Slashdot Mirror

Microsoft only extinguishes competition in that its products become ubiquitous. You can still purchase WordPerfect, but if you send people WordPerfect files, you are likely to get complaints. The exact same thing when Free Software projects become ubiquitous, alternatives start to become somewhat unworkable due to network effects.

Now, it certainly is true that Microsoft is unique in that it actively tries to subvert and sabotage standards, and Free Software doesn't generally do this, but there are cases where Free Software deliberately breaks standards compatibility. For an amusing example google the case of df and du and POSIX_ME_HARDER. I am not sure what df or du output on Solaris or another commercial UNIX but I would be surprised if they used 512 byte blocks, whatever Posix might specify. I wouldn't know though. I primarily use Linux.

Someone pointed me to deb file format, and it does appear the file format does not support a license key/value pair.

BTW, to query a file instead of the rpm database it would be:

rpm -qp --queryformat "%{NAME}\t%{LICENSE}\n" *rpm

So, this won't work:

dpkg-query --showformat='${Package}\t${License}\n' -W *

In an ideal world would Tux go chimney-to-chimney world round in a single clockcycle and force all linux users to update tzdata at gunpoint?

Sure. This is not an ideal world.

In this non-ideal world the updated version of tzdata was added to etch-volatile at the end of July. That's a full two months anyone who needed it could've done extensive research about how to get it. http://packages.qa.debian.org/t/tzdata/news/20070731T155541Z.html

If you're a single debian etch user in NZ then simply install the update manually. Takes what, half a minute at best?

If you're admin of a lot of etch systems you should either put volatile in your repository list or (I like this better) set up a local repository on your own network so that you can roll out exactly the packages and versions you want.

And for the sake of anyone who does need this package and is patiently waiting. Stop waiting.

http://packages.debian.org/etch-volatile/tzdata/all/download

It's right there.

And CFQ is better for some workloads because its not specialized..

"It tries to optimise for physical disks by avoiding head movements if possible - one downside to this is that it probably give highly erratic performance on database or storage systems." - link

I think keep it simple stupid should be common sense by now. But sometimes it takes calling people idiots to get them to think about it.

I don't know who's right in this case, but I like the way Linus called those devs idiots. That makes me smile. People should drop their egos and get back to debating.. the gloves are off, Fight!

In the past killer apps on the Internet have doubled their bandwidth usage every 2 weeks, usually for at least 6 months. If IPv6 does aquire a killer app[1], then will ISP's and companies have time to react? How quickly could your ISP buy equipment that supports IPv6? How quickly could your company roll out new IPv6 enabled firewalls?

There are technologies like 6to4[2], and Teredo[3] that will automatically tunnel IPv6 over the v4 internet, even if you are behind NAT and don't have a realworld IPv4 address. However intermediate systems that know nothing of IPv6 can't easily firewall, properly prioritise for QoS, or transparently proxy the traffic inside these tunnels. If you don't have IPv6 support for your network infrastructure, how do you know who on your network *does* have support for it and is using it to bypass your firewalls? Rumour has it that 6to4 and Teredo are both enabled by default on Windows Vista.

[1]: My picks are P2P/VoIP, since NAT makes both tricky (although not necessarily impossible).
[2]: http://www.wlug.org.nz/6to4
[3]: http://www.wlug.org.nz/Teredo

In the past killer apps on the Internet have doubled their bandwidth usage every 2 weeks, usually for at least 6 months. If IPv6 does aquire a killer app[1], then will ISP's and companies have time to react? How quickly could your ISP buy equipment that supports IPv6? How quickly could your company roll out new IPv6 enabled firewalls?

There are technologies like 6to4[2], and Teredo[3] that will automatically tunnel IPv6 over the v4 internet, even if you are behind NAT and don't have a realworld IPv4 address. However intermediate systems that know nothing of IPv6 can't easily firewall, properly prioritise for QoS, or transparently proxy the traffic inside these tunnels. If you don't have IPv6 support for your network infrastructure, how do you know who on your network *does* have support for it and is using it to bypass your firewalls? Rumour has it that 6to4 and Teredo are both enabled by default on Windows Vista.

[1]: My picks are P2P/VoIP, since NAT makes both tricky (although not necessarily impossible).
[2]: http://www.wlug.org.nz/6to4
[3]: http://www.wlug.org.nz/Teredo

This...

I found the easiest step to be authenticating against the AD server. Once you set up the /etc/krb5.conf file properly, you can add the linux machine as a member of the domain (using kinit domainuser@DOMAIN.COM, and then doing net ads join). Remember that the DOMAIN.COM needs to be in all caps when doing kinit, I tried doing lowercase and it didn't work (same thing for specifying the realm in the krb5.conf file).

After that you need to make sure the winbind conf is set up properly. This varies from distro to distro; in Suse Enterprise Server 9 this was just in the /etc/samba/smb.conf file.

Then you have to change all the lines in /etc/pam.d/login and /etc/pam.d/sshd and /etc/pam.d/jabberd (depending on what you want to authenticate against AD with). I actually haven't set up jabber yet since I was updating the tons of patches from the initial 9 install to SP2. (I didn't realize SP2 was even out but the online updates said it was SP2.. oh well).

I can post all my relevant conf files on my journal if you want, let me know. Take note that a lot of what I did is specific to Suse, so it may be slightly different for other distros.

Some of the links I used are here:
Join Linux to Active Directory with Winbind
Active Directory Samba
Linux and Active Directory
Samba and Windows 2003 Active Directory Integration ---- A good reference for kerberos authentication (though there are many more out there via google).

There were some other pages I used that aren't in the bookmarks on this machine, but those should be helpful... There is some out of date info on some of them, and some of the examples don't work (I found the pam_stack.so references in pam.d did not work _at all_ in suse enterprise server).

HTH.

You think you kid, but This Link proves otherwise!

There were two major Telcos in NZ, Telecom NZ, which is the monopoly provider of residential phone lines to the majority of the population, and Clear (now Telstraclear), which provided a few business lines and toll services. Telecom basically forced Clear to sign an interconnect agreement whereby the two companies would charge each other 2c per minute for calls terminating on the other network. Since Telecom was much larger than Clear, they were making money off the deal.

Then Clear set up ZFree, the first free dial-up ISP. Thousands of Telecom customers every day were making calls lasting several hours, terminating on the Clear network. Clear started making money off the deal.

A full description of what happened can be found at http://www.wlug.org.nz/ZFree.

There was also a second ISP called I4Free, they had a revenue sharing arrangement with Clear.

I've skimmed over the Stateless Linux HOWTO, and it doesn't seem to be all that different from NFSRoot.

Stateless Linux might be a bit broader -- NFSRoot as I have seen it deployed seems to match only the case of, as the HOWTO puts it, "caching clients, which boot from a copy of a snapshot, cached locally on a hard drive", rather than the other three scenarios described under "stateless Linux clients" in the HOWTO -- but that's splitting hairs over what seems to be, in most ways, the same basic idea.

So -- how is Stateless Linux a radically new thing? There are documents for NFSRoot going back to 1997 and maybe earlier, and I wouldn't be at all surprised if people were doing things like this on platforms like Sun & SGI well over a decade ago. So -- what exactly is it that's new here ?

Why reinvent the wheel? AFAICS, there already is ACL support for ext2/ext3 and even nfs.

It's called mprotect(2). The program that wants to turn data into code just asks the OS nicely.

Unfortunately, I can think of at least one exploit for a no-exec stack. The attacker overflows a buffer with his exploit code, tacking on the following stack:

(top of stack)
(local variables allocated after the buffer)
cc cc cc cc cc cc ... - Exploit code overwriting local variables
xx xx xx xx - Return address for exploited function (start of mprotect(2) in libc)
xx xx xx xx - Return for mprotect(2) call (start of exploit)
xx xx xx xx - <i>addr</i> parameter (start of stack)
xx xx xx xx - <i>len</i> parameter (size of stack)
07 00 00 00 - <i>prot</i> parameter (R+W+X)

Not as bad as my first glance..

I read it as, "Royal Linux PITA Finally coming to market".

Notes, hints and tips regarding Radeon driver and Kernel 2.6

One of the better resources for linux and open-source information is the WLUG wiki at http://wlug.org.nz

I don't know how LQ's wiki will end up, but if the answers from questions posted to the forums make their way into Wiki entries and are regularly maintained, then it has potential.

Almost two years ago, a resourceful hacker at our Waikato Linux Users Group set up a Wiki, and it has been a phenomenal success. We'll be surprised how often we google looking for something, and find the Wiki as the first hit!

What did we do differently? For starters, Perry imported the man pages and howtos, meaning people could link to a man page in the Wiki just by naming it (ie fstab(5)). This encourages both reading man pages and editing them, marking them up to be more useful to everyone. Another point is that now you can see which pages (and other man pages) refer to a given page, an invaluable tool that man itself can't provide!

We're thinking of dropping the HOWTOS because it's amost impossible to get changes sent up stream, and our own locally developed content tends to be better and more up to date.

Good luck to the LQ people, but there exist a number of Wikis that have the knowledge growing nicely outside of this. If you're looking for something, come check us out.

I don't know how LQ's wiki will end up, but if the answers from questions posted to the forums make their way into Wiki entries and are regularly maintained, then it has potential.

Almost two years ago, a resourceful hacker at our Waikato Linux Users Group set up a Wiki, and it has been a phenomenal success. We'll be surprised how often we google looking for something, and find the Wiki as the first hit!

What did we do differently? For starters, Perry imported the man pages and howtos, meaning people could link to a man page in the Wiki just by naming it (ie fstab(5)). This encourages both reading man pages and editing them, marking them up to be more useful to everyone. Another point is that now you can see which pages (and other man pages) refer to a given page, an invaluable tool that man itself can't provide!

We're thinking of dropping the HOWTOS because it's amost impossible to get changes sent up stream, and our own locally developed content tends to be better and more up to date.

Good luck to the LQ people, but there exist a number of Wikis that have the knowledge growing nicely outside of this. If you're looking for something, come check us out.

I don't know how LQ's wiki will end up, but if the answers from questions posted to the forums make their way into Wiki entries and are regularly maintained, then it has potential.

Almost two years ago, a resourceful hacker at our Waikato Linux Users Group set up a Wiki, and it has been a phenomenal success. We'll be surprised how often we google looking for something, and find the Wiki as the first hit!

What did we do differently? For starters, Perry imported the man pages and howtos, meaning people could link to a man page in the Wiki just by naming it (ie fstab(5)). This encourages both reading man pages and editing them, marking them up to be more useful to everyone. Another point is that now you can see which pages (and other man pages) refer to a given page, an invaluable tool that man itself can't provide!

We're thinking of dropping the HOWTOS because it's amost impossible to get changes sent up stream, and our own locally developed content tends to be better and more up to date.

Good luck to the LQ people, but there exist a number of Wikis that have the knowledge growing nicely outside of this. If you're looking for something, come check us out.

Until now, Intel-compatible processors have not been able to distinguish between sections of memory that contain data and those that contain program instructions. This has allowed hackers to insert malicious program instructions in sections of memory that are supposed to contain data only, and use buffer overflow to overwrite the "pointer" data that tells the processor which instruction to execute next. Hackers use this to force the computer to start executing their own code (see graphic).

The new AMD chips prevent this. They separate memory into instruction-only and data-only sections. If hackers attempt to execute code from the data section of memory, they will fail. Windows will then detect the attempt and close the application.

I've seen patches to Linux that provide a non-executable stack. There's also the mprotect(2) system call to change memory protection from user programs. And I believe OpenBSD has had a non-executable stack in the mainline for at least a couple releases.

So what they're advertising here seems to have already existed. If not, how are the things above possible?

this list of "infringements" is way smaller than the one the bsd folks dealt with.

i've got $5 that says it's done by next wednesday.

"this is slashdot" is the slashdot version of godwins law.

But can it read mail?

I wanted a place for highly technical information about Linux, particularly programming documentation. I'd read the HOWTO's and had used google, but was irritated that google tended to find me the question, but rarely the answer.

My solution was to set up the WLUG Wiki. If you can find a group of like minded people to "seed" the community with your problems (and solutions) then slowly, over time other people join in. We've been running the wlug wiki for 18 months now, and it's now the top hit on google for all kinds of things, and is linked from all kinds of official pages as documentation.

Theres been several people that have said that they'd love to have a general "system administration" wiki for Windows, but there are none (and I'm not going to set one up -- I don't know enough about administering windows!)

So, set one up, it's not difficult. Try and write down what problems you've solved each day and what their solution were into the wiki, and try and get a couple of other people to join in. Pretty soon you'll have created you're own resource

• IPv6
• IPv6 Setup
• 6to4
• IPv6 Lessons Learnt

• IPv6
• IPv6 Setup
• 6to4
• IPv6 Lessons Learnt

• IPv6
• IPv6 Setup
• 6to4
• IPv6 Lessons Learnt

• IPv6
• IPv6 Setup
• 6to4
• IPv6 Lessons Learnt

My Radeon driver & kernel 2.6 notes

Making the NForce2 onboard ethernet card work in Linux is easier than you might think.

Either: Go to NVIDIA's websiteand get their driver wrapper, and compile it (if you are using kernel 2.5+, there is a patch for the builder to make it build a .ko module instead)

Or, help start testing the new ForcedEth clean room implementation of the driver. It's not perfect but it works, and it was included in Andrew Morton's -mm patch set in about 2.6.0-test9; so as soon as it's a bit better I'm sure it will be in the mainline kernel.

It's a bit hard to get it going compared to out of the box support, sure, but no different to the rigamarole I have to go through to get almost any network card working on Windows 98.

If you want an excellent source of notes on the NForce2 and Linux, that you are encouraged to update as you find things yourself, check the WLUG Wiki.

You can boot other OSes from the Windows boot loader easily... you just need a copy of the boot sector (first 512 bytes) in a file at the root of the C:\ drive. See here on how to configure NT Loader to boot Linux.

ClamAV.

Picked up some of the momentum behind the failed? stalled? Open AntiVirus.

ClamAV is pretty much Linux command line only, designed for scanning e-mail. It also cannot remove viruses from executables, only detect them. However, it's Free, and that's a Good Thing.

I searched for the instructions I remembered seeing, and I found this, which has instructions to do the same thing but isn't the page I was thinking off.

As you observe, the old copies still sell for a good price. The real solution is to get corel to re-assemble and re-link the binary for unix and sell it for a reasonable price.

The alternitive is to start writing a replacement from scratch.

• Documentation! Documentation! Documentation!

  Writing documents on how to do things (or why to do things, accounting is a black art to many). Help people out using the program. The article said that the programmers are spending a lot of their time answering questions instead of actually getting on and *doing* the job. Even simple things like "Tips and tricks" are a good start.

• Testing

  Programmers make awful testers. Non programmers seem to be able to break programs in new and mysterious ways. The trick here is to learn how to give the best information to the programmers about how to reproduce bugs. A Programmer will usually only be able to fix a bug they can see, if you can't make the programmer see your bug, it won't get fixed!

• System Administration

  If you aren't a programmer, but know Unix well, then you can offer to help manage the site, the article mentions that they are having trouble searching the archives, perhaps setting up a web based archive + htdig or similar would help.

• Advocacy

  You usually get developers because they use software and have an itch to scratch. I'd guess that GNU/Cash's biggest problem is that programmers don't use the software. Running Tutorials, presentations at local LUGs can be invaluable for getting a larger userbase (and therefore hopefully a larger developer base)

• Money

  If theres a feature you need (or want) or a bug you need fixed, consider putting a bounty on it. It doesn't have to be much, $10 or so. If enough people put enough bounty on one bug someone's going to bite, or a programmer can do lots of "simple" fixes/features and can make quite a few lots of $10 quickly.

• Feedback

  Providing feedback on what features are used, and what aren't is important to developers who may spend a lot of time on a feature they think is important instead of a feature that actually is important.

• Wiki

  If they are going to put the wiki up, go and define terms, and write pages about things. Write answers to FAQ's. Wiki'ing is very addictive and fun. And while you're at it, everyone learns! I run a wiki, we have over 6,000 pages. It's a lot of fun.

More useful (no kernel recompilation required) is that a gentleman named Robbie Ward has applied NVidia's AGPGART patch to the Radeon kernel module builder, and the result can be found at here.

You can find a small HOWTO on getting the lot going at the Waikato Linux Users' Group wiki, at http://www.wlug.org.nz/RadeonOnNforce. Have a look around while you're there, its an excellent source of information and we'd really love you to add to it.

If you mount it with the options "hard,intr" then it will allow you to recover nicely if an NFS server goes away.

See the Waikato Linux Users Group page on NFS for more information.

I find the local LUG lists a great place to start when asking for help. They often have very experienced people that are around for helping you. In particular, if you screw it up beyond all recognition, they're close enough that you can ask if they can come and fix the problem.

Google for your problem. Learning how to use google effectively to find answers to your problems is great time saver. Searching for "apache won't work" doesn't get you very far but "apache: can not bind to port 80" is likely to get a much better response out of google.

Look for documentation projects that try and help people out. My personal favourite is the Waikato Linux Users Group wiki which tries to encampus as much information about linux as it can. It's an excellent place to go and create a page asking a question and have several knowledgable people wiki'ing the answer, and then having it available for everyone else to find when *they* have the same issue.

A lot of people at WLUG complained about that too, so isomer put all the man pages up on a Wiki. Not many of them have examples yet, feel free to contribute your own.

My favorite is zcat(1) of course, Although zcat'ing compressed patches was about the only really good example I could think of. Most other times there's a -z switch that does the same job :(

A lot of people at WLUG complained about that too, so isomer put all the man pages up on a Wiki. Not many of them have examples yet, feel free to contribute your own.

My favorite is zcat(1) of course, Although zcat'ing compressed patches was about the only really good example I could think of. Most other times there's a -z switch that does the same job :(

Whilst we're on the subject, remember that old PCs are still very useful (especially for Grandma, or as a drone off a more powerful server of some sort ala XTerm/terminal servers) and although Microsoft are going to stop supporting these products (since when did anyone ever turn to Microsoft for support anyway?), they're not going to go away.

We're still going to be asked to fix problems for Nana's computer, and we're still going to install Windows 95 on Pentium-class PCs for people who aren't quite ready for Linux on the desktop.

Does this mean changes in copyright restrictions on these products? I'm fairly sure that under New Zealand copyright law, you're allowed to make copies if the company doesn't make a reasonable effort to sell you the product, and if they're not supporting it I'm sure they won't be selling it any more.

(looks at framed MS-DOS 6 box on the wall) The disks come in a "You're important to us, please register" plastic bag. How ironic.

Alternatively; what if I strip all the comments and formatting, and rename all the varables to random meaningless sequences? The code will still compile but won't be much help for understanding or improving the program. I looked this up a while back, so I've forgotten where I found it but the answer is apparently 'no'; source code doesn't count if it's been obfuscated or is delivered in some unusable form.

I'd love to know what the situation would be if anyone ever managed to write a useful program in INTERCAL and tried to release it under GPL :)

I'm on some mailing lists where people like to GPG (GNU's PGP clone) sign email, and our LUG have had a couple of GPG keysignings.

So, being a OSS supporting Windows user, I thought I'd try this out.

My normal mail client is Outlook Express (don't complain, when used by someone with a clue there's no more security risk than with any other mailer), and the method that PGP plugs into Outlook Express is digusting. There's a GPG Outlook Express plugin that suffers from the same problem. Basically, when a message windows is loaded, the decoder automatically copies all the text from the window into a buffer, runs the text through PGP, and then pastes the results back into the window. In the case of the version of PGP I tried, in 8pt font.

This also doesn't help when you have a Windows mailer that doesn't support MIME types correctly (Evolution especially likes to send mail with the PGP block as an 'attachment', which basically means your message appears blank in OE with two attachments). No PGP verification there.

I hear Outlook isn't much better; Outlook's IMAP support isn't as polished as OE's, and I guess they don't really want to make it better at the expense of Exchange licenses.

What's the answer? Enigmail. You have to use Mozilla Mail, of course, but that's something that can be adjusted to (and if it's too hard to adjust, it can be customized in XUL of course.) But it seems to be the only way to get correct behaivour for PGP email verification in Windows. And it's all OSS, too.

That said, it didn't handle decryption at all. But I was running a beta on a nightly with a 2 day old GPG build, etc. You get what you pay for.

What would I like to see happen? Outlook Express to become a bit more modular, with actual support for PGP (even the free PGP Home edition would be better than nothing). Or Mozilla Mail evolve a little bit more so I can tolerate using it as my mail client ;)