The flip side of that is, I didn't get quite everything in. Some of the items might well become seperate articles. Others will be seen next month.
Anyways, I wanted to babble just a little bit about themes. Nowadays your computer does not have to be drab and boring. Or, it can be plain - but your idea of comfortably plain. With the fancier window managers you hardly have to be sure that windows under X are still square.
So, what did your computer dress like for All Hallow's Eve? Mine wants to go as a Tektronix vector terminal, and the best I could find it was a copy of Spacewars...
From Ben Okopnik to Jon Lapham on Thu, 5 Oct 2000
If I read your article correctly, you used sendmail to change your "From" header and add some aliases. Why did you use sendmail to do this? Why not set all this up in your email client? As a fellow mutt enthusiast, you do know that this can be configured in your .muttrc and that you can set up a global ".muttrc" for the system? It seems to me that you should try to make it easy for your brother to do things like add a new alias to his email list. The sendmail alias solution seems a bit overkill IMO.
I see that I've failed to explain my requirements sufficiently... <grin> I swear, LG readers are the best literary critics in the world!
Changing the /etc/Muttrc or the ~/.muttrc only changes the "From:" (note the colon), and not the "From " header (which does not exist at the time that the e-mail is created; it is added by the MTA). A number of mail readers, including Netscape (at this point, having done some serious fiddling with Muttrc, I'm uncertain about Mutt), use the "From " header in forming their 'Received from' and 'On dd/dd/dd, <user> wrote:' lines; since I get quite a lot of mail from other Linux users, I see a lot of "On dd/dd/dd, root wrote:"... Often (and this is much worse) the sender addy looks normal, but the "Reply to:" is set to "localusername@isp_host.com" - if you don't pay attention when you hit "Reply", you'll get an unpleasant surprise in 3-5 days (e.g., "Mail could not be delivered to 'root@geocities.com'...") In order to fix those headers completely, I change both the .muttrc and the sendmail setup. By the way, I found that in RedHat, the 'send-hook * my_hdr From:' line in Muttrc caused Mutt to give an error message. It works fine on my Debian boxes...
Also, rather than adding aliases, I've caused sendmail to do address conversions, a completely different issue. An alias is a short name used as a substitute for a recipient's mail address; the conversions are a way for sendmail to know that the local username "ben" should be converted to "fuzzybear@pocketmail.com" on all outgoing mail.
I install RH linux on peoples machines all the time, and I have to say I almost never have to change the default sendmail setup, even for single user systems connected via ISP.
Try this: once you've set up one of those accounts, send mail to yourself (not the local username, but the mail account at your ISP) and read the headers. You'll most likely find that the "From " header has your local username instead of your e-mail address. Of course, if you've found a way to fix this via Muttrc, I would be more than happy to learn it!
Ben Okopnik
From Heather Stern and Jim Dennis to james zhuang on Fri, 6 Oct 2000
Hi,
I am runing Redhat Linux 6.x. Recently I am getting an error message 'neighbour table overflow' pop up in the console screen.
Any ideas,
James
[Heather] Yes, it means your localhost interface is not set up correctly. I don't know the actual mechanics (perhaps one of the rest of the Gang will chime in) but basically, the message is about your ARP cache going crazy trying to deal with what is really local traffic.
Until you fix it, session based protocols like samba, nfs, ftp and telnet, and ssh will have iffy connections. Samba and NFS will probably be so annoying you can't really use them; a good ftp client will just feel like it's slow as molasses.
Whereas, if you go into /etc/sysconfig/network-scripts and you make sure that you have a valid ifcfg-lo file, things will be properly speedy.
[JimD] I noticed that 'pump' and some other DHCP clients would corrupt your localhost/loopback configuration and remove the routes thereto unless you explicity tell them which interface you want them to work on. You'd think that 'pump' et al would default to leaving your lo interface alone --- but that seemed to be where I was getting it for awhile.
From Dan Wilder to Kopf on Sat, 14 Oct 2000
Could someone tell me how to write a sed script which'll put text at the beginning of each line of a file, and change all the backslashes in the file to forwardslashes?
I need it so that I can change all my .m3u files from windows format to UNIX, IE from:
Deftones\White Pony\Pink Maggit.mp3
to
/mnt/win_c/mp3s/Deftones/White Pony/Pink Maggit.mp3
Anyone have any ideas?
Haven't tried it, but
#!/bin/sh
#
# call with filename as first argument. Puts
# out revised file to standard out
sed 's%\%/%g;s%^%/mnt/win_c/mp3s/%' $1
Uses "%" as delimiter, to avoid having to escape the more conventional forward slash. The
s%\%/%g
says to put a forward slash in place of a backslash, and the "g" modifier says to do it for every such.
;
is a command delimiter
s%^%/mnt/win_c/mp3s/%
says to substitute /mnt... at the beginning of each line (that's what "^" matches).
For more info, see "man sed". This manpage contains one of the several fine introductions to regular expressions, which have the ability to match things like the beginning or ending of a line, strings containing not just particular characters put particular sets of characters, and so on. See also "man grep".
... but, when Kopf tried it ...
Hi Dan,
I entered that in, but it gives me an error of:
sed: -e expression #1, char 11: Unknown option to 's'
I don't know what char 11 is, is it the 11th character inside the quotes of what's being sent to sed? I've been messing around with the script, but to no avail...
Any Ideas?
Thanks,
Aengus
Try
sed 's%\\%/%g;s%^%/mnt/win_c/mp3s/%'
The "\" has special significance as an escape character, means "ignore me but take next character literally".
My bad.
From Ben Okopnik to John Humphre Halliday on Tue, 17 Oct 2000
Hello Answer Guy!
Hello, John -
The Answer Guy/Gang is a column in the Linux Gazette; we answer Linux-based questions for our readers. It just so happens, though, that I was the EDP manager for an insurance company in the Virgin Islands - and this company used Clipper (all the in-house apps were written in it). Due to the major Y2K issues inherent in their operations, I convinced them to switch to a different suite of apps - which involved converting the old databases to Access.
First, for the Linux community: for those of you who want to read/use Clipper DBFs under Linux, I've written a front end for Martin Schulze's "dbview" called "clipview"; it's a viewer/converter that patches the differences between the two formats. It's available on my site - http://www.geocities.com/~ben-fuzzybear/clipview.tgz - and Martin may also be including the functionality in future releases of "dbview".
I was hoping you'd be able to recommend the quickest way to port from a Clipper/DB2 database to Access 2000. A client has asked that I do this for them and I know almost nothing about Clipper - just that it's a compiler for DB2 type databases (.dbf). Is it possible to access the tables through an ODBC connection in Access and simply copy/import the tables/data to Access?
You actually have several ways to do it; Access can link the files via ODBC or read them via its "import" facility (DB3, DB4, or FoxPro types work fine; I seem to remember DB2 as not working correctly...) Note that linking works fine unless you specify "shared" mode; then, it becomes dead slow. If you decide to import the files, make absolutely sure that you index them beforehand; Access can make a really horrible mess of a file that is out of index, and will do so without any notification... By the same token, double-check any files you import (# of records, totals, etc.)
Good luck!
Ben Okopnik
From Ben Okopnik to J. Miguel Iglesias S. on Wed, 18 Oct 2000
I have a PC running RedHat 6.2, I also have an internal Motorola ModemSurfr 56k.
Some guy told me he found the way to make it work with linux, so he told me to define the parameters using the setserial function.
Just for the sake of clarity: "setserial" is used to configure the serial port, which is necessary for access to the modem; it does not configure the modem itself. In the case of internal modems such as yours, the port is part of the card itself - but you should still realize that there is a difference.
Checking the boot log I saw the system runs setserial at boot and detects the port for the modem.
That's pretty standard, at least in the distributions with which I'm familiar; the problem is that the values to which the ports are set are usually 'auto' or default values. It pays to manually configure "setserial" to get the best performance (and in some cases, _any_ performance) from your serial ports: after a bit of tweaking, I saw the data transfer rate across my serial link go from just over 9kB/s to just under 12kB/s.
However I used the setserial function and somehow my modem gave me some response using minicom.
A good sign! This says that your modem is _not_ a Winmodem, and you're talking to the right port.
If I use minicom, I'm able to dial to my ISP, but the speed is way too slow (it takes about 30 seconds just to display the greeting from my ISP) so my connection times out before I'm able to login to the ISP.
This sounds like a conflict - and in this term, I include hardware as well as software that sets up hardware, such as "setserial". Let's go over the possibilities.
1) Serial port. As a guess, I would say that this is most likely the culprit, given that tweaking "setserial" is what allowed you to see your modem in the first place. Read the "setserial" man page carefully, particularly paying attention to the speed flags such as "hi" and "vhi". Check the other settings for the port you're using, port and IRQ both, and _specify_ them rather than auto-configuring. "setserial" can be used right from the command line, so you do not have to reboot to change the settings; experiment with different values and see if they produce any changes.
2) "Usage" conflict. In theory, once some piece of software uses a given serial port, it will write a "lock" file that will prevent other software from trying to use it. Unfortunately, this scheme is not perfect: a particularly stupid piece of software (one that does not honor or check for the lock), or one that uses the 'cua' port addressing scheme (as in '/dev/cua0', etc.) may try to use a port that is already in use, causing a problem. Immediately after rebooting and _before_ trying to do anything with the modem, try running the "fuser" utility on the appropriate "/dev/ttySx" port - if another process is using it, "fuser" should let you know.
3) IRQ conflict. I've noticed that under Linux, as contrasted against DOS/Win, IRQ conflicts seem to slow down the associated process instead of just crashing the machine; a "friendlier" response, as I see it, and certainly easier to diagnose. Try removing the modem from the system and checking "/proc/interrupts" for other hardware using the IRQ that it requires (e.g., IRQ4 for ttyS0/ttyS2, or IRQ3 for ttyS1/ttyS3.) Also, check "/proc/ioports" for 03F8, 02F8, 03E8, and 02E8 - the port addresses for ttyS[0123] - though I wouldn't expect too much trouble there.
If I use the pppdial in Gnome it simply don't detect my modem.
I would first make sure that the serial port and the modem were working OK before trying to set up a dial-up account - i.e., eliminate the conflicts and make a good connection via "minicom" (make sure you're using the correct setup values in "minicom", as well!), _then_ worry about automating the dial-up.
Good luck,
Ben Okopnik
... Miguel replies...
I will try all your hints and let you know how it worked, maybe my experience will bring some hope with this modem to other users.
I'm considering to buy an external modem anyway (but still want to make my current modem as well), do you think I should buy a CNet ($70) or I should go safer and buy an US Robotics ($110)?
Thanks a lot for all your help and regards
Miguel
My experience with modems is that "you get what you pay for". I've had excellent luck with USR and Hayes modems, variable with other brands; given the above choices, I would certainly plunk down the extra money for the USR.
Along with LinuxMafia's Rick Moen, I believe that internal modems, when ground fine and lightly roasted, make a decent coffee but have little use otherwise; making your existing modem work is good troubleshooting practice, but your idea of replacing it with an external is a good one.
Ben Okopnik, modem curmudgeon
From Heather Stern to Ken on Wed, 18 Oct 2000
I want to change the default of Errno 404, so that the user is redirected to another URL when they request a URL that is not on my server. What directory and file do I need to edit?
In most web servers it's possible to configure it so 404 errors (or other numbered errors, another popular one to force this way is 501 as it sometimes happens from broken scripts) go to a special page of your choice. A lot of big ISPs have 404 errors lead to a front page for their search engine, explaining that whatever you were trying to find has moved.
On Apache under SuSE, the file to adjust is /etc/httpd/httpd.conf but it could as easily be under a home directory for Apache under /usr somewhere. I've no experience with the other servers, but the powerful ones like Roxen Challenger and aolserver should definitely also have the feature available.
From Heather Stern to M.K. Laha on Thu, 19 Oct 2000
My Linux PC is on a private LAN that connects to the internet through a (Linux based) router using IP masquerading.
My problem is that I can't seem to point the DISPLAY environment variable on a remote machine on the internet to that of my Linux PC. So, if I run, say, gnuplot, on the remote server, I cannot see its output on my PC.
I've tried setting the DISPLAY variable on the remote machine to point to the router but that doesn't work. Seeting the DISPLAY variable to point to my PC obviously doesn't work because it is not "visible" to the remote machine on the internet.
I shall greatly appreciate any help/pointers. Thanks in advance.
- Manas Laha
So assuming that you are at one Linux box (Home) and your other Linux box (Work) is behind all this firewall stuff. (Yours might really have some other relationship to you, but this will help everyone understand what I mean, and usually it's corporate boxes that have better defenses.)
If you have been provided a way to reach Work from Home via ssh, then all you need to do is turn on X11 forwarding. Then ssh will create a "virtual" display (usually Work:10.0) which will acept X GUI commands, but really send them up the ssh pipe back to Home.
So, ot's okay not to be running X on the Work system at all, as long as the libraries are there so programs that you want to run can be good X clients. You do need to be running X on your Home system though. Launch ssh out of an xterm (eterm, etc.) and both your ssh client plus Work's ssh daemon must be given the options that X11 forwarding is okay. Why? Because these days it usually defaults to off, as it's a security risk; X usally has an annoyingly strong root privilege. You can reduce the risk by using .Xauthority files so only your account at Work can use the pipe.
What most people don't think of, is that this trick, where Work's CPU is supposed to display on Home's monitor, used to be the normal way that the X windowing system was used... and that's why the part of X that paints on the monitor is called the server.
... Manas answers...
Thanks for your prompt reply. I haven't tried using ssh so far, but I shall certainly try it out now.
- Manas Laha
From Ben Okopnik to Gavin W. Burris on Sun, 22 Oct 2000
I have a Gateway keyboard with multimedia keys along the top. Is there any way to use these under X? Could I press one and have a program or shell script run? Thank you for your time.
The answer depends on exactly what those keys do. If they are "programmable" keys such as Gateway used to have, then their definition is up to you: if you can invoke a shell script by typing something in, then you can invoke it with a "programmable" key. As an example, "icewm" can use those "Windows" keys to pull up the program menu; a combination of arrow keys and the 'Enter' key will invoke any of the listed apps. "icewm" can also (I believe this violates the "window manager mandate", but works very well for me personally) intercept Ctrl- key combinations, which can then be tied to specific commands.
If, on the other hand, they generate some sort of previously unmapped key codes, then you would have to dig a little deeper into your WM man page and other reference material. The "key codes must be passed to the application" directive seems to be one that is ignored by most WMs, and one or more may be capable of being 'told' to intercept these new codes - but this would obviously be a per-WM-specific feature.
I recommend taking a closer look at what's happening via 'showkey' in a VT and 'xev' in an xterm. Once you have an idea of what keycodes you're generating, you'll know in what direction to search.
Ben Okopnik
From Ben Okopnik to Chris Smart on Mon, 23 Oct 2000
Hi, do you know how I can speed up the dd command under Linux when cloning disks. I use dd if=/dev/hd? of=/dev/hd? at the moment, are there any flags that I can use to speed it up. Or maybe you know a quicker way to clone disks that preferably doesn't use Norton ghost or powerquest disk image!
Any help will be much appreciated
There is a "hard limit" associated with the type of process that you're talking about: the 'speed', or the maximum data transfer rate of the slowest HD. One tool that could be useful, especially if you're cloning to a number of identical drives, is "hdparm" - the man page gives a good "tuning" guide (I got a significant improvement from my laptop HD performance after playing with it for a bit) which can help you maximize the DTR of a given drive. This applies to both of the drives involved.
The other issue is, of course, "dd" itself, particularly the 'bs' option which sets the size of the block that is read from 'if' and written to 'of'. Here is a test worth trying:
time dd if=/dev/hd? of=testfile bs=[N]k count=M
where NxM=10Mbytes, and the source and the target are on different drives. Vary N (and consequently M) and see what blocksize gives you the best performance. Given this type of custom-tweaking, I believe you should be able to improve on the performance of any other software...
Ben Okopnik
From Richard N. Turner on Sat, 09 Sep 2000
Dear Editor,
I saw the article mentioned in the subject and some of the followups and had to reply.
I've seen more than my share of people cursing cron and saying: "But the script runs fine from the command line!". Pierre Abbat's reply in the September issue was right on. Most people will modify the PATH variable to include some directories beyond the major ones that get defined in places like /etc/profile and scripts will fail when they attempt to run some commands that rely on this modified PATH.
The thing to remember is that cron doesn't run your .profile when it runs a script. If you don't explicitly define the full path to a program run from within the script it'll fail. So you either have to make sure your script contains something like "/home/mydir/devel/bin/prog1" (or whatever) or amend the PATH at the top of the script.
Another alternative is to just source, depending on your shell, either .profile or .bash_profile from within your script (assuming that it defines PATH and whatever other environment variables were helping the script run from the command line). If you include a line near the top of your script like:
. /home/mydir/.profile
or
. /home/mydir/.bash_profile
all things you usually rely on in your interactive environment are defined for your scripts run under cron as well.
If you do decide to source your .profile, you might want to watch for things that depend on there being a display and/or keyboard "attached" to the process running the script. If there isn't, you might see strange error messages like "not a typewriter" or "cannot open display :0.0". I have a toolbox of variables and shell functions that I like to use in a file called "std_functions" which I source near the beginning of my interactive environment setup as well as my scripts. One of the things I put in `std_functions' is:
TRUE="0 -eq 0" #Lets you define Boolean environment variables and FALSE="1 -eq 0" #makes scripts easier to read six months from now. if [ -t 0 ] then INTERACTIVE=${TRUE} else INTERACTIVE=${FALSE} fi
The "-t" test returns `true' if stdin (file handle 0) is associated with a terminal. Then in your profile, you can do things like run xrdb using:
if [ ${INTERACTIVE} ] then xrdb -l ~.Xresources fi
and not get weird messages from your cron jobs (The above `if' block would, of course, evaluate as false under cron). I tend to keep my profile arranged so that any setup that I need for my interactive sessions is wrapped by an if-then-fi block. After all, you don't really need to define aliases and use them in your shell scripts (Ugh!).
Hope this'll help someone...
PS: I've somehow missed reading the Gazette for the last couple of months. It keeps getting better. Keep up the good work.
-- RNT
On behalf of the crew, thanks! We couldn't do it without you! -- Heather
From Dustin Puryear, Anthony E. Greene, and Brian Finn to hutchins on 11 Sep 00
On this subject, we hear both from the author of a good book all about it, a serious cross-platform power user, and someone who simply found something better than Exchange to use in this fashion.
This is a sort of follow on to your discussion in Issue 56 of reasons not to migrate a Linux mailserver to MS Exchange.
One feature that the MS Exchange Server/Outlook Client (as well as the Lotus Notes Server/Client) offers is a centralized address book.
[Dustin] Dear Jonathan,
I read with some dismay your message to Linux Gazette regarding a lack of "centralized" directory services on Linux. Nothing could be further from the truth. There are several LDAP servers ready to run on Linux. Better yet, OpenLDAP, an open-source LDAP server, compiles easily on Linux and can be integrated with MTA's such as Sendmail and Postfix. In addition, you can access the directories on OpenLDAP from Netscape or Outlook 98+ easily. In fact, I have implemented OpenLDAP at my company and it works great!
FYI, I cover both Postfix and OpenLDAP in my book, "Integrate Linux Solutions into Your Windows Network," which is aimed specifically at NT managers wishing to use Linux to their advantage in NT-dominated networks. (Of course, it works the other way around as well--if you wish to bring NT/Windows into your UNIX organization the book just as well.)
Feel free to ask me any specific questions that you may have.
Best regards, Dustin
--- Dustin Puryear dpuryear@usa.net
Hey Dustin, thanks for joining the Gang! If anyone sends you good questions and you copy your answers to LG at tag@ssc.com -- we will publish them so more people can understand how it all ticks. -- Heather
[Anthony] There is no reason this would not work for external addresses. I run an LDAP server on my home network for members of my household. Most of the addresses are for external users. I update it using an LDAP client <http://www.biot.com/gq/> and the changes are immediately available to everyone.
Netscape has no problem using the LDAP server automatically to resolve partial addresses. I did the same thing in my former organization where Outlook 2000 and Outlook Express were the clients. The Outlook 2000 client needed to be tweaked to use a more flexible LDAP query, but then they both worked fine. Even the StarOffice mail client can use LDAP, but the procedure for selecting addresses in StarMail is tedious and non-intuitive.
The Outlook 2000 installer makes you choose either Internet-Only or Exchange Server mode. If you choose Exchange Server mode (the default, I think), then you will have to edit the registry to get a more flexible LDAP query. The default search looks only at the beginning of the email address. It does not search the 'cn' (commonName), 'sn' (surname), 'givenName', or any other attributes. I changed the search so that it looked anywhwere in the 'cn' attribute. You can figure this out by looking at the man pages for the utilities that ship with OpenLDAP and the registry entry associated with the LDAP server on the Windows client machine.
If you're limited to performing updates from a Winbox, you might look into ldap-abook <http://sourceforge.net/projects/ldap-abook/>. It's a set of perl scripts and a module that makes it easy to maintain an LDAP address book. You will probably have to edit the scripts to fit your situation, but it can work. I found it easier to do batch updates by updating an LDIF file and re-importing the whole thing during off-peak periods. If you have a large directory, you'll probably want to get a good LDAP client instead. The utility programs that come with OpenLDAP are pretty good if you only have command-line access to the server.
[Brian] In issue 58, an Answer Guy reader was looking for a Linux replacement for Microsoft Exchange. I believe OpenMail by HP (http://www.hp.com/go/openmail) could be what he is looking for. Here is a blurb from Info World about it:
"Summary: HP OpenMail is an impressive, highly scalable mail server. One OpenMail server will handle Microsoft Outlook (with scheduling and calendar), Lotus cc:Mail, Lotus Notes, Microsoft Mail, Web, and standard e-mail clients.
Cost: Free for Red hat Linux servers with up to 50 mailboxes. $41 per mailbox on Linux Servers, $77 per mailbox on other platforms.
Platforms: Red Hat Linux 6.x;
HP-UX 10.20 or 11.0;
AIX 4.21 or 4.3;
Solaris 2.5.1 to 2.6
Hope this helps,
Brian Finn
From Peter Samuelson to Andy Larkum on Sat, 30 Sep 2000
Regarding a recent LG Two-Cent Tip-- [Andy Larkum asks LG]
I have a small query. I want to log into a Linux machine, set a process running, and log out again, leaving the process running. It has been suggested that I can do this by simply using 'nohup command &' but this didn't work, because the process was killed as soon as I logged out again.
[Heather responds] screen with autodetach mode turned on would work nicely. We use it here all the time. -- Heather
[Peter] What you want is the 'disown' command, a bash builtin. It causes the shell to detach a background job from the tty and basically forget it ever existed.
This is really useful in loops. Often I want to start 100 jobs in the background but don't care about stopping them later. So:
i=0; while [ $i -lt 100 ]; do some_long_job_involving_$i & disown; ((i=i+1)); done
Note that I use '&' to put each job in the background, then immediately disown it. That way the job numbers don't accumulate and get in the way.
If you are forced to use a non-bash shell that doesn't support disown, you can get the same effect by running the background job in a subshell:
sh -c 'some_long_job &'
The 'sh' you spawn to run the job exits immediately -- it's not an interactive shell so it doesn't bother with th job control crap -- and your login shell is none the wiser about some_long_job still going.
Peter
From Jim Dennis to Joseph Annino on Sun, 08 Oct 2000
One thing that is really great about Sun hardware is that you can get rid of the monitor, mouse, and keyboard all together and do everything from install the operating system to change EEPROM settings via a serial console. While Intel hardware was never designed this way, I cannot find much information about setting up Linux on Intel to approximate this. Is it possible to install and boot Linux over a serial console? Log-in in this way is easy, but to be able to completely administer a system the install and boot functions are critical, especially the Lilo prompt would be nice.
Note: Linux on Sun and other SPARC hardware supports the serial console just as you'd expect. Let's try to remember that Linux is just a "PC UNIX" anymore. I've also used Linux serial console on PReP (PowerPC Reference Platform) systems.
I've heard that some new Intel motherboards include BIOS support for serial console. However, I haven't seen one of those yet.
As to your question. Yes, Linux can support a serial console, and it can concurrently support the normal PC console (with virtual consoles) and a serial console.
Your first step is to compile your kernel with serial console support. That's a standard configuration option in the 2.2.x kernels and it was available as an unofficial patch for years (since the pre-1.0 days). There is a small text file to explain this support in /usr/src/linux/Documentation/serial-console.txt (Obviously depends on your kernel version, but it's been there for awhile so any recent kernel should include it).
Next you have to configure LILO by editing the /etc/lilo.conf. There are two parts to this configuration --- you want to configure the LILO bootloader itself to include support for prompting and handling input on the serial port, and you want to add a command line parameter to the kernel to enable and configure the serial console support that you had compile into it.
So you need a lilo.conf that looks something like:
boot=/dev/hda2 root=/dev/hda3 install=/boot/boot.b map=/boot/map delay=20 prompt # vvvvvvvvv serial=0,19200n8 # ^^^^^^^^^ image=/boot/vmlinuz label=new read-only # vvvvvvvvvvvvvvvvv append="console=ttyS0,19200" # ^^^^^^^^^^^^^^^^^
Note that these different parameters don't have matching syntax. On the serial= directive (which configures the LILO boot loader support) we have the port number (without the ttyS device name prefix) followed by the speed, parity and data bits. On the append= drive we are passing a kernel option. The kernel console= option takes the base name of a device (with the /dev/ directory name, but with the ttyS* prefix/device name), and then the port speed.
Actually the speed, parity, and bits settings for both of these use the same format and syntax. So the important difference is that one (the serial=) takes just a serial port number while the other takes a device name (ttyS*). The first time I tried to get LILO working with a serial console I didn't read it carefully enough and I thought I knew more than the documentation. It took me a few hours to figure out that I needed to remove the "ttyS" from my serial= line!
Finally, some newer PC motherboards/chipsets have support for full serial operation. These tend to be the more expensive keyboards that are designed for rackmount cases and are particularly handy for co-location servers.
From Mike Orr to Jeffrey Stephens on Tue, 17 Oct 2000
I'm a bit confused. I was re-reading back issues of Linux Gazette and came across this answer which you provided in the Sept. 98 column, issue 32. I am running Redhat 6.2 which I configured using the KDE workstation option. I understand you to say in the enclosed answer that no one can access their computer over the internet without making arrangements with their ISP. Then what's the big deal about securing my cable connection? Since I haven't made any arrangements with my ISP your answer would seem to suggest that I am secure. On the other hand, if someone can break into my machine then I ought to be able to connect with it myself over the internet without going through my ISP. Am I missing something here?
Regards,
Jeff Stephens
[a past reply] Permission to Set up a Linux Server
Alright, I finally figured out what you were asking. It took a little work, though.
First note: when you set up a Linux system it defaults to providing many services. It is already a "server."
What you seem to be asking is: "How do I make my server accessible via the Internet?"
As you surmised you would have to make arrangements with some ISP to have some dedicated (or at least "dial on demand") connection to the net, or to "co-locate" your hardware with them.
[Mike] There are several issues here. One is, what the terms "server", "ISP" and "being connected to the Internet" all mean. Another is, how do the different types of Internet connections affect how easy it is for a cracker to break into your computer.
If you have Internet access, you are connected to the Internet through an ISP (Internet Service Provider) of some sort. For cable modems, the cable company normally runs its own ISP that all customers must use. My DSL provider allows me to use any of several local ISPs instead of their own. The cableco or telco connects you to your ISP through some non-Internet means (cable or DSL to the cableco/telco central office, then ATM or Frame Relay or whatever to the ISP), and then the ISP takes it from there. Your ISP is your gateway to the Internet: no gateway, no Internet.
Being a "server" means your computer runs services which other people can use. Of course, at the most basic level, all Internet-aware computers are servers, because Internet is a two-way street, and if you can ping up other computers, other computers can ping you. But normally "server" means you're running application-level services: web, e-mail, ssh, telnet, ftp, etc. that other people can use. And yes, most Linux distributions come with all these services enabled by default, and yes, this is a security risk. (See"Linux Security, or Rather, the Lack Thereof" in last month's News Bytes (http://www.linuxgazette.com/issue58/lg_bytes58.html#general).) You should know which services your computer is running and turn off those you don't specifically want to offer.The answer you quoted was from 1998, and things were different back then. Cable modems and DSL were not common, at least not in the US. (Although my Canadian friend likes to point out that he had a cable modem in eastern BC a year before we even heard the term "cable modem".) Almost everybody used analog modems with dial-up connections. Dial-up connections are by nature less vulnerable to attack than cable modems are, because the would-be cracker will find that your server:
To solve problem (1), dial-up users need a 24-hour connection or a "dial on demand" service. Dial on demand means the ISP will telephone your computer whenever a packet comes through for it and the link is down. This requires a special arrangement with the ISP, and your computer must be configured to answer the phone, and you have to make sure that nothing else (answering machine, fax machine or person) picks up the phone first. Most ISPs would not do this, and the few that did charged big bucks for it.
- may be disconnected right now.
- may have a dynamic IP, and of course the cracker must know the machine's current IP (or domain name) in order to sabotage it.
(Note: Linux distributions have the "diald" daemon which does dial-on-demand in the opposite direction: whenever your computer or internal network wants to connect outside, it will dial the ISP for you if the connection is down. But this does not help the problem above, which is incoming traffic.)
For any kind of 24-hour connection (dedicated modem with separate phone line, ISDN, Frame Relay, T-1), you would be paying $140-$1000 per month-- out of reach for most individuals. Those of us who have long desired this are ecstatic that we can now get this service at an affordable rate.
To solve problem (2), you need a static IP (one that never changes) or "dynamic DNS" service. Of course, this affects cable modems as well. With a cable modem, you may have a dynamic IP (which changes every time you plug in the modem, and perhaps every few days as well). This will at least ensure that even if a cracker breaks in, he (or she) won't be back over the long term, because when he tries to come back, he'll find himself on a different computer and he'll have to start from square one determining its configuration. Of course the tradeoff is, if you wish to run a web server or e-mail server and you have a dynamic IP, it'll be mighty inconvenient for the public to know your current IP or domain name.
("Dynamic DNS" means the nameserver is set up to allow its configuration (which IP your domain name points to) to be changed frequently and conveniently, either by you typing a new number on a web page or by a script on your computer which sends in the new information.)
So yes, people from the outside can crack your computer even if you haven't made special arrangements with your ISP. Linux Gazette has published several articles this year on securing your home network, and these are all recommended reading.