Our shop needed something like this. Actually, it wasn't for the unix machines (I'm the main unix admin and I just keep a file/etc/LOG on all my unix boxes), but rather for the support personnel who were working with user desktop machines (this is an office, so obviously these were not unix machines but rather Windows and MacOS).
We just ended up writing our own system, one bit at a time. We now have a somewhat complex system that integrates our main employee database (used for accounting and whatnot, a lot of accounting apps having moved to the web), our computer inventory database, and our support workorders database (and various miscellaneous other web apps). The workorders database allows one to tie a request to a particular machines, so one can query and find out the history of a particular desktop machine (as machines get moved around a lot).
Look into php+mysql, as these make web apps extremely easy (much faster to write than perl, and I'm an experienced perl programmer, written XS extensions, etc - I like perl very much and do quite a bit of it, but web databases are much easier to do in php). If you haven't done any php, first look at some GOOD php code to learn how to do things as it's very easy to come up with unmaintainable crap (see www.horde.org for examples of good php).
Also, if any admin is reading this and not doing it already - log your changes somewhere. I use/etc/LOG, but anything immediately recognizable as an important document obviously written by the previous admin will very much help the machine's next admin when you get a better job. This has also very much helped me when I need to duplicate a machine's configuration, upgrade a server, etc ("what were the apache configuration flags I used on this machine again?"). Don't put it off until you get some snazzy web database, but start documenting anything you do as root right now.
PHP's online documentation is excellent. Their website has this very useful feature where you don't even have to have a window open to it when you're doing web development: simply type in the name of the function you want:
Another must-have: Cryptography: Theory and Practice by Stinson. Far more in-depth than Applied Cryptography, with real math (you'll need some higher-level college mathematics to get anything out of it), but doesn't read like a reference manual (which is really what the Handbook is). Great crypto book for those with math and theoretical CS backgrounds who don't do daily work in crypto.
Along the same lines, I found Feller's Introduction to Probability Theory and its Applications extremely useful when trying to grok this stuff.
Unfortunately, I've never really found a good book on abstract algebra. Recommendations, anyone?
I worked for this department that was running Appleshare IP 6.x for mail services. Of course, this wasn't my choice, and it took quite a while to convince them to move to something else (ASIP has these pointy-clicky user management tools).
Anyway, ASIP only allows you to selectively allow relaying based on domain name, just like this guy is doing. It, of course, doesn't explain this as the documentation is truly useless. Also, it doesn't allow you to do IP-based selective relaying, which is what people actually need.
This is a completely useless feature. You can simply do "MAIL FROM: somelocaluser@yourdomain.com" and it allows mail through. Then, in the actual mail message, you add a header "From: spammer@otherdomain.com", and the second thing is what most users (who don't read relay headers) will see.
Someone else figured this out, and on a Friday evening, our server started spewing out LOTS of spam.
Now, I couldn't simply put up another mail server, as ASIP keeps all of its mail in one large, monolithic file, so I couldn't, for instance, export the mail to a qmail machine. Instead, I put the ASIP box behind a firewall so that NOBODY could connect to it. Then, I set up a secondary MX record for the box pointing to a Linux machine running qmail. Then, I poked a hole in the firewall to allow mail to the ASIP box ONLY from the Linux box (and from a couple other IPs for which it actually needed to do the relaying in the first place). Yes, this is quite a hackish solution, but Apple's software was extremely defficient and I was sick of working with it.
The point? This is an open relay, and it will be abused once some spammer runs out of open relays that don't even do "MAIL FROM:" checking. Whether or not this guy is an idiot, I don't know, but what I do know is that this guy needs a real admin.
I've had the PDFs for this lying on a my disk for about a year now. Good book, but I don't see what's new - I found it from a "free books on the Internet" link over a year ago (and yes, I actually read most of it, I'm not just hoarding).
We had around 15 active HP laser printers in a high-volume environment. One of my primary duties is to write spooling software and various other bits (long story explaining why we need custom spooling software and can't use any available product - this sort of thing is not uncommon in high-volume environments).
Most of the printers had some sort of bug in the imaging engine. You can upgrade the firmware on the JetDirect card yourself, but the only way to upgrade the printing engine firmware is to get a new ROM chip. According to some of the folks on the HP forums, newer engine firmwares fix a bunch of bugs that look identical to the ones I've been seeing. I've definitely ascertained that these are bugs in the printing engine (saved the windows-generated postscript files, un-obfuscated/expanded them, went through line-by-line, understood the postscript, figured out there is indeed a bug in the postscript engine - you can imagine this is quite a bit of work).
Now, the thing is that I'm the one that catches hell when someone's excel spreadsheet doesn't print, so I'm none too happy about this.
We asked HP for ROM chip upgrades about a year ago, and went through quite a run-around with their service department who couldn't understand the basic idea that I write software instead of fiddling with spreadsheets. To preserve my sanity, I let the higher-ups deal with the HP folks.
Basic outcome is that's it's been around one year that these firmware chips have been "in the mail." In the meantime, we've moved the HP printers from a high-volume environments into low-volume environments and replaced them with Xerox machines. My life is much happier this year than it was last year.
I was wondering where this went because I found it quite useful. Hopefully the newer versions fixed stuff like the tilde key not working, etc. It'd be nice if it came with source so I could figure out what the problem with the tilde key is.
This won't work with HFS because of the file forks. If you use UFS with OS X, the file forks appear as normal files. Eg, if you have a file named "foo", "._foo" is the resource fork. I don't know where they keep the finder fork, and I've never cared to investigate.
Here's a tip if you have to use OS X for a file server of any kind: use two partitions (or two disks), one HFS and one UFS. The OS and any applications are installed on the HFS partition and all data goes on UFS. Use HFS for the OS because a lot of stuff breaks when running under UFS and UFS performance is still roughly twice as bad as HFS in 10.2 (run your own little benchmarks if you don't believe me). Keep user data on UFS so you can use tools like tar, rsync, etc. to back up and manipulate files. Remember, tar won't work on most HFS files (those with forks). If you're deploying OS X Server, you should definitely keep user data on a separate partition anyway since any tiny little mistake (eg, LDAP typo in Directory Assistant) will require a reformat-reinstall.
Another tip: if you create a tarball off a UFS filesystem and then untar that onto a HFS filesystem, it will preserve the forks correctly. This has come in quite useful in making "setup" scripts for end-user machines, where all the applications to install are stored in tarballs created on a UFS machine and you can untar them onto the target HFS machine (the advantage is that you can script this - add in a couple of niutil commands and you can recreate a user machine in a couple minutes from one script).
I have a couple of OS X Server machines (bosses like the GUI user management stuff). I just tried rsync over NFS to a Linux box and it works fine since the data is on a UFS partition on the OS X Server box. PITA to set up an NFS share remotely (since I don't have Macs at home -> no Remote Desktop, no usable VNC servers for OS X -> have to do it over ssh -> must figure out how NFS exports are stored in netinfo -> gnashing of teeth), but it works and I might try this little trick next week since we're not doing anything systematic for backups on the OS X boxen.
Also, radmind is a great tool for managing filesystems of OS X client machines. It supports HFS (by using AppleSingle internally).
Have you ever tried the cygwin installer? I'm not a big Windows person, so I haven't seen too many install programs, but I think cygwin makes the perfect installer.
You download a small binary. However, this binary is not a stupid stub, but it's pretty smart. It contains a list of mirrors and you then click on whatever mirror you want to use. Then the installer fetches a list of available packages from the site. The next screen allows you to select which various packages you want installed and it understands some basic dependency issues (eg, openssh requires openssl, etc). You can also pick which version of what package you want to download if you wish. Then, once you've selected the various components, it downloads all of them. They are all standard.tar.bz2 files and they all go in a certain directory. Then you install from those packages you downloaded. The next time you start up the installer, it allows you to pick a mirror and download more packages or update existing packages or it allows you to install from the already-downloaded packages. This means you can just copy over the directory to your next machine when you want to install. Everything's a text file as well, so if you're on a corporate LAN, you can edit the list of mirrors to point to some machine in your company that has the packages served up via a web server, or you can set up your own.tar.bz2 files and edit the list of available packages to install your own stuff.
This is the perfect installer. It's simple enough that you can understand it if you go poking around with a text editor. If I install everything in cygwin, that might take up hundreds of megs, but installing only the basic stuff that I need takes up only ten megs or so. Even with that, ten megs is a whole lot to download over a modem, so I can download what I need at work (and only what I need), burn to CD and then take it home to my personal box.
gopher is 70/tcp according to assigned numbers, but all the gopher links I still see around (I know of three or four - not joking) run on non-standard ports.
One fun thing is that our directory services only have a gopher interface and don't have an http interface. This means I publish my email address, postal address and telephone number using gopher. This is great because the spambots don't do crawl gopher, so I get zero spam, but most people using a web browser can still view my contact information.
You know, it's funny that you mention this, because I have something very similar (which I use for the same purpose:). Problem is, FreeBSD doesn't ship with an 'seq' (my pr0n box went from Linux to FreeBSD a couple years ago). Well, that's another trivial script (~/bin/seq). Now, another problem is that some web sites name their products using leading zeros (which I kind of like because 'xv ~/.pr0n/suzy*' works as expected instead of 'xv ~/.pr0n/suzy?.jpg ~/.pr0n/suzy??.jpg'). Well, this is unix: problem found, problem solved:
#!/usr/bin/env perl # ~/bin/seq0 - like seq, but with leading zeros # requires both arguments $i = $ARGV[0]; $j = $ARGV[1]; $l = length($j); while ($i <= $j) { printf("%0${l}d\n", $i); $i++; }
If you must relate this to the original story, this is fun because with unix, over the years you keep accumulating all these trvial scripts you write. One script uses something else you wrote a year ago, which in turn uses some shell function which in turn uses some small C program you keep in ~/bin. These add up and make a cozy little environment all your own.
[Flash] takes control away from the user and places it in the hands of a "designer" who may not have any experience in building
user interfaces.
So does HTML. More abstractly, so does any user interface kit.
Completely wrong. You're pretending not to understand the separation between presentation and content that HTML/SGML/CSS/etc tries to encourage.
When I inserted a <P> between these two paragraphcs, I didn't say "insert a blank line" or "indent the next line one-half inch." I said "this is a logically new paragraph; please display it accordingly." The point is that some people might like paragraphs displayed as in books, with an indentation on the new paragraph, and some people like paragraphs displayed as is usual in web browsers and email - with a blank line between paragraphs. The point is, it's their choice.
If I want to, I can write a style sheet which over-rides the crap set in web pages. I know that red on black is difficult to read, but angst-ridden teens don't know this. I see this trend among "web designers" (and those quote marks are intentional, BTW) that they like to make links look like regular text, eg, not underlined (text-decoration: none). I like to scan documents looking for links (eg, some guy's useless rant about some problem which finally links to the technical specification which prompted the rant) and I want my links underlined. CSS lets me do this; flash doesn't.
The whole point behind CSS is to separate presentation and content. An important part of that is allowing alternate modes of presentation. If you use green and blue to separate two completely different parts of a page, colorblind people won't be able to tell the difference between the two. I want all my text to appear large, as I want to preserve my 20/14 vision and I can damned well scroll when I want to (but with 20/14 vision, I can discern extremely small features when I try).
I seriously doubt most "web designers" have considered issues such as this.
Your analogy with typesetters and web designers doesn't work. Typesetters have hundreds of years of experience behind them. Professional typesetters know that humans can maximize their reading speed when lines contain an average of sixty-five characters per line (open any decent book, and do the math if you don't believe me - and then compare that to Microsoft Word's default layout policies and you'll be enlighted as to the problem). Professional typesetters use serif fonts for body text because it aids reading speed and decreases eye fatigue, yet many "web designers" prefer sans-serif fonts for body text because it looks "cleaner" to them.
The quality of desktop publishing improved when professional typesetters starting using the same electronic typesetting tools as the desktop publishers instead of using manual and photographic processes.
The current generation of "web designers" don't know jack, and I don't see any improvement on the horizon as there is very little crossover between the true artistry of typesetting and the wiggling, squirming, float-over, abstract guess-what-this-does to hold your interest crap which is Flash.
I don't follow anything Hollywood, so I had to hit google to find out just who this megastar "Dan Piponi" was (and you didn't mention any of his films, as if I'm supposed to read the ending credits). Anyway, here is a very interesting message - this is Dan Piponi on the freebsd-chat mailing list explaining how they did The Matrix. This message is cool because (1) you can meet all sorts of interesting people on the Internet, (2) it shows that FreeBSD's mailing lists are excellent (even if they're a bit too high-volume to follow continuously) and (3) it shows how excellent FreeBSD's Linux binary compat is. I've never run accross a Linux binary that FreeBSD couldn't handle.
When these crypto freaks talk about size, they mean the number of bits. It's when they use the word value that they mean the actual value of the number. Same thing when they talk about the running time of an algorithm: for them, it's measured relative to the number of bits in the input, not the value of the input.
So, while for us an algorithm which takes 1024 steps when fed with the number 1024 and 4096 steps when fed with the number 4096 would probably be considered O(n), they would consider that algorithm O(2^n) because it takes 1024 steps when run with an input of bit-length 10 and 4096 steps when run on input of bit-length 12.
You can usually tell from context which definition of time and space someone is using, but sometimes it gets confusing.
Mine's still hauling the mail after about a year and a half, with no hint of possible trouble. (Then again, I don't overclock and I
don't buy sh*tty components (cheap power supplies and such).)
Your anectdote means nothing. Your drive runs OK; all of mine (three) went bad almost out of the box. And no, I don't buy shitty compenents - my job depends on my machines staying up, so I don't fool around.
Every time someone mentions the 75GXP, someone else jumps in with their anecdote about how the drive works for them. Anecdotes don't make an argument. The 75GXPs (or at the 75GXPs produced in the Hungary fab) were defective drives, especially considering the high quality of IBM's previous drives.
I don't particularly like how IBM handled the affair. They should have admitted that they shipped bad drives and issued a recall. I'm not buying any more IBM drives, not because one line of their drives went bad (all other IBM drives I've had have been good), but because I'm not happy with the treatment I received. I RMAed all the bad drives I had, but I should have never have received these drives to begin with.
"naivé" is not a word, in neither English nor in French. In French, the adjective is "naïf" (masculine, un garçon naïf) or "naïve" (feminine, une étudiante naïve) and the noun form is "naïveté" (masculine noun, vous avez démontré un naïveté étonnant). In English, the accepted form is "naïve," but no one will complain if you leave off the diacriticals and just write "naive."
How is this a misplaced apostrophe? In this case, the apostrophe marks the possesive form of a singular noun. The network belongs to the computer-maker, so it's the computer-maker's network. If there were more than one computer-maker and they had a shared network, it would be the computer-makers' network, but we are talking about only one computer-maker (Sun Microsystems).
I wholeheartedly agree that the article is poorly-written. The aforementioned sentence is awkward, even if grammatically correct. Adding a dash between "computer" and "maker" is not absolutely required, but is definitely recommended as it helps distinguish that the two words form one atomic noun. I'm guessing that the author calls Sun a computer-maker in order to introduce Sun to those who've never heard of Sun Microsystems; however, this is unnecessary given the intended audience. It also introduces an ambiguity (Sun is certainly a computer-maker, but some of its employees can also be considered computer-makers, in which case the apostrophe is indeed misplaced).
My source code comments are better writing - and I'm an engineer, not a writer.
First, I'd like to thank you for creating a slashdot account and contributing to the discussion.
Now, my question: I still don't understand how a virus could get widespread on Unix. A worm, yes, but not a virus (eg, the Morris worm and that redhat LPRng thing a year ago).
I agree that if I run an infected executable as root, I'm screwed. I'll even say that if I run an infected executable under my regular user account, I'm equally screwed because it's my data that's important, not the system (as you point out).
However - here's the big difference - how am I going to end up running an untrusted executable? My mail client never runs untrusted code. In fact, if someone sends me an elf binary, I have to go through several steps in order to save it, chmod it and then run it from a terminal. In Windows, you can get emailed a.exe attachment and you can double-click on it and it runs. This is where that lack of distinction between programs and data actually helps: nothing is a program until I decide it's a program. When I download a perl script using netscape, it will first get 0644 permissions, so it won't be run via the hash-bang mechanism even if it's in my PATH and it won't be run by "perl script.pl" unless I type that into a terminal. If I do something stupid, like making netscape's handler for.pl files "perl %s", then, yes, I'm in trouble, but the default configuration for netscape does not use any interpreters.
Basically, my point is that I have to go through some trouble to intentionally run a program downloaded off the 'net, which makes it unlikely that I'm going to run a program unintentionally.
As for stuff that I run intentionally, those would be source tarballs and the occasional binary executable install program. For these, I just have to trust the origin of the program, but I get to make that decision.
About the only thing I'm worried about virus-wise is that if some closed-source program like Realplayer has a method for embedding executable code in audio streams, or if AOL's instant messenger program embeds commands in its chat protocol.
This is the confusing of data and programs that you mention.
Another example would be emacs's auto-execution features. For example, you can add this to the bottom of a file:
This tells emacs, vi and vim to use four-space tabs. Now, emacs is a full programming language, so if one could embed arbitrary lisp forms in this manner, this would cause problems. However, the emacs people already thought of this, so it won't work.
Another thing that scares me is auto-update features for binaries. For example, if Realplayer includes an auto-update feature, someone can hijack their servers so my next auto-update contains some new "features." But then, if someone hijacks Real's domain, they can just change the binaries I initially downloaded intentionally. I don't see how a virus scanner could help me out here as anyone who does this is likely to write their own little program in C or assembly.
I'm not familiar with the state-of-the-art in virus scanners, but I can think of a number of ways to obfuscate arguments to system calls, or even encrypt the code that performs system calls and do it all without using libc - I don't see how any heuristic approach could differentiate a rootkit from an media player installation program. Perhaps a virus scanner could detect the popular rootkits and the popular encryption methodologies, but how it's going to tell that the "unlink" system call called with "getenv(HOME)/.realpayer" is OK but "unlink getenv(HOME)" is not OK? Especially if the arguments are not static strings but are put togehter in some fashion and the code for the system calls is taken from.data, copied to the stack, unencrypted using an algorithm I just made up and then jumped to (and the target for the jump is calculated using some complex formula, so you can't search for simple jumps into stack). And this is all off the top of my head - I've never even written any code that runs on the stack. My point is that if someone is knowledgeable enough to break into a server I trust, they may be knowledgeable enough to write a program that bypasses a virus scanner. And if this is the case, why even mess with a virus which attaches itself to other programs instead of installing a rootkit and sending off my IP somewhere? It doesn't make much sense to me.
There are plenty of unix security issues that keep me on my toes, but these involve buffer overflows in network daemons and setuid programs, poorly written perl cgis and php scripts, firewall scripts, tripwire configurations, etc.
- I'm not worried about viruses. The distribution mechanisms that virus kiddies use just don't exist in Linux.
It wasn't really meant as a pro-Windows rant, but you can take it that way if you wish. I actually don't use Windows at all - I'm certain this particular computer could play DVDs if I installed Windows, but I'm not going to do that (I have good reasons for making that choice and anti-MS politics don't figure into those reasons). Same thing goes for games, which would probably be a bit more on-topic: if you want to play games, you can use use Windows, or you could explore Dante's unwritten tenth level by trying it with Linux. I would rather avoid both: if I want to play DVDs, I'll buy a set-top box DVD player and if I want to play video games, I'll buy a Playstation, an N64 or an Xbox.
I'm certain that at some point I'll be able to simply put a DVD into a Linux box and it will "just work" but right now the situation is far from "just working." My point is to cut down on the advocacy: telling people that they can easily play DVDs on Linux encourages them to try it, and at this point, the experience will leave a sour taste and turn people away. It certainly left me quite frustrated, and I do unix programming and administration for a living - I'm not some newbie, as a number of people assummed. Linux is great at a number of things - I can't think of any situation where I wouldn't use Linux (or, more likely, FreeBSD) for fileserving and webserving - but it's OK to admit that some things are currently more difficult with Linux. I just don't like the frivolous advocacy and the holier-than-thou attitudes which seem so prevalent.
To impress normal people, you don't need to type anything fancy. Just type FAST
Actually, if you want to impress normal people, use tab completion, but don't tell them about it and don't make it obvious:) The looks you'll get are priceless.
Now, on the same idea, one thing I no longer can live without: I use emacs for all my C development. The default emacs setup maps "M-/" to 'dabbrev-expand' which is immensely useful. This means that if I type "some_long_variable_name" in some file somewhere, the next time I only need to type "som M-/" and it does the Right Thing - even if "some_long_variable_name" is not to be found anywhere in the current file, it will search all open buffers. Extremely useful.
This will highlight what parts of a string match a given regular expression. (I modelled this script on something I found in a Ruby tutorial).
Also, for those learning regular expressions, I would highly recommend Introduction to Automota Theory, Languages and Computation by Hopcroft et al. This is a more mathematical/theoretical introduction to the subject. Regular expressions/automata are a very nice part of CS in that the basic theory is immediately applicable.
How about just using any shell and having a shell function:
rename() { # snarfed from Larry Wall perl -e ' $op = shift; for (@ARGV) { $was = $_; eval $op; die $@ if $@; rename($was,$_) unless $was eq $_; }' $@ }
Then you could do your example as follows:
rename 's/^1/one/' 1*
Now that I think of it (programatic file processing), in college, I was a TA for a web programming course. One cute trick that impressed students was automatically generating thumbnails for images, like this:
for i in *.jpg ; do convert -size 100x100 $i tn_$i ; done
This impressed the hell out of the Windows and MacOS users, especially as I had never done that before and I came up with it after about thirty seconds (needed to look at the ImageMagick "convert" manpage). In Windows, if you have a thousand images and you want to create thumbnails, you buy a program to do that type of thing. Or, you hire a unix guy to do it for you:)
That reminds me of this trvial script I wrote once:
fileprogress() { tput clear if [ $# -gt 1 ] ; then TOTAL=$2 FMT='"\r%.2fM (%.2f%%)"' else TOTAL=1 FMT='"\r%.2fM"' fi while true ; do ls -l $1 | awk "{printf($FMT, \$5/(1024*1024), (\$5 / $TOTAL)*100)}" sleep 1 done }
Then, when you're downloading some ISO, you can do "fileprogress some-image.iso" or "fileprogress some-image.iso 681574400" if you know the ISO is supposed to be 681574400 bytes when downloaded.
I wrote that before I knew about "watch" and before scp clients had progress bars, so it was useful at the time, but I haven't used it in a while. Another cute thing is to define a function:
Slashdot Mirror
Our shop needed something like this. Actually, it wasn't for the unix machines (I'm the main unix admin and I just keep a file /etc/LOG on all my unix boxes), but rather for the support personnel who were working with user desktop machines (this is an office, so obviously these were not unix machines but rather Windows and MacOS).
We just ended up writing our own system, one bit at a time. We now have a somewhat complex system that integrates our main employee database (used for accounting and whatnot, a lot of accounting apps having moved to the web), our computer inventory database, and our support workorders database (and various miscellaneous other web apps). The workorders database allows one to tie a request to a particular machines, so one can query and find out the history of a particular desktop machine (as machines get moved around a lot).
Look into php+mysql, as these make web apps extremely easy (much faster to write than perl, and I'm an experienced perl programmer, written XS extensions, etc - I like perl very much and do quite a bit of it, but web databases are much easier to do in php). If you haven't done any php, first look at some GOOD php code to learn how to do things as it's very easy to come up with unmaintainable crap (see www.horde.org for examples of good php).
Also, if any admin is reading this and not doing it already - log your changes somewhere. I use /etc/LOG, but anything immediately recognizable as an important document obviously written by the previous admin will very much help the machine's next admin when you get a better job. This has also very much helped me when I need to duplicate a machine's configuration, upgrade a server, etc ("what were the apache configuration flags I used on this machine again?"). Don't put it off until you get some snazzy web database, but start documenting anything you do as root right now.
www.php.net/mysql_query
www.php.net/strftime
I've found this most useful: you only have to type a few more keys besides the function name to get the documentation, kind of like man pages.
Along the same lines, I found Feller's Introduction to Probability Theory and its Applications extremely useful when trying to grok this stuff.
Unfortunately, I've never really found a good book on abstract algebra. Recommendations, anyone?
Anyway, ASIP only allows you to selectively allow relaying based on domain name, just like this guy is doing. It, of course, doesn't explain this as the documentation is truly useless. Also, it doesn't allow you to do IP-based selective relaying, which is what people actually need.
This is a completely useless feature. You can simply do "MAIL FROM: somelocaluser@yourdomain.com" and it allows mail through. Then, in the actual mail message, you add a header "From: spammer@otherdomain.com", and the second thing is what most users (who don't read relay headers) will see.
Someone else figured this out, and on a Friday evening, our server started spewing out LOTS of spam.
Now, I couldn't simply put up another mail server, as ASIP keeps all of its mail in one large, monolithic file, so I couldn't, for instance, export the mail to a qmail machine. Instead, I put the ASIP box behind a firewall so that NOBODY could connect to it. Then, I set up a secondary MX record for the box pointing to a Linux machine running qmail. Then, I poked a hole in the firewall to allow mail to the ASIP box ONLY from the Linux box (and from a couple other IPs for which it actually needed to do the relaying in the first place). Yes, this is quite a hackish solution, but Apple's software was extremely defficient and I was sick of working with it.
The point? This is an open relay, and it will be abused once some spammer runs out of open relays that don't even do "MAIL FROM:" checking. Whether or not this guy is an idiot, I don't know, but what I do know is that this guy needs a real admin.
I've had the PDFs for this lying on a my disk for about a year now. Good book, but I don't see what's new - I found it from a "free books on the Internet" link over a year ago (and yes, I actually read most of it, I'm not just hoarding).
We had around 15 active HP laser printers in a high-volume environment. One of my primary duties is to write spooling software and various other bits (long story explaining why we need custom spooling software and can't use any available product - this sort of thing is not uncommon in high-volume environments).
Most of the printers had some sort of bug in the imaging engine. You can upgrade the firmware on the JetDirect card yourself, but the only way to upgrade the printing engine firmware is to get a new ROM chip. According to some of the folks on the HP forums, newer engine firmwares fix a bunch of bugs that look identical to the ones I've been seeing. I've definitely ascertained that these are bugs in the printing engine (saved the windows-generated postscript files, un-obfuscated/expanded them, went through line-by-line, understood the postscript, figured out there is indeed a bug in the postscript engine - you can imagine this is quite a bit of work).
Now, the thing is that I'm the one that catches hell when someone's excel spreadsheet doesn't print, so I'm none too happy about this. We asked HP for ROM chip upgrades about a year ago, and went through quite a run-around with their service department who couldn't understand the basic idea that I write software instead of fiddling with spreadsheets. To preserve my sanity, I let the higher-ups deal with the HP folks.
Basic outcome is that's it's been around one year that these firmware chips have been "in the mail." In the meantime, we've moved the HP printers from a high-volume environments into low-volume environments and replaced them with Xerox machines. My life is much happier this year than it was last year.
I was wondering where this went because I found it quite useful. Hopefully the newer versions fixed stuff like the tilde key not working, etc. It'd be nice if it came with source so I could figure out what the problem with the tilde key is.
This won't work with HFS because of the file forks. If you use UFS with OS X, the file forks appear as normal files. Eg, if you have a file named "foo", "._foo" is the resource fork. I don't know where they keep the finder fork, and I've never cared to investigate.
Here's a tip if you have to use OS X for a file server of any kind: use two partitions (or two disks), one HFS and one UFS. The OS and any applications are installed on the HFS partition and all data goes on UFS. Use HFS for the OS because a lot of stuff breaks when running under UFS and UFS performance is still roughly twice as bad as HFS in 10.2 (run your own little benchmarks if you don't believe me). Keep user data on UFS so you can use tools like tar, rsync, etc. to back up and manipulate files. Remember, tar won't work on most HFS files (those with forks). If you're deploying OS X Server, you should definitely keep user data on a separate partition anyway since any tiny little mistake (eg, LDAP typo in Directory Assistant) will require a reformat-reinstall.
Another tip: if you create a tarball off a UFS filesystem and then untar that onto a HFS filesystem, it will preserve the forks correctly. This has come in quite useful in making "setup" scripts for end-user machines, where all the applications to install are stored in tarballs created on a UFS machine and you can untar them onto the target HFS machine (the advantage is that you can script this - add in a couple of niutil commands and you can recreate a user machine in a couple minutes from one script).
I have a couple of OS X Server machines (bosses like the GUI user management stuff). I just tried rsync over NFS to a Linux box and it works fine since the data is on a UFS partition on the OS X Server box. PITA to set up an NFS share remotely (since I don't have Macs at home -> no Remote Desktop, no usable VNC servers for OS X -> have to do it over ssh -> must figure out how NFS exports are stored in netinfo -> gnashing of teeth), but it works and I might try this little trick next week since we're not doing anything systematic for backups on the OS X boxen.
Also, radmind is a great tool for managing filesystems of OS X client machines. It supports HFS (by using AppleSingle internally).
You download a small binary. However, this binary is not a stupid stub, but it's pretty smart. It contains a list of mirrors and you then click on whatever mirror you want to use. Then the installer fetches a list of available packages from the site. The next screen allows you to select which various packages you want installed and it understands some basic dependency issues (eg, openssh requires openssl, etc). You can also pick which version of what package you want to download if you wish. Then, once you've selected the various components, it downloads all of them. They are all standard .tar.bz2 files and they all go in a certain directory. Then you install from those packages you downloaded. The next time you start up the installer, it allows you to pick a mirror and download more packages or update existing packages or it allows you to install from the already-downloaded packages. This means you can just copy over the directory to your next machine when you want to install. Everything's a text file as well, so if you're on a corporate LAN, you can edit the list of mirrors to point to some machine in your company that has the packages served up via a web server, or you can set up your own .tar.bz2 files and edit the list of available packages to install your own stuff.
This is the perfect installer. It's simple enough that you can understand it if you go poking around with a text editor. If I install everything in cygwin, that might take up hundreds of megs, but installing only the basic stuff that I need takes up only ten megs or so. Even with that, ten megs is a whole lot to download over a modem, so I can download what I need at work (and only what I need), burn to CD and then take it home to my personal box.
One fun thing is that our directory services only have a gopher interface and don't have an http interface. This means I publish my email address, postal address and telephone number using gopher. This is great because the spambots don't do crawl gopher, so I get zero spam, but most people using a web browser can still view my contact information.
Just for fun, I now rewrite this in Bourne:
If you must relate this to the original story, this is fun because with unix, over the years you keep accumulating all these trvial scripts you write. One script uses something else you wrote a year ago, which in turn uses some shell function which in turn uses some small C program you keep in ~/bin. These add up and make a cozy little environment all your own.
Completely wrong. You're pretending not to understand the separation between presentation and content that HTML/SGML/CSS/etc tries to encourage.
When I inserted a <P> between these two paragraphcs, I didn't say "insert a blank line" or "indent the next line one-half inch." I said "this is a logically new paragraph; please display it accordingly." The point is that some people might like paragraphs displayed as in books, with an indentation on the new paragraph, and some people like paragraphs displayed as is usual in web browsers and email - with a blank line between paragraphs. The point is, it's their choice.
If I want to, I can write a style sheet which over-rides the crap set in web pages. I know that red on black is difficult to read, but angst-ridden teens don't know this. I see this trend among "web designers" (and those quote marks are intentional, BTW) that they like to make links look like regular text, eg, not underlined (text-decoration: none). I like to scan documents looking for links (eg, some guy's useless rant about some problem which finally links to the technical specification which prompted the rant) and I want my links underlined. CSS lets me do this; flash doesn't.
The whole point behind CSS is to separate presentation and content. An important part of that is allowing alternate modes of presentation. If you use green and blue to separate two completely different parts of a page, colorblind people won't be able to tell the difference between the two. I want all my text to appear large, as I want to preserve my 20/14 vision and I can damned well scroll when I want to (but with 20/14 vision, I can discern extremely small features when I try). I seriously doubt most "web designers" have considered issues such as this.
Your analogy with typesetters and web designers doesn't work. Typesetters have hundreds of years of experience behind them. Professional typesetters know that humans can maximize their reading speed when lines contain an average of sixty-five characters per line (open any decent book, and do the math if you don't believe me - and then compare that to Microsoft Word's default layout policies and you'll be enlighted as to the problem). Professional typesetters use serif fonts for body text because it aids reading speed and decreases eye fatigue, yet many "web designers" prefer sans-serif fonts for body text because it looks "cleaner" to them.
The quality of desktop publishing improved when professional typesetters starting using the same electronic typesetting tools as the desktop publishers instead of using manual and photographic processes. The current generation of "web designers" don't know jack, and I don't see any improvement on the horizon as there is very little crossover between the true artistry of typesetting and the wiggling, squirming, float-over, abstract guess-what-this-does to hold your interest crap which is Flash.
I don't follow anything Hollywood, so I had to hit google to find out just who this megastar "Dan Piponi" was (and you didn't mention any of his films, as if I'm supposed to read the ending credits). Anyway, here is a very interesting message - this is Dan Piponi on the freebsd-chat mailing list explaining how they did The Matrix. This message is cool because (1) you can meet all sorts of interesting people on the Internet, (2) it shows that FreeBSD's mailing lists are excellent (even if they're a bit too high-volume to follow continuously) and (3) it shows how excellent FreeBSD's Linux binary compat is. I've never run accross a Linux binary that FreeBSD couldn't handle.
I've encoutered too many stupid aliases set by administrators or venders/distributors.
I always use 'unalias -a' as one of the first lines of my .{ba|tc}shrc and "unhash -am '*'" in my .zshrc. Definitely helps.
So, while for us an algorithm which takes 1024 steps when fed with the number 1024 and 4096 steps when fed with the number 4096 would probably be considered O(n), they would consider that algorithm O(2^n) because it takes 1024 steps when run with an input of bit-length 10 and 4096 steps when run on input of bit-length 12.
You can usually tell from context which definition of time and space someone is using, but sometimes it gets confusing.
Your anectdote means nothing. Your drive runs OK; all of mine (three) went bad almost out of the box. And no, I don't buy shitty compenents - my job depends on my machines staying up, so I don't fool around.
Every time someone mentions the 75GXP, someone else jumps in with their anecdote about how the drive works for them. Anecdotes don't make an argument. The 75GXPs (or at the 75GXPs produced in the Hungary fab) were defective drives, especially considering the high quality of IBM's previous drives.
I don't particularly like how IBM handled the affair. They should have admitted that they shipped bad drives and issued a recall. I'm not buying any more IBM drives, not because one line of their drives went bad (all other IBM drives I've had have been good), but because I'm not happy with the treatment I received. I RMAed all the bad drives I had, but I should have never have received these drives to begin with.
"naivé" is not a word, in neither English nor in French. In French, the adjective is "naïf" (masculine, un garçon naïf) or "naïve" (feminine, une étudiante naïve) and the noun form is "naïveté" (masculine noun, vous avez démontré un naïveté étonnant). In English, the accepted form is "naïve," but no one will complain if you leave off the diacriticals and just write "naive."
How is this a misplaced apostrophe? In this case, the apostrophe marks the possesive form of a singular noun. The network belongs to the computer-maker, so it's the computer-maker's network. If there were more than one computer-maker and they had a shared network, it would be the computer-makers' network, but we are talking about only one computer-maker (Sun Microsystems).
I wholeheartedly agree that the article is poorly-written. The aforementioned sentence is awkward, even if grammatically correct. Adding a dash between "computer" and "maker" is not absolutely required, but is definitely recommended as it helps distinguish that the two words form one atomic noun. I'm guessing that the author calls Sun a computer-maker in order to introduce Sun to those who've never heard of Sun Microsystems; however, this is unnecessary given the intended audience. It also introduces an ambiguity (Sun is certainly a computer-maker, but some of its employees can also be considered computer-makers, in which case the apostrophe is indeed misplaced).
My source code comments are better writing - and I'm an engineer, not a writer.
Now, my question: I still don't understand how a virus could get widespread on Unix. A worm, yes, but not a virus (eg, the Morris worm and that redhat LPRng thing a year ago).
I agree that if I run an infected executable as root, I'm screwed. I'll even say that if I run an infected executable under my regular user account, I'm equally screwed because it's my data that's important, not the system (as you point out).
However - here's the big difference - how am I going to end up running an untrusted executable? My mail client never runs untrusted code. In fact, if someone sends me an elf binary, I have to go through several steps in order to save it, chmod it and then run it from a terminal. In Windows, you can get emailed a .exe attachment and you can double-click on it and it runs. This is where that lack of distinction between programs and data actually helps: nothing is a program until I decide it's a program. When I download a perl script using netscape, it will first get 0644 permissions, so it won't be run via the hash-bang mechanism even if it's in my PATH and it won't be run by "perl script.pl" unless I type that into a terminal. If I do something stupid, like making netscape's handler for .pl files "perl %s", then, yes, I'm in trouble, but the default configuration for netscape does not use any interpreters.
Basically, my point is that I have to go through some trouble to intentionally run a program downloaded off the 'net, which makes it unlikely that I'm going to run a program unintentionally. As for stuff that I run intentionally, those would be source tarballs and the occasional binary executable install program. For these, I just have to trust the origin of the program, but I get to make that decision.
About the only thing I'm worried about virus-wise is that if some closed-source program like Realplayer has a method for embedding executable code in audio streams, or if AOL's instant messenger program embeds commands in its chat protocol. This is the confusing of data and programs that you mention. Another example would be emacs's auto-execution features. For example, you can add this to the bottom of a file:
This tells emacs, vi and vim to use four-space tabs. Now, emacs is a full programming language, so if one could embed arbitrary lisp forms in this manner, this would cause problems. However, the emacs people already thought of this, so it won't work.Another thing that scares me is auto-update features for binaries. For example, if Realplayer includes an auto-update feature, someone can hijack their servers so my next auto-update contains some new "features." But then, if someone hijacks Real's domain, they can just change the binaries I initially downloaded intentionally. I don't see how a virus scanner could help me out here as anyone who does this is likely to write their own little program in C or assembly.
I'm not familiar with the state-of-the-art in virus scanners, but I can think of a number of ways to obfuscate arguments to system calls, or even encrypt the code that performs system calls and do it all without using libc - I don't see how any heuristic approach could differentiate a rootkit from an media player installation program. Perhaps a virus scanner could detect the popular rootkits and the popular encryption methodologies, but how it's going to tell that the "unlink" system call called with "getenv(HOME) /.realpayer" is OK but "unlink getenv(HOME)" is not OK? Especially if the arguments are not static strings but are put togehter in some fashion and the code for the system calls is taken from .data, copied to the stack, unencrypted using an algorithm I just made up and then jumped to (and the target for the jump is calculated using some complex formula, so you can't search for simple jumps into stack). And this is all off the top of my head - I've never even written any code that runs on the stack. My point is that if someone is knowledgeable enough to break into a server I trust, they may be knowledgeable enough to write a program that bypasses a virus scanner. And if this is the case, why even mess with a virus which attaches itself to other programs instead of installing a rootkit and sending off my IP somewhere? It doesn't make much sense to me.
There are plenty of unix security issues that keep me on my toes, but these involve buffer overflows in network daemons and setuid programs, poorly written perl cgis and php scripts, firewall scripts, tripwire configurations, etc. - I'm not worried about viruses. The distribution mechanisms that virus kiddies use just don't exist in Linux.
I'm certain that at some point I'll be able to simply put a DVD into a Linux box and it will "just work" but right now the situation is far from "just working." My point is to cut down on the advocacy: telling people that they can easily play DVDs on Linux encourages them to try it, and at this point, the experience will leave a sour taste and turn people away. It certainly left me quite frustrated, and I do unix programming and administration for a living - I'm not some newbie, as a number of people assummed. Linux is great at a number of things - I can't think of any situation where I wouldn't use Linux (or, more likely, FreeBSD) for fileserving and webserving - but it's OK to admit that some things are currently more difficult with Linux. I just don't like the frivolous advocacy and the holier-than-thou attitudes which seem so prevalent.
Yeah, but that still doesn't excuse confusing Romulans and Cardassians :)
Anyway, that was the funniest thing I've read on slashdot in a long while.
Actually, if you want to impress normal people, use tab completion, but don't tell them about it and don't make it obvious :) The looks you'll get are priceless.
Now, on the same idea, one thing I no longer can live without: I use emacs for all my C development. The default emacs setup maps "M-/" to 'dabbrev-expand' which is immensely useful. This means that if I type "some_long_variable_name" in some file somewhere, the next time I only need to type "som M-/" and it does the Right Thing - even if "some_long_variable_name" is not to be found anywhere in the current file, it will search all open buffers. Extremely useful.
Also, for those learning regular expressions, I would highly recommend Introduction to Automota Theory, Languages and Computation by Hopcroft et al. This is a more mathematical/theoretical introduction to the subject. Regular expressions/automata are a very nice part of CS in that the basic theory is immediately applicable.
You do realize how sick that looks? :)
How about just using any shell and having a shell function:
Then you could do your example as follows:Now that I think of it (programatic file processing), in college, I was a TA for a web programming course. One cute trick that impressed students was automatically generating thumbnails for images, like this:
This impressed the hell out of the Windows and MacOS users, especially as I had never done that before and I came up with it after about thirty seconds (needed to look at the ImageMagick "convert" manpage). In Windows, if you have a thousand images and you want to create thumbnails, you buy a program to do that type of thing. Or, you hire a unix guy to do it for you :)
That reminds me of this trvial script I wrote once:
Then, when you're downloading some ISO, you can do "fileprogress some-image.iso" or "fileprogress some-image.iso 681574400" if you know the ISO is supposed to be 681574400 bytes when downloaded.
I wrote that before I knew about "watch" and before scp clients had progress bars, so it was useful at the time, but I haven't used it in a while. Another cute thing is to define a function:
And then have it do that when the file is done downloading. Or do "/run/some/long/command ; beep" to let you know when your command is done.