Technology,Information Technology N Tips n Trick

HP launches broad array of redesigned notebooks, displays

2008-06-11T13:22:00.000+07:00

In one of its largest product releases, HP unveiled a bevy of PCs and displays, zeroing in on key trends such as touch-screen technology and compact laptops for business and consumer users.

HP made the announcements during its "Connecting Your World" conference in Berlin on Tuesday.

HP brought out 16 laptops, including fresh models for its Compaq "b" and "s" series for business users as well as the Compaq Presario and Pavilion line. The company also introduced a new series, EliteBook.

EliteBook models have a brushed anodized aluminum casing with a magnesium alloy chassis, which HP says complies with military-standard durability. The hard drive is shock-resistant, and the keyboard is spill-resistant. One version of the EliteBook, the 6930p, has up to 15 hours of battery life with an optional ultracapacity battery, HP said.

Some of HP's new laptops have the latest chips from Advanced Micro Devices, such as that company's Turion 64x2 ultra dual-core mobile processor. Other models have Intel's Centrino 2 and Centrino 2 with vPro, HP said.

HP said it has put some features previously only in business-class notebooks into consumer models. One is HP's ProtectSmart Hard Drive Protection, which can stop a hard drive from spinning if the computer senses the laptop is falling. That feature has been incorporated in the consumer-focused Pavilion line.

HP also rolled out the Voodoo Omen desktop and the Voodoo Envy 133 laptop, which are aimed at gamers and other demanding consumers.

The Voodoo Omen can support up to four graphics processors. Omen also has copper cooling pipes, and since it is liquid cooled, HP said it runs quietly even when pushed hard. Omen starts at $7,000 and will only initially be available to those who bought a Voodoo PC before, HP said, although it will be more broadly available in around three months.

The Voodoo Envy laptop, which costs $2,099, has a carbon-fiber casing, a backlight keyboard and a "multigesture" touchpad, supporting pinch-like movements.

On the desktop, HP has launched a line that features touch-screen interfaces. Users can tap or drag a finger across the screen of the TouchSmart series of PCs to access basic features such as playing music or manipulating audio or video files.

TouchSmart PCs have a 22-inch diagonal wide-screen display, built-in DVD burner, wireless keyboard, and sport an Intel Core 2 Duo processor.

HP said its new DreamColor display -- an LCD (liquid-crystal display) that supports 1 billion colors -- costs just a quarter of competing displays. DreamColor will sell for US$3,499.

The company said DreamColor will accurately display colors for people where color matching has been a tricky task, such as the animation, game development and graphics arts industries. DreamColor, HP claims, cuts down on the need for multiple proofs, redesigns and color checks.

Sun Solaris going on Fujitsu's Intel servers

2008-06-11T13:20:00.000+07:00

Sun Microsystems is announcing an agreement Tuesday with Fujtisu Siemens Computers to have Sun's Solaris operating system distributed with select Fujitsu Primergy servers.

Solaris 10 will be offered on Intel x/86/x64 boxes. The two companies plan to work together to certify solutions based on Solaris and Primergy hardware.

Sun touted Solaris capabilities in scalability, reliability, and virtualization. Multi-core deployments are supported as well.

"We are essentially one of the three big OSes that run on the Intel architecture right now, the other two being the Microsoft family and the Linux family," said Herb Hinstoff, Sun director of Solaris marketing.

But Fujitsu users would not get capabilities offered in the open-source version of Solaris, called OpenSolaris, such as Image Packaging System, for simplifying installation and integration with third-party applications.

Solaris 10, though, is the enterprise-strength version of Solaris, while OpenSolaris is considered more as a platform for developers to build next-generation applications, according to Hinstoff. The plan, however, is that OpenSolaris bits eventually would become the next major enterprise version of Solaris.

Previously, Fujitsu has supported Solaris on SPARC-based servers, Sun said. Primergy users will gain access to the 10 5/08 update of Solaris, featuring power management capabilities for x86 processors from AMD and Intel.

Other companies bundling Solaris on Intel-based systems include Intel, IBM, Dell and Sun itself, Hinstoff said.

Mac security gets a business boost

2008-06-11T12:55:00.000+07:00

Businesses often thwart Macs from infiltrating their laptop ranks, and one reason given is that there's no good way of encrypting data. A lost personal Mac may bring a few tears to the hapless owner, but a corporate Mac with sensitive data falling into the wrong hands is a lawsuit in the making and potential headline-grabber.

Lack of good Mac encryption, though, is quickly becoming a bugaboo.

Yesterday, PGP Corp., a well-known vendor of enterprise data protection, said it plans to ship a full-disk encryption product for Mac OS X next month. This comes on the heels of a similar announcement: Check Point Software said in late May that it has shipped the industry's first full-disk encryption for Mac OS X.

There's no question tech vendors that serve businesses are swooning over the Mac. "The Mac is starting to make its appearance in the enterprise to a greater extent," says Jon Oltsik, analyst at the Enterprise Strategy Group. "There's definitely demand for more enterprise-class systems management, desktop operations, and security tools."

Forrester Research figures Mac adoption in businesses tripled last year to 4.2 percent, largely due to grassroots efforts by small workgroups to bring Macs to work. As more employees demand Macs, business can no longer turn a blind eye.

Jon Allen, information security officer at Baylor University in Texas, has seen first-hand the pendulum shift a couple of times. Nearly all students and faculty worked on Macs until the mid-1990s when Windows PCs began to take over. By 2005, "we were a 95-percent PC shop," Allen says. "But now we're definitely seeing an increase in our Mac population on campus."

Today, Allen supports 580 Windows PCs and some 150 Macs. Securing Mac data through encryption hasn't been easy. Mac OS X comes with FileVault, an encryption tool for the home directory -- a tool Allen dislikes.

For starters, FileVault can have lawyers fuming. If a Mac is lost, attorneys don't have assurances that sensitive data actually resided in the home directory and thus was encrypted. And so they can't make their case when fronted with Texas law concerning loss of sensitive information. What they need is full-disk encryption to ensure everything on the Mac wasn't accessible.

Another problem with FileVault: Some Mac users at Baylor had forgotten their FileVault passwords and lost data. That's a problem with a client-only solution. A business, on the other hand, needs centralized management of encryption tools for installation and backup, as well as repairs -- that is, technicians and help desk need a pathway to get into the computer. "We encouraged people not to turn on FileVault until we have an enterprise solution," Allen says.

Allen currently doesn't encrypt data on Macs, but he's been beta testing PGP's full-disk encryption and plans to roll it out when the product becomes available. Not only will full-disk encryption better protect the university, but PGP's centralized management tools should make his job easier.

Centralized IT management is key for businesses, agrees analyst Oltsik. "There will be smaller companies who do encryption for the Mac that will be a great fit for the consumer but that is not going to make it in the enterprise," he says. "Enterprises want big names and central management ... and the PGPs of the world supporting the Mac is an important step."

List of Linux Security Audit and Hacker Software Tools

2008-05-24T16:50:00.002+07:00

Security Audit Tools:

Perform a "Security Risk Assessment" on your system with the following tools.

System Audits:

Chkrootkit (YoLinux tutorial) - Scan system for trojans, worms and exploits.
Root kit detection:
- checkps - detect rootkits by detecting falsified output and similar anomalies. The ps check should work on anything with /proc. Also uses netstat.
- Rootkit hunter - scans for rootkits, back doors and local exploits
- Rkdet - root kit detector daemon. Intended to catch someone installing a rootkit or running a packet sniffer.
fsaudit - Perl script to scan filesystems and search for suspicious looking directories
COPS: Computer Oracle and Password System - UNIX security checks. Programs and shell scripts which perform security checks. Checks include file and directory permissions, passwords, system scripts, SUID files, ftp configuration check, ...
SARA - Security Auditor's Research Assistant - network security vulnerability scanner for SQL injections, remote scans, etc. (follow-on to the SATAN analysis tool)
TAMU - Texas A&M University developed tools
- Tiger - Scan a Unix system looking for security problems (Similar to COPS) - Tiger Analytical Research Assistant (TARA Pro) - Commercial support
- Netlog - TCP and UDP suspicious traffic logging system
- Drawbridge - Firewall package (Free BSD)

Network Vulnerability Audits:

Nessus (YoLinux tutorial) - Remote security scanner - This is my favorite security audit tool!! Checks service exploits and vulnerabilities.
ISIC - IP Stack Integrity Checker
Argus - IP network transaction auditing tool. This daemon promiscuously reads network datagrams from a specified interface, and generates network traffic status records
Argus 2
SAINT - Finds computers on the network, port scans and does a vulnerability check and outputs a report. - Commercial product.
InterSect Alliance - Intrusion analysis. Identifies malicious or unauthorized access attempts.
Linuxforce: AdminForce CGI Auto Audit - CGI script analyzer to find security deficiencies.

Wireless:

AirSnort - wireless LAN (WLAN) tool that recovers encryption keys.
WEPCrack
Also see: YoLinux Wireless security links

Port Scanners:

Used to identify computer network services available for exploit.

nmap - Port scanner and security scanning and investigation tool
- NmapFe - GUI front-end to NMAP
- KNmap - KDE front-end
- pbnj - Diff nmap scans to find changes to systems on the network.
- nmap3d - nmap post processing to 3-d VRML
- nmap-sql - log scans to database
portscan - C++ Port Scanner will try to connect on every port you define for a particular host.
pof - passive OS fingerprinting.
Web/http scan:
- Nikto - web server scanner. CGI, vulnerability checks. Not a stealthy tool. For security tests.

Portscanning Information:

Art of port scanning - types of scans explained.

Network Sniffers:

Linux Tools for Network Examination.

DSniff - network tools for auditing and penetration testing.
Wireshark - full network protocol sniffer/analyzer
(Ethereal - legacy. Now Wireshark)
IPTraf - curses based IP LAN monitor
TcpDump - network monitor and data acquisition
- VOMIT - Voice Over Misconfigured Internet Telephones - Use TCP dump of VOIP stream and convert to WAV file.
  Cisco Call Manager depends on MS/SQL server and are thus vulnerable to SQL Slammer attacks.
KISMET - 802.11a/b/g wireless network detector, sniffer and intrusion detection system.
DISCO - Passive IP discovery and fingerprinting tool. Sits on a segment of a network to discover unique IPs and identify them.
Yersina - Framework for analyzing and testing the deployed networks and systems. Designed to take advantage of some weakness in different Layer 2 protocols: Spanning Tree Protocol (STP), Cisco Discovery Protocol (CDP), Dynamic Trunking Protocol (DTP), Dynamic Host Configuration Protocol (DHCP), Hot Standby Router Protocol (HSRP), IEEE 802.1q, Inter-Switch Link Protocol (ISL), VLAN Trunking Protocol (VTP).
YoLinux.com List of network monitoring tools and example tcpdump sessions

Hacker Tools:

Password crackers:

(can also be part of a vulnerability audit)

John the Ripper - weak password detection. crypt, Kerberos AFS, MS/Windows LM, ...
lCRACK - password hacker, dictionary, brute force incremental, ...

Exploits:

Commercial Vendors:

RSA Security - Encryption and secure commerce.
CRYPTOCard authentication servers
CryptoHeaven - Secure online storage, file sharing and distribution, email, instant messaging. Free Linux client but it is a commercial for fee service. (less than 2MB storage is free)
Tiger Analytical Research Assistant (TARA Pro) - Texas A+M Tiger Commercial support
TIS: Trusted Informations Systems Inc. - [download] - TIS Internet firewall toolkit
Tripwire Security Systems - Intrusion detection
CA (Computer Associates): eTrust Compliance - Vulnerability assessment, security policies, audit and correction.
Labatam: Secure X-Server Encryption

Online Web Based Tools:

Online nmap test - checks for open ports
Clackcode.com: security scan
pcFlank.com: online vulnerability tests
AutomatedScanning.com - commercial service
Anonymizer.com - Anonymous surfing

Software Updates and Security fixes:

Forensic and Data Recovery Tools:

Basic Steps in Forensic Analysis of Unix Systems - a case study
GIIS ext3/ext2FS file undelete tool.User can recover files by it's name or type or by its owner. Can't recover the files deleted before installation of giis.
Why Recovering a Deleted Ext3 File Is Difficult
Commercial Linux data recovery tools - list

Anti-Virus Software:

This has typically been the domain of the Microsoft Windows and Outlook products and NOT Linux but Linux administrators running SAMBA file servers often must be aware of these viruses. There are according to Symantec 68 Linux specific viruses and worms including the Ramen worm which attempts to attack unpatched rpc.statd, wuftpd, and LPRng.

Anti-Virus products:

F-Secure.com
Kaspersky Lab - Workstation/Server/eMail gateway protection
Sophos.com
- Endpoint Security and Control: Anti-Virus and anti-spyware for Unix/Linux
- SOPHOS Anti-virus - Sophos Anti-Virus for Linux
- eMail security
Grisoft.com
- AVG Anti-Virus Linux E-mail Server Edition
Symantec.com
- Mail-Gear: (up to and including version 1.2.x)
- Antivirus client for Linux
TrendMicro.com
- Interscan VirusWall for Linux - Internet Gateway - detect/scan SMTP, HTTP and FTP
ClamAv.net - Clam anti-virus. Open source virus protection for mail servers.

Virus info:

CERT.org - Carnegie Mellon University's Software Engineering Institute - security vulnerability research.
ICSA.net - Anti-virus / Anti-spyware / Anti-spam Product Developers Consortium
McAfee virus info
McAfee hoax list
Symantec security response - commercial security support
Threat Explorer - real and hoaxes

Virus email alert:

Attacks:

SYN packet manipulation:
Smurf DOS:
- ISS.com: Description
IRC (Internet Relay Chat) Client attacks:
- IIS.com: Description
Service attacks:
- Buffer Overflow attacks
- Buffer overflow vulnerabilities explained
Session Hijacking:
- IIS.com: Descriptions
ARP Cache poisoning:
- Wireless Attacks Threaten Wired Networks

Honeypots:

How to bait and catch the evil hackers:

honeyd
Honeynet.org - The honeynet project

DoD/DoE NISPOM Chapter 8 computer security configuration for Linux:

NISPOM (National Industry Security Program Operating Manual) chapter 8 is a computer security requirement developed by the US DoD (Department of Defense - US) and DoE (Department of Energy) and published by the DSS (Defense Security Service) which US defense contractors are required to meet when processing classified data on computers in a classified environment. Linux as issued by major distros defaults do not meet this requirement. Use the following software packages/configurations:

Use central authentication server (LDAP or NIS) with the proper security policies. See YoLinux LDAP authentication tutorial.
Meet reporting requirements: This auditing and reporting requirement can be met using Snare. This requires a kernel patch (or use of one of the kernels [RHEL3 or RHEL4] downloaded from the Snare home page.) and the running of a Snare audit daemon. It meets C-2 reporting requirements and records logins/logoffs, file and directory access, access denial, ...
Newer Linux distributions running auditd (RHEL4, FC3+) can get compliant results.
Snare home page. For more aggressive reporting requirements, see Computer Associates eTrust Security Information Management.
Grant admin privileges without giving root password. Granular delegation of root privileges. File and directory access control. Symark.com: PowerBroker
Virus scanner. (See above list)

Using Linux iptables or ipchains to set up an internet gateway / firewall / router for home or office

2008-05-24T16:27:00.002+07:00

Methods of connecting your network to the internet:

* Use Linux ipchains / iptables and IP forwarding to configure Linux as a firewall and router. This is the method covered in this tutorial.
* The Linux router project has produced a specialized version of Linux just to run ipchains / iptables and IP masquerading.
See LinuxRouter.org.
* Use SOCKS gateway proxy software running on Linux.
For more information see the SOCKS5/e-Border home page.
* Use a CISCO router - Configuration tutorial. (Note: PIX series are preferred for firewall use.)

This tutorial will cover using a linux computer as a gateway between a private network and the internet. Any internet connection whether it be a dial-up PPP, DSL, cable modem or a T1 line can be used. In the case of most dial-up PPP connections and cable modem connections, only a single IP address is issued allowing only one computer to connect to the internet at a time. Using Linux and iptables / ipchains one can configure a gateway which will allow all computers on a private network to connect to the internet via the gateway and one external IP address, using a technology called "Network Address Translation" (NAT) or masquerading and private subnets. Iptables/ipchains can also be configured so that the Linux computer acts as a firewall, providing protection to the internal network.

Methods of connecting your network to the internet:

Use Linux ipchains / iptables and IP forwarding to configure Linux as a firewall and router. This is the method covered in this tutorial.
The Linux router project has produced a specialized version of Linux just to run ipchains / iptables and IP masquerading.
See LinuxRouter.org.
Use SOCKS gateway proxy software running on Linux.
For more information see the SOCKS5/e-Border home page.
Use a CISCO router - Configuration tutorial. (Note: PIX series are preferred for firewall use.)

This tutorial will cover using a linux computer as a gateway between a private network and the internet. Any internet connection whether it be a dial-up PPP, DSL, cable modem or a T1 line can be used. In the case of most dial-up PPP connections and cable modem connections, only a single IP address is issued allowing only one computer to connect to the internet at a time. Using Linux and iptables / ipchains one can configure a gateway which will allow all computers on a private network to connect to the internet via the gateway and one external IP address, using a technology called "Network Address Translation" (NAT) or masquerading and private subnets. Iptables/ipchains can also be configured so that the Linux computer acts as a firewall, providing protection to the internal network.
Firewall versions vs Linux versions:

Note: References to ipfwadm and ipchains refer to older deprecated software.

Firewall Command	Linux Kernel Version	Red Hat Version
iptables	2.4.x, 2.6.x	7.1 - 9.0, Fedora 1,2,3
ipchains	2.2.x	6.x, 7.0
ipfwadm	2.0.x	5.x

Note: Red Hat 7.1-9.0 and the default Linux 2.4 kernel may use ipchains or iptables but not both. Iptables is the preferred firewall as it supports "state" and can recognize if a network connection has already been "ESTABLISHED" or if the connection is related to the previous connection (required for ftp which makes multiple connections on different ports). Ipchains can not. Ipchain rules take precedence over iptables rules. During system boot, the kernel attempts to activate ipchains, then attempts to activate iptables. If ipchain rules have been activated, the kernel will not start iptables.

Red Hat 7.1 will not support ipchains unless that option is configured (during install or later). If during install you select "Disable Firewall - no protection" then ipchains will not be available and you must rely upon iptables for a manual firewall configuration. (iptables only. ipchains will be unavailable)

GUI configuration:

iptables: The GUI configuration tool /usr/bin/redhat-config-securitylevel can be used to choose a preconfigured firewall (High, Medium or no firewall) or it can be used to manually configure rules based on the network services your server will offer. The init script /etc/rc.d/init.d/iptables will use rules stored in /etc/sysconfig/iptables.
ipchains: The tool that does this is lokkit (or /usr/bin/gnome-lokkit), which uses ipchains to configure firewall options for High and Low security options. To support ipchains after install, run /usr/bin/gnome-lokkit and configure a firewall. It will configure ipchains to activate the firewall. Lokkit will generate the file /etc/sysconfig/ipchains. (Used by init script /etc/rc.d/init.d/ipchains which calls /sbin/ipchains-restore)
To see if ipchains and the Lokkit configuration is invoked during system boot, use the command:
```
    chkconfig --list | grep ipchains
```

The default Red Hat 7.1+ Linux 2.4 kernel is compiled to support both iptables and ipchains. Kernel support for ipchains is available during a kernel configuration and compilation. During make xconfig or make menuconfig turn on the feature: "IP: Netfilter Configuration" + "ipchains (2.2-style) support".

Check your installation by using the command: rpm -q iptables ipchains
These packages must be installed. The commands iptables and ipchains are the command interfaces to configure kernel firewall rules. The default Red Hat 7.1 kernel supports iptables and ipchains. (But not both at the same time.)

[Potential Pitfall]: When performing an upgrade instead of a new install, the upgrade software will not install iptables as did not exist on the system previously. It will perform an upgrade to a newer version of ipchains. If you wish to use iptables, you must manually install the iptables RPM.
i.e.: rpm -ivh iptables-XXX.i386.rpm

[Potential Pitfall]: The Linux operating system kernel may load or not load what you had expected. Use the command lsmod to see if ip_tables or ip_chains were loaded.

Switching a running system from ipchains to iptables: (Red Hat 7.1-9.0 - Linux kernel 2.4 specific)

Sequence	Command	Description
1	chkconfig --del ipchains	Remove ipchains from system boot/initialization process
2	chkconfig --add iptables	Add iptables to system boot/initialization process
3	ipchains -F	Flush ipchains rules
4	service ipchains stop	Stop ipchains. Also: `/etc/init.d/ipchains stop`
5	rmmod ipchains	Unload ipchains kernel module. Iptables kernel module can not be loaded if the ipchains module is loaded
6	service iptables start	Load iptables kernel module. Also: `/etc/init.d/iptables stop`

Network Address Translation (NAT):

An individual on a computer on the private network may point their web browser to a site on the internet. This request is recognized to be beyond the local network so it is routed to the Linux gateway using the private network address. The request for the web page is sent to the web site using the external internet IP address of the gateway. The request is returned to the gateway which then translates the IP address to computer on the private network which made the request. This is often called IP masquerading. The software interface which enables one to configure the kernel for masquerading is iptables (Linux kernel 2.4) or ipchains (Linux kernel 2.2)

The gateway computer will need two IP addresses and network connections, one to the private internal network and another to the external public internet.

A note on private network IP addresses: A set of IP addresses has been reserved by IANA for private networks. They range from 192.168.0.1 to 192.168.254.254 for a typical small business or home network and are often referred to as CIDR private network addresses. Most private networks conform to this scheme.

Block	Range		CIDR Notation	Default Subnet Mask	Number of hosts
24 bit block in class A	10.0.0.0	10.255.255.255	10.0.0.0/8	255.0.0.0	16,777,216
20 bit block in class B	172.16.0.0	172.31.255.255	172.16.0.0/12	255.240.0.0	1,048,576
16 bit block in class C	192.168.0.0	192.168.255.255	192.168.0.0/16	255.255.0.0	65,536

The actual number of hosts will be fewer that listed because addresses on each subnet will be reserved as a broadcast address, etc.

This is detailed in RFC 1918 - Address Allocation for Private Internets. For a description of class A, B, and C networks see the YoLinux Networking Tutorial class description.

The private networks may be subdivided into various subnets as desired. Examples:

Range		CIDR Notation	Default Subnet Mask	Number of hosts
10.2.3.0	10.2.4.255	10.2.3.0/23	255.255.254.0	512
172.16.0.0	172.17.255.255	172.16.0.0/15	255.254.0.0	132608
192.168.5.128	192.168.5.255	192.168.5.128/25	255.255.255.128	128

CertGuide.com: Network Subnets

Example 1: Linux connected via PPP

This example uses a Linux computer connected to the internet using a dial-up line and modem (PPP). The Linux gateway is connected to the internal network using an ethernet card. The internal network consists of Windows PC's.

The Linux box must be configured for the private internal network and PPP for the dial-up connection. See the PPP tutorial to configure the dial-up connection. Use the ifconfig command to configure the private network. i.e. (as root)

   /sbin/ifconfig eth1 192.168.10.101 netmask 255.255.255.0 broadcast 192.168.10.255

This is often configured during install or can be configured using the Gnome tool neat (or the admin tool Linuxconf or netcfg for older Red Hat systems). System changes made with the ifconfig or route commands are NOT permanent and are lost upon system reboot. Permanent settings are held in configuration scripts executed during system boot. (i.e. /etc/sysconfig/...) See the YoLinux Networking tutorial for more information on assigning network addresses.

Run one of the following scripts on the Linux gateway computer:

iptables:

   iptables --flush                         - Flush all the rules in filter and nat tables
iptables --table nat --flush
iptables --delete-chain                  - Delete all chains that are not in default filter and nat table
iptables --table nat --delete-chain

# Set up IP FORWARDing and Masquerading
iptables --table nat --append POSTROUTING --out-interface ppp0 -j MASQUERADE
iptables --append FORWARD --in-interface eth0 -j ACCEPT         - Assuming one NIC to local LAN

echo 1 > /proc/sys/net/ipv4/ip_forward    - Enables packet forwarding by kernel

ipchains:

   #!/bin/sh
ipchains -F forward                                - Flush all previous rules and settings
ipchains -P forward DENY                           - Default set to deny packet forwarding
ipchains -A forward -s 192.168.10.0/24 -j MASQ     - Use IP address of gateway for private network
ipchains -A forward -i ppp0 -j MASQ                - Sets up external internet connection
echo 1 > /proc/sys/net/ipv4/ip_forward             - Enables packet forwarding by kernel

A PPP connection as described by the YoLinux PPP tutorial will create the PPP network connection as the default route.

Example 2: Linux connected via DSL, Cable, T1

High speed connections to the internet result in an ethernet connection to the gateway. Thus the gateway is required to possess two ethernet Network Interface Cards (NICs), one for the connection to the private internal network and another to the public internet. The ethernet cards are named eth and are numbered uniquely from 0 upward.

Use the ifconfig command to configure both network interfaces.

/sbin/ifconfig eth0 XXX.XXX.XXX.XXX netmask 255.255.255.0 broadcast XXX.XXX.XXX.255   - Internet
/sbin/ifconfig eth1 192.168.10.101 netmask 255.255.255.0 broadcast 192.168.10.255     - Private LAN

Also see notes on adding a second NIC.

Run the appropriate script on the linux computer where eth0 is connected to the internet and eth1 is connected to a private LAN:

iptables:

   # Delete and flush. Default table is "filter". Others like "nat" must be explicitly stated.
iptables --flush            - Flush all the rules in filter and nat tables
iptables --table nat --flush
iptables --delete-chain     - Delete all chains that are not in default filter and nat table
iptables --table nat --delete-chain

# Set up IP FORWARDing and Masquerading
iptables --table nat --append POSTROUTING --out-interface eth0 -j MASQUERADE
iptables --append FORWARD --in-interface eth1 -j ACCEPT

echo 1 > /proc/sys/net/ipv4/ip_forward             - Enables packet forwarding by kernel

ipchains:

   #!/bin/sh
ipchains -F forward                                - Flush rules
ipchains -P forward DENY                           - Default set to deny packet forwarding
ipchains -A forward -s 192.168.10.0/24 -j MASQ     - Use IP address of gateway for private network
ipchains -A forward -i eth1 -j MASQ                - Sets up external internet connection
echo 1 > /proc/sys/net/ipv4/ip_forward

Create a route for internal packets:

     route add  -net 192.168.10.0  netmask 255.255.255.0 gw XXX.XXX.XXX.XXX dev eth1

Where XXX.XXX.XXX.XXX is the internet gateway defined by your ISP. For more information on routing see the YoLinux networking tutorial

Note: While this configuration requires that the Linux gateway computer have two network cards, if you only have one PCI slot available you may use a card such as the Intel Pro 100 or Pro 1000 Dual Port which has two ethernet connections which reside on a single card. (This is what I use) Yolinux Hardware tutorial: More on Network interface cards

Intel PCI Dual Pro 100 or Pro 1000 NIC card supports two physical ethernet connections (eth0, eth1) on one card.
Compliant Standards: IEEE 802.3-LAN, IEEE 802.3U-LAN , Plug and Play
Connectivity Technology: Cable - 10Base-T, 100Base-TX
Data Link Protocol: Ethernet, Fast Ethernet
Processor: 82550 - Intel

Iptables options: (Linux kernel 2.4/2.6 firewall)

General /sbin/iptables format to add rules:
iptables [-t|--table table] -command [chain] [-i interface] [-p protocol] [-s address [port[:port]]] [-d address [port[:port]]] -j policy

Six pre-defined "chain" rules are available:

INPUT
OUTPUT
INPUT
FORWARD
PREROUTING
POSTROUTING
User defined chains (just give it a new name instead of one of the pre-defined names)

iptables options:

--table -t	Description
filter	Default table. This is used if not specified
nat	Network address translation
mangle	Used for Quality Of Service (QOS) and preferential treatment
raw	Enables optimization. i.e. Ignore firewall state matching for port 80 for enhanced speed due to less processing. Requires kernel patch

Command (Use one)	Description
-A --append	Append rule to chain
-D --delete	Delete rule from chain
-I --insert	Insert rule at beginning or at specified sequence number in chain.
-R --replace	Replace rule
-F --flush	Flush all rules
-Z --zero	Zero byte counters in all chains
-L --list	List all rules. Add option `--line-numbers` for rule number.
-N --new-chain	Create new chain
-X --delete-chain	Delete user defined chain
-P --policy	Set default policy for a chain
-E --rename-chain	Rename a chain

Command Option	Description
-s --source	Source address of packet
-d --destination	Destination address of packet
-i --in-interface	Interface packet is arriving from
-o --out-interface	Interface packet is going to
-p --protocol	Protocol: °tcp --sport port[:port] --dport port[:port] --syn °udp °icmp °mac ...
-j --jump	Target to send packet to
-f --fragment	Fragment matching
-c --set-counters	Set packet/byte counter
-m tcp --match tcp	°--source-port port[:port] (port # or range #:#) °--destination-port port[:port] °--tcp-flags
-m state --match state	--state °ESTABLISHED °RELATED °NEW °INVALID (Push content, not expected to recieve this packet.)

Defined Policies	Description
ACCEPT	Let packet through
DROP	Deny packet with no reply
REJECT	Deny packet and notify sender
RETURN	Handled by default targets
MARK	Used for error response. Use with option --reject-with type
MASQUERADE	Used with nat table and DHCP.
LOG	Log to file and specify message: °--log-level # °--log-prefix "prefix" °--log-tcp-sequence °--log-tcp-options °--log-ip-options
ULOG	Log to file and specify userpace logging messages
SNAT	Valid in PREROUTING chain. Used by nat.
REDIRECT	Used with nat table. Output.
DNAT	Valid in POSTROUTING chain. Output.
QUEUE	Pass packet to userspace.

For the full info see the man page for iptables.

Ipchains options: (Linux kernel 2.2 firewall)

General /sbin/ipchains format to add rules:
ipchains -A|I [chain] [-i interface] [-p protocol] [-y] [-s address [port[:port]]] [-d address [port[:port]]] -j policy [-l]

ipchains options:

Command	Description
-A	Add rule to chain
-D	Delete rule from chain
-I	Insert rule
-R	Replace rule
-F	Flush all rules
-L	List all rules
-N	Create new chain
-X	Delete user defined chain
-P	Set default targe

Command Option	Description
-s	Source address of packet
-d	Destination address of packet
-i	Interface packet is arriving from
-p	Protocol
-j	Target to send packet to
-y	For -p tcp. Packet is SYN packet.
--icmp-type	For -p icmp.
-l	Log the packet to syslog. `/var/log/messages` Available in default Red Hat 6.0+ kernel

System targets (policy)	Description
ACCEPT	Let packet through
DENY	Deny packet
REJECT	Deny packet and notify sender
MASQ	Forward chain masquerade
REDIRECT	Send to different port
RETURN	Handled by default targets

Four chain rule types are available:

IP input chain
IP output chain
IP forwarding chain
User defined chains (just give it a new name instead of the built-in names: input, output or forward)

For the full info see the man page for ipchains. To add firewall rules read the links provided below.

Configuring PCs on the office network:

All PC's on the private office network should set their "gateway" to be the local private network IP address of the Linux gateway computer.
The DNS should be set to that of the ISP on the internet.

Windows '95 Configuration:

Select "Start" + Settings" + "Control Panel"
Select the "Network" icon
Select the tab "Configuration" and double click the component "TCP/IP" for the ethernet card. (NOT the TCP/IP -> Dial-Up Adapter)
Select the tabs:
- "Gateway": Use the internal network IP address of the Linux box. (192.168.XXX.XXX)
- "DNS Configuration": Use the IP addresses of the ISP Domain Name Servers. (Actual internet IP address)
- "IP Address": The IP address (192.168.XXX.XXX - static) and netmask (typically 255.255.255.0 for a small local office network) of the PC can also be set here.

Linux computers:

IP Address: Use ifconfig or netcfg commands to set the IP address and netmask.
See Assigning an IP address portion of the Networking tutorial.
Gateway: The gateway is set with the route command. This can also be set by the GUI tool /usr/bin/netcfg or console tool /usr/sbin/netconfig. It is also stored by the system in the /etc/sysconfig/network file.
DNS: Configure file /etc/resolv.conf to set the DNS and default domain.
See the Network configuration files portion of the Networking tutorial.

Simple firewall for the desktop Linux system:

iptables -P INPUT   DROP
iptables -P FORWARD DROP
iptables -A INPUT -m state --state ESTABLISHED,RELATED -j ACCEPT
iptables -A INPUT -i lo -j ACCEPT
iptables -A OUTPUT -o lo -j ACCEPT

Allow network connections which have already been established (started by host) and related to your connection. FTP requires this as it may use various ports in support of the file transfer.)
Allow network input/output from self (lo).

Adding more security rules to your gateway:

iptables:

Deny a specific host: iptables -I INPUT -s XXX.XXX.XXX.XXX -j DROP

Block ports by adding the following firewall rules:

# Allow loopback access. This rule must come before the rules denying port access!!
iptables -A INPUT -i lo -p all -j ACCEPT  - Rule for your computer to be able to access itself via the loopback
iptables -A OUTPUT -o lo -p all -j ACCEPT

iptables -A INPUT -p tcp -s 0/0 -d 0/0 --dport 2049 -j DROP       - Block NFS
iptables -A INPUT -p udp -s 0/0 -d 0/0 --dport 2049 -j DROP       - Block NFS
iptables -A INPUT -p tcp -s 0/0 -d 0/0 --dport 6000:6009 -j DROP  - Block X-Windows
iptables -A INPUT -p tcp -s 0/0 -d 0/0 --dport 7100 -j DROP       - Block X-Windows font server
iptables -A INPUT -p tcp -s 0/0 -d 0/0 --dport 515 -j DROP        - Block printer port
iptables -A INPUT -p udp -s 0/0 -d 0/0 --dport 515 -j DROP        - Block printer port
iptables -A INPUT -p tcp -s 0/0 -d 0/0 --dport 111 -j DROP        - Block Sun rpc/NFS
iptables -A INPUT -p udp -s 0/0 -d 0/0 --dport 111 -j DROP        - Block Sun rpc/NFS
iptables -A INPUT -p all -s localhost  -i eth0 -j DROP  - Deny packets which claim to be from your loopback interface.

These rules may be executed on their own to protect your system while attached to the internet or they may be appended to the end of the iptables gateway NAT scripts above.

Debugging and logging:

iptables -A INPUT -j LOG --log-prefix "INPUT_DROP: "
iptables -A OUTPUT -j LOG --log-prefix "OUTPUT_DROP: "

Add this to the end of your rules and you should be able to monitor dropped connections in /var/log/messages. I do NOT log in this method due to the outrageous volume of messages it generates. Use this for debugging or short term monitoring of the network.

Another approach to firewalls is to drop everything and then grant access to each port you may need.

iptables -F
iptables -A INPUT -i lo -p all -j ACCEPT                       - Allow self access by loopback interface
iptables -A OUTPUT -o lo -p all -j ACCEPT
iptables -A INPUT -i eth0 -m state --state ESTABLISHED,RELATED -j ACCEPT - Accept established connections
iptables -A INPUT -p tcp --tcp-option ! 2 -j REJECT --reject-with tcp-reset
iptables -A INPUT -p tcp -i eth0 --dport 21 -j ACCEPT          - Open ftp port
iptables -A INPUT -p udp -i eth0 --dport 21 -j ACCEPT
iptables -A INPUT -p tcp -i eth0 --dport 22 -j ACCEPT          - Open secure shell port
iptables -A INPUT -p udp -i eth0 --dport 22 -j ACCEPT
iptables -A INPUT -p tcp -i eth0 --dport 80 -j ACCEPT          - Open HTTP port
iptables -A INPUT -p udp -i eth0 --dport 80 -j ACCEPT
iptables -A INPUT -p tcp --syn -s 192.168.10.0/24 --destination-port 139 -j ACCEPT   - Accept local Samba connection
iptables -A INPUT -p tcp --syn -s trancas --destination-port 139 -j ACCEPT
iptables -P INPUT DROP               - Drop all other connection attempts. Only connections defined above are allowed.

ipchains:

This script configures firewall rules for a Linux computer with two ethernet ports. One port connects the computer to the internet with an external address of XXX.XXX.XXX.XXX. The other ethernet port connects the computer to an internal network of 192.168.10.0 to 192.168.10.255. This script is more complex but preferred to the previous scripts because of the extra security that the extra firewall rules offer. The script does work with a system running portsentry. For more on portsentry see the YoLinux Internet Security: portsentry Tutorial.

Internet external network interface: eth0
Internal private network interface: eth1
Local loopback virtual interface: lo

Gateway script for ipchains firewall and NAT:

   #!/bin/sh

# Flush Rules
ipchains -F forward
ipchains -F output
ipchains -F input

# Set default to deny all
ipchains -P input   DENY
ipchains -P output  DENY
ipchains -P forward DENY

# Add Rules

# Accept packets from itself (localhost) (s)ource to itself (d)estination
# Keeps system logging, X-Windows or any socket based service working.
ipchains -A input  -j ACCEPT -p all -s localhost -d localhost -i lo
ipchains -A output -j ACCEPT -p all -s localhost -d localhost -i lo

# Deny and log (option -l) spoofed packets from external network (eth0) which mimic internal IP addresses
ipchains -A input -j REJECT -p all -s 192.168.10.0/24 -i eth0 -l

# Accept requests/responses from/to your own firewall machine
ipchains -A input   -j ACCEPT -p all -d XXX.XXX.XXX.XXX -i eth0
ipchains -A output  -j ACCEPT -p all -s XXX.XXX.XXX.XXX -i eth0

# Allow outgoing packets source (s) to destination (d)
ipchains -A input   -j ACCEPT -p all -s 192.168.10.0/24 -i eth1
ipchains -A output  -j ACCEPT -p all -s 192.168.10.0/24 -i eth1

# Deny and log (option -l) outside packets from internet which claim to be from your loopback interface
ipchains -A input  -j REJECT -p all -s localhost  -i eth0 -l

ipchains -A forward -s 192.168.10.0/24 -j MASQ
ipchains -A forward -i eth1 -j MASQ

# Enable  packet forwarding
echo 1 > /proc/sys/net/ipv4/ip_forward

Notes:

For this example it was assumed that your private network is from 192.168.10.0 to 192.168.10.255
The -d 0.0.0.0/0 refers to all or any destination address of packet. (destination in this case is irrelevant and the -d statement may be omitted))
localhost refers to your loopback interface on 127.0.0.1

Red Hat 7.1 will configure firewall rules as an option during installation. Note that the firewall rules are generated for ipchains. The configuration tool /usr/bin/gnome-lokkit was used to perform this setup.

Example of the security configuration: /etc/sysconfig/ipchains
This is the configuration file for the script /etc/rc.d/init.d/ipchains (which calls /sbin/ipchains-restore) which may be invoked during system boot.

# Firewall configuration written by lokkit
# Manual customization of this file is not recommended.
# Note: ifup-post will punch the current nameservers through the
#       firewall; such entries will *not* be listed here.
:input ACCEPT
:forward ACCEPT
:output ACCEPT
-A input -s 0/0 -d 0/0 80 -p tcp -y -j ACCEPT                - Allow WWW http access to web server
-A input -s 0/0 -d 0/0 22 -p tcp -y -j ACCEPT                - Allow SSH (Secure Shell) access
-A input -s 0/0 67:68 -d 0/0 67:68 -p udp -i eth0 -j ACCEPT  - Allow DHCP/BOOTPC
-A input -s 0/0 67:68 -d 0/0 67:68 -p udp -i eth1 -j ACCEPT
-A input -s 0/0 -d 0/0 -i lo -j ACCEPT
-A input -s 0/0 -d 0/0 -i eth1 -j ACCEPT  - eth1 internal network access OK. External eth0 goes through firewall rules
-A input -p tcp -s 0/0 -d 0/0 0:1023 -y -j REJECT    - This shuts off telnet,FTP,bind...! Use for a workstation only
-A input -p tcp -s 0/0 -d 0/0 2049 -y -j REJECT
-A input -p udp -s 0/0 -d 0/0 0:1023 -j REJECT       - Workstation only or explicitly ports as above with 80, 22
-A input -p udp -s 0/0 -d 0/0 2049 -j REJECT         - Block NFS
-A input -p tcp -s 0/0 -d 0/0 6000:6009 -y -j REJECT - Block remote X-Window connections
-A input -p tcp -s 0/0 -d 0/0 7100 -y -j REJECT      - Block remote font server connections

Note: Once ipchains have been invoked for kernel 2.4 (RH 7.1), one may NOT use iptables. You may use one or the other but not both.

Save/restore an tables/ipchains configuration:

IpTables: iptables-save man page
/sbin/iptables-save > /etc/sysconfig/iptables.rules
/sbin/iptables-restore < /etc/sysconfig/iptables.rules
IpChains: ipchains-save man page
/sbin/ipchains-save > /etc/sysconfig/ipchains.rules
/sbin/ipchains-restore < /etc/sysconfig/ipchains.rules

The system init script looks for the file name /etc/sysconfig/ipchains instead of /etc/sysconfig/ipchains.rules. This will make the rules accessible to the init script which will invoke the rules upon system boot. See the YoLinux Init process tutorial for more information on init scripts and system boot procedures.

Also see: how to turn off ICMP and look invisible to ping.

proc file settings:

Turning on Linux kernel support for spoof and DOS (Denial Of Service) protection:
```
   echo 1 >/proc/sys/net/ipv4/tcp_syncookies
```
Must first be compiled into kernel. (Included in Redhat default kernel) By default the Redhat install has this disabled (set to 0). This helps to prevent against the common 'syn flood attack'. A connecting computer (peer) may not receive reliable error messages from an over loaded server with syncookies enabled.
For more on SYS cookies see: CERT Advisory CA-96.21
Turn on Source Address Verification: (Off by default on Red Hat install - set to 0)
```
   echo 1 >/proc/sys/net/ipv4/conf/eth0/rp_filter
OR
echo 1 >/proc/sys/net/ipv4/conf/all/rp_filter
```
State the interface appropriate for your installation.
The first example prevents spoofing attacks against your external networks only.

IP spoofing is a technique where a host sends out packets which claim to be from another host. It is also used to hide the identity of the attacker.

The TCP Man page - Linux Programmer's Manual and /usr/src/linux/proc.txt [link] (Kernel 2.4) cover /proc/sys/net/ipv4/* file descriptions.

Also see:

local file:/usr/src/linux/Documentation/proc.txt
proc man page

IP Forwading Notes:

Choose one of the following to allow the Linux kernel to forward IP packets:

Immediately allow the forwarding of packets. The configuration is not preserved on reboot but sets a flag in the kernel itself.
```
    echo 1 > /proc/sys/net/ipv4/ip_forward
```
Another method is to alter the Linux kernel config file: /etc/sysctl.conf
Set the following value:
```
    net.ipv4.ip_forward = 1
```
This will configure the system to allow forwarding of packets upon system boot. It is stored in this configuration file and thus read and set upon system boot. If set to "0" then there will be no forwarding of packets.
An alternate method is to alter the network script: /etc/sysconfig/network
```
     FORWARD_IPV4=true
```
Change the default "false" to "true".

All the above methods will result in a proc file value of "1" to allow TCP packet forwarding. Options 2 and 3 set boot configurations in a configuration file and will not take effect until system boot.
Test the current setting of the kernel: cat /proc/sys/net/ipv4/ip_forward

Note: The /proc directory is NOT on your hard drive but is present in the running kernel.

CIDR Notation:

The notation "/24" refers to the use of the first 24 bits of a 32 IP address. The is the equivalent of using the bitmask 255.255.255.0. To put it another way, it specifies a range of IP addresses: 0 to 255 for the last octet while the first three remain constant.

Example: 192.168.103.0/24 refers to the IP address range 192.168.103.0 to 192.168.103.255

The notation "/32" refers to a single IP address as it implies that all 32 bits of the IP address are significant.

Configuration Tools:

GUI tools and scripts exist to help you with the configuration of ipchains. See:

EasyFw - Tcl/Tk - RPM available from web site.
RPM installs command: /usr/local/bin/easyfw
Firestarter - Configuration of firewall and real-time hit monitor for the Gnome desktop. Configures ipchains (kernel 2.2) and iptables (kernel 2.4)
Firewall Builder - iptables, ipfilter and OpenBSD PF. (GTK--)

Included with Red Hat 7.x is the Gnome GUI tool gnome-lokkit. (ipchains)

Tools for iptables configuration:

Webmin - Linux web admin tool
Shorewall
NARC: Netfilter Automatic Rule Configurator

Manage Your Laptop's Hotkeys On Fedora

2008-05-23T06:46:00.002+07:00

This document describes how to make your laptop's hotkeys usable on Fedora. I've tested this with Fedora 8 but it should also work with other Fedora versions - and maybe, with a little modification, also with other distributions.

This howto is a practical guide without any warranty - it doesn't cover the theoretical backgrounds. There are many ways to set up such a system - this is the way I chose.

1 Preparation

1.1 Needed Packages

We'll use xbindkeys to assign actions to the hotkeys that don't create an ACPI event.

xbindkeys

1.2 Xserver Configuration

To be able to toggle the touchpad on and off we have to adjust the xserver configuration (root privileges needed).

vi /etc/X11/xorg.conf

Search the section "InputDevice" with the identifier "Synaptics" and add the following line into this section.

Option "SHMConfig" "on"

The section should now look like this:

Section "InputDevice"
      Identifier  "Synaptics"
      Driver      "synaptics"
      Option      "Device" "/dev/input/mice"
      Option      "Protocol" "auto-dev"
      Option      "Emulate3Buttons" "yes"
      Option      "SHMConfig" "on"
EndSection

Afterwards save the changes and log out and back in again for the changes to take effect.

1.3 Hotkey Events

Let's find out what happens when we press the hotkeys.

1.3.1 ACPI

Most hotkeys like the "Fn-buttons" will create an ACPI event - so let's have a look at them. Run ...

acpi_listen

... and press a hotkey a few times. You'll see an output like this:

hotkey ATKD 00000031 0000001a
hotkey ATKD 00000031 0000001b
hotkey ATKD 00000031 0000001c

As you can see the first number (position3) is static and the second number dynamic. We need only the static number. Now press all your hotkeys one after another and write down the static numbers - you'll need them later.

1.3.2 Xev

Some hotkeys create a keycode instead of an ACPI event.

xev

A new window will pop up with a little square in it. Move the cursor into the square and press all hotkeys that haven't created an ACPI event in the step before. Don't move your mouse during this time - else you'll see lots of events caused by the movement of your mouse and not from the hotkeys. You'll see the keycode for each hotkey in the terminal window - it could look like this:

KeyPress event, serial 30, synthetic NO, window 0x3a00001,
root 0x13b, subw 0x3a00002, time 3282991713, (49,43), root:(1105,203),
state 0x0, keycode 162 (keysym 0x0, NoSymbol), same_screen YES,
XLookupString gives 0 bytes:
XmbLookupString gives 0 bytes:
XFilterEvent returns: False

KeyRelease event, serial 30, synthetic NO, window 0x3a00001,
root 0x13b, subw 0x3a00002, time 3282991781, (49,43), root:(1105,203),
state 0x0, keycode 162 (keysym 0x0, NoSymbol), same_screen YES,
XLookupString gives 0 bytes:
XFilterEvent returns: False

Write down the keycode numbers - you'll need them later.

2 Handle The ACPI Events

First we have to tell the ACPI event handler that our special script, that we'll create in a moment, shall be executed when a hotkey is pressed (root privileges needed).

vi /etc/acpi/events/hotkeys.conf

The content should look like this:

# Hotkey configuration

event=hotkey (ATKD|HOTK)*
action=/etc/acpi/actions/hotkeys.sh %e

Next we create a special script to work up the hotkey-events (root privileges needed).

vi /etc/acpi/events/hotkeys.sh

In the following I'll describe the single parts of the script. First we have to define the shell and the paths where the script has to search for the applications that you want to execute.

#!/bin/sh

PATH=/sbin:/bin:/usr/bin

The script is able to handle more than one session on multi-user systems. If you're the only user on the system enter your username into the corresponding field.

# Possible values:
# "0" = multi user system
# "your_username" = single user system
user="0"

This is the part that detects the user of the currently active session on multi user systems - nothing to adjust here.

# Detect the currently active user on multi user systems
checkuser()
{
if [ $user = "0" ]
then
uid_session=$(
ck-list-sessions | \
awk '
/^Session[0-9]+:$/ { uid = active = x11 = "" ; next }
{ gsub(/'\''/, "", $3) }
$1 == "uid" { uid = $3 }
$1 == "active" { active = $3 }
$1 == "x11-display" { x11 = $3 }
active == "TRUE" && x11 != "" {
print uid
exit
}'
)
user_data=(`cat /etc/passwd | grep $uid_session | tr ':' ' '`)
user=${user_data[0]}
fi
}

Now we reached the interesting part - here we'll assign actions to the hotkeys. Remember the hotkey events from step 1.3.1 - the third position of the ACPI events contains the static number that we need to distinguish between the events. Because we passed the whole ACPI event to this script we have to tell the script that it has to use the third position of the event - this is in $3.

# Assign actions to the hotkeys
case $3 in

The following hotkey configurations are examples from my laptop (ASUS G1S) - so you have to replace the event numbers so that they fit to your system. We'll start with the email client Evolution. When I press the email hotkey on my laptop the static event number is 00000050. When the button is pressed the function "checkuser" will be called to detect the user of the currently active session. Afterwards the script executes Evolution as the user of the currently active session and sends the output into the nirvana :) This is very important - otherwise the application would block the script until you close the application. So don't forget to add " &> /dev/null &" to commands that execute an application that runs until you close it and " &> /dev/null" to other applications that create an output.

# Start Evolution (email button)
00000050)
checkuser
su - $user -c "evolution --component=mail &> /dev/null &"
;;

The configuration for the webbrowser is almost equal to the one above.

# Start Firefox (browser button)
00000051)
checkuser
su - $user -c "firefox &> /dev/null &"
;;

Now we reached the touchpad configuration. Many laptops have an extra hotkey for the touchpad - we'll use the synclient to toggle our touchpad on and off when this hotkey is pressed (we activated the synclient in step 1.2). This is user independent so there's no need to call the "checkuser"-function.

# Toggle touchpad on|off (touchpad button)
0000006b)
tp_status=(`synclient -l | grep TouchpadOff`)

if [ ${tp_status[2]} = "1" ]
then synclient TouchpadOff=0
else synclient TouchpadOff=1
fi
;;

Next we have to configure the hotkeys for lowering and raising the volume. This is also user independent because there's only one soundcard to control (on most systems).

# Lower volume (Fn + F11)
00000031)
amixer sset Master Playback Volume 5%- &> /dev/null
;;

# Raise volume (Fn + F12)
00000030)
amixer sset Master Playback Volume 5%+ &> /dev/null
;;

We'll use a workaround to mute the volume because the amixer's real mute function causes a big problem - most players will crash when you use it. When the mute hotkey is pressed the script looks if the sound is activated at the moment and if it is, it writes the current state into a file before it sets the volume to 0%. When you press this hotkey again (and the volume is still at 0%) the script will get the last volume state out of the file and restore it.

# Toggle mute (0% - last state) (Fn + F10)
00000032)
snd_status=(`amixer sget Master Playback Volume | egrep "\[on|off\]$"`)
cur_vol=$(echo ${snd_status[4]} | tr '[|]|%' ' ')

if [ $cur_vol != "0" ]
then
cat /dev/null > /opt/.volume
echo $cur_vol > /opt/.volume
amixer sset Master Playback Volume 0% &> /dev/null
else
sav_vol=$(cat /opt/.volume)
if [ $sav_vol = "" ]
then amixer sset Master Playback Volume 50% &> /dev/null
else amixer sset Master Playback Volume $sav_vol% &> /dev/null
fi
fi
;;

In the last step we close the case clause and exit the script.

esac

exit 0

Now save the file and make it executeable.

chmod +x /etc/acpi/events/hotkeys.sh

For example the whole script on my system for better understanding.

#!/bin/sh

PATH=/sbin:/bin:/usr/bin

# Possible values:
# "0" = multi user system
# "your_username" = single user system
user="olli"

# Detect the currently active user on multi user systems
checkuser()
{
  if [ $user = "0" ]
  then
      uid_session=$(
          ck-list-sessions | \
          awk '
          /^Session[0-9]+:$/ { uid = active = x11 = "" ; next }
          { gsub(/'\''/, "", $3) }
          $1 == "uid" { uid = $3 }
          $1 == "active" { active = $3 }
          $1 == "x11-display" { x11 = $3 }
          active == "TRUE" && x11 != "" {
          print uid
          exit
          }'
      )
      user_data=(`cat /etc/passwd | grep $uid_session | tr ':' ' '`)
      user=${user_data[0]}
  fi
}

# Assign actions to the hotkeys
case $3 in

  # Start Evolution (email button)
  00000050)
  checkuser
  su - $user -c "evolution --component=mail &> /dev/null &"
  ;;

  # Start Firefox (browser button)
  00000051)
  checkuser
  su - $user -c "firefox &> /dev/null &"
  ;;

  # Toggle touchpad on|off (touchpad button)
  0000006b)
  tp_status=(`synclient -l | grep TouchpadOff`)

  if [ ${tp_status[2]} = "1" ]
  then
      synclient TouchpadOff=0
      echo 1 > /sys/class/leds/asus:touchpad/brightness
  else
      synclient TouchpadOff=1
      echo 0 > /sys/class/leds/asus:touchpad/brightness
  fi
  ;;

  # Lower volume (Fn + F11)
  00000031)
  amixer sset Master Playback Volume 5%- &> /dev/null
  ;;

  # Raise volume (Fn + F12)
  00000030)
  amixer sset Master Playback Volume 5%+ &> /dev/null
  ;;

  # Toggle mute (0% - last state) (Fn + F10)
  00000032)
  snd_status=(`amixer sget Master Playback Volume | egrep "\[on|off\]$"`)
  cur_vol=$(echo ${snd_status[4]} | tr '[|]|%' ' ')

  if [ $cur_vol != "0" ]
  then
      cat /dev/null > /opt/.volume
      echo $cur_vol > /opt/.volume
      amixer sset Master Playback Volume 0% &> /dev/null
  else
      sav_vol=$(cat /opt/.volume)
      if [ $sav_vol = "" ]
      then    amixer sset Master Playback Volume 50% &> /dev/null
      else    amixer sset Master Playback Volume $sav_vol% &> /dev/null
      fi
  fi
  ;;

esac

exit 0

One thing is still to do. There's a bug that will prevent the ACPI daemon to execute the commands in our script after you started/restarted your system. You have to restart the ACPI daemon everytime after you logged in into a GNOME session. I think you don't want to do that manually :) so I found a workaround (root privileges needed).

vi /etc/gdm/Init/Default

Add the following lines at the bottom of the file - before the exit.

# acpid workaround
/etc/init.d/acpid restart

The corresponding part of the file should look like this:

[...]

# acpid workaround
/etc/init.d/acpid restart

exit 0

Now the ACPI daemon will be restarted automatically after each login.

3 Handle The Xev Events

Maybe you found a few hotkeys that have not created an ACPI event in step 1.3.1 but a keycode event in step 1.3.2. Now it's time to configure them - first we have to create the needed configuration file (without root privileges!).

xbindkeys --defaults > $HOME/.xbindkeysrc

Now let's edit it.

vi ~/.xbindkeysrc

You'll see an example configuration and some notes within the file. The configuration is very easy - simply add a line with the command that shall be executed and below the keycode (c:%keycode%) that belongs to this action. For example the configuration on my laptop (a few multimedia hotkeys like start/pause, stop etc...).

# MM button actions

# MM play/pause
"/usr/bin/audacious -p"
c:162

# MM stop
"/usr/bin/audacious -s"
c:164

# MM rewind
"/usr/bin/audacious -r"
c:144

# MM forward
"/usr/bin/audacious -f"
c:153

Now save the changes and add xbindkeys (/usr/bin/xbindkeys) to the autostart programs (System - Preferences - Personal - Sessions). Please note that you have to log out and back in again for the changes to take effect.

Tired of waiting on Apple, researchers disclose iCal bugs

2008-05-22T20:46:00.000+07:00

iCal calendar program, a security company said Wednesday in an advisory that showed months of back-and-forth between Apple and the researchers over whether bugs were serious enough to warrant patches, and if so, when Apple would patch them.

After several delays requested by Apple, the security vendor put its foot down and told the company's security team it would release information about the vulnerabilities May 21, whether Apple had issued patches or not.

In a bulletin posted to the Bugtraq and Full Disclosure mailing lists and on its own Web site, Core Security Technologies detailed three bugs in iCal that attackers could remotely exploit using compromised servers, malicious Web sites or e-mailed .ics file attachments.

"The vulnerabilities may allow un-authenticated attackers to execute arbitrary code on vulnerable systems with (and potentially without) the assistance from the end user of the application or to repeatedly execute a denial of service attack to crash the iCal application," said Core Security.

iCal calendar program, a security company said Wednesday in an advisory that showed months of back-and-forth between Apple and the researchers over whether bugs were serious enough to warrant patches, and if so, when Apple would patch them.

After several delays requested by Apple, the security vendor put its foot down and told the company's security team it would release information about the vulnerabilities May 21, whether Apple had issued patches or not.

In a bulletin posted to the Bugtraq and Full Disclosure mailing lists and on its own Web site, Core Security Technologies detailed three bugs in iCal that attackers could remotely exploit using compromised servers, malicious Web sites or e-mailed .ics file attachments.

"The vulnerabilities may allow un-authenticated attackers to execute arbitrary code on vulnerable systems with (and potentially without) the assistance from the end user of the application or to repeatedly execute a denial of service attack to crash the iCal application," said Core Security.

iCal is the scheduling and to-do application bundled with Mac OS X. It's used both as a standalone personal calendaring program and also as the client for connecting to Apple's calendar server.

Core Security first reported the iCal vulnerabilities and a fourth in iCal Server, a component of Mac OS X Server, on Jan. 30, 2008, but then spent nearly the next four months asking Apple when the company would patch the bugs, answering questions from Apple's security team and pushing back the deadline for publishing its findings.

In March, Apple said it considered only one of the three vulnerabilities a "security bug," according to Core Security, a stance that researchers there contested several times. "Vendor states that end of April is still the estimated date and provides more details that explain why the first two bugs are been considered null-pointer dereference bugs only," Core's timeline noted for April 17.

Later that day, Core said, it told Apple "the three bugs still have security-related consequences. Core considers bug[s] that allow unauthenticated third parties to be security vulnerabilities."

Apple patched the server-side vulnerability in March with Security Update 2008-002, a monster patch batch that included nearly 90 bug fixes; earlier, it had determined that the flaw was not in iCal Server, as Core Security had claimed, but in the Wiki Server instead.

But it was the patch planning for the iCal client that stretched on and on, said Core Security in the advisory. On four separate occasions, Apple requested that Core postpone the publishing of information about the vulnerabilities; each time Core agreed.

The problem: Apple kept shifting the deadline for delivering iCal patches.

According to Core, Apple first said it would fix iCal in time to make the 2008-002 update, which was released March 18, but when that proved impossible, changed the date to late April, then to early May, then finally to Monday, May 19.

After being asked May 10 to delay its disclosure a fifth time, Core Security said it would discuss rescheduling. Two days later, however, it told Apple it was setting Wednesday, May 21, as the drop-dead deadline. "Core communicates [to] the vendor that the publication of the advisory is re-scheduled to May 21, that date is final," Core Security noted in its bulletin.

The final advisory states that iCal 3.01 running in Mac OS X 10.5.1 is vulnerable, but it's unclear if that note was simply outpaced by events or is accurate; users running Mac OS X 10.5.2, the most current version of Leopard, are equipped with iCal 3.0.2. Core Security was not available for comment late Wednesday.

Apple has not patched the three iCal vulnerabilities spelled out by Core Security, and did not respond to queries Wednesday about when it would.

Beibei gets on the record as Sony Ericsson G702

2008-05-22T20:23:00.000+07:00

The first hard enough evidence of the newest UIQ family member Sony Ericsson G702 has just appeared on the FCC website. The handset codenamed Beibei leaked online a couple of weeks ago but in a different color combo.

As you might have guessed, the FCC web site isn't all about publishing the full specs so the information is pretty scarce at this point. We can still get an idea from the photos and the enclosed manual. Sony Ericsson G702 is coming with a 3.2 megapixel camera, auto focus still doubtful at this stage. M2 memory expansion is also aboard. A three-position jog wheel and two scroll keys are in charge of navigation on the handset.

Sony Ericsson G702 at FCC

Sony Ericsson G702 features the latest 3.3 version of the Symbian UIQ user interface. The handset also packs a built-in GPS receiver and navigation software, as well as Wi-Fi and 3G connectivity. Bluetooth and USB go without saying.

The manual suggests Sony Ericsson G702 will feature the Opera 9.5 web browser with Flash Lite 3 support. This means browsing flash-based web sites, which is still enough of a rarity among mobile phones. You can check a demo of the excellent features of the Opera Mobile 9.5 web browser here.

The final feature we are able to confirm at this stage is Widgets support. So far, so good - should do for a taster. The ball is now with Sony Ericsson for an official announcement.

Samsung F480 gets official, again

2008-05-22T20:21:00.000+07:00

Today Samsung officially announced their newest touchscreen phone - the Samsung F480 or otherwise known as Samsung TouchWiz. Yeah, we know that it was announced in Barcelona back in February but there is some news in this second announcement too.

For a start the Samsung F480 will be sold under different names in different regions. For example in the UK the F480 is going to be sold as Samsung Tocco.

Samsung F480

Samsung also revealed the details about the battery of the handset - 1000 mAh of capacity, 3 hours of talk time and 300 hours of stand-by time. The dimensions have also been slightly updated to 98.4 x 55 x 11.6 mm and the weight has been fixed at 100.6 grams.

Also this second announcement hints of the fact that Samsung F480 is about to hit the shelves in the nearest future. In fact some online retailers are already accepting pre-orders. The rates are however rather high, starting at about 600-700 US dollars.

Samsung F480 lifestyle photos

In case you need a quick memory refresh here are the most important features of Samsung F480. It is tri-band phone with HSDPA 7.2Mbps support, and an ample 2.8" touchscreen QVGA display. The camera counts the impressive 5 megapixels and comes with autofocus, power LED flash, image and video stabilization.

Of course, there is audio and video player with multiple file format support, as well as FM Radio with RDS. The impressive TouchWiz user interface and navigation are the final ingredients for making the classy performer.

Mozilla launches Firefox 3.0 RC1 early

2008-05-20T18:23:00.004+07:00

On Friday rolled out the release candidate for Firefox 3.0, bringing the open-source browser one step closer to its first major overhaul in nearly 19 months.

The appearance of Firefox Release Candidate 1 (RC1) came earlier than expected. As recently as last Saturday, Mozilla's chief engineer said that although the company had locked down RC1's code, it was planning to publicly launch the build in "late May."

Firefox RC1 is available now for download from Mozilla's servers and is being offered as an update to users running Firefox Beta 5, the final beta edition that shipped six weeks ago.

On Friday rolled out the release candidate for Firefox 3.0, bringing the open-source browser one step closer to its first major overhaul in nearly 19 months.

The appearance of Firefox Release Candidate 1 (RC1) came earlier than expected. As recently as last Saturday, Mozilla's chief engineer said that although the company had locked down RC1's code, it was planning to publicly launch the build in "late May."

Firefox RC1 is available now for download from Mozilla's servers and is being offered as an update to users running Firefox Beta 5, the final beta edition that shipped six weeks ago.
Even so, Mike Beltzner, Mozilla's interface designer, voiced the usual warning to ward off casual users. "The Firefox 3 Release Candidate is a public preview release intended for developer testing and community feedback," he said in a post Friday evening to Mozilla's developer center blog.

Beltzner touted user interface changes, stability and compatibility fixes, as well as performance improvements made to RC1 since the last beta. Meanwhile, the RC1 release notes cautioned users that some add-ons may not work with the candidate.

Although Mozilla has run through multiple release candidates in the past -- three before moving on to final for Firefox 2.0 in late 2006 -- Mike Schroepfer, vice president of engineering, said a week ago that RC1 might be the sole build prior to calling the browser done.

Schroepfer has said several times that Firefox 3 will ship in June.

Firefox currently accounts for about 17.7% of the browser market, according to the most recent data from Net Applications Inc. Microsoft Corp.'s Internet Explorer remains the most widely used browser, with a 74.8% share, while Apple Inc.'s Safari comes in third with 5.8%.

Firefox 3 RC1 can be downloaded for Windows, Mac OS X and Linux in 41 languages from Mozilla's site.

First look at OpenOffice.org 3.0 beta

2008-05-20T18:10:00.003+07:00

Since I’m testing the viability of running Ubuntu on a number of platforms, and paving the way to shift from Internet Explorer to Firefox 3.0, I might as well take a look at the viability of abandoning Microsoft Office and making the leap to OpenOffice.org.

Check out the OpenOffice.org gallery.

Now, I’m a firm believer that the OpenOffice.org (OO.o) suite offers far more functionality than the average user needs or wants. However, an area of prime concern to me is backward compatibility with Microsoft Office. This is important to me for two reasons:

* I have a massive archive of old Word, Excel and PowerPoint files that I need to be able to have access to. Not only do I need to be able to open these documents, but the reproduction (both on-screen and print) needs to be faithful.
* I exchange Word, Excel and PowerPoint files on a regular basis with others. Most of the people and companies I work with use Microsoft Office (although some do use OO.o) so my solution needs to be compatible.

Check out the OpenOffice.org gallery.

Now, I’m a firm believer that the OpenOffice.org (OO.o) suite offers far more functionality than the average user needs or wants. However, an area of prime concern to me is backward compatibility with Microsoft Office. This is important to me for two reasons:

I have a massive archive of old Word, Excel and PowerPoint files that I need to be able to have access to. Not only do I need to be able to open these documents, but the reproduction (both on-screen and print) needs to be faithful.
I exchange Word, Excel and PowerPoint files on a regular basis with others. Most of the people and companies I work with use Microsoft Office (although some do use OO.o) so my solution needs to be compatible.

With that in mind I downloaded OpenOffice.org 3.0 Beta and loaded it into a VMware test machine for experimentation. [See gallery for a close-up view.]

Here are some thoughts from the download and install process:

The complete download is only 144MB.
Installation was quick and painless, taking only a few minutes (less than five).
No restart required.
OO.o doesn’t seem to junk up the system much (compared to Microsoft Office 2007).

Once I had the application suite installed, I decided to have a look around.

The first time loading any of the applications seems slow, much slower than the Microsoft Office 2007 equivalent. Subsequent launches are much faster (until you reboot).
File loading times don’t seem that different to those the Microsoft Office 2007 equivalent.
Once loaded, applications feel nice and responsive, same as the Microsoft Office 2007 equivalent.
Occasionally I noticed odd screen artifacts when using menus or resizing windows. Not sure what’s behind this.

OK, but what about compatibility?

Word document compatibility

For this test I created three Word documents in .docx Word 2007 format:

A simple one page document containing text and simple formatting
A 217 page document containing text and simple formatting
A two page document containing drop caps, SmartArt and Shapes

OpenOffice.org Writer beta handled the first two documents just fine with hardly any format differences (nothing that mattered at any rate).

The third document was a different matter. The formatting on the drop cap was wrong, the SmartArt didn’t show up and the Word Shape was rendered incorrectly.

Document displayed in Word 2007

Document displayed in Writer 3.0 beta

I then tool the three documents as displayed in Writer and saved them in the Word 97/2000/XP .doc format and tried opening these in Word 2007. All three files worked fine in Word 2007, although the two page document containing drop caps, SmartArt and Shapes was no longer formatted correctly.

Conclusion: Since I don’t do much with drop caps, SmartArt and Shapes, I think I could live with Writer instead of Word.

Next I created a test Excel document in Excel 2007 .xslx format that contained several examples of formulae (sum, average, count number, min and max), and a couple of charts (I use Excel charts a lot).

Document displayed in Excel 2007

The file opened in OpenOffice.org Calc beta and all the formulae seemed to work fine, but the charts were as good. They were accurate in terms of the information, but they were a stylistic nightmare.

Document displayed in Calc 3.0 beta

Saving the file in Calc into Excel 97/2000/XP .xls format just mangled the charts further when the output was opened in Excel 2007.

Document saved into .xls format in Calc 3.0 beta and opened in Excel 2007

Conclusion: The way Calc handles charts for me is, at present, a deal-breaker. Maybe things will get better as the beta program progresses.

PowerPoint document compatibility

I created a couple of sample PowerPoint document in PowerPoint 2007 .pptx format based on built-in templates.

So, how did OpenOffice.org Impress beta handle these files? Well, to put it bluntly, the output was an unmitigated disaster.

Document #1 displayed in PowerPoint 2007

Document #2 displayed in PowerPoint 2007

Document #1 displayed in Calc 3.0 beta

Document #2 displayed in Calc 3.0 beta

Conclusion: Impress totally fails to impress me.

Closing thoughts

It’s early days for OO.o 3.0 Beta and things could get a lot better between now and release, but what I’m seeing now doesn’t give me much hope that I’ll be able to replace Microsoft Office 2007 with OO.o 3.0.

Thoughts?

Sony Ericsson P5 revealed live again

2008-05-20T16:21:00.002+07:00

images of the Sony Ericsson P5 leaked again online. This time they are much better - the currently rumored specs remain confirmed - 5 megapixel camera, GPS, a 2.6-inch touch-screen display and a “heart-breaking” QW-ER-TY keyboard like the one of Sony Ericsson M600. Obviously the announcement of the Sony Ericsson future flagship is just behind the corner.

According to the person who has taken the photos, the performance of the 5 megapixel auto focus camera is not up to scratch yet with sever color problems, but we are sure those will be fixed in the retail version of the Sony Ericsson P5.

Sony Ericsson P5 - 5 megapixel camera

As you probably know the Sony Ericsson P5 is equipped with built-in GPS receiver - the supplied navigation solution is a tweaked version of the WayFinder Navigator. Since the WayFinder Navigator is a trial version, GoogleMaps also comes pre-installed. Unfortunately at this stage the sensitivity of the GPS receiver is rather poor - way worse than the one of the Sony Ericsson C702 or Nokia handsets.

Sony Ericsson P5 - side view

Below the display of the Sony Ericsson P5 there is a row of touch-sensitive keys which are in fact shortcuts to some of the applications. Most of them have something to do with the web browser (a promise of an enhanced web experience perhaps) and there’s a key to take you to either the main menu or upon a longer press - to the task manager. Seems like the user-friendliness of these keys is hampered by their small size and low responsiveness.

Sony Ericsson P5 - touch-sensitive keys • QWERTY keyboard • compared to Neonode 2

The author of the images says that the improvements of the new UIQ 3.3 user interface that the Sony Ericsson P5 comes with are not visible at first glance but we see a definite face lift on the posted screenshots. The multimedia performance however seems improved, along with the better responsiveness in the messaging and most system applications.

Sony Ericsson P5 - the new UIQ 3.3 user interface and the GPS navigation menu

The Swiss Manager application reveals that the Sony Ericsson P5 runs on the same 208 MHz CPU as previous Sony Ericsson models. The amount of RAM installed is also the same - 128MB.

Fedora 9 Tips and Tricks (v0.1)

2008-05-20T16:12:00.000+07:00

I've started to add x86_64 specific instructions below when they differ from traditional 32-bit instructions. The biggest issue is with multimedia plug-ins which are still often available only in 32-bit versions. Please note that I have yet to test the 64-bit instructions personally so if you do try them please do so with care and use the comments section at the bottom to send corrections.

* Upgrading from a previous Fedora release
* Add support for other repositories
* Install MP3 plug-in
* Install Macromedia Flash/Shockwave Plug-in
* Install DVD player
* Install MPlayer Media Player
* Install VLC (VideoLAN Client)
* Install RealPlayer 10 Media Player
* Install Java J2RE and Mozilla Plug-in
* Install NTFS driver
* Install Internet Explorer
* Install Other Odds and Ends
* Common Glitches/Problems
* Other Useful Resources

I've started to add x86_64 specific instructions below when they differ from traditional 32-bit instructions. The biggest issue is with multimedia plug-ins which are still often available only in 32-bit versions. Please note that I have yet to test the 64-bit instructions personally so if you do try them please do so with care and use the comments section at the bottom to send corrections.

* Upgrading from a previous Fedora release
* Add support for other repositories
* Install MP3 plug-in
* Install Macromedia Flash/Shockwave Plug-in
* Install DVD player
* Install MPlayer Media Player
* Install VLC (VideoLAN Client)
* Install RealPlayer 10 Media Player
* Install Java J2RE and Mozilla Plug-in
* Install NTFS driver
* Install Internet Explorer
* Install Other Odds and Ends
* Common Glitches/Problems
* Other Useful Resources

Upgrading from a previous Fedora
One of the great new features is to be able to do a live upgrade from an older Fedora release to Fedora 9. You simply have to install the new package called preupgrade and run the program as root:

# yum -y install preupgrade
# preupgrade

This process does take a LONG TIME, requires a high speed internet connection and has a couple minor gotchas but so far I've done a couple upgrades with no data loss and pretty much everything has "just worked" afterwards. You don't need to download and burn any ISOs as the upgrade is done on top of your current installation.

After the preupgrade script downloads a ton of packages it will reboot and begin the upgrade procedure automatically. Follow the instructions and after the upgrade is complete log back in and you'll have to fix a couple little things. One things is that you'll need to update the Livna repository file below and then clear the yum cache. Once you do that you'll have to do an update again and this time yum will automatically update any extra software you had installed from Livna with the previous version.

# rpm -Uhv http://rpm.livna.org/livna-release-9.rpm
# yum clean all
# yum -y update

This too will take a while since it's likely that dozens of packages will need to be updated. Once it's done it's a good idea to reboot again for good measure and if all goes well you should be done!
Add support for other repositories
Fedora comes with a ton of software but there are still plenty of packages of interest to most users that are not included for a variety of reasons. This is where you find the MP3 plug-in and a ton of other packages.

These instructions can vary depending on 32bit or 64bit architecture. If there is a difference it will be noted. If you don't know which architecture you're running you can run the following command:

$ uname -m
x86_64
...or...
i686

I'm still working on the 64 bit specific instructions so your feedback is very important.

Before you add repositories it's probably a good idea to make sure your system is fully updated first. At this point I'm prefering the Livna repository as it's the most useful and complete but at some point I might need to add another one for things that are lacking there. The easiest way to get started is to install the livna-release packages:

# rpm -ihv http://rpm.livna.org/livna-release-9.rpm

Please note: If you are upgrading from a previous release this command will fail with a conflict. Skip to the next section on upgrading from a previous release instead.

When adding additional repositories be very careful as many respositories don't mix well. It's ok to add specialized repositories such as the one for Flash below, but when mixing general repositories such as FreshRPMs, Livna or ATrpms there are often conflicts that are difficult to recover from.

You can browse the packages available there at http://livna-dl.reloumirrors.net/fedora/9/.
Install MP3 Plug-in
Since you've been following along this next step is about as easy as it gets. Just use yum to automatically install the MP3 plug-ins for xmms and Rhythmbox like this:

# yum -y install xmms xmms-mp3 xmms-faad2 gstreamer-plugins-ugly \
gstreamer-plugins-bad libmad libid3tag

While you're here you might as well install my personal favorite (this week at least) music player Banshee:

# yum -y install banshee

The -y flag is to automatically answer yes to any question. If you want to be able to say no you can ignore that flag.

While you're there I highly recommend the grip CD ripper which supports both MP3 and Ogg formats. Once again installation is quite simple:

# yum -y install grip

Install Macromedia Flash/Shockwave plug-in
Flash Plug-in 9.0
32-bit instructions:
It's now "Windows easy". Just go to a site that uses flash such as YouTube and try to view a video. At the top of the window you will get a prompt like this:

Just click on Install Missing Plugins and follow the prompts. It will install the plug-in for the currently installed user only, not system wide.

64-bit instructions:
Thnks to Tristian for the following instructions. I haven't been able to try them myself yet, hopefully soon.

# rpm -ivh http://linuxdownload.adobe.com/adobe-release/adobe-release-i386-1.0-1.noarch.rpm
# rpm --import /etc/pki/rpm-gpg/RPM-GPG-KEY-adobe-linux
# mkdir -p /usr/lib/mozilla/plugins
# yum install nspluginwrapper.{i386,x86_64} pulseaudio-lib.i386
# yum install flash-plugin
# mozilla-plugin-config -i -g -v

Install DVD player
Currently I find the DVD player that works best is the Xine Multimedia Player which is found in the Livna repository so installing it is just this simple:

# yum -y install xine xine-lib xine-skins xine-lib-extras-nonfree libdvdcss

This will install the xine DVD/VCD/CD player. Now to get xine to automatically play a DVD upon insertion instead of the Totem player which can't actually play DVDs, you can simply use the gconftool-2 utility as follows:

$ gconftool-2 --set /desktop/gnome/volume_manager/autoplay_dvd_command \
'xine --auto-play --auto-scan dvd' --type='string'

Install MPlayer Media Player
At some point you're probably going to want to play a QuickTime, AVI or ASF file so you'll want the MPlayer media player. Fortunately with the FreshRpms repositories it's also very easy to download and install. Then you can go ahead and install mplayer and all it's dependencies:

# yum -y install mplayer mplayer-gui mplayer-skins mplayer-fonts mplayerplug-in

This command line will download the whole kit and kaboodle, command line utilities, plug-ins, etc. If you want to play content from a command line you will want to use the gmplayer version which will include a skin-able control panel. Restart your web browser after that whole mess is done installing and you'll also have a plug-in for Mozilla so you can play embedded content. While you're at it be sure to configure mplayer to use the Pulse sound system rather than the default. It just works better. Edit the file ~/.mplayer/config and add the following line:

ao=pulse

You can enable support for mms streaming by opening Firefox and click on the special URL about:config. Right click on the list and choose New then choose String. For the preference name enter network.protocol-handler.app.mms then for the string value enter gmplayer.

Special 64-bit instructions:
The above installs the 64-bit version of everything but because your other plug-ins are 32-bits you need to run the 32-bit version of Firefox, which won't be able to use the 64-bit version of the plug-in you just installed. The plug-in can use the 64-bit version of the mplayer application just fine so all you need to do then is to install the 32-bit mplayerplug-in plus a dependency it requires. If you know of any easier way to do this please let me know below.

# rpm -ihv http://ftp.freshrpms.net/pub/freshrpms/fedora/linux/7/mplayerplug-in/mplayerplug-in-3.40-1.fc7.i386.rpm

And finally you'll probably also want some additional codecs to play all that proprietary video that seems to have infected the Internet. Go to the MPlayer Download page and find the Binaries Codec Package section then follow the link for codecs directory. There you will grab the latest all codecs file. You'll need to install those files in /usr/local/lib/codecs. Here are the steps. Remember the exact file names may change at some point. If you also installed xine you will need a symlink since it expects codecs to be in a different directory.

# gtar xjvf all-20071007.tar.bz2
# mv all-20071007/* /usr/local/lib/codecs
# ln -s /usr/local/lib/codecs /usr/lib/codecs
# ln -s /usr/local/lib/codecs /usr/local/lib/win32

Install VLC (VideoLAN Client)
Multimedia can be the achilles heel of Linux, but with just a little work you should be able to play just about anything your friends can. Besides Mplayer the other great video player is called VLC. It too is trivially easy to install once you have your repositories set up:

# yum -y install vlc

Once the client and a zillion dependencies get installed you can play a huge variety of video formats easy with the command vlc
Install RealPlayer 10 Media Player
This one is a little tricky only because the latest official release is horribly out of date and doesn't even use ALSA for sound. So rather than deal with annoying workarounds I think the easiest thing to do now is to just use the latest daily build that's available. I'm currently using RealPlayer11GOLD.rpm which you can just download and install. This one pretty much "just works" and doesn't seem to have any bugs I can see.

Just install it:

$ rpm -ihv RealPlayer11GOLD.rpm

Then whenever you want to view something just use /usr/bin/realplay. Here is a link to a cute test video to make sure it's working for you.

If you also installed Mplayer above then you will likely run into a problem where the Mplayer provided Real Media plug-in will be run instead of the one installed by the RealPlayer package. The mplayer verison of the plug-in does not work correctly in most cases and causes more problems than it solves. The only way I've found to get rid of it is to just simply delete the plug-in files:

# cd /usr/lib/mozilla/plugins
# rm mplayerplug-in-rm.*

You'll of course need to do that again should you re-install or upgrade the mplayer plug-ins.
Install Java J2RE and Mozilla Plug-in
Fedora 9 now includes a fully open source Java implementation complete with Firefox plugin. You can verify it's there at the command line:

$ java -version
java version "1.7.0"
IcedTea Runtime Environment (build 1.7.0-b21)
IcedTea Client VM (build 1.7.0-b21, mixed mode)

And you can verify the Firefox plug-in works using one of the Java testers at http://java.com/en/download/installed.jsp or http://www.javatester.org/version.html
Install NTFS driver
Fedora 9 now includes the Fuse based NTFS filesystem driver so no special instructions are required any more.
Install Internet Explorer
I know what you're saying, why would I ever want Internet Explorer installed on my perfectly good Linux system? If you don't have your own answer to that question, feel free to just skip this section. For everyone else, it's actually quite easy thanks to some very handy scripts from IEs4Linux. Before you start you'll need to make sure you have wine and cabextract installed:

# yum -y install wine cabextract

Then just download the latest script, extract and run it. The example below is based on version 2.0.5, just adjust the version number as necessary. Please note that you will want to install and run this as your own user, NOT as root. I used the defaults except that I installed all the versions of IE. I do some web development and I always find myself needing to resolve some goofy incompatibilites with older versions of IE.

$ gtar xzvf ies4linux-2.0.5.tar.gz
$ cd ies4linux-2.0.5
$ ./ies4linux
Welcome, greg! I'm IEs4Linux.
I can install IE 6, 5.5 and 5.0 for you easily and quickly.
You are just four 'enter's away from your IEs.

I'll ask you some questions now. Just answer y or n (default answer is the bold one)

IE 6 will be installed automatically.
Do you want to install IE 5.5 SP2 too? [ y / n ] y
.
.
.
IEs 4 Linux installations finished!

To run your IEs, type:
ie6
ie55
ie5

You can read more about this feature on my Internet Explorer with ActiveX on Linux page. It goes into a little more detail about using IE on Linux.
Install Other Odds and Ends
This section used to have information on installing additional fonts. With the font improvements in Fedora 9 they really aren't needed any more.
Other Handy Utilities
Here are a few other tools that aren't installed by default but a lot of people find handy:

# yum -y install gnomebaker testdisk thunderbird screen cups-pdf \
unrar deluge

deluge - Advanced graphical Bittorrent client
cups-pdf - Add-on to CUPS which creates a PDF Printer which you can use to print any document in PDF format. The file is written to your Desktop.
gnomebaker - GTK based CD/DVD burning utility
screen - If you do a lot with the command line you'll find screen invaluable
testdisk - Two command line utilities to recover lost partitions and undelete files on FAT filesystems. VERY handy for undeleting files on flash memory cards.
thunderbird - Excellent E-mail client that complements Firefox
unrar - Useful utility to extract RAR archives

Installing Fedora Core 6 and 7 on Sony Vaio VGN-FJ170/B (v1.0)

2008-05-20T16:07:00.001+07:00

his guide is based on my Installing Fedora Core 5 on Sony Vaio page. If you have an interest in helping to get Linux running on this laptop I encourage you to join the mailing list I've set up and help out.

Having owned several laptops I now realize there are only a couple things that are truly important. Size (small but not too small) and a great screen. Based on those two needs I chose the Sony Vaio VGN-FJ170/B (decoding the model number: FJ series with 1.7Ghz processor in Black)

Please also refer to my Fedora Core 6 Tips & Tricks or Fedora 7 Tips & Tricks. These tips work pretty much the same on both of those versions of Fedora. If you're using Fedora 8 there are some things that now "just work" such as Wifi and other things that I haven't yet figured out how to get to work such as Fn key support.

his guide is based on my Installing Fedora Core 5 on Sony Vaio page. If you have an interest in helping to get Linux running on this laptop I encourage you to join the mailing list I've set up and help out.

Having owned several laptops I now realize there are only a couple things that are truly important. Size (small but not too small) and a great screen. Based on those two needs I chose the Sony Vaio VGN-FJ170/B (decoding the model number: FJ series with 1.7Ghz processor in Black)

Please also refer to my Fedora Core 6 Tips & Tricks or Fedora 7 Tips & Tricks. These tips work pretty much the same on both of those versions of Fedora. If you're using Fedora 8 there are some things that now "just work" such as Wifi and other things that I haven't yet figured out how to get to work such as Fn key support.

Hardware Summary

* Processor: Intel Pentium M 740 @ 1.73Ghz / 533Mhz frontside / 2MB L2 cache
FJ180 has Pentium M 750 @ 1.86Ghz
* RAM: 512MB DDR RAM (1 of 2 slots populated, max 2GB)
* Hard drive: 100GB SATA
* DVD drive: Ricoh Double-Layer DVD+/-R burner
* Screen: 14.1" TFT WXGA 1280x800 with XBRITE-ECO
* Video: Intel 915GM
* Ethernet: Integrated 10/100 LAN
* Modem: unknown
* Audio: Intel 82801FB High Definition Audio Controller
* USB: Three USB 2.0 ports
* Wifi: Intel PRO/Wireless 2200BG

For those interested here is the full lspci output:
00:00.0 Host bridge: Intel Corporation Mobile 915GM/PM/GMS/910GML Express Processor to DRAM Controller (rev 03) 00:02.0 VGA compatible controller: Intel Corporation Mobile 915GM/GMS/910GML Express Graphics Controller (rev 03) 00:02.1 Display controller: Intel Corporation Mobile 915GM/GMS/910GML Express Graphics Controller (rev 03) 00:1b.0 Class 0403: Intel Corporation 82801FB/FBM/FR/FW/FRW (ICH6 Family) High Definition Audio Controller (rev 03) 00:1d.0 USB Controller: Intel Corporation 82801FB/FBM/FR/FW/FRW (ICH6 Family) USB UHCI #1 (rev 03) 00:1d.1 USB Controller: Intel Corporation 82801FB/FBM/FR/FW/FRW (ICH6 Family) USB UHCI #2 (rev 03) 00:1d.2 USB Controller: Intel Corporation 82801FB/FBM/FR/FW/FRW (ICH6 Family) USB UHCI #3 (rev 03) 00:1d.3 USB Controller: Intel Corporation 82801FB/FBM/FR/FW/FRW (ICH6 Family) USB UHCI #4 (rev 03) 00:1d.7 USB Controller: Intel Corporation 82801FB/FBM/FR/FW/FRW (ICH6 Family) USB2 EHCI Controller (rev 03) 00:1e.0 PCI bridge: Intel Corporation 82801 Mobile PCI Bridge (rev d3) 00:1f.0 ISA bridge: Intel Corporation 82801FBM (ICH6M) LPC Interface Bridge (rev 03) 00:1f.2 IDE interface: Intel Corporation 82801FBM (ICH6M) SATA Controller (rev 03) 00:1f.3 SMBus: Intel Corporation 82801FB/FBM/FR/FW/FRW (ICH6 Family) SMBus Controller (rev 03) 06:08.0 Ethernet controller: Realtek Semiconductor Co., Ltd. RTL-8139/8139C/8139C+ (rev 10) 06:09.0 CardBus bridge: Texas Instruments PCI7420 CardBus Controller 06:09.2 FireWire (IEEE 1394): Texas Instruments PCI7x20 1394a-2000 OHCI Two-Port PHY/Link-Layer Controller 06:09.3 Mass storage controller: Texas Instruments PCI7420/PCI7620 Dual Socket CardBus and Smart Card Cont. w/ 1394a-2000 OHCI Two-Port PHY/Link-Layer Cont. an 06:0a.0 Network controller: Intel Corporation PRO/Wireless 2200BG (rev 05)

Fedora Core 6 Compatibility

* Audio: OK
* Video: OK
* VGA Output: NOT YET
* Touchpad: OK
* Wifi: WITH WORK
* DVD/CD: OK
* Ethernet: OK
* PCMCIA: OK
* Power Management:
o Battery Meter: OK
o Screen blanking: OK
o Suspend/Hibernate: OK (Yeah, it just works)
o CPU Frequence Scaling: NOT PERFECTLY
* Modem: PROBABLY NOT
* USB: OK
* MemoryStick: NOT YET
* Built-in Video: WITH WORK

Please note I've also created a very low volume mailing list to discuss Linux on Sony Vaio FJ series notebooks. You can sign up HERE
Preparing for the install
The system comes preconfigured with a hidden partition #1 that contains system recovery data. I don't recommend touching that. The main NTFS partition is #2 which I resized using the built-in tools in the Knoppix distribution. It was tricky but worked fine. I've used Partition Magic in the past which I find is more work because you need to boot into XP and install the software for it to work.

I'm told that Gparted available at http://gparted.sourceforge.net/ is a very easy way to resize an NTFS partition. It has a downloadable live CD which is only 22.5MB and has an easy to use interface for re-sizing partitions. I have no experience with it but other people reported it works great.

Please note this is not an easy laptop to get going with Linux and the steps outlined below are not intended for Linux novices.
Install Fedora Core 6
You should be able to install Fedora normally on this laptop. The display is configured perfectly without any tweaking necessary.

It probably wouldn't hurt to do a yum -y update as soon as you get everything installed.
Configuring the audio
In my case the audio was muted by default. The easiest way is to start the audio applet in Gnome and bring up the Preferences. In my case the device was wrong, it was using the OSS driver which is not correct. Choose the HDA Intel (Alsa Mixer) and the device to track and control should be Front for the master volume. Once that's set Open Volume Control and unmute the Front and PCM sliders. If they don't show up in the master volume control hit Edit -> Preferences and choose all the tracks to be visible in the controller.
Controlling screen brightness
The main reason I chose a Sony notebook was for the incredibly bright screen. No other manufacturer was as good at the time I bought it (Dec 2005). However, once the brightness was set in Windows XP it was not possible to adjust it in Linux. Unlike other laptops that implement screen brightness in hardware Sony for some idiotic reason chose to do it with a driver. That also means that it's probably not going to work under Windows Vista when/if that ever gets released.

It is possible to get it to work but a little tricky. First, you'll want Stelian Pop's sony_acpi driver which I modified slightly as well as the fsfn-1.1-take2.tar.gz. Put the files in /usr/src and extract and compile them. You'll obviously also need kernel sources and a compiler in case you didn't install them previously.

# yum -y install kernel-devel gcc
# gtar xzvf sony_acpi-0.3.tar.gz
# cd sony_acpi-0.3
# make install
# modprobe sony_acpi

Please note that you will also have to re-install the driver when you upgrade to a newer kernel.

If that worked you should have a directory /proc/acpi/sony and it will contain three files. You can manually adjust the brightness by echoing numbers between 1 and 8 to the brightness file.

Now you need to get fsfn to handle the special Fn keys and it will then control the audio volume and screen brightness for you and will display the new value in an on screen display. You'll need the xosd and alsa libraries installed for this to work properly.

# yum -y install xosd xosd-devel alsa-lib-devel
# gtar xzvf fsfn-1.1-take2.tar.gz
# cd fsfn-1.1
# ./configure
# make install
# cp fedora/fsfn /etc/init.d

Before you start you'll probably want to read the fsfn(5) man page and create the configuration file /etc/fsfn.conf containing at least the following line to enable a special hack necessary for the VAIO FJ series of notebooks:

BRT_HACK_FJS=1
ALSA_NAME=Headphone

Setting the ALSA_NAME is a hack to make the volume work. For some reason with FC6 the main volume controller is named Headphone instead of Front so until we find a solution to the naming problem this workaround will allow the Fn buttons to control the main volume.

To get this all working you'll need to start the fsfn service at boot time (after the driver above is loaded). Rather than having it start automatically I added it to my startup file /etc/rc.d/rc.local :

service fsfn start

And finally you will need the client that handles the on screen display to start when you log in. Go to Desktop -> Preferences -> No Preferences -> Sessions. Once there go to Startup Programs and add the command fsfn -o to the list of startup programs.

Once you do all that you should be able to adjust the volume and screen brightness with the special Fn keys just like in XP.
Configuring Wifi
This laptop is based on the Centrino chipset which is well supported by Linux. However, some distributions like Fedora do not include the necessary firmware for the Wifi interface so you'll have to download it. The easiest way is to download it from the FreshRPMs repository. If you followed my Fedora Core 6 Tips & Tricks already then you can skip the first line.

# rpm -ihv http://ayo.freshrpms.net/fedora/linux/6/i386/RPMS.freshrpms/freshrpms-release-1.1-1.fc.noarch.rpm
# yum -y install ipw2200-firmware
# modprobe ipw2200

That will load the driver which will now have access to the firmware so the interface will come up automatically from now on. You can now set up your wireless interface as you would normally.
Built-in Video
This laptop has built-in video which until recently was a proprietary Windows driver only. But thanks to the wonderful work found at http://mxhaard.free.fr/ the camera can be made to work as a standard Video 4 Linux device very easily. Just download the latest gspcav1 driver from http://mxhaard.free.fr/download.html and extract it. Then you can just run the compile script.

# gtar xzvf gspcav1-20070426.tar.gz
# cd gspcav1-20070426
# ./gspca_build

That will build and install the kernel drivers. You will need to re-run that after upgrading your kernel. If you run dmesg you could make sure this driver loaded and successfully found the camera.

# dmesg
.
.
/usr/src/gspcav1-20070426/gspca_core.c: USB GSPCA camera found.(VC0321)
/usr/src/gspcav1-20070426/gspca_core.c: [spca5xx_probe:4041] Camera type YUYV
/usr/src/gspcav1-20070426/Vimicro/vc032x.h: [vc032x_probe_sensor:137] check sensor header 44
/usr/src/gspcav1-20070426/Vimicro/vc032x.h: [vc0321_config:354] Find Sensor OV7660
/usr/src/gspcav1-20070426/gspca_core.c: [spca5xx_getcapability:1198] maxw 640 maxh 480 minw 176 minh 144
usbcore: registered new interface driver gspca
/usr/src/gspcav1-20070426/gspca_core.c: gspca driver 01.00.16 registered

Then you can test to make sure the camera works by using an application such as VLC. Just open it as a local video capture device and you should then see yourself on the screen.

Linux Tips-n-tricks For Beginners

2008-05-20T15:50:00.000+07:00

here are numerous ways to use Linux with a computer. The most common method is to allocate part of your hard disk to Linux and put all the software you need on it. It's also possible to use Linux without touching your hard disk at all, either by getting the software from another computer on a network or by using a cd or dvd. When people talk of installing Linux though, they invariably mean using the hard disk to store all their required software.

To install Linux on your hard disk, you first need to be able to allocate a section of the hard disk to Linux. Thankfully all sorts of computer systems understand the methods of dividing hard disks so two or more operating systems (e.g. versions of Linux and /or Windows) can reside on just one hard disk. More details on dividing the hard disks are given in the next section.

There are numerous ways to use Linux with a computer. The most common method is to allocate part of your hard disk to Linux and put all the software you need on it. It's also possible to use Linux without touching your hard disk at all, either by getting the software from another computer on a network or by using a cd or dvd. When people talk of installing Linux though, they invariably mean using the hard disk to store all their required software.

To install Linux on your hard disk, you first need to be able to allocate a section of the hard disk to Linux. Thankfully all sorts of computer systems understand the methods of dividing hard disks so two or more operating systems (e.g. versions of Linux and /or Windows) can reside on just one hard disk. More details on dividing the hard disks are given in the next section.

Once that is done, you need to get a startup/install disk. Just as you would use a startup disk to access windows in case of a crash, a Linux startup/install disk will boot your computer in the Linux OS, albeit a limited version of it. The startup disk also contains info on accessing the hardware it needs to complete the installation and the complete install system itself. Most Linux installations are done from either CD-ROM or DVD-ROM install disks.

If your computer is built from common hardware which is well supported by Linux, it is unlikely that you will have to do any configuration to make the hardware work in your computer. It is not uncommon however to find that your computer has some hardware which does not work (well or at all) with Linux, the most common problem being with Modems which are an eternal source of frustration for new Linux users. You can use the internet site at http://www.linmodems.org/ to try and determine if your modem should work with Linux, or if there are any special steps required to make it work. Generally most other problems experienced with hardware when installing Linux are related to very new models or new types of hardware which are not yet supported in the distributions. Most distributions will have notes on known hardware problems often with solutions or workarounds. You should check these notes on-line, as opposed to from the installation media as problems may have been found after it was released, before trying to install as it could save you much frustration later.

If you want to test out your computer with Linux before trying to install, many different Linux distributors now have "LiveCD" versions which allow you to try the system without installing. The way these work is by ignoring your hard disk and simply treating your computer like a PlayStation, running everything from the CD. These systems cannot run as fast or be as flexible as a Linux system installed onto a hard disk, but they do give you a chance to test your computer and the system for compatibility and to try out the software to see how it suits your needs.

Understanding files and folders

Linux is made with one thought in mind: Everything is a file.

A blank piece of paper is called a file in the world of computers. You can use this piece of paper to write a text or make a drawing. Your text or drawing is called information. A computer file is another way of storing your information.

If you make many drawings then you will eventually want to sort them in different piles or make some other system that allows you to easily locate a given drawing. Computers use folders to sort your files in a hieratic system.

A file is an element of data storage in a file system (file systems manualpage). Files are usually stored on harddrives, cdroms and other media, but may also be information stored in RAM or links to devices.

To organize our files into a system we use folders. The lowest possible folder is root / where you will find the user homes called /home/.

/

/home/

/home/mom/

/home/dad/

Behind every configurable option there is a simple human-readable text file you can hand-edit to suit your needs. These days most programs come with nice GUI (graphical user interface) like Mandrakes Control Center and Suses YAST that can smoothly guide you through most configuration. Those who choose can gain full control of their system by manually adjusting the configuration files from foo=yes to foo=no in an editor.

Almost everything you do on a computer involves one or more files stored locally or on a network.

Your filesystems lowest folder root / contains the following folders:

/bin

Essential user command binaries (for use by all users)

/boot

Static files of the boot loader, only used at system startup

/dev

Device files, links to your hardware devices like /dev/sound, /dev/input/js0 (joystick)

/etc

Host-specific system configuration

/home

User home directories. This is where you save your personal files

/lib

Essential shared libraries and kernel modules

/mnt

Mount point for a temporarily mounted filesystem like /mnt/cdrom

/opt

Add-on application software packages

/usr

/usr is the second major section of the filesystem. /usr is shareable, read-only data. That means that /usr should be shareable between various FHS-compliant hosts and must not be written to. Any information that is host-specific or varies with time is stored elsewhere.

/var

/var contains variable data files. This includes spool directories and files, administrative and logging data, and transient and temporary files.

/proc

System information stored in memory mirrored as files.

The only folder a normal user needs to use is

/home/you/

- this is where you will be keeping all your documents.

/home/elvis/Documents

/home/elvis/Music

/home/elvis/Music/60s

Files are case sensitive, "myfile" and "MyFile" are two different files.

For more details, check out:

3. Understanding users and permissions

Linux is based on the idea that everyone using a system has their own username and password.

Every file belongs to a user and a group, and has a set of given attributes (read, write and executable) for users, groups and all (everybody).

A file or folder can have permissions that only allows the user it belongs to to read and write to it, allowing the group it belongs to to read it and at the same time all other users can't even read the file.

4. Who and what is root

Linux has one special user called

root

(this is the user name). Root is the "system administrator" and has access to all files and folders. This special user has the right to do anything.

You should never log on as this user unless you actually need to do something that requires it!

Use

su -

to temporary become root and do the things you need, again: never log into your sytem as root!

Root is only for system maintenance, this is not a regular user (LindowsOS don't have any user management at all and uses root for everything, this is a very bad idea!).

You can execute a command as root with:

su -c 'command done as root'

Gentoo Linux: Note that on Gentoo Linux only users that are member of the wheel group are allowed to su to root.

5. Opening a command shell / terminal

To learn Linux, you need to learn the shell command line in a terminal emulator.

In KDE:

K

->

System

->

Konsoll

to get a command shell)

Pressing CTRL-ALT-F1 to CTRL-ALT-F6 gives you the console command shell windows, while CTRL-ALT-F7 gives you XFree86 (the graphical interface).

xterm (manual page) is the standard XFree console installed on all boxes, run it with xterm (press ALT F2 in KDE and Gnome to run commands).

Terminals you probably have installed:

*

xterm http://dickey.his.com/xterm/
*

konsole (KDEs terminal)
*

gnome-terminal (Gnomes terminal)

Non-standard terminals should install:

*

rxvt http://www.rxvt.org/
*

aterm http://aterm.sourceforge.net

6. Your first Linux commands

Now you should have managed to open a terminal shell and are ready to try your first Linux commands. Simply ask the computer to do the tasks you want it to using it's language and press the enter key (the big one with an arrow). You can add a

&

after the command to make it run in the background (your terminal will be available while the job is done). It can be practical to do things like moving big divx movies as a background process:

cp movie.avi /pub &

. Jobs - the basics of job control

6.1. ls - short for list

ls lists the files in the current working folder. This is probably the first command to try out. It as a number of options described on the ls manpage.

Examples:

ls

ls -al --color=yes

6.2. pwd - print name of current/working directory

pwd

prints the fully resolved name of the current (working) directory. pwdmanpage.

6.3. cd - Change directory

cd stands for change (working) directory and that's what it does. The folder below you (unless you are in /, where there is no lower directory) is called "..".

To go one folder down:

cd ..

Change into the folder Documents in your current working directory:

cd Documents

Change into a folder somewhere else:

cd /pub/video

The / in front of pub means that the folder pub is located in the / (lowest folder).

7. The basic commands

7.1. chmod - Make a file executable

To make a file executable and runnable by any user:

chmod a+x myfile

Refer to the chmod manual page for more information.

7.2. df - view filesystem disk space usage

df -h

Filesystem Size Used Avail Use% Mounted on

/dev/hda3 73G 67G 2.2G 97% /

tmpfs 2.0M 24K 2.0M 2% /mnt/.init.d

tmpfs 252M 0 252M 0% /dev/shm

The flags: -h, --human-readable Appends a size letter such as M for megabytes to each size.

df manpage

7.3. du - View the space used by files and folders

Use du (Disk Usage) to view how much space files and folders occupy. Read the du manual page for flags and usage.

du is a part of fileutils.

Example du usage:

du -sh Documents/

409M Documents

7.4. mkdir - makes folders

Folders are created with the command mkdir:

mkdir folder

To make a long path, use mkdir -p :

mkdir -p /use/one/command/to/make/a/long/path/

Like most programs mkdir supports -v (verbose). Practical when used in scripts.

You can make multiple folders in bash and other shells with {folder1,folder2} :

mkdir /usr/local/src/bash/{old,new,dist,bugs}

mkdir manual page

The command

rmdir

removes folders.

7.5. passwd - changes your login password

To change your password in Linux, type:

passwd

The root user can change the password of any user by running passwd with the user name as argument:

passwd jonny

will change jonnys password. Running passwd without arguments as root changes the root password.

If you need to add several new users and give them password you can use a handy program like Another Password Generator to generate a large set of "random" passwords.

7.5.1. KDE

From KDE you can change your password by going:

*

K

->

Settings

->

Change Password

*

K

->

Settings

->

Control Center

->

System Administration

->

User Account

7.6. rm - delete files and folders, short for remove

Files are deleted with the command rm:

rm /home/you/youfile.txt

To delete folders, use rm together with -f (Do not prompt for confirmation) and -r (Recursively remove directory trees):

rm -rf /home/you/foo/

Like most programs rm supports -v (verbose).

rm manual page

7.7. ln - make symbolic links

A symbolic link is a "file" pointing to another file.

To make a symbolic link :

ln /original/file /new/link

This makes /original/file and /new/link the same file - edit one and the other will change. The file will not be gone until both /original/file and /new/link are deleted.

You can only do this with files. For folders, you must make a "soft" link.

To make a soft symbolic link :

ln -s /original/file /new/link

Example:

ln -s /usr/src/linux-2.4.20 /usr/src/linux

Note that -s makes an "empty" file pointing to the original file/folder. So if you delete the folder a symlink points to, you will be stuck with a dead symlink (just rm it).

ln manual page

7.8. tar archiving utility - tar.bz2 and tar.gz

tar (manual page) is a very handle little program to store files and folders in archives, originally made for tapestreamer backups. Tar is usually used together with gzip (manual page) or bzip2 (manual page), comprepssion programs that make your .tar archive a much smaller .tar.gz or .tar.bz2 archive.

kde

You can use the program

ark

(

K

->

Utilities

->

Ark

) to handle archives in KDE. Konqueror treats file archives like normal folders, simply click on the archive to open it. The archive becomes a virtual folder that can be used to open, add or remove files just as if you were working with a normal folder.

7.8.1. tar files (.tar.gz)

To untar files:

tar xvzf file.tar.gz

To tar files:

tar cvzf file.tar.gz filedir1 filedir2 filedir2...

Note: A .tgz file is the same as a .tar.gz file. Both are also often refered to as tarballs.

The flags: z is for gzip, v is for verbose, c is for create, x is for extract, f is for file (default is to use a tape device).

7.8.2. bzip2 files (.tar.bz2)

To unpack files:

tar xjvf file.tar.bz2

To pack files:

tar cvjf file.tar.bz2 filedir1 filedir2 filedir2...

The flags: Same as above, but with j for for bzip2

You can also use bunzip2 file.tar.bz2 , will turn it into a tar.

For older versions of tar, try tar -xjvf or -xYvf or -xkvf to unpack.There's a few other options it could be, they couldn't decide which switch to use for bzip2 for a while.

How to untar an entire directory full or archives?

.tar:

for i in `ls *.tar`; do tar xvf $i; done

.tar.gz:

for i in `ls *.tar.gz`; do tar xvfz $i; done

.tar.bz2:

for i in `ls *.tar.bz2`; do tar xvfj $i; done

Technology,Information Technology N Tips n Trick

HP launches broad array of redesigned notebooks, displays

Sun Solaris going on Fujitsu's Intel servers

Mac security gets a business boost

List of Linux Security Audit and Hacker Software Tools

System Audits:

Network Vulnerability Audits:

Wireless:

Password crackers:

Exploits:

Other Links:

Commercial Vendors:

Using Linux iptables or ipchains to set up an internet gateway / firewall / router for home or office

iptables:

ipchains:

iptables:

ipchains:

Windows '95 Configuration:

Linux computers:

iptables:

ipchains:

Manage Your Laptop's Hotkeys On Fedora

1 Preparation

1.1 Needed Packages

1.2 Xserver Configuration

1.3 Hotkey Events

1.3.1 ACPI

1.3.2 Xev

2 Handle The ACPI Events

3 Handle The Xev Events

Tired of waiting on Apple, researchers disclose iCal bugs

Beibei gets on the record as Sony Ericsson G702

Samsung F480 gets official, again

Mozilla launches Firefox 3.0 RC1 early

First look at OpenOffice.org 3.0 beta

Sony Ericsson P5 revealed live again

Fedora 9 Tips and Tricks (v0.1)

Installing Fedora Core 6 and 7 on Sony Vaio VGN-FJ170/B (v1.0)

Linux Tips-n-tricks For Beginners