Well, there's not much change.
But that was said beforehand, it won't be the big change like going from kde1 to kde2.
It's more an upgrade to Qt 3, which has as result that kde2 and kde3 are binary incompatible.
Maybe they are lucky (or not) that it is in about the same timeframe as going from gcc2 to gcc3. All c++ binaries will be broken with or without qt2/qt3 in most major distro's.
On kernel-cousin I read that a beta version should become available at the end of the month. Might be interesting.
I just hope that kde 3 will be ready to ship in the new distro's for next year, like Redhat 7.3/8.0 and Mandrake 8.2.
1. The IP-Masquerading howto does ipmasquerading on a 2.2 (and 2.0?) kernel.
Kernel 2.4 does full NAT, therefore it's called the NAT howto.
I don't know if the two howto's about iptables have appeared on www.linuxdoc.org yet, but it is about time they are.
2. Netfilter does not emulate ipchains or ipfwadm.
It is a replacement of them. Allthough you can configure your kernel for ipchains or ipfwadm support.
Netfilter does things rather different.
The chains are more seperate. For example when you want to allow a packet over the forward chain, you had to open the input and output chain also in ipchains.
With iptables you only have to open the forward chain, and the packet doesn't travel over the input and output chains.
This is a more flexible approach. You can now close the firewall box completely, and only allow an ssh login from one or two local clients, while you still can allow forwards from local and remote hosts.
Also it's statefull. It does connection tracking. This means you can drop all incoming connections to your local user ports (1024-65535), and accept outgoing new connections, and then specify with the --state options to allow related and established connections to come in.
That way, the connections you open yourself are actually still working.
So sure, you can rewrite your ipchains or ipfwadm rules.
But you'll miss out on a lot of security and maintainability features.
The only real reason against iptables can be that it is still fairly new compared to ipchains and ipfwadm, and so you can assume all the security issues are allready fixed in those.
The last security fix in iptables is from March this year, in kernel 2.4.3, in the ip_conntrack_ftp module.
I don't know about instant messengers. I assume it needs portforwarding (every connection to a certain port gets forwarded directly to a local machine), but i dunno if that's the case.
And yes, the kernelmodule ip_conntrack_ftp does do what you are asking.
It's called statefull.
When someone connects on port 21 of my ftp server, he can do a passive or an active dataconnection, whichever he chooses, and the connection tracking tracks it all.
Even on a forwarded port, where the ftp server is behind the firewall, it gets forwarded without any problem afaik.
Just keep one thing in mind with ftp connection tracking; you need to use a kernel newer then 2.4.3, because earlier versions had a security issue, where you could connect to an ftp port, and within a few seconds you could connect to, say an ssh port. But this is the one and only real issue there is with it.
Also, afaik, the irc-dcc conntrack module is not in the vanilla kernel and is only available as a patch.
There's an alternative like MaraDNS, which is public domain.
I don't think it supports Bind's and DjbDNS zone files yet, but i believe it's coming along nicely.
Does anyone have experience with it?
It runs #slashdot and #slash (slashcode).
The channel #linuxhelp is founded by linux.com which is of VA Software.
It's also connected to irc.debian.org which means that there are a lot of people in #debian.
Furthermore it's the "official" #mandrake server.
And in #redhat are some redhat employees hanging out.
It also has #kernelnewbies of which Rik van Riel is founder I believe.
For the most drivers you can edit/etc/modules.conf and put in an alias like:
alias eth0 tulip
If your networkcard uses a tulip module.
This only counts for kernel-level configuration.
Setting up most of the things (like network) can be done through/etc/sysconfig.
Some hardware still needs some configuration afterwards. For printers you can use printerdrake or kups or the webbased interface of cups.
For scanners there's nothing yet, but in mdk 8.2 there will be a tool scannerdrake, which should set up/etc/sane.d for a supported scanner.
Imo the text based solutions are there when the install of the distro failed at a particular device, or if kudzu fails. Or if you just want to check it out.
Well, we could all hope that the next interviewer will read slashdot, before asking the questions.
Therefore we could collect a few questions for Linus.
Like:
What about Andrea vs Rick's VM system?
What important changes are already planned for 2.5?
Could you think of a situation/decision where other issues (like ego) went to be more important than the technical issues?
What do you do with your time besides working at Transmeta and hacking on Linux?
Then again, it would even be nicer if Slashdot could collect 10 questions for the next Slashdot interview:)
Well, I was actually saying that if you compare 2.4.10 with 2.4.9, you're actually comparing 2.4.10 and 2.4.5.
Even though the kernel had gradually evolved from 2.4.0 to 2.4.9, it was evident that the VM design was more of a liability than an advantage.
Point is, the kernel did not gradually evolve to 2.4.9, but only to 2.4.5.
Rik's VM has problems, but in the current ac tree it is doing quite well. Maybe as well or better then Andrea's VM.
Anyway, let's hope that the best VM wins, if there is a best VM.
He seems to think a lot in favor of the Andrea VM.
That's ok to me, but he might want to take notice of the fact that linus didn't accept Rik's patches a lot and that 2.4.9 still had actually the VM of 2.4.5. The -ac tree was more up to date.
So for a good comparison you'll need to compare the linus and the ac tree.
Your idea may be valid, but the exaple you choose might have a different background.
Most likely your soundcard's buffer is empty, before it gets filled again.
You can change the latency of your pci bus with pciutils, which might improve that.
The latest version of Abiword 0.9.4 has experimental wp import (and export) support.
Since these officesuites now work together on their import/export filters it should become available for staroffice/openoffice too.
So we are being heard!
For $2,500/year, I can certify that your Linux box is 100% secure.
If your box is ever hacked, I will dole out $10,000 on the spot.
You can count me in.
You can reach me at marcel@localhost.
Oh, and in case the box gets cracked by marcel@localhost, don't just blindly assume it's the same localhost.
You know, there's more then 1 localhost on this earth:)
Afaik a single computer opens client connections on ports 1024 to 32000, while a connection over a nat table opens on ports 32000 to 65000.
I heard it somewhere, so I'm not sure if it's true.
And they should be really wanting to waste some time, if they take the effort to use a sniffer on your connections, just to detect if you run Nat.
You should check out mpgtx, the mpg toolbox.
It's heading for a stable 1.0 release.
You can find it on http://mpgtx.sourceforge.net
By the way, splitters with a gui?
I find it hard to find a mpg splitter with a gui.
I do know mpgcut (or mpcut?) and bc2000.
Which ones are you referring to?
I wouldn't expect a merge between Suse and Mandrake.
I don't know what the people at Suse think about that idea, but I do know that Mandrake consists of Free/GNU software. It's free to download. And they want to keep it that way.
Over the last few years Suse has slowly been moving into proprietary software. Yast and Yast2 are under non-free licenses, or at least, you're not free to resell it, it's non-GNU.
I don't know the license of their email-server, but i assume that's also non-GNU.
MandrakeSoft is not interested in non-GNU software.
I'm not planning on a flamewar between licenses, but it does matter under which license software is being shipped.
For wp8 you need to install libc5 and ld.so.
You can get them from a mandrake 7 cd.
Or you can get the Caldera libc5 rpm, which contains also the lib from ld.so.
Then it should install and run.
Last year: http://slashdot.org/articles/00/05/31/2137247.shtm l
they did just the same thing.
I'm confused with the numbers though, they say 40 out of 120 people lose their job.
They say they were expecting to double every quarter (on revenue or people?).But last year they layed off some percentage of 200 people.
I don't see them doubling every quarter, not even every year.
Hmm, and how do you make that URL become a link?
Slashdot Mirror
Well, there's not much change.
But that was said beforehand, it won't be the big change like going from kde1 to kde2.
It's more an upgrade to Qt 3, which has as result that kde2 and kde3 are binary incompatible.
Maybe they are lucky (or not) that it is in about the same timeframe as going from gcc2 to gcc3. All c++ binaries will be broken with or without qt2/qt3 in most major distro's.
On kernel-cousin I read that a beta version should become available at the end of the month. Might be interesting.
I just hope that kde 3 will be ready to ship in the new distro's for next year, like Redhat 7.3/8.0 and Mandrake 8.2.
Sorry, but you're wrong.
1. The IP-Masquerading howto does ipmasquerading on a 2.2 (and 2.0?) kernel.
Kernel 2.4 does full NAT, therefore it's called the NAT howto.
I don't know if the two howto's about iptables have appeared on www.linuxdoc.org yet, but it is about time they are.
2. Netfilter does not emulate ipchains or ipfwadm.
It is a replacement of them. Allthough you can configure your kernel for ipchains or ipfwadm support.
Netfilter does things rather different.
The chains are more seperate. For example when you want to allow a packet over the forward chain, you had to open the input and output chain also in ipchains.
With iptables you only have to open the forward chain, and the packet doesn't travel over the input and output chains.
This is a more flexible approach. You can now close the firewall box completely, and only allow an ssh login from one or two local clients, while you still can allow forwards from local and remote hosts.
Also it's statefull. It does connection tracking. This means you can drop all incoming connections to your local user ports (1024-65535), and accept outgoing new connections, and then specify with the --state options to allow related and established connections to come in.
That way, the connections you open yourself are actually still working.
So sure, you can rewrite your ipchains or ipfwadm rules.
But you'll miss out on a lot of security and maintainability features.
The only real reason against iptables can be that it is still fairly new compared to ipchains and ipfwadm, and so you can assume all the security issues are allready fixed in those.
The last security fix in iptables is from March this year, in kernel 2.4.3, in the ip_conntrack_ftp module.
I don't know about instant messengers. I assume it needs portforwarding (every connection to a certain port gets forwarded directly to a local machine), but i dunno if that's the case.
:)
And yes, the kernelmodule ip_conntrack_ftp does do what you are asking.
It's called statefull.
When someone connects on port 21 of my ftp server, he can do a passive or an active dataconnection, whichever he chooses, and the connection tracking tracks it all.
Even on a forwarded port, where the ftp server is behind the firewall, it gets forwarded without any problem afaik.
Just keep one thing in mind with ftp connection tracking; you need to use a kernel newer then 2.4.3, because earlier versions had a security issue, where you could connect to an ftp port, and within a few seconds you could connect to, say an ssh port. But this is the one and only real issue there is with it.
Also, afaik, the irc-dcc conntrack module is not in the vanilla kernel and is only available as a patch.
And yes, ftp conntrack is neat
In the Howto's only the basics are mentioned.
In the manpage, lots of options are explained.
For examples you will want to search freshmeat.net.
A few of my bookmarks:
http://www.lysator.liu.se
http://64.39.18.129
http://www.linuxsecurity.com
And some example scripts you might not find on freshmeat.net:
http://nerdfest.org
http://chaosmongers.org
There's an alternative like MaraDNS, which is public domain.
I don't think it supports Bind's and DjbDNS zone files yet, but i believe it's coming along nicely.
Does anyone have experience with it?
It runs #slashdot and #slash (slashcode).
The channel #linuxhelp is founded by linux.com which is of VA Software.
It's also connected to irc.debian.org which means that there are a lot of people in #debian.
Furthermore it's the "official" #mandrake server.
And in #redhat are some redhat employees hanging out.
It also has #kernelnewbies of which Rik van Riel is founder I believe.
For the most drivers you can edit /etc/modules.conf and put in an alias like:
/etc/sysconfig.
/etc/sane.d for a supported scanner.
alias eth0 tulip
If your networkcard uses a tulip module.
This only counts for kernel-level configuration.
Setting up most of the things (like network) can be done through
Some hardware still needs some configuration afterwards. For printers you can use printerdrake or kups or the webbased interface of cups.
For scanners there's nothing yet, but in mdk 8.2 there will be a tool scannerdrake, which should set up
Imo the text based solutions are there when the install of the distro failed at a particular device, or if kudzu fails. Or if you just want to check it out.
Well, we could all hope that the next interviewer will read slashdot, before asking the questions.
:)
Therefore we could collect a few questions for Linus.
Like:
What about Andrea vs Rick's VM system?
What important changes are already planned for 2.5?
Could you think of a situation/decision where other issues (like ego) went to be more important than the technical issues?
What do you do with your time besides working at Transmeta and hacking on Linux?
Then again, it would even be nicer if Slashdot could collect 10 questions for the next Slashdot interview
Well, I was actually saying that if you compare 2.4.10 with 2.4.9, you're actually comparing 2.4.10 and 2.4.5.
Even though the kernel had gradually evolved from 2.4.0 to 2.4.9, it was evident that the VM design was more of a liability than an advantage.
Point is, the kernel did not gradually evolve to 2.4.9, but only to 2.4.5.
Rik's VM has problems, but in the current ac tree it is doing quite well. Maybe as well or better then Andrea's VM.
Anyway, let's hope that the best VM wins, if there is a best VM.
He seems to think a lot in favor of the Andrea VM.
That's ok to me, but he might want to take notice of the fact that linus didn't accept Rik's patches a lot and that 2.4.9 still had actually the VM of 2.4.5. The -ac tree was more up to date.
So for a good comparison you'll need to compare the linus and the ac tree.
Your idea may be valid, but the exaple you choose might have a different background. Most likely your soundcard's buffer is empty, before it gets filled again.
You can change the latency of your pci bus with pciutils, which might improve that.
Check out:
ibm.com article[ibm.com]
The latest version of Abiword 0.9.4 has experimental wp import (and export) support.
Since these officesuites now work together on their import/export filters it should become available for staroffice/openoffice too.
So we are being heard!
There's mpgtx, which is a commandline tool. Get it at mpgtx.sourceforge.net.
There's also mjpegtools. Get that at mjpeg.sourceforge.net. It seems rather fine to me.
Interesting review.
On MandrakeForum the latest news about filesystems is that JFS will be pulled from Mandrake 8.1.
There was done a test with a buildup/takedown of 100.000 files.
In the case of JFS the deleting of those files caused a hard kernel crash.
Seems there is some work to be done, despite it being a 1.0 release.
And hey, what's up with this html here?
Seems only plain text works right for me.
For $2,500/year, I can certify that your Linux box is 100% secure.
If your box is ever hacked, I will dole out $10,000 on the spot.
You can count me in.
You can reach me at marcel@localhost.
Oh, and in case the box gets cracked by marcel@localhost, don't just blindly assume it's the same localhost.
You know, there's more then 1 localhost on this earth
Did you know they can detect it?
Afaik a single computer opens client connections on ports 1024 to 32000, while a connection over a nat table opens on ports 32000 to 65000.
I heard it somewhere, so I'm not sure if it's true.
And they should be really wanting to waste some time, if they take the effort to use a sniffer on your connections, just to detect if you run Nat.
Yesterday we had news on slashdot:
GNU is Unix
Today the news is:
GNU is not Linux
Here in Holland we call the summertime, cucumbertime.
Or so to speak: No news today
You should check out mpgtx, the mpg toolbox.
It's heading for a stable 1.0 release.
You can find it on http://mpgtx.sourceforge.net
By the way, splitters with a gui?
I find it hard to find a mpg splitter with a gui.
I do know mpgcut (or mpcut?) and bc2000.
Which ones are you referring to?
I wouldn't expect a merge between Suse and Mandrake.
I don't know what the people at Suse think about that idea, but I do know that Mandrake consists of Free/GNU software. It's free to download. And they want to keep it that way. Over the last few years Suse has slowly been moving into proprietary software. Yast and Yast2 are under non-free licenses, or at least, you're not free to resell it, it's non-GNU.
I don't know the license of their email-server, but i assume that's also non-GNU.
MandrakeSoft is not interested in non-GNU software.
I'm not planning on a flamewar between licenses, but it does matter under which license software is being shipped.
For wp8 you need to install libc5 and ld.so. You can get them from a mandrake 7 cd. Or you can get the Caldera libc5 rpm, which contains also the lib from ld.so. Then it should install and run.
Last year: http://slashdot.org/articles/00/05/31/2137247.shtm l
they did just the same thing.
I'm confused with the numbers though, they say 40 out of 120 people lose their job.
They say they were expecting to double every quarter (on revenue or people?).But last year they layed off some percentage of 200 people.
I don't see them doubling every quarter, not even every year.
Hmm, and how do you make that URL become a link?