcesoftware, with a choice of Sun’s newenterprise-ready Linux or the Solarisoperating environments and a full suite ofsupport services.

The Sun LX50 includes fully integratedinfrastructure software, improvedmanageability, and the 7x24 support andprofessional services that most vendors’entry systems lack. The enterprise-readyLX50 server is aiming to lower the cost ofownership and to help to fill the securityand stability gap that other Windows andLinux systems leave wide open.

The new system tries to satisfy thecustomers’ needs to deploy infrastructureapplications – such as Web serving,firewall/VPN and streaming media –through a low-cost, scalable hardwareand Open source software.

A Software-Rich SystemThe Sun LX50 is the first Sun system tofeature Sun Linux 5.0, the company’senterprise-ready Linux operating systemoptimized for a 32-bit, x86 system. Sun

Linux 5.0 is based on the 2.4 Linux kerneland optimized for the Sun LX50 with astrong focus on stability, security, ease ofinstallation, the set up and remotemanageability. Sun Linux, similar toSolaris, includes optimized and testeddrivers. It easily integrates with Sun’sJava technology and the Sun ONEplatform and as expected is supported bySun’s own support services.

The Sun LX50 includes some valuablesoftware that aims to put the new server

into a league of its own for edgeapplications, compute farms, high-performance technical computing orcustom application deployment. Softwareapplications include: Java 2 SDKStandard Edition, Sun ONE ASP forLinux, TomCat (JSP), MySQL (Database),Apache (Webserver), WU-FTP (FTP),Sendmail (Email Server), Bind (DNSServer), Sun Grid Engine and SunStreaming Server.

Reliable HardwareThe Sun LX50 is powered by either sin-

gle or dual 1.4GHz Intel Pentium

processors in an industry standard, 1 3/4-inch (1U) high rackable server.

This new server can be managedremotely with ease using the Sun CobaltControl Station. This gives the Sun LX50horizontal scaling capacities on a massivescale. The browser-based Control Stationis designed specifically for large volumeserver deployments. It monitors thesystem health, evaluates performance,can determine the hardware inventory aswell as managing software provisioning.

To intregrate with other systemmanagement tools along with the SunManagement Center, the Control stationuses standard SNMP interfaces. TheControl Station is aimed at customerswho need to control and manage racks ofLX50 servers out of the box.

As the new system was announced,Sun also gave information on a new suiteof training, support and consultationpackages for both Sun Linux 5.0 andSolaris on the x86 architecture. This cancater from the replacement of parts toproblem solving and the creation ofsoftware patches.

Sun is aiming to be a complete systemprovider for all the customer’s needs forits Linux 5.0 and Solaris systems. Theglobal service portfolio includes mission-critical operating environment support, a3-year hardware warranty, an onlinesupport center, Web-based andinstructor-led training, and integrationand consulting services.

Partner SupportBecause Sun has used open standardsbased architecture, Independent SoftwareVendors (ISVs) will find it easy to addand intergrate their products. This in turnwill increase the applications for the LX50while in return give the ISVs a new lowcost server platform for their growingcustomer base. ■


REVIEWSSun LX50

Scot McNealy announced that Sun Microsystems will bring their commercial

systems know-how to the low-cost, entry level server market with a new Linux

based system that brings together industry-leading software and system

design. BY COLIN MURPHY

A new day with the

Rising Sun

Sun’s LX50, an entry-level server using x86-architecture

The Sun LX50 starts at UU $2,795 for asystem with one 1.4GHz CPU, 512MBmemory and 36GB SCSI disk.A system with two 1.4GHz CPUs, 2GB RAMand 36GB SCSI disk sells for US $5,295.Sun Cobalt Control Station from US $4,999.More information see www.sun.com.

INFO

“Gnome continues to gain momentum,we needed a forum where the developersand corporate partners can come togetherto coordinate the continued developmentof Gnome. The support of these industryleaders will help us to achieve our dreamof building a free, easy to use desktopenvironment that will be used by millionsof people.” said Miguel de Icaza, founderof the Gnome project.

The development of the desktop is notreally enough, you need programs andapplications to run on that desktop.Gnome can boast a broad range ofapplications that are designed to run ontop of the desktop. They work with otherdesktops too, but some of these are soubiquitous that you can easily forget theirpedigree and what the ‘g’ in front of theirname really stands for. Even if you donot, by default, use Gnome, it is verylikely that you will have used at least oneof these applications.

GaleonGaleon is a web browser, and only a webbrowser, something the developers arevery proud of. They value the principlesof simplicity and compliance. It calls onthe Mozilla rendering engine, but gives amuch cleaner user interface, for bothclarity and speed.

GripThe Gnome ripping tool, used for takingtrack from audio CDs when you want toconvert them into MP3 or Ogg Vorbis filesfor more convenient management on acomputer. The Gnome site described it asa mature product.

NautilusThis is the file browser that you will mostlikely use to look through and manageyour files on the desktop. Customizableand themeable, this underpins the resolveof the Gnome developers to produce a


There are those who can, quitehappily, do all of their day to daytasks, working from nothing more

than the command line starting andstopping services, monitoring processes,reading and writing email and even thecreation of text documents. It’s a case ofwhat you are used to,

The desktop, for a lot of people, is theirinterface to the computer, rightly orwrongly. Taking such a fundamentalposition, it’s not too surprising that thereis great respect and consideration givenover to deciding ‘the best’ desktop to use.

The Linux community is blessed byhaving a choice the users of other, lessersystems, are not so lucky. There are twomajor players, KDE and Gnome, as wellas others, such as Enlightenment, whodeserve a mention but are rarely seen asheadline items in the packaging of thevarious distributions.

Here we are going to look at the Gnomedesktop, the default desktop for Red Hatinstallations and some of the productsthat go with it.

Gnome – the desktopIn Linux’s formative years, the KDEdesktop was the leader of the pack. Basedon the Qt toolkit, by TrollTech, develop-ment for KDE required a more restrictedlicense than the GPL.

Red Hat did not value the restrictivelicensing and refused to ship KDE withit’s products, deciding instead to shipwith a young upstart of a desktop system,Gnome. All this was back in 1998, muchhas changed since, especially with thelicensing issues for the Qt developmenttools, but Red Hat have stood by theirprevious decision and have remainedloyal to Gnome, sharing much of theresponsibility and development.

The development ball was set inmotion, but the creation of ‘The GnomeFoundation’ in 2000 was really to give itmomentum. It is made of organizationsand industrial leaders, including IBM,Sun, Compaq and the likes of Red Hatand VA Linux, who pledged allegianceand support for the Gnome project.

In this article we present highlights of the Gnome desktop and of Ximian, the

company that grew up around it. BY COLIN MURPHY

What is Gnome?

Gnomeward Bound!

Gnome 2 & XimianREVIEWS

Figure 1: The default GNOME desktop from a SuSE 8 distribution

coherent desktop. It has real power in theway developers of third party applicationcan add to the range of features. In oneinstance, Nautilus has been configured toact as a front-end for the gPhoto program,which is another gnome application.

GnPangnPan is a network news reader, similarin design to programs like Agent andGravity on MS Windows. The recentdevelopments in gnPan have included thefacility to download multi-part messages,including those encoded with ‘y-enc’ aswell as the more traditional but band-width wasting ‘uuEncode'. GnPan is also

the only Unix newsreader to get a perfectscore on the Good Net-Keeping Seal ofApproval report.

Gnome 2Gnome is about to make a big change.Gnome 2 is available for download, but,so far, no major distribution has yetincluded it.

Because of the long development cyclethat the Gnome project has built arounditself, the development team have beenable to include a range of features thatwill improve the usability of the product,and also the performance. Time andeffort have also been spent on improvingways to help with the development ofapplications, by building a powerful newframework for the developers to work in.

The graphical element of the desktophas had much work done on it. One ofthe most criticized points about the Linuxdesktop is the lack of antialiased fonts,which, in some cases, can make textunreadable, certainly unpleasant, to lookat. Gnome 2 will put an end to this, butnot at the expense of performance, theuser will be able to configure how theantialiasing will work and even be able tolimit its effect to certain sizes of fonts.

Gnome does have an annoying flicker,especially notable when dragging a sidebar. This is to be cured in Gnome 2.

Enhancing the desktop icons hasimproved both their readability as well asfunctionality, giving visual clues to thestatus of the task attached to that icon.Eye candy, the somewhat unkind name


REVIEWSGnome 2 & Ximian

MENUS & PANEL• Menus scroll when they get too big• Smarter menus accommodate diagonal mouse movements• Dialogs• File selector will retain the original file name when changing directory• New Run Program dialog with command completion• Text fields include right-click menus for cutting, copying and pasting

textTHEMES• New stock icons and color palette• Support for themeing of stock icons• CD Player and login screens are now themeable• Applications• Redesigned and easier to use Search Tool• Brand new lightweight help application,Yelp• Control center applications for controlling Gnome 2 properties have

been greatly simplified and reduced in number

Improvements for Gnome 2

Figure 4: Galeon with its clear and open user interface

Figure 2: When you need to take tracks from anaudio CD, Grip is the tool to use

Figure 3: Highlighting its power and flexibility, here is nautilus being used as a front end to gPhoto

gnome.org/projects/gup/hig/draft_hig/Uindex.html

The more invisible the user interface isthe more productive it will be. The usercan get on with their work rather than geton and work the interface. They have alsorealized the need for the graphical shell,where everything a user needs to do canbe done in the one place.

Speed, or lack of it, has been anothercriticism of Gnome, along with it being amemory hog. Work has been done on thistoo, a boon to users of lower specsystems. It has been reported that

Gnome 2 can be installed and run on amachine with a P2-233 processor and aslittle as 96MB of RAM. It should be notedthat minimum suggested requirementsfor Gnome 2 are a P400 processor with atleast 128MB of RAM.

The usability features are being madeas widely accessible as possible, withGnome drawing up another policy fromthe Gnome Accessibility Project.

Accessibility is enabling people withdisabilities to participate in substantiallife activities that include work and theuse of services, products, and gaininginformation. Gnome Accessibility isdefined as the suite of software servicesand support in Gnome that allows peopleto utilize all of the functionality of theGnome user environment.

The last major feature to mention is theinclusion of the XML libraries, libxml2,providing access to a complete andstandards compliant mark up language.

Because of the many and fundamentalchanges that need to be made to haveGnome 2 running on existing installa-tions, people may prefer to wait untiltheir distribution releases an upgrade.

It is possible for a user to try out thesystem for themselves, but it is not a‘friendly’ upgrade path. The level ofdependency on other packages and onnew libraries proves to be the hardesthurdle to clear. Once you find a decent setof installation instructions you will havesomething to follow, and, thankfully,karubik.de/gig/2.0 has now appeared.


given to the efforts of the developers togive their product some instant wow!factor, is often belittled by the power user,who might see this as a waste of effort,even at the expense of performance. Eyecandy does play an important part in theinitial acceptance of a desktop, especiallyfor new users. Gnome 2 will have morepower to produce eye candy, if the userwishes it. Images will now be placed ontothe desktop backgrounds with full alphachannel support, this will enable the useof transparent, and semi-transparent,icons and other desktop features.

There will be some people who mightmoan the loss of some function orfeature, but the developers have realizedthat the rot was starting to steep in anddecided to put their foot down, before itwould go through the floor. You will nowbe able to see, at a glance, all of thenecessary features that make a desktopworthwhile, rather than have to hunt andpick through myriad features, many ofwhich you didn’t even know what theydid, let alone use.

With the realization of how clutteredGnome had become for the user, theyrealized just who they were developingfor. To prove Gnome’s usefulness, it hadto be used, not just developed. With thisnew approach in mind a set of HumanInterface guidelines was drawn up, withthe aim of making sure that the featuresand applications were consistent in theirapproach. For details see developer.U

Figure 5: gnPan, Usenet news browser, viewing images made from multi-part messages


Figure 6: Gnome 2 desktop in action

Ximian backgroundXimian grew from the success and thepopularity of the Gnome project. Lots oftalented architects and engineers weredrawn to the efforts of this Open Sourceproject, with its obvious commitment toOpen Source ideals. The project was nowdeveloping more than just the desktop,more developers were coming on boardproducing essential desktop productivityapplications for UNIX, Linux and otherfree systems.

The creation of Ximian, in October1999, offered a unifying framework forthe developers to build under, in order tohelp improve the tight integrationbetween the desktop and application. Ithas also helped bring about other opensource products, a development tool basefor Gnome, and a range of user servicesto aid in installation and upgrade.

Ximian has also allowed others in theindustry to adopt Gnome more readily astheir desktop of choice. August 2000 sawthe partnership form with companies likeSun Microsystems, IBM, Red Hat, HP,SuSE and others with the creation of theGnome Foundation. This now allows forfull co-operation and communicationbetween some of the biggest players inthe market. In turn, this allows forstronger and more robust development ofcore technologies vital to make Linux acompetitive product. This is best high-lighted by the recently announced MonoProject, a community initiative todevelop an open source, Linux-based,

version of the Microsoft.NET develop-ment platform.

Range of productsGnome still remains the core product ofXimian. Under the Ximian umbrella it canboast more than 500 software developers,of which more than 100 are full time, paidemployees. The unpaid volunteer force isanother example of the project’s appeal tothe Open Source community. Ximianengineers sit on the board of directors ofthe Gnome Foundation, and Ximian has aseat on the project’s Advisory Board aswell. The Advisory Board is comprised ofleading computer manufacturers andsoftware vendors, including IBM, Sun,HP, Red Hat, SuSE, and others.

EvolutionXimian Evolution is an applicationoffshoot from the Gnome tree.

Ximian Evolution is a very powerfulinformation management applicationsuitable for both personal and workgroupuse. It allows you to bring together all ofyour day to day information needs, email,calendaring and meeting scheduling,contact management and online tasklists. Evolution has a good set of featureswhich will help you to organize yourpersonal data into a convenient form.One unique feature is that of vFolder,which are virtual folders with which youcan create and save powerful contextualviews of your email messages. The valueof your information is only realized when

you manage to pass it on to someoneelse, so, with Evolution you have power-ful collaboration software that connectsLinux and UNIX users to the morepopular corporate communicationsarchitectures. You will find support for allof the most useful communicationstandards, allowing you to exchange datawith users on different platforms. Theseinclude SMTP, SMTP/Authorized, POP,IMAP and others.

Migration is a big issue, and if youwant to start using Evolution, you willwant to make sure you can get at your oldemails and alike. You will find that youcan import mailboxes created withNetscape, Outlook Express, UNIX mbox,Eudora and other email managers.

There is also support for peer-to-peercalendaring, where you and yourcolleagues can share dates and times in aseamless fashion. This even works withother applications on different platforms,so long as they conform to the iCalendarstandard, which happens to includeMicrosoft Exchange and Lotus Notes.

Addressbook details are handled by thepopular LDAP protocol with support forvCard as well. This should ensure thatexchanging personal information withother users is easy.

ConnectorXimian Connector builds on top of theusefulness of Evolution by giving youaccess to that most important of facilities– connection to the Microsoft Exchange2000 servers. With Ximian Connectorinstalled, Ximian Evolution will functionexactly like an Exchange 2000 client, butwithout the crashes. This will then enableyour users to access their email, personaland group calendars, address books andtasks lists from existing companyExchange 2000 servers. Therefore youhave a route should you be looking toupgrade away from the Microsoft desktopbut rely on access to Exchange.


REVIEWSGnome 2 & Ximian

Figure 7: Ximian Evolution

A recent development that takes the worryand stress away from installing RPMs which,on installation, complain that they needsome dependancy fulfilled. Apt4rpm will,quietly, go away and resolve all of thesedependency issues, downloading therequired packages if need be. For Detailsplease see linux01.gwdg.de/apt4rpm

Apt4rpm


The needs of the corporate user aresomewhat different, with practical man-agement systems being a priority. RedCarpet CorporateConnect provides acentralized updating function. This alsoincludes the facility for administrators todistribute their own in-house applicationsto their users, with speed and efficiency,through the Red Carpet interface.

From an on-screen list of recentlyupdated or added packages, the user canchoose which ones to take, as well ashaving the option of removing any thatare no longer serving their purpose. RedCarpet then controls and monitors theinstallation and manages any packagesdependencies that might arise as a result.

Red Carpet offers various third partychannels from which to take softwareupdates from, in association with theXimian Red Carpet Partner Program.

Ximian DesktopWith Ximian Desktop, you receive a

tightly integratedpackage of Gnomeapplications withthe Gnome desktop.It is a completedesktop package,and should beconsidered as abusiness solutionfor those looking fora unified corporateworkstation. In thestandard edition,which is availablefor download or forpurchase on CD forconvenience, you

receive all of the applications that makefor a productive workstation. Officeproducts such as AbiWord andGnumerics will cater for your word andspreadsheet processing, Evolution willprovide your email and informationneeds and Galeon will allow you tobrowse the internet.

For the corporate user, Ximian alsoprovides a Professional Edition, which,most notably, includes Star Office 6.0from Sun.

Support packages and structures arealso available, ranging from web based‘community’ support to ‘Corporate GoldSupport’ which has telephone supportand software maintenance agreements.

The futureThe Ximian Desktop, which grew up fromthe Gnome project, makes for a completedesktop solution, which as some Linuxcritics would have you believe does notexist. Red Hat and other distributions arenow realizing that Linux can offer acompetitive and complete desktopsolution, especially for their corporatecustomers and they are just starting tocommit themselves to the support andthe further development of this as amarket leading product. ■

Red CarpetThe developments for Linux can comequick and fast. New versions and newapplications appear daily. The good sideto this is we get lots of things to playwith, the down side is that it can be anightmare to administer, if your onlyconcern is keeping up with the securitypatches. Ximian Red Carpet is a softwaremanagement tool that will simplify andeven automate all of the challenges facedby managing a Linux system, includingversion control, system updating andpackage conflict resolution.

If you have a fast connection to theinternet then Red Carpet Express wouldbe of interest to you. Here you are pro-vided with high-bandwidth access toXimian applications plus third partysoftware for faster and automated instal-lations and updates. Most appealing toupdate freaks and to lesser mortals whostill like to see new applications asquickly as possible

Figure 8: Ximian Connector showing folders Figure 9: Ximian Connector calendar

Figure 10: Red Carpet manages the installation and updating of software

Gnome & Gnome 2: www.gnome.orgXimian: www.ximian.comGaleon: galeon.sourceforge.netgRip: www.nostatic.org/gripNautilus: nautilus.eazel.comgPhoto2: www.gphoto.orgGnPan: pan.rebelbase.com

Links to the projects


on and to other packages. This featureensures perfect integration of the newsoftware, and allows you to remove itcleanly from your system, if required.However, the format is not used by anyother distributions (except distributionsbased on Debian).

Similarly, you will experience somedifficulty if you try to install RPM format-ted packages on Debian. Of course, thereis normally no need for this, as Debianincludes a variety of packages, and mostnew programs are quickly made availablein the .deb package format. But if you dohappen to need to install a third partyRPM package, you can rely on alien forsupport.

The simplest syntax for alien on thecommand line is alien package.rpm. Youwill need to have superuser (root) access

to convert a package, if not, the followingerror message will be displayed:

Must run as root to convert to U

deb format (or you may use fakeU

root).

After successfully completing the conver-sion, alien issues the following message:

transpluto:~# alien mypackage.U

rpmmypackage.deb generated

Before installing the package, you checkwhere the components have been storedby typing dpkg -c. dpkg --info mypack-age.deb which provides details of thecharacteristics such as version number,dependencies, or even a description of


Alien is a Perl program and requiresPerl Version 5.004 or better. Youcan call perl --version from the

command line to discover what version isinstalled on your machine:

huhn@transpluto:~$ perl U

--versionThis is perl, v5.6.1 built for U

i386-linux

To create RPMs, you will obviously needto install the Red Hat Package Manager([1]). If you use apt to install Alien, anydependent packages will be installed atthe same time:

transpluto:~# apt-get install U

alienReading Package Lists... DoneBuilding Dependency Tree... DoneThe following extra packages U

will be installed:debconf-utils debhelper html2U

text librpm4 rpm The following NEW packages willU

be installed:alien debconf-utils debhelperU

html2text librpm4 rpm 0 packages upgraded, 6 newly U

installed, 0 to remove and 156not upgraded.Need to get 1320kB of archives.U

After unpacking 4260kB will beU

used.Do you want to continue? [Y/n]

Press the [y] key to confirm and Debianwill get on with the job. Just one morenote before we get down to the nittygritty: Alien is still under development(this includes the latest version 8.12), i.e.occasional errors may occur. So beforeyou start converting really importantpackages such as init or libc with thistool, it is a good idea to find out if yourDebian version already has the softwareyou need in Debian package format.

From .rpm to .debA Debian package(.deb suffix) contains arange of information about dependencies

Alien is a program designed for converting packages in third party formats to

the format required by your own distribution for installation purposes.

The tool runs on most major distributions and can handle various package

formats. In this month’s article we will be looking into the topic of converting

“alien” software to known package formats with Debian. BY HEIKE JURZIK

Alien

Debian Goes Extraterrestrial

AlienKNOW HOW

NASA

the software. If you intend to install thepackage, you may want ensure that theinstallation will succeed under your realconditions. To test this you need to typedpkg --no-act -i mypackage.deb, then thesystem will let you know if it finds anydependency issues. Everything OK? Nexttime you can omit the --no-act option, andinstall the package without prior checks.

If you are sure that you want to installthe package without a prior check, youcan set the following Alien flag whenconverting the package -i (or the longform: --install):

transpluto:~# alien -i U

mypackage.rpmSelecting previously deselectedU

package mypackage.(Reading database ... 53783 U

files and directories currentlyinstalled.)Unpacking mypackage (from U

mypackage.deb) ...Setting up mypackage (1.0.3-1) U

...

No errors occurred during conversion andinstallation, but you may still want to

ensure that Debian can handle the thirdparty package. To do so you can typedpkg -s mypackage. The command lineoutput should be something along thelines of Status: install ok installed. By theway: You can type dpkg to deinstall anypackages you have installed. If you usethe -P option (abbreviation for --purge),you not only deinstall the software, butyou also remove the configuration filescompletely. A simple command, such asdpkg -r mypackage (for --remove) willonly remove the package, leaving all thesettings under /etc intact.

And vice versa?Of course, you can use alien to createRPMs from Debian packages. To do so,use the --to-rpm parameter:

transpluto:~# alien --to-rpm U

mypackage.debmypackage.rpm generated

You can now install this package onthose distributions based on RPM. Iferrors occur when you call rpm -imypackage.rpm, the error may be to dowith unresolved dependencies.

In contrast to Debian based systems,where apt will automatically perform acomplete installation of the requiredpackages, you will need to install theRPM packages manually (see [2]).

Alien will also allow you to create tgzpackages (parameter -t or --to-tgz) forSlackware, or pkg packages (parameter -por --to-pkg) for Solaris. In addition, alienwill not only run on Debian, but there is aversion for RPM based systems. This toolgoes by the name of alien-extra – forinformation and binaries see [4]. Ofcourse, conversions of this kind cancause issues. You will often need librariesand discover that you either have thewrong version or do not have the libraryat all. So it makes sense to first check andsee if the package is included in your owndistribution before you start installing“alien” software on your machine. ■

KNOW HOWAlien

NOTICE THE DIFFERENCE in price

between our server and the competition?

You don’t need a degree in economics to

notice the cost savings. At nearly half the

price of Dell, our Teramac 110 1U

rackmount server represents excellent

value. Factor in a faster processor, more

memory and more storage, and you can

save even more.

At Digital Networks, we specialise in

servers, storage, workstations, desktops

and notebooks designed specifically for

Linux use. Unlike our competition, we

offer Linux pre-installed on all our

hardware – completely free of charge. We

offer Red Hat, Mandrake and SuSE, plus

Microsoft Windows as well.

Visit www.dnuk.com and find out why

corporate customers, small and medium

businesses and most UK universities

choose us for their IT requirements.

Prices correct as of 18/7/02. Please check www.dnuk.com and

www.dell.co.uk for current prices.

DNUK DELL

Teramac R110 PowerEdge 350

1U rackmount server 1U rackmount server

Intel Pentium III 1.20GHz Intel Pentium III 1.0GHz

512MB RAM 512MB RAM

80GB 7,200RPM ATA disk drive 80GB 7,200RPM ATA disk drive

Red Hat 7.3 pre-installed Red Hat 7.2 pre-installed

3 years on-site warranty 3 years on-site warranty

£800 + VAT £1539 + VAT

NOT ROCKET SCIENCE

Digital Networks

INTEL 1U RACKMOUNTLINUX SERVER

[1] http://www.rpm.org/

[2] http://rpmfind.net/

[3] http://www.kitenet.net/programs/alien/

[4] ftp://ykbsb2.yk.psu.edu/pub/alien/

INFO


POV-Ray, the “Persistence Of VisionRaytracer” [1], is a unique raytracing program. But its command

line interface has caused users occasionalheadaches as the number of parametersare quite confusing. The following articleintroduces a couple of tools that help youoptimize the power of POV-Ray byprompting you for critical parameters andlaunching the rendering process at thepress of a button. Two of the candidatesoffer far more than just simple front-endfunctionality and provide you with aWYSIWYG display for creating complexscenes on screen.

The other programs will unfortunatelymean you tackling the POV-Ray scenedescription language. Box 1 describeshow to install the raytracer. We tested allour candidates with POV-Ray 3.1 and thebrand new POV-Ray 3.5.

The CandidatesOur test candidates are Peflp and tclPov,which were programmed in Tcl/Tk, andtheir GTK counterparts gPov, PovFront,and Truevision. The KPovmodeler toolrounds off the field. Some of these front-ends are no spring chickens. OnlyKPovmodeler and Povfront are still beingregularly updated, but bugfixes for all theprograms mentioned here are publishedat irregular intervals.

These tools aim to save you typing inthe POV-Ray commands – either byprompting you for them in a dialog or bymeans of sliders, however, the offeredfunctionality by the individual programsis varied: Peflp, gPov and tclPov onlyoffer common options. If you intend todelve deeper into POV-Ray's treasuretrove, you might like to consider PovFrontinstead. KPovmodeler and Truevisionstand up to comparison with Windowsfront-ends for the ray tracer. The decisivefactor is their ability to help the user tocompile scenes without prior knowledgeof the POV-Ray scripting language.

PeflpPeflp, the “POV-Ray Front-End For LazyPeople” requires both a pre-installed

POV-RayKNOW HOW

Front-Ends for POV-Ray

Well renderedPOV-Ray gives you the power to create beautiful virtual worlds and the right

front-end makes the tool easy to use, at the same time reducing development

time and increasing the fun factor. BY FRANK WIEDUWILT

Tcl/Tk environment and the ImageMagicktool collection to convert pre-renderedscenes. Installation is simple, just expandthe peflp074.tgz archive and su to root tocopy the program file peflp to a directoryin your path, for example /usr/local/bin.

If after typing peflp & the programcomplains about not being able to findthe defaultstamp.gif file, simply copy thisfile from the peflp archive to the~/.peflp/stamps directory (you may needto create the directory prior to this step).When you first launch the program, youare also prompted to enter the path toPOV-Ray.

The POV-Ray file you want to render isone of the most important parameters, ofcourse. Additionally, you can choose the

resolution (Figure 1) and opt to use AntiAliasing or define quality features for theimage you are creating. The optionMosaic Preview allows you to view a lowresolution image of the result that will begradually enhanced.

You can choose Settings / GeneralOptions to define the editor that you wantto use to edit your POV-Ray files whenyou click Edit. You can also specify theprogram you want to use for convertingthe rendered images and the directorywhere you will be saving your work.

It is also useful to render a smallthumbprint, or Stamp. Peflp offers thisoption in the lower part of the screen.This allows you to gain a first impressionof the lighting and composition withouthaving to wait while a full-scale image isrendered. You can use the preview toselect a part of the image that you want torender in a higherresolution – justclick on Partial todo so.

Peflt is a program without a lot of bellsand whistles that does exactly what itpromises: that is, it simplifies the POV-Ray interface. However, this is not theprogram to choose if you want to finetune a rendered scene; the feature set isfar too small.

tclPovThe archive file, tclPov-0.4.1.tar.gz, isonly a few kilobytes in size. It contains aninstallation script install.sh, that you canrun (as root) in the directory where youexpanded the archive. You will beprompted for an installation directory(/usr/local/bin/tclpov makes). The filesyou need to run the program are thencopied to the directory you specified.


KNOW HOWPOV-Ray

Figure 1: Peflp

Figure 2: Peflp rendering a file Figure 3: Tclpov

The archive containing the current Povrayversion 3.5, povlinux.tgz, is available on theproject website [1] . Use the followingsyntax to expand the archive tar -xzvfpovlinux.tgz or alternatively a program suchas ark or guitar. After changing to thedirectory created by this process, povray-3.5,call the install script by typing ./install – youneed to be root to run the script. This copiesthe required libraries to /usr/local/lib andthe executables s-povray and x-povray to/usr/local/bin. s-povray uses the svga libraryand does not need an X Window system;x-povray was design for use with X.

Finally, working with user privelges, copythe file povray.ini from /usr/local/lib to.povray.rc in your home directory:

cp /usr/local/lib/povray.ini~/.povray.rc

Box 1: Installing PovrayWYSIWYG: The “What You See Is What YouGet”model requires that the on-screendisplay closely resembles the final (printed)output.Home directory: A directory used for storingfiles and configurations for a user.The shellcan abbreviate the home directory to ~.Tcl/Tk: Tcl is a scripting language that (incombination with the TK GUI toolkit) can beused for developing GUI programs.GTK: A C program library containing the GUIelements that was originally written for theimage processing tool, Gimp.Path: The PATH environment variablecontains the directories in which the OS willlook for programs or scripts allowing the userto omit the path.

GLOSSARY

POV-RayKNOW HOW

A short online help describes how touse the program and explains all of thesettings you need for POV-Ray.

gPovgPov from the gPov-0.1.2.tar.gz archive isalso by the developer of tclPov. Theinstallation of this C program keeps closerto home ground: after pre-installing boththe GTK library and the accompanyingheader files, run the make command inthe gPov-0.1.2 directory to create the newprogram. While logged on as root, simplycall make install. You can then launch theprogram by typing gPov & (Figure 4).

Again an integrated editor is available,but in this case do not expect too manyfeatures, not even syntax highlighting.

You are prompted for the renderingparameters, but only for critical valuessuch as the quality, anti-aliasing andimage size. You can save any files youcreate in jpeg, bmp, png, or gif format.

The program dropped to the bottom ofthe division due to its instability, andoccasionally crashing with a memoryaccess error after clicking on a button.

PovFrontFollowing this disappointment, it is timefor a far more fully featured program:PovFront. In addition to the Gimp toolkitPovFront requires the libgtkglarea library.After expanding the source archivepovfront-1.3.5.tar.gz), use the ./configuresyntax in the newly created povfront-1.3.5

directory and then type make in a shell tocompile the program. In our tests wedemonstrated that the program was farmore stable when compiled withoutGNOME support. To do this you need toset the --disable-gnome:

./configure --disable-gnome

flag when launching the configurationscript. You can use the third program inthis group make install to finally installthe program – you need to be root to doso. The povfront & syntax calls the GUIshown in Figure 5.

PovFront provides far more settingsthan any other program we have lookedat so far. The options are available viatabs in the lower part of the main screen.The Output tab allows you to select theimage size, the output format and thesection that you want to render. Use theQuality option to select the quality andcolor depth for the image and to select ordeselect anti-aliasing. Use Library todefine the paths to the libraries whichcontain the elements that POV-Ray willneed to access.

Click on the Render button to start theray tracer. A separate window allows youto view the current state of the image.You can then click on Abort the last job tocancel the last rendering job or the Jobcontrol will open a window with a list ofthe jobs POV-Ray is currently performing.What is missing is an integrated editor


You can launch the program using thefollowing syntax:

/usr/local/bin/tclpov/tclpov &

If the bad interpreter message is shown,this means that the program could notfind the Tcl interpreter wish8.3: it shouldbe in /usr/local/bin. Just type whichwish8.3 to quickly discover where thewish8.3 is hiding. Then working as rootcreate a suitable link, such as

ln -s /usr/bin/wish8.3 U/usr/local/bin/wish8.3

Some users might find the tclPov GUIslightly over the top (see Figure 3), butthe (albeit simplistic) editor that youcan use for scene “programing”, fillsmost of the screen. And the SyntaxHighlighting feature should make yourjob easier.

Use the Options menu to select settings(such as the resolution and anti-aliasing)for the rendering process. This menu alsolets you convert the rendered image intoa variety of graphic formats.

Figure 4: gPov

Figure 5: PovFront

Syntax Highlighting: This refers to an editorhighlighting commands, comments and anyvariables in a program language by usingvarious colors.

GLOSSARY

that would allow the user to open POV-Ray files for easy editing. Povfront wasnot exactly stable during all our tests andit often issued memory access errors justbefore crashing the program when weclicked on certain buttons.

KPovmodelerThe tools we have covered so far wereuseless without POV-Ray scene files beingcreated elsewhere. KPovmodeler goes afew steps further, providing both a front-end for the POV-Ray command andallowing you to compile scenes.

The program website only offers thesources at present – you will need tocompile the KDE software yourself. Youwill need a current version of Qt 3.0.xand the kde3-kdelibs package as well asadditionally the OpenGL, glut, glx, andglu libraries plus headers.

Before compiling, you need to expandthe source file archive. Type tar -xzvfkpovmodeler-0.2.tar.gz to do so and thenchange to the directory, kpovmodeler-0.2,and type the folowing commands in thisorder: ./configure, make, and (again asroot) make install. After completing thesesteps you can run the program by typingkpovmodeler in a shell (Figure 6).

The upper screen area of the programcontains some toolbars that provide

access to functions for the scene creationand rendering. Below the toolbars and onthe left you will see a tree view showingthe objects that belong to the currentscene. The area on the lower left allows

you to edit the selected element. Thelower right area provides four differentviews of the current scene.

KPovmodeler is not just for editingexisting POV-Ray files, it also helps yoube creative while defining new scenes. Allof the major geometric elements areavailable. Various surfaces and structurescan be applied to them. A selection ofbackgrounds is also available. After youdefine a scene you can click on View /Render in the menu to start rendering theimage with POV-Ray. The results will beshown in a separate window (Figure 7).

The KDE Modeler provides you with auseful menu item, Settings / ConfigureKPovModeler, where you can define theindividual settings, this is where you willwant to define screen colors and startingsizes for the objects you will be inserting.

The program is suitable for creatingcomplex scenes and provides you with auseful interface for inputing objects –even going through the list of features isbeyond the scope of this article. You cancreate and modify scenes without writinga single line of POV-Ray code. Althoughthe version we tested was only 0.2, theprogram was extremely stable and did notcrash once during our test series.

The authors are looking for help withthe program documentation. As soon as


KNOW HOWPOV-Ray

Figure 7: KPovmodeler has completed the rendering process – the output window shows the results

Figure 6: Main working screen of KPovmodeler

POV-RayKNOW HOW

available objects. Here you can click onCreate to insert the selected object. Materials provides you with a list of thepre-used materials, where you can opt tocreate your own surfaces or select anavailable patina. The Edit page showsyou the characteristics of the selectedobject and provides ample opportunityfor fine tuning.

There are fewer textures available thanin KPovmodeler, but you can still createinteresting models. Editing individualobjects means toggling back and forthbetween various tabs, and that can beextremely time consuming if you areworking on a complex scene.

Again, Truevision turned out to besomewhat unstable and crashed whenwe tried to save a scene. And that meantthat all our work had been to no availwith the program being unable to loadthe files we had saved up to that point.Unfortunately, the program also lacks anonline help or a manual. Although youcan create and edit scenes, this programis so complicated that the initial learning

curve will be very steep without externalassistance.

SummaryFor producing the occasional POV-Rayscene, Peflp is definitely a good choice, asit is stable, clear and easy to use.PovFront offers all the settings that aPOV-Ray user could possibly wish for.The program tends to crash at irregularintervals, which makes productive useimpossible. GPov and tclPov both have anintegrated source editor that you can use for scene creation, however, ourimpression was that both programs needsome polishing.

KPovmodeler and Truevision areequally suited to scene compilation. Yourlearning curve will be fairly steep, as theyboth lack a manual. KPovmodeler wasjust a nose in front on the stability stakesand is thus highly recommended. ■


this becomes available KPovmodeler maybe the solution for visual rendering taskson Linux.

TruevisionTruevision, which requires GTK andGNOME, is already firmly established inthis niche. The program website containsa source archive ( truevision-0.3.10.tar.gz)that you can expand using the followingsyntax: tar -xzvf truevision-0.3.10.tar.gz.As usual follow the installation trinity,./configure, make and make install in theexpanded source directory to compile andinstall the program – you will need theheader files, of course. After followingthese steps, you can type truevision & tolaunch the program.

The graphic user interface contains nounpleasant surprises, providing a menuand toolbar in the upper area, variousviews of the model on the lower left. Thedialog boxes for inserting and editingindividual objects are available via thetabs on the lower right (Figure 8). TheCreate tab leads to a tree view of the

Figure 8: Main Window in Truevision

[1] Povray: http://www.povray.org/

INFO


KNOW HOWPOV-Ray

Program Peflp tclPov gPov PovFront KPovmodeler Truevision

Author Xavier Bourvellec Chris Hammer Chris Hammer Philipe P. E. David Andreas Zehender Vincent le Prince

License GPL GPL GPL GPL GPL GPL

Website mogzay.multimania.com www.nasland.nu/tclpov.php www.nasland.nu/gpov.php perso.club-internet.fr/clovis1 www.kpovmodeler.org truevision.sourceforge.netInstallation

Source tgz x x x x x x

rpm - - - - - -

deb - - - - - -

Additional Libraries Tcl/Tk Tcl/Tk GTK GTK, optionally GNOME 1.4 Qt, KDE 3.0.x (1) GTK, libgtkglarea,GNOME 1.4

Interface language English English English English English English/Other

Functionality

Integrated Text Editor - x x - - -

Integrated Preview x - - - - -

Store and ConvertFinished Image x x - x x x

Graphics Editor - - - - x x

Help

Online Help - x - - - -

Manual - - - - - -

(1) KDE Version 3.1 will include KPovmodeler as part of the kdegraphics package.

Table 1: Overview of Povray Front-Ends

Figure 9: Complex scenes comprising a large number of elements can be created in KPovmodeler and rendered in POV-Ray

that it has been supplied with. Thedynamically-configured host is now readyto participate normally on the network.

The server can pass on more than justthe parameters of the host’s networkinterface. It can store a wide range of net-work related information, including thelocal domain name, addresses of DNSservers, routers, WINS servers and muchmore. It is entirely up to the DHCP clientsoftware how much of this is then used toconfigure a host.

LeasesWhen a DHCP server assigns an IPaddress to a host it is not a permanentallocation. The server has available a

pool of addresses to which it grantsleases. A lease has a set lifespan andmust be renewed before it expires if thehost is then to retain the same IP address.Typically, DHCP client software willattempt to renew a lease once it ishalfway through its lifespan and willrepeat the attempt at regular intervalsuntil it is either successful or the leaseexpires, after which time a new leasemust be requested.

This leasing model allows you to havea pool of addresses smaller than the totalnumber of hosts to be connected, if youknow that only a certain fraction of thosehosts are likely to be connected at anyone time.


The first three articles in this seriescovered all the basics of configuringLinux boxes as network hosts. The

emphasis throughout has been on usingcommand line tools and editing the textconfiguration files. If you have read allthree articles you will know that networkconfiguration on Linux boxes is actuallyvery simple.

However, as your network grows itbecomes an increasing chore just to keepall those configuration files up to date,particularly if you make significantchanges to the structure of your network.Add a nameserver to your network, orchange the IP address of a gatewayrouter, and you will have the task to editthe configuration files on each and everynetwork host.

Life would be much easier if it were onlypossible for your computers to fetch theirconfigurations from a central source. Notonly would it make the job of setting upnew machines easier but you could makenetwork design changes centrally andhave them propagate to all your machines.Laptops, PDAs and other transient devicescould be connected to your network andconfigure themselves automatically.

The good news is that it is possible,using the Dynamic Host ConfigurationProtocol. This article will show you howto set up DHCP both on the server andclient sides and how you can update yourDNS information dynamically when IPaddresses are assigned through DHCP.

OverviewWhen a dynamically-configured host isfirst connected to a network it has no IPaddress nor any notion of the local sub-net address, netmask etc. So it sends abroadcast request for configurationdetails. If there is a DHCP server on thelocal subnet it sends a reply, allocatingthe host an IP address and passing on anyother network configuration parameters

A simple guide to configuring Linux networks from the command line.

This final article in the series shows how to use DHCP to configure network

hosts dynamically. BY BRUCE RICHARDSON.

Linux Networking Guide: Part 4

DHCP

Many NICs come with their MAC addressprinted on a label on the card. Another wayto find the MAC address is to configure anetwork interface for it (by, say, getting it totake a dynamic address from DHCP) andthen running ifconfig. In the details returnedby ifconfig, the MAC address for each config-ured card is given in the HWaddr field.

Finding a Network Card'sMAC Address

DHCPKNOW HOW

It is also possible to associate, usingDHCP, a fixed IP address with a particularhostname and/or network card (whichlatter option, since network cards tendnot to flit from device to device, has theeffect of associating the IP address with aspecific piece of hardware). So if theDHCP client specifies a hostname in itsrequest or if the request originates from anetwork card with a specific MACaddress, then the associated fixed addressmay be returned.

Choice of Lease LifespanDHCP client software may specify a leaselifespan when requesting a lease but theserver can have both a default lifespansetting for requests that don’t specify anda maximum setting that overrides anyrequest for a greater span. The value youassign to these settings will be significantin the effect on your network.

Firstly, setting a shorter lifespan willmean more frequent renewals and somore DHCP-related noise on the network(as well as making your network morevulnerable to a failure in your DHCPserver).

Secondly, it is only when you renewinga lease that the client software checks forother network configuration details. So ifyou set a seven day lease and then give anew set of name server addresses to theDHCP server, it will then typically take atleast three and a half days for thatinformation to propagate throughout thenetwork.

So sysadmins are typically faced with atension between the optimum networkperformance and the propagation speed,which only time, experiment and experi-ence can resolve.

The Science BitDHCP requests and replies are sent usingUDP. The server listens on port 67, theclient on port 68.

Some Drawbacks to DHCPWhen using DHCP on your network,there are certain questions introducedabout the reliability and security. On thereliability side, if your DHCP server failsthen your entire network may just grindto a halt. MS Windows workstations areparticularly bothersome in this situationand will assign themselves a new addresson a reserved subnet, a feature calledAutomatic Private IP Addressing.

More seriously, the DHCP protocolmakes no provisions for security. When aDHCP client sends a broadcast request itaccepts the first reply it gets. A maliciousperson could then subvert hosts on yournetwork by connecting a laptop runningits own DHCP server. This isn’t quite ascalamitous as it sounds, since queries areonly sent out by newly connected hostsor those which haven’t been able torenew an existing lease. Your only protec-tion is to run some kind of IntrusionDetection Software such as Snort.

One particular possible security holearises with fixed IP address assignments(as described in the Section calledLeases). If no MAC address has beenassociated with the assignment then theDHCP server has no way of verifying thatthe requesting host has any right to thehostname it specifies. So it is wise alwaysto specify a MAC address where practical.

Because of these issues, it isn’t wise tohave your servers configure their networkinterfaces through DHCP. Leave that foryour workstations and configure yourservers manually. Otherwise, your entirenetwork will be vulnerable to attack.

The DHCP ServerIn this article I will be using the server soft-ware that is available from the InternetSoftware Consortium, which is over-whelmingly the most commonly used onLinux. It should be available as one of yourdistribution’s core packages or you candownload the source from the ISC website[1]. On the website you will be able to findsource for versions 2.x and 3.x. Examplesgiven here will work with either.

ConfigurationThe DHCP server has one configurationfile, whose default location is /etc/dhcpd.conf (you can specify a differentfile at runtime by passing a parameter onthe command line). An example is shownin the DHCP Server Config boxout. Asyou can see, each line is terminated by asemi-colon, sub-options are containedwithin braces.

First come the global options. The leaselifespan (measured in seconds) has herebeen set to one day. There follow settingsfor the local domain name and and DNSservers. The subnet-mask global optionprovides a default for any subnet whichdoes not have a netmask specified in itsown declaration.

Next we have some subnet declarations,each giving specific options for a subnetto which this machine is connected. Thefirst two declarations each allocate arange of IP addresses to the pool for thatsubnet and also give the router IP address.The third subnet declaration is empty,indicating that the server will not respondto requests from that subnet.

Important: There must be a subnetdeclaration for each subnet for which the


KNOW HOWDHCP

# /etc/dhcpd.conf#

# Option definitions common to U

all supported networks...default-lease-time 86400;max-lease-time 86400;option domain-name U

"example.org";option domain-name-servers U

192.168.10.1, 192,168.10.5;option subnet-mask 255.255.255.0;

# Options for each subnetsubnet 192.168.10.0 netmask U

255.255.255.0 {range 192.168.10.101 U

192.168.10.200;option routers 192.168.10.1;

}

subnet 192.168.11.0 netmask U

255.255.255.0 {range 192.168.11.51 U

192.168.11.90;range 192.168.11.200 U

192.168.11.254;option routers 192.168.11.1;

}

subnet 192.168.12.0 netmask U

255.255.255.0 {}

# Options for specific hosts U

host marx {hardware ethernet U

00:08:20:81:77:82;fixed-address 192.168.10.51;

}

host engels {fixed-address 192.168.10.52; U

34 }

DHCP Server Config

happens, copy the backup file back todhcp.leases and restart the daemon.

Each record in the leases file recordsthe start and end date/time, MACaddress, hostname (if given) and IPaddress. This can be of use either to otherapplications or to your own scripts. Oneexample is given in the Section calledDynamic DNS Updates.

Configuring the ClientFor a Linux box to configure its networkinterfaces using DHCP, it requires a DHCPclient. The two most commonly used arepump, a simple client developed by RedHat, and dhclient, a fully featured clientfrom the Internet Software Consortium.

Both work in the same simple way:when the client is run it sends out a seriesof broadcast requests until a valid reply isreceived. The client then configures thenetwork interface and other parametersspecified by the DHCP server, after whichit runs as a daemon in the background,sending renewal requests as necessary.

Both of the clients can be configuredfurther to specify how they use the datareturned to them by the DHCP server andto run a script on the granting or renewalof a lease.

pumppump doesn’t support the full range ofconfiguration options that can be passedthrough DHCP and isn’t as flexible asdhclient but is adequate for most set-ups.It is the default DHCP client for many ofthe distributions and there should be apackage available for you.

Once installed, configuring an interfaceusing pump can be as simple as this:

/sbin/pump -i eth0

Which will set pump to managing eth0.As soon as it successfully obtains a leaseit will configure the interface.

You can modify pump’s behaviour bypassing it further command line options

or by editing its configuration file,/etc/pump.conf. The example file shownin the Pump Config File boxout tellspump not to rewrite /etc/resolv.conf if itreceives DNS configuration informationwith the lease for eth0 and to run theuser-written script /usr/local/sbin/dhcpwhenever a lease is granted, renewed orreleased. The script is passed the action('up', 'renewal' or 'down'), IP addressand interface name as parameters.

dhclientUsing dhclient to configure an interface isjust as simple as pump:

/sbin/dhclient eth0

You can also modify dhclient’s behaviourby editing /etc/dhclient.conf, though inmost cases it will function perfectly wellwithout a configuration file. The optionsfor dhclient configuration are much morecomplex and flexible than pump, as weshow in the dhclient Config File boxout.

The global options specify firstly thatdhclient should try to obtain a lease for60 seconds before giving up and secondlythat it should wait a further 30 secondsbefore trying again.

The interface declaration sets optionsfor dhclient to use when obtaining leasesfor the eth0 interface. In this case,dhclient should identify the hostname as“marx”, request an hour-long lease andadd 127.0.0.1 to the list of name servers itreceives from the server. The requestoption specifies what informationdhclient should ask for and the requireoption tells dhclient to reject entirely anyresponse which doesn’t include a subnetmask and list of name servers.

It is possible to have dhclient run user-defined scripts when either obtaining orrenewing leases but as this is a morecomplex affair than with pump youshould read all the man pages that comewith the dhclient package before youattempt this.

Your distribution will have a dhclientpackage and you can also get the sourcecode from the ISC website (see the Infoboxoutat the end of this article).

Doing it the Easy WayThankfully, you rarely need to botherwith any of the above complexity, norwith running the DHCP client yourself. Inall the major distributions you simply


host has a configured network interface,unless the server was set at runtime toonly listen on specific interfaces (see theSection called Running the Server). In thelatter case there must be a declaration foreach specified subnet.

Finally, some host declarations, whichspecify fixed IP addresses for particularhosts. The first declaration specifies aMAC address and so will allocate the IPaddress to any request coming from thatnetwork card, whether or not the requestincludes the “marx” hostname. Also incontrast, the second declaration meansthat 192.168.10.52 will be assigned to anyrequest including the “engels” hostname,even if an existing lease has already beengranted to another machine using thesame name.

Caution – Any fixed IP addressesassigned in host declarations must not befrom within ranges that have beenassigned to subnet pools.

Running the ServerYou can launch the server directly fromthe command line, as in this example:

/usr/sbin/dhcpd -cf /etc/dhcp/U

dhcpd.conf eth0 eth1

In this case the daemon has been told touse an alternate configuration file and tolisten only on interfaces eth0 and eth1.

In practice, however, you are best tostop and start the daemon by using theinit scripts provided with the package. OnDebian, for instance, you would restartthe daemon thus:

/etc/init.d/dhcp restart

If you wanted to pass extra parameters tothe daemon you would have to edit/etc/default/dhcp. If you are usinganother distribution, please consult yourdistribution’s documentation for details.

The daemon must be restarted for anychanges to the configuration file to takeeffect.

The Lease FileThe DHCP server keeps a record of thecurrent leases in a text file (on Debianthis is /var/lib/dhcp/dhcp.leases, with abackup called dhcp.leases~. The daemonreloads it on start-up and will fail if itcan’t find it (which can happen if thedaemon fails at a crucial point). If this

DHCPKNOW HOW

# /etc/pump.conf

device eth0 {nodns

}

script /usr/local/sbin/dhcp

Pump Config File

have to specify in the network config filesthat an interface should use DHCP. Whenthe network interface is brought up (forexample using the ifup command), thenetworking scripts will use whichever ofthe clients is installed.

In the Example Interface Config Filesboxout you can see an example of howthis is done on Debian and Red Hat.

Dynamic DNS UpdatesHistorically, one drawback to configuringnetwork hosts dynamically has been thattheir details are not stored in DNS. TheDNS standard now, however, includes amechanism for sending updates to a DNSserver. This makes it possible to update

your DNS records to reflect the leasesgiven out by your DHCP server.

In configuring your network for DDNSit is possible for the DHCP server and/orthe client to send the updates to the nameserver and then to use secure keys forprotection. For simplicity’s sake, thisexample allows only the server to sendupdates and does not use security.

Configuring BindThe first step is to configure your nameserver to allow dynamic updates. ForBIND 8.x, this can be done as shown inthe BIND Configured for DynamicUpdates boxout. In this case, the BINDconfig file from the previous article in thisseries has been modified to allow updatesto the main domain. The alteration is

simply the two allow-update directives,which tell the respective forward andreverse zones that they should acceptupdates from 192.168.10.6 (the address ofthe DHCP server).

Configuring DHCPD 3.xIf you want the DHCP server to do theupdates itself, you need version 3.x. Youshould add the following options todhcpd.conf (altering the values to suityour own network):

ddns-domainnameU

"example.org";ddns-update-style "interim";deny client-updates;

zone example.org. {primary 192.168.10.1;

}

zone 254.10.168.192.in-addr.U

arpa. {primary 192.168.10.1;

}

The primary setting gives the IP addressof the name server to send the updatesto.

Working with DHCPD 2.xIf you have DHCPD 2.x then the DHCPserver itself cannot perform updates.There are alternatives, however. StephenCarville has written some perl scriptsthat can be used to monitor thedhcpd.leases file and send updates usingthe nsupdate binary from the BINDpackage [2].

EndnotesThis article, the last in the series, hasshown you how to set up a DHCP server,how to configure workstations usingDHCP and how to set up dynamic DNSupdates. The four articles should provideyou with all the information you need toset up simple Linux networks. Hopefully,they also provide enough tasters to makeyou ambitious to try greater things withyour systems. ■


KNOW HOWDHCP

# /etc/dhclient.conf

timeout 60;retry 30;

interface "eth0" {send host-name "marx";send dhcp-lease-time 3600;prepend domain-name-servers U

127.0.0.1;request subnet-mask, U

broadcast-address, routers,U

domain-name, U

domain-name-servers, host-name;require subnet-mask, U

domain-name-servers;}

dhclient Config File

Debian config file:# /etc/network/interfaces

auto loiface lo inet loopback

auto eth0iface eth0 inet dhcp

Red Hat config file:

# /etc/sysconfig/U

network-scripts/ifcfg-eth0

DEVICE=eth0ONBOOT=yesBOOTPROTO=dhcp

Example Interface Config Files

# /etc/named.conf

options {directory "/var/cache/bind";

};

zone "." {type hint "/etc/bind/db.root";file "/etc/bind/db.root";

};

zone "internal" {type master;file "db.internal";allow-update {192.168.10.6;};

};

zone "0.0.127.in-addr.arpa" {type master;file "db.root";

};

zone "10.168.192.in-addr.arpa" {type master;file "db.10.168.192";allow-update {192.168.10.6;};};

BIND Configured for Dynamic Updates

[1] ISC DHCP tools: http://www.isc.org/products/DHCP/ [2] Stephen Carville’s DHCP-DNS: http://www.heronforge.net/~stephen/DHCP-DNS/dhcp-dns.html[3] Secure DDNS HOWTO: http://ops.ietf.org/dns/dynupd/secure-ddns-howto.html

INFO

root for this limit. You can apply quotasto complete partitions (forexample /dev/hda4), oras an alternative referto the correspondingmountpoint, that is,/home in this case.

Setting Group QuotasFollow the samepattern to set groupquotas. You can also usethe following syntax to applythe same limits defined in our previous example to the members ofgroup users:

quotatool -g users -b -q 50M -lU

70M /home

And this is how you define the graceperiod:

quotatool -u -b -t "1 week" U

/home

The parameter -t "1 week" is critical. Thefollowing alternative units of time areavailable: sec, min, hour, day, andmonth.

You can only set two grace periods pertype (user quota and group quota): onefor the block limit and one for the inodes.So you will not be able to define differentgrace periods for two members of a groupwhose home directories are in the samepartition. And that is why you do notneed a user name for the parameter -u inthe previous example – the time limitsyou set, apply to everyone.

However, the grace period can beextended on request. Imagine that theuser Hugo needs an extension of the soft

limit, because the limit of one week is tooshort. After bribing the Admin (with alarge drink – Admins are only humanafter all), Hugo might ask his residentconnoisseur to type the following

quotatool -u hugo -b -r /home

and thus extend the grace period. Thisdoes not mean a week’s extension, butsimply resets the grace period. The userwill be happy and the Admin can takecare of more important business – likefinishing off that drink, for example. ■

Charly’s columnSYSADMIN


Adisk quota restricts the hard diskspace on a (file) server for a useror group. There are two distinct

limits: the soft limit that may be exceededfor a certain time period, and the hardlimit that may not be exceeded under anycircumstances. When a user hits thislimit, the system will refuse to performwrite operations in the restricted area,instead presenting the user with a quotaexceeded message. The period duringwhich overusage is tolerated is referred toas the grace period.

You must first ensure that your kernelsupports quotas, if you want to activatethem, i.e. the kernel must be compiledwith the quota-support: yes flag set. Inaddition, you will need to set theusrquota or grpquota parameter for thecorresponding mountpoint in /etc/fstab,for example:

/dev/hda4 /home ext3 U

defaults,usrquota,grpquota 1 1

The following tools are used for quotaadministration: quota, quotaon, quotaoff,quotacheck, repquota and edquota. Toocomplicated? Sure, but luckily there is aneasy way to go: Quotatool[1]. QuotatoolVersion 1.2.1 is currently available forLinux, Solaris and AIX. A tarball of thetool is available and after expanding it,compilation should be child’s play, if youjust keep to the standard: ./configure;make; make install.

And this is how you set a quota for theuser hugo’s home directory:

quotatool -u hugo -b -q 50M -l U

70M /home

The -b parameter indicates a block limit.You can replace -b with -i to set an inodelimit. The -q 50M entry sets the soft limitto 50 Mbytes, and -l 70M sets the hardlimit to 70 Mbytes. Finally, you need toindicate the mountpoint that will be the

From time to time you might hear that disk quotas are outdated, but views

like this normally come from people who have never had the dubious pleasure

of maintaining a server with a few hundred users that collect MP3 files.

BY CHARLY KÜHNAST

Quotatool: The Sysadmin’s Daily Chores

Part Taker

Charly Kühnast is aUnix System Managerat the datacenter inMoers, nearGermany’s famousRiver Rhine. His tasksinclude ensuring fire-wall security and availability andtaking care of the DMZ (demilitarizedzone). Although Charly started out onIBM mainframes, he has been workingpredominantly with Linux since 1995.

THE

AUTH

OR

[1] http://devel.duluoz.net/quotatool

INFO

SYSADMINAPT

Debian’s Advanced Package Tool

Packmanexperienced users. Obviously a newalternative was required, a tool that couldperform the same tasks as dselect but stillprovide ease of use.

Version 2.1 (alias Slink) of Debian sawthe introduction of APT, the AdvancedPackage Tool. Just like dselect, APT is afront-end for dpkg and should not be seenas a replacement for the Debian packagemanager dpkg. In contrast to dselect youcan use the APT syntax to manage dpkgfrom the command line. The tool will

provide a home for a collection of usefulprograms designed to handle multipletasks: apt-get installs and removes thepackages, automatically removing anyprevious dependencies, while apt-cache isideally suited to browsing package lists,and apt-zip allows you to keep computersthat are not attached to the Internet up todate without too many headaches.

This article first looks into the basicfunctions of APT, and shows you how touse apt-get and apt-cache for your daily

Although the Debian’s packagemanagement program, dpkg isquite powerful, at times it tends to

provide its users with too little support –just like rpm. For example, the Debianpackage manager does not allow you toremove dependancies between packages,and you will not find a mechanism forautomatically updating previouslyinstalled software.

The first attempt to resolve these issuesdates back to the Debian Version 0.93 R6with dselect providing an interactivefront-end for dpkg. dselect then laterdeveloped into a genuine all round toolthat removes package dependencies,updates pre-installed packages (ifrequired) and generally provides a wholebunch of use functions.

But as the functionality and thus thenumber of packages in Debian increased,dselect became increasingly much morecomplex – with usability issues even for

SYSADMINAPT

49

United Parcel Service of Am

erica,Inc.

APT is a powerful front-end for the Debian GNU/Linux package manager dpkg.

This article shows you how to use APT for daily tasks. BY MARTIN LOSCHWITZ


SYSADMINDebian APT


If you intend to use CD ROMs as yourinstallation source, you simply have toplace the CDs into your CD ROM drive,ensuring that you keep to the correctsequence, type apt-cdrom add as root,and then let the program take care of allthe remaining steps.

Sources ListYou may not be able to avoid some of themanual editing of the sources.list file.Before you start, you should familiarizeyourself with the syntax (see Listing 1 foran example). Each line conforms to thefollowing syntax:

Type URI Distribution [Cat1] U

[Cat2] ...

There are two types available: deb (forpre-compiled packages) and deb-src (forthe package sources). The Uniform Resource Identifier, URI,contains the home directory of thedistribution, and also a reference to theposition of the required files, the options

being: a local file system (file), a CD(cdrom) or the Internet via http or ftp.The Distribution column is intended forthe path to the source relative to the basedirectory you supplied. Normally this willbe a directory called stable alias potato(containing the stable Debian versionprior to release), testing alias woody (thecurrent test candidate for the next stablerelease – refer to the box “Stable, Testingand Unstable”) or unstable alias sid (thedeveloper version).

Users who prefer a secure system arerecommended to use the list entry forsecurity.debian.org. This ensures thatsecurity patches are automaticallyapplied when you update a package. Thesystem administrator can then defineeither a single or multiple categories ofdistribution packages that can be selectedon installation (as an example main forthe packages belonging to the basicdistribution or the categories or contriband non-free referred to earlier).

After modifying /etc/apt/sources.list toreflect your requirements, you can usethe apt-get update command to updatethe package database. If the file containsftp or http URIs, the local package data-base will be synchronized with thepackage lists on the official Debianservers. If you are performing a CD ROMonly installation, then you will not needthis update.

If you need to use a proxy server toupdate your package database via theInternet, the http_proxy and ftp_proxyenvironment variables will make yourlife easier for you. The download protocol

work. It goes on to introduce three moreprograms, namely – auto-apt, apt-file,and aptitude – that are not part of theAPT package itself, but extremely usefuladd-ons. Table 1 shows an overview ofthe most important functions of all theprograms belonging to the APT suite.

Package SourcesJust like dselect, APT refers to an internaldatabase of information on the wholerange of packages that are available onthe system. With respect to the packagedatabase apt-get is probably the mostimportant tool in the whole APT group. Itensures that your package lists are keptup to date.

But apt-get can do far more than simplymaintain the package database – the toolcan also offer an intelligent downloadmanager, an all round talent that candownload packages from givenaddresses, ensures that any dependenciesare complied with and hands over thepackages to the Debian package manager,dpkg, where they will be installed.

You will need to perform some simpleconfiguration tasks to maximize the powerof apt-get. Use the /etc/apt/sources.list fileto type the source path of the so-calledindex file that apt-get will later use togenerate the index database. You canalternatively use: • a normal text editor (vim, emacs, nano),• the apt-setup program and• the apt-cdrom program (if working with

CD ROMs).The apt-setup menu is shown in Figure 1.When prompted, you can say yes to bothof the questions on non-free and contribsoftware. According to Debian, a softwareprogram is non-free if it contravenes theDebian Free Software Guidelines[1]. Thecontrib is reserved for programs that arefree themselves, but depend on softwarefrom the non-free category.

deb ftp://ftp.uk.debian.org/debian stable main non-free contribdeb-src ftp://ftp.uk.debian.org/debian stable main non-free contribdeb ftp://ftp.ticklers.org/debian-non-US stable/non-US main contrib U

non-freedeb-src ftp://ftp.ticklers.org/debian-non-US stable/non-US main U

contrib non-freedeb cdrom:[Debian GNU/Linux 2.2 r0_Potato_-Official i386 Binary-1 U

(20000814)]/ unstable maindeb http://security.debian.org stable/updates main contrib non-free

Listing 1: sources.list-Example

Figure 1: Defining source paths for installation packages. apt-setup helps the root user to create the APT configuration file /etc/apt/sources.list.

APTSYSADMIN Debian APTSYSADMIN

SYSADMINAPT


in sources.list defines which of theseoptions you will need to set. If your proxyserver’s address is 192.168.0.20 and theport number is 8080, then type in thefollowing to set the http_proxy variable inbash or zsh:

export http_proxy=U

"http://192.168.0.20:8080"

If you are using an FTP proxy, then yousimply assign these values to theftp_proxy variable instead of http_proxy.

Of course, http_proxy and ftp_proxy arenot only available in apt-get for theupgrade function, they can be used forany other task that requires apt-get toaccess the Internet.

As previously mentioned, apt-get is anexcellent choice for the installation andremoving of the software. To install apackage the root user simply types theapt-get install packagename command.apt-get will then check to see if therequired package is in the package data-base, and if the dependencies withrespect to pre-installed packages can berespected. If required, missing packages

will be downloaded from the mediumspecified in /etc/apt/sources.lists andpassed to the package manager (dpkg),for installation. Listing 2 shows us suchan example.

If the recently installed package (libdb-music0-dev in our example) does notfulfill all of your expectations, the rootuser can use the command apt-get withthe remove keyword to remove the roguepackage and any that depend on it. If youthen use apt-get remove packagename todeinstall a package, you may find that afew files belonging to the package cannotbe deleted.

Files in the /etc directory are tagged asconfig-files, for example, and cannot beremoved by a simple deletion process.This avoids destroying any of the settingsyou may have made. To make sure that apackage has been completely removedfrom your computer system, you willneed to use apt-get with the --purgeoption.

The complete syntax, which is used fordeinstalling the libdbmusic0-dev packageis thus apt-get --purge remove libdbU

music0-dev.

Changing Versions WithoutHeadachesOne apt-get feature that you may well beinterested in is the ability to upgrade thecurrent distribution on your ownmachine using the apt-get upgradeoption. A variant of this functionality(apt-get dist-upgrade) will be particularlyconvenient when the next Debian ReleaseVersion 3.1 (alias Sarge) becomes avail-able, allowing you to avoid the trouble,time and frustration often involved withinstalling new versions.

To update your musty Debian Potatoinstallation to Woody, you must first edit/etc/apt/sources.list. You need to replaceeach stable or potato with woody, forexample, the previous entry

deb ftp://ftp.uk.debian.org/U

debian stable U main non-free U

contrib

would need to be changed to

deb ftp://ftp.uk.debian.org/U

debian woody U main non-free U

contrib

for the update. If you prefer to use thecurrent packages and are prepared to takethe risk of possible instability, you caneven type sid to replace woody.

The next step is to synchonize the localpackage database with the package listson the official servers using apt-getupdate. Of course, all of these steps willwork just as well if you are using CDROMs. In this case you can simply use theapt-cdrom command to insert the packagelist contents on the CD ROMs into thelocal package database and then launchapt-get update.

After updating the package database,type the apt-get dist-upgrade command.apt-get will then compare the versions ofthe pre-installed packages with the newversions in the package database. If theprogram discovers that the new packagedatabase lists a more recent version thanthe one actually installed on yourmachine, it will automatically downloadand install the package.

You may notice that the commandapt-get dist-upgrade has downloadedsome packages, but dpkg cannot installthem correctly, since some packages thatthey depend on are missing. In this case,

<0>minerva[1003]:~# apt-get install libdbmusic0-devReading Package Lists... DoneBuilding Dependency Tree... DoneThe following extra packages will be installed: libdbmusic0The following NEW packages will be installed:libdbmusic0 libdbmusic0-dev

0 packages upgraded, 2 newly installed, 0 to remove and 0 notupgraded.Need to get 273kB of archives. After unpacking 1110kB will be used.Do you want to continue? [Y/n] yGet:1 ftp://ftp.ticklers.org unstable/main libdbmusic0 0.2.0-2[260kB]Get:2 ftp://ftp.ticklers.org unstable/main libdbmusic0-dev 0.2.0-2[13.1kB]Fetched 273kB in 4s (59.9kB/s)Selecting previously deselected package libdbmusic0.(Reading database ... 68160 files and directories currentlyinstalled.)Unpacking libdbmusic0 (from .../libdbmusic0_0.2.0-2_i386.deb) ...Selecting previously deselected package libdbmusic0-dev.Unpacking libdbmusic0-dev (from .../libdbmusic0-dev_0.2.0-2_i386.deb)...Setting up libdbmusic0 (0.2.0-2) ...

Setting up libdbmusic0-dev (0.2.0-2) ...

<0>minerva[1004]:~#

Listing 2: Installing libdbmusic0-dev with apt-get

SYSADMINBlindtext SYSADMINDebian APT

keyword to browse the package list. This ishardly surprising as Debian GNU/ LinuxWoody comprises almost 9,300 packages,and that makes it impossible for you toremember every individual package.

But searching with apt-cache has itslimitations. If a program’s ./configurescript complains about not being able tofind glut.h, apt-cache search glut.h willnot provide you with any results and youwill then be no closer to home than youwere previously.

Two additional programs are availablein this scenario: auto-apt and apt-file.Neither program belongs to the officialAPT package and you will need to useapt-get install auto-apt or apt-get installapt-file to install them separately.

Just like APT, both auto-apt and apt-fileuse internal databases that are generatedafter installing the package. To do so,both programs use individual Contents-*files that depend on the architecture ofyour machine and are available in thedebian/dists/Distributiondirectory on anyDebian server.

To generate the internal package data-base, you will need to launch both apt-fileand auto-apt with the update argument.You are also recommended to update theinternal database of both of the programsat regular intervals to achieve the bestpossible results for search operations.

The search operation is launched in asimilar way to apt-cache, i.e. it uses thesearch keyword. To find the glut.h file

repeatedly launch apt-get dist-upgradeuntil the installation has been completedfor all the packages on your list.

But make sure you have enough freespace in the /var partition on your harddisk: apt-get will download packages to/var/cache/apt/archives, but not deletethem after completing its task. To free upthe disk space used by packages you nolonger need, the root user can type theapt-get clean command.

For users that prefer to keep a stablesystem instead of moving to DebianUnstable, but still require a few packagesfrom the unstable version (because theWoody version is too old, for example),the post Debian Woody apt-get versionoffers a special function: Just enter thefollowing line in /etc/apt/apt.conf

APT::Default-Release "testing";

and add suitable deb and deb-src entriesfor unstable in /etc/apt/sources.list, andyou will be able to install Sid packages inWoody by typing apt-get -t unstableinstall packagename.

You can use the inverse functionality:The entry

APT::Default-Release "unstable";

in /etc/apt/apt.conf and the right entriesin /etc/apt/sources.list will allow you toinstall Woody packages in Sid by typingapt-get -t testing install packagename.

APT-Cacheapt-cache is the second most importantprogram after apt-get in the APT programgroup. It provides the user with directaccess to the package database and isthus extremely useful.

You can type apt-cache search identd tobrowse the package database for anypackages containing the identd keywordas part of their name or the packagedescription, for example. If the resultscontain a package that seems interestingyou can use apt-cache show packagenameto display the package details. If you needinformation on a package’s dependen-cies, or require a list of packages thatdepend on the current package, you cantype apt-cache showpkg packagename.

Where are you?For practical purposes you will normallywant to use apt-cache and the search

Stable, Testing and Unstable

Command Functionapt-get update Updates the local package databaseapt-get upgrade Updates all the packages on a system if the current release includes an updateapt-get dist-upgrade Similar to apt-get upgrade but will install or remove packages to satisfy dependanciesapt-get install Packagename Installs a packageapt-get remove Packagename Deinstalls a packageapt-get --purge remove Packagename Deletes a package completelyapt-cache search Packagename Searches the package database for a packageapt-cache show Packagename Displays information for a selected packageapt-cache showpkg Packagename Displays details on the dependencies for a selected packageauto-apt search file Searches for a file in the package databaseauto-file search file Searches for a file in the package database and returns more detailed information

TABLE 1: COMMAND LINE REFERENCE

Debian GNU/Linux comes in three differentflavors:“stable”,“testing”and “unstable”, aka“potato”,“woody”and “sid”, which are thenames of the current distributions.

“stable”refers to the current stable release ofthe Debian Linux distribution. Currently, this isDebian GNU/Linux 2.2, codename “Potato”. InDebian GNU/Linux’s case stable means that nonew packages will be incorporated into thedistribution with the possible exception ofsecurity updates. Debian GNU/Linux 2.2 isalready fairly old, and thus only recommendedfor system administrators who need anabsolutely reliable system. However, this willmean doing without some current softwaresuch as XFree 4.* or an SSH daemon with builtin SSHv2 support.

“Unstable”is part of the Debian GNU/Linuxproject that will appeal to experienced usersand in fact anyone who would like to live “onthe bleeding edge”.The codename for thecurrent“unstable”version is “Sid”. Any newpackages will always be placed in “unstable”first and then make the transition to “testing”

distribution 10 days later, unless a critical error(“Release Critical Bug”) becomes apparent.Debian “unstable”offers both advantages anddisadvantages: On the one hand you willalways have access to brand new packages, onthe other hand the packages in Sid have notbeen tested, and this can mean a programbehaving badly or not running at all.You maynot want to run Sid on a production system forthis reason.

“testing”is that part of the Debian GNU/Linuxproject that is due to go “stable”in the nearfuture. Its current codename is “Woody”, andwhen “Woody”is released as the stable versionits version number will be 3.0. It is also quitepossible that this release might occur on oraround the publication date of the currentissue. As previously mentioned,“testing”mainly comprises packages from “unstable”that have proved themselves well behaved for awhile. Most“Woody”programs work quite wellby now so you should not experience any issuesif you are running them on your workstation ormultimedia machine.


Debian APTSYSADMIN

with auto-apt, you will thus need theauto-apt search glut.h command; apt-filesearch glut.h performs the same task inapt-file. The output formats of these twoprograms are completely different:apt-file simply returns the names of anypackages found to contain a certain file:

<0>minerva[1004]:~# apt-file search glut.hlibfltk1-devglutg3-devcint

In contrast auto-apt returns the completepath to the files and shows the packagecategory, although this does not alwaysprovide for easy readability (Listing 4).

<0>minerva[1001]:~# auto-apt search glut.husr/include/GL/fglut.h devel/glutg3-devusr/include/GL/glut.h devel/glutg3-dev

User Friendly DselectMany users like the way dselect looks butare at odds with its complexity. Othersprefer the simplicity of apt-get and apt-cache, but would like the functionality ofa program like dselect that allows them tointeractively select and install packages.

aptitude is an approach to resolvingthis issue and provides a dselect stylefront-end for apt-get and apt-cache (seeFigure 2). But in contrast to the former,the tool is easy to use and supports thearrow and function keys.

If you run aptitude in an X11 terminalemulation, you can simply use yourmouse to click on the buttons. Additionally, the intuitive handling andthe menu layout enhance aptitude’s user-friendliness.

The program is not part of the DebianGNU/Linux standard offering, meaningthat you will need to run apt-get installaptitude to install it. After the initialprogram launch, you might want to press[F10] and then press [U] to ensure thatapt-get automatically updates its ownpackage database.

After completing these steps you canuse the cursor keys, or the mouse on X11systems, to toggle between the five menuitems Installed Packages, Not InstalledPackages, Obsolete and Locally CreatedPackages, Virtual Packages and Tasks.

Obsolete?Installed Packages willshow you the packagescurrently installed onyour machine. NotInstalled Packagesshows all the packagesavailable in the data-base but not installedon your system. If youthen select Obsoleteand Locally CreatedPackages, aptitude listspackages that areinstalled on yourmachine but do notappear in the apt database. These mayinclude packages that were formerly partof a Debian installation but have sincebeen removed, because either the authoror the package maintainer decided toditch the package.

Virtual Packages are a speciality ofDebian : You can use them to group thevarious programs that fulfill the sametasks under a generic heading. i.e. themail reader mutt needs a local mail serverin order to transfer mail. The maintainerwould normally have to decide whichmail server software mutt should dependon, and this would annoy any users whoprefer exim to sendmail or vice versa. So,instead of making exim mandatory, themaintainer can use a trick and specify adependency between mutt and the virtualmail-transport-agent package. The data-base knows that a mail server must beinstalled to fulfill this condition.

The Tasks packages are of little interestnowadays. They were used to groupDebian GNU/Linux 2.2 programs thatperformed certain tasks. i.e. there was apackage called task-x-window-system thatcontained XFree86. This type of packagemore or less died out when DebianGNU/Linux Woody was released.

If you intend to use aptitude to install apackage, you may first want to find thepackage name in the list of Not InstalledPackages. Place the selection bar on thepackage name to highlight the package,then press the [+] key. The packagename should now be selected (shaded).

You can use this to select the multiplepackages for installation. Then press the[G] key (that is, get) to display onoverview of the packages you will beinstalling in the next step. Press the keyagain to download the selected packages.If any dependencies are discovered wherethe corresponding packages have notbeen pre-installed, aptitude will find thepackages and pass them to apt-get.

aptitude is also well suited to deletingpackages. Locate the entry for thosepackages you want to delete in the list ofInstalled Packages, then press the [-] keyonce and the [G] key twice. If any of theinstalled packages depend on the onesyou delete, aptitude will automaticallyremove them.

But aptitude offers more than justinstalling and removing packages. Justpress the [H] key for a complete overviewand howtos for the available commands.The documentation is available under/usr/share/doc/aptitude.

Future TrendsAlthough the APT programs perform wellat present, the developers responsible fordpkg and APT have big plans for thefuture. Interaction between the two is duefor enhancement via a tailor-made com-munication layer. A protocol layer of thistype would also mean performance gains.

Let us not forget that work is inprogress to enhance its user friendliness.It remains to be seen, if that will actuallymean a GUI. The prospect is exciting. ■

SYSADMINBlindtext SYSADMINAPT

Figure 2: Aptitude – the better alternative to Dselect

[1] Debian Free Software Guidelines: http://www.debian.org/social_contract

[2] APT Howto: http://www.debian.org/doc/manuals/apt-howto/index.en.html

INFO


SYSADMINDebian APT

account. Do try to be polite and enteryour email address for use in statisticalevaluation. You may find that anonymousaccess is denied. In this case you will seean error message, such as “Can’t setguest privileges”, “User anonymousaccess denied” etc.

If you happen to have an account onthe current server, you can log on usingopen -u username hostname and type thecorresponding password. You can alsosave time by using the -p (for “pass-word”) parameter. In this case thecomplete command is as follows:

ncftp> open -u username -p passU

word hostname

Quite a few well-known shell commands(cd, pwd, ls) work as you would expect

them to, although they have been re-implemented within the program. Youcan type help to display an overview ofthe available commands. ls displays a listof files and directories for the currentserver:

ncftp / > lsdebian-archive/debian/debian-cd/

If you want to change the directory todebian-archive/, you just need to type thecommand cd debian-archive. The promptchanges to ncftp/debian-archive > toshow you the current working directory.If you want to view the README file inthis directory, you do not need to transferit to your own computer. Instead, yousimply type less README.

NcFTP is a small compendium ofprograms which are designed foreasy command line based file

transfers, which includes: • the NcFTP Client, an FTP browser• NcFTPGet and NcFTPPut, non-interac-

tive file transfer programs• NcFTPLs, a tool for displaying the

directories on the server via FTP andwithout using an interactive shell

• NcFTPBatch and NcFTPSpooler – allthe programs within this collectionwork hand in hand.

NcFTP is of course, available for variousUnix platforms, but it can also be used ona variety of other operating systems. Thecurrent version is 3.1.4 (dated 2nd July2002), although some distributions stillinclude the older 2.4.3 version, whereyou might notice a few new differencescompared to the current version. If youintend to work your way through thecommands and parameters discussed inthis article you should consider updatingto 3.x.

The client is launched by typing ncftpat the command line. Now instead of thestandard prompt, you will now seencftp>. Any other commands are thentyped here. You can now use the opencommand or the shortcut o to open a newconnection to an FTP server:

ncftp> open ftp.debian.orgConnecting to ftp.debian.com(208.185.25.38)...raff.debian.org FTP server(vsftpd)Logging in...Login successful. Have fun.Sorry, I don’t do help.Logged in to ftp.debian.com.ncftp / > _

As you can see, we have now logged onsuccessfully and are looking at the FTPserver’s root area. The current FTP serverallows so-called anonymous logins, thatis, we are now logged on to the server viathe anonymous guest account. Mostservers prompt you for your emailaddress as your password for the guest

FTP (“File Transfer Protocol”) is an Internet protocol for exchanging data

between two hosts. As a standard command line tool ftp offers only limited

functionality. The easy-to-use NcFTP client not only displays the status of your

downloads but offers a number of useful additional features. BY HEIKE JURZIK

NcFTP

Convenient File Transfer

NcFTPSYSADMIN



SYSADMINSYSADMINNcFTP

File name completion is one of themore useful features, and one that youare probably familiar with, if you usebash. To launch the command we justdiscussed, less README, you can simplytype less R [Tab], as the current directorycontains only one file name starting witha capital “R”. Unique file names are thenautomatically completed. To do so NcFTPuses the dir command to create a list offiles that is then parsed during the com-pletion process. Depending on yournetwork performance and the number offiles in the current directory, this maytake a while to complete.

You can also use the get command totransfer files to your own computer. Aprogress indicator shows the progress ofthe download. As you cannot enter anyadditional commands while you aredownloading, NcFTP provides the bggetcommand, with “bg” denoting “back-ground”. You can even log out withoutinterrupting the download. This samefeature is available for the put command,which is used to upload a file from yourcomputer to another host.

The alternative command, bgput, runsthe upload process in the background.You can use the jobs command to checkall the jobs currently waiting in the back-ground.

To start downloading or uploading, usethe bgstart command. The followingmessage is displayed:

ncftp / > bgstartBackground process started.Watch the "/home/huhn/.ncftp/spU

ool/log" file to see how it isprogressing.

A quick look a the generated logfileshows the following:

2002-04-24 14:23:07 [026858] | U

Cmd: RETR file.tar.gz2002-04-24 14:23:07 [026858] | U

150: Opening BINARY mode dataU

connection for file.tar.gz (27U

06 bytes).2002-04-24 14:23:07 [026858] | U

226: Transfer complete.2002-04-24 14:23:07 [026858] | U

Succeeded downloading file.taU

r.gz.

The second line contains the message:“Opening BINARY mode” – which is the

default NcFTP setting for file transfers. Inother words, the data you transfer willnot be changed in any way. However,ASCII mode will correct the end-of-linecharacters that are used by all the variousoperating systems (you can changemodes using the type ascii or type binary)commands). The good news is, for Linux,you will probably not need this mode.

I want it all!The get command has an even greater setof features: You can transfer multiple filesand even use wildcards. Suppose you areinterested in two files on the FTP server,README and README.old, you caneither get README README.old or useget README*. Additionally, you can usethe -z flag to get a file and save it locallybut with a different name. To copyREADME.old from the remote server toREADME.alt on your local machine, youwould type the command get -zREADME.old README.alt.

NcFTP attempts to restart aborteddownloads. If a file transfer happens tobe interrupted, the program attempts toretrieve (“reget”) the missing parts of thedownload when re-launched. However,you can use the -f flag to disable thisbehavior. You can also append data to anexisting file. To do so, use get -A file.log(“append”), which will download the fileand append it to a local file with the samename.

One extremely practical feature isNcFTP´s ability to transfer completedirectory structures recursively. get -Rdirectory copies the directory plus anysubdirectories and any files stored in

them on to your local machine. NcFTPalso provides a few additional “l”-com-mands. The “l” means “local” in this caseand allows you to shell out of NcFTP torun a few commands on the localmachine. lcd changes the local directory.Once again, file completion is available.

lls calls the /bin/ls command on yourlocal machine, allowing you to quicklycheck the contents of the local directory,before downloading to it from the server.lmkdir (i.e. “make directory”) allows youto create a new subdirectory without hav-ing to quit NcFTP.

When you attempt to terminate theconnection to the server using close, or toquit NcFTP using quit, you will see thefollowing prompt:

You have not saved a bookmarkfor this site.

Would you like to save abookmark to:ftp://ftp.debian.com/U

debian-archive/

Save? (yes/no)

If you type “yes” to confirm, the programwill suggest a name for the server (“Entera name for this bookmark, or hit enter for'debian':”) and save the bookmark. Tomaintain your own bookmarks simplytype bookmarks, which will launch thesimple editor. In contrast to the earlierversions of this program, the new version encrypts your passwords in~/.ncftp/bookmarks, instead of savingthem in clear text. ■

Figure 1: Maintaining bookmarks in NcFTP

would in a normal Perl script. In theexample below a function being declared:

# Example 1sub log_error {print STDERR "Oops!\n";

}

This example will write the message“Oops!” to wherever the standard errorfile handle has been pointed. Thekeyword 'sub' denotes that a function isabout to be declared, next comes thename of the function, directly after is thecode block which is enclosed in the curlybraces. We will see later that there areseveral other arguments that can bepassed. This form will now be sufficientto make a practical error logging function.

# Example 2sub log_error {my @call = caller(1);print STDERR "Error: line U

$call [2]" . " of file $call U

[4]" . " in the function U

$call[3]\n";}

In example 2 we use the Perl function'caller' to give information on the callingsubroutine where the error occurred.Caller returns an array of data pertainingto where it was called. The most commonelements are listed below:

1. package2. file-name3. line number4. subroutine / function

Walter N

ovak,visipix.com

Items 2-4 should be familiar to you bynow, packages will be discussed in thefuture. More information on the 'caller'function can now be found by using the'perldoc -f caller' command from theshell prompt.

Invoking a user-definedfunctionAs with most (possibly all) things in Perl:“There is more than one way of doing it”,it follows then that there are numerousways of calling a user-defined function.

The three most common methods arelisted below. Each of these methods ofcalling the user defined functions has itsown implicit characteristics.

# Example 3log_error if $error == 1;

Example 3 calls the function 'log_error',provided that the function has beendeclared beforehand.

#Example 4my $error = 1;log_error() if $error;

Example 4 calls the function, regardlessof where in the script the function wasdeclared. The parenthesis indicate thatthe preceding word is a function. Theparenthesis are used to pass values to thefunction, this is covered later.

# Example 5&log_error if $error;

Example 5 calls the function, regardlessof whether it was defined before the codesection or not, using & is similar to using'$', '@' or '%', it clearly identifies thelabel as a function. However there areside-effects to using &, discussed later inthis article.

ParametersParameters make user-defined functionsvery powerful and flexible. Argumentscan be passed to user-defined functionsin the same fashion as the predefinedfunctions of Perl.

Values are copied to a function usingparenthesis and the contents of theparenthesis are passed using the defaultarray '@_'. This is the same variable thatcan be used throughout the program,however the value is stored elsewhere for

the duration of the function and its valuereturned at the end of the script. Thisconcept is called scope and is explainedin more detail later.

Using parameters to provide values to afunction enables the function to exist as astand alone piece of code:

# Example 6my $error_message;my $file = '/etc/passwd';

sub log_error {my @call = caller(1);print STDERR "Error at line U

$call[2] of file $call[1]" . U"in the function $call[4]\n";

print STDERR $error_message ifdefined($error_message);

}

if (-e $file) {$error_message = "$file is U

executable";log_error;

}

It seems comical to use this method,what would happen if you forgot to reset'$error_message', you'd give the wrongerror message which would be extremelymisleading putting you in the position ofdebugging your debug code. Modifyingthe previous example, we can give detailsas to the cause of an error as parametersto the argument:

# Example 7sub log_error {my $error_message = shift;my @call = caller(1);print STDERR "Error at line U

$call[2] of file $call[1]" ."in the function $call[4]\n";

print STDERR U

"$error_message\n" ifdefined($error_message);

}

my $file = '/dev/thermic_lance';

unless (-e $file) {log_error("$file doesn't U

exist");}

If you were particularly lazy you could

then create the function to check for theexistence of a file:

# Example 8sub exist_file {my $file = shift;unless (-e $file) {log_error("$file doesn't U

exist");}return 0;

}

This function in example 8 will callanother user defined function, the codefor which is shown previously. The codewill now give a standardized explanationof the error that occurred, in a standardformat using another user function toperform part of its task. The concept ofsplitting work among several user definedfunctions is called abstraction and hasmany benefits. An obvious one is that ifyou wanted to add a time-stamp then youwould only need to add the time stampcode once and all existing calls to'log_error' would reap the benefits.

Default ParametersA function does not mind how manyparameters are passed to it by default. Aswith standard arrays, if you try to accessan element that has no value, the valuereturned will be 'undef'. It is possible tomake Perl strictly adhere to set functionarguments as we will see.

# Example 9sub error_log {my $error_message = shift || U

'no message provided';my @call = caller(1);print STDERR "Error at line U

$call[2] of file $call[1]" . U"in the function $call[4]\n";print STDERR U

"$error_message\n";}

In example 9 if a parameter is not passed,then the default value reads 'no messageprovided', so the area returned could be:

Error at line 20 of file U

script.pl in the function U

test no message provided

The '||' operator is usually seen in condi-tional operators but in Perl it's equally at

5756 September 2002 www.linux-magazine.com www.linux-magazine.com September 2002

User defined functions are aninvaluable development toolenabling sections of code to be

reused many times. Shrewd use of userfunctions can create generic functionsthat reduce repetition of code whilstincreasing legibility and maintainability.

FunctionsA function is a collection of statementsthat can be grouped together to perform asingle task. The function can containnumerous calls to other perl functions oruser defined functions, including itself.This allows functions to act as black-boxes that can be used without theknowledge of how it operates.We declare a function by specifying itsname and listing the statements as we

Perl tutorialPROGRAMMING PROGRAMMINGPerl tutorial

In this month’ article we examine how to create user defined functions, test and apply the finished functions in several

separate scripts by creating libraries. BY FRANK FISH

Perl: Part 5

Thinking in Line Noise

Fictional Place, Some Town','jdoe!john doe,Flat 184A 23rdUStreet, Some City','!bad line', 'another bad U

line.');

for (@lines) {my $index = '';

# pass the line and a U

reference to index.my $status = get_index($_,U\$index);print "The line '$_' has an U

index $index\n" if $status U

== 1;}

Example 11 will find the indexes for anarray of items and return a status for eachline, this status can then be used todecide if it is possible to continue withthe process.

It is worth noting that by default Perlfunctions will return the value from thelast statement in a function. It is notuncommon to see subroutines that don'thave 'return …' as the last line but rathera variable, function or value by itself justbefore the function declaration ends:while it is only necessary to use a returnvalue to explicitly leave a subroutineearly it is good form to explicitly give a'return' statement.

# Example 12

sub get_index($$) {my ($line, $index) = @_; U

my $status = 0;

if ($line =~ /^(\w+)!/ && $1 U

ne '' ){$$index = $1;

$status = 1;} else {log_error("No index.on line: U

$_\n");}$status;

}

Something greatly frowned upon in someprogramming disciplines is having morethan one exit point to a function. SincePerl acts as both a programming as wellas a scripting language the popularinterpretation of this rule is to bend it and

use the scripting ethos of “Exit early”.Example 13, be;ow, is the “Exit Early”

programming style.

# Example 13sub circ_area {my $radius = shift or return U

0;my $PI = 2.14;my $area = $PI * $radius * U

$radius;return $area;

}

It is a foregone conclusion that a radius ofzero will produce an area of zero, sorather than calculate this result as we didbefore, we return the result immediately.Since the rules of geometry are unlikelyto change in the working life of this code(and perhaps even before Perl 6 isreleased) such an action can hardly beseen as cavalier.

We can return half-way through anassignment due to two key features ofPerl. The 'or' operator has a greaterprecedence than the assignment operator,and more importantly Perl is a tolerant,stoic and syntactically gifted language.

ScopeIn example 6, we called a function and itaccessed a variable declared outside ofthe function

We assigned a particular message tothe variable '$error_message' and thiswas used in the function 'log_error'.

The variable we used is called a globalvariable, that is to say its name can beused anywhere and its value can be reador written to from anywhere within theprogram. The very fact that globals canbe altered from anywhere is the biggestargument against using them, they leadto messy un-maintainable code and areconsidered a bad thing.

#Example 15 (Does not compile)#!/usr/bin/perluse strict;use warnings;

my $global = 3;

sub functionX {my $private = 4;

print "global is $global\n";print "private is $private\n";

}

functionX;

print "global is $global\n";

# This line will fail as# $private doesn't exist# outside of the function# called functionX.print "private is $private\n";

Use of global variables is best avoided,and should only be used to declare anyconstant values that will remain for theduration of the program. Better, eventhen, to make use of the fact thatfunctions are always global, so no onecan revise the code and knock out aglobal variable:

sub PI(){ 3.14 }

Even using functions to make constants itis wise to pass the values as parametersinto the function, in case the function isplaced directly into another script, wherethe constant has not been passed. Anyfunction that can stand alone, can be unittested, and its functionality vouched for.

My, Our and LocalThere are three different ways to declare avariable in Perl, each affecting differentaspects of the scope. As a rule 'my' isalways used, failure to use 'our' or 'local'in the correct manner is considered anunforgivable sin.

'my' is the safest variety to use, thiscreates a variable and destroys it when itis no longer referred to, using the Perlgarbage collection.

Any variable declared using 'my'within a scope ( a looping structure orcode block ) exists only when that scopeis called and its value is then reset afterthe iteration.

{my $v = 1; # $v is 1;print "$v\n" # $v is 1;

} # $v no longer exists.

This can be especially useful in nestedloops where the inner variable is eachtime automatically initialized.

for my $x ( 0..9 ) {my $y = 0;print "Coordinate U

( $x, $y )\n" while $y++ < 3;}

'local' hi-jacks the value of a globalvariable, for the duration of its scope.This occurs at runtime rather than atcompile time and is referred to asdynamic scope.

my $v = 5; {local $v = 1; # $v is 1;print "$v\n" # $v is 1;

} # $v is 5 again.

As a rule 'local' should be avoided inpreference to 'my'. It is primarily used toalter global variables for short spaces oftime. Even then it is worth noting thatany function calls made within this scopewill also use the locally set value. If indoubt consult 'perldoc -f local' butremember 'my' is almost always whatyou want.

'our' allows the use of a variable withinthe lexical scope without initializing thevalue. 'our' becomes useful when wemake packages, which we will investigatein the future.

Function OdditiesIt is possible to establish a required setof values that the function must receiveor make it fail to compile and exit with aruntime exception. This can be desirablein some cases and allows greaterfreedom in our use of user-definedfunctions.

We can declare the prototypes at thestart of the code and then define the codeblock later in the program, in case wewish to use the extra features of prototyp-

5958 September 2002 www.linux-magazine.com www.linux-magazine.com September 2002

home in ordinary lines of code. It has alow order of precedence.

Many Happy returnsAll functions return a value. The valuethat a function returns can be the resultsof an operation or a status flag to showsuccess or failure of an operation.

The following example shows theresults of an operation:

# Example 10

sub circ_area {my $radius = shift || 0;my $PI = 2.14;my $area = $PI * $radius * U

$radius;return $area;

}

my $radius = 3;my $area = circ_area($radius);print "Area of a circle U

$radius in radius is $area\n";

Will be interpreted as “Set $radius to thevalue of the next element of the array@_, if there are no more values set thevalue to 'no message provided'.

The results of the user defined functionare returned directly, the essence of thefunction is to return the data.

In large systems a function return valueis used to convey success or failure of thefunction, this is extremely useful in tasksthat use many sections.

# Example 11

sub get_index($$) {my ($line, $index) = @_;my $status = 0;

if ($line =~ /^(\w+)!/ && $1 U

ne '' ){$$index = $1;$status = 1;

}else {log_error("No index on line: U

$_\n");}

return $status;}

my @lines = ('fred!fred bloggs, 12 U

M-J. Dominus' excellent website:perl.plover.com/FAQs/Namespaces.htmlperl.plover.com/local.html

Online References

keyword value name

my scoped scoped

local scoped global

our global scoped

VARIABLES IN PERL

Perl tutorialPROGRAMMING PROGRAMMINGPerl tutorial

ing to increase legibility of the code orforce certain uses.

sub foo; # Forward declaration.Usub foo(); # Prototype.

Using '&' does allow a programmer tooverrule any prototyping on a function. Afull description of prototyping with itsstrengths and weaknesses (Perl is after alla weakly typed language) will appear inthe future.

sub debugm($) {print STDERR "\n\n****\n$_U[0]\n***\n\n";

}

# Automatically uses $_debugm;

# This only prints the first# parameter but ignores the# function prototype.&debugm('beware','of this');

Perl DocumentationPerl has a wealth of good documentationcoming with the standard distribution, Itcovers every aspect of the Perl languageand is viewed using your computersystem’s default pager program. Thepages of Perldoc resemble the man pagesin that they cite examples of use and givepertinant advice.

There are a great many parts to the Perldocumentation. To list the categoriesavailable, type the following command atthe shell prompt:

perldoc perl

This then displays a page which has twocolumns. The left hand column lists themnemonic title while the right columnshows a description of the topic:

Perlsyn Perl syntaxPerldata Perl data structuresPerlop Perl operators and

precedencePerlsub Perl subroutines

Simply type perldoc and the mnemonicfor that subject on the command line:

perldoc perlsyn

This shows the Perl syntax information.■Perl docs: perldoc perlfunc

Further Reading

of traffic. Other reference applicationsinclude a global network for meteorologi-cal data from airports or the MedusaProject [4] that accesses a large-scaledatabase. But if you talk to the users, youwill normally find that Tcl has mainlybeen used for internal projects.

Sourceforge has the Tclhttpd sourcefiles [1]. There are two versions: the all-inclusive variant tclhttpd-3.2-distincluding Tcl, Thread and Tcllib [3] andthe current version tclhttpd-3.3.1. The

older package’s advantage is ease ofinstallation. The following steps are allthat you need to do to get a web server upand running:

# tar -xzf tclhttpd3.2-dist.tarU.gz# cd tclhttpd3.2-dist/tclhttpd3U.2# make# make install# cd bin


Anumber of techniques are nowavailable for web applications inTcl. In addition to CGI scripts, Tcl

modules for Apache or fully featuredapplication servers, you might like to takea look at Tclhttpd. The webserver is a 100per cent Tcl code development with along history, and this is reflected in thecurrent version. The Tcl webserver’sfunctions provide an ideal platform foradvanced web applications. This articledemonstrates various approaches for thecreation of HTML pages and also in theprocessing of requests.

Tclhttpd’s origins go back to 175 linesof Tcl that Brent Welch wrote in the mid90s. The codebase has grown since toencompass something in the region of12,000 lines, and this does not includethe extensive Tcllib library. This stablecodebase supports speedy deployment invarious areas. Tclhttpd can: • Serve static web sites• Run Server Side Includes• Link individual URLs, even whole

directories, or various MIME types withTcl scripts

• Embed Tcl code in HTML• Read and write cookies• Manage sessions• Authenticate users• Evaluate forms• Upload files to servers• Support emailThe development activities were neverintended to rival the king of the hill,Apache. If you are having to contend withseveral hundred requests per second, Tclmodules such as mod_tcl [5] ormod_websh [6] for Apache are definitelya better bet. But if you are looking todevelop web applications for small tomedium volume web sites, Tclhttpd willprovide you with a solid base from whichyou can work.

Suitable for projects of all sizesBut Tclhttpd does not need to hide itslight under a bushel – after all it doeshost http://www.tcl.tk and this websitehas to cope with a considerable volume

Programmed in Tcl, the Tclhttpd web server is an ideal platform for advanced

web applications that can also profit from the ease and speed of development

that Tcl offers. Tcl library functions and numerous extensions are available

including a library that takes the hard work out of generating HTML code.

BY CARSTEN ZERBST

Web applications with the Tcl web server

Delivery Service

TclhttpdPROGRAMMING

Deutsche PostWorld Net

# wish httpd.tclRunning with 256 file Udescriptor limithttpd started on port 8015

Just launch your browser and point it athttp://localhost:8015 to view the samplefiles that show you some of the package’scapabilities. You can configure the servervia the tclhttpd .rc file; the following is alisting that contains an example of someof the options available.

# Sample configuration# httpd running as user 500 # in group 100Config uid 500Config gid 100

# httpd listening on port 8015,Unormal hostname

Config host [info hostname]Config port 8015

# Custom scripts in # .../custom directoryConfig library [file join U[Config home] .. custom]

# HTML files in # /usr/local/httpd/htdocsConfig docRoot /usr/local/Uhttpd/htdocs

# Do not create threads Config threads 0Config main [file join U[Config home] httpdthread.tcl]

# Logfile: /usr/local/httpd/logConfig LogFile /usr/local/Uhttpd/log

Config LogFlushMinutes 0

When you start out on a developmentproject, it makes sense to use the contentin the sample directory, to leverage thecontrol panel and statistics features. Thecontrol panel reads variables frombrowsers or reloads the libraries, andboth these functions are very useful forwhen it comes to debugging.

Tclhttpd can create web page contentdynamically at runtime and it supportsvarious approaches to do so. The easiestway to go is to configure a Direct_Url:The server will then pass requests for theURL to the configured Tcl procedure. Incontrast to a CGI script the server will notspawn a new process but it will run theprocedure directly in its own serverprocess. This allows you to use variablesfrom the server for counters or to opendatabase connections.

Direct Url DynamicsThe next listing shows a simple example.

The Direct_Url /listing2 .html listing2command assigns the URL http:// local-host:8015/listing2.html to the listing2procedure. The Tcl procedure creates andreturns the required page. The variablesavailable in the script, for example env,are interesting, as they are being used tostore information on the current clientconnection. The html::tableFromArraycommand formats the content of theglobal variable producing the resultshown in Figure 1.

Direct_Url /listing2.html Ulisting2

proc listing2 {args} {puts stderr $args

set html "<html>"append html "<body>"append html [html::tableFromUArray ::env "border=1" *]append html "</body>U</html>"return $html

}

The script must be stored in the contribdirectory in order for the server to find it.Tclhttpd reads all the scripts in this direc-tory automatically at startup.

During the development phase the libdirectory is also useful. Scripts stored inthis directory still need to be loadedexplicitly in the main script, but thisallows you to reload them later from thecontrol panel with the Reload Sourcefunction, which provides a facility foron the fly code modification. If an erroris discovered in a script the Tclhttpddisplays the debugging informationdirectly as an HTML page for easyviewing.

Elegant TemplatesTemplates are a more elegant solutionthan using Direct Url and comprise anHTML document with embedded Tclcode. The Tcl elements are encapsulatedin brackets – the return value of the func-tion that immediately precedes theclosing bracket is passed to the HTMLpage. You can use the value of the vari-able in the whole template and not onlyin the Tcl elements.

If you want to work with templates,you will need to place a copy of the .tmlfile and the libtml directory taken from


Figure 1: The procedure detailed in Listing†2 outputs the content of the global Tcl variable ::env. The vari-able contains entries that you should recognize from CGI scripts, such as HTTP_USER_AGENT.

PROGRAMMINGTclhttpd

Tclhttpd automatically updates thesaved version if the template is newerthan the saved results, or if the browsercalls the template directly. As you can seein the following listing, the [Doc_U

Dynamic] can be used to suppress thecaching functionality.

Templates provide an easy migrationpath that you can use to graduallyupgrade static web sites with dynamicfunctions. In addition to simple counters,navigation toolbars would be obviouscandidates, since a single procedurecould create them for the whole site.htdocs/libtml/sunscript.tcl contains asample of source code from the formerSunscript page.

Interactive TemplatesWeb pages with user input are the nexthurdle for a web application to overcome.The interactions of this kind basicallycomprise of two elements: an HTML pageprovides the user interface in the browserand a script running on the server thatevaluates the input. It makes sense for atemplate to create the form and evaluateit, allowing the template in turn to returna modified version of the formula in caseof input errors. In case of valid input, thetemplate would then transfer the browserto a different page.

<html><head> <title>Entries<U/title></head><body>[Doc_Dynamic]

[ if {![ncgi::empty Uproject] } {Doc_Redirect [ncgi::valueUproject].html?[ncgi::query]} else {

set message "no project Uselected"}]<hr>$message<form action=$page(url) Umethod=POST>Text: <input type=text [html::formValue text]> <br>Project: [html::radioSet Uproject { } {"Project 1" project1"Project 2" project2

}] <p><input value="Send" Utype=submit></form> <p>

Input was:[html::tableFromList U[ncgi::nvlist] "border=1"]

</body></html>

The sample script in the listing aboveshows how a template can edit a form.Although the template is short, it pro-vides heaps of functionality. First the[Doc _Dynamic] command prevents theform from caching the template, whichwould make no sense at all.

The next Tcl block handles the datainput using a few functions from the Ncgipackage in Tcllib. For example,ncgi::empty checks whether an entry forthe project field in the form exists. In thiscase the request is passed via Doc_Redi-


the distribution in the htdocs directory.The sample template in the next listingfirst defines a variable, that contains thevalue of the env in HTML code. Lowerdown in the template, the content is thenintegrated into the page using $later. Thelast section of the template contains thedate of the last modification. We can seethat a template can therefore encompassa varying mixture of scripts, variablesand HTML.

<html><head> <title> SimpleUTemplate</title> </head>

<body>A simple template.[ set later "watch this"html::tableFromArray U::env "border=1" *

]<p>$later

<hr>

Last change[clock format [file mtime U$::env(PATH_TRANSLATED)]]

</body></html>

Templates use the .tml file suffix and arestored just like normal HTML documentsin htdocs. When a browser requests thelisting3.html, the server first actions thelisting3.tml template and then returns theresult. Tclhttpd addtionally writes theresult to listing3.html on the hard diskand uses it for any further requests. Thiskind of caching is particularly practicalfor templates that either perform somecomplex calculations or contain slowdatabase queries.

TclhttpdPROGRAMMING

Figure 2: Mozilla displaying the content of a cookiethat originated in the template of the “cookie”list-ing above.The cookie was set by the server at192.168.42.150, is called test and contains the value 42.

Instruction MeaningHTMLhtml::h1 Title Produces a heading, also "html::h2" and "html::h3"html::tableFromArray ArrayName Produces a HTML table from a Tcl arrayhtml::checkbox Name Value Produces a Checkboxhtml::trxtInput Name Parameter Produces a text inputNcgincgi::cookie Cookie Returns a list of values for Cookiencgi::setCookie - name Name -Value Value Sets a Cookiencgi::empty Name Indicates whether an input value is presentncgi::value Key Returns the CGI value identified by Keyncgi::nvlist Returns all the query as a name, value listncgi::query Returns the raw query data

TABLE 1: INSTRUCTIONS FOR HTML AND CGI

rect to the HTML page for this project. Ifthis does not occur, a message is thenstored in the variable message and it iswritten to the page by $message, which isthe message construct.

The middle section inside the templatecontains a simple form, whose input canbe returned to the template by the use ofHTTP-POST. The form contains a textinput box and radio buttons, which havebeen assigned to project1 and project2,and are labeled Project 1 and Project 2. Atthe end of the script the user input is for-matted. This is then output so that it canbe used for debugging purposes.

When a user first opens the listing4.htmlpage, no project has been selected. In thiscase clicking on the Send button willreturn the user to the same page. Anyentries in the text boxes are retained dueto html::formValue text. Users must firstselect a project before the input validitycheck can redirect them to another page.

The Html and Ncgi packages comprisesolutions for numerous tasks that involveformulae and their evaluation. Table 1contains some practical functions. Thecomplete documentation for the packagesis available in Tcllib[3].

Data crumbsHaving to retypedata is clumsy, andnot all browserscan or want tostore user input.

Although it is easyto store data on the

server, it is by no means trivial to assign itto a specific user. HTTP is stateless andrequests are normally independent of anyprevious requests.

Cookies provide a solution to thisknown problem: The server asks thebrowser to store some data (a cookie) onthe client. If the user revisits the site, andhas not deleted the cookie meanwhile,the server can read the cookie it asked thebrowser to store.

The template in the next listing firstchecks the browser for the answer cookie.If the cookie exists, it outputs the value, ifnot, the template attempts to write acookie. Apart from the server that sets thecookie values the browser itself can alsoread the cookie, as you can see in Figure2. Cookies can often be troublesome,especially from a legal point of view (dataprotection and so on); they also pose asecurity risk. You will want to try to avoidusing them as a building block of yourapplication logic.

<html> <head> <title>UCookie</title> </head><body> <h1>Cookie</h1>[ Doc_Dynamic

if {[string length U[Doc_Cookie answer]] > 0} {set html "Cookie answer is U[Doc_Cookie answer]"} else {Doc_SetCookie -name answer U-value 42 -path $page(url)set html "Set Cookie Uanswer=42"

}]</body></html>

Login for Web ApplicationsAlthough open networks are a goodthing, you might need to implementaccess restrictions for part of your website. In addition to the .htaccess files youwill be familiar with from Apache,Tclhttpd supports authentication by a Tclprocedure. A file called .tclaccess, whichis stored in the individual directories,takes care of this. You need to set thevariables realm and callback here.

set realm "tickle"set callback aok?

proc aok? {sock realm user Upassword} {if {[string match $password Utickle]} {return 1

} else {return 0

}}


PROGRAMMINGTclhttpd

Figure 3: The googbar looks like the Google home page, but in fact it is a Tclprogram that redirects search operations directly to Google.

Figure 4: The BWidgets demo application shows the capabilities of thistoolkit. The widgets are written in Tcl and only use Tk.

Figure 5: dndspy (bottom) shows the MIME types and actions allowed with dragobjects. Grabbing a message (flying page) from Evolution (top).

Sessions are a more advanced variant.Here, Tclhttpd uses its own interpreter forthe individual sessions. This provides fordata separation between the sessions,and so retaining the data for each of theindividual sessions.

More InfoThe capabilities described in this articlecover only a small portion of this webserver’s total functionality. The samplefiles bundled with the Tclhttpd package

additionally show you how to upload filesand use image maps. You can obtainadditional information, which is availablefrom [2]. Amongst the other interestingsnippets, you will note an excerpt from abook by Brent Welch, Tclhttpd’s author.Sourceforge also offers a mailing list thatprovides competent answers to complexissues, but still finds time to deal withbeginners’ questions.

In some cases you may not need to goto all the trouble of developing a newapplication yourself. The Infocetera[12]site provides a complete Groupwareapplication, including a calendar, addressbook, room planner, task planner, andother modules. The whole application isbased on Tclhttpd.

Our next informative TCL article willsoon be appearing on your pages of LinuxMagazine from out of the murky depthsof server applications. We will be lookinginto both Tk and the BWidget set. Theimage in Figure 4 should serve to whetyour appetite for this widget. It providescapable new widgets by using only the Tkstandard widgets and pure Tcl code. ■


TclhttpdPROGRAMMING

[1] Tclhttpd home page: http://sourceforge.Unet/projects/tclhttpd/

[2] Informationen on Tclhttpd: http://www.Utcl.tk/software/tclhttpd/

[3] Home pages for Tcllib and BWidgets:http://sourceforge.net/projects/tcllib/

[4] Medusa project: http://ciheam.maich.Ugr/medusa/

[5] Tcl Apache module: http://tcl.apache.Uorg/mod_tcl/mod_tcl.html

[6] Websh: http://websh.com[7] Googbar: http://www.geddy.hpg.ig.com.U

br/software/googbar/[8] Toucan: http://home.attbi.com/U

~maccody/[9] Ora Tcl: http://oratcl.sourceforge.net[10] Tcl XML: http://tclxml.sourceforge.net[11] Tk DND: http://www.iit.demokritos.gr/U

~petasis/[12] Infocetera: http://www.infocetera.com

INFO

Figure 6: Toucan a GUI developer interface for Palm programs. The IDE and any software created with itare based on Tcl.

Next release anticipatedTcl 8.4 will be leaving beta in the Autumn. Although I have not noticed any errors for a long timenow, the Tcl coreteam prefers to wait and deliver an absolutely perfect version. A whole bunch ofnew applications in and for Tcl are available right now.The BWidgets and additional GUI elementssuch as Tree and Combobox – which will be featured in the next issue of TCL – are now available inversion 1.4 [3].The demo in Figure 4 might whet your appetite.Ora Tcl and Tcl XML There is also news on these two packages which were covered in our last TCL article:The latest ver-sion of the Ora Tcl[9] database extensions supports the full range of Oracle 9i features and the TclXML package on Sourceforge[10] now comprises xmlgen, providing a new approach to generatingXML and HTML. xmlgen provides a language map between Tcl and XML: Instead of using elementsand attributes, you can now work on a higher level with application objects.Lots of Little ToolsApart from all these server oriented treats there is news on several smaller tools.Toucan, a devel-oper interface for Palm programs[8] requires only a minimal hardware platform. Both thedeveloper interface and any applications developed with it are based on Tcl (Figure 6).The Googbar(Figure 3), which can launch Google searches[7] has an extremely small memory footprint.Tkdnd, adrag & drop extension for Tk[11] needs even less space on screen. It runs on the XDND protocol usedby Gnome and KDE applications and also on Windows. dndspy (Figure 5) is also included.This pro-gram shows data traffic in the DND protocol

Tcl News

Carsten Zerbstworks for Atlantecon the PDM shipbuilding system. Heis also interested inTcl/Tk usage andapplications.TH

E AU

THO

R

The callback variable contains thename of the Tcl procedure responsible forauthentication. The browser displays thecontent of realm as a text during the logindialog. This data is also passed as anargument to the callback procedure. Ourexample accepts users that supply thepassword tickle. A real application wouldaccess a user password entry in a file,database or LDAP directory. After loggingin the user name is stored in the::env(REMOTE_USER) variable.

Basel,24.– 27. September 2002

Kongressanmeldungen und weitere Informationen unterwww.orbitcomdex.com oder Tel. +41 58 200 20 20.

Die Orbit/Comdex Europe 2002 bietet IT-Anwendern eine breite, praxisorien-tierte Informationsplattform an: Neben den fünf Kongressthemen In-formation Security, IT for Finance, Enterprise Mobility, Procurement im E-Business und Content meets Business präsentiert die Orbit/Comdex Europeunter anderem die folgenden Messehighlights: Information Security Park,Content Expo, Innovation leads Business und den Enterprise IT Buyer’s Club.Zahlreiche Aussteller stellen die neusten Produkte und Dienstleistungen ausden Bereichen IT, Telekommunikation, Internet und E-Commerce vor.

INFORMATION TECHNOLOGY – ONE STEP AHEAD

Praxis-Lösungenfür IT-Anwender.

O R B I T / C O M D E X E U R O P E C O N G R E S S 2 0 0 2M

ittw

och,

25.9

.200

2Do

nner

stag

,26.

9.20

02

9.30bis 10.00

10.30bis 12.00

13.30bis 15.00

15.30bis 17.00

InformationSecurityVom Produkt zur Strategie –eine gesamtheitlicheBetrachtungsweise

s1 Management-Aspekte der IT-Sicherheit

s2 Strategische Informations-sicherheit (Sprache: Englisch)

s3 IDS-Geschichte, Gegenwartund Zukunft

s4 Security in der Microsoft-Welt

s5 Macht und Ohnmacht vonGrossmächten im Internet

s6 Mobile IT; klein und fein,darfs auch sicher sein?

IT for FinanceDas IT-Forum für den Finanz-sektor in Deutschland und inder Schweiz

f1 Potenziale für Kosten-reduktion in der Banken-IT

f2 Die Zukunft der Finanz-marktplätze im Internet

f3 Customer RelationshipManagement im Finanz-sektor

f4 Internet Banking

f5 Internet Banking:Perspektiven

f6 Versicherungs- und Bankentechnologie

Hauptsponsor:www.ca.com

k Keynote: IT Security: das Spektrum der BedrohungDavid Love, Head of Security Strategy EMEA, Computer Associates. Sprache: Englisch

k Keynote: Information Warfare: eine wirtschaftliche BetrachtungDavid Love, Head of Security Strategy EMEA, Computer Associates. Sprache: Englisch

Enterprise MobilityBusiness-Gründe für mobile Verbindungen – überall undjederzeit

e1 Gute Business-Gründe für mobile Unternehmens-applikationen

e2 Die standardbasiertePlattform «Mobile Office»

e3 Sprachtechnologie – das nächste Benutzer-Interface für das Internet

e4 Wissen Carriers tatsächlich,woher ihr Wachstum kom-men wird?

e5 Verbindung von verteilten Arbeitsplätzen – Work Wirefree®

e6 Wearable Computing –Das tragbare Büro

Procurement im E-BusinessWie europäische Unternehmenihre Einkaufsprozesse opti-mieren

p1 E-Procurement für KMUs

p2 Kostensenkung im Ersatzteilmanagement

p3 Beschaffungsoptimierung in Grossunternehmen

p4 Collaborative Buying

p5 Procurement Service Providers für die öffentliche Hand

p6 Prozessoptimierung mitLieferanten

Content meets BusinessContent und KnowledgeManagement als Teil desGeschäftsprozesses

c1 Die 10 Kernfragen imContent Management

c2 Content-Management-Strategien für KMUs

c3 CMS-Lösungen – Welche Lösung eignet sich für welches Problem?

c4 Content im Business – Erfolgsberichte

c5 Von Content über Media Asset Management zum Geschäftsprozess

c6 Was Sie über Webanalyse wissen sollten! Tool-Anbieter berichten

Hauptsponsor: Partner:www.orange.ch www.gigagroup.net

Sponsor: Partner:www.conextrade.com www.ecademy.ch

www.softnet.ch

Partner:www.contentmanager.dewww.gigagroup.netwww.netzwoche.ch

9.30bis 10.00

10.30bis 12.00

13.30bis 15.00

15.30bis 17.00

(Änderungen vorbehalten. Stand 20. Juni 2002)

Alle Seminare finden im Kongress-zentrum Basel statt.Vorverkauf (bis 23.9.2002)Preis für eine Session: CHF 180.–Peis für jede weitere Session (für die gleiche Person, verschiedene Session/s): CHF 130.–

Ticketverkauf vor Ort (24.– 26.9.2002)Preis für eine Session: CHF 200.–Peis für jede weitere Session (für die gleiche Person, verschiedene Session/s): CHF 150.–

Attraktive Kongress-Packages!Beim Kauf einer Sessionkarte erhalten Sie die folgenden Leistungen• Eintritt zur ausgewählten Session• Pausengetränke• Tageskarte Orbit/Comdex Europe 2002 (Messe)*• 1 Buch «Procurement im E-Business» – E-Business Cases (2001)*• 1 CD-ROM EITO 2002 (solange Vorrat)*• 1 Kongress-Bag mit Dokumentation** Diese Leistungen sind nur bei Bestellungen von Kongresskarten à CHF 180.–/CHF 200.– inbegriffen.

equals. The conditionals (>= and <=)bind tighter than the &&, and so bothindividual cases are checked separately,and then ANDed together. Most otherlanguages have a set of precedence rulessimilar to C, with some minor variations,so understanding one is good groundingfor the others.

The most frequent problem caused byprecedence is the bitwise AND (&). Sinceit is often used as a test (‘is bit 4 set?’, forexample) one might normally attempt touse code such as:

if (c & 0x7f != 0)/* Don't do this! It doesn't U

work!!! */printf("Success!?\n");

By referring to the table again, youshould be able to see why this doesn’twork. Looking at both operators (& and!= ), we see that the not equals has the

higher precedence, and so is done first. Itis this result that is then ANDed with c inthe test. Since 0x7f is never equal to 0 itevaluates to true (represented as 1 – seeTruth or Dare, later), and the test willactually check for the least significant bitbeing set. This determines if a number isodd or even and will, quite literally, workhalf the time!

I recommend knowing the basic rulesfrom this table, but not to memorising allof it slavishly. My reasons are two-fold.Firstly – you should never need it, sinceeven dullest pub conversation can not belightened with a ‘did you know’ sessionon operator precedence! (I know – I’vebeen there!). Secondly, if you write codethat relies on the precedence rules it willnot be easily understood, and almostincomprehensible to anyone that has notmemorised it. And since any program willbe read more times that it is written, thisis very bad thing. Not to mention the


Which comes first in the sum, isit the multiplication or theaddition? By running the

example through any nearby compileryou’ll see the answer is 13. But is thatalways true? Or is it just the gcc? Withoutgiving too much of the plot away – it isalways true! It has to be true, otherwisethe compiler would be compiling anotherlanguage to rather than C!

All The President’s Men(sorry!)Simply put, precedence is a set of rulesbuilt into the language (which all thecompilers must therefore follow) thatindicate which parts of an expressionshould get evaluated first, and whichshould happen second.

Table 1 is listed from the high priorityoperators which occur first, like thebrackets (naturally, since their purpose isto group things together) through themid-level operators (multiplication andaddition) down to assignments. You willalso notice that some groups (such as thearithmetic, for example) are split in half.This indicates that while multiplication,division and modulus (remainder) allhave the same precedence level, additionand subtraction are slightly lower. So5*2+3 will be 13, because 5*2 (=10) isdone first, followed by 10+3. We couldhave been explicit by writing (5*2)+3,but this is overkill since we know thebasic rules.

The order itself has been well chosenas 99% of expressions you write will fitnaturally the precedence order, withoutexplicit bracketing. This can be seenthrough example.

c = szSentance[iFirstLetter=0];if (c >= 'A' && c <= 'Z')

printf("Starting with upper U

case is good\n");

The square brackets keep the assignmentinternal to itself, and so it can not affectanything else. As the assignment is low,any expressions we try and evaluate withalways occur on the right hand of the

C tutorialPROGRAMMING

Precedence solves one of the great mysteries in programming: does 5*2+3 equal

13 or 25! To find out the answer, and why, we asked Steven Goodwin to explain

this and the other finer points in C. BY STEVEN GOODWIN

C: Part 10

Language of the ‘C’

problems you can get yourself into if youmisquote a precedence rule and spend anhour looking for a bug that could havebeen avoided by using brackets.

Same Size FeetOperators like * and / are in the samegroup. This means they have exactly thesame precedence and so will evaluatethem from left to right (according theassociativity of the operator). This canbecome a problem when mixing differentoperators (with equal precedence), sobracketing should be used to state theintention:

ans = 10*x / 5*y; U

/* Careful - layout can U

confuse! */

is actually the same as:

ans = 2*x*y;/* Acts like ( ( (10*x) / 5 ) U

* y ) */

not

ans = (10*x) / (5*y);

This is a good case where explicitlybracketing will actually help to clarify themeaning, and not clutter the code.

The order in which the componentexpressions are evaluated is determinedby the compiler, and not by the language.In our previous example it doesn’t matterif (10*x) is worked out before (5*y), sincewe get the same answer. The compiler is

then free to optimise the order to suit thetarget platform, but in cases like:

iTotalDishes = CountRiceDishesU() + CountNoodleDishes();

Either function could be the first called soyou can not make assumptions as towhich it is (even if you know!), or changethe global variables from inside thosefunctions that the other relies on. Thesame is true with function parameters;either could be evaluated first and so it’sbehaviour is said to be undefined. We’llcover the definition of this later.

CalcTotalDishes(CountRiceDishesU(), CountNoodleDishes());

Similarly, the following code will also beambiguous because of ++ iDiners. Theincrement can happen at any time beforethe sequence point (the semi-colon,remember) so the GetDinersWantingRicefunction could receive one of two values– creating an ambiguity we should avoid.You may know in which order gcc does it,however, relying on such behaviour isbad programming practice and to beavoided at all costs!

iFractionOfRiceEaters = U

GetDinersWantingRice(iDiners) U

/ ++iDiners;

The other major case where precedencerules need to be followed is in macros.We shall look at this in a later issue.

Truth or DareIt is sometimes a great concern of newprogrammers (in all languages) as to thevalue of 'true'. We want to know thetruth! Over the years, different languageshave used different values for 'true': 1, -1,any non-zero number. In 'C' the value of'true' is 1. The concept is anything non-zero! This means that at any expression(such as 'a > b' or 'a != b') which canbe 'true' or 'false' will evaluate to thenumber 1, or 0, respectively. Anytime in aconditional statement, a number is used,like 'if (a)' or 'while(a)', any non-zerovalue is treated as true, and zero is theonly false case.

True can only be considered as 1 innative expressions like greater than, ornot equals. Functions, such as isalpha(see part 7 Linux Magazine Issue 20 p62)


PROGRAMMINGC tutorial

Group Operator Description AssociativityReference ( ) Function call, bracketed expression Left to right

[ ] Array element. Structure member-> Indirect structure member

Unary + Unary plus (as in +5) Right to left- Unary minus (as in -5)++ Increment (pre & post)– Decrement (pre & post)~ One’s compliment (bitwise NOT)(type) Type cast! Logical NOTsizeof Size (in bytes) of variable or structure* Indirect reference (as in *ptr)& Address of variable

Arithmetic * Multiplication Left to right/ Division% Modulus (remainder)

+ Addition- Subtraction

Bit shift << Bit shift to left Left to right> Bit shift to right

Comparisons < Less than Left to right<= Less than, or equal> Greater than>= Greater than, or equal

== Equal to!= Not equal to

Bitwise operators & Bitwise AND Left to right

| Bitwise OR

^ Bitwise XOR (exclusive OR)

Logical constructs && Logical AND Left to right

|| Logical ORConditional ? : The ternary operator, or Right to left

conditional expressionAssignment = *= /= %= += -= Various assignments where e1 op= e2; Right to left

<<= >= &= |= ̂ = is equivalent to: e1 = (e1) op (e2);Comma , Multiple evaluation Left to right

TABLE 1

{if (pTable->iSize == MAX_SIZE)return 1; /* a 'true' value */}return 0; /* 'false' */

}

This routine is not uncommon, and aclassic example where lazy evaluationwould help. If we needed to check thepTable pointer and the iSize value, so wecould write:

int IsTableFull(struct sTABLE U

*pTable){if (pTable && pTable->iSize U

== MAX_SIZE)return 1; /* a 'true' value */elsereturn 0; /* 'false' */

}

C will never try to look at pTable->iSizeif pTable is NULL since it will havealready terminated its evaluation, and sois safe.

Similarly, we can work the same magicwith OR.

if (a || b || c || d)

Here, the moment an expression is true(be 'a', 'b', 'c' or 'd') the whole thingmust be true, using a similar process oflogic as above. Again, C works throughthem from left to right, as with AND.

The two cases of AND and OR are theonly times when you can guarantee theorder in which the expressions will beevaluated. With the cases we saw earlier,of addition and multiplication, it is up tothe compiler to choose the order. Buthere, because it must obey the rules oflazy evaluation, the order will always beleft to right.

Leader of the PackUp until now we haven’t tried mixingtypes to any degree. There are a couple ofreasons for that. First, with the exampleswe have been doing, it is not necessary.Secondly, it is preferably (from a generalcoding standpoint) to deal solely with thesame type in any particular expressionand convert (if necessary) once the taskhas been completed . This helps improvespeed and readability. Like precedence,there is a set of rules in the language that

help produce more optimal code. Theserules automatically change types withinyour code so calculations can be donemore efficiently. You should be aware ofthese to greater your understanding of C.Collectively they are known as the rulesof promotion.

In an expression such as a+b+c, thecompiler will promote each variable to atype suitable for evaluation. It does notchange the variable itself, just the way inwhich it is handled when computinga+b+c. Changed, but to which type?

Well, any chars and shorts are instantlypromoted to an int for the purpose ofcalculation since int is defined to be thenatural type for the target processor.Which, as we’ve seen, is 32 bits on anx86 machine.

Even amongst integers, however, thereis a pecking order! An unsigned integer inthe expression will cause any of its signedcounterparts to get upgraded to unsignedstatus for the length of the equation. Thiscan cause problems since an expressionof 'iFragCount < iBestFragCount' cannever be true if iFragCount is unsignedand iBestFragCount is zero, especiallysince the compiler will not warn youwhen this happens. This can cause agreat deal of grief since the bugs happenso rarely; but this it is one of the bestarguments for maintaining the typeconsistency throughout the program, andespecially within expressions.

Moving on, the type long can hold agreater range of numbers than int, so anylong numbers in will promote everythingelse to long. Don’t worry – nearly there!

Despite all these conversions however,they will still get prompted to float shouldthere be any floating-point numberspresent. Likewise, any double precisionfloating point numbers (doubles) willpromote their friends to doubles also.Everything promotes upwards to the'largest' type. To use a colloquialism –they are largin’ it!

This promotion only works on the righthand side of the equals sign, I’m afraid.

x = a + b + c;

Here, a+b+c may all get promoted tofloats or doubles while working out theanswer, but if x is only a short, thatanswer will be truncated (in the samemanner as casting) when it gets assigned.This should be obvious since the user has


return a truth concept (i.e. non-zero), butnot necessarily 1. For this reason, a truthcomparison should always be consideredimplicitly.

if (isalpha(cInput)) U

/* this works */printf("%c is an alphabetic U

character.\n", cInput);

An explicit test should not be used.

if (isalpha(cInput) == 1) U

/* this won't */printf("%c is an alphabetic U

character.\n", cInput);

Now we can handle the truth, let’s seeanother way to use it.

Lazing on a Sunday AfternoonLike precedence, lazy evaluators are oneof the language features that require anunderstanding of the spirit of the law, andnot just the letter. Lazy evaluators how-ever, feature in languages other than justC, but (in the spirit of the column!) I shallconcentrate on its use within C.

A lazy evaluator, as the name suggests,will do as little work as necessary to getthe job done! So, if an expression like:

if (a && b && c && d)

presents itself, we know through simplelogic, that should 'a' be false the entireexpression must also be false. As C alsoknows this, it will evaluate 'a', realise it'sfutile to consider looking at 'b', 'c' or 'd',and stop, leaving them unevaluated. Ifthe expressions were functions, theywould be uncalled, and incrementswould not happen.

If 'a' is true, however, the evaluator willcontinue to check the other expressions,exiting at either the first falsehood itfinds, or when it gets to the end of theexpression and can proudly announcethat the whole expression is true!

Code like this can often save space byreducing the number of nested checks.For example:

int IsTableFull(struct sTABLE U

*pTable){if (pTable) /* make sure the U

table exists, and protect U

against NULL pointers */

C tutorialPROGRAMMING

specified the type of x, and the compilercan not arbitrarily change it because theanswer doesn’t fit it! This rarely causesproblems under Linux however; but itcan on (older Unix) systems where aninteger is 16 bits with expressions such asthe following.

long x; /* this is usually U

32 bits */int a; /* on old Unix systems, U

this might be 16 bits */

a = b = 1000;x = a * b;

Here, although 1000*1000 is 1,000,000and the long has enough bits to hold it –the integer types that are performing thissum can not. So we would need to manu-ally promote one of the integers to a long,that way the normal rules take over –promote the other variable to a long –and perform the calculation using 32 bits,so giving it enough precision to get thecorrect answer.

x = (long)a * b;

Highway 61 RevisitedIf you have been reading any source coderecently you may have ‘discovered’ somenew data types. Namely,

long intshort int

I’m sorry to disappoint you, but these areactually quite ordinary! A long int is themore formal name for a long, whilst shortint is the same as short. This stems fromthe time when a variable did not need tobe given an explicit type, and woulddefault to an integer. As a consequence,typing long was the same as long int,since the int part was already implied.

Although I personally do not use it, thereis nothing wrong in doing so.

/* An example of old code U

declaring an integer */iAnImplicitIntegerVariable;U/* notice the lack of type */

Oh, and if you’re thinking of trying this –it will still work as a global variable (witha warning), but not as a local variable.Either way, it’s old and archaic. And likemost old things – it smells! So leave italone!

Boom Shak A LakASCII is a very good method of storingdata from your program. Whether youuse XML or a flat text file, having yourdata open enough to be interpreted byother programs is an obvious plus thatLinux has thrived on for many years. It isunlikely, therefore, that you will want tocreate binary files for your data. However,in some instances, most notably graphics,binary data is unavoidable. As is theportability problem of endian-ness. Takea four-byte integer, such as:

int iValue = 0x12345678;/* hex numbers makes this U

easier to follow since it U

splits nicely into 4 bytes */

This will be stored in four consecutivebytes in memory – but those bytes couldbe 12,34,56,78 or 78,56,34,12. The x86architecture uses the latter, and is calledlittle endian. You can always verify thisfor yourself with the following code:

char *p = (char *)&iValue;/* use character pointers to U

read bytes */printf("%x %x %x %x\n", *p, U

*(p+1), *(p+2), *(p+3));

Looking back to our graphics example, ifthe width of the image has also beenstored in little endian form, we have noproblem. However, if it was stored in bigendian, we could read in our number(0x12345678 is a bit wide for an image,but bear with me!) and find the size wasactually 0x78563412. Certainly this is notwas is intended!

In the real world this situation would beknown to us ahead of time (when we arereviewing the file format specification, forexample) but our target machine wouldnot. We would then have to check theendian-ness of the machine, and swap thebyte order if it failed to match. Two usefulfunctions in this case would be:

int IsLittleEndian(void){int iValue = 1; /* Simplified U

version of our test above */

if (*(char *)&iValue == 1)return 1;elsereturn 0;

}

int SwapInt(int iOriginal){int iNew;

iNew = (iOriginal<<24) U

& 0xff000000;iNew |= (iOriginal>8) U

& 0x00ff0000;iNew |= (iOriginal<<8) U

& 0x0000ff00;iNew |= (iOriginal>24) U

& 0x000000ff;return iNew;}

Because of Intel’s dominance a lot ofbinary formats are based in little-endian,so those running on x86 will have fewerproblems than those on, say, PowerPC orMac architectures. So including endianspecific comments and code is advisable,but difficult to test without having anappropriate machine. To gain experiencein byte swapping on an Intel platform iseasy, since the MIDI file format (amongstothers) uses big endian numbers. Thiswill demonstrate how much (or little,depending on your view) work isrequired. The work itself however is left,as an exercise for reader! ■


PROGRAMMINGC tutorial

The three phrases that should strike fear in the heart of any programmer are 'implementationdefined', 'unspecified' and 'undefined'.When a programming manual, library readme, or code saysthat the output is 'undefined for this case' it has a very specific meaning. All three mean your pro-gram will not (always) work as expected if you ignore their advice, but for different reasons.Implementation defined means it is up the compiler vendor to pick a method, document it, andstick by it - at least within the current version.They are, however, free to change the behaviourbetween releases.Unspecified means the compiler writers know what will happen, but haven’t documented it.Undefined means that anything can happen. And it means anything.The results need not adhereto logic, the expression in question, or even the day of the week!Suffice to say, you should never write code that relies on, expects, or follows any of these criteria.

Heaven Knows I’m Miserable Now

The Answer GirlLINUX USER

Is caps lock getting on your nerves? Still looking for a good way to put your Windows keys back to work? Along with other

definitive questions… BY PATRICIA JUNG

The Answer Girl

Keyboard Wizardry

In the world of everyday computing, evenunder Linux, there are often surprises:Timeand again things do not work, or at least notas they’re supposed to.The Answer Girlshows how to deal elegantly with such littleproblems.

The Answer Girl

An unused Windows key might beregarded as a slight blemish, but the capslock key is a downright nuisance that willno doubt cause you to inadvertentlySHOUT at your innocent computer fromtime to time.

So why not put the loudmouth towork? You might consider converting thekey to a second left shift key, as CapsLock is often hit by mistake instead of leftshift. Some users simply shift the capslock functions from the Caps Lock key tothe left control key. And you can alsoconsider an individual option – but let’sfirst look at how you can accomplish that.

Unfortunately we are not looking at asingle solution because the two userinterfaces common to Linux, i.e. the char-acter-based console and the X Window

GUI have separate methods of definingkeys. If you have previously beenrequired to install a Linux distributionwith foreign keyboard mappings or hadto add non-standard characters, you willno doubt already have guessed that thistask involves tinkering with two differentsets of control levers.

Keyboard Assignments without XMost systems load a keyboard definitionfile shortly after booting. So, if we canfind the corresponding command, thatshould provide us with an answer to thisproblem. There are at least three differentways to do this: • Feed your favourite search engine with

keywords such as keyboard, Linux,

Anew job, a new computer or just akeyboard that bites the dust afteryears of faithful service – this is a

situation that everyone has to face sometime – getting on top of a keyboard thatwill surely be supplied with Windowskeys nowadays. Even if you swap theWindows keys, that will not affect thefunctionality, or lack of it, depending onyour distribution.


assignment and keytable. • Search the boot scripts in the init.d

directory (normally /etc/rc.d/init.d or/etc/init.d) for a command that shouldinclude the word key.

• Search your whatis database for thecorresponding command.

The first option is a question of personalpreference. Whether the second optionwill be successful or not depends on yourcurrent distribution. Take SuSE 7.2 forexample, with its penchant for scripts socomplex that normal users have no ideawhat to look for. You might try the follow-ing command:

trish@linux:~ > grep keys /etc/U

init.d/*[...]

/etc/init.d/kbd: rc_status && U

retmsg="`loadkeys $KEYMAP 2>&1`"[...]

and quickly conclude that the/etc/init.d/kbd file (that is “keyboard”) isresponsible for loading the keytable. Butif you just happen to look at this scriptwithout really knowing what you arelooking for, you will probably feel slightlylost. Depending on which you use,Debian (/etc/init.d/keymap.sh), Red Hat(/etc/init.d/keytable) or Caldera Open-Linux (/etc/rc.d/init.d/keytable), thesearch results should be far more clearand indicate that the command loadkeysis what you are looking for.

You can then search the whatis data-base using the apropos command or typethe following:

trish@linux:~ > man -k keysloadkeys (1) - load keyU

board translation tables

and view the corresponding man page toconfirm your suspicions. We find that thisis the console command for changing thekeyboard assignments, which are storedin the so-called map files under/usr/lib/kbd/keymaps (SuSE 7.2, RedHat), /usr/share/keymaps (Debian) or/usr/share/kbd/keymaps (Caldera, SuSE8.0). But don’t expect to find the mapfiles in this subdirectory – instead theyare nicely organized by the computerarchitecture (i386, sun, mac etc.) andkeyboard layout (qwerty, azerty etc.).

The map files which are stored in thesesubdirectories (i386/qwerty/uk.map.gz)are gzipped text files that can be viewedwith the zless command (Listing 1 showsan excerpt).

As you would expect, the # character atthe start of a line indicates a commentthat has no effect on the functionality.The line reading include "qwerty-layout"is interesting – instead of defining allfrom scratch, you can include pre-definedkeymaps. Individual key assignmentsinclude a so-called keycode on the left ofthe equals sign, and up to four functionvalues on the right: for the key itself or incombination with the Shift, AltGr andCtrl keys.

How to Stop Your ConsoleShoutingAs we already know the keycode forcaps lock (keycode 58) and so canquickly redefine its function. To do so,we create a file called personal.map, andadd an entry to assign the Shift functionto the key with the keycode 58, leaving


Shouting: Whether in email or IRC dialog,most people intuitively view text passages in CAPITALS as the visual counterpart ofshouting.Keyboard Layout: This refers to the way thekeys are organized on the keyboard. If youlook at an English, Scandinavian, Polish, …keyboard, you see that the top row of lettersbegins with the keys [Q], [W], [E], [R], [T], and[Y] (this layout is thus referred to as “qwerty”).French keyboards have have the [A], [Z], [E],[R], [T], and [Y] keys (“azerty”) in the top rowinstead.

GLOSSARY

# uk.map[...]include "qwerty-layout"[...] # Normal Shift AltGr Ctrlkeycode 1 = Escape Escape[...]keycode 54 = Shiftkeycode 56 = Altkeycode 57 = spacekeycode 58 = Caps_Lockkeycode 86 = backslash bar bar U

Control_backslashkeycode 97 = Control

Listing 1: Excerptfrom uk.map

trish@linux:~ > showkeykb mode was XLATE

press any key (program terminates10s after last keypress)...keycode 28 release[Right_Win_Key]keycode 125 presskeycode 125 release[Left_Win_Key]keycode 126 presskeycode 126 release[Menu Key]keycode 127 presskeycode 127 release

Listing 2: Keycodes forWindows Keys

the other assignments as defined inuk.map:

include "/usr/share/kbd/keymapsU

/i386/qwerty/uk.map.gz"keycode 58 = Shift

(You may need to change the path touk.map.gz on your machine.) We cannow test the new keyboard assignmenton the console by typing:

trish@linux:~ > loadkeys U

personal.mapLoading personal.map

As you can see, the keyboard mappingseems to be working perfectly: Capslock now performs exactly like the Shiftkey.

Making Use of those Windows KeysBefore we can use the Windows keys onthe console, we need to find out theirkeycodes. Luckily, the loadkeys man pagecontains an example of the correspondingcommand showkey in the LOAD KERNELKEYMAP section. If you now type...

trish@linux:~ > showkeykb mode was RAW[ if you are trying this under U

X, it might not worksince the X server is also U

reading /dev/console ]

KDSKBMODE: This operation is U

not permitted

LINUX USERThe Answer Girl


case: To translate the algorithm “If the con-tent of variable 1 is 'start' or 'reload', do this,and if the variable contains 'stop' do that”tovalid Bash syntax, you need the following:case $1 in

start|reload) this;;stop) that;;

esacStandard Runlevel: The runlevel that a Linuxmachine boots to by default is defined by thenumber in the “id:5:initdefault:”line in/etc/inittab. Runlevel 5, shown in our example,is an operating mode that allows multipleusers to work simultaneously (multiuserlevel), where an X Server is automaticallylaunched and networking is permitted.Themachine will shutdown in runlevel 0, andreboot in runlevel 6. Runlevel 1, the single usermode, is reserved for system maintenance –where only basic services are launched andonly the user root can perform necessarymaintenance tasks. Any other runlevels differfrom distribution to distribution and may beindividually defined.Link: Another name for an existing file.Symbolic links can be created using the ln -sfile secondname syntax.

GLOSSARY

interface (although this option does notmake much sense for people that use theGUI login as X is already running in thiscase). The right Windows key could thendisplay the date and time and it might beappropriate for the Menu key to displaythe last 20 commands. You could thenchoose a command number, add anexclamation mark (possibly edit) andthen launch the command.

These are simple tasks that can belaunched from a prompt using the startx,date and history 20 commands. The realquestion is, how can you map all thesecommands to the appropriate keys? Againthe loadkeys man page is a big help. Thesection following LOAD KERNEL STRINGTABLE details how to assign symbols for

the non-existant function keys F100, F101,and F102 to the corresponding keycodes:

keycode 127 = F102

You can now assign a string for this key,for example:

string F102 = "history 20"

After loading the modified keymap, youcan simply hit the Menu key to write thestring history 20 in the command line.Just press Enter to confirm, and launchthe command. We would prefer not tohave to hit the Enter key; in other words,when we hit the Menu key, we want toactually launch the command history 20.

The character that the Enter key writesis an end of line. We could solve thisissue by including the character in ourstring. Thinking about outputting textstrings to the command line brings theecho command to mind, and we can use\n (“newline”) to enter a new line:

trish@linux:~ > echo -eU"foo\nbar"foobar

... the command will not run inside an Xterminal: This shows that the keyboardassignments for X are independent of theconsole. If you try the same command onthe console, however (Listing 2), then thekeycode for the return key (28) will bedisplayed before we can press any otherkeys. showkey not only shows us the keyswe press, but also the keys we release.After compiling the required codes, youneed to be patient: Pressing Ctrl-C or Ctrl-D will not quit the program, you just haveto wait for 10 seconds.

Now it is simply a matter of giving thekeys with keycodes 125–127 somethinguseful to do. And why not have the leftWindows key do something similar to itsoriginal job, i.e. launch the graphic user



Figure 1: Assigning keyboard shortcuts in KDE 2.1.2

Figure 2: Assigning actions to keyboard shortcuts in KDE 3.0

The plan seems to work fine! string F102= "history 20\n" in the keymap (whichyou will need to reload after editing usingloadkeys) means that:

trish@linux:~ > [Menu]926 history 20

[...]942 echo -e "foo\nbar"943 vi personal.map944 loadkeys personal.map

trish@linux:~ > !943

really does launch vi with thepersonal.map file.

Reassigning Keys on BootingSince keyboard mappings assigned vialoadkeys are retained after logging out,you will want to define a single keymapfor all users of a system. It also makessense to load a modified version of atried and tested map that suits your individual needs (use the examples inListing 3 for reference) when you bootyour machine. To this end root zips thethe individual personal.map using gzipand stores it in the systems keymapdirectory.

However, if you are using SuSE (up toand including 7.3) and modify theKEYTABLE entry in /etc/rc.config, thenthe distributor has a surprise for you.After performing standard mapping, SuSEloads a few additional key assignmentsincluding some for the Windows keys (asyou can ascertain by typing dumpkeys |less ).

As the SuSE init script, /etc/init.d/kbd,is the only script that performs keyboardassignments, we recommend entering theloadkeys personal.map.gz command here.Although this file is somewhat cryptic, it




# Our Code Map is based on include "/usr/lib/kbd/keymaps/i386/qwerty/uk.map"# (this path refers to SuSE 7.2 and may need editing)

# ReassignCapsLock to Shift keycode 58 = Shift# Right Windows key launches X# (path for startx may need editing!)keycode 125 = F100string F100 = "/usr/X11R6/bin/startx\n"# Left Windows key outputs the date and timekeycode 126 = F101string F101 = "date\n"# Context Menu Key outputs the last 20 commands# Shift or CapsLock and Menu Key outputs the current directory # content. Type q to quit.keycode 127 = F102 F103string F102 = "history 20\n"string F103 = "ls -Al | less \n"

Listing 3: personal.map

Figure 3: Hotkeys for Actions in KDE 3 are definedhere

Figure 4: To modify an existing scheme, simplykeep the original name

Using xmodmap to approach the goal of a “generic”keyboard layout for X will certainly not appealto everyone. If you are lucky, you may find a program called xkeycaps pre-installed on your machinethat helps add some GUI to the grind. If not, you can download it from [1] or from the CD whichaccompanies the subscription magazine, use tar -xzvf xkeycaps-2.46.tar.Z to unzip it and then cdxkeycaps-2.46 to change to the directory containing the sources.

Since the archive offers neither a configure script, nor a makefile, but simply an Imakefile, you willfind the README file quite useful.You can use xmkmf to create a makefile from the latter, which youcan then compile using make.The make option -n (which incidentally has the same meaning inxmodmap) does not mean what it says, so we do not need to use root privileges to check whatwould happen if we installed the tool:

pjung@chekov:~/software/xkeycaps-2.46$ make -n installif [ -d /usr/X11R6/bin ]; then set +x; \else (set -x; mkdir -p /usr/X11R6/bin); fiinstall -c -s xkeycaps /usr/X11R6/bin/xkeycapsecho "install in . done"

If we really want to copy the new xkeycaps binary to the /usr/X11R6/bin directory (we can create, ifneeded), root must issue the install command make install (and to additionally install the man pagemake install.man).

Launching the program xkeycaps & in an X session displays a virtual keyboard (Figure 7) that can bemore closely specified using the “Select Keyboard”option.The miniature keyboard image in the Key-boards column is provided for comparison.The standard US keyboard is best described by the entry105 key, wide delete, tall Enter, and the appropriate layout is defined in the Layouts: column asXFree86; US.You are then required to confirm your selection by clicking on ok, and the miniaturekeyboard is then modified to match.

If you now right click on a key image, you can select Edit KeySyms of Key and then define therequired mapping interactively. It is useful to know that the middle key on your mouse can be usedfor speed scrolling in the dialog box shown in Figure 8. An entry for KeySym 1 maps a single key;KeySym 2 assumes that the Shift key is pressed simultaneously, and KeySym 3 refers to the [AltGr]key.When selecting options you should be aware that you can only output the characters, if thecorresponding character sets are available: Characters from Character Set Latin 1 are safe enough,but Cyrillic or Arabic characters may lead to weird substitutions.

When you have finished your configuration tasks, click on Write Output (Figure 7 upper left) to writethe complete layout or on (Changed Keys) to write just the reassigned key mappings to a file called~/.xmodmap-machinename that you can call via xmodmap in your X initialization file.

Box 1: .Xmodmap by GUI


specific actions to keyboard shortcuts viaLookNFeel / Key Bindings (KDE 2.1.2, seeFigure 1) or Look & Feel / Shortcuts (KDE3.0, see Figure 2).

It makes sense to use one of the pre-defined schemes, preferably the one thatmost closely complies with your way ofworking. You then mark the action thatyou want to assign to a hotkey (or thekeyboard shortcut). Then select Custom(KDE 3.0) or Custom_Key (KDE 2.1.2) inthe lower frame of the dialog box Choosea Key for the Shortcut Action.

KDE 2 does impose a few limits onyour creativity. If you are not satisfiedwith a single key (click on the stylizedkey button in Figure 1 and press thedesired key on your keyboard), you canonly use combinations with the Alt, Ctrland/or Shift keys.

Users who tend to hit the Menu key bymistake will not want to assign the actionDropdown Menu to the Menu key, asshown in Figure 1, but can continue tostrain their fingers by typing Shift-Ctrl-Alt-Menu to open the K Menu.

Now click on Save scheme... to assign aname to the new configuration and avoidmodifying one of the existing schemes bymistake. Now, click on the Apply buttonto make your new keyboard mappingsavailable for use.

KDE 3 is somewhat more flexible. Ifyou click on one of the stylized keys inthe dialog box shown in Figure 2, aslightly cryptic dialog box appears (Figure3). If you intend to assign a single key forthe selected action, then remove thecheckmark in Multi Key, and you willonly be allowed to press a single key onyour keyboard (such as the Menu key forexample) to perform an action such asDropdown Menu).

If you are defining a combination ofkeys, you must first select Multi Key andthen secondly put some thought into thekeys you intend to press in order to avoidfinger strain. You can use the Alternate

option to define a second hotkey forthe same action.

If you change the keyboard short-cuts for a pre-defined scheme, youwill notice that KDE 3 immediatelyactivates and selects the New Schemeoption. To assign a name to the newscheme, simply click on Save (Figure2). However, you still have to take theroundabout route via New Schemeand the Save button, even if you want

does adhere to the syntax of a start stopscript, where a case construct defines theaction to perform when the script iscalled using the start stop argument, orsomething similar. In our case, we canjust ignore the mess and insert our load-keys line before the ;;, that marks the endof the start branch.

Other distributions, like Red Hat, areeasier on the system administrator andoffer a script named /etc/rc.d/rc.localthat is called right at the end of the bootprocedure after loading all other systemsettings. The end of this file is the idealplace to load an individual keymap.

And of course you can save an initscript of your own with the followingcontent:


Listing 4: Keyboard Mappings in XF86Config

# Definition for a PC-Keyboard with 104 keys and British# layout.

# XFree 3 # XFree 4Section "Keyboard" Section "InputDevice"

Driver "keyboard"Identifier "Keyboard[0]"

Protocol "Standard" Option "Protocol" "Standard"XkbRules "xfree86" Option "XkbKeyCodes" "xfree86"XkbModel "pc104" Option "XkbModel" "pc104"XkbLayout "gb" Option "XkbLayout" "gb"XkbVariant "nodeadkeys" Option "XkbVariant" "nodeadkeys"

EndSection EndSection

#!/bin/shloadkeys personal

(the suffix map.gz is normally optionaland some distributions require you toomit it)in the appropriate init.d directory,find the appropriate standard runlevel in/etc/inittab and create a Link for it in theappropriate rc?.d directory (i.e. rc2.d forrunlevel 2). The name of the link muststart with an S (for “start”) and a fairlyhigh number. Thus, a link calledS100keymap that points to the init scriptwill be called after any links starting withS01 through S99.

Keyboard Mappings for KDENo matter what settings you choose for

the console, they willnot affect they waythe keyboard reacts inan X window session.If you are simplyinterested in the threeWindows keys, thefirst place to lookwould be the KDEControl Centre thatallows you plenty ofleeway to assign your

Figure 5: KDE 3 intergrates the xmodmap output into the standard KDEcontrol panel

Figure 6: Move the Cursor intothe Black Square and hit a Key

to modify an existing scheme. In this caseyou keep the original name in the SaveKey Scheme dialog box (Figure 4), insteadof supplying a new name, as you woulddo to create a new scheme. Back in theControl Center, simply click the Applybutton to apply the new or re-definedscheme to KDE 3.

No Caps Lock in XBut all of these modification options willnot help you at all, if you use GNOME,XFce or a Standalone Window Manager,as these settings do not apply outside of

KDE. Additionally, you cannot re-definethe Caps Lock key using the methods wediscussed previously.

The solution to this problem is tochange the foundation, i.e. the X Windowsystem. The basic configuration fileXF86Config (normally to be found in the/etc or /etc/X11 directories and sometimescontaining a 4 suffix in XFree 4) is theplace to look for the basic settings, suchas the keyboard type and the mappings.The syntax for the entries in these filesdiffers between versions 3 and 4 ofXFree86 (Listing 4).

But like so many other global systemsettings, the keyboard mappings set forall X users are by no means a holy cow.You can use:

trish@linux:~ > apropos key | U

grep -w X

xmodmap (1x) - utility for U

modifying keymaps and pointer U

button mappings in Xsetxkbmap (1x) - set the U

keyboard using the X Keyboard U

ExtensionCentnerCentner (1x) - U

graphically display and edit U

the X keyboard mapping

to discover an extremely interestingentry: xmodmap is used in the defining ofindividual keyboard layouts. (Refer toBox 1 for details on xkeycaps). Typingxmodmap in the command line showsyou the keys used as modifiers. You cansee the output from xmodmap in theShortcuts Modifier Keys tab under the X-Modifier Mapping in the KDE 3 ControlCenter (Figure 5). To (shift) between thetwo basic settings (i.e. between capitalsand non-capitals in the case of letters),you can use the left (Shift_L) and right(Shift_R) Shift keys. The Caps lock keylocks the keyboard in the Shift position(lock) and so on.

To counteract this effect we must nowremove Caps_Lock from the list of lockmodifiers. After referring to the xmodmapman page, we try the following syntax:

xmodmap -e "remove lock = U

Caps_Lock"

And as you will see, Caps_Lock is nowmissing in the output from xmodmap:

xmodmap: up to 3 keys per U

modifier, (keycodes in U

parentheses):shift Shift_L (0x32), U

Shift_R (0x3e)lock[...]




Figure 7: Using xkeycaps to create .Xmodmaps

Figure 8: You should restrict your keyboard mappings to displayable characters only

grep -w: This command searches the datastream piped (|) to it, or a file supplied as anargument, for the search key (In our exampleX), provided it occurs as a single word.

GLOSSARY

following the equals sign appears to bethe name of the brace, bracket or paren-theses (“brace” – curved brackets,“bracket” – square brackets). This beingthe case, the following syntax:

xmodmap -e "keycode 115 = U

braceleft bracketleft" xmodmap -e "keycode 116 = U

braceright bracketright"

should help us achieve our goal.

Saving the ChangesOf course you could place all of thesexmodmap commands in your personal Xstartup file ~/.xinitrc and/or~/.xsession. But the syntax shown on thexmodmap man page…

xmodmap [-options ...] U

[filename]

... suggests that you might like to placeyour keyboard assignments in a single file

(Listing 6). The man page suggests~/.xmodmaprc and distributions such asSuSE take care of parsing .Xmodmap inyour home directory while starting X viaxmodmap. If you look at the man page,you may note that comments are not indi-cated by a hash sign #, but by an !.

You can now use an xmodmap~/.Xmodmap entry in ~/xinitrc (if thisis not the default setting for your Linuxdistribution) to take care of loading theappropriate key maps on starting X withstartx. If you use a GUI login, you willneed to place this command in the~/.xsession.

As a KDE user you will notice that theWindows keys are no longer available forKDE. They have been re-defined to out-put braces and so it is not a good idea touse them as hotkeys. ■

If we now add Caps_Lock to the shift list,using xmodmap -e "add shift =Caps_Lock", a quick test shows that wehave now tamed the beast, which actsjust like a Shift key in any applicationrunning on the current X Server. A call toxmodmap thus shows:

shift Shift_L (0x32), Shift_R U

(0x3e), Caps_Lock (0x42)

A New Home for Braces andBracketsRedefining the Windows keys means thesetting our sights a little lower than wehave previously seen in KDE. Openingmenus, changing virtual desktops and thelike belong to the Window Managersrealm. We can tell the X Server to outputbraces with the Windows keys on ourkeyboards in combination with the AltGrkey, whereas with Shift-Windows we canproduce left and right brackets.

To do this, we first need the keycodesfor the Windows keys. This is done usingthe simple xev program (Figure 6)referred to by the xmodmap man page,provided you are not confused by the factthat the program runs on an X Terminalnot only shows keypresses but mouseevents. Listing 5 shows sample output forpressing (KeyPress event) and releasing(KeyRelease event) the left Windows key(keycode 115) and the equivalent key onthe right (keycode 116), if the mousefocus does not move outside of the blacksquare in the xev window.

Now we only need the symbols for thebraces and parentheses. Since these arealready assigned to [AltGr-7] ({), [AltGr-8] ([), [AltGr-9] (]) and [AltGr-0] (}), itshould be no problem to query xmodmapfor them. xmodmap -pke | less (-pkestands for “print keymap expression”)should do the trick:

keycode 16 = 7 ampersand U

braceleft seveneighthskeycode 17 = 8 asterisk U

bracketleft trademarkkeycode 18 = 9 parenleft U

bracketright plusminuskeycode 19 = 0 parenright U

braceright degree

That looks a lot like the map file for theconsole and shows you how to assign anX task to a keycode. The third entry that



! Do not lock on pressing Caps_Lock remove lock = Caps_Lock! ... use Caps_Lock as an additional Shift key insteadadd shift = Caps_Lock! left Windows key = {, plus [Shift] = [keycode 115 = braceleft bracketleft! right Windows key = }, plus [Shift] = ]keycode 116 = braceright bracketright

Listing 6: Personal ~/.Xmodmap

[1] xkeycaps: http://www.jwz.org/xkeycaps/

INFO

KeyPress event, serial 28, synthetic NO, window 0xe00001,root 0x2c, subw 0xe00002, time 1060529679, (30,37), root:(34,57),state 0x0, keycode 115 (keysym 0xffe7, Meta_L), same_screen YES,XLookupString gives 0 characters: ""

KeyRelease event, serial 28, synthetic NO, window 0xe00001,root 0x2c, subw 0xe00002, time 1060529913, (30,37), root:(34,57),state 0x40, keycode 115 (keysym 0xffe7, Meta_L), same_screen YES,XLookupString gives 0 characters: ""

KeyPress event, serial 28, synthetic NO, window 0xe00001,root 0x2c, subw 0xe00002, time 1060531499, (30,37), root:(34,57),state 0x0, keycode 116 (keysym 0xff20, Multi_key), same_screen YES,XLookupString gives 0 characters: ""

KeyRelease event, serial 28, synthetic NO, window 0xe00001,root 0x2c, subw 0xe00002, time 1060531733, (30,37), root:(34,57),state 0x0, keycode 116 (keysym 0xff20, Multi_key), same_screen YES,XLookupString gives 0 characters: ""

Listing 5: xev Output of Windows Keys


LINUX USERKtools

may well be the program’s perfect inter-action with the desktop.

You can concentrate on the job in handand simply forget about trivial tasks, suchas how to open files. Simply drag a filefrom the desktop, an FTP site you areaccessing in Konqueror or even from alocal directory currently on view anddrop it into an active Kate window – andyou are up and running. You can then

view the open file and start the work thatyou have in hand.

No need to worry about installing thistext tool as Kate belongs to the basic KDEpackage kdebase. You might also like toinstall the kdeaddons which will give youaccess to the various plugins.

But you need to launch the programbefore you can load a file. You can eitherlaunch Kate via the Start menu (Office /Editors / Kate) or the command line. Thelatter option is particularly useful foropening files directly from the Web. Inthis case you can connect to the Internetand use your favorite terminal emulation(how about Konsole?) to type a line suchas the following:

kate http://linux01.gwdg.de/U

~steufel/index.html &

This should give you access to the indexfile on Stefanie Teufel’s home page, asyou can see in Figure 1. Of course youwill be working with a local copy of theHTML code.

If you need more information on Kate’scomamnd line prowess, you can satisfyyour curiosity by typing kate --help. Thekate --help-kde command is nice featurethat tells you how to set the content of a(--caption) or even customize the icon ofthe program.

A Question of TasteYou can use the Settings / Configure Katemenu to tell Kate all about your personalpreferences, in regard to color schemesfor editing files, indenting and similaractions. Figures 2a and 2b show thedialog boxes for KDE 2 and 3.

The General Options section doesexactly what its name suggests. If youwant to restore the frames and viewsexactly as you left them in the previousediting session (Restore View Configura-tion), and optionally open the last file

Linux Editors are ten a penny.Whether command line or GUIbased, the wide selection ensures

that everyone will find something to suittheir individual needs. Even if you have apersonal favorite, it may be worth yourwhile to take a second look at Kate(“KDE’s Advanced Text Editor”).

One of Kate’s major features (and thisis true of every KDE Kernel application)

Thanks to syntax highlighting and similar tricks, editing with KDE’s “Swiss Army

Knife” Kate can be fun. The editor can even cope with simple programming

tasks. BY STEFANIE TEUFEL & PATRICIA JUNG

KDE Standard Editor Kate

Let’s Edit

In this column we present tools, month bymonth, which have proven to be especiallyuseful when working under KDE, solve aproblem which otherwise is deliberatelyignored, or are just some of the nicer thingsin life, which – once discovered – youwouldn’t want to do without.

KTOOLS


KtoolsLINUX USER

you edited when you relaunchKate – this is where you will findall the options that you need.

If you use KDE 3 you canadditionally decide to edit anyfiles you wish to open in a single(Kate MDI) window or separate(Kate SDI) windows. If you are notsure what all these options mean,you can simply right click on thetext. The drop-down menu thatthen appears shows a single“What’s This?” help item, as youcan see in Figure 2b.

The next major item, Editor, affects theway content is displayed inside the Katewindows, allowing you to set the Colorsand Fonts. However, you can also use thisoption to set your preferences for one ofKate’s highlights – color display forsource code that can be specially adaptedto suit a large number of programminglanguages, such as C/C++, Java,Python, Perl or HTML. And it this SyntaxHighlighting feature that makes Kate afairly useful programming tool.

Highlights Cheaper by theDozenYou can use Highlighting to define howand what Kate highlights. The dialog boxcontains two tabs: Defaults (or Defaultstyles in KDE 3) and Highlight Modes.The first of these options allows you tomodify the appearance of commonelements and select a color scheme andtypeface (bold, italic) for comments,strings and data types in your programcode. Take your time with these settings –careful planning can make your life easier

when programming or designing websites by providing you with a clearoverview of the source code.

The Highlight Modes tab (see Figures3a and b) allows individual settingsdepending on the selected programmingor markup language. But don’t panic –you do not need to individualize all theavailable options. Kate will simply usedefaults for any elements that you havenot individually configured.

Start by selecting the programming ormarkup language in the drop-down menuHighlight at the top of the dialog boxwhose elements you need to redesign.Kate immediately shows the file suffixesand MIME types that will be assumed tobe written in this language. Then useItem Style (Context Style for KDE 3) toselect the element types for the currentlanguage whose aspects you would liketo change.

If you are running KDE 2 you can usethe drop-down menu under Item in theItem Style area (Figure 3a); KDE 3 offers atable whose cell contents can be modifiedby mouse click (Figure 3b).

If all these options are givingyou a headache, it might be usefulto take a look at an example. Tochange the appearance of HTMLcomments in Kate, select HTML inthe drop-down menu Highlighting.For KDE 2 you need to select Com-ments in the Element drop-down(Figure 3a). Now click on the colorbuttons to define a color for dis-playing HTML comments andcheck the typefaces you require.KDE 3 also offers the same set-

tings, but in a more organized fashion(see Figure 3b) allowing selections withinthe drop-down menu for individual lines.

You can also switch highlighting modeson the fly via the Document / HighlightMode menu item. The developers evenwent to the trouble of categorizing themodes by main areas of use such asSources for the classical programminglanguages like C, C++ and Java orMarkup for markup languages like HTMLor XML.

Those Configuration OptionsKeep on ComingLike the Editor / Edit option in the Kateconfiguration dialog box (Figure 4; thecorresponding dialog in KDE 3 has simplydropped one or two confusing options). Inaddition to the standard functions such assetting automatic line wrapping or thestripping of whitespace at the end of lines,Kate also offers a few gimmicks such asthe Smart Home item. If you activate thisfunction, the cursor moves to a positionin front of the first character, instead ofmoving to the beginning of the line.

Figure 1: Out of the Internet into the Editor

Figure 2a: Getting sorted: The Kate Configuration Menu for KDE 2 … Figure 2b: … and KDE 3 is nicely organized

in other windows and thetoolbox), drag them out ofthe Kate window and dropthem on the desktop as aseparate window.

Just as in Konqueroryou can split the applica-tion windows in Kate toform multiple editor sub-windows. Split views (seeFigure 7) are available viathe menu items View /Split Vertical and View /

Split Horizontal; a nice feature if youneed to compare or transfer text betweenmultiple documents.

The green dot in the status bar showsthe window containing the cursor. Toclose a window you simply click on thesquare icon in the tool bar.

If you need access to the command linewhile editing, you will appreciate the factthat you can embed a terminal emulationwindow in the editor.

To do so, you just select Settings /Show Console (or Show TerminalEmulator in KDE 3) in the menu, andKate will immediately display an

integrated console like theone in Figure 8.

Daily BusinessWorking with Kate is notmuch different from workingwith any other editor. Youcan modify, insert and copyto your heart’s desire. If youwant to save the file you areworking on or possibly printit, check out the File menu. Ifyou need to copy, insert orsearch for something, checkout the Edit menu instead(see Figure 9). This menualso allows you to access aspecific point in the currentdocument Goto line... or tobacktrack to a former versionusing Undo.

This is the place to look forthose search functions. Oneof Kate’s special features isthe Find Next option thatallows you to continue tosearch for a search key youentered previously. Also thecorresponding function FindPrevious does the samething, only this time in the

opposite direction.If you stumble across a few typos while

browsing a document, you can use Kate’sintegrated spellchecker to check thosedocuments with purely textual content(Figure 10). The tool you need for this jobis accessed via the Edit / Spelling... menuin KDE 2 and via Tools / Spelling... in theKate version for KDE 3.

It is just as easy to specify the formatwhen saving the current document – theoptions are Macintosh, Unix or DOS-Text.The difference between these three is theend-of-line character, which is either CR,LF or both. Just let Kate know how youwant to handle this point via Document /End of Line.

One of Kate’s useful features is theoption of bookmarking the documents


LINUX USERKtools

Figure 3a: Defining the appearance of commentsin HTML documents with KDE-2

Figure 3b: KDE 3’s configuration dialog is much tidier .Giving a cleaner layout overall

Figure 5: You can choose between files already opened…

Figure 6: … or files at other locations on your machine

CR/LF:“Carriage Return”(originally referredto the carriage on a typewriter) and “LineFeed”are the two ASCII characters that areembedded in a file to indicate the end of aline.They are normally invisible in text editorsapart from the obvious effect of starting anew line.

GLOSSARY

Figure 4: Line Wrapping and Brackets

Points of ViewOne of the major reasons for using Kate isthe number of options for displaying oraccessing files. This immediatelybecomes apparent if you open a file – asmentioned at the outset of this article.The left-hand side of the Kate windowprovides two tabs with other variants(Figure 5): a file list showing the cur-rently opened files and the file selectorthat allows for easy browsing of the filesystem and helps you to locate therequired files (Figure 6).

Incidentally, in KDE 3 you can click onthe thicker border of these cards (just like

various actions and activities. In KDE 2you simply select Settings / ConfigureKey Bindings… and in KDE 3, Settings /Configure Shortcuts. KDE 3 additionally –and confusingly – offers another settingin the configuration menu (Settings /Configure Kate.). The Editor / Keyboarditem can only be used to configure key-board shortcuts for cursor movements inthe current document, whereas Shortcutsrefers to the application itself (openingand closing files, spell checking and soon. If you happen to be too lazy to defineyour own preferences, you can refer toTable 1 for an overview of default key-board mappings.

Plugged inPlugins make Kate aspecial editor. Thedevelopers decidedon this design tomake the editor as

quick as possible and to maintain a smallfootprint on the one hand, and to provideas much functionality as possible for theusers on the other hand. This allows theusers freedom of choice on the amount ofballast that they want to load whenlaunching Kate.

You can select the plugins Kate shouldload for you by accessing Settings / Con-figure Kate / Plugins / Manager (Figure12). If this window is empty, you willneed to load the plugins by installing thekdeaddons package.

To load a plugin (provided it has beeninstalled and is recognized by Kate), yousimply click on the plugin’s name in theAvailable Plugins section, and then onthe right arrow button. The plugin imme-diately appears in the Loaded Pluginsarea on the right.

To remove a plugin simply select itsname and click on the left arrow button.To immediately activate a plugin, simply


you are working on. Bookmarks in thetext allow you to jump quickly to a pre-defined point. First, select View / ShowIcon Border in the menu. You can leftclick on this column to attach a paper clip(Figure 11). Your bookmarks are thenlisted with the line number and a textexcerpt under Bookmarks in the menu,where you can select them directly.

Just likemost KDEprogramsKate allowsyou to assignkeyboardshortcuts for

KtoolsLINUX USER

Figure 7: Different viewpoints in split view mode Figure 8: Kate and Konsole

Figure 9: Some items in theEdit menu for KDE 2 havefound a new home in KDE 3 Figure 10: Now, how do you spell that?

Figure 11: Virtual bookmarks Figure 12: Choosing a plugin

click on the Apply button; you will beable to work with the selected pluginsimmediately.

If a plugin offers some other additionalconfiguration options, as in the case ofInsert Command Plugin, you can selectthese options as a subitem of the Pluginconfiguration item. The subordinate itemfor the plugin, Insert Command allowsyou to set the number of commands thatKate will place in history.

The plugin itself inserts shell output inthe current document. You can launchthe plugin via the Edit menu. Just selectthe Insert Command, to display a dialogwindow like the one in Figure 13, whereyou can enter the desired command andthe directory where you want it to run.Kate will take care of everything else, asyou can see in Figure 14.

If you intend to use Kate for editingHTML documents, you might also beinterested in the Kate HTML Tools. Thisplugin provides the additional HTML Tagfunctionality via your Edit menu. If youselect this item, a window like the one inFigure 15 appears, where you can typethe name of an HTML tag (such as title).Kate will then take care of placing thenecessary parentheses, start (<title>)

and end tags (</title>) at the currentposition in the document. HTML authorswill be pleased that the developers haveassigned the keyboard shortcut [Alt -] tothis function.

KDE 3 users will discover that the XMLplugin has already been integrated, butthis is the only new plugin available inthis version. C and C++ programmerswill find the “Kate OpenHeader” pluginthat adds the item OpenHeader in the filemenu useful. Selecting this item opensthe .cpp or .c file for the header file that iscurrently being edited and vice-versa.

The Kate Project Manager adds a menucalled Project which you can use to main-tain simple programming projects, whilethe Kate text filter filters and thus


LINUX USERKtools

Figure 14: Inserting the output from a configure script in a Kate document

replaces the text selected by reference toa shell commmand entered via the newmenu item (Edit / Text filter..). But takecare using this plugin in KDE 3; when weforgot to select a text passage to filter,Kate crashed when running on SuSE 7.2.

Kate does not have a lot to offer in theway of third-party plugins at present,although a single plugin for Python pro-grammers is available from [1]. The trickis, to keep your eyes open. ■

Figure 15: Creating HTML tags made simple

[1] Third-Party-Plugins for Kate: http://www.kde.org/kate/3rdparty.htmlINFO

Table 1: Default Keyboard Mappings [Ins] Toggles between Insert and Typeover modes. In

Insert mode the editor writes the text entries atthe current cursor position and moves the text rightof the cursor to the right. In Typeover mode the characters right of the cursor are over written by the new text entries.

[Left arrow] Moves the cursor one character to the left.[Right arrow] Moves the cursor one character to the right.[Up arrow] Moves the cursor one character up.[Down arrow] Moves the cursor one character down.[Page up] Moves the cursor one page up[Page down] Moves the cursor one page down.[Backspace] Deletes the character left of the cursor.[Home] Moves the cursor to the start of the line.[End] Moves the cursor to the end of the line.[Del] Deletes the character right of the cursor (or the

selected text).[Shift-Left Arrow] Selects the text one character to the left.[Shift-Right Arrow] Selects the text one character to the right.[F1] Help (not pre-defined in KDE 3).[F7] Show Console.[F6] Show Icon Border.[Ctrl-F] Open Search Dialog box.[F3] Continue Search forwards.[Shift-F3] Search for previous instances of last search string.[Ctrl-C] Copy the selected text to the clipboard.[Ctrl-N] Create a new document.[Ctrl-P] Print current document.[Ctrl-F4] Close current editor window.[Ctrl-R] Search and replace.[Ctrl-G] Goto line…[Ctrl-S] Save current document.[Ctrl-V] Pastet content from clipboard.[Ctrl-X] Cut selected text and copy to clipboard.[Ctrl-Z] Undo last step.[Ctrl-Shift-Z] Redo last step.

Figure 13: The InsertCommand plugin dia-log box in KDE 2

This spreadsheet uses all the specialeffects currently supported, for examplecolors, fonts and various attributes. Typethe following to start your first test

xlhtml Test.xls > Test.html

and view the HTML file Test.html createdby this command in a browser of yourchoice. Figures 1 (Excel for Windows)and 2 (the xlhtml view in Netscape) showa test performed with a simple Excel filewhich includes some cell errors.

But not only GUI web browsers can beused to view the spreadsheet created by


No doubt you have been throughthis scenario time and time again.A friend or someone from the

office sends you a CD list, club statisticsor even a recipe with the message: “Youprobably use Excel, so I’m attaching thefile in .xls format.” Now, as a Linux useryou might not use Excel at all (or not feellike rebooting), and you may not want tolaunch a processor beast like StarOffice –so you have a problem. Other aggravatingsituations may occur when you attemptto access statistics placed on the Web bylocal authorities or government, as theytoo will often rely on “standards” à laRedmond.

Sooner or later, when the pressurestarts to build, you will probably startlooking for a suitable tool – you could tryFreshmeat for example, my personalfavorite site for Open Source software.And that is where you will find xlhtml, atool written by Charles Wyble that looksjust the job for Excel plagued Linux users.The program converts Excel spreadsheetsto HTML, allowing you to view them in astandard web browser.

A Trip to ChicagoXlhtml maintains a homepage athttp://chicago.sourceforge.net/xlhtml/.And that is the place to download thesource archive that you will need toinstall the software. Other pre-requisitesare of course the GNU C Compiler and theusual suspects such as make and theglibc-dev package.

The installation is a matter of a fewsimple steps:

tar xzf xlhtml-0.5.tgzcd xlhtml-0.5./configuremakesu (Input the root password)make install ; exit

Instead of the last line you can also usethe tool discussed in a recent “out of thebox”, checkinstall [1]:

It has been quite a while since we introduced antiword – a filter for Word

documents, in this column. A similarly useful piece of software for Excel

spreadsheets has been sorely missed so far. Enter xlhtml to close that gap.

BY CHRISTIAN PERLE

Out of the box

eXcellent

xlhtmlLINUX USER

There are thousands of tools and utilities forLinux.“Out of the box”takes a pick of thebunch and each month suggests a littleprogram, which we feel is either absolutelyindispensable or unduly ignored.

OUT OF THE BOX

Mali Veith,visipix.com

checkinstall ; exit

You can then use your distribution’spackage manager to remove the program,if required.

After completing these steps, you willdiscover that xlhtml has been placed in/usr/local/bin, a directory that should bemapped in your PATH variable.

Trial RunYou will need an Excel document to testxlhtml. If you happen not to have oneavailable on your hard disk, you can usethe Test.xls file from the xlhtml archive.

xlhtml. Even console based programs ofthe same ilk, such as w3m or links canshow their prowess, when confrontedwith documents of this type (Figure 3).

The cutting table and third-party formatsIf you are only interested in a specific partof the spreadsheet and you know the rowand column references, you can use the-xr (“extract row”) and the -xc (“extractcolumn”) references to pass instructionson to the program. There is also an -xp(“extract page”) option that allows you toselect specific pages in the document. Toextract rows 2 through 5 and columns 0through 2 from the Book1.xls spreadsheet

and view the results directlyon the console, you cantype the following (if youhave installed w3m):

xlhtml -xr:2-5 -xc:0-U

2 Book1.xls | w3m -T U

text/html

This command assumesthat xlhtml will output theHTML page to standardoutput and the w3mbrowser will read directlyfrom standard input. Thepipe character (“|”) is usedto redirect the output to thefollowing command. Youuse the -T option to givew3m details on the datastream format – text/htmlrefers to HTML in this case.

Xlhtml offers additionaloutput format options. The-xml option converts Excelto XML (“ExtensibleMarkup Language”), -csvcreates “Comma SeparatedValues”, and the -ascoption, creates pure ASCIItext. The last two formatsare only available with the-x options. If you want thecontent of the spreadsheetcalled cdlist.xls in a text-only format, you type:

xlhtml -asc -xp:99 cdlist.xls

Since we want to read all the document,the value for the -xp argument must belarger than the actual number of pages.

Midnight Commander can doJust like the Word filter antiword [2], wecan use xlhtml as a filter for the built infile manager, Midnight Commander (mc).To do so, you simply add the followingtwo lines to the ~/.mc/bindings file:

shell/.xlsView=%view{ascii} xlhtml %f U

| w3m -T text/html -dump

To view Excel spreadsheets in mc, yousimply select the file and press the [F3]key.

Powerpointxlhtml’s author is a very hard-workingguy: The source archive for xlhtml notonly contains the Excel converter, butalso a program called ppthtml. This canconvert Powerpoint files to HTML. To callthe program, you can use the followingsyntax:

ppthtml powerpoint_file.ppt > U

html_file.html

But don’t expect too much – the currentversion merely extracts the text. ■


LINUX USERxlhtml

Figure 1: The spreadsheet viewed on a hostile operating system

Figure 2: The converted spreadsheet in Netscape

Figure 3: Spreadsheet view in w3m on a characterbased console

[1] CheckInstall:“Say Hello Wave Goodbye”, Linux Magazine Issue 22, p78

[2] Antiword:“Against It!”, Linux Magazine Issue 15, p82

INFO

Freshmeat: A major resource for current pro-jects in the Open Source area, is athttp://freshmeat.net/ on the Web.HTML:“HyperText Markup Language”, themarkup language originally developed byCERN for World Wide Web pages. So-calledTagsmark specific text passages as titles, lists,tables and so on.make: A program for organizing source codecompilation.The makeconfiguration file(Makefile) can contain information on depen-dencies for the individual program modules.PATH: This variable consists of a list of directo-ries separated by colons.The shell will searchthese directories for any commands typedwithout a path.Thus, top will be located in/usr/bin/top.Standard input, standard output: A largenumber of command line programs allowyou to leave out the name of the input file. Inthis case the program reads from standardinput, which is normally the keyboard. If youleave out the name of the standard outputfile, many programs will default to standardoutput, that is, display the output on your ter-minal. Output can be redirected into a fileusing the >character or to another commandusing the | character.

GLOSSARY

Windows, it does not use file suffixes toidentify file types but MIME types, whichare more common on the Internet and inLinux territory. The applications them-selves are responsible for discovering theMIME types of the files. To do so, theyeither use their own test procedures orrely on the file command. This has theadvantage that files are still recognizedafter renaming them.

Of course it still makes sense to keepthe .html suffix for an HTML file, but it isnice to know that it is not entirely neces-sary.

InstallationBe bold – there are no strings attached tothe launcher-086.tar.gz archive. You needthe Tcl/Tk interpreter, wish, which youwill no doubt have installed previously,

and the file and make commands – all ofwhich are just part and parcel of yourstandard Linux machine’s setup. Start byexpanding the archive using the followingcommand:

tar -xvzf launcher-086.tar.gz

To perform the actual installation (usingmake install) you need temporary rootprivileges; so use the su to apply them.Make sure you drop your root privilegesusing exit after installation. You can thensupply a peppering of configuration filesfrom your user account:

make installfileslocal

This copies the required files to yourhome directory. It is possible to create a


Tired of telling hordes of applications which third-party programs to use

when opening various file types? Launcher can help you solve this problem.

BY JOACHIM MOSKALEWSKI

Jo’s Alternative Desktop: Launcher

The Right Type

DeskTOPiaLINUX USER

Only you can decide how your desktop looks.With deskTOPia we regularly take you with us on a journey into the land of window managers and desktop environments,presenting the useful and the colorful viewers and pretty toys.

DESKTOPIA

Thinking back to my long buriedWindows roots, I still get a headachewhen I think about that OS’s

reputed user-friendliness. Installing newsoftware meant that all kinds of file suffixes were suddenly mapped to thenew program, ignoring the configurationwork I had previously put in.

I no longer have to suffer this torment,thanks to Linux – nothing moves on mymachine nowadays without me knowingabout it. And I was prepared to pay thethe price for this peace of mind andtackle that “one-off” configuration work.Now, unfortunately there seems to be ahitch with that “one-off” bit. Althoughmapping file types has always been a bitscary, if I need to tell five applicationswhat to do with a certain file type, I haveto configure all five individually. And thatto my mind is four times as much work asI should be doing.

Additionally, most programs insist on aone-to-one relationship between file typeand application. But what happens if Ijust want to view an image instead ofworking on it (as would normally be thecase)? Or what happens if I want to use adifferent browser to view an HTML file?The solutions tend to break at this point.

Simple & effectiveThis is a problem that effected most of us,but not someone as clever as Ethen Gold,who hit on the idea of mapping all the filetypes in all these programs to a singleapplication. This tool would then beresponsible for deciding what to open acertain file type with. This still meanscareful configuration work, but restrictsthat work to a single site. And you alsohave a way of enhancing applicationsthat previously insisted on a one-to-onerelationship between file type and theapplication.

The program enhancement kit you arelooking for is available both on the Web(at http://thaumaturgy.net/~etgold/softUware/launcher/) and on the CD with thesubscription issue, and there it is calledLauncher. However, in contrast to MS

system wide configuration(see the INSTALL file in thearchive for details), but notfor individual users.

After completing theinstallation, you will want todefine the launcher as thedefault applink for all ofyour programs. The quickestway to do this, is to usewildcards (normally a global wildcard *will represent any string), and accountingfor all file types with a single entry.

However, there is an issue here: Someprograms require individual syntax. Thusan entry without a file type accounts forall file types in the XFce file manager,XFTree: a single line containing ()(launcher) () in the ~/.xfce/xtree.reg isall you need to hand responsibility for allfile types to the launcher.

Just askClick on a file in a file manager that youhave configured as described, to start thelauncher, that will then locate and startan appropriate application based on itsMIME type. For multiple mappings thelauncher will prompt you to decide whichapplication should be started (Figure 1).

The factory defaults may not complywith your personal preferences. To solvethis, launcher offers a fairly substantialconfiguration tool, that you can accessvia the launcherconfig command. You canjust as easily right click on the dialog boxto choose between multiple applicationmappings. So, if you happen to disagreewith the selection, just right click.

Rules and regulationsThe configuration tool offers you somegeneral options (shown in Figure 2,Launcher Config). And three buttons areavailable for clicking: all affects how themultiple selections are handled – if thisbutton is active, the whole file list ispassed to your program en bloc. If you

deactivate all, the launcherwill start the appropriateprogram for each file.

You can use the defaultbutton to suppress theprompt, asking you tochoose one of the availablealternatives; the launcherwill then automaticallystart, without asking, the

default application. The last button in this bunch – nowait

– is applicable when the all option hasbeen deactivated: In this case thelauncher does not wait for the currentprocess to terminate before passing thenext file to an application, and proceedswith the next file, so launching the nextprogram as applicable.

AnnouncementsIf you now jump from the LauncherOptions to the Handler Definitions, youarrive at a configuration dialog box thatyou can use to edit your Handlers. Thedialog box contains a list of applicationsthat you may assign to the current filetype (Figure 3).

Working with this dialog box is notentirely intuitive. If you want to add anew application, you first have to click onSet, then enter a mnemonic name foryour application (XEmacs), then the realprogram name (xemacs) and finally thesyntax (xemacs %s). You can use an %sinstead of a file name and a %d insteadof a directory. You will need to click onAdd before your entry is added to the list.

MappedThat still leaves us with the Type/HandlerMappings (Figure 4), where you can putthe applications you have previouslydefined to their required tasks. If youselect several applications for a singleMIME type, you should note the defaultand possibly modify the setting. Thisdoes not mean that the default applica-tion will appear first in future operations,the option is only applied, if you youselect default in the general options.

Watch out for the stumbling blockwhile defining MIME types. Let usassume that you have an image file inPNG format called graphic.png. To beconsistent with the presets in thelauncher configuration (e.g. image/gif)you would expect the MIME type to beimage/png. But instead the launcher will

present you with the whole handler list –the new MIME type would seem to betotally ineffective. The command belowshould help on the subject:

jo@planet ~> launcher U

--showtypes graphic.pnggraphic.png: image/x-png

So now you know that you need to definethe image/x-png MIME type for PNGimages.

It is hard to find fault with thisextremely practical tool, but the currentversion still cannot process MIME typedefinitions containing wildcards. Thatmeans you will not be able to configureall image files simply by defining animage/* MIME type, even though theconfiguration file may suggest somethingdifferent. ■


LINUX USERDeskTOPia

Figure 1: Launcher between Gimp and QIV

Figure 2: Launcher Config

Figure 3: Handler Configuration

Figure 4: Who’s playing whom?

MIME: The abbreviation for “MultipurposeInternet Mail Extensions”. If an attachment issent by mail, the mail program states the filetype. After evaluating the MIME header, thereceiving mail application does not need toperform content analysis to know whether atext document, a sound file, an archive orsomething completely different is comingyour way. MIME types are additionally usedfor the dialog between web servers andbrowsers, and are often found when Linuxapplications need to interface with third-party programs.

GLOSSARY

groupware solution. Faced only with thealternative Outlook, Rüdiger decided towrite Minkowsky and the company hasbeen successfully using it since February2001.

Minkowsky allows for access rights tobe fine-tuned by the administrator inorder to give secretaries or other co-workers in related groups the possibilityto access appointments, and to allow forbetter co-ordination.

From experience it is the increase in theco-ordination and communication withina group that makes Minkowsky special.As a task, Minkowsky is oriented towardsgroups living on a single LAN.

Minkowsky is based on C++/C withTcl/Tk/Tix and it does not require anadditional database, which can be anadvantage in some situations. Being FreeSoftware under the GNU General PublicLicense, Minkowsky also secures theindependence of companies using it in

this rather crucial area. Following the firstpublic release in May 2001, the releaseprocess is about to publicize the first version.

Further plans include the stabilisationof communication between client andserver, the PDA synchronisation, a port toMac OS X (Minkowsky has been onlydeveloped on GNU/Linux) and of coursethe search for and fixing of bugs.

Rüdiger would welcome help with acommunication layer that is more stable,English translation and synchronisationwith Palm-handhelds.

WebminstatsWebminstats [6] allows monitoring ofmultiple relevant system parametersthrough a web browser. Since browsersare usually available on all platforms,such projects are usually very popularwith administrators of (heterogeneous)networks.

David Bouius began working on Web-minstats in August 2001. Towards the endof 2001 he started receiving support byEric Gerbier, who took over the projectwhen David lacked the time to maintain it.

According to Eric Gerbier, whoanswered the Brave GNU World question-naire, Webminstats offers severaladvantages over similar projects. It is, forinstance, much faster than a classic ofthis genre, the MRTG [7], because unlikeWebminstats, MRTG also creates graphsthat are usually not needed.

As the name implies, Webminstats isbased on the Webmin [8] project, whichallows web-based administration of Unixsystems. This allows sharing the accesscontrol features of Webmin for Webmin-stats and also this makes itbrowser-configurable.

The Webminstats backend is based onthe RRDTool (Round Robin Database


Since we seemed to have concentrateon creative methods of wasting outtime in the last issue, this issue we

will be dealing with some more work-related aspects. We will start with agroupware solution.

MinkowskyStefan Kamphausen, author of the BraveGNU World logo, has pointed out to me agroupware solution by his colleagueRüdiger Götz. The program has acalendar, address and task managementand is therefore dedicated to managingspace and time. Following the humour ofPhysicists, as this program manages“space-time” it has been named after theMinkowsky-diagrams used in the SpecialTheory of Relativity and is thereforecalled Minkowsky. [5]

The program started life at the end of2000, when the company employing bothStefan and Rüdiger were looking for a

The monthly GNU Column

Brave GNU World

Brave GNU WorldCOMMUNITY

In this monthly column we bring you the news from within the GNU project. In this issue we will

look at ways to beat oppressive regimes, FSF Europe’s activities, Developing with BASIC, auditable

accounting and system monitoring. BY GEORG C. F. GREVE

Figure 1: Minkowsky showing a group view and single calendars

Tool)[9] by Tobi Oetker, which provides afaster and more flexible re-implementa-tion of the storage and displaycapabilities of the already mentionedMRTG project. Since it does not provideits data-collection and frontend features,RRDTool is not a replacement for MRTG.MRTG can use it as its database.

These database-capabilities are alsoused by Webminstats. For collecting data,Webminstats provides 9 modules, whichallow monitoring of CPU-load, diskspace, IRQ, internet (FTP/HTTP), mail(sendmail, pop, imap), memory,processes and the number of users with atime-resolution of one minute.

With the help of Webminstats, Eric hasbeen able to find and fix a problem withhis web server. By knowing the exacttime of the crash and with the user mod-ule providing information about a newlogon immediately before the crash, hewas able to narrow down the possibleproblems, which in turn made it mucheasier to find that specific bug.

Webminstats was written in Perl andthe Bash-Shell and is being releasedunder the GNU General Public License asFree Software. New modules will expandthe functionality with fire-wall monitoring capabilitiesand it is planned to cus-tomise it for other Unixsystems. On top of this, theteam has also consideredadding “alarm messages”.Help is requested in form ofattractive icons for modules,customisations for otherlanguages and operatingsystems as well as any newfeatures required.

LinComptaBy beginning work on theLinCompta [10] project

early this year, PascalConrad has started toclose one of the mostimportant gaps of FreeSoftware: Professionalanalytical accounting.

His last employer didnot see the benefits of, orhave the appropriateunderstanding and appre-ciation of Free Softwareand GNU/Linux, Pascaldecided to provide theLinCompta project to thecommunity under theterms of the GNU GeneralPublic License.

During its brief history, the project hasalready made remarkable progress – ithas a very usable graphical interface thatmost users find easy to understand.

Programming languages used in thisproject include C with GTK+/GNOMEsupport and Pascal. It uses MySQL as thebacking database.

The project currently lacks a way toprint data and only French is currentlysupported. The highest priority on thetask list is translation to both English and

Russian. Any help with this aspect orwith the web page will be gratefullyaccepted. Should the project see enoughinterest, Pascal plans to expand it withother aspects of business accounting, soif you would like to see such projectscome along, you should probably try tosupport Pascal by testing, translating orprogramming.

GNUnetMany months ago, Brave GNU World pre-sented some background of the FreeNETproject by Ian Clarke, which had the goalto create a decentralised network whichwould make central control and censor-ing impossible and also allow data to“wander” through the network.

Faced with the increasing attempts tocensor the internet, file sharing serviceslike Napster have a problem, theirreliance on a central reference point. Theidea of such peer-to-peer networks iscommon knowledge today.

With GNUnet [11], a project by the stu-dents of the Purdue University, such anetwork has also become part of the GNUProject now.

Let me try to give a short introductionfor those who have not yet come into


COMMUNITYBrave GNU World

Figure 3: Webminstats showing the ftp/http module

Figure 4: French accounting with LinCompta

Figure 2: Webminstats showing a daily CPU usage chart.

professor that this project was to do withcryptography. They are now giving theirfirst appearances at crypto-conferencesand GNUnet is in beta test state, so thatshould not be a problem anymore.

The authors see the advantages ofanonymity as a feature in the GNUnetproject, which they believe to be moreeffective than the methods employed inother networks. They are also proud oftheir “Deniability” which provides forprotection against black sheep within thenetwork.

And finally GNUnet allows searchingfor “natural” strings, instead of randomhashcodes used by FreeNET for instance.As far as they know, GNUnet is the onlyentirely decentralised network offeringthese capabilities.

The authors see its biggest weakness inthe lack of enthusiasm to program a GUI.The currently available GTK+ based GUIworks, but it is not very comfortable.Further development is concentrating onporting it to more platforms. It runs on

GNU/Linux and BSD, and so work isbeing done on versions for Solaris/OS10and Win32.

Plans for the future include transportmechanisms other than UDP. They havethought about using steganography tohide data in pictures in order to bring thenetwork through the Chinese wall – sorry– firewall. Also expansion of the networkbeyond filesharing – to transport email,for instance – might be possible.

Help is very welcome in form of morenodes running GNUnet, help with theWin32 port, documentation, web pages,creation of graphics and so on.

GambasGambas [12] is an acronym for “GambasAlmost Means BASic”, which gives us ahint about the type of the project,because it is a graphical developmentenvironment based on a BASIC inter-preter with object-oriented expansions.Benoit Minisini, the author of this project,drew inspiration from Java and VisualBasic.

The project hopes to create an environ-ment in which graphical programs can beassembled efficiently and with a shallowlearning curve. Benoit found Java toocomplex and Visual Basic too buggy forthis task, also Visual Basic only runsunder Microsoft Windows.

He also wanted a language that wouldsecure freedom in terms of choice ofdesktop (KDE or GNOME) as well aslicense. Therefore he published Gambasunder the GNU General Public License.

The project has seen about three yearsof development, using C for the interpreterand compiler, C++ for Qt-bindings andGambas itself for the graphical develop-ment environment. Benoit aims for thebest syntactic coherence and compactnesspossible, making the interpreter withoutthe Qt component should save about 200kin size. This should make it relatively easyto port Gambas to embedded environ-ments.

Thanks to its modular structure, thecurrently used Qt-based GUI componentcan easily be replaced by one based onGTK+. Further targets are the creation ofa good debugger as well as a databasecomponent.

It will probably take some time untilGambas is truly a complete programminglanguage/environment, but it is certainlypossible to speed up the process through


contact with such a system.Most data is stationary andwith the URL it can bemapped to a certain host.This allows – byblocking access tothat one computer –censoring and alsoinformation about theprovider of that content. Thisis problematic in countriessuch as China, where accessto any media that is not controlled by theChinese government is restricted andproviders of critical information have toexpect sanctions.

Networks like FreeNET or GNUnetundermine this by making extensive useof cryptography and adding anonymity,which protects the provider and makes aphysical localisation of any unwantedinformation impossible. You would usesuch networks whenever privacy is moreimportant than efficiency.

Other than the normal anonymous networks, GNUnet allows a form ofaccounting, which ensures that nodesproviding more to the network willreceive better connectivity. Exclusive consumption (“Freeloading”) is possible,but it has to take whatever capacity is“left over.”

As we mentioned before, the GNUnetprojects originates in Purdue University,where it began as a cryptography projectof some students. By the way: Theirbiggest problem was to convince their

Brave GNU WorldCOMMUNITY

Figure 6: Gambas is not just Super Basic

Figure 5: GNUnet running a search for GPL and finding the document

help. What Benoit needs most right noware people trying Gambas in order to givehim feedback.

Once the component interface has beenfinished, Benoit plans writing someproper documentation for it, so addingGambas components will be an easy taskfor everyone.

When replying to the Brave GNU Worldquestionnaire, Benoit added the followinglittle story that he would like to sharewith the Brave GNU World readers: Oneday Benoit tried reinstalling Windows,he decided to reformat the partitionunder MS-DOS. Unfortunately the driveletters were inverted between Windowsand MS-DOS, so he ended up deleting thewrong hard drive – which of course hedid not have backups of.

Having, involunterily, gained 30GB offree disk space, he then attempted to tryand fiddle around with another, recentlyreleased, proprietary operating system,which really did not appeal to him. So hethought: Why not format that other harddisk from here? One mouse-click later hisGNU/Linux “/home” partition no longerexisted. Of course Gambas was on thispartition and of course there were nobackups.

By sheer luck there was still a one-month old copy of Gambas on theWindows partition that he had tried toformat initially. His advice to all readers:Save important things everywhere. Beparanoid!

Even though the importance of back-ups is certainly widely known in theory,this little experience report may triggersome readers to back up the last threeyears of work. Of course one could alsothink that you should simply keep awayfrom proprietary operating systems. :-)

CookBrave GNU World inissue 20 illustrated theweaknesses of the Make program [13],this issue will introduce another alterna-tive: Cook [14] by Peter Miller.

Peter Miller, who is also author of theAegis project, began working on a Makereplacement as early as 1988. He chose Cfor the programming language and Cookis published as Free Software under theGNU General Public License.

Advantages of Cook in comparisonwith Make include the possibility to doparallel builds, recipes can have host-names connected to them in order to runthem on specific machines, dependenciescan be resolved, recipes have optionalconditions to fine-tune their executionand much more.

Those who read features about GNUCons and SCons will be interested to hearit also supports detection of modificationby fingerprints to avoid unnecessaryrecompilations.

The transition is made easier with amake2cook program, although this ofcourse does not remove the necessity to

deal with a new program and new syntax.Those who have not yet found their

way out of Make are given another greatopportunity here.

Free Software for EuropeAt the end of April, the FSF Europe [15]issued a recommendation for the 6thEuropean Community framework pro-gramme, which has kept me pretty busyas the president of the FSF Europe.

On the grounds of a very lively andstrong Free Software developer and usercommunity in Europe, the FSF Europesuggests that the European Union shouldcapitalise on this and set an emphasis onFree Software in all aspects of the 6thframework programme. Also to makeexplicit calls for Free Software in someareas.

Some reasons for this recommendationwere an increased sustainability for public funds, securing the democratic tradition in Europe, strengtheningregional and trans-regional markets, inde-pendence from American oligopolies andintensifying European research.

For these reasons the recommendationare being supported by companies andeducational establishments throughoutEurope. On the list of supporting partiesyou will find, among others: Bull(France), the TZi of the University of Bre-men (Germany), the Centro Tempo Reale(Italy), MandrakeSoft (France), the FFS(Austria), Ingate Systems AB (Sweden)and Eighth Layer Limited (UK).

The complete recommendation and listof supporting parties can be found on theFSF Europe home page. [16]

ClosingEnough Brave GNU World for this month,I hope to have given some inspiration and as usual hope for many ideas, suggestions, comments and project introductions at the usual address. ■


COMMUNITYBrave GNU World

Georg C. F. GreveDipl.-Phys. has beenusing free software formany years. He wasan earlier adopter ofGNU/Linux. Afterbecoming active in theGNU project he formed the Free Soft-ware Foundation Europe, of which he isthe current president. More informationcan be found at http://www.gnuhh.org.

TH

E A

UT

HO

R

[1] Send ideas, comments and questions to Brave GNU World [email protected]

[2] Home page of the GNU Project http://www.gnu.org/

[3] Home page of Georg’s Brave GNU World http://brave-gnu-world.org

[4] “We run GNU”initiative http://www.gnu.org/brave-gnu-world/rungnu/rungnu.en.html

[5] Minkowsky home page http://www.r-goetz.de/minkowsky/en/

[6] Webminstats home page http://webminstats.sourceforge.net

[7] Multi Router Traffic Grapher (MRTG) home page http://people.ee.ethz.ch/~oetiker/webtools/mrtg/mrtg.html

[8] Webmin home page http://www.webmin.com

[9] “Round Robin Database”(RRD) Tool home page http://www.caida.org/tools/utilities/rrdtool/

[10] LinCompta home page http://lincompta.tuxfamily.org

[11] GNUnet home page http://www.gnu.org/software/GNUnet/

[12] Gambas home page http://gambas.sourceforge.net

[13] GNU Make home page http://www.gnu.org/software/make/

[14] Cook home page http://www.canb.auug.org.au/~millerp/cook/

[15] Free Software Foundation Europe http://fsfeurope.org

[16] Recommendation by the FSF Europe for the 6th framework programme http://fsfeurope.org/documents/fp6/

INFO

The team is composed of 6 studentsfrom the French computer school. TheG.O.B.I.E. project is developed using Cand GTK. It uses the XFree86 Serverversion 4.2.0. They are re-coding most ofthe tools, such as xinit, and fdisk. The

XServer is loaded into a RamDisk and itthen uses a generic configuration fileoffering a screen resolution of 800x600 at8bits. The first release will be availablefor downloading at www.gobie.net.

NetBSD support for newOpteron processor

Wasabi Systems, theleading provider ofthe NetBSD operating

system, announced NetBSD support forAMD’s upcoming eighth-generation AMDOpteron and AMD Athlon Processors,culminating in a development processthat began with Wasabi’s port to asimulator of AMD’s new x86-64 architec-ture one year ago. NetBSD is a powerfulopen source operating system derived


Absolute BSDMichael W. Lucas haswritten the AbsoluteBSD book. Aimed atanswering all theSysAdmins questionsfrom installation toperformance tuning it

goes into depth on the management ofany BSD-based servers. A tight focus onnetwork management and trouble-shooting gives needed depth to theavailable BSD documentation. AbsoluteBSD goes beyond explaining what to typeto make things work. Instead it takes thereader into why and how things work,and takes BSD system administrators thatnext much needed step forward.

And as no technical book is everperfect there is a website set up in caseany errata are required. For more detailssee www.AbsoluteBSD.com.

Virtually thereRunning OpenBSD on a VirtualPCis taking some steps closer tobecoming a reality. Peter Bartoli

is continuing to work on maintaining theOpenBSD components for installation.Due to the restricted memory available, aslimline kernel which Peter has producedis occasionally needed along with somemodified drivers that make use of all thevirtual hardware. The system will nowinstall on VirtualPC which opens up thepossibilities for its use. This could rangefrom sandbox testing of security modulesto the joy of just having multiple copiesrunning. For more information seeslagheap.net/openbsd.

More graphical funThe G.O.B.I.E project is aimed at adding agraphical installation to the OpenBSD OS.This project has been developed in thespirit of OpenBSD which means that theinstallation is as close as possible to thetext one. The G.O.B.I.E team wishes toadd some value to the product by thedevelopment of installation modules toknown servers such as Bind, Sendmail,Inn, Apache, etc.

Welcome to our monthly Free World column where we explore what is

happening in the world of Free software beyond the GNU/Linux horizons.

This month we will look into security and releases. BY JANET ROEBUCK

The monthly BSD column

Free World

Free WorldCOMMUNITY

Figure 1: Adding users to OpenBSD with GOBIE

from BSD Unix. NetBSD is used in placeof many high performance Unix applica-tions on the x86 platform. With thex86-64 architecture, customers will soonhave an even higher performance 64-bitmigration path at an attractive price.NetBSD for x86-64 runs both 32- and 64-bit binaries. Wasabi plans to release thesoftware, including support for SMP,binary compatibility with both Linux andSolaris/x86, and enhanced datacenterfunctionality in time for the commercialrelease of x86-64 hardware from AMD.

With systems based on future 64-bitAMD Opteron processors, Unix customerswill be able to benefit from enhanced 32-bit application performance of theirexisting NetBSD applications, with theoption of deploying applications based onx86-64 architecture when available.

Hiding the problemOn BugTraq it was announced thatSymantec have acquired SecurityFocus.While this is good news for SecurityFocusit does raise some interesting questionsabout security issues.

Symantec aim to keep both the BugTraqand the SecurityFocus mailing lists open.In their own FAQ they say “We observe a30-day grace period after the notificationof a security advisory to give users anopportunity to apply the patch. Duringthis grace period, we provide ourcustomers significant information aboutthe vulnerability and the fix, but not step-by-step instructions for exploiting thevulnerability. We do not provide detailedexploit code or provide samples ofmalicious code except to other trustedsecurity researchers and in a securedmanner.”

This means that you cannot test yoursystems using exploit code pulled offfrom the SecurityFocus site, unless youare a member of their ‘trusted securitypartners’. In effect they have closed downthe vulnerabilities from the community.Both VulnWatch www.vulnwatch.org andPacketStorm packetstorm.decepticons.orgstill remain giving full disclosure.

Twice the powerChuck Silvers has reportedsuccess at implementing dualprocessor usage on the

NetBSD Mac-PPC port. The work was car-ried out and completed on a dual G4processor Apple.

NetBSD releaseThe NetBSD Project has announced onOSNews.com that the Release 1.5.3 of theNetBSD operating system is available.The future 1.6 release is also currently inBeta development. The NetBSD 1.5.3 is amaintenance release for users of NetBSD1.5.2, 1.5.1, 1.5 and earlier releases,which gives security and performanceupdates relative to 1.5.2. Some newdevice drivers have also been added.

Package InformationAt the beginning of August the number ofpackages in the NetBSD PackageCollection stood at a high of 3076.FreeBSD ports for the same periodreached 7365. The collection is found atwww.netbsd.org/Documentation/softwaU

re/packages.html#searching_pkgsrc. The most recently added packages are:Asnap (screen capture), ssh2 (secureshell), geoslab (TrueType fonts fromBitstream), Xvattr (modify XV attributes),Pscan (security scanner), psi (Jabberclient), neon (http and webDAV clientlibrary), matchbox (window manager forsmall displays) and acroread (viewing pdfdocs v5.06). The most recent updated packages are:Vice (C64 emulator), gdb (debugger),gmplayer (MPEG 1/2/4 video decoder),uvscan (DOS virus scanner), squidGuard(filter for squid), pth (portable threadlibrary), zebra (routing daemon), nmap(scanner), apache6 (web server) andisect (middleware). The three packages Uvscan-dat,buildlink-x11 and pth-syscall have allbeen retired.

New schedulerLuigi Rizzo hasreleased the firstversion on the newProportional Sharescheduler at info.Uiet.unipi.it/~luigiU/ps_sched.200207U19a.diff. He hasnow tested on adiskless system run-ning full X andapplications with noharmful side effects.The only 3 filesmodified are kernU

_synch.c, kernU

_switch.c and proc.h, plus a one-linechange to kern_exit.c The sysctl variablekern.scheduler controls the scheduler inuse. You can switch between the twoschedulers by changing the value of thesysctl variable. The “old” scheduler(Feedback Priority) should be as robustand stable as always, there are still a fewthings to cleanup in the ProportionalShare scheduler, such as the case for SMPsupport in the kernel.

No LogoThe FreeBSD Foundation logo contest hasended. It received a total of 106 entries.Unfortunately, there was no entry that thefoundation thought spoke to them as thelogo to use. As a result the FreeBSDFoundation will remain logoless.

Telling the truthThe OpenBSD site has updated theirtagline. On www.openbsd.org, it nowstates “One remote hole in the defaultinstall in nearly 6 years!”. This updatewas after the openSSH hole was found.This is still a very impressive record withthe full list of patches and errata beingfound at www.openbsd.org/errata.html.

eZine newsDaemonNews have released their AugusteZine for BSD users. The free eZine canbe found at ezine.daemonnews.org/200208. It includes the regular columnswith the Answerman and a review of theVicFUG 2002 in Australia. The HOWTOarticle is about backing up FreeBSD withSMBFS commands to transport the datato network shares. ■


COMMUNITYFree World

Figure 2: The latest eZine from Daemon News

GamesAuriferous – Find the gold in the caves – Entombed – Mazegame Fly – 3D space combat Netwalk – Connect the terminals tothe server Trailblazer – Move the ball to the end of the path Tux-Paint – Drawing for the young

MultimediaApollo – Mpg123 front-end GnuSound – Sound editor GQView –Image viewer Kover – Make CD inlays MagicPoint – Presentationsoftware WhiteDune – Virtual reality model viewer

NetCherrypy – Develop web services fft – Display the route packetstake Fnord – Tiny web server Proftpd – Secure FTP daemonIcrzo – A Swiss army knife for web developers Pabache – Perlweb server

SecurityEttercap – LAN sniffer MailScanner – E-mail virus scannerTurtleFirewall – Firewall Virge – C mail scanner Zorp – Proxyfirewall suite Fiaif – Intelligent firewall

SystemLinuxConf – Admin tool Leka -Rescue floppy Dar – Disk archiveDateShift – Change the system clock e2undel – Recover deleteddata Webmin – Web based admin

DevelopmentCRM114 – Controllable regex mutilator Gambas – Almost BASICJ – Java text editor Leakbug – Memory leak tracer Poe – PerlObject Environment


Crux 0.9.3An ISO image of a whole small lightweight i686-optimized distri-bution. CRUX is targeted at experienced Linux users. Theprimary focus of this distribution is “keep it simple”, which isreflected in a simple tar.gz-based package system, BSD-styleinitscripts, and a relatively small collection of trimmed pack-ages. The secondary focus is the utilization of new Linuxfeatures and recent tools and libraries. CRUX also has a portssystem which makes it easy to install and upgrade applications.

SuSE Firewall on CDProtect yourself, your IT infrastructure, and your mission-criticaldata! A fully bootable CD ROM with the last release of SuSE’sprofessional firewall product. This is an effective and reliablesecurity service for your system. The SuSE Linux Firewallchecks, monitors, analyzes, and logs ongoing data transfer,thereby providing a maximum level of security. Prevent attacksbefore they cause unexpected damage.

Apache 1.3.19/2.0.39The Web-Server, which drives the Internet. Tons of modules forevery extension you might need. Apache is a powerful, flexible,HTTP/1.1 compliant web server, which implements the latestprotocols, including HTTP/1.1 (RFC2616). It is highly config-urable and extensible with third-party modules and can becustomised by writing 'modules' using the Apache module API.

GCC 3.1The latest stable release of the free compiler along with the doc-umentation. “GCC” is the common shorthand term for the GNUCompiler Collection. Several versions of the compiler; C, C++,Objective-C, Ada, FORTRAN, and Java are integrated and GCCcan compile programs written in any of these languages.

Nmap 3.0The latest stable release of the network scanning software.Reworked in many places and offering more functions than ever.Network Mapper is an open source utility for network explo-ration or security auditing. It was designed to rapidly scan largenetworks, although it works fine against just a single host.Nmap uses raw IP packets in novel ways to determine whathosts are available on the network, what services (ports) theyare offering, what operating system they are running, what typeof packet filters/firewalls are in use, and dozens of other charac-teristics.

LINUX MAGAZINESubscription CD

Subscription DiscThe CD ROM with your subscription issue contains all the software listed below,

saving you hours of searching and downloading time. On this month’s subscription

CD ROM we start with a full distribution and a professional firewall before we move

onto the latest and most requested programs and utilities.

HighlightsCrux 0.9.3Small lightweight i868-optimized distribution

SuSE Firewall on CD (unsupported evaluation version)Full bootable CD with SuSE’s firewall product

Apache 1.3.19/2.0.39Tons of modules for every Apache extension

GCC 3.1Latest stable release – along with documentation.

Nmap 3.0Latest release of the network scanning software

PlusDevelopment ToolsGamesSystem UtilitiesNetworking Software

Subscription CD Issue 23September 2002

Subscription CD Issue 23September 2002

Subscribe & SaveSave yourself hours of download time in the future with the Linux

Magazine subscription CD! Each subscription copy of the magazineincludes a CD like the one described above free of charge. In addition,

a subscription will save you over 16% compared to the cover price,and it ensures that you’ll get advanced Linux Know-How delivered to

your door every month.

Subscribe to Linux Magazine today!

Order Online: www.linuxmagazine.com/CustomerService/Subscribe

Use the order form between pages 66 and 67 in this magazine or download it from:

www.linux-magazine.com/CustomerService/Orderform

linux magazine uk 23

Documents

improved linux magazine

magazine changes

linux market

linux information

dear linux magazine

linux user

linux communityexpects

entire linux magazine