NEWS

Newsdesk
■ Mandrake targets South America ■ Microsoft targets Wine ■ KDE 3.4 release ■ Germany sees
biggest Linux migration ever ■ Security kudos for SUSE ■ IBM buys in ■ Theo de Raadt applauded

Mandrakesoft bids to
join Linux superleague
Conectiva acquisition gives French commercial distributor road into promising Latin American market
French Linux distributor
Mandrakesoft has merged With user numbers growing and IT
budgets tight, Brazil offers Linux
with Conectiva, the developer
distributors the perfect chance to
of South America’s most popular distro, win public and private contracts.
in a bid to join Red Hat, TurboLinux
and Novell in the top tier of
open-source software vendors.
The move will give Mandrake a
foothold in the growing Latin
American market, where the low costs
of Linux are especially tempting to
cash-strapped governments.
Though Linux market share is
notoriously difficult to quantify,
Mandrake is unarguably ‘second tier’.
Some estimates put its worldwide
presence in the 1-3% range, while
others suggest the company
commands just over 19%.
Mandrake claims to have the most
popular distro in the UK, with a
46% share of the market.
Mandrakesoft co-founder Gael
Duval admitted to CNET News that
the merger wouldn’t “elevate
Mandrake to the level of Novell or enables RPM-based distros to use the to get clear with declarations from name is not expected until April, with
RedHat yet”. But he described the Debian package management system, both Mandrakesoft and Conectiva a unified distribution expected to be
merger as significant growth, which and the Crystal icons that are shipped managers about the integration of the launched toward the end of 2005.
the company will build on with more with KDE. Conectiva has several two distros, the users have calmed “Combining the two businesses enables
acquisitions in future. government contracts, including with down and supported the merger,” she us to extend the scope of our offering
the Brazilian army and navy, as well as said. Conectiva staff on the Brazilian and address more business,”
Army contract corporate partnerships with the likes side of the business have been told Bancilhon said. He also stressed
Conectiva is based in Curitiba, of IBM, HSBC, HP and Siemens. their jobs are safe. Mandrakesoft’s commitment to open
southern Brazil, and employs 60 Conectiva spokeswoman Mariana François Bancilhon, chief executive source and the GPL, maintaining the
people. Its off-the-shelf product is the Franco said reaction to the deal of Mandrakesoft, is tipped to assume new company would always offer a
Conectiva Linux distro and the among users and staff has been the leadership of the combined free version of its software.
company has also been instrumental positive. “We had the usual concerns company. It is expected to move Mandrake was formed in 1998 and
in developing some high-profile Linux regarding what will happen to forward under the Mandrake brand, built on the foundations of Red Hat’s
software including apt4rpm, which Conectiva Linux, but as things started but a definitive statement on the distribution to become the second

6 LXF66 MAY 2005 www.linuxformat.co.uk

LXF66.news 6 15/3/05 5:54:34 pm


SLES 9 can be used in government
offices and army tanks now.
most popular Linux distribution in
Europe. Revenues for 2004 topped
€5 million, thanks to growing
corporate sales and membership of
its innovative Mandrakeclub, which
offers members premium access to
the latest distribution releases before
the general public.
With SUSE coming under the
Novell umbrella, Mandrake now
stands as the continent’s only major
commercial Linux distributor.
Moving up?
The company went into bankruptcy
protection in early 2003 but
emerged newly profitable in March
2004 with ambitious acquisition
plans. Since then, there has been a
series of deals and partnerships
including working with LaCie on a
mobile hard drive and signing an
agreement with the French
government to supply university
computing departments.
In January Mandrake announced
plans of a partnership programme
with American IT suppliers and
support vendors to push its
enterprise products to small and
medium-sized business buyers in
the US.
An emerging market like South
America is an altogether different
proposition, offering the potential to
focus on Linux installation rather
than migration from existing
proprietary systems.
Mandrake and Conectiva are both
active members of the Linux Core
Consortium, which is attempting to
set a standard for basic Linux
systems to make it easier for
hardware and software vendors to
certify their products more simply.
The Conectiva acquisition has
been done, Mandrake managers said,
with a €1.79 million (£1.24 million)
stock swap.
The combined company will have
a workforce of 130 people, 70 of
them dedicated software engineers.
LXF66.news 7
SUSE wins
level four
security
certification
That’ll please the government
Novell’s SUSE Linux Enterprise
Server (SLES) has become the first
distribution to be granted level four
Common Criteria certification. It is now
eligible to be used for command-and-
control applications across US
government departments.
The Common Criteria are
international standards for measuring
the security of software, ranging from
levels one to seven. Novell chief
executive Jack Messman said winning
certification puts Novell at the “top of
the list when it comes to projects the
government wants to do”.
The award applies to SLES 9
running on IBM’s eServer product line
and addresses functionality and
interoperability issues. Red Hat recently
applied for Common Criteria
certification, but its software has yet to
undergo the necessary testing.
Speaking at the Boston LinuxWorld
Conference and Expo, Messman said
that SUSE had also managed to
achieve US Department of Defense
Common Operating Environment
compliance, a requirement for sales to
US military establishments.
Novell/SUSE spokesman Mark Rex
said the achievement was down to
committed collaboration between
Novell, IBM and the security services
evaluation team. “The successful
completion of this latest security
evaluation … will give our customers
and partners the confidence to deploy
SUSE Linux solutions.”
Jack Messman hopes to win US
government business for his
newly-certified SUSE distro.
www.linuxformat.co.uk
■ The numbers just get bigger
and bigger. Since the launch of the
Firefox 1.0 web browser, the project
has served up a massive 25 million
copies of the software. The feat was
accomplished in just 99 days.
■ Not resting on its laurels, the
Mozilla project has updated Firefox
to version 1.0.1 to fix some security
issues and squash a few bugs. The
most significant fix concerns a flaw
in the handling of Internationalised
Domain Names (IDN), which could
allow an attacker to carry out a
phishing expedition – that is, get
access to your financial data – by
creating a fraudulent website and
using characters in the URL to
convince a user that it’s genuine.
■ Silhouette Roto, a high-
end rotoscoping tool for film and
animation, has been launched as a
plug-in for AfterEffects on Windows
and Mac and FinalCut Pro on Mac.
The developer says a stand-alone
Linux version is near completion and
will be launched soon. Rotoscoping
is an essential task in modern film
making, and the availability of this
product on Linux demonstrates the
position the platform now commands
in the film industry.
■ Mozilla isn’t the only Linux-centric
group to have posted decent figures.
The Linux Professional Institute
(LPI) says it has now examined and
certified 75,000 people through its
training programme. LPI provides
a standardised structure for Linux
training across the world, with learning
materials and tests in seven different
languages. Evan Leibovitch, president
of LPI, said: “This is an indication that
there is increasing recognition for
the value of the community-driven,
vendor-independent and vendor-
neutral certification process offered
to Linux professionals through LPI.”
www.lpi.org
■ The latest version of the QEMU
emulator has closed the gap on
the commercial virtualisation
applications with, the author Fabrice
Bellard claims, near-native speeds
when a PC is emulated on a PC.
The speed boost is all thanks to
the new QEMU Accelerator Module,
which runs most of the guest
OS’s application code directly on the
host processor (rather than running
through an emulation routine).
This makes it very effective for
running an x86 guest on an x86
host, such as Windows on Linux.
The accelerator runs as a module at
present because it is a closed-source
element of the system, though
Bellard says it could be open sourced
if he could get sponsorship.
NEWS
Jono Bacon
The founder of UK
Linux, KDE developer
and all-round nice guy,
Jono is also a musician
whose tunes have
featured on Slashdot.
COMMENT
The rise of
the radio
The 300 or so words I
scribble each month for
this column have touched on a
number of things that take my
interest, but that I’m often not
actually a part of. My subject this
month is something I am heavily
involved with: internet radio.
With the rampant increase
in sales of the iPod/iRiver/iAudio
and the constant broadening of
internet access, net radio has
become relevant. A handful of
open-source radio shows have
appeared, one of which being
our very own LUGRadio
(www.lugradio.org). Although
LUGRadio has had surprising
success (and is now planning a
day-long event scheduled for
25 June in Wolverhampton), it
has had its own set of challenges
to overcome.
The most interesting
challenge was that of tone.
LUGRadio has an offbeat,
humorous and irreverent take on
radio, and this has involved some
sharp talk, strong opinions and
plenty of debate. With an
approach to open source radio
that’s more Radio 1 than Radio 4,
the effect has been more striking
to many people than the written
word. Although some of my
writing has struck a nerve and
people have mailed me their
thoughts (thanks, y’all), I’ve had
far more correspondence
directed my way over things I’ve
said on the radio. It makes me
wonder if we could get more
people into open source by
talking about it than writing
about it. If the opinion is
fundamentally the same, should
we be more to the point in print?
Answers on a postcard to
the usual address. That is, if
reading this gives you
enough of a get-go.…
LXF66 MAY 2005 7
15/3/05 5:54:37 pm
 NEWS

Music to your ears

Good news: Rosegarden1.0 includes DSSI plugin to access VST effects

Rosegarden, the great hope

for Linux music software, has
a 1.0 release. The package
now has the DSSI (pronounced dizzy)
plugin API, which is analogous to VST
in the Windows world and Audio Units
for the Mac.
Most significantly, DSSI has a VST
wrapper available that allows Linux
users to access VST instruments and
effects via Wine.
In an interview with O’Reilly Dev
Centre, developer Chris Cannam said
Rosegarden had grown from humble
ambitions to become the biggest Linux VST instrument integration
music application available. comes to Linux via DSSI.
“Rosegarden is the only Linux music
application designed to be an
immediate alternative to the major
brand-name sequencers for other
platforms; designed to be a useful Rosegarden is a complete open-source audio solution.
compositional tool for people who
know classical notation; and designed MIDI and effects tools to create a capabilities in notation editing and workstation on a single CD. The cost of
with usability and learnability in mind complete recording studio within the input. Fervent Software, which recently the package is £49.99, or £64.99
from the outset,” he said. computer. The package relies heavily provided support to the Rosegarden including a 128MB USB stick.
Rosegarden, which is the closest on ALSA and, for more complex audio developers, has launched a new Live Rosegarden 1.0 is also available in
thing the Linux world has to Cubase, sequencing, the Jack audio server. The CD built on version 1.0 that offers source code and binary forms.
offers a full complement of audio, software is also notable for its strong users a complete audio and MIDI www.rosegardenmusic.com

CONFERENCE
NEWS
The ACCU (Association of C and C++
Users) will be hosting its annual
conference from Wednesday 20 April
to Saturday 23 in Oxford. Events will
concentrate on Java, C++ and Python
development (including a full day on
Python hosted by Alex Martelli and
Anna Ravenscroft) and, for the first
time, there will be a whole training
stream on programming for security.
The daily rate for the conference is
£135 for members and £160 for others
while the four-day rate is £495 and
£595 respectively. www.accu.org/
conference/index.html.
Meanwhile, across the Severn in
Wales the countdown to one of the
better geek expos of the summer has
begun. The annual UKUUG Linux
Technical Conference will be hitting
Swansea between Thursday August 4
and Sunday 7. The organisers have put
out a general call for papers, with
more details available on the event’s
website – www.ukuug.org/events/
linux2005. Details of venues and
speakers will be announced soon.
IBM: £52 million Linux commitment
Big Blue puts faith and investment in open-source future for world’s computer users
IBM will raise its financial
commitment to Linux by $100 million,
(£52 million) over the next three
years. The money will be used to fund
a wide range of initiatives across
technical, R&D and marketing
divisions and is intended to help
customers migrate to Linux on every
kind of computing device – from
mainframes to PDAs.
Much of the money will go on
developing IBM’s Workplace suite,
which provides access to core business
tools on any compatible device.
A well as promising a cash injection
IBM has added nuggets of code to the open-source treasure chest.
for its own in-house projects, IBM has
donated more than 30 open source open-source sector because of its Projects covered by the new
projects to open-source repository increasing adoption by governments initiative include Jikes, a fast Java
SourceForge (www.sourceforge.net) and businesses. “Organisations looking compiler, and the Life Science
and launched a companion site to for innovative software applications to Identifier, which speeds up
help developers improve their skills. drive their business projects are development of life science
Gina Poole, IBM’s vice president of looking for developers with the tools applications by providing tools for
developer relations, said it was critical and skills of tomorrow - based on automatically scanning networks for
for developers to stay abreast of the open technologies,” she said. biologically significant data.

8 LXF66 MAY 2005 www.linuxformat.co.uk

LXF66.news 8 15/3/05 5:54:39 pm


Though KDE has received a slight cosmetic makeover, most of the
improvements have been made under the surface.
KDE 3.4 hits the mirrors
User-friendly tweaks include text-to-speech option
The KDE project has launched the
first – and possibly only – release
candidate for the eagerly anticipated
KDE 3.4 desktop environment.
Additions include better theme
handling, a more integrated Plastik
look and improvements to many of
the individual KDE applications; not
least Kontact, which benefits from the
integration of the AKregator RSS
application (see page12, LXF65).
Konqueror gains RSS support, while
KPDF has been given a search feature
– finally allowing users to search for
specific strings in a long document –
and a new slide-show mode, which
turns the application into a capable
presentation tool.
Other improvements include better
user switching in the KDM display
OpenBSD leader honoured
Theo de Raadt chosen over Tridgell and Brod
Theo de Raadt, leading light of the
OpenBSD and OpenSSH projects, has
joined Guido van Rossum, Larry Wall,
Lawrence Lessig and Alan Cox in being
given the Free Software Award by the
Free Software Foundation (FSF).
FSF president Richard Stallman
presented the 2004 award at
FOSDEM (Free and Open Source
Developers’ European Conference) in
Brussels, saying that de Raadt’s work
had applications well outside the
scope of his original intentions.
De Raadt was praised particularly
for OpenSSH, which is a fundamental
project for secure communication
across the computer world.
LXF66.news Sec1:11
manager and the addition of a
number of accessibility applications
including a new text-to-speech option
Under the hood there is a new
wireless configuration manager, which
makes saving access controls for a
number of networks much easier.
KDE developer Stephan Kulow
ventured online to encourage testing
of this first “and hopefully only”
release candidate.
Users who wish to test the new
desktop without running the risk of
killing their lovingly-crafted setup can
do so by downloading and burning the
new KLAX ISO, which marries a live
version of Slackware 10.1 with KDE 3.4
to great effect.
It is available via www.kde.org
and the usual KDE mirrors.
Each year, members of the open
source community nominate
individuals who have made a
significant contribution during the past
12 months.
The other nominees this year were
Andrew Tridgell for his work on the
Samba project and Cesar Brod, who
was recognised for his efforts at open
source advocacy in Brazil.
The award traditionally goes to
someone with a more immediate
connection to Linux. The fact that this
year it has gone to de Raadt was seen
by some as a long-overdue
recognition of the role the so-called
BSDs have had in the success of Linux.
www.linuxformat.co.uk
■ Real Software has announced
the availability of REALbasic 2005,
a complete object-oriented rapid
application development (RAD)
package capable of creating
self-contained executables
for Linux, Windows and OS X
from the same source code. The
company says this is the perfect
cross-platform development tool
– though as yet there is no native
Linux version of the application.
www.realsoftware.com
■ In a moment of candour, managers
at Red Hat have admitted the
company snubbed the early adopters
who helped build its reputation when
it went in search of more lucrative
corporate buyers in 2002. The
company says it will make amends
with more support for the Fedora
project, which acts as a test bed
for the more corporate-friendly Red
Hat Enterprise Linux line. Michael
Tiemann, vice president of open
source affairs, said it was a mistake
to concentrate almost exclusively
on enterprise customers. “It insulted
some of our best supporters. But
worse, we lost our opportunity to do
customer-driven innovation,” he said.
■ IBM has teamed up with Mountain
View, CA-based Veritas Software to
develop a new hardware and software
solution built on IBM’s Power5
processor-based OpenPower Linux
servers. The package will include
Veritas’ Cluster Server, Storage
Foundation and Storage Foundation
for Oracle RAC software.
■ MP3 Beamer is a new product
from Linspire (above) designed
to squirt MP3 files to all of your
media devices, including PCs, stereo
systems, PDAs and iPods. Linspire is
pushing both a hardware and software
solution with an MP3 Beamer PC –
running Linspire, naturally – available
from $399.
■ PDF files of the presentations
given at the recent Open Source
Development Labs (OSDL) kernel
conference are now available online.
There are talks from the likes of
Andrew Morton and Brian Behlendorf,
and an exploration of the issues
thrown up by the SCO litigation from
Jim Harvey, of Atlanta law firm Alston
and Bird. www.osdllinuxsummit.
org/presentations/
■ GUI guru Jeff Raskin, credited by
many as the creator of most modern
computers’ look and feel, has died
of pancreatic cancer. Raskin fostered
the then-revolutionary attitude that
computers should make work easier
for humans.
NEWS
Hoyt Duff
The co-author of Red
Hat Linux 9 Unleashed
runs a fishing pier when
he’s not being vociferous
about users’ rights on
mailing lists.
COMMENT
Microsoft’s
backslap
Thanks, Microsoft, for all
your help. Its recent
action against Wine is a public
recognition of the threat that it
poses to the Windows OS, and is
a wonderful compliment to the
vision of the pioneers of the
Linux phenomenon.
The Redmond Gang openly
admits deliberately crippling its
automatic update service to
deny software updates when
Wine is being used (turn the
page for more). MS has an
interest in locking its customers
in, making them depend on its
operating system and producing
software that’s generally
incompatible with non-MS apps.
If MS Office can be run on a free
and open OS, the user gains
flexibility and MS loses money.
That’s what Wine threatened
to do. But the Microsoft’s recent
action has annoyed,
inconvenienced and alienated
people who hold valid licences
for MS software. For Linux, that’s
great news.
Linux is now positioned to
take a large and significant place
in business and personal
computer use; Microsoft’s
validation of Linux’s value comes
at the best time possible. To the
public, its defence of its business
appears aggressive, even
heavy-handed, and it gives the
impression that it would rather
spend its resources on lawyers’
fees than improve its product
and service.
While we revolutionaries can
feel great for a moment, we
must keep up the fight in the
face of MS arrogance and
bullying. Still, we don’t have to
defeat them: they defeat
themselves every day. Thanks,
Microsoft: it’s where we
want to go every day.
LXF66 MAY 2005 11
15/3/05 5:54:42 pm
 NEWS
Microsoft blocks Wine
users from Win Update
CodeWeavers stays calm as Microsoft publicly targets emulator for first time
Microsoft’s latest anti-piracy
measure includes what
appears to be a concerted
effort to block users of the Windows
emulator Wine from installing
otherwise freely-available software on
their Linux machines.
The Windows Genuine Advantage
(WGA) validation tool, which has been
developed to stop pirated versions of
Windows being updated via the
Windows Update site, prevents Wine
users from downloading updates or
add-on tools.
A Microsoft spokesperson told the
UK’s ZDNet.com that Wine was the
first emulator to be specifically tested
Win4Lin adds XP support
Virtual OS finally runs software not consigned to retirement
Win4Lin, the company formerly
known as NeTraverse, has included
support for Windows 2000 and
limited support for Windows XP in the
new edition of its flagship Win4Lin
Professional software. Previously, the
virtual OS was only capable of
installing Windows 9x series products.
EMBEDDED LINUX NEWS
● Trolltech expects a wave of Linux
smartphones to drive adoption of new
telecoms technologies – including 3G,
which has had a slow start in the UK
and Europe. Chief executive Haavard
Nord said 20 phone and mobile device
manufacturers are working on Qtopia-
based products for 50 hardware
vendors. Motorola, Samsung and Philips
will all be debuting devices in 2005, and
so will Ningbo Bird, China’s biggest
handset builder.
● Enterprising hacker Laurent Bousis has
taken a standard issue Giga Vu Pro (above
right) from German hardware vendor Jobo
and turned it into a fully-fledged 2.4 kernel
series embedded Linux computer. The
12 LXF66 MAY 2005
LXF66.news Sec1:12
Despite WGA’s
best efforts, you
can still install
Internet Explorer
via Crossover
Office Pro. Oh
well boys, you
can’t have it all.
The company has also said it plans
to integrate better WinXP compatibility
into future releases.
Win4Lin chief executive Jim Curtin,
said the release of Win4Lin Pro would
improve the opportunities for
companies to investigate Linux on the
desktop without being concerned
device is designed to perform along the
same lines as the iPod Photo, features an
Xscale 400MHz processor and makes a
pretty good choice for an embedded system.
The first job Bousis did was to turn the whole
thing into a Doom games console. http://
gigavupro.sourceforge.net/tutorial.html
www.linuxformat.co.uk
about legacy applications. “Previously,
enterprises and users needing to
migrate legacy Windows applications to
Linux were stuck with either an
expensive porting task, or with clunky,
non-integrated virtual machine
solutions,” he said.
Another welcome change is that the
software no longer requires users to
download and install a special patched
kernel, making installation and use of
the software potentially far easier.
● Mozilla developers are working hard to
knock out a production-quality Windows
CE/Pocket PC build of their Minimo web
browser. Project leader Doug Turner has
posted a workable version on his website.
Until now the application has been
available exclusively for Linux PDAs, but a
Pocket PC version is seen as a vital
ingredient in emulating the success of the
mainstream Firefox browser. Turner aims for
a public release in about four months.
● Motorola has joined forces with Voice
over IP company Skype to create a new
range of ‘Skype-ready’ mobile and fixed-
line phones. Speculation is rife that mobiles
may be able to make /Skype/ calls when in
range of a wireless LAN or hot-spot.
for WGA. “Microsoft does not
knowingly provide copyrighted OS files
to users of third-party emulators or
cross-platform API translation
technologies such as Wine,” they said.
Jeremy White, chief executive of
Wine developer CodeWeavers, said he
was relaxed about the issue, as it
marked the end of Microsoft’s policy
of never even mentioning Wine, but
that things would be different if the
company decided to restrict MS Office
updates to those running Windows.
This, White said, “would expose
them to legal repercussions, as they
would be tying one monopoly product
to another.”
SUSE Linux 9.3
released
Includes Beagle search tool
Novell has released SUSE Linux
Professional 9.3, adding native support
for Apple’s iPod music player and the
Beagle integrated search tool to its
award-winning desktop product.
Beagle enables users to comb
through locally-indexed web pages,
emails, IM conversations, music files
and images, as well as documents
stored in a variety of formats including
PDF, source code and files created in
MS Word and OpenOffice.org.
It was created as a demonstration
of the power of Mono and is a pet
project of Ximian/Novell vice president
Nat Friedman. If the user’s system is
‘inotify-enabled’, Beagle’s system
works, according to developer John
Trowbridge, “almost in real time”. The
system has some heavy dependencies,
so SUSE 9.3 will probably be the first
encounter most users have with the
technology, which competes with
Google’s Desktop Search tool and the
much-touted but little-seen WinFS
from Microsoft.
Demos of /Beagle/ in action can be
seen at http://nat.org/demos.
15/3/05 5:54:43 pm
 NEWS

David
Cartwright
David Cartwright is an IT
consultant who specialises
in providing Linux Systems
and solutions.

COMMENT

An OS is an
OS is an OS
It wasn’t long after the
release of of Red Hat
Enterprise Linux 4 that someone
asked me: “Do I stick with
RHEL 3 or move now?” His
historical expertise was with
non-Linux operating systems,
and he didn’t know how stable
the new release would be.
The answer to this question
Deutsche Bahn may soon be the biggest Linux user in the world. is, of course: “Forget that it’s
Linux – what would you do with

German trains to run on Linux

IBM oversees transition in biggest project of its kind yet seen
Deutsche Bahn, Germany’s
national rail operator, has moved its
entire 55,000 workforce from using
Lotus Notes to Linux. While all eyes
were on plans of a massive migration
of desktops to Linux in the city of
Munich, Deutsche Bahn had been
quietly preparing what is probably the
biggest move to open-source software
in history.
The company says it won’t fully
benefit from Linux until the entire
computing infrastructure has been
migrated, at some point next year.
The first step was to move its
timetable systems from HP to Linux,
but a spokesperson said the
subsequent desktop migration is the
most important milestone in the
process. Once complete, the company
will be running everything on Linux,
from SAP systems and sales support
to web and mail servers.
The project, which is being overseen
by IBM – also a major hardware
vendor for the move – is being keenly
watched by Munich city council.
Unable to resolve potential problems
with patents, Munich has decided not
to go ahead with migration.
NZ HEALTH CHIEFS MIGRATE TO LINUX
New Zealand’s Ministry of Health is
migrating its data centre operations
from Windows to Linux. The ministry has
cited the current system’s inflexibility as
the reason for the move.
Chief information officer Warwick
Sullivan said the organisation was
constantly hitting a resource bottleneck
due to a peaky processing cycle and had
IBM spokesman Steve Menadue
congratulated Deutsche Bahn on its
visionary approach to adopting open
source. “The strategic choice is further
proof that Linux has matured as an
enterprise platform, offering a variety
of advantages including cost savings,
shorter development time and a high
level of security,” he said.
found that the installed system was not
capable of holding up under this
pressure. “Windows can’t support what
we do, and its management controls
aren’t consistent with a data centre
operation,” he said.
IBM has won the competitive tender
to provide the NZ$3 million
(£1.1 million) installation.
any operating system?” It’s
obvious when you think about it.
First, some of the
applications he’s running state
the kernel version as their only
compatibility issue, whereas a
couple specifically mention
RHEL 3.0. So until the
application vendors state
compatibility with 4.0, he
shouldn’t be overly quick to
move across.
But this doesn’t mean he
shouldn’t be moving to the new
version to some extent. A ‘big
bang’ migration on the day that
his applications become officially
RHEL 4.0-compatible is a very
bad idea – a more controlled,
methodical approach will not
only help him become familiar
with the new version, but also
shake out the little foibles that
the new version is bound to have.
I think he should get 4.0
now, try it out in a lab
environment, test it to death,

AFFS grants for open source developers
Three-figure sums available to projects with community appeal
The Association for Free Software
(AFFS) has launched a new
programme to reward and support
open-source developers.
The group is calling for applications
from developers and says the grants
are likely to be three-figure sums.
Projects will stand a better chance of
winning a grant if they are judged to
have the capacity to attract further
funding in the future, or matched
funding immediately.
Interested developers should write a
short précis of their project, stating
who is involved and why funding is
required – this could be anything, as
long as you can show that it will
benefit the free software world.
Applicants are asked to send
proposals to the AFFS in an open
source-friendly format (send a DOC
file at your peril).
More details are available at
www.affs.org.uk/grants.
then perhaps roll it out to a few
real, but non-critical systems and
test it to death again. By the
time 4.0 is supported by his
‘big’ applications, he’ll have the
confidence (and the rollback
plan!) to upgrade the
critical systems.
So remember boys, girls and
system administrators: RHEL is
just an operating system
– migrate it like any other.

www.linuxformat.co.uk LXF66 MAY 2005 13

LXF66.news Sec1:13 15/3/05 5:54:48 pm

 REVIEWS Gentoo Linux 2005.0
SOURCE-BASED DISTRIBUTION
Gentoo Linux 2005.0
Roll your own packages with the latest release of Gentoo, writes Neil Bothwick.
BUYER INFO
Linux distro suited to power users.
Also consider: Linux From Scratch,
Rock Linux.
■ DEVELOPER Gentoo Foundation
■ WEB www.gentoo.org
■ PRICE Free under GPL
Gentoo has something of a
reputation as the distro for
speed freaks – people who
are willing to spend days
experimenting with compiler flags and
recompiling their system in order to
get an extra 0.5% of performance.
Gentoo developers themselves fed this
perception in days of yore by stressing
the the distro’s performance benefits
on the official website.
For the new 2005.0 release they
take a more balanced view,
highlighting the configurability and
flexibility that Gentoo offers in addition
to any performance benefits. This is
the first of two Gentoo releases
pencilled in for 2005. It refers mainly
to the version of the installation discs,
as the distro can be continuously
updated without re-installation.
Use the source
Gentoo is different from most distros
in that (in the main) it does not have
pre-compiled binary packages. When
you install a program with Debian’s
APT or Mandrake’s RPMDrake, the
package that you install contains
pre-built binary programs and libraries.
Gentoo’s package management
system Portage works directly with the
source code packages.
This is very much a distro for the
so-called power user – someone who
wants maximum control over their
system and is prepared to expend
some effort to achieve this. If you want
to slap a CD or DVD in the drive, click
a few buttons and have a full desktop
system running half an hour later, this
is not the distro for you. If you want to
get your hands dirty and learn how
everything works, read on.
The main advantage of Portage is
the amount of control it gives you, and
not only in terms of the compiler
optimisations used. When you’re
installing a package from source, the
20 LXF66 MAY 2005
LXF66.rev_gentoo 20
Gentoo is pretty excited about Portage, its package management tool
(it even has its own site at www.gentoo-portage.com). Porthole (right) is
a GTK-based Portage front-end now in its fourth release. Kentoo (left), a
KDE Control Centre module, is another third-party front-end.
first step is usually to run the configure
script. If you first do configure --help,
you will see a number of options that
can be enabled or disabled when
building the program.
With a binary distribution, those
options are chosen for you. Gentoo
uses a system of USE flags to make
the decisions based on your needs.
Another advantage is that Gentoo’s
ebuilds – the installers for individual
packages – are simple bash scripts.
Any complexity is in either the Portage
package management system itself, or
the program’s own config and make
files. This means that Gentoo usually
gets packages for new program
releases very quickly (the ebuilds for
the KDE 3.4 betas were available
before the source files themselves
were uploaded to the KDE mirrors).
The disadvantage of installing
software in this way is the time it takes.
Even on an Athlon 64, installing KDE
is an overnight task, although the
computer generally remains usable
while programs are being compiled.
The process of installing a new
package is no more complex than with
most binary distros. emerge
progname will download, compile
and install the code for the program
and for any dependencies it has.
Gentoo doesn’t have an automated
installer (yet). What it does have is an
www.linuxformat.co.uk
extremely detailed handbook that
walks you through the setup stages
from preparing your hard disk to
compiling a kernel. Installation is
laborious, but not difficult as long as
you follow the handbook.
A stage 1 installation is the most
time-consuming option, as everything
is compiled from source. Stage 3 uses
pre-compiled binary packages for just
about everything but the kernel. While
this does go against the Gentoo
philosophy, it lets you go from bare
disk to running desktop in around an
hour. You can then set up your
optimisations and recompile the
system while you’re using it.
Prefab clout
In addition to the core system
provided by a stage 3 install, Gentoo
also provides GRP snapshots. These
are pre-built binaries of major
packages, such as X, Gnome, KDE and
OpenOffice.org, designed to get a full
desktop installed as quickly as possible.
The user has the choice of running
with proven, stable packages or living
on the bleeding edge with packages
from the testing ebuilds. It is possible
to mix the two, running a largely stable
system with a few testing packages
where the latest features are needed.
Not that the testing packages are
unstable: many people run a testing
system with no ill effects, and get to
be the first to play with the latest toys .
Most of the administrative tools for
Gentoo are command-line based,
although there are some third-party
GUIs for Portage, including a plug-in
for the KDE Control Centre and a
stand-alone GTK front-end. For
general system administration, you can
install the excellent Webmin and do
everything from your web browser.
There are some GUI tools in the
pipeline from Gentoo, but progress is
slow: most Gentoo users are
comfortable with the command line,
so time is spent on other projects.
The one thing that Gentoo users
are not short of is help (or the time to
read it during compilation). On top of
the comprehensive installation
handbook, there are detailed howtos
for most tasks and a user community
that can help with anything else.
If you want to learn how a Linux
distribution works – and have
maximum control over it – Gentoo is
worth a try. If all you want is a simple
point-and-click system without having
to worry about what’s underneath, this
isn’t the right choice for you. LXF
LINUX FORMAT VERDICT
FEATURES 8/10
PERFORMANCE 9/10
EASE OF USE 6/10
DOCUMENTATION xx/xx
If you like to stay in total control, Gentoo is
your distro.
RATING 8/10
15/3/05 4:05:27 pm

DESKTOP ENVIRONMENT
Gnome 2.10
The pace of development at Gnome HQ seems to be slowing. While Paul tries to convince Graham
on page 30 that Gnome is the desktop king, can version 2.10 hold Andy Hudson’s attention?
BUYER INFO
Classy window manager. Also
consider KDE 3.4 or even IceWM.
■ DEVELOPER
The Gnome Foundation
■ WEB www.gnome.org
■ PRICE Free under GPL and LGPL
It’s always interesting to see
changes made to either of
the two dominant window
managers, Gnome and KDE.
Gnome 2.10 was released at the
beginning of March and is now
widely available either for
installation via tarballs or
pre-bundled with distros such as
Ubuntu or the new Fedora Core 4.
Gnome and KDE are both mature
packages now, sp what
improvements can actually be
made? Let’s take a look at what the
Gnome community has been up to.
We took advantage of the
bleeding-edge nature of Ubuntu to
access Gnome 2.10 from the
moment it became widely available.
Our first impression was that not
much had visibly changed. Previous
versions had introduced the top panel
with its Applications and Computer
menus, but Gnome 2.10 changes the
Computer menu to Places and adds
Desktop. Places allows you to
bookmark specific resources such as
network drives and common folders,
putting them in easy reach, while
Desktop gives you quick access to files
that sit on your desktop so you don’t
have to minimise the inevitable crowd
of windows.
Work has gone into minor usability
tweaks, and you get the impression
that the Gnome Foundation is making
gradual changes over a long time.
Good news for Linux
Another area in which the Gnome
Foundation is making progress in is
the administration tools that come as
standard. Although the different
distros that Gnome sits on have their
own configuration tools (such as YaST
and DrakConf), the Foundation is
trying to provide a set of tools that are
standardised across all distros, to
LXF66.rev_gnome Sec1:21
Right Take your pick - do
you want to ping, trace
or finger that rogue IP
address? Version 2.10
gives you more options
than ever before.
Below There’s no place
like Gnome – add as
many of your favourite
FTP servers and
directories as you like to
this handy Places menu.
make it easier for sysadmins to
configure and set Gnome up,
regardless of which distro is being
used. Work had already begun on this
in 2.8, and 2.10 sees further
refinement in the network, user and
time/date tools. The plan is to develop
a disk management tool, enabling you
to configure physical disks under
Gnome. If Linux can succeed in
providing a consistent look and feel
across multiple distros, it can only
speed its uptake.
Gnome 2.10 also includes some
updates to the general look and feel
of the desktop. The Gnome text editor
gedit now sports line highlighting and
emphasis on opposing brackets – a
feature designed to be more
developer-friendly than before. The
sky-watching applet GWeather,
meanwhile, has been updated to give
you even more information about the
weather than before (perhaps with
one eye on capturing more of the
www.linuxformat.co.uk
British market). Existing applets have
been updated and new ones added in
an effort to make things even easier
than they were before.
Sucker punch pulled
All this is great, but six months is a
long time in open source development
and you might have expected more.
Gnome 2.10 lacks the sheer volume of
features that traditionally makes new
releases so exciting, and no single
addition matches the huge
development leaps that have
happened in previous releases. Both
2.6 and 2.8 introduced features that
(although controversial) were
groundbreaking for the Gnome
Foundation. Remember the inclusion
of Spatial Nautilus in 2.6?
Such advancements seem to be
missing from 2.10 and this will
probably be viewed as a somewhat
tame release, with the real work
becoming apparent over the next few
REVIEWS Gnome 2.10
versions. We’re feeling generous, so
we’ll say this slowing of progress is a
sign of this window manager’s maturity.
Most exciting is the continued work on
the configuration tools, which stands to
benefit all Linux users.
Any seasoned Linux user will be
used to the continuing advancement
of both Gnome and KDE and will
already be itching to get their hands
on Gnome 2.10. If you’re one of them,
our advice to you is this: don’t go
looking for 2.10, but wait for it to come
to you in the form of a new distro
release. There is not enough here to
warrant an immediate upgrade for
anybody, unless you are the type who
really must have the very latest in
window managers. LXF
LINUX FORMAT VERDICT
FEATURES 6/10
PERFORMANCE 7/10
EASE OF USE 8/10
DOCUMENTATION 7/10
Elegant as ever, Gnome 2.10 should
nevertheless not be high on your list of
upgrades. Wait until you need to refresh
your distro and then worry about it.
RATING 7/10
LXF66 MAY 2005 21
15/3/05 4:05:46 pm
 REVIEWS OvisLink router
WIRELESS ROUTER
OvisLink Multimedia
VPN Router & Server
Graham Morrison investigates a server with a sideline in surveillance.
BUYER INFO
Wireless web access offering
high security and unprecedented
device support.
■ SUPPLIER OvisLink
■ WEB www.ovislinkcorp.co.uk
■ PRICE £160
This is no ordinary wireless
router. For a start, it runs an
embedded version of Linux
on its 170MHz RISC CPU. Using our
favourite operating system has brought
all kinds of advantages, mostly in the
form of drivers for the in-built USB
sockets; but OvisLink has also taken
the decision to release its patches
under the GPL – albeit with a warning
that tinkering around with the OS can
invalidate your warranty.
The first thing that strikes you after
removing the router from its box is its
size: 24x14cm. It’s also a distinctive
shade of metallic blue, but otherwise,
the OvisLink WMU-9000VPN looks
just like any other router.
It’s a different story at the back.
Along with the (10/100 Base-T
Ethernet) LAN ports, another one
intended for WAN broadband and the
power connector, the rear panel
houses the four aforementioned USB
2.0 sockets. An adjacent PS/2
connection (intended to provide power
for external USB storage devices)
hints at what these are capable of.
Setting the device up is simple,
and in common with similar routers,
configuration is done with a web
browser accessed by connecting to
192.168.1.254. The user interface isn’t
too bad, and it’s well laid out. There
are a few translation
errors in the text, but
on the whole the
instructions are easy to
22 LXF66 MAY 2005
LXF66.rev_router 22
understand and you should be up and
running in no time at all.
The WMU-9000VPN is a well
specified little gadget. A content filter
can restrict access by either keyword
or domain, and you can perform a
virus scan on normal and compressed
files using an onboard version of gzip.
There’s bandwidth control, either by
grouped IP addresses or, more
interestingly, by application. This
means you can deny or restrict
bandwidth to the heaviest network
users, which is a great way of ensuring
there’s enough bandwidth for
dependent utilities such as VoIP.
There’s an SPI firewall, to which
you can add filter rules by specifying
source and destination addresses.
Ports are selected from a drop-down
list of previously configured
applications, but (unlike with the
bandwidth control), it is possible to
define new applications. Fields
available for each application include
TCP, UDP and ICMP, and ports can be
entered as ranges. Another feature
that may appeal to homeworkers is
the router’s support for Virtual Private
Networking (VPN). It can handle both
the IPSec and PPTP protocols, with a
maximum of 100 IPsec and 10 PPTP
VPN tunnels.
For the original features, though,
we need to go back to those USB
ports on the back. The router can
www.linuxformat.co.uk
drive three separate classes of USB
device: printers, storage and
(unusually) webcams. The list of
compatible devices is obviously taken
directly from the official Linux
compatibility list for the 2.4 kernel –
but you do need to check your
devices against this list before you buy.
USB heaven
You can use USB storage devices to
share files either locally or across the
internet. In effect, the router simply
mounts the storage device and
provides access through an FTP
account to digital cameras, say, or
MP3 players. The web interface can
configure either user or anonymous
accounts, and will also manage
bandwidth throttling locked to an
upload and download ratio. Printer
support is restricted to raw TCP/IP
devices, but it’s still a great way to
share a printer on a wireless network.
We plugged in our Philips
PCVC675K webcam and were
amazed to find that it worked without
any further configuration. OvisLink has
provided a camera port so the user
can keep an eye on home or office
and detect unauthorised entries.
The router will either save webcam
images on to a USB storage device or
send images via email. These
(admittedly lo-res) snaps can be
scheduled or triggered via motion
detection, Mission Impossible-style.
It’s easy to forget that this device is
a wireless router, capable as it is of
11GB speeds. We found it could
maintain a solid internet connection
The WMU supports a webcam so you
can photograph unauthorised users.
with good range through walls and
floors. The real selling point though
must be the USB ports. Once you get
around the fairly limiting compatibility
list, the addition of shared local storage
and a printer server for little more
outlay than a regular wireless router is
excellent value for money.
If you’re thinking of setting up a
web-casting system, the webcam
support alone makes the OvisLink
worth its asking price. But the solid
firewall and bandwidth management
mean it will still be a great piece of kit
when the novelty wears off. LXF
LINUX FORMAT VERDICT
FEATURES 9/10
PERFORMANCE 8/10
EASE OF USE 7/10
VALUE FOR MONEY 9/10
Any of its features, be it bandwidth limiting,
printer server, FTP or webcam support,
makes this router worth the money.
RATING 8/10
15/3/05 4:06:06 pm
 REVIEWS Slackware Linux 10.1
OLD-SCHOOL DISTRIBUTION
Slackware Linux 10.1
Tom Wilkinson finds out if the grandaddy of distros still has life in him.
BUYER INFO
A distribution for users prepared to
get stuck in. Alternatives include
Gentoo and Debian.
■ DEVELOPER Patrick Volkerding
■ SUPPLIER Slackware Linux
■ WEB www.slackware.org
■ PRICE Free download under GPL,
CD version $35
Slackware is the oldest
commercial distribution of
Linux, even predating version
1.0 of the Linux kernel itself. Built
under Patrick Volkerding with the aim
of being the most Unix-like distribution,
Slackware is popular but has a
reputation for being rather intimidating.
This has worked to its advantage in
that it can never reasonably be
accused of dumbing-down. Besides,
the user-friendly sector of the Linux
market is pretty much saturated.
People who see Slackware as a
dinosaur that hasn’t realised it’s
dead yet have missed the point.
Slackware’s installation script may
not have changed much during the
past decade, and its package
management system may lack the
finesse of APT or the ubiquity of RPM,
but it’s robust, and its simplicity means
that it’s largely immune to the
dependency problems that affect
other distributions at times.
This simplicity does place a burden
on the user, as it’s up to them to
remember whether a dependency is
installed. But there are some tools to
aid this process.
You shouldn’t suffer from
Slackware’s installation procedure
staying much the same for ten years.
The text interface is tried and tested
and does everything it needs to. It ain’t
broke, so Slackware’s developers
haven’t fixed it.
Partitioning the disk is left entirely
to you – in fact, after booting the
install CD, you’re given a shell prompt
and left to your own devices, along
with a note to run setup to continue
once the disk is partitioned. While at
first glance this method is unintuitive,
it provides an excellent opportunity to
mount disks in more unusual
configurations or mount disks that
24 LXF66 MAY 2005
LXF66.rev_slack 24
Slackware provides a range of desktops to suit all manner of hardware.
There’s always an element of choice with this distribution.
Above: The default kernel is
2.4.29, though 2.6.10 is provided.
need special drivers, such as
RAID arrays or external disks. In
theory you could install Slackware to
an external firewire drive, though you’d
need a small boot partition on the
internal hard disk.
A choice of using cfdisk or fdisk was
given for partitioning the disks. Cfdisk
is a slightly more user-friendly
program but we had problems
accessing the partition table on our
test machine, leaving us with the
standard fdisk. While it’s a million miles
away from tools such as Disk Druid or
Partition Magic, fdisk does the job and
provides you with enough hints to be
able to work out what’s to be done
without too much brain-ache.
The text mode installation menu
permits users to skip ahead to any
stage in the installation, provided that
the relevant prerequisites have been
made. For example, if you’ve already
mounted your partitions and the CD,
you can go straight to package
www.linuxformat.co.uk
Below: Package management is
less advanced than that of RPM
or APT, but robust nonetheless.
selection. This method of allowing the
user to pick and choose which
portions of the installation to automate
is an example of Slackware’s laudable
philosophy of putting as much control
as possible in the hands of the user.
Don’t be caught out
There is one problem that plagues the
installer. It allows you to choose
between three filesystem types when
formatting partitions: ReiserFS, ext2
and ext3 (XFS and JFS can also be
installed, but a more manual approach
is then required). And because
Slackware uses just the LILO boot
loader, you can easily create a non-
bootable system without any warning
from the distro that you’re doing it
(ReiserFS isn’t understood by LILO).
While experienced users should
know to work around this issue, it
would still be nice for a warning to be
displayed if no ext2 or ext3 partitions
are displayed.
Package selection is reasonably
straightforward, allowing you to pick
different package collections (still
called disc sets, though several
packages are now bigger than any
floppy disc has ever been) and
individual packages, each of which is
marked as Essential, Recommended
or Optional.
The Essential package set contains
the absolute minimum necessary to
build a booting system, enabling the
distribution to be installed on
machines with very small disks. Indeed,
all binary packages are compiled to
run on a 486 processor, with the aim
of helping you turn that old computer
gathering dust into something useful
(assuming you don’t want to do
anything too complex) such as a name
server or web server.
The final task is to select your
window manager. As well as Gnome
and KDE, Window Maker, Fluxbox and
Blackbox are supported, again fitting
with Slackware’s ethos of compatibility
with older hardware.
Once it’s booted, Slackware leaves
you entirely on your own. X needs to
be set up before anything other than
text mode is available, and this can
take a while to get right (our test
machine had an LCD monitor, which
has a lower tolerance for setup error).
Overall, though, if you want to
learn about what happens underneath
all the wizards and GUIs of the newer
and more newbie-friendly distros, give
Slackware a go. Provided you’re up to
the challenge, you’ll be rewarded with
a tremendous level of knowledge. LXF
LINUX FORMAT VERDICT
FEATURES 7/10
EASE OF INSTALLATION 7/10
EASE OF USE 5/10
DOCUMENTATION 9/10
A challenging distro, but one with a lot
going for it if you’re willing to learn.
RATING 8/10
15/3/05 4:06:28 pm

POWERLINE ETHERNET KIT
Devolo MicroLink dLAN
Starter Kit
Nick Veitch gets to the garage to test a winning alternative to wireless home LANs.
BUYER INFO
Adaptors for setting up a local area
network using mains power.
Also available as a USB networking
kit. Also try: a Wi-Fi connection.
■ SUPPLIER Devolo
■ WEB www.devolo.co.uk
■ PRICE £99
Powerline Ethernet isn’t a
new idea, but the explosion
of home networking has
made it one that’s profitable to
re-explore. Devolo is one company
that sees new opportunities in selling
powerline Ethernet equipment, which
explains its new range of
home-oriented products.
The starter kit on test here is
simply a double-pack of the standard
Devolo Microlink dLAN adaptors.
These semi-transparent plug-in units
look more like battery chargers or
some iMac-style surge protector. Apart
from the three-pin plug and a few
lights, the only other notable feature is
a standard Ethernet socket.
Installation is simple – plug the
supplied Ethernet cable between the
adaptor and your
Linux box and
you’re away.
Concerned parents
and conspiracy
theorists will be
pleased to hear that
the MicroLink plugs
emit less radiation than
wireless LAN adaptors.
LXF66.rev_nwork 25
Of course, you need to do the same
somewhere else in the house to
achieve some sort of network. This
would typically be to connect the
other end to a remote router or
broadband modem.
That’s really all there is to it. The
lights on the adaptor will come on to
show that a connection has been
achieved. Your installation is done,
unless you’re worried about security...
Plugging the socket
One of the problems with using the
mains circuit as a network is that it’s a
security risk. In a large company, every
socket becomes a potential network
access point.
Even in your own home, because
of the characteristics of the mains
signalling, signals can travel for
hundreds of metres – perhaps back
up the mains line and through the
consumer unit of your near-
neighbours (this depends on how
modern your meter/consumer unit is).
In an effort to address these issues,
the dLAN units can use optional 56-
bit encryption to set a key on each
device – only units with corresponding
keys will be able to communicate.
Setting the key involves the use of
configuration software. This is supplied
www.linuxformat.co.uk
REVIEWS Devolo MicroLink dLAN Starter Kit
WHAT IS POWERLINE
ETHERNET?
In recent years, there has been a lot of
interest in a technology called Power
over Ethernet, where you use the ‘spare’
pair of signal cables in a Cat5 Ethernet
cable to deliver power as well as internet
connectivity to mobile devices. Its selling
point is that, particularly with Wi-Fi
access points and some appliances, the
ideal location for a networking kit isn’t
always where you have easy access for
cables and power. Plus you only need to
run one cable instead of two!
for Linux as source, and should build
fine on most distributions. The USB
variants require a kernel level driver,
which we haven’t tested for this review.
This form of networking is slower
than doing it the wireless way, but it
shouldn’t be unworkable. Devolo
claims transfer rates of up to 14Mbps
between devices, and this seemed
feasible in our tests. The test network
consisted of one unit in a house and
the second unit in a garage, on a
different branch of the mains circuit,
some 50 metres away.
Transfer speeds peaked around
10Mbps, though it must be said that
some equipment (notable an angle
grinder fired up in the garage) caused
sufficient interference on the mains
circuit to drop the speed significantly.
For a point-to-point connection
this performance is more than
reasonable, certainly if the main use is
to extend broadband access, which is
not normally anywhere near these
speeds. One thing to
bear in mind, though, is
that this is the
maximum throughput
of the entire mains
network – if you have
ten devices plugged in,
they will all be sharing
the 14Mbps bandwidth.
Although powerline
Ethernet is entirely different
from a Wi-Fi networking solution,
it’s a viable alternative. The pros of
But the technology employed by the
Devolo MicroLink kit on test here and by
other ‘powerline Ethernet’ devices is
almost the reverse of this. It addresses
the same problem, but the solution is
different. Instead of taking power over
the Ethernet cable, powerline Ethernet
devices transmit networking data over
the mains power line. This means that,
with suitable adaptors plugged in, the
entire mains circuit in a building can
become a network.
Wi-Fi are that it’s often faster and
perhaps more readily portable.
Wireless adaptors also tend to be
cheaper – mainly because they’re
more mass market products and are
more likely to work with each other
because they are created to broadly
similar standards.
Wired or wireless?
The pluses of powerline Ethernet
include the fact that in most cases it’s
easier than Wi-Fi to secure, easier to
manage and you won’t have any driver
problems. There is also the issue of
coverage – the Microlink dLAN units
work through solid brick walls (Wi-Fi
doesn’t in our test location) and over
potentially greater distances (similarly,
the garage in our test is out of range
of normal Wi-Fi).
On the evidence of this test, the
manufacturers piling their resources
into user-friendly starter kits are
making a smart investment. LXF
LINUX FORMAT VERDICT
FEATURES 6/10
PERFORMANCE 9/10
EASE OF USE 9/10
VALUE FOR MONEY 8/10
A real ‘install and forget’ solution to
networking in otherwise hard-to-reach areas.
RATING 9/10
LXF66 MAY 2005 25
14/3/05 9:08:47 am
 REVIEWS Linspire 5.0
DESKTOP DISTRIBUTION
Linspire 5.0
Looking to ease into Linux from Windows? Chris Denton reckons Linspire could be your answer.
BUYER INFO
Newbie-friendly distro with a price
tag. Other contenders for the Linux
personal desktop crown include
Xandros, Mandrake and Lycoris.
■ DEVELOPER Linspire
■ WEB www.linspire.com
■ PRICE $49.95 as a web
download, $59.95 on a CD
Although the likes of Red
Hat, Sun and SUSE are
concentrating their Linux
desktop efforts on winning corporate
customers, Linspire has stuck to its
guns and set its sights primarily on
home users. The latest version of its
distro, Linspire 5.0, is very much in this
tradition, aiming to improve on the
simplicity, features and friendliness of
previous versions.
With this in mind, the installation
process is kept very simple. There are
none of the configuration options
presented by Fedora, say – it’s just a
case of a few clicks and you’re done.
Obviously this only works if the
defaults are acceptable, which
thankfully for the most part they are.
We decided to test a pre-release
beta version of Linspire 5.0 on a Dell
desktop containing an early Pentium
III processor, 192MB in memory, two
smallish hard drives and an internal
Iomega Zip drive. It’s modest by 2005
standards, but this is just the kind of
PC that would benefit from a second
lease of life courtesy of Linux. Happily,
despite it being at the bottom end of
Linspire’s system requirements the
installer was quite happy with the
hardware, and even detected the Zip
drive correctly. Linspire uses grub as
the bootloader and so will rub along
quite happily with another operating
system if you want it to.
Flash! a-aaa!
Linspire uses KDE for its graphical
desktop but has adapted the look and
feel, again to make things as clear and
crisp as possible. When the system
boots for the first time you’re
presented with an innovative help
introduction. Help functionality on
Windows and Linux alike is rarely
26 LXF66 MAY 2005
LXF66.rev_linspire 26
helpful, but Linspire has gone all out
to try to guide users. The result: a
multitude of Flash tutorials that show
rather than tell the novice how to get
to grips with system operation, which
can be scarily unfamiliar if you have
never seen anything but Windows.
Importantly, plenty of assistance is
provided to deal specifically with
internet connectivity – getting on to
the web will be the number one
priority for those running Linspire, and
users can’t rely on their ISP to provide
good enough Linux documentation.
No warning
The friendly and gentle approach to
computing pervades Linspire 5.0, but
there are still pockets it hasn’t reached.
For instance, to get on to a LAN there
is a well set-out graphical network
properties window but, strangely,
nothing to guide you through the
process. Should you make a mistake,
such as not entering a subnet mask,
there is no warning that the details are
incorrect nor any defaults that get
used instead. The given settings are
seemingly accepted but the network
interface won’t be available, which
could easily confuse you if you’re a
Linux newbie.
Yet in other ways Linspire is
incredibly mindful of the Linux
beginner, so the network settings issue
may be an oversight that gets
www.linuxformat.co.uk
corrected before the stable release.
Seamless integration with Windows
machines always helps, while Linspire’s
network browser is an effective Samba
client front-end that makes locating
network resources simple.
Instant access
Authenticating and accessing the
shares is just as straightforward, and
getting at files such as Word
documents and Excel spreadsheets
can be done with a double-click into
OpenOffice.org. Impressively, the
whole process works as well or better
than trying the same thing from XP
Home Edition.
Linspire’s killer app is undoubtedly
the CNR (Click-N-Run) Warehouse.
This is a subscription-based service
that allows users to select and install
software with two or three clicks of a
mouse. We decided to replace the
supplied Mozilla web browser and
email client with Firefox and
Thunderbird, and this took a matter of
moments. Then, purely in the interests
of research, we checked out the
games section and ended up helping
ourselves to a rather impressive
selection including Quake II.
There are hundreds of useful (and
not so useful) programs of various
types obtainable this way, although
some people may be put off by the
$49.95 annual fee. Still, CNR is based
Above Linspire’s tutorials are
some of the best around. This one
shows you around its download
centre, the CNR Warehouse.
Left Pingus is a great Lemmings
clone – but you’ll have to pay
to play it with CNR.
on apt-get so it’s a small matter for
those so inclined to amend the
configuration file and start acquiring
free Debian packages instead.
The main problem with Linspire is
that it’s too expensive to be a true
low-cost alternative to Windows. In
addition to the one-off outlay of the
operating system you’ll have to
account for a few years of CNR
membership and, if you’re sensible,
the extra virus checking and safe-
surfing options. Perhaps the best thing
to do is to pick up a new PC with
Linspire pre-installed, such as those
offered by Tiny.
Linspire targets the general PC
user who just wants to do basic things
like surf, email, use Office apps, listen
to music and play the odd game. On
this evidence it’s pretty much hit the
bull’s-eye. LXF
LINUX FORMAT VERDICT
FEATURES 9/10
PERFORMANCE 8/10
EASE OF USE 9/10
VALUE FOR MONEY 6/10
Pretty, competent and user-friendly –
Linspire is little short of excellent, but you
have to pay to get the most out of it.
RATING 8/10
15/3/05 6:15:52 pm
 REVIEWS Win4Lin Home

VIRTUAL OS TO RUN WINDOWS ON LINUX

Win4Lin Home
It might be just the ticket if you’ve got an ancient Win95 database package that you can’t
live without, but Graham Morrison is left underwhelmed by this migration tool.

BUYER INFO Win4Lin is super fast in both full-

screen and windowed display modes:
Runs a virtual version of Microsoft
no sooner have you clicked on the
Windows on a Linux desktop. See
also: CrossOver Office or VMWare. desktop icon or executed win from
the shell than you’re presented with
■ VERSION 5.1
whatever flavour of Windows you’ve
■ SUPLIER Win4Lin
chosen to install.
■ WEB www.win4lin.com
■ PRICE $29.99 You can also resize the window,
and the Windows desktop doesn’t just
It’s been over 18 months scale but actually changes the virtual
since we had a look at desktop resolution, even updating the
Win4Lin’s enterprise display preferences. Win4Lin says it
application for running MS Windows has introduced some minimal
software. In the interim the Texan hardware acceleration to 5.1, using the
company has bought out its developer, X shared-memory extension, and the
NeTraverse, and worked hard on its interface does feel responsive.
product range, including the home Unfortunately, hardware acceleration
user edition reviewed here. doesn’t extend much further than this,
Few of the changes in this modest so don’t expect to run any 3D apps.
upgrade of Win4Lin Home from 5.0 to Win4Lin supports all the recent
RealPlayer works on Win4Lin, albeit without video acceleration.
5.1 could be classed as revolutionary, revisions of Microsoft’s Office suite,
but that’s a sign that the 5.0 release licence) but also suitable boot media. switch between root and user modes, including 97, 2000 and XP. Software
was very stable. Sadly, none of the This problem was highlighted in our and trying to persuade Win4Lin that it compatibility is generally excellent,
changes has brought support for enterprise review (LXF43, August has already installed the necessary especially with older software. The
Windows 2000 or XP – Win4Lin 2003), when we were assured that Windows files. First, root is used to exception is with certain system
Home still runs only the doomed ours was an exceptional case; but we copy the Windows setup files to the specific requirements, such as for a
generation of Windows earmarked for had exactly the same problems a year Linux box. Each user is expected to modern DirectX implementation.
retirement, namely 95, 98, 98SE and ME. and a half on – this problem is more execute the Win4Lin installer locally, Other notable absentees include
The Home version differs from the common than the developers think. which in effect runs through Windows’ audio recording (though playback
Win4Lin 9x enterprise version in You also need a Win4Lin version of own installation procedure. To be fair works well), direct device access,
several ways. Firstly, it’s restricted to your current Linux kernel, and while to Win4Lin, this application is intended CD/DVD burning and USB support
using only 64MB of memory, which you can patch your own source, most for home use, so there shouldn’t be beyond the mouse and keyboard.
will obviously impair performance. distributions already have a Win4Lin that many users. Our review may be mixed at best,
Also, network connectivity is through kernel available. The kernel patches Overall, this user-mode stage is but with Win4Lin it’s important to not
WinSock 2.0 rather than the VNET are mainly used to enable Windows mostly transparent, and while you can focus on the negatives. Despite only
system. Whereas VNET goes to the applications to take advantage of the see that Windows is indeed installing, supporting ageing Windows versions
trouble of emulating a physical NIC, Linux scheduler. At least the 5.1 there’s no user interaction involved (or because of it) the application is
Winsock simply passes the TCP/IP release has introduced support for the and the whole process is over in a fast and stable. The target user is
calls to the Linux stack. This effectively 2.6 kernel, and finding one for our matter of minutes. someone who wants to migrate from
limits access to the TCP/IP protocol. Mandrake 10.1 system wasn’t difficult. Windows but has old apps or utilities
Installation is also disappointing. There are still a few inconsistencies Smooth migration that just can’t be replaced with a Linux
The problem is that Win4Lin requires to work through with the installation In a similar way to Wine applications, version. If this sounds like you, using
not only the Windows files (and a valid procedure. These include having to the Windows installation is contained Win4Lin could be the answer. LXF
within the $HOME/win directory. A
BUT WHAT IF I NEED mydata directory contains the
LINUX FORMAT VERDICT
WINDOWS XP SUPPORT? ubiquitous My Documents folder – it
FEATURES 4/10
may sit incongruously, but it’s a useful
Released in February, Win4Lin Pro 6 finally addresses many of the issues that PERFORMANCE 6/10
feature that the Windows installation
Win4Lin users have been complaining about for years. For a start, there’s no
shares the Linux file system. EASE OF USE 4/10
longer the need for a custom kernel, which should make installation a breeze.
It’s even possible to copy apps VALUE FOR MONEY 7/10
More importantly, development has caught up with the latest generation of MS
from a Wine installation to a Win4Lin
Windows, with direct support for both 2000 and XP Pro. On the downside, Great value if all you need is to get an old
one. In comparison with VMWare, this
there are still some issues with boot media, and the Pro package is a lot more Windows application working in Linux.
is refreshing, and it avoids the
expensive than the Home edition. However, considering Win4Lin’s usually
complexity of shared partitions and RATING 6/10
excellent performance, there’s a good chance that the Pro version will prove a
virtual Samba clients; which is a real
viable alternative to dual booting or its fellow virtual workstation VMWare.
barrier to migration for some users.

www.linuxformat.co.uk LXF66 MAY 2005 27

LXF66.rev_w4l Sec1:27 15/3/05 4:06:48 pm

 REVIEWS Books
The Exim SMTP Mail Server
Exim came top of this month’s mail server Roundup just as Paul Hudson
finished reading the leading book on the topic…
BUYER INFO
■ AUTHOR Philip Hazel
■ PUBLISHER UIT Cambridge
■ ISBN 0-9544529-0-9
■ PRICE £37.50
■ PAGES 595
If it were possible to extract from
the brain of Exim creator Philip Hazel
all that he knew about his popular
mail server then have it committed to
paper, the result would be only
marginally different from this book. To
say that The Exim SMTP Mail Server is
comprehensive is an understatement
akin to saying that the Pacific Ocean is
a bit damp. It is a huge work that
covers every area of Exim 4 that you
could ever need to know about.
The previous edition of this book,
in which Hazel discussed Exim 3.x, was
produced by O’Reilly, and thus infused
with the publisher’s usual amusing
tone. In contrast, this one has little in
the way of spark and style, which
made reading the best part of 600
pages feel very, very slow (we only just
Knoppix Hacks
Nick Veitch looks for buried treasure in the latest Hacks book.
BUYER INFO
■ AUTHOR Kyle Rankin
■ PUBLISHER O’Reilly
■ ISBN 0-596-000787-6
■ PRICE £20.95
■ PAGES 316
Knoppix is almost certainly the
best-known Live CD Linux distro, and
with good reason. Its versatility is
such that it’s just as happy being
used as a hot-desking tool as a
system recovery utility disc. This is
why Knoppix Hacks could have done
with a more explanatory subtitle than
the boastful ‘100 industrial-strength
tips and tools’, because the book isn’t
so much about hacking Knoppix as
about hacks you can perform while
using Knoppix.
The format of the book follows
that used by previous titles in
O’Reilly’s Hacks series – think up
some cool stuff, write a few hundred
28 LXF66 MAY 2005
LXF66.rev_book 28
managed to finish it in time for this
issue of LXF).
Of course, this is a book about a
mail server – if you’re expecting thrill-
a-minute content you’re looking in the
wrong inbox.
Crammed with info
Although some masochists might try
to read this book from cover to cover,
it’s best used as a reference guide. For
words on it then try to group the tips
together into categories. In that
respect, the approach definitely
seems to work better when applied to
topics such as wireless networking.
The book starts off with some
‘hacks’ that really just form a user’s
www.linuxformat.co.uk
example, if you want to build Exim
from the source, just flick to chapter
22 and find the part that helps you.
Similarly, the coverage of encryption,
database lookups and filtering is
separated into chapters, which deal
with each topic wholly and
independently of the other chapters.
This approach works up to a point,
but there is a noticeable lack of
summarising that means that you
guide to Knoppix. Unfortunately,
including such chaff dilutes the really
useful material – such as how to use
Knoppix as a repair disk or for
forensic analysis of a hacked system.
The section on how to customise
Knoppix and build your own Knoppix
really do need to wade through quite
a few pages before you gain a firm
grasp of a topic. What’s needed are
some bulleted lists at the end of each
chapter that give a brief recap of the
topic so that people who want
immediate answers don’t have to read
30 pages first.
Surprisingly, there is one such list;
and the surprise is that it comes right
at the end, after the index (which, on
a tangent, is one of the best indexes
we have seen in a long while), where
the list of the book’s sponsors are.
One of the sponsors, the Norwegian
Linux firm Linpro, provides six quick
ways to tune Exim, and it works
wonderfully well – let’s hope the next
edition follows Linpro’s example!
LINUX FORMAT VERDICT
Brusque and dry, but if that floats your
boat this is the Exim book for you.
RATING 7/10
modules has some original material
not available on the Knoppix website,
and hacks such as recovering trashed
hard disks or resetting NT passwords
are genuinely useful. However, this
reviewer’s overall impression is that
many of the hacks have been
conjured up from the everyday in an
attempt to squeeze out a magic,
publisher-pleasing ‘100’ for the cover.
Most readers would have preferred
50 really good hacks.
A useful guide, then, to the
potential uses of Knoppix that has
some useful tips but not much more
than the sort of information readily
available on the Knoppix website.
LINUX FORMAT VERDICT
Needs more hacks, less fluff.
RATING 5/10
15/3/05 4:05:00 pm

Linux Application Development
Graham Morrison forgets all he knows about Linux to review this
introduction to command-driven development.
BUYER INFO
■ AUTHOR Michael K Johnson and
Erik W Troan
■ PUBLISHER Addison-Wesley
■ ISBN 0-321-21914-7
■ PRICE £41.99
■ PAGES 702
You’re a systems programmer,
perhaps a good one. You’re well-
versed in Unix and eager to learn, but
Linux is a whole new world to you. This
may well be the book to help you get
there. It’s an ambitious attempt to
encompass Linux application
development, from the perspective of
experienced C programmers who don’t
necessarily know anything about Linux.
The authors assume readers have
some Unix knowledge, so scrimp on
general information but splash out on
Linux ideas. This second edition has
been written with reference to the 2.6
kernel and the GNU C library version
2.3, and the considerable amount of
source code included in the book is
available from a well-organised
accompanying website.
The authors have managed to
squeeze all the essentials of Linux
programming into the first 100 pages.
This section covers almost as many
subjects as there are pages, any of
which could fill a whole book, but the
highlights include chapters on Emacs
and Vi, gdb, GCC, open source
licensing, the GNU C library, memory
debugging tools, libraries and the
Linux system environment.
The pace makes for an
entertaining read, but don’t expect to
gain anything more than a perfunctory
understanding of the many subjects
covered. The authors don’t want to
waste time introducing Linux tools that
Unix users will already be familiar with,
preferring to dedicate more of the
book to discussing how Linux works.
What’s missing from the extensive
list is anything on GUI design or
custom widgets. In fact, the book
doesn’t deal with modern user
interfaces in any way. It takes a more
Unix-like, command-driven approach,
and the word ‘application’ in the
book’s title is used to denote any of
the thousands of command-driven
components responsible for holding
Linux together: the kind of application
LXF66.rev_book 29
you find in the shell or running in the
background. It’s the considerable
second section of the book that really
starts to delve into the details of
system programming.
Clarifying the unclear
For a solid grounding in Linux
development there’s no better place to Linux behaviour.
start than with the process model –
and that’s exactly where this second
section kicks off. The process model is
something I’ve often personally
misunderstood. If like me you’ve had
only a basic idea of how it all hangs
together, this chapter makes use of
familiar terminology and some good
examples to pull the whole concept
into order for you.
Process management also
presents the opportunity for some
excellent sub-headings, such as
‘10.4.6 Killing Yourself’, followed by
‘10.4.7 Killing Others’.
To help with many of the concepts
used in the book, the authors develop
throughout the book a subset of the
Unix command shell called ladsh. Each port before copying data to the
chapter progressively adds to the
source code, to produce a minimal
shell featuring built-in commands,
external command execution, I/O
redirection and job control. As an
example, the file I/O is describes the
terms of file access, everything from
file ownership to ext3’s extended
attributes, before applying the same
principles to the ladsh shell in the form development libraries. The authors use
of redirection through files and pipes.
A signal processing chapter is just
as illuminating as the one on process
management. From there, the book
www.linuxformat.co.uk
quickly moves on to cover a bevy of
subjects including advanced file
handling, memory mapping and job
control. There’s an interesting chapter
on terminals, which (along with many
other parts of the book) provides an
excellent historical explanation for
much of what we consider esoteric
This gives the book broader appeal
– it would be a good read for practised
Linux users who want to understand
more about why their systems work
the way they do.
Sample code to try
There follows a good section on
networking with sockets, including
manipulating IP addresses for both
IPv4 and IPv6. This section also
includes some excellent example code,
including an executable version of
getaddrinfo(), featuring several well
thought-out options for the command
line. Another example is a Unix
domain server written in two pages of
code, which will listen on a certain
standard output. The absolutely
colossal system programming section
draws to a conclusion with security,
covering both common security holes
and access restrictions.
If we had to criticise any part of
the book it would be the final section,
which touches on several subjects
under the loose definition of
this as an excuse to focus on
everything from regular expressions to
screen management and hashed
databases. It feels a little like an
REVIEWS Books
afterthought, being not quite so
comprehensive in its treatment as
other parts. There’s a small section on
dynamic loading and callbacks, but
the reader is presumed to have a
good understanding of functioning
libraries already.
Linux Application Development
makes what was previously a specialist
area accessible to anyone with Unix
programming experience and the
desire to write applications. (Windows
programmers may struggle without
knowledge of the basic terms, despite
the authors’ encouraging assertion to
the contrary).
Each chapter not only works well
as a reference to a Linux tool but also
sparks ideas about how that tool could
be developed. Using a real
implementation of a Unix shell is a
great idea, bringing a greater
relevance to many of the examples,
and you find yourself with a useful tool
at the end of it. For a technical
manual the book reads very well and
is relatively easily to understand, which
is to the authors’ credit.
The real value, however, comes
from being able to refer to the various
sections of the book after closing the
final page – and feeling inspired
enough to sit down and actually write
something. LXF
LINUX FORMAT VERDICT
A whole new world of application
development handed to you on a plate.
RATING 8/10
LXF66 MAY 2005 29
15/3/05 4:05:06 pm
 KDE VS GNOME
desktop duel
KDE GNOME
Linux Format’s Paul Hudson and Graham Morrison fight it out
to decide once and for all which is better – KDE or Gnome?
In the grey corner:
PAUL HUDSON
Our modest and capable deputy
editor represents the power of
the Gnomic allegiance. On his
side is the deceptively simple
design and sleek user interface
that makes Gnome so popular.
But will he have to account for
Nautilus’s spatial mode?
In the blue corner:
GRAHAM
MORRISON
Graham is our staff writer, and takes
the side of that chameleon of change,
KDE. He can argue that as long as
there’s an option for it, most users
will be happy. But can he explain all
those configuration windows and the
obsession with the letter K?
30 LXF66 MAY 2005
LXF66.kdegnome 30
vs
T
here are few flame wars as
long lived as that between
zealots of the Gnome and KDE
desktops. To settle the score,
we have two advocates who, in
a series of rounds, will do their
best to denigrate their opponent and
maybe force a few submissions. There
will be no biting or gouging, but plenty
of points scored below the belt. So,
contenders, return to your corners,
and come out ranting.
ON USABILITY
PH: Okay, we have three minutes,
so I’ll summarise: KDE sucks. The
biggest problem with KDE is the
K’s – K-this, K-that and K-theother.
Sure, it was the Kool Desktop
Environment, but do we really
need names like aKregator? In
Gnome, we have a few Gs, but lots
of normal names too – Evolution,
Epiphany, Anjuta, Beagle...
GM: Well, if that’s the biggest problem
with KDE, it can’t be that bad. I agree
there’s a lack of imagination in KDE
naming, but at the end of the day it’s
how they work that’s important.
PH: We’ll discuss the big problems
later – I’m giving you a chance!
But seriously, it makes life harder
for people. Tab completion is hard
when everything starts with a K.
GM: In general terms, you have more
choice. By the way, every KDE
application sports a handy keyboard
shortcuts editor in case you’re not
happy with the default. If we’re to
trade blows over this, I don’t like the
Gnome file dialog at all. It’s pants!
PH: They spent a long time
working on that! Designers put
www.linuxformat.co.uk
together mock-ups including ones
that looked like KDE’s dialog,
Windows, and Mac OS X – and
they picked the best one. The nice
thing about the dialog is that it
looks simple – you get favourite
places to save your files. But with
one click you get more options.
This works well for everyone.
In KDE, the default option is too
Komplikated. Panes here, combo
boxes there, and no organisation.
The Gnome dialog is improved in
2.10 with Mozilla-style type-ahead
find, so advanced users have even
more choice.
GM: Type-ahead find? I guess when
you have a single window with a
simple line for entering the destination, only handles desktop shortcuts;
you would need help finding the right
location. It takes 30 seconds to learn
KDE’s file requester, after which you
can’t do without its bookmarking
system, and its layout is simple –
unless you’re used to OS X. It all
depends on what the user wants, and
that’s the point. Rather than provide
too few options, KDE errs on the side
of too many. It’s all about functionality. “some” of KDE’s
PH: Too many options is right –
there are 18 items on the default
Konqueror menu, including one for
Cervisia – the CVS system for KDE.
Some people want that, but
normal people? Those icons sit
there adding clutter for most of us. so many people use that option
Having a Settings menu with five
different Configure windows is
more than a case of too many
options, it’s madness.
We don’t have these problems
in Gnome, because GUI mock-ups
are created first. The mock-ups are links, the UI takes time to catch up.
agreed on before code is written,
so usability always comes first.
GM: Two or three of the configuration
options are always the same. Try to
find a common location for Gnome’s
key bindings and you’ll see what I
mean. Some of KDE’s interface needs
rationalising, but it’s better to know the
possibility is there than struggle to find
what you need. How else would you
know about Cervisia? KDE’s
development puts functionality first,
and KDE interfaces tend to evolve.
PH: There is a common location
for Gnome keybindings – it’s called
Keyboard Shortcuts. Of course, it
you can’t change your AbiWord
shortcuts with it. But who
really
wants to
do that?
Perhaps
this is something
for the future.
Anyway, more than
interface needs
rationalising. For
example, right-clicking
on the desktop brings up a
huge number of items that simply
aren’t used, like New > Device. Do
that it needs to be there by
default? No.
GM: These usability issues are
historical flotsam. KDE has developed
so fast that when a utility like
Supermount replaces manual device
15/3/05 10:52:40 am
 KDE VS GNOME

PH: KParts works well. But the nurture a certain look on their desktop, implemented as a hack – they
concept is overused – such as which is especially true if you look thought it through, and made it
KVim inside Kate. Does it need to through the themes that are included seamless to the point where the
be in KDE’s messy config dialogs? with a typical distribution. There’s very users only notice that their icons
If the options were centralised little contrast. It’s easy to change the look nicer.
(as in Gnome) this would be colours, but it doesn’t stop users being GM: SVG’s potential has yet to be
less noticeable. put off by the initial feel. realised, and when larger resolutions
GM: If you spend time creating a As for the KDE hacks for make support necessary, the KDE
KPart version of your app, you can transparency, that’s one of KDE’s team will have finished their
easily re-use and integrate its strengths. Developers hack those implementation. The current version of
functionality elsewhere. KVim inside features into the system because they KDE [3.4] does support SVG
Kopete’s editor, for example, would can. They don’t need a formal backgrounds, which is perhaps one of
make more sense. gathering and Gimp previews; if it the main reasons for using the format.
PH: Is the pain of pressing works, people will use it. The new X You have plenty of choice when it
Ctrl+Enter to send messages so additions will benefit KDE as much as comes to icon size.
much that you’d rather use :send? Gnome, and I will be glad to see the The Crystal
GM: We’re back to choice again – to back of lousy Konsole transparency SVG theme in
me, Gnome seems to restrict choice. PH: Contrast isn’t necessarily a KDE looks
PH: Perhaps, but KDE provides good thing; people want to be great, and I’m
options just because it can, as if soothed looking at their sure that SVG
the developer thinks that the more computer screen. Lousy is the support will only
options they make available, the right word for Konsole’s get stronger, >>
better their app must be. All that transparency – it especially
shows is that they have no idea works, but it’s a
what usability is – they hope users waste of CPU
will take the time to make their time. Adding
apps work properly. features
GM: KDE needs to reduce the number “because they
of options. But I wouldn’t want this to can” causes
reduce the possibilities – there needs a rift in
to be an intelligent way to do this. look and
PH: So perhaps both Gnome and feel, which
KDE need a global checkbox, Show takes us
Advanced Options, that, if ticked, back to
brings up all the extra options. why Konqueror
has 18 items on its
ON LOOK AND FEEL menu bar. Planning
GM: Don’t all those pastel shades and how things will work
greys make you a little depressed? before they are
Gnome’s look and feel doesn’t have implemented leads to
much look or feel. a consistent feel to
PH: It’s true that Gnome’s people the system.
like grey and brown. Ubuntu uses Gnome implements
brown to humanise the desktop, features quietly and
and many people like it. Me, I without making a big
change the theme to Nuvola, fuss. Take SVG [the
which is full of colour. That’s small Scalable Vector
potatoes, though – Gnome focuses Graphics language] for
on getting the usability right, example. Gnome has
leaving eye candy to the X server. SVG built in, so you can
KDE, on the other hand, has hacks pick an icon on your
to do ‘transparent’ Konsole desktop and scale it to
windows, menu drop shadows, etc whatever size you want it.
– things now implemented in X. They don’t force it down
GM: The developers obviously want to your throat, and it isn’t

“GNOME’S LOOK AND

FEEL DOESN’T HAVE
MUCH OF EITHER.”
www.linuxformat.co.uk LXF66 MAY 2005 31

LXF66.kdegnome 31 15/3/05 10:52:45 am

 KDE VS GNOME

from assigning your own icons for ON FEATURES

“KDE SEEMS TO HAVE BEEN things – something KDE has done for
years. If we’re talking about
PH: I don’t think that’s about look
and feel – that’s about features...

ROLLED IN GLUE AND HAD meta-information, then it will become

FEATURES THROWN AT IT.”
>> when high-res devices create demand.
PH: Sure, but the implementation
of SVG is the first step into a new
world – Gnome users can attach
any number of ‘emblems’ to icons
that signify the a directory’s use.
This extends further
to having custom
colours and
textures in
windows that are
assigned through
drag and drop.
GM: That’s neat, but
it’s no different
part of KDE through filesystem
GM: ... and that must be KDE’s
strongest suit. It’s the features that
development. Changing colours and
textures in KDE has been possible for
keep people interested, that drive
anticipation for the next release. In
a while, though I doubt that many fact, it’s hard to keep on top of all the
people use it. I’m surprised that features that keep getting added.
you are taking the time to highlight a PH: Yes, it is hard to keep on top
feature that isn’t often used! of the features – particularly as
Anyway, you can’t deny that KDE is they get bolted on as they come
far more configurable. off the production line. Some
PH: When you’re able to find the things in KDE Control Centre are
options! One point in Gnome’s hard to find, as they were added
favour is that many wherever there was space. New
applications use GTK for their features get crammed in – one
drawing. OpenOffice.org dialog has 14 drop-down boxes on
and Firefox use GTK, so they one screen! Couldn’t they show
use the Gnome theme and what’s important and use some
fit into the desktop. While sort of ‘Advanced’ button to reveal
some developers are busy the full horror?
trying to port OOo to GM: I agree with the need for an
Qt, it will be Advanced view, but there’s a difference
unofficial at between providing features and not
best, and lag providing features. KDE’s strength lies
behind in not making assumptions about how
official the user wants to configure their
releases. system. At least Control Centre has a
search function. You’re stuck with
browsing menus with Gnome.
PH: The fact that it needs a search
button at all shows the developers
know it’s hard to find the options!
GM: They could implement a search,
GM: I so they did. The search feature was
don’t mind there long before it became so difficult
using Gnome to change the file manager’s fonts.
interfaces in KDE. PH: This goes back to whether
Linux users put up features should be implemented
with far worse! It will just because they can be. I agree
be great when that Gnome is lacking features –
there’s an OOo there are things you can configure
KPart, but until then only if you’re brave enough to dive
I’m happy using into GConf, which few people are.
Gnome apps like I hope that will change: they
this. I mean, it’s need to implement Advanced
only how they look! buttons that show more options.
More important is GM: We could give a blow-by-blow
how they integrate account of how applications weigh up
into the environment, against each another. In the end, KDE
such as bookmarks is a more versatile environment,
or icon previews. with everything from a split file
KParts brings manager to esoteric email filtering
me on to Evolution. implemented. GConf is a good
Why is it so example of how to cram in all the
cumbersome? It’s extraneous options not implemented
a great application, in the GUI. Where exactly are all the
but it’s monolithic, Gnome configuration files?
and that’s against PH: Scattered in a semi-random
one of Gnome’s way, sadly – that needs fixing.
founding However, I can see why the
principles. developers don’t want to change –

32 LXF66 MAY 2005 www.linuxformat.co.uk

LXF66.kdegnome 32 15/3/05 10:52:47 am


FreeDesktop.org is standardising
things, and if Gnome revamped
their filesystem conventions now it
might contradict the standard.
GM: I think it depends on what
motivates the people doing the work.
At the moment, Gnome developers
are working to build a consistent
interface, and that’s admirable. On the
other hand, KDE has become a
feature magnet - a test bed for ideas.
The good ones stay while the bad
ones get quietly dropped.
PH: I think the reality is that the
good ones stay, while the bad ones
linger on. Of course, the coders
adding these features are doing
what comes as second nature.
The rest of the KDE project has
a penchant for coding their own
versions of other software. KOffice
rather than OpenOffice.org,
Kontact rather than Evolution, and
Konqueror rather than Firefox. KDE
zealots say they do all this in the
name of integration: rather than
write code to use the software
that people want, they write their
own. It’s the easier route. Gnome
hooks into OpenOffice.org and
T

PG
DVTUPNFST
Firefox to the point where both
use GTK for rendering now, and
even use Gnome dialogs.

CVU
BMTP
CFDBVTF
TP
NBOZ
PG
ZPV
IBWF

GM: Both KOffice and Konqueror pre-
date OpenOffice.org and Firefox.
Firefox branched away from Mozilla
because the authors felt there was
space for a minimal browser. Some
Mozilla developers felt that distracted

PVS
DVTUPNFST

CFDBVTF

from their own efforts, but criticism
has quietened with the success Firefox
has enjoyed. The same is true for

ZPVS

Konqueror. One of KDE’s strengths is
its integrated file manager and
browser; it’s thanks to Konqueror

ZPV
LOPX
XF
PõFS
B
TQFDJBMJTU
TFSWJDF

development that KHTML can be
integrated into applications so easily.
In the same way, KOffice was
started when a KDE suite was needed,

ZPV
LOPX
XF
XPOU
MFU
BOZPOF
EPXO
5IBUT

and led to some key API additions.
PH: I realise the KDE apps
pre-date OOo and Firefox, but
that’s no reason to cling on to
them! OpenOffice.org arrived only
months after KOffice 1.0. When a
better solution comes along, it
should be used.
Some people are doing this
with GStreamer – Amarok allows
it. However, so much of KDE is
hard-coded to use aRts that it will
take a while for KDE to switch to
something else.
LXF66.kdegnome 33
GM: OpenOffice.org and Firefox kept
to their ideals, despite there being
alternatives that people considered
better. GStreamer is a different case,
as I think most KDE developers agree
that aRts has outlived its usefulness.
I think a unified audio library is a
great idea. Amarok has decided to
implement its own GStreamer
interface because any future aRts
replacement is going to take time.
ON DEVELOPMENT
PH: Yes, coding such a big change
can take some time, but KDE
doesn’t help itself. Qt is littered
with macros, and uses its own
version of the STL. Gnome lets you
choose between C, C++, and C#,
and uses the STL everywhere – it’s
a cinch to code for.
GM: Gnome took its time coming up
to speed with modern languages such
as C++. The C# work is excellent,
though. I think it’s great for Linux that
we have that support, regardless of
whether it’s driven by Gnome or KDE,
and I hope KDE will follow. Qt can be
eccentric, but it’s well documented
and there’s plenty of support.
KDE has a great IDE that takes
away much of the pain, and it’s easier
writing for KDE than it ever was. KDE’s
good design is evident in how easy it is
moving from one major release to
another. You don’t see many KDE 2
apps, but the same isn’t true for GTK.
PH: Yes, Qt is well documented;
however, you made a distinction
between KDE and Qt – are you
saying KDE isn’t well documented?
GM: As you have the crowbar.... Yes.
Both sides have their
supporters, and obvious
advantages. KDE has a
killer uppercut in the AND THE
sheer feature-laden
richness of the user
WINNER IS…
environment, but Gnome
has plenty of opportunity
to nip in with the frequent
jabs of the lean and lightweight.
Without having to inflict lasting
physical harm, Paul seems to have
convinced Graham that KDE can’t go on
providing features without moving some
off into an ‘Advanced’ area. But, as
Graham points out, this is a result of
KDE actually having options and things
to configure. As with so many things
Linux, it comes down to choice: if you
work in an IT department and want a
professional GUI maybe you’d choose
www.linuxformat.co.uk
3LAP?,INUXFORMAT?VERTSTRIPPDF
'SFF 
PH: Smart move! I agree that
KDevelop is good, but it seems to
TMBQPO
have been rolled in glue and had
features thrown at it. Anyway, it
works well, and that’s what
UIFCBDL
matters. And, yes, there are GTK 1
apps around, but they work.
There’s no need to change from
GTK 1 to GTK 2 if there’s no
5TIJSU
improvement with it – Ardour, the
music tool, does just fine in GTK 1.
GM: So you mean that despite those
older apps not taking advantage of all
the new GTK design paradigms, you’d
rather go with the best tool for the
job? Sounds like we almost agree.
PH: I don’t believe I said that at
all! GTK 2 is no doubt a better tool
for the job. But the developers
shouldn’t make the jump to GTK 2
because they can; they should
move when they are ready. The
fact that GTK is made available
under the LGPL allows people to
do as they please without fitting
into the restrictions of others.
GM: KDE is mostly LGPL, but it seems
that Trolltech’s attempts to earn a 0VS
XBZ
PG
TBZJOH
UIBOL
ZPV
living scares people off. Now there’s a
GPLed Windows port of Qt, the time
UP
UIF

invested learning the API won’t be XIP
IBWF
SFDPNNFOEFE
VT
wasted: if you need to migrate to 8F
SFBMMZ
XBOUFE
UP
TIPX
PVS
BQQSFDJBUJPO
GPS

another OS, or sell something. FWFSZUIJOH
ZPV
IBWF
EPOF
/PU
KVTU
GPS
CFJOH

DVTUPNFST
PH: You can migrate your GTK
SFDPNNFOEFE
VT
UP
PUIFST
"OE
XIBU
CFUUFS
XBZ
UP

skills to both Windows and Mac TBZ
UIBOLT
UIBO
UP
JOWJUF
B
IFBSUZ
TMBQ
PO
UIF
CBDL
OS, and still sell the product. (FU
ZPVS
GSFF
5TIJSU
OPX
CZ
DBMMJOH
UIF
OVNCFS

GM: Well, GPL can’t compete with CFMPX
PS
WJTJUJOH
UIF
XFCTJUF
8FBS
JU
XJUI
QSJEF
o

LGPL on freedom, but there are pros ZPVWF
FBSOFE
JU
and cons to that. In the end, Qt and *UT
B
QSFTFOU
GSPN
VT
UP
ZPV
KDE are as much in the public domain XFSF
TP
WFSZ
HSBUFGVM
(SBUFGVM
CFDBVTF
XF
LOPX

UIBU
SFDPNNFOEJOH
B
NBOBHFE
IPTUJOH
DPNQBOZ
JT

as GTK, which ensures the future of OPU
BO
FBTZ
UIJOH
UP
EP
:PV
IBWF
UP
CF


both environments. LXF DPOmEFOU
PG
UIFN
o
CFDBVTF
JG
UIFZ
GBJM
SFQVUBUJPO
TVõFST
UPP
#VU
XJUI
mSTUIBOE
FYQFSJFODF
PG
PVS
'BOBUJDBM

Gnome; KDE gives 4VQQPSU™
you something UIBU
QVUT
FWFSZ
PUIFS
NBOBHFE
IPTUJOH
QSPWJEFS
JO

more cutting-edge UIF
TIBEF

but perhaps less 8JUI
HVBSBOUFFE

VQUJNF
BOE
EFEJDBUFE


stable. They are both
premier desktop
TVQQPSU
QFSIBQT
XIZ

PG
ZPV
XPVME
SFDPNNFOE
VT
BOE

environments for Linux, 
PG
PVS
OFX
CVTJOFTT
DPNFT
GSPN
SFGFSSBMT
and we are well aware at %FEJDBUJPO
0CTFTTJPO
$PNNJUNFOU

LXF Towers that it’s incredibly 'BOBUJDBM
4VQQPSU™
hard (if not impossible) to *UT
B
XBZ
PG
MJGF
compare the two. Despite the weaponry,
this debate was light-hearted, and we 1IPOF



know that the KDE and Gnome
developers get on very well together.
But never mind what these self-styled
experts believe – what do you think? Is PS
WJTJU
Gnome an over-rated toy? Does KDE
overwhelm you? Should we forget the
XXXSBDLTQBDFDPVLTMBQ

$POEJUJPOT
BQQMZ
desktop and go back to the shell? Distill
your outrage into words and direct them
to lxf.letters@futurenet.co.uk.
"O
JOEFQFOEFOU
TVSWFZ
PG
FJHIU
NBOBHFE
IPTUJOH
DPNQBOJFT
JO

SBOLFE
3BDLTQBDF
UPQ
JO
UFSNT
PG
DVTUPNFS
TBUJTGBDUJPO
BOE
MJLFMJIPPE
UP
SFDPNNFOE
15/3/05 10:52:49 am
 Roundup
Every month we compare tons of software so you don’t have to!
MAIL SERVERS
Is your mail server working hard enough? David Coulson rounds up your message-moving options.
Most of us only see email
from the ‘client side’ –
Outlook Express, Mozilla,
Safari and so on – and never consider
the poor server working away behind
the scenes.
But the choice of mail server is
important, affecting the delivery rates
of your messages and the amount of
spam and email-carried malware that
gets through. When you decide to
forward the latest mirthless joke (has
anyone ever been sent a good joke via
email?) to everyone in your address
book, each email will generally travel
between two mail servers using a
protocol known as the Simple Mail
Transfer Protocol, or SMTP. As you can
imagine from its name, SMTP is used
to send mail from one server to
another, and it’s up to each mail server
34 LXF66 MAY 2005
LXF66.round 34
to decide how exactly it should handle
delivery of incoming messages.
Mail servers have two important
functions. The first is to forward mail to
another SMTP server. This is usually
only found where you have several
clients connecting to one outgoing
server, rather than having each user
run their own SMTP delivery system.
Nearly every ISP has an SMTP server,
allowing their customers to deliver
mail through their system.
The second use of an SMTP server
is as a collection server, where mail
arriving at specific domains is
distributed to mailboxes. Users can
then collect it via POP3 or IMAP4, or
even through a shell-based mail client
such as Mutt.
Most mail servers can do both
these things, having the ability to
www.linuxformat.co.uk
handle mailboxes as well as act as a
relay. Handling your own incoming and
outgoing email using an SMTP server
can be done very easily, although care
must be taken when configuring the
server: if you don’t set it up right you
can lose emails, or have messages
delivered to the wrong address.
That’s especially key if you’re
operating a relay: it’s imperative that
the server doesn’t let every Tom, Dick
and Harry relay messages through it.
This type of misconfiguration, known
as an open relay, enables spammers
to send messages via your system,
meaning that when someone decides
to do something about it, it’s your mail
server that gets blocked or filtered,
rather than the spammer’s.
We’re going to be looking at a
selection of mail servers: those
OUR SELECTION
AT A GLANCE
Courier IMAP.......................35
Exim............................................35
IEMS ...........................................36
Insight Server SE..............36
Postfix .......................................37
Qmail .........................................37
Sendmail .................................38
available over the internet free of
charge; and commercial packages that
come with support and – hopefully –
are much easier to install and maintain.
As well as evaluating their general
delivery capabilities, we’ll consider
their security and filtering features.
15/3/05 4:07:08 pm

Courier IMAP
Scalable server for IMAP users.
■ WEB www.courier-mta.org/imap ■ PRICE Free under GPL
While there are many open source
SMTP servers, none has the ability to
let users fetch their mail via POP or
IMAP. Instead, you have to provide a
separate mail server to handle mail
downloading; and there are numerous
POP3 and IMAP4 daemons available
for this purpose.
The selection is extensive, including
UW-IMAP, which is part of the Pine
package, and the more generic pop3d
and IMAPd servers, which come with
most distributions. Generally, these
simply authenticate against the system
users, such as /etc/passwd or NIS,
and deliver the user’s mail out of
/var/spool/mail/$USER.
This is great for a small system,
but users with large IMAP mailboxes
are going to have problems – and
the system administrators are not
going to be too happy when users
have giant mailboxes that gobble up
system memory.
Exim
The standard-bearer among Linux mail servers.
■ WEB www.exim.org ■ PRICE Free under GPL
Developed at the University of
Cambridge, Exim is a hugely powerful
mail system designed to handle large
quantities of mail and limit the amount
of spam entering a network.
Many high-traffic services
(including SourceForge) use Exim, as it
scales particularly effectively and can
be tuned specifically to users’ needs.
Whether you’ve five users sitting
behind a firewall or tens of thousands
of accounts, Exim can handle a great
range of applications and will deal with
pretty much everything you throw at it.
Exim has a comprehensive
configuration structure, offering
everything from access control lists to
database support for MySQL,
PostgreSQL, Oracle and IBM’s DB2,
among others. There’s no need to
learn every aspect of the configuration
just to get Exim up and running, as
comprehensive documentation is
available on the Exim website.
Expanding server capabilities is easily
LXF66.round 35
Rather than using mBox storage,
which is the simple flat-file method of
storing a user’s mail on UNIX, some
mail servers such as qmail and Exim,
support the use of maildirs, which use
a single file for each email.
Maildirs aren’t popular with
everyone, but for IMAP users they
mean that the system can quickly look
through a number of simple files,
rather than trawl through a giant mBox.
Of course, you need a POP3 and
IMAP4 server capable of handling
maildirs, and Courier IMAP is a
particularly popular choice. Courier
can authenticate from databases,
including MySQL, PostgreSQL and
LDAP, making virtual mail
configurations a walk in the park to set
up. And users of IMAP don’t end up
with sprawls of directories and
messages all over their home directory
as maildirs create new folders and
move messages around on the server.
done, and Exim’s flexible configuration
structure gives you a huge number of
options for each segment of the setup.
A number of distributions, including
Debian, are using Exim, and in its
default configuration it’s particularly
secure and useful. Indeed, Debian (in
common with most other distros),
offers a comprehensive config tool
allowing Exim to be set up to handle
mail without prior understanding of
the raw configuration files. Once the
basics of the configuration format are
understood it’s simply a matter of
looking up the appropriate directive for
the files within the documentation and
applying it to the system.
As with most things Linux, O’Reilly
has produced a book looking at Exim,
and the Exim author, Philip Hazel, has
written a follow-up for version 4.0 that
LXF reviews on page 28. As we
suggested, the documentation on the
Exim site is second to none, but it’s
often nicer to have something in print
www.linuxformat.co.uk
Courier IMAP with a SQL back-end suits virtual hosting environments.
Courier IMAP is part of the Courier
mail server, though most people prefer
to use Exim or qmail with the Courier
mail tools. Many of Courier’s
components are available individually,
so you can mix and match without
worrying about things not working
together. Using qmail (with the MySQL
patches) alongside Courier can yield a
scalable and flexible virtual hosting
platform for mail, capable of handling
a large number of domains with ease.
If you can’t use maildirs, Cyrus is a
POP and IMAP server for large
systems handling the mBox storage
format. As with Courier, Cyrus can
that you can pick up off a shelf when
things get a little complicated.
Exim is one of the most powerful
open-source mail systems available,
and compared with the stalwart
Sendmail has a particularly
straightforward configuration style,
which makes it significantly more
attractive to beginners.
There is not really a major feature
that Exim lacks, so you don’t have to
rely on third-party efforts – this
ensures consistency and stability
(which is essential when dealing with a
piece of software as important as a
mail server). It’s fairly complex, but the
capabilities of Exim are really quite
astounding. You won’t find a more
capable system.
LINUX FORMAT VERDICT
FEATURES 9/10
EASE OF INSTALLATION 8/10
EASE OF USE 7/10
DOCUMENTATION 10/10
The other servers in this Roundup will
struggle to match this excellent solution.
RATING 9/10
ROUNDUP Mail servers
handle database authentication, so
mail accounts need not be ‘real’
users on the system.
LINUX FORMAT VERDICT
FEATURES 7/10
EASE OF INSTALLATION 5/10
EASE OF USE 5/10
DOCUMENTATION 7/10
If you’re using maildirs, there is no better
IMAP or POP server than this.
RATING 6/10
DANGER!
SECURITY ALERT!
While no mail system can block all
spam, they can limit the number of
junk emails entering the system – if
nothing else, this stops your machine
wasting CPU time trying to deliver
messages that you’ll instantly delete.
A common way to avoid spam is to
use a real-time black hole list (or RBL)
such as MAPS. This allows a mail
server to perform domain name
system lookups for specific internet
protocols and find out whether they
are sources of spam. MAPS is a
subscription service, but there are
many free DNSRBLs available online.
You should also guard against
email-based viruses, which can
attack exploitable systems (generally
those running Windows), disrupt
email and damage users’ systems.
Rather than pretend that the world
is a perfect place where everyone
updates their system with the latest
security patches, it’s much easier to
filter out nasty messages on the
server. A virus checker is only useful
if it’s kept up to date: there are
plenty of commercial virus checking
programs available for Linux which
allow you to check queued emails.
LXF66 MAY 2005 35
15/3/05 4:07:13 pm
 ROUNDUP Mail servers
IEMS
Modular system only let down by interface.
■ WEB www.ima.com/iems ■ PRICE From $995 for 250 users
Based on open source packages, IEMS offers an organised way to build
a complete mail system with ease.
The Internet Exchange Messaging
Server, or IEMS, is an all-in-one
alternative to Microsoft Exchange for
Linux and Windows, offering an array
of capabilities and features.
Rather than using open source
products, IEMS has been written from
scratch, and is available in a range of
products, each with differing options –
so the more you pay, the more you
get. This pricing policy seems to make
sense until you realise that Lotus
Notes integration (which is one of
IEMS’s major selling points) is only
distributed with ‘Professional’ packages
for more than 250 users.
Administrators with 250 users won’t
mind, but someone with 50 is
probably going to be a little annoyed
that they can’t use Notes with IEMS.
The feature list of IEMS is certainly
very impressive, and it can handle a
large amount of mail. While it can
handle many basic tasks, including
POP and IMAP, the system also
supports BSMTP delivery, allowing
IEMS clusters to be deployed without a
great deal of effort.
You can use IEMS to handle email
for just one user, but it will also
manage mailing lists, and can be set
up to handle endless lists with a
significant number of subscribers. As
with many list managers, people can
36 LXF66 MAY 2005
LXF66.round 36
subscribe to lists via email, so there is
no need for the administrator to waste
time adding people, unless the list is
specifically configured to only permit
new subscribers whom the list
administrator has authorised.
Unfortunately, IEMS’s web mail
client really lets the side down. It’s
awfully basic, not pretty to look at and
honestly looks more like an
afterthought than anything else. One
would think that most sites using IEMS
would install IMP or another IMAP
client with more power than IEMS’s
rather pitiful effort. If you’re prepared
to spend the extra cash in order to get
some of IEMS’s more distinguished
features, then it’s certainly a
worthwhile product. But when it
comes to Notes and cc:Mail interfaces,
it has little competition.
LINUX FORMAT VERDICT
FEATURES 9/10
EASE OF INSTALLATION 8/10
EASE OF USE 8/10
DOCUMENTATION 7/10
A fantastic mail server, but be prepared to
pay more for some features.
RATING 8/10
www.linuxformat.co.uk
Insight Server SE
Advanced, high-volume mail manager.
■ WEB www.bynari.net/ ■ PRICE From $69
Bynari, Inc is well known among
windows users for MDaemon, its
popular SMTP server. But it’s relatively
unknown within the Linux community,
even though it offers large-scale
mailing systems based on Linux for
IBM S/390 and zSeries servers. As
one would expect from a product
range of this calibre, Insight Server SE
has a very impressive list of features,
yet is quite happy to run on the most
meagre of systems if you don’t happen
to have a spare S/390 mainframe
sitting around.
Insight Server SE is installed purely
on the command line, which will
probably put a few people off. It isn’t
completely cryptic, however – you
don’t really need to understand much
beyond the basic configuration to get
it up and running. Rather strangely,
the manual explains how to add new
users, groups and organisations to the
LDAP server using LDIF, which while
being useful, indicates that Bynari is
aiming the product at large
organisations with experienced
administrative staff. If you don’t care
for the intricacies of LDAP, it can all
be done via the web interface.
Controlling mail is a breeze with
Insight, and the server accommodates
a variety of filtering methods, including
DNSRBL and Exim’s filtering system.
Sadly, if you want the latter, you’ll have
to learn how Exim filters things, as it’s
only referred to as an ‘advanced
option’ – and the web interface
doesn’t really help any. Many
businesses that are thrashed daily with
spam and email attachments
With Exim under the hood, Insight Server can handle traffic for small or
large infrastructures. Alias management is a new feature.
containing viruses and trojans would
prefer this to be a basic option with a
more accessible front-end.
To be completely honest, much of
Insight’s system is simply a front-end
to Exim, which really doesn’t make life
any easier for administrators – they’ll
still need to know how many of the
options work and what capabilities
Exim has to configure their server
appropriately. As they’ll also need to
learn how to use regular expressions
just to filter mail, this really is not a
choice for admin greenhorns.
Insight uses OpenLDAP and Cyrus
for user accounting and POP/IMAP
collection, with Exim as an SMTP
daemon. You have to wonder if Bynari
has put enough time or effort into the
web front-end. Do they think the
admin staff who’ll be using their
software are happier playing with the
command line than clicking buttons
and filling in forms in a web browser?
Bynari also has an annoying tendency
in its manual to point to the
Eximdocumentation (rather than
describing the product itself).
LINUX FORMAT VERDICT
FEATURES 7/10
EASE OF INSTALLATION 5/10
EASE OF USE 6/10
DOCUMENTATION 5/10
Little more than a collection of open source
mail components and a web interface.
RATING 6/10
15/3/05 4:07:15 pm
 ROUNDUP Mail servers

Postfix or indeed any of the standard mail

Simple Mandrake-approved server.
■ WEB www.postfix.org ■ PRICE Free under IBM Public Licence
Postfix started out as a simpler
alternative to Linux favourite Sendmail,
but has since been developed further
into a fully-fledged mail server in its
own right. Since its conception as
Postfix is well-supported in the open source community.
Vmailer it has become very popular,
due to its simplicity and ease of use.
As Postfix was designed to be a
drop-in replacement for Sendmail, for
systems currently running Sendmail –
servers – moving over to Postfix is
fairly straightforward. Of course,
reconfiguration of the server from
scratch is required, so you’ll have to
weight up the benefits of switching to
Postfix against the time it takes to set
everything up.
Postfix works in a range of
situations, from a simple mail service
to a large-scale mail server. But it’s
rare to see it used for a high-traffic
service – although it’s perfectly
capable of operating at high volumes,
Postfix tends to be used as a simple
remailer on a workstation. You can
configure it so that it reads specific
config options including virtual
domains and aliases from a file
external to the main configuration.
This makes it exceptionally easy to
add extra domains. But if you’re
handling a large number of domains
and want complex virtual domain
configurations, other servers will do
the job better.
Also, the only database Postfix
supports for storing these config
details is DBM (MySQL and PostgreSQL
don’t get a look-in), so it’s not ideal for
real-time reconfiguration.
Mandrake Linux has used Postfix
as its default SMTP service for some
time, and its ease of configuration has
been a key factor to its success –
people stick with it because it’s so
easy to manage. As a small-scale
server handling basic mail delivery and
outgoing email, Postfix is a reasonable
choice. It lacks some of the power of
other mail servers, but if you’re looking
for a mail server, there is little to lose
by giving Postfix a go.
LINUX FORMAT VERDICT
FEATURES 5/10
EASE OF INSTALLATION 5/10
EASE OF USE 5/10
DOCUMENTATION 7/10
Postfix is a nice and simple SMTP server,
but it isn’t up to complex installations.
RATING 5/10

Qmail
A secure but limited option.
■ WEB www.qmail.org ■ PRICE Free, no licence

Qmail is the Marmite of the SMTP simple selection of configuration files

server world – you either love it or
hate it. The server was designed to
comply 100% with the RFC (Requests
for Comments) internet guidelines,
and to this day sticks closely to the
standards set out for SMTP delivery
agents – which is nice.
As far as security is concerned,
there is a $10,000 bounty promised
to any code-slinger who can exploit
qmail: this has lain unclaimed for a
number of years. Your installation
won’t be impervious to external
attackers if you’re running something
exploitable along with qmail (such as
SpamAssassin or procmail), but the
core of your mail system will be sound.
Installing qmail is awfully simple,
although it isn’t the standard
/configure & make you’re used to.
Configuration is even easier than
installation – we liked the simple
make option for putting some
essential entries into the configuration
so that basic mail delivery can work
happily from the word go. Qmail has a
(mostly one-liners) in /var/qmail/
control, and all you need to do is
enter the correct domains and
hostnames within those files in order
to have mail handled properly. Each of
these config files has an obvious,
logical name, so it’s usually easy to
figure out which one you need to edit
for each specific purpose.
Qmail can handle both mBox and
maildir delivery (see Courier IMAP
review, page 35), and will pipe your
mail through whatever extras (such as
procmail or SpamAssassin) you want.
The server doesn’t support DNSRBL
or virus checking support, but you
should find it easy to configure it to
send all mail through a virus checker
or spam filter.
One problem with qmail is that it
forks a process for each individual
mail it tries to deliver, either remotely
or locally. As a default, qmail will
deliver 20 remote and ten local
messages at any time, which should
be more than adequate for most
Qmail’s author is one Daniel Bernstein, a maths and computer science
professor. He’s made the default install simple but boring.
systems. Qmail doesn’t offer many If you’re willing to take the time to
features beyond basic mail delivery; patch qmail, the patches will make it
however, there are more than enough much easier to maintain users, aliases
patches available, offering encrypted and domains. The result will be a
TLS support, MySQL configuration and serviceable mail server able to handle
IPv6 connectivity, as well as significant amounts of traffic.
performance improvements and
improved queue storage for
mail-heavy systems (see www.
LINUX FORMAT VERDICT
thedjbway.org/qmail/patches.html). FEATURES 5/10
In fact, many large organisations use EASE OF INSTALLATION 6/10
qmail to handle their mail. EASE OF USE 8/10
The system takes a while to get
DOCUMENTATION 7/10
used to, particularly its dot-qmail files.
These enable any user to have a Qmail is a great mail server, but be
prepared to patch it if you want extras.
whole range of email addresses rather
than just one – great if you don’t want RATING 6/10
to give out your main email address
when shopping.

www.linuxformat.co.uk LXF66 MAY 2005 37

LXF66.round 37 15/3/05 4:07:17 pm

 ROUNDUP Mail servers

Sendmail
Proven but time-consuming package.
■ WEB www.sendmail.com ■ PRICE Free under open source licence

Until a year or so ago almost

every Linux distribution came
with Sendmail installed as the
default SMTP server. Most of us
have learned to live with Sendmail,
rather than actually choosing to
use it.
Not that Sendmail is a mail
server to be sniffed at: it scales
particularly well and has a wide
array of features, including DNSRBL
support and smart host capabilities.
Sendmail, Inc, formed by Sendmail
developers, offers services for
businesses such as routing and email
policy management, based on the
flagship system.
So does it stand up? Well, the
main problem with Sendmail is that its
configuration system is based on m4,
which is a macro language. M4 isn’t
the most difficult language in the
world, but you’ll still have to spend a
considerable amount of time learning
it if you want to figure out how to
configure Sendmail securely and make
the system do what you want.
Having to learn a new macro
language just so you can configure
your mail server is not worth it for
most people; and it also increases the
likelihood of misconfiguration.
Fortunately, the default Sendmail
configuration is actually rather useful,
so it will work as a basic SMTP server
It’s the server everyone loves, but
not a smart option for a beginner.
knowledgeable community of
Sendmail users active on the internet,
so even a novice user can usually get
problems fixed fairly quickly.
Many Linux distributions are
moving away from Sendmail to simpler
– yet equally capable – mail systems
including Postfix and Exim: this trend is
reflected in the choice of many
personal users to move away from
Sendmail towards easier to manage
servers. Should you choose Sendmail,
make sure you keep up with security
updates – as, although holes are
quickly plugged by the online
community, it doesn’t have the
greatest track record on this front.
LINUX FORMAT VERDICT
FEATURES 7/10

MAIL SERVERS
even without you having to jump in EASE OF INSTALLATION 7/10
and hack at the config files. EASE OF USE 5/10
If you can master m4 – through
DOCUMENTATION 9/10
the Sendmail documentation or one of

the numerous books that cover the
subject – this is a very powerful and
capable mail server. As you’d expect
for such an established, popular
package, there is a large and
There are plenty of books out there to take you through configuration.
THE VERDICT
Sendmail is an excellent mail system but
you’ll have to master m4 to exploit it.
RATING 7/10
With this type of software
there is rarely a winner,
since the choice of mail
server hinges on highly subjective
personal and business requirements.
But if we had to choose, we’d say
old favourite Sendmail has been
usurped by IEMS and Exim, Sendmail
being too complex and vulnerable to
remain our top choice.
It’s interesting to see how many
commercial systems are based on
open source projects. Hopefully this
is an indicator of how stable and
flexible systems that have been
developed openly over the internet
can be.
IEMS is a neat modular system,
enabling you to add features and scale
up, but it’s costly. Of course, there’s no
sense in paying for something that’s
freely available, so you must decide if
the commercial packages like IEMS
offer you something beyond the
standard of the open source products.
The most capable open source
mail system out there – as well as the
most popular – is Exim. It’s used by

38 LXF66 MAY 2005 www.linuxformat.co.uk

LXF66.round 38 15/3/05 4:07:18 pm

 ROUNDUP Mail servers

Exim is the outstanding mail

server of this Roundup. If
you’re tempted to try it,

9/10
we’d recommend you’d read a
user guide, such as the
manual written by its author,
Philip Hazel. The Exim SMTP
Mail Server is reviewed on
page 28.

commercial products and included as TABLE OF FEATURES

the standard mail server by a number
of distributions. While not the simplest
system in the world, Exim is Courier Exim IEMS Insight Postfix Qmail Sendmail
significantly easier to get to grips with POP Y N Y Y N N N
than Sendmail, and is quickly IMAP Y N Y Y N N N
becoming the SMTP server of choice.
SSL Y Y N N Y N* Y
Despite the range available, most
people are will stick with whatever LDAP Y Y Y Y Y N N

mail server is installed as default by Filter N Y Y Y Y N* Y

their Linux distribution. Fortunately, it’s RBL N Y Y Y Y N* Y
well within the capabilities of most
Overall 6 9 8 6 5 6 7
standard installations to handle a
* Available with patch
significant amount of traffic. LXF

www.linuxformat.co.uk LXF66 MAY 2005 39

LXF66.round 39 15/3/05 4:07:26 pm

 HOTPICKS
HotPicks Our pick of the best, new, open source software on the planet
Mike Saunders
A coder since Amiga
times, Mike’s a Linux
and BSD guru.
This is the place where we get
to profile some of the hottest
software around.
Each month we trawl
through the hundreds of open
source projects that are
released or updated, and
select the newest, most
inventive and best for your
perusal. Most of the HotPicks
are available for you to try out
on our coverdiscs, but we've
provided web links if you want
to make sure you have the
very latest version.
If you have any ideas for
open source software that we
should cover, email us at
linuxformat@futurenet.co.uk.
HOTPICKS
AT A GLANCE
DSPAM ..................... 40
Gourmet ................... 41
vshnu ........................ 41
LiVES ........................ 42
LinkChecker .............. 43
KlamAV..................... 43
XBlast ....................... 44
Open Quartz ............. 44
gPHPEdit .................. 45
ELinks ....................... 45
LOOK OUT FOR THE
HOTPICKS AWARD
Everything
covered in our
HotPicks section
is unmissable,
but each month
we single out
one project for outstanding brilliance.
Only the very best is chosen!
40 LXF66 MAY 2005
LXF66.hot 40
ANTI-SPAM FILTER
DSPAM
■ VERSION 3.4beta2 ■ WEB http://dspam.nuclearelephant.com
Ah, spam. Whenever we cover
anything spam-related in HotPicks, we
hope that it will be the last, and that
the problem of unsolicited mail will
start to subside. The blessings of
seeing life through a rose-tinted GUI!
Despite various efforts – legal and
technological – things aren’t getting
any better. Unfortunately, industrial-
strength solutions like DSPAM are
more important than ever.
A statistical anti-spam filter, DSPAM
boasts ~99% accuracy in typical
deployments. It’s being put to
widespread use in large installations
with hundreds of thousands of users.
You can compile DSPAM out of the
box on all recent distros but you’ll
need a database server (MySQL is
recommended, though Oracle,
PostgreSQL and SQLite are supported
too). The installation docs are
tremendously thorough, explaining all
the compilation options for the
supplied spam-busting engines in
depth such as settings for large-scale
setups. The exact configuration
depends on the mail server you’re
going to integrate DSPAM with
(Sendmail, Postfix, qmail, Courier, Exim
and so on), and these are detailed
with the same thoroughness in
separate Readmes.
DSPAM is split into three main
components. As the name suggests,
libdspam is a small library that can be
linked to other apps – such as stand-
alone email clients – or with other
mail processing tools.
Then DSPAM itself can be
positioned as a rung on the mail
ladder, sitting between the mail server
and delivery agent, or put into place
as a POP3 proxy (an easier and
quicker solution for small sites). The
third major component is the CGI
www.linuxformat.co.uk
DSPAM’s front-end is sophisticated enough for big-business applications.
front-end for viewing messages that
have been classified as spam, and for
monitoring DSPAM’s overall health.
Quick learner
DSPAM is an adaptive filter – that is, it
learns over time to identify spam from
its content, and will adapt as the type
of spam changes, rather than trying to
pick it out with a pre-coded set of
rules and tests.
On receipt of a junk message, a
user can forward it to a special spam
address so that DSPAM can learn from
it – there’s no need for end-users to
fiddle with any additional tools.
Quarantined emails (those that have
been marked as spam and not
delivered as a result) can be managed
via the CGI interface, which also
provides graphs and stats aplenty.
A number of algorithms for dealing
with spam have been proposed in
recent years. Picking the best one is
difficult, as it comes down to
implementation and current spam
trends, so DSPAM bundles several:
Graham-Bayesian, Burton-Bayesian,
Robinson’s geometric mean, and
Fisher-Robinson’s chi-square. In turn,
multiple algorithms can be combined
in the quest for better results – but
this does increase complexity.
So, how does DSPAM stack up in
terms of performance and
effectiveness? Well, it shifts along at
an impressive speed – faster even
than the famous SpamAssassin. This
can be attributed to the developers’
choice of programming language:
DSPAM is written in C, whereas
SpamAssassin is mostly Perl-based.
This doesn’t make a difference on
small installations, but for scenarios
where the filter operates under high
stress it becomes crucial.
Filter results will depend on the
type and volume of spam that your
server receives (and consequently
DSPAM’s rate of learning), but in our
testing DSPAM lived up to its claims
and caught almost all junk mail – with
no dreaded false positives.
DSPAM is mature and rock-solid
and offers a wealth of well-=written
documentation. Home users can give
it a spin right away via the nifty
pop3filter integration, but DSPAM’s real
strengths lie in large-scale use, and
the fact that commercial support
options are available makes it an
attractive choice for businesses.
15/3/05 4:04:24 pm

RECIPE MANAGER
Gourmet
■ VERSION 0.71
. ■ WEB http://grecipe-manager.sourceforge.net
A popular belief is that computer
users (particularly programmers) live
off nothing but junk food and
high-caffeine drinks. We’ll admit to the
odd Pot Noodle here and there – and
perhaps a 2L bottle of Pepsi during a
long coding session – but more
nourishing meals are always welcome.
Gourmet is a shopping list- and recipe
manager designed to ease geeks into
cooking for ourselves.
It’s written in Python, so you’ll
need that language along with its GTK
bindings (2.3.9) to install and run it.
Additionally, Python Imaging Libraries,
VISUAL SHELL
vshnu
■ VERSION 1.0129 ■ WEB www.cs.indiana.edu/~kinzler/vshnu
Even a suggestion of using the
shell can send computing novices
running to the comfort of a graphical
file manager. But users and
A colourful view of the file listing and online help screen.
LXF66.hot 41
MetaKit and Python MetaKit are
required, so if these aren’t in your
distro’s repositories, try building from
the source tarballs on our coverdisc
(copy Mk4py.so and metakit.py into
the Site-Packages directory of your
Python installation).
Gourmet’s main window lists all
available recipes, which can be sorted
by type, rating and preparation time –
essential information if you have
guests coming over and time is short.
Adding new recipes is pleasingly
simple thanks to the well thought-out
dialogs. These use collapsible panes to
developers who learn to use the shell
effectively can make for themselves
an immensely powerful and flexible
working environment. Vshnu’s author
www.linuxformat.co.uk
The Windows port helps you share recipes with non-Linuxing relatives.
minimise clutter, with pre-defined
ingredient categories, an inbuilt
instructions editor, image-adding and
heaps of settings for virtually any kind
of food. Excellently done.
For ambitious meals, recipes can
be categorised by individual
ingredients, and a spiffing shopping-list
manager keeps track of what’s in the
kitchen and what’s waiting at the
supermarket. Recipes formatted for
MealMaster, another recipe
management programme, can be
imported too – a real bonus given the
wealth of MM recipes to be found on
the net. Tasty extras include the handy
Steve Kinzler lucidly describes the
benefits of marrying the strengths of
the command line with a more
graphical approach – “life gets
sweeter”, he says, when your familiar
editor, text-file pager and command
line tools segue with this visual shell.
You’ll need Perl (which is included
in most distros’ default installations)
to run vshnu, along with the Screen
and ANSIColor modules (supplied
with the app in the libperl/
directory). Vshnu’s configuration files
are also written in Per. They are
somewhat intimidating at first,
especially to those unfamiliar with
the language, but well organised
nonetheless.
Kinzler was clearly influenced by
the Hindu aesthetic – the filesystem
makes lavish use of colour. Files are
assigned to alphabetic keys on a
vertical toolbar, which can be moved
around in multi-column layouts with
tab and backspace. Indeed, while
they take a while to grasp fully,
vshnu’s configurable keybindings are
sensible for the most part – plus
there’s a quick reference page.
HOTPICKS
unit converter, which fathoms out
weights and volumes, while files can
be exported in various formats (plain
text, HTML, Gourmet’s native XML
dialect, RTF and MealMaster). The
HTML output is simplistic and plain,
but it’s fine for personal websites.
Gourmet is a splendid app, mixing
the right balance of features with solid
performance and stability. Those of us
phoning Pizza Hut every other night
won’t find it essential, but budding
cooks will be satisfied with the ability
to import recipes from the net and
output them in a presentable format.
Very capable for a pre-1.0 release.
A bunch of pre-defined file
operations demonstrate vshnu’s
capabilities. You can transfer files to a
PDA or view RPM package
ownership of files with a single
keystroke (the latter essentially calls
rpm –qf). But these are just
examples – creating your own
commands using external tools is
what brings this program to life.
Apply aggregate commands to
selected files using regular
expressions, or slot Perl statements
into shell commands. Just about
anything is possible.
Vshnu is a power user’s dream.
It’s massively configurable and
lightning fast, with no signs of any
stability woes. Newcomers to the
command line will grasp its basic
operation pretty quickly, and as time
goes on can extend the program with
their own customisations and
commands. The supplied features
and shortcuts aren’t the big deal
here – it’s how the user crafts and
tunes his or her working environment.
Well worth a look if you’re finding
the shell a bit bare.
LXF66 MAY 2005 41
15/3/05 4:04:28 pm
 HOTPICKS

VIDEO EDITING SUITE

LiVES
■ VERSION 0.9.5-pre1 ■ WEB www.xs4all.nl/~salsaman/lives

Digital camcorders are getting

better and cheaper all the time, and
many home computer users can now
edit their own videos at very little
expense. Linux’s support for media
formats received a huge boost with
MPlayer and its ability to support
Windows codecs. As a result, many
other tools have been built around it.
LiVES (originally the Linux Video Editing
System) has adopted a cheesy
recursive acronym (‘LiVES is a Video
Editing System’) as it is now tuned to
work on other operating systems such
as the BSD variants.
The LiVES team recommends at
least an 800MHz CPU for general use,
and 2GHz or faster for applying film
effects in real-time. RAM should be
256MB or greater. This is within the
realms of most desktop PCs and the
lack of Gnome- or KDE-specific code
keeps memory use down too.
As it makes use of the superb
MPlayer, LiVES also requires
ImageMagick, Perl and GTK 2.x to
build. (Note that MPlayer must be
compiled with --enable-jpeg to work
The editing window could be made more attractive, but who cares about looks when the app works so well?
properly.) The standard configure,
make and make install (as root)
process will suffice but you can add external tools it calls upon. A curious blurring and despeckling. Of the more scripts considerably easier, and
optional codec plugins for output to little bonus is the ability to record intriguing effects, Spin and Wave hopefully the collection will continue
SWF files or VCDs. action from a window. This proved to generate entertainingly tripped-out to grow with the LiVES community.
Actual file format and codec be a bit glitch-prone with some results that will add a hallucinogenic
support depends on whether you’re programs, but it’s an ideal system for mood to a dull family memories video. Scrappy docs
using the Win32 codec bundle for creating demonstrations or tutorials. A useful tool allows you to preview The remaining documentation is rather
your MPlayer installation. With the video effects, applying them to a few scrappy, spread across various
appropriate add-ons LiVES can export Splice it up seconds of footage to give you an idea Readmes and small tutorials, but it’s
to MPEG4, VCD, Shockwave Flash, Basic video editing is simple: just drag of how they’ll turn out. not a problem as most of the app is
animated GIF (yes!) and heaps of the sliders to select a range of frames, You can add more effects with self-explanatory.
other formats. then cut, copy and paste as required. plugins through the RFX system, LiVES won’t replace professional
Initially, LiVES’s colour scheme can Clipboard contents can be mixed into developed by the same author editing software, but it is happy to
seem a tad off-putting, as the default the main video clip as insets, fades or (Gabriel Finch). These help to keep stitch together video clips, add effects
draws attention to the video clip splices – all with a good handful of the main LiVES program relatively and convert them to different formats.
sections rather than the other widgets. settings – while audio manipulation compact (the binary weighs in at A spot of polish and refinement in a
It’s fortunate, then, that you can options include resampling, exporting 600K) while giving few places would help – otherwise it’s
change the colours in the Preferences and overlaying new soundtracks. more demanding reliable and speedy enough for
menu to something brighter – like a It’s all easy to grasp and we found users some extras day-to-day use. Worth
splendidly garish yellow theme – or to no unusual behaviour or gremlins. For to try out. Plugins investigating.
a display with no enhancements over correcting errors, a single level of include additional
the current GTK settings. A combined undo is provided (ideally, though, LiVES spinning and
toolbar and menu sits at the top of would offer multiple undos, which zooming effects,
the display to minimise screen waste, really shouldn’t be a problem for an subtitle removal,
with the viewing boxes below. There’s a app that consumes so much RAM). text overlays
reassuring amount of textual feedback LiVES’s developers have bundled in and others.
provided in the status panel. an impressive number of video effects Guides and
General UI aspects of the program and filters. These include generic specs make
can be altered – options include a colour, brightness and contrast settings, writing
full-screen mode via SDL – as can the frame rotation and flipping, and new

42 LXF66 MAY 2005 www.linuxformat.co.uk

LXF66.hot 42 15/3/05 4:04:30 pm


WEBSITE LINK TESTING
LinkChecker
■ VERSION 2.2 ■ WEB http://linkchecker.sourceforge.net
Frustrating and time-consuming
for website administrators, broken links
can also be disappointing for visitors,
who may get the impression that a
site is unmaintained or sloppily
managed. While a quick manual check
to find dead links isn’t a major chore
for small websites, larger setups with
their often labyrinthine arrangements
of pages demand a dedicated app.
Various small tools and scripts to this
end can be found on the internet.
LinkChecker is one of the more
functional solutions, which assists site
coders by hunting down broken links
and highlighting any problems.
Installing LinkChecker is a breeze –
the program is written in Python and
the few modules that need to be
compiled beforehand are supplied
with the app. Once you’ve got it in
place, calling LinkChecker with a URL
VIRUS SCANNER
KlamAV
■ VERSION 0.10 ■ WEB http://klamav.sourceforge.net
In the Christmas 2004 HotPicks
(LXF61) we profiled ClamAV, a
widely praised anti-virus toolset
that’s been taken up by several
demanding websites. The coders of
KlamAV are working on a slick
front-end to bring Clam’s noted
power to KDE users’ desktops.
Viruses aren’t a problem on Linux
Hurrah – a clean system! Not much point in scanning /proc, though.…
LXF66.hot 43
or local file will initiate the testing
process, as it recurses to a
configurable depth (by default it’ll go
as far as possible). A wealth of settings
can be specified at the prompt or in
the config file.
LinkChecker provides you with
plenty of feedback. A status line
appears every five seconds to detail its
progress, and coloured terminal output
emphasises the errors. Broken links
are pinpointed with the exact line and
column. Helpfully, regex (regular
expression)-matching enables certain
URLs to be skipped over. This stops
the tool straying to unrelated websites
and wasting time. Another bonus is
the authorisation support, which gives
LinkChecker the freedom to visit
password-protected areas.
If you want to manipulate the
resulting data you can import lengthy
right now, but if you’re passing files on
to Windows users it’s a good idea to
check them over first.
The KlamAV bundle, which needs
KDE development packages to build,
includes the klammail scanning plugin
and Dazuko’s kernel module for
file-access monitoring. ClamAV should
be installed separately.
www.linuxformat.co.uk
LinkChecker’s web-based front-end and command-line interface tool.
outputs into other applications.
Output options include plain text,
neatly laid-out HTML, CVS, GML, XML
and SQL. As a nice extra touch, the
programmer has also slotted in a CGI
script for checking via a browser-
based front-end.
It won’t blow your socks off, but
LinkChecker is certainly more versatile
These
sub-bundles
are a hassle to
sort out manually.
Thankfully, a one-stop
script does all the work with ease.
(Note there’s a bug in the script: it
looks for dazuko-2.0.4 whereas the
real dir is -2.0.5. Rename it to fix.)
When started up, KlamAV grabs
the latest virus definitions from the
internet. You can configure it to
update these definitions at set
intervals or as and when required.
The interface is a tidy affair. It
avoids the traditional menu and
toolbar layout, instead opting for a
super-simple tabbed window. This
provides access to scanning reports,
quarantined files and various settings
– all very workable.
Dazuko comes into play with the
auto-scanning feature. Here, you can
construct a list of directories, and
KlamAV will keep tabs whenever a file
within it is accessed or executed. It will
HOTPICKS
and a lot meatier than other link
verifiers we’ve used (typically just very
small scripts).
Administrators looking after large
websites will find the output options
particularly useful, but it also works
well as a time-saver on lighter sites.
Thorough documentation finishes off
this polished and tidy little utility.
then either quarantine the file or
notify the user. A maximum file size
limit is available to prevent KlamAV
from thrashing the disk too often.
Basic integration with two popular
email clients (Kmail and Gnome’s
Evolution) is supported, and piping
new messages through klammail
isn’t too tricky for most other clients.
There’s very little in the way of
documentation (though you won’t
need much instruction), nor is
KlamAV much to look at.
Nevertheless, it’s an ideal app for
KDE users who deal with Windows
files. And with Clam’s exhaustive
database behind it (over 30,000
viruses, worms and trojans can be
identified) there’s little fear of it
missing anything critical.
LXF66 MAY 2005 43
15/3/05 4:04:33 pm
 HOTPICKS
ACTION GAME
XBlast
■ VERSION 2.10.0 ■ WEB http://xblast.sourceforge.net
According to some, violent
videogames are a bad influence on
children. Well, given the number of
us that misspent our youth on
Hudon Soft’s wickedly addictive
multiplayer mode Bomberman, we
should all be kicking explosives
around and riding kangaroos. If like
us you still fancy dropping the
bomb from time
to time, this
clone should
interest you.
While Hudson
Soft was too
ambitious with
later Bomberman
releases, over-
complicating the gameplay’s
immediacy with redundant fluff,
XBlast TNT retains the charms of
the original series with new goodies
sprinkled on top. XBlast has a busy
online community and active
development work is taking place.
Most of the tarball is taken up
with the game’s sounds and music;
a smaller version is also available
for where disk space is limited.
XBlast only requires SDL to
compile, so it should build straight
away on almost every system (make
sure you have the SDL -devel or
similar package installed). If you
encounter problems with the make
install phase, you can run the
game straight from the build
directory with ./xblast.
Red bloke cowers in Pacifist Bomberman (maybe Hudson Soft should
have tried that)... XBlast is a smashing multiplayer game.
44 LXF66 MAY 2005
LXF66.hot 44
For those unfamiliar with
Bomberman-esque games, you’re
dropped into a very simple 2D
maze-like arena with other players
(human or CPU) and given the
controls Drop Bomb, up, down, left
and right. Explosions demolish walls
and uncover power-ups, while
(more importantly)
destroying your
opponents. XBlast
retains these
gameplay aspects.
There are a
staggering 1,191
levels, and the
neat built-in level
editor is available to create even
more. Character sprites and level
objects are competently drawn;
while XBlast’s music deserves a
special mention for its mixture of
playfully upbeat, funky ditties. While
players can crowd around a
keyboard for multiplayer
shenanigans, a network mode is
available for LAN or interweb-based
nukage, and with a decently fast
connection you shouldn’t have any
latency hassles.
XBlast is better than the
good-but-rough BomberClone, its
abundance of levels ensuring plenty
of merriment. It’s not perfect (the
CPU players act idiotically in
places), but has all the appeal of a
Bomberman take-off and is a fun
multiplayer game to boot.
www.linuxformat.co.uk
FREE SOFTWARE QUAKE GAME DATA
Open Quartz
■ VERSION 040801 ■ WEB http://openquartz.sourceforge.net
“Hello? HELLO? Ah, everyone’s dead. Might as well clock in for the day...”
After the planet-shaking success of looking for fun, all in a single outdoor
Doom, id Software did well to follow up arena). Multiplayer is where the real
with an equally playable first-person action is. Several arenas are available
shooter in the form of Quake. Three for networked play with human
years after the game’s 1996 release, id competition or bots, and the designers
made the game’s engine free to all haven’t skimped on fabulously nasty
under the GPL – but not the graphics, weapons. Quake fans who’ve tried
level designs or music. That’s other flavours doing the rounds will
understandable. The Open Quartz find the usual config settings for
project is beavering away on totally visuals, sounds and gameplay.
free (as in speech and beer) game Open Quartz is a fantastic idea: a
data, hopefully constructing a Quake robust and respected game engine
implementation that can be included (despite looking a bit dated in places)
in the likes of Debian without any coupled with completely open data
licence complications. files will give distro vendors a better
Several flavours of the GPL Quake opportunity to bundle quality games.
engine are floating around the Net. There’s much to be done in OQs
The Open Quartz team has chosen single-player mode, but the
Dark Places for its speed and multiplayer game is marvellous fun
portability – it certainly zips along at a and the textures and enemy models
good pace, even on our older test box, are very respectable. It’s a promising
with no stability issues. Texture-wise, project to get involved in – and coding
they’re doing a commendable job; the skills aren’t essential!
grass and stone graphics work well, as
do the copious amounts of blood shed
in battle (yum). Indoor textures are
equally good, and although proper
background music is still missing, the
small range of sound effects is more
than adequate.
Right now, the
single-player mode isn’t
much to write home
about (you’re
thrown into a
melée of
violence with
a gang of
vicious trees
15/3/05 4:04:36 pm

HotPicks REVISITED
PHP EDITOR
gPHPEdit
■ VERSION 0.9.50 ■ WEB www.gphpedit.org
TEXT-BASED WEB BROWSER
ELinks
■ VERSION 0.10.2 ■ WEB http://elinks.or.cz
It’s been nearly two years since
we looked at ELinks in HotPicks –
LXF43 from August 2003 to be
exact - and we’re pleased to report it
has come along in leaps and bounds.
This text-mode web browser, a
descendant of Links, is becoming
more suited to everyday browsing
tasks with each release. Its
requirements are pleasingly minimal
- extra features can be enabled with
optional dependencies, but
otherwise it will compile out of the
box on virtually every distro.
ELinks is operated via drop-down
menus and highlighted links and
mouse support is also available.
ALSO RELEASED LIST
New and updated software that also deserves a look...
■ NewsFeed 2.0 – RSS feed reader
http://thor.prohosting.com/~mdoege/
newsfeed/
■ SSH Filesystem1.0
FUSE-based filesystem
http://fuse.sourceforge.net/sshfs.html
■ Centericq 4.20.0 – Text-mode instant
messaging http://thekonst.net/centericq
■ ROX-Filer 2.2.0 – RISC OS-esque file
manager http://rox.sourceforge.net/
LXF66.hot 45
Appropriate colouring (up to 256
colours with some terminals)
provides reasonably accurate
rendering, as does the smart table
and frame support. When you
include cookies, proxies,
authentication and FTP support, only
ELinks’ lack of images keeps it from
parity with other browsers.
Since our last look, ELinks’s busy
coders have incorporated a shedload
of goodies including a Perl-scripting
back-end, rudimentary CSS support,
an early JavaScript engine (installed
from the Mozilla codebase) and
much more. Thankfully these haven’t
affected its overall stability.
■ Muine 0.8.2 – Mono/GTK#/Gnome
music player http://muine.gooeylinux.org
■ GNUstep LiveCD 0.9.4 - OSS OPENSTEP
framework www.linuks.mine.nu/gnustep/
■ OMake 0.9.4 – Alternative to GNU Make
http://lists.metaprl.org/pipermail/
metaprl-announce/2005-January/
000005.html
■ Kdissert 0.3.5 - Mind-mapper
freshmeat.net/projects/kdissert/
www.linuxformat.co.uk
When we covered gPHPEdit in
November 2003’s HotPicks (LXF46),
we found it to be a top-notch app for
writing PHP code – not bursting at the
seams with features, but very usable
all the same.
Since our look at 0.4.3, the lead
developer Andy Jeffries has been
steadily adding new features and fixing
bugs, and as it approaches 1.0 the
editor deserves a quick catch-up.
Handily, the superb Scintilla editing
component has been rolled into the
main source tarball, thus eliminating a
dependency (just Gnome is required).
On the outside, there haven’t been
any drastic changes to gPHPEdit’s
minimal interface: it’s uncluttered and
compact, with tabs for multiple
documents, works well at lower
resolutions and, most importantly, keep
GPHPEdit in action on a file, with
the new Prefs box popped up.
ELinks on eBay with the main menu up. It does a great job in text mode.
ELinks is satisfyingly configurable,
with much to be tweaked via the
pop-up dialogs and tree-based
configuration manager. For navigating
through purely textual content it’s
■ Eric3 3.6.0 - Python IDE
www.die-offenbachs.de/detlev/
eric3.html
■ GalaxyHack1.0 – AI-driven space
shoot-’em-up
http://galaxyhack.sourceforge.net
■ Visopsys 0.53 – Unique open source
operating system www.visopsys.org
■ AmyEdit 0.7 – LaTeX editor in GTKmm
http://amyedit.sourceforge.net/
HOTPICKS
out of the coder’s way. Syntax
highlighting and checking, along with
code-block collapsing, a nifty
find-as-you-type search box and a
primitive macro facility, make up the
program’s editing features.
Additions and updates since 0.4.3
include a system for plugins (only a
few available at present, but they’re a
doddle to write); support for the
GnomeVFS library, a reworked
Preferences dialog box and a time-
saving mini templates/shortcut system
(enter a keyword, and then expand it
to a full block).
These new features transform
gPHPEdit from a decent little PHP
editor into a much more useful tool,
and newcomers and regular coders
alike should find it a useful tool. A
couple of important extras (such as
bookmarks) are in the development
pipeline - they’ll make gPHPEdit1.0 a
well-rounded release.
fantastic – the rendering engine
screams along and it’s all rock-solid.
Highly recommended, especially for
older machines that sink under the
weight of Firefox or Konqueror. LXF
■ Disk ARchive 2.2.0 Back-up
http://dar.linux.free.fr/
■ HighMoon1.1.2 – Space-based,
Worms-like game
http://highmoon.gerdsmeier.net
■ Pucko 0.6.0 – Text-mode music player
www.student.hig.se/~nd02aho/pucko/
■ softflowd 0.9.7 – network traffic
analyser
www.mindrot.org/softflowd.html
LXF66 MAY 2005 45
15/3/05 4:04:39 pm
 WHAT ON EARTH Plone
What on Earth is...
PLONE?
Updating a website with fresh content is a pain – but if you give the job to inexpert users they might
ruin your carefully-designed pages. Jono Bacon discovers a free system that will do the work for you.
This Plone thing sounds like some
>> kind of wireless or VoiP handset.
I’m guessing I’m wrong, unless this
magazine is now Wi-Fi World...
We’re not talking about telephones, don’t worry.
Plone is a powerful content management system,
you know.
Content management system?
>> That sounds less than thrilling.
What does it mean?
Don’t judge too hastily. A content management
system (CMS) is a nifty piece of software that’s
designed to manage, process and effectively deal
with content in different ways. In recent years, CMSs
have attracted the attention of business, as they
provide a means to manage large quantities of
46 LXF66 MAY 2005
LXF66.woe 46
content in interesting ways. Traditionally, organisations
have needed to have bespoke CMS systems
specially written for them by software companies,
but open source CMSs such as Plone provide a
platform on which to build a tailored CMS and gain
from the open source benefits such as access to
source code and using the software free of charge.
So is a CMS a database, like
>> MySQL?
No – a CMS provides much more. A CMS system
gives the users tools to automate how information is
managed. Let’s assume that you run a website, and
you want to post a list of events on it.
No doubt, when you add an event you’ll want: (a)
an easy and convenient way to add the information;
(b) that the information will be displayed in the right
www.linuxformat.co.uk
place on the site; and (c) that the information
triggers other types of content such as a press
releases or a news items. A CMS helps you achieve
all these things.
So a CMS is just a website?
>> Not exactly, no.
Huh?
>> Let me explain. Firstly, although most CMSs
are web-based, not all of them are. Secondly, the
web-based CMSs are not just websites, they’re web
applications, and are designed to give people the
opportunity to add and manage information in a
non-technical way.
For example, if you were to add an event to a
non-CMS website, you’d probably need to add the
15/3/05 4:08:56 pm
 WHAT ON EARTH Plone

event details directly to the database and possibly
edit some HTML or other static content. On a CMS,
you could log into the system and fill the details into
a form, which would then submit the information to
the right place in the database. On a clever CMS,
the event information could be sucked from another
site, reformatted and then added to your database
and displayed.
Why not just create a website that
How flexible?
>> Plone is a very, very capable
open source CMS. The Plone team (a
mixture of Americans, Norwegians
and Brazilians), has developed it as a
platform that can provide virtually
unlimited flexibility in how you want
a website to be set up. In some
other CMSs, you are forced to use a
particular template for structuring
your site. You can change the
images, fonts and colours and so
on, but are still limited to where
information is located and how it is
accessed on the page.
Plone breaks these rules and
gives you the chance to locate
your information anywhere on
your page. In addition to this,
Plone is incredibly extensible.
Extensible?
>> Sounds like more
jargon...
Sorry: extensible just means
you can add additional
modules and features to the
system for your specific needs.
In many cases, these additions are limited by the
constraints of the CMS in question. Within the Plone
CMS, this extensibility covers wide ranges, and a
huge range of vastly different Plone additions are
available. On top of this, the in-built flexibility of
Plone gives you the ability to use these additions in
many different ways.
So give me some details – what
>> kind of additions?
of possibilities and options, and the Plone developers
have been keen to give users the ability to change
common parts of the Plone templates without
having to resort to CSS hacking. This gives you the
flexibility to make simple changes or create
advanced CSS files that give you a unique design.
So Plone is flexible and
>> feature-driven? Why do I sense a
‘but’ coming?
The only problem is complexity. With the sheer
flexibility of the system comes an enormous amount
of choice in how you set up the CMS. It’s made
Plone possibly the most complex open source CMS.
In addition to the number of variable options and
levels of flexibility, Plone is complicated in the way
that the constraints applicable to some other CMSs
don’t apply to Plone. Unfortunately, this entails a bit
of learning – you’ll need to work out exactly what
you can carry over to Plone from the CMS you’re
used to to implement your specific design.
OK, so I’ll have to do a bit of work.
>> Where do I start?
The first place to begin is the Plone architecture, and
this in turn begins with Zope. Zope is a special
application server which provides an underlying
framework for building web applications. Several
large organisation use it, including Red Hat, the US
Navy and General Electric.
The intriguing bit about Zope is its
object-oriented approach to web applications. If you
think about the different types of information that
are contained within a website, they are all merely
objects that relate to one another in different
ways. If you take this further, you can
think of how different parts of a web

>> does all this?
The main thing to remember about a CMS is that it
provides a pre-written website that provides you with
many of the tools and features that you would
otherwise have to code into a website yourself. In
addition to this, a CMS often provides the ability to
run new technologies and plug-ins that you may not
have the time to investigate and implement yourself.
This means that by using a CMS, you have the
opportunity to keep up to date with the latest
technology, and not have to constantly rewrite
chunks of your website.
There are, however, a few limitations with CMSs. If
you think of a CMS as a generic website to which
you can add your own information, you are restricted
by the way the developers of the CMS have decided
to do things. This can involve limitations in how the
content is stored or, more typically, limitations in how
the information is displayed.
Some CMSs are very inflexible in this visual
representation of the content, and getting around
this has proved to be extremely difficult. Luckily,
Plone is more flexible than these other CMSs and
you can configure every aspect of how the website is
displayed and managed.
Anything that’s related to website functionality. Web
application consist of a number of
>>
files that relate together to form a
photo galleries, address books, weather information, common purpose. Taking a
RSS syndication tools, instant messaging, groupware
or collaboration tools, navigation bars, document
control... the list goes on. Plone also includes nifty
features such as WYSIWYG editors for adding
content to sites and tools to create
specific types of content that your
site can manage.
This all sounds
>> interesting, but
I’d be concerned that
the design of my site
would be
compromised.
Plone includes a templating
system that allows you to
adjust the design of different
parts of your site. Each of
these templates is controllable
with Cascading Style Sheets (CSS),
the technology that’s used to design
and colour the web. CSS is a complex
and involved subject with a huge array

www.linuxformat.co.uk LXF66 MAY 2005 47

LXF66.woe 47 15/3/05 4:08:59 pm

 WHAT ON EARTH Plone
>> shopping basket as an example, there are several
files that are written to implement the shopping
basket functionality, but each of these different files
is fundamentally related to the concept of a
shopping basket object.
This concept also applies hierarchy to the mix.
If you were to visit www.foo.com, you would be
accessing the root directory of the web server. If you
access www.foo.com/bar/, you would be accessing
the bar folder that’s further down the hierarchy in
the web server.
48 LXF66 MAY 2005
LXF66.woe 48
How is Zope different from
>> Plone, exactly?
Zope is the platform that Plone runs on.
Zope provides a means of creating
special objects that can interact with
each other in different ways, and
Zope also provides its own
transactional object database
called ZODB. It’s as much a
database platform as a web
application platform.
Does this mean
>> that Zope/
Plone doesn’t need a
database such as
MySQL or
PostgreSQL?
That’s right. Within the
Plone system, virtually
everything is provided to
give you a complete
application server. It’s like the LAMP (Linux, Apache,
MySQL, PHP) system in one – it includes its own
database and even its own web server.
Fear not, though: you can use Plone with Apache
(some members of the Plone community
recommend Apache for use as an underlying web
server). You can also connect some aspects of Plone
to other databases, but putting the entire database in
a separate server is difficult – mainly because ZODB
provides an object database, whereas MySQL,
PostgreSQL and the like provide a relational database.
www.linuxformat.co.uk
Tell me more about these objects.
>> Zope objects are fundamental to everything
you do with Zope and Plone. You have different
objects for the different things you need to do in a
CMS: objects to display information, objects to
gather information from a user, and objects to
process information. Then there are objects that
deal with very specific types of functionality. These
objects fit into three approximate categories:
■ Content. This can include plain text, audio, video,
spreadsheets, images, or any other type of content
on your website.
■ Presentation. These kinds of objects deal with
presenting information to the user. This includes
creating the design and layout of your pages.
■ Logic. These objects provide scripted logic that
can be used to process information and other
objects. Logic is critical in ensuring that the CMS
does exactly what you want it to do.
Although there are three broad categories, many
of the objects’ requirements can spread across
categories – for example, there’s no reason why you
can’t create a Presentation object that has some
Logic coded into it. This is where that complexity
issue can rear its head...
What kind of language is used to
>> write these objects and create
web applications with Plone and Zope?
The language at the core of the Plone and Zope
system is Python. Although this may come as a
surprise if you were expecting to see PHP running
the show, Python does a remarkable job of creating
15/3/05 4:09:00 pm

an easy-to-use language for dealing with these
objects. Python is both simple and effective, and has
proved to be really popular in recent times. One of
the reasons for this popularity is that so much is built
into the core Python libraries.
How does Python compare with
>> PHP and Perl?
Many people seem to consider Perl as a similar
language to that of the bash shell. In turn, some
people consider PHP to share aspects with Perl, but
also bits of bash shell and possibly even bits of C.
Python, on the other hand, shares many of its
similarities with high-level languages such as Visual
Basic, and it’s more similar to VB than PHP or Perl.
Python is also very similar to the C# language that
has proved so popular with the .NET platform and
the totally hip open source implementation of .NET
know as Mono.
You’ve done a good job of selling
>> Plone. What kind of server do I
need to run it on?
With its interpreted Python foundation and
comprehensive support built in for so many different
kinds of functionality, Plone needs a little more
oomph from your server than most other CMSs.
Many Plone users and developers believe the best
option is to run Plone on a dedicated server or
dedicated hosting service.
Running Plone on a dedicated server meets its
additional hardware requirements, and it’s also useful
to be able to SSH into your Plone box and edit your
configuration.If you want to target your resources to
the most put-upon resource for a Plone server, give
it lots of RAM. Plone uses RAM extensively and you
should have at least 100MB of it.
And how do I install it?
>> Plone is packaged for a number of
distributions and is available at www.plone.org.
The Plone team have worked hard to ensure that
they release the software in a number of different
supported package types. The Plone packages
include the Zope application server that you need to
run Plone; but if you just want Plone itself, you can
get the Plone Core packages.
If you’re running a distribution with an archive of
available packages, you’re best off downloading the
software from this supported archive This will ensure
that the many different elements in the Plone
system are installed and configured correctly.
If you want to run Plone on a Windows or Mac
OS X box, you can use one of the stand-alone
installers available at www.plone.org. These
packages provide the familiar Windows/Mac OS X
point-and-click installer and are very simple to use.
Where should I start after
>> installing Plone?
You’ll first need to access the Zope server on the
right port. This tends to differ from machine to
machine, but you should check in your Zope
LXF66.woe 49
WHAT ON EARTH Plone
configuration file to see which
port you need to use. Inside
/etc there should be a Zope
directory. This varies among
distributions, but it is likely to
be called something like zope
or zopectl.
Inside this directory there
should be a file called
default.conf or zope.conf,
and inside that file will be a
line such as ‘HTTP-Port: 9673’.
In this example the port has
been set to 9673, and you
can access this by visiting the
local IP address that points to
the machine you are currently
using (127.0.0.1) and issue the
port: http://127.0.0.1:9673.
When you access this URL,
you should see some
information about Zope
appear. This demonstrates
that Zope is working!
Once you’re in, begin by
familiarising yourself with the
Zope Management interface.
developer base behind it. Then there is a huge
What’s that?
>> An extensive web application giving you
community of users who support the software on
mailing lists, IRC channels and by writing tutorials
access to the many intricacies of the Zope and guides about using Plone. It’s a good example of
application server and the ability to configure a large and successful open source project that
virtually anything involved with Zope. benefits from an expansive network of volunteers.
You can access the Zope Management interface To augment this community, and inkeeping with
by appending /manage to the URL, as in the trend of large open source projects setting up
http://127.0.0.1:9673/manage. You will then be official organisations, the Plone Foundation was
presented with a login box in which you should type formed in 2004 to offer a more regulated side to
the username and password for your user account Plone. Its duties include acting as the ‘voice of Plone’
on your computer, and you will be given access to
the management console.
for official announcements, press releases, and other
communications; as well as the essential often
When you fire up the management interface, overlooked function of and generating funds. The
you’ll see a sidebar down the left-hand side and foundation has established an electoral process and
main view. The sidebar contains a list of folders and anyone is welcome to get involved.
objects that you have access to. In the main part of
As helpful as you’ve been, I’d like
the window, you can then view these resources and
edit information about them. >> to find out more about Plone.
Adding resources to the Zope system is also fairly Where should I go next?
straightforward. In the top right-hand side of the Your first port of call should be the Plone website at
main part of the screen, you should be able to see a www.plone.org. This has a documentation section
drop-down box with a large list of possible actions. that’s stacked full of information about Plone and
This box gives you all the options you need to create also contains some tutorials. Aside from a general
events, methods, documents and files; to add scripts, Google search for Plone tutorials, another potential
images and more. avenue to explore for information is The Definitive
You can also use this box to create your Guide to Plone by Andy McKay (Apress, $44.99).
Plone-managed website. Select the option to create The book provides a fantastic, easily accesible
a new site and then fill in the form in the main part introduction to Plone and how to create a
of the screen to create your website. comprehensive Plone-based website.
If you’re looking for specific help and assistance
With of all of this functionality
>> and the companies you discussed
with the CMS, you should also join up on one of the
mailing lists at http://plone.org/documentation/
earlier using it, how is Plone dealing lists. There is also the #plone channel on the
with increasing demand? Freenode IRC network. Try using the irc.eu.freenode.
Well, it’s a comprehensive project with a large net server to connect to the channel. LXF
www.linuxformat.co.uk LXF66 MAY 2005 49
15/3/05 4:09:03 pm
 FIREFOX TAKE BACK THE WEB

Take back the web:

FIREFOX

Firefox is one of the most successful

open source projects ever. With help
from its creator, Blake Ross, Linux
COVERRE Format reveals how it made the
FEATU breakthrough in five key areas.

50 LXF66 MAY 2005 www.linuxformat.co.uk

LXF66.firefox 50 16/3/05 12:29:57 pm

 FIREFOX TAKE BACK THE WEB

O
n February 25, the Mozilla
Foundation announced that
its Firefox web browser had
been downloaded more
than 25 million times since
its official 1.0 release less
than 100 days before. We knew from
Internet Explorer, an advantage that’s
shared by all the open-source
browsers. Transgressions of web
standards are quickly highlighted by
users and web developers and can be
checked out almost immediately –
even non-programmers can contribute.
by Internet Explorer have now created
a stable environment. There’s no
reason for open-source browsers not
to comply. “It’s hard to implement
standards, period – but that doesn’t
mean it’s harder to do just because
you’re innovating,” believes Meyer.
FIREFOX TIPS
Throughout this feature you’ll
find our favourite Firefox features.
They’re a reminder of why it’s so
popular – and, we hope, will improve
your web browsing experience...

the 0.8 release that Firefox was good,
but something about this felt different:
it was edging closer to the mainstream,
and receiving more mainstream press
coverage, than any other open source
project had been able to do.
Today, close to 30 million users
have, to use Mozilla’s own slogan,
‘taken back the web’: happily browsing
the internet faster, more safely and
with fewer interruptions than at any
time in the last five years. But why has
Firefox been so astoundingly popular?
How has it made the breakthrough?
The continual development process
of open source also means that fixes
get rolled out quickly, without the need
to wait for a major release. As CSS
guru Eric Meyer puts it, “Even a
crawling man will get ahead of a
stationary man, and a running man will
get even further ahead.”
Mozilla has embraced open source
development without stinting on
standards-compliance. Used to ensure
web pages are accessible to as many
users as possible, web standards were
at first often theoretical benchmarks
“Opera, Firefox, Safari – all of these
browsers have been innovating while
sticking as close as they can to
standards, and with far, far less
resources than Microsoft commands.”
In fact, Meyer believes open-source
projects may even be ahead: “When it
came out, [IE] was pretty darned good,
but the web marches on and IE
has been standing still.”
It’s quite telling that should
you browse the Bugzilla logs for
Firefox (Bugzilla is Mozilla’s
bug-tracking system), you’ll
find that many are logged as
invalid – these are the original

“WHY HAS FIREFOX BEEN ‘bugs’ resulting from other

browsers (mostly IE) failing to
SO HUGELY POPULAR? implement strict standards
that are followed in the
HOW HAS IT MADE Mozilla family.

THE BREAKTHROUGH?” 2 It’s secure

We knew there must be something that some browser developers found
about the Firefox story that other open hard to apply in practice.
source developers and advocates In many ways, the World Wide Web
could learn from, and we found Consortium (W3C) relied on browser
plenty. Here are the five secrets of developers to create and innovate the
Firefox’s success. features that could become standards
– if the resulting standard didn’t quite
1 It’s open source match the code already implemented,
This might elicit a loud “Doh!” from our developers were left to choose
readers, but beyond the free-software between rewriting significant chunks of
community Firefox has managed to code (breaking backwards compatibility
make its open-source status a selling in the process) or being branded bad
point, rather than a limitation. The fact guys by the code cognoscenti. But
that the code is open gives it an standards have matured, though, and
immediate advantage over Microsoft’s the years of browser space domination
Firefox is built on the
success of the Mozilla
web suite, inheriting
much of the advantages
of that software’s
rigorous approach to
standards and security.
Decisions such as
eschewing ActiveX on Windows, the
source of many problems on IE, has The ‘Get Firefox’ campaign
given it a reputation for being safe included a two-page advert in the
New York Times, paid for entirely
from malware, phishing attacks and so
by user donations.
on – especially in comparison with the
‘other’ browser.
Perceived security is a major >>
reason for its success. Starting out

HOW FIREFOX CAME TO BE

Key developments in the browser’s history (1980–April 1994)

1980 1992 March 1993 April 1994

Tim Berners-Lee, The future co-founder Andreessen announces Andreessen bumps
while working as of Netscape, Marc Mosaic, a “networked into SGI’s displaced
a contractor to Andreessen (right), information systems founder Jim Clark
CERN, proposes works with Eric Bina browser”, and at the (right). Together they
a project designed to port an HTML same time releases start up the Mosaic
to facilitate the sharing of information browser from beta version 0.10 of Communications
among researchers. His idea is based expensive UNIX Mosaic for X/Motif Corporation, the first
on hypertext, allowing documents to workstations to a including full source company to capitalise on
be dynamically cross-referenced. more user-friendly PC. code and binaries. the growing world wide web.

www.linuxformat.co.uk LXF66 MAY 2005 51

LXF66.firefox 51 16/3/05 12:30:31 pm

 FIREFOX TAKE BACK THE WEB
FIREFOX TIP:
SHORTCUTS
Firefox has shortcuts scattered
everywhere to make it fast and easy to
use, so why not take advantage of
them? For example, press Ctrl+Enter
to have Firefox add ‘www’ and ‘.com’
to your URLs; Shift+Enter to have it
use ‘.net’, and Ctrl+Shift+Enter to have
it do ‘.org’. If you don’t have the
location bar selected, hit Ctrl+L first,
or use Ctrl+K to select the Web Search.
“THIS IS OPEN SOURCE’S
BEST CHANCE TO FREE
THE WORLD FROM IE.”
FIREFOX TIP:
FORENSICS
Whether you’re debugging your own
web pages or just curious about other
peoples’ work, the DOM Inspector lets
you pick apart the construction of a
website and see what Firefox is doing
to the code. To run the inspector, visit
the web page and then click Tools >
DOM Inspector from the menu bar.
HOW FIREFOX CAME TO BE
(continued: July 1994–June1997)
July 1994
Unix Mosaic developer
Jamie Zawinski, during a
brainstorming session to find a
new name, blurts out a
suggestion of “Mozilla!” –
supposedly a (very) loose
amalgam of Mosaic and NCSA.
52 LXF66 MAY 2005
LXF66.firefox 52
>>with security high on the agenda is
a bonus: the alternative of retro-fitting
security features to existing software is
hard and rarely as comprehensive as
integrating a system at the start.
Yes, it has vulnerabilities – Mozilla
has already issued a security update
including a fix of a phishing
vulnerability – but there’s a lot of
evidence to suggest that open-source
applications are at least as secure as
proprietary counterparts.
“The security problems and
apparent stagnation of IE gave the
digerati an itch to look elsewhere.
Firefox, with its open-source nature
and power-user abilities, was a perfect
place to turn,” says Meyer.
The long-heard and quite
reasonable assumption is that Internet
Explorer is more of a target because of
its larger install base. Presumably then,
as Firefox becomes more popular, there
will be plenty of people looking at ways
to subvert it.
Not necessarily, according to its
author, Blake Ross. “Sure, it will
become a target. But that doesn’t
mean hackers will be successful,” he
says. “Firefox’s code has been freely
available on the web for years, and the
Mozilla Foundation encourages top
people in the security industry to try to
find vulnerabilities. In fact, the
foundation actually pays security
experts to search for security bugs and
report them in a responsible manner,
October 1994
Mosaic Communications Corp releases a
web browser called Mosaic Netscape 0.9,
an ‘Internet
Navigator optimised
for 14.4 modems’,
including X,
Microsoft Windows
and Mac versions.
www.linuxformat.co.uk
and I think everyone on the team has
been very pleased with the dearth of
bugs uncovered thus far.”
3 It’s non-commercial
No adware extensions, no pop-ups…
Firefox has gained support among
users for eschewing commercial
applications that are vulnerable to
exploitation. Its timing is perfect, as the
world becomes weary of in-your-face
selling and underhand data snooping.
In the beginning, of course, the
web was a happy place. In the Elysian
fields of interconnected ether, ideas
and information were exchanged freely
and without barriers. There weren’t so
many things you could do on the web,
to be sure, but it wasn’t a dangerous
place to be frightened of. Then
business moved in. Money-makers
paved over paradise and put up an e-
commerce store.
The effects of the new e-conomy
appear in both the profit and loss
columns. On the plus side: far more
features, services and a more
connected internet lifestyle. It is easily
imaginable that you could run your life
on the internet – bank your money,
and spend it on food, clothes, holidays,
pensions and Buffy DVDs without ever
leaving your chair.
In the other column, the
monetisation of the internet has led to
spam, pop-ups and, indirectly, to
phishing scams and many Nigerians
finding it difficult to inform people of
legitimate investment opportunities. In
a darker, less visible way, it has
also altered the objectives of
proprietary software
developers. Many commercial
companies have been guilty of
including features or selecting
November 1994
After a protracted lawsuit
with Andreessen’s previous
institution, the University
of Illinois, Mosaic
Communications changes its
name to Netscape, and its
browser is renamed
Netscape Navigator.
default options that benefit the
company more than the end user.
Marketing data is very valuable, so
valuable that in many cases it’s
profitable to develop and distribute
software for the sole purpose of
harvesting it. Such ‘spyware’ can be
downright criminal, but even the
more innocuous examples give pause
for thought.
Back in 2000, Netscape caused a
stir when users noticed that the
SmartDownload file-downloading utility
issued each install with a unique ID
and communicated back to Netscape
details of every file that the user
downloaded. There was no alert dialog
to tell the user it was sending secret
information on their surfing habits
back to base – the software just called
home whenever it liked.
Of course, the user had accepted
such an arrangement in the small print
of the licensing agreement when
installing it. And everybody reads that,
don’t they?
Whether or not you mind your data
being harvested, such situations foster
distrust between the user and software
providers. There is a sense of ‘caveat
emptor’ when installing new software –
ironically this is especially true if it’s
April 1995
Netscape1.1 is
released. A
milestone in web
browsing, it
offers support for tables
and many other new attributes.
This, and the later 1.2 release
pushes Netscape’s browser
market share to more than 80%.
16/3/05 12:30:46 pm
 FIREFOX TAKE BACK THE WEB

FIREFOX INTO THE FUTURE FIREFOX TIP:

Developers are already working towards
the next major release: Firefox 2.0. But
it’s not a one-step hop from 1.0 to 2.0.
Instead, they’ve split the transition into
three bite-sized chunks: 1.1, codenamed
Deer Park; 1.5 codenamed The Ocho (see
the film Dodgeball to get this obscure
reference); and 2.0.
Thanks to the long test cycle of Firefox
preview releases, the Gecko build inside
Firefox1.0 is out of date. But that’s
changing – 1.1 will resync with the
Mozilla tree, bringing in the rendering
fixes and tweaks made since Firefox1.0
was stabilised. For web developers, this
includes big changes like the inclusion of
CSS 3 columns and cursors, but most of
us will probably notice that the infamous
Slashdot rendering bug is fixed – hurrah!
One minor change expected in 1.1 is
more support for the Gnome human
interface guidelines, resulting in
smoother integration between browser
and desktop. In 1.0, changing your
Gnome theme while Firefox is running
will update everything but Firefox – this
is fixed in 1.1.
proprietary software that you haven’t
actually bought.
Then there’s pop-up advertising: a
curse on most web users who don’t
want their bandwidth compromised or
their screen cluttered with 1,001 offers
every time they hook up to the web.
For reasons still not clarified, when
Netscape released a browser based on
the Mozilla code that included the
ability to stop JavaScript from opening
new windows, it neglected to include
that option.
In the ensuing backlash, Netscape
released an update that did block
pop-ups, but there was a buried
whitelist in the preferences that by
A key target for developers in future
is adding per-site customisation
options, which should allow us to save
user agent settings, cookie options
and security levels that depend on
which URL is open.
Resist... you must resist
Following on from previous Firefox
releases, one thing we’re sure isn’t
going to change is Firefox’s
resistance of extensions. Where
other browsers sling features into
the main code, Firefox has
consistently remained thin and
light, with any feature additions coming
in the form of extensions. If anything,
this process is going to be tightened as
extensions are given more control over
the browser without increasing the initial
browser download size.
Although no official dates are
available, we expect Firefox1.1 to be
available by the time you read this, with
1.5 approaching its first developer
preview (alpha) release. The race is now
on to ensure that the thrust behind
Users may berate the laxness of
Internet Explorer when it comes to
ActiveX, but at least Microsoft seems to
be trying to put the users’ needs first.
It is possible for proprietary developers
to make the right decisions. Blake Ross
agrees: “Google is involved in
‘important stuff’ like writing a search
engine, and has emphatically spoken
out against pop-up ads on its website,”
he points out. “Google and other
thriving companies have figured out
that earning users’ trust will eventually
lead to far greater revenues than
anything a pop-up could rake in.”
4 It’s focused
Firefox continues – the Spread Firefox
team and the advert that they placed in
the New York Times in December have
given the browser a good public profile,
and it must not be allowed to slip. This is
the open source software’s best chance
to liberate the world from the insecurity
of Internet Explorer, which means it’s
imperative that Firefox1.1 comes out
quickly to keep up the pace – and raise
the pressure.
your own itch’ scenario. A user wants a
particular application, but finds that
none is available or that none works in
quite the way required. So the user,
with some programming ability, creates
an application themselves and releases
it into the wild. If it fulfils a more
general need others will begin using it
and perhaps contributing to it.
Over time, these projects attract a
great deal of momentum and
contributors. Usually this will lead to
more features being added and
more complex software applications,
which can hopefully serve more
general needs. Often though, it can
lead to a whole load of features that
RENDERING
Firefox pauses for a quarter of a
second before drawing web content,
but you can override that and force it
draw content immediately. To do this,
enter about:config into the location
bar, and look for the nglayout.
initialpaint.delay setting. If it’s not
there, right-click and select New >
Integer, and give it that name. The
default value is 250 (milliseconds), but
you can set it to 0 to make Firefox feel
much snappier.
FIREFOX TIP:
HIDE YOUR
HISTORY
As you browse around the web,
Firefox keeps track of all the sites you
visit. This helps when you visit the
same sites repeatedly in the same
session, but also means others can
follow your footsteps later on. If you
don’t want this to happen, look in the
.mozilla/firefox directory in your
home directory, and you’ll see a
directory named xxxxxxxx.default (eg
wqye4sug.default). Go in there, type
‘rm –f history.dat’, then restart
Firefox – this deletes your history, then
has Firefox recreate a blank file. Close
it again without doing anything, then
type ‘chmod 444 history.dat’ to make
it read-only. Now any URLs you visit

default allowed any pop-ups served Historically, open source software nobody really needs, but which >> with Firefox will be forgotten as soon
as you close your browser!
from AOL or Netscape. projects have started from the ‘scratch developers think are cool.

September 1995 March 1996 August 1996 June 1997

Microsoft bundles Internet Explorer
1.0 with its Windows 95 Plus Pack.
While IE is still technically inferior to
Navigator, bundling free software
with commercial
packages draws the
line of battle for the
coming of the
Browser Wars.
Netscape Navigator 2 implements
several new and unique features
(including Java and JavaScript)
that pave the way for much of
the modern web experience.
This month also sees AOL bundle
(notice the use of this word applied to
a certain company again) Internet
Explorer with its own software.
Netscape releases Navigator 3.0. Netscape releases
New to this version are Communicator version 4.
multi-column text, This version supports
horizontal and vertical most of CSS 1.1, and
spacing, strikeout and and introduces Layers for the
table cell background first time. Communicator
colours. New plug-ins are not only includes the
supported, including browser, but also an email
Apple’s QuickTime. and news client.

www.linuxformat.co.uk LXF66 MAY 2005 53

LXF66.firefox 53 16/3/05 12:30:49 pm

 FIREFOX TAKE BACK THE WEB

FIREFOX EXTENSIONS
Firefox is purposely plain. But if you’re after more features, here’s how to add them

Blake Ross wrote Firefox to avoid the

creep of new features that was
bogging down Mozilla. As a result,
using the browser can be a rather
spartan experience, but Ross and his
developers have made sure that you
can add functionality easily through
what they call extensions.
Extensions are installed and
managed through their own window –
accessed within Firefox from the Tools
menu – and the easiest way to install
them is by simply clicking on Get More
Extensions. When a new version of
Firefox is released all the installed
extensions can be updated in a single
stroke from the same window.
Firefox’s extensions page is at update.
mozilla.org, along with other recent
updates. Installation is usually as
simple as clicking on the link, with
Firefox’s extension manager
automatically handling the details.
After download, most require a
complete restart of the browser
(including the download manager). You
can acceess options pertinent to each
extension from the Tools menu, or
directly from the Extensions window.
Firefox can be customised to feel like a completely different browser.

FIREFOX TIP:
HTTP
PIPELINING
Send your network
performance through the roof by
enabling HTTP pipelining, a neat trick
that allows Firefox to request multiple
files simultaneously. about:config
comes to our rescue – set
network.http.pipelining to true, and
you can also enable network.http.
proxy.pipelining while you’re there.
Ad-free web browsing
Top of the list when it comes to
extension must-haves is Adblock. While
this may annoy advertisers and
jeopardise the continuing existence of
many ‘free’ websites, there’s no doubt
>> Mozilla itself is a notable example
of this (see Firefox Extensions box,
above). The original Netscape code
attempted to create a suite of
applications. As well as the browser,
there was an email client, which
doubled as a newsreader too. So far, so
reasonable. Then came Composer, a
web-layout tool. In some ways,
because of economies of sharing code,
it gives you more control. Once installed,
Adblock makes itself known via a small
box in the lower right of the main
window. Clicking on this presents you
with a list of items on the current page
that it’s possible to block. Adverts are
this made sense to the developers –
but did it make sense to users? A far
lesser proportion of web users now
have any need for a visual HTML
composer, but because the idea was
there already, it was hard to imagine
leaving it out.
The initial Mozilla release
approached 30 million lines of code:
impressive, but a bit of a worry – the
usually obvious, either by their file
extension (.swf for Flash for example) or
their domain. Adblock also places a small
tab into the rendered page that, when
clicked, allows you to remove the
offending advertisement directly.
kernel for Linux comes in at under
5 million lines. The size of the software
wouldn’t be an issue if it weren’t for
the fact that much of it is for non-core
functionality. In a clear example of the
Pareto principle, 80% of users may
need only 20% of the features.
There is also a tendency in open
source for the existing code to be
extended and ‘made better’ by

HOW FIREFOX CAME TO BE

(continued: October 1997–August 2002)

October 1997 January 1998 March 1998 April 1998

Internet Explorer 4.0 is Facing annihilation at the
released. Despite IE hands of Microsoft’s
playing catch-up to bundled browser, Netscape
Navigator over the makes the decision to
previous 18 months, release Navigator for free.
this release marks the This includes the binary
start of its domination of code, as well as most of the
the marketplace. code-base under an
open-source licence.
An early development Netscape Communications announces a
snapshot of Netscape new browser rendering engine, initially
Communicator is released as named Raptor. In what will become
source code to the a theme for Mozilla, this
recently-founded Mozilla name is already taken
Organisation. Developers are – it opts for the
encouraged to download the more lizardy (and
code (8MB) and post their geekier-sounding)
own enhancements. Gecko instead.

54 LXF66 MAY 2005 www.linuxformat.co.uk

LXF66.firefox 54 16/3/05 12:30:53 pm

 FIREFOX TAKE BACK THE WEB

of them initially and they had a clear

Firefox’s extension manager.
Drawing shapes with the mouse to
control a browser (rather than clicking
buttons on the GUI) was considered too
esoteric for the main Firefox release, but
this power is easily installed using the
All-In-One Gestures extension. Basic
gestures include forward, backward and
reload, but there are also more advanced
gestures such as tab switching, scrolling
and font sizes. New gestures can be
added manually by drawing the
corresponding action on to a canvas, and
once you get used to them it’s difficult to
go back to buttons.
You know Gmail has reached critical
mass when there’s more than a dozen
ways of managing your inbox. As Firefox is
probably the default browser for
accessing Gmail (especially for KDE users)
developers, which usually results in it
getting longer as team-based
contribution exercises are generally
additive rather than reductive. The
whole Mozilla team have recognised
this problem, and there are efforts
within the Mozilla developer
community to address it. The current
roadmap exhorts programmers:
“Tinderbox now measures code footprint,
it makes a lot of sense to integrate
Gmail directly, and that’s exactly
what the Gmail Notifier extension
does. This great little tool sits in
the status bar and simply informs
you of any outstanding Gmail
messages. Clicking on the little
red envelope opens a Gmail
session under a new tab, quickly
giving access to all that spam.
Download peekaboo
Other extensions worthy of a
mention include:
■ Download Status Bar, which
lets you see the status of downloading
files without having to resort to the
external window.
■ User Agent Switcher changes the
browser identifier sent to a site, often
providing access to stubborn locations
such as online banks that insist on a
certain browser.
■ Translate performs BabelFish magic.
■ MediaPlayerConnectivity allows you
to open embedded media content with
a configurable external program – a
great way of avoiding those terribly
constrained RealPlayer windows.
Best of the bunch, though, is the
ScrapBook extension. This lets you drag
highlighted clips from a web page into
the side bar for later reference. The
clips includes text and images, along
with a link to the original source, and
can become irreplaceable.
so let’s start working to reduce it rather – to do more complicated things, to
than increase it. Resist the all-too-
common tendency to add more code.
Try to remove code, simplify over-
complicated code [and] undo
premature optimisations.”
In retrospect, the decision of
Firefox’s developers to split off and
work on a minimised browser probably
succeeded because there were so few
idea of where they wanted to go. Blake FIREFOX TIP:
Ross admits: “A major problem with DISABLE BLINK
the old Mozilla software was that
Although the <b> and <i> HTML tags
literally dozens of people influenced get our goat (use semantic tags,
the product’s direction. That just dammit), they are mere bagatelles
doesn’t scale.” compared with <blink> – the evil
horror that makes text and other
5 It puts users first elements flash on the page.
Fortunately, Firefox users can disable
Who is software for? It’s a question
this through about:config – just look
that the Firefox developers have
for browser.blink_allowed and set it
constantly asked themselves. They’d to false, and your eyeballs need never
say it’s for the user, but in proprietary be scalded again!
development, there are obvious
compromises to be made. For one, the
“USABILITY IS MORE
IMPORTANT THAN
FUNCTIONALITY.”
business itself needs to be maintained,
which is still the case even when
proprietary software is delivered for
free. There is an incentive to put the
business aims before those of the user.
Even in the arena of open source,
the end user is not the focal point of
all development. Ask the average
developer what makes them devote so
much time and energy to coding, and
creating usable applications with a
wide appeal isn’t likely to be their top FIREFOX TIP:
reason. It’s natural to want to do more
RESIZE FRAMES
satisfy the code equivalent of Page frames can be a boon to site
usability, but we froth at the mouse
machismo by doing hard things,
when inconsiderate programmers force
sometimes in an obscure but
them to a specific width – we have big
essentially cunning way. For software monitors for a reason and don’t want
that’s going to be used by people of 120-pixel width restrictions, thank-
the same mindset, this isn’t so much of you-so-very-much. Firefox comes to
a problem. the rescue. Look in about:config and
But to switch over into broad >> set layout.frames.force_resizability to
true – and breath a sigh of relief.
mainstream use, usability is more

November 1998 November 2000 August 2002

AOL buys Netscape for After a three-year hiatus, Disillusioned by Mozilla’s
$4.2 billion. There are Netscape 6.0 is released. bloated and feature-rich
worries that this could signal Based on the Mozilla 0.6 direction, developers
the end of Netscape’s quirky branch, it’s a total failure – Blake Ross and David Hyatt
Gecko project, but AOL thanks to the terrible UI, take a partial fork of the
remains committed to awful page rendering and Mozilla code base. They
financing Mozilla.org despite stability that would make intend to build a lean
having no plans to switch Cristiano Ronaldo look like a browser with a laser-
from using IE. mountain goat. sharp focus on the user.

www.linuxformat.co.uk LXF66 MAY 2005 55

LXF66.firefox 55 16/3/05 12:30:57 pm

 FIREFOX TAKE BACK THE WEB

Two browsers showing the same

site. You can’t tell the difference in
speed from a static picture, but you “The key to Firefox’s success is simplicity. Firefox knows what users want and
can see the extra complexity of the
example on the left, the beta
version of Netscape Browser 8.0.
What are all the buttons for? We
used it for a few hours and still
can’t tell you. Firefox, on the
right, is simple enough for your
granny to use.
FIREFOX TIP:
MAXIMISE
Once you make the switch to
tabbed browsing, having multiple
browser windows open becomes a bad
memory. But how can you make the
most of your screen real estate? With
Firefox, the answer is simple: tap F11 of pop-up ads and spyware and other
to switch to Full Screen mode. Firefox annoyances. They were spending more
will take up – surprise, surprise – the
whole screen, getting rid of the
window decoration at the top and also
any menu bars you have at the bottom.
>> important than functionality,
something emphasised by Blake Ross.
I can’t stress that enough. Software
developers seem to be stuck in an
endless search for ‘the next big feature’. Search in the toolbar.
With Firefox, we zoom in on each and
every part of the product, reworking
and refining and tweaking it until it’s
just right for mom and dad. All these
little things add up to a superb overall
experience, and that’s the big feature.”
So ‘Taking back the web’ isn’t just a end user. Are its five ‘secrets’ really
catchy slogan for Firefox, there are
some real issues at the heart of it, as success? “Unfortunately, yes,” says Ross.
Blake explains: “Back when we
worked at Netscape, we read the
feedback that users submitted almost
obsessively, and a common thread
emerged: people complained that
they’d lost all control of their browsing
experience and were now at the whim
time fighting with the web than using it
to get stuff done.
“This seemed backwards to us:
technology is supposed to empower
users, not control them.” It’s not
isolated in a development bubble:
puts them first. So it’s hello tabbed
browsing, live bookmarks and Google
Community call
Firefox is a well-conceived idea,
developed properly with an eye on
security, restraint when it comes to new
features and sole consideration for the
enough to account for its revolutionary
“I say “unfortunately” because there
shouldn’t be anything revolutionary
FURTHER RESOURCES
For more information about Firefox,
check out the home page at
www.mozilla.org/products/firefox and
advocacy site www.spreadfirefox.com.
Blake Ross is a founder of the Firefox
team and an all-round nice guy. Catch
up with his life and thoughts at
www.blakeross.com.
about the Firefox model: ease of use
and simplicity should be the driving
principles of any software project, open
source or not. I think Firefox is making
waves because it’s the first
open-source product to really dive
headfirst into the consumer pool, and I
hope our success is a signal to the rest
of the community that they can come
on in, the water’s fine.”
So a consumer-friendly model can
work in open source. Perhaps it’s the
movement’s best chance of winning
mainstream acceptance. “The era of
‘by geeks for geeks’ software
development is over,” says Ross. “Open
source can play in the big leagues.” LXF
Eric Meyer is a leading expert on CSS,
principal consultant at Complex Spiral
and the author of several excellent
books. Check out his homepage,
www.meyerweb.com.
Read exclusive full interviews with Blake
Ross and Eric Meyer on our relaunched
website, www.linuxformat.co.uk.

HOW FIREFOX CAME TO BE

(continued: September 2002–November 2004)

September 2002 April 2003 February 2004 November 2004

First binary release of the
forked project, named
Phoenix, version 0.1.
According to the release notes,
the browser’s features include
a customisable toolbar, a
quick search facility (for
bookmarks and history) and
speed, speed, speed.
Trademark issues force the team
to change the name of the
project to Firebird. This name is
used for the following month’s
0.6 release, which features
smooth scrolling and automatic
image resizing.
Following further problems
with a free database called
Firebird, the project makes
its final name change to
Firefox. This is followed
with the 0.8 milestone
release, now with
Windows installer and
download manager.
Official release of version
1.0 of the Firefox browser.
The volunteer advocacy
group Spread Firefox
takes out a two-page ad
in the New York Times to
publicise the launch.

56 LXF66 MAY 2005 www.linuxformat.co.uk

LXF66.firefox 56 16/3/05 12:31:00 pm

 GCC 4.0 UP CLOSE
The compiler at the heart of open source is heading for a new release. GCC
fan and sometime contributor Biagio Lucini talks to leading developers for
an exclusive preview.
N
othing we do with open
source would be possible
without the compiler
collection GCC. It may be
mastered only by an inner
circle of C++ gurus but it
affects us all. It’s GCC that allows your
distributor to build the system you’re
running right now, and every
improvement to it results in shorter
execution times and smaller binaries.
GCC is where the magic takes
place, and that’s why we’re paying
close attention to the major
forthcoming release of GCC 4.0, a
benchmark for the project. Mailing lists
talk of faster optimisation, improved
security and cool hacks. Given GCC’s
chequered history, we were keen to
58 LXF66 MAY 2005 www.linuxformat.co.uk
LXF66.feat_gcc 58
UP CLOSE
find out if these new additions are the
result of harmonious exploration – or
acrimonious forks.
That history began in 1984, when
Richard Stallman wrote the first chunk
of GCC, the C front-end. In the same
year the GNU project officially began,
and it’s no surprise that GCC is at the
heart of it: it’s hard to imagine how
you could provide freely modifiable
software without providing a way to
convert the modifications into
executable code.
Three years later, in 1987, Stallman
decided to expand the front-end into
a fully-blown compiler, beginning
GCC’s journey to the version 4.0 we’re
awaiting. Architectural limitations of
this first release series were overcome
in 1992 with the publication of version
2.0, which also added support for C++.
GCC was beginning to be adopted as
the official compiler on several
software platforms (including Linux),
and its 2.7 manifestation received
special praise.
Fork ahead
Through the nineties, GCC
development remained in the firm
hands of the Free Software
Foundation (FSF), which was more
focused on stabilising than on
improving the compiler. As a
consequence, third-party patches
aimed at simplifying the building
process on some architectures or
adding functionalities were very often
15/3/05 4:36:21 pm

CODE BREAKERS
Watch out for these GCC breakages
Because GCC standards are pretty
complicated, they haven’t always been
implemented; particularly in early
versions. Recent releases have been
more standards-compliant, but this
means the old bad code is now breaking
with updates. In fact, version 3.0
showed signs that certain features
would break. The good news is that the
level of breakages in this latest update is
lower than the transition from 3.3 to
rejected. But because GCC was still
GPL software, users could choose to
apply the patch set they liked best.
This gave rise to a dangerous spread
of unofficial versions, with the risk that
a serious fork would slow the
development of the official version. To
avoid this, in 1997 some leading GCC
developers breathlessly decided to
fork the project themselves.
This was the birth of EGCS
(pronounced eggs). Among the
declared objectives of EGCS were
improvements in the C++ area and
the addition of Fortran 77 support
(g77). The project was very successful
and many vendors included EGCS side
by side with GCC in their distributions.
Within a few years the superiority
of EGCS over GCC became striking,
leading the FSF to give its official
blessing to the development model at
the root of EGCS in late 1999. EGCS,
which was itself undergoing forks such
as the PGCC project (aimed at building
fast executables on Pentium-class
machines), became GCC 2.95. One of
the differences between the
development process of EGCS and the
previous GCC was that the open
model of EGCS was tailored to make
forks useless, and projects like PGCC
slowly died out, being either
reabsorbed or superseded by EGCS.
Storm in a red hat
Despite that, the story of forks was far
from over. About a year after the
adoption of EGCS as the official GCC,
Intel released the Itanium, a promising
new architecture with the potential to
become a leading platform in the
middle- to high-end server sector. Red
Hat was faced with a problem: it
wanted to provide out-of-the-box
support for the new IA64 architecture;
the official version of GCC at that time
(2.96) did not support the Itanium,
but the upcoming version of the GNU
LXF66.feat_gcc 59
3.4. Here are three to look out for:
NEW FORTRAN FRONT-END
Don’t expect all of your code to be
parsed as before.
JAVA ABI Breaks binary compatibility of
Java applications, pretty much as
happened with C++ from 2.95 to 3.0.
VARIABLE TRACKING This new feature
requires the user to upgrade to GDB 6.1.
compiler collection (still in heavy
development) would.
Keen to provide a unified base
system across all supported platforms,
Red Hat made the decision to provide
as its official compiler a heavily
patched version of what should have
become GCC 3.0. By itself this would
not have been a big deal, but it turned
out that that this compiler (which Red
Hat named GCC 2.96 without
permission from the FSF) failed in
building the Linux kernel. Even worse,
the so-called GCC 2.96 was binary
incompatible with both the stable and
the development versions of GCC.
Users assumed the FSF had released
a buggy program that was unable to
compile the kernel and that broke
binary compatibility.
The GCC team reacted promptly,
issuing an official statement in which
they clarified their position on GCC
2.96 and blamed the poor
performance on Red Hat. Even Red
Hat tried to explain its actions and
resolved some of the problems by
providing an alternative compiler
based on EGCS (known as KGCC, a
INSTRUCTIONS FOR THE IMPATIENT
How to set up GCC 4.0 for immediate use
As with many open source projects, you
can obtain GCC via anonymous CVS.
For this, you need CVS installed on your
system. Once you’ve made sure you have
it, open a terminal and perform the
following operations:
mkdir /tmp/gcc
cd /tmp/gcc
export CVS_RSH=ssh
cvs -d :pserver:anoncvs@gcc.gnu.org:/
cvs/gcc -z 9 co -P gcc
This will create a new directory, gcc
inside /tmp/gcc. It’s now time to build the
sources. If you are interested only in the
C, C++ and Fortran front-ends, you can
proceed as follows:
mkdir build
cd build
www.linuxformat.co.uk
GCC 4.0 UP CLOSE
compiler meant to be used to
recompile the kernel). Alas, the fiasco
was by then irreversible. Red Hat
insisted on this dual compiler
approach (followed closely by other
vendors including Mandrake) for about
a year, until GCC 3.0 was officially
released. That said, Red Hat has been
and still is one of the major
contributors to GCC; today, some of
the leading GCC developers are Red
Hat staff.
Truly open at last
GCC 3.0 was the natural result of the
efforts started with EGCS. The focus
was still on stability, but improvements
were no longer renounced, even if
sometimes they could have broken
compatibility. In fact, GCC 3.0 broke
binary compatibility for C++ code,
since it contained a major
improvement in the form of a new
Application Binary Interface (ABI) for
that language. It took another minor
“USERS ASSUMED THAT
THE FSF HAD RELEASED
A BUGGY PROGRAM.”
release for the ABI to stabilise, but the
neat result was a more standards-
compliant and predictable compiler.
Throughout the 3.x series,
developers have continued to improve
and stabilise the set of features
introduced in GCC 3.0. Although most
of the work has centred on C++,
support for the other officially- >>
included languages (Objective C,
../gcc/configure --prefix=/opt/gcc --
enable-languages=c,c++,f95
--enable-shared --enable-threads=posix export PATH=/opt/gcc/bin:$PATH
--disable-checking --enable-long-long export LD_LIBRARY_PATH=/opt/gcc/lib:/
--enable-__cxa_atexit --enable- opt/gcc/libexec:$LD_LIBRARY_PATH
clocale=gnu --disable-libunwind- into a terminal and invoke GCC or
exception equivalent commands.
make bootstrap The command gcc -v should now
and as root: contain as the last line of the output
make install something like ‘gcc version 4.0.0
This will install the compiler in /opt/ 20050223 (experimental)’, where the
gcc. The location has been chosen in date refers to the CVS version you have
such a way that no conflict is generated checked out. Remember that those
with the existing GCC installation, since settings will be lost when you quit the
you will need the old GCC for compiling shell. Of course, you can make
new kernel modules and so on. GCC 4.0 your default compiler, but until
The last step is to tell the system your distribution migrates to it this is
where to look for GCC. Type highly inadvisable.
LXF66 MAY 2005 59
15/3/05 4:36:27 pm
 GCC 4.0 UP CLOSE
WHAT IS SSA?
A framework for better optimisation.
It will improve your life!
When writing code, it’s common to
reuse names of dummy variables. Take,
for instance, the code snippet:
a = 3;
b = f(a);
a = 4;
The a that appears at line 3 has
nothing to do with the a at lines 1 and
2. What the Single Static Assignment
does is to give a different name to
logically independent variables, so
each newly referenced variable must
C trees C genericise
C++ trees GENERIC Gimplify GIMPLE GIMPLE
C++ genericise trees optimiser
Java trees Java genericise 2/ The tree-SSA framework (taken from http://gcc.gnu.org/projects/tree-ssa/).
GCC writers believe it will play a vital role in optimisation advances in future releases.
>> Fortran 77, Ada and Java) has been unofficial distribution maintained in the
vastly improved. As a result of the the form of a CVS branch of the main
language-independent infrastructure repository is started, to be periodically
being revised, the generated code is synchronised with mainline. Being
generally faster than the corresponding experimental software, the criteria for
2.x executables, and support for more code that’s checked into a branch are
architectures has been added (there less strict than those for mainline
are few platforms to which GCC 3.x additions. If and when the branch
has not been ported). proves to do useful work without
Having learned its lesson with destabilising the compiler, it will be
EGCS, GCC now welcomes new ideas – merged with mainline. Otherwise it will
and the transformed open nature of have been just an interesting exercise.
the development process is a large Many of GCC’s major projects
factor in GCC’s success and swift began life in one of these branches.
development. CVS access is restricted The projects are overseen by the
to a few trusted developers and, as steering committee, a group of leading
GCC is still the property of the FSF, all developers who decide what direction
contributors need to sign a copyright GCC should follow. It includes
transfer form to donate their code to developers from different companies
the project. But there’s plenty of room and institutions (such as David
for developers who want to Edelsohn, a K42 researcher at IBM,
experiment with new constructs within Jeff Law of Red Hat and Gerald
the framework of GCC. Pfeifer, who works on Itanium at
Everyone can contribute patches SUSE), with the aim of balancing
by sending them to gcc-patches@gcc. different or even opposing needs
gnu.org. These will be peer reviewed, within the user community.
and if they’re considered correct, Before a new version is released,
adherent to GCC coding conventions its source code undergoes three
and useful to the community, they will different stages. In Stage One the
be checked into the main tree. project is under heavy development
Patches that require heavy and major modifications can be
modification of the architecture accepted. In Stage Two only
undergo a stricter review process. First, stabilisation of the approved features
the main code is forked. Then an can be performed. Any major revision
60 LXF66 MAY 2005 www.linuxformat.co.uk
LXF66.feat_gcc 60
have a new name. In the SSA
representation, the same code becomes:
a1 = 3;
b1 = f(a1);
a2 = 4;
The scopes of the variables are now
clearly exposed. This representation
offers a powerful tool for analysing
dependencies among different portions
of a program, which is the starting point
for effective optimisations.
GIMPLE RTL
expander
will go to a branch, which will be the
basis for the version following the next
one. At Stage Three the known bugs
are fixed. The final check consists of
analysing the results obtained by
running the compiler on the provided
test suite: there must be no regression
with respect to the previous version
before the compiler can be tagged
with the release number.
The person responsible for this
process is the release manager. Since
version 3.0, the release manager for
GCC has been Mark Mitchell
(see Q&A, right).
High hopes
GCC is now at version 3.4.3, expected
to be the last release in the successful
3.x series before the coming of version
4.0, which is at Stage Three in its
development at the time of writing
(and the chances are that it will be out
by the time you read this).
The big jump in the release
number reflects a major development:
the adoption of a new optimisation
framework that makes use of the
Single Static Assignment (SSA)
transformations. Once the framework
matures, it will provide faster and
better generated code and be the
basis for further optimisation. The
initial SSA implementation is largely
15/3/05 4:36:31 pm
 GCC 4.0 UP CLOSE

just a framework for the future, but
the next few releases of GCC will
include optimisations (tweaks,
basically) based on this initial release.
To understand why the new
optimisation framework will make such
a difference, we have to take a step
backward and talk about compilers in
general. A compiler is a software
program that transforms a text file
written according to well-defined
lexical and syntactical rules specified
by the programming language into
machine executable code. The
compilation process comprises a
parsing part, in which the source is
validated; an optimisation part, in
which the code is restructured for
improving its performance; and a
generation part, in which the
executable is built. Technically, we refer
to them respectively as the front-end,
the middle-end and the back-end.
The three components do not have
to be kept distinct, but if they aren’t, to
support x languages on y different
architectures one would need to write
x times y different compilers. As
readers of Paul Hudson’s LXF series
on compilers will know, the clever way
to reduce the work is to make sure
that the middle-end is logically
separated from the front-end and the
back-end. If the middle-end also
makes use of a representation of the
source code that is not language-
specific, front-ends of different
languages can share it.
In the same way, it’s possible to
interface several back-ends to the
same middle-end. For a compiler that
follows this structure, to support x
languages on y architectures you
would need x + y separate projects
emitting or accepting code according
to the rules dictated by the middle-
end. Fig 2 represents the structure of
such a compiler.
In principle, old versions of GCC
have followed that structure, with the
front-end emitting abstract syntax
trees (ASTs) and the intermediate
language being Register Transfer
Language (RTL). Unfortunately for fans
of smooth compiling, the ASTs
generated by each front-end differ,
Language 1
Language 2 Architecture 1
Intermediate
language
Architecture 2
Language 3
Language 4
Front-ends Middle-ends Back-ends
and the RTL representation is not well 2/ An ideal compiler that supports
suited for high-level optimisations. four languages on two different
architectures.
Each front-end has to know about
optimisations, which – apart from
causing duplication of efforts – means
the quality of the generated code is
dependent on the language and
optimisation processes in the
particular front-end.
What’s the answer? The new tree-
SSA framework, which will offer a
language-independent infrastructure
for optimisations, sitting as it does
between the front-ends and the >>
RTL (see What Is SSA? box, left).

MARK MITCHELL: GCC GUARDIAN

As GCC’s release manager, Mark Mitchell has the heavy responsibility of overseeing new additions to the
collection. We ask him if the project is feeling the heat from rival IBM compilers.

LXF: How have you been involved in
GCC’s development?
MM: I’ve enjoyed working on compilers and
programming languages for a long time: in
fact, my elementary school computer
teacher was a wonderful woman who was
very interested in programming languages.
So I think I was doomed to like compilers
from about age five!
My biggest role is release manager. I
decide when it’s time to officially release a
new version of the compiler. I also help steer
what changes go into the compiler at which
points in the development cycle and I try to
facilitate high-level technical conversations
about the desirability of particular changes.
Historically, I’ve done a lot of development
of the G++ compiler. I still do some of that,
but now I’m working more on other things,
including managing CodeSourcery’s rapid
growth. I can get a lot more done by helping
others than by trying to do it all myself!
LXF: What are the goals of GCC?
MM: It depends a lot on who you ask. One
of the challenges is that the goals of the
various stakeholders are not uniform. Some
people want to see releases very frequently
so that improvements are always available to
people. The distribution vendors want to see
releases that contain the features their
customers need on a schedule that works
for them. Some people want maximum
backwards compatibility with older versions
of the compiler. Some people want strict
conformance with language standards.
It’s a pretty diverse set of goals, and
sometimes the goals are incompatible.
LXF: How is GCC developed?
MM: GCC is developed by a pretty large
team. Most of the major contributors are
now being paid for their efforts, which is
somewhat different from five or ten years
ago. But there’s still a tremendous amount of
volunteer effort as well. I don’t want to name
particular organisations because I’ll probably
leave somebody out, and I don’t want to be
accused of promoting particular interests. In
general, the major contributors are software
development businesses (like CodeSourcery),
GNU/Linux distribution vendors, operating
system vendors and hardware vendors.
The development model has come out of
years of evolution. It’s a balance between
freeform development and a strictly top-
down model. The GCC Steering Committee
sets some high-level policies, but most
technical decisions are being made by the
individual maintainers. There’s a lot of back-
and-forth between the developers to work
out how best to solve problems. We use peer
review to check each other’s work and
contain the tree-SSA infrastructure. There
are some programs that run a lot faster with
GCC 4.0.
I think that GCC 4.1 will demonstrate even
more of an across-the-board win. Frankly,
replacing most all of the optimisers in GCC
with brand-new technology, and having it (a)
work, and (b) not generate worse code is a
huge achievement!
GCC 4.0 also contains a Fortran 95
front-end. It’s not as polished as C or C++ at
this point, but it’s coming along very nicely.
The C++ front-end is substantially faster
when compiling without optimisation. As
always, there is support for more chip
variants, newer versions of operating
systems, and tons of bugfixes.
LXF: Has the availability of the Intel
compilers had any impact on the
development goals of GCC?
MM: I believe that competition is great for

“I THINK I WAS DOOMED decide on designs. GCC. People say a lot of things, positive and
negative, about the Intel compilers. I’m not

TO LIKE COMPILERS FROM LXF: What can the end user expect from
GCC 4.0?
going to do that; I’ve not examined them
closely enough to say for sure. I’m confident

ABOUT THE AGE OF FIVE.” MM: It’s going to be a bit of smorgasbord.

The reason for the major version number
change [from 3 to 4] is that GCC 4.0 will
that there exist programs for which those
compilers generate better code, and that will
push GCC to improve as well.

www.linuxformat.co.uk LXF66 MAY 2005 61

LXF66.feat_gcc 61 15/3/05 4:36:32 pm

 GCC 4.0 UP CLOSE
TIGHTER SECURITY Version 4.0 gives you added protection
Security-minded readers will be pleased
to hear that GCC 4.0 addresses a
common exploit known as buffer
overflow. This is where an attacker
passes a huge string or number to a sick
program, gaining access to memory areas
and often taking on root privileges.
The answer is to perform sanity checks
for possible buffer overflows in any line
of code – but unfortunately this isn’t
done by default. Version 4.0’s solution
LXF: How did you get involved in GCC?
DN: I am originally from Argentina and came
to Canada in 1993 to do a PhD in Computer
Science at the University of Alberta. I started
getting involved with compilers and ended
up developing techniques for analysing and
optimising concurrent programs.
In 1999 I came into contact with Cygnus
and started working for the GCC team. Until
then I only knew about GCC by name – I
had played with it a little bit during my
research, but not to any serious extent. After
graduation, I relocated to Toronto and kept
working on GCC (now as part of Red Hat,
since [Cygnus was] acquired in late 1999).
LXF: What does it mean in practical terms
to be the maintainer of a branch of GCC?
DN: The work isn’t much different to what
you do on mainline. Perhaps the major
liability is merging changes from mainline
into the branch. It’s a delicate balance you
have to strike – if you merge too often, you
“SOPHISTICATED LOOP
TRANSFORMATIONS WILL
POP UP IN NEW VERSIONS.”
62 LXF66 MAY 2005
LXF66.feat_gcc 62
comes in the form of the
-D_FORTIFY_SOURCE switch. When
enabled, sanity checks will be performed
by the compiler, and if there is the
possibility of an overflow, more secure
library functions will be called instead of
the default ones. For this reason, you’ll
need the glibc library (version 2.3.4 or
later) or a patch for it.
One of the biggest advantages of this
method is that the check can be
Before code can be converted to
the SSA form, two preliminary steps
are needed, which go under the
names of GENERIC and GIMPLE.
GENERIC was introduced to overcome
a thorny problem: though the middle-
end expects input in the form of a
common intermediate language from
the front-ends, it turns out that there
are inconsistencies between the
intermediate language that each front-
end emits.
DIEGO NOVILLO: SSA MAESTRO
Much of the buzz surrounding GCC 4.0 is being generated by the new tree-SSA infrastructure,
which promises fast, language-independent optimisation. Linux Format talks to its creator.
are bound to make the branch too unstable,
particularly if mainline is in Stage 1, ie open
to major changes. If you let too much time
pass between merges, you may spend quite
a few hours fixing merge problems,
particularly if the branch is too active, like
tree-SSA used to be.
Branches are not much different to
mainline In terms of contributions either. First
and foremost, you have to make sure that
everyone contributing to the branch has all
their FSF copyright paperwork in order.
As far as stability goes, branches also
operate in stages. Initially, you allow just
about any change that is reasonable, and as
you are getting ready to merge into mainline
you start clamping down. The tree-SSA
branch was pretty flexible initially, but in the
months prior to the final merge, I would not
allow any patch that broke bootstraps on the
5 or 6 architectures I was testing. Even if the
patch was not at fault, we would remove it
and ask the author to figure it out.
LXF: Can you explain what tree-SSA is?
DN: Basically, it is an overhaul of GCC’s
optimisation infrastructure. With it, we can
www.linuxformat.co.uk
performed with no or very little run
time overhead. There are two levels of
fortification: -D_FORTIFY_SOURCE=1 is
the standard, while -D_FORTIFY_
SOURCE=2 gives even more security, at
the expense of possible failures of some
conforming programs. Read more at
http://gcc.gnu.org/ml/gcc-
patches/2004-09/msg02055.html.
To avoid heavy intervention at the
front-ends, GENERIC was written to
translate trees emitted by the front-
ends into a common language. Still,
this is not enough: SSA acts on simple
instructions; hence, lines such as
a = b + c*d;
need to be simplified as follows:
e = c*d;
a = b + e;
so that each assignment operation
consists of the reduction of two
now implement optimisations like
vectorisation and software pipelining that
were difficult or impossible to implement on
RTL. It also separates the front-ends from the
back- and middle-ends so that adding new
languages to GCC won’t be nearly impossible
anymore. Before, every front-end had
intimate ties with the back-end and the
internal interfaces were slim or non-existent.
As with any other internal infrastructure
overhaul, these major changes typically
mean little to the user. But in this case, the
two major visible changes will be the
inclusion of Fortran 95 and mudflap [a
technology for checking run-time errors]. The
new optimisations will probably help some
users. For instance, the new scalarisation
capabilities are likely to help C++ code with
lots of short-lived small objects that were
demoted to memory too early in previous
versions of GCC. Also, the autovectorisation
passes may come in handy for some codes.
I don’t expect GCC 4.0 to do the job
across the board, but the new architecture
will certainly help us improve and maintain it
a lot better than before.
LXF: How do you see the future of
tree-SSA and of GCC in general?
DN: GCC is becoming a pretty good
compiler and it’s quickly assimilating modern
optimisation techniques that were previously
only seen in commercial compilers:
vectorisation, for instance. Expect several
sophisticated loop transformations to start
popping up in subsequent versions of GCC.
variables by a single operand. This
operation is known as gimplification,
and the step as GIMPLE. The step
which follows consists of a rewriting
using SSA rules. Once the code is in
the SSA form it’s straightforward to
implement some high-level
optimisation procedures before the
code is passed to RTL for further
lower-level optimisations (see Fig 1).
Among the optimisations that have
been implemented are eliminating
unreachable code, constant
propagation and a sketched
autovectorisation. Some of those
optimisations were possible within the
old framework, but the new SSA
scheme generally outperforms it (for
more, see Diego Novillo Q&A, below).
Fortran news
Although tree-SSA is without doubt
the biggest addition to GCC, version
4.0 will have many other
improvements that catch the eye.
Among them, the addition of Fortran
We are also
starting to add intermodule optimisations –
optimisations that can work across function
calls and even file boundaries. Explicit
concurrency in the form of OpenMP [a
shared-memory API] or something along
those lines is also likely in the mid- to long
term. Dynamic languages like Java will also
benefit from the new architecture. People
will be able to implement analyses like
escape analysis and devirtualisation.
LXF: Do you plan to work on other
innovative projects for GCC?
DN: I’m very interested in GOMP, an
implementation of OpenMP. In the short
term, I’m working in several propagation
optimisations to help analyses like mudflap
reduce the amount of memory-bound
instrumentation. I’m also interested in
reducing bounds and type checking for Java.
15/3/05 4:36:34 pm
 GCC 4.0 UP CLOSE

they are buying CPU time, which is

95 support in the form of gfortran
(short for the GNU Fortran 95 project)
will be welcomed by the many
scientists and engineers who use this
programming language – Fortran has
never been one of GCC’s strong points.
Gfortran (http://gcc.gnu.org/
fortran) is a good example of the
benefits of a more open development
model. It was forked from the original
g95 project (still under heavy
development at http://g95.sf.net)
because the maintainer of g95 liked
private. In older software this feature
required a substantial amount of
monkeying to make it work. New
projects are encouraged to use visibility
options right from their inception.
With a careful choice of private
symbols, the loading time of a library
can be sharply reduced. It also gives
the added benefits of up to 20%
reduction in the size of executables,
better scope for the optimiser to
improve the code and reduced
likelihood of symbol crashing. The
fairly likely among number crunchers).
Whatever your background, we’re
sure that you want benchmarks for
GCC 4.0, and we are not going to
disappoint you. However, the usual
caveat that the only benchmark that
should really matter to you is the one
based on your code still applies. We
should also point out that CVS
versions of the compiler are very
different from stable versions, even if
they have the same release number,
so you should take the benchmark
results as a very rough estimate, with >>
the understanding that the stable
FFT
GCC 3.4.3
GCC 4.0
SOR ICC 8.1
Computational kernels

to keep very tight control. The advantage of using the visibility

developers of what is now gfortran
argued for tighter integration with GCC
and bet on tree-SSA succeeding when
it was still an experimental project.
Their bravery is about to be rewarded –
like any other GCC subproject, gfortran
is now the property of the FSF (for
more, see Paul Brook Q&A, page 64).
Even at this early stage of
development, gfortran has the
potential to fill the gap between
Fortran and the other languages
supported by GCC, and has been
reckoned mature enough to replace
the ageing g77 front-end, although
there is still some work to be done. In
particular, the compatibility with
Fortran 77 is still far from perfect. For
this reason, Linux distro vendors are
expected to provide a port of g77
features should be pondered on a MC
case-by-case basis; however, any large
C++ library making heavy use of
templates is expected to benefit
considerably from them. That said, it is
for C++ programs only – KDE and
MML
OpenOffice.org are already taking
advantage of this, but Gnome – being
C-based – has not and will not.
Among other improvements in LU
version 4.0, we’re excited by the
(promised) much faster C++ parser,
the new ABI for Java and the
implementation of some mathematical Com
functions on the IA32 and x86-64
architectures as inline intrinsics, for the
benefit of number crunchers. A
0 250 500 750 1,000
complete list of all the features of GCC
4.0 can be found at http://gcc.gnu. Mflops
org/gcc-4.0/changes.html.
KEY

alongside the new gfortran.

Symbol clearout
The slow start-up time of essential
software like OpenOffice.org, Mozilla,
KDE and Gnome is a common gripe
among Linux users. With GCC 4.0 this
should be greatly speeded up –
provided that software developers
make use of the new features. The key
is the new GCC visibility patch. This
offers you the possibility of deciding
which ELF symbols should be
exported (ELF is the format of Linux
executables) and which should remain
Mflops = Floating point operations
More speed
per second, in millions
Of course, everyone wants a fast
compiler and everyone expects a new FFT = Fast Fourier Transformation
release of a compiler to be faster than SOR = Jacobi SOR
the previous one. However, there is no MC = Monte Carlo integration
universal consent about the meaning MML = Sparce matrix multiply
of the word ‘faster’. Maintainers of LU = LU factorisation
large software repositories for which Com = Composite score
speed is not critical would prefer a
compiler that focuses on improving
the compilation time, while people
who deal with performance-critical 3/ Floating-point performance of GCC 3.4.3, GCC 4.0 and ICC 8.1 as
measured by the benchmark suite SciMark2, which was developed at the
software would rather benefit from US National Institute of Standards and Technology to compare processing
shorter execution times (especially if speeds of programs written in both C and Java.

www.linuxformat.co.uk LXF66 MAY 2005 63

LXF66.feat_gcc 63 15/3/05 4:36:38 pm

 GCC 4.0 UP CLOSE
PAUL BROOK: FORTRAN VISIONARY
Together with Steven Bosscher, Paul Brook made it his mission to
have a Fortran 95 front-end as a part of the official GCC distribution.
We asked Paul where the project’s at today.
LXF: How long have you been working
on GCC?
PB: I’ve been involved with GCC since I left
university in 2002, and have been working
for CodeSourcery on GCC for just over a year.
I’m joint maintainer of the GCC ARM back-
end and Fortran front-end, and spend most
of my time working on these.
LXF: Why do you believe that GCC must
support Fortran 95?
PB: Fortran is still quite widely used for
computationally-intensive numerical
simulations, particularly in academic
institutions. It is quite common for new code
to be written in Fortran 95, then combined
with legacy Fortran 77 libraries.
Support for Fortran 95 is essential if GCC
is to remain a viable alternative in this area.
GCC’s free availability and portability to a
large number of hardware and OS platforms
make it particularly attractive for a user
wanting to develop an application on a local
workstation, then migrate it to a high-
performance cluster.
LXF: How did you get the idea of adding
F95 support to GCC?
PB: My final year project at university
involved modifying a fluid simulation code
written in Fortran 95. I was frustrated by the
lack of a free Fortran 95 compiler, which
meant I was restricted to working on a few
university machines.
After finishing university I joined the g95
project. At that time g95 could parse most
Fortran 95 source, but had no real code
generation capabilities. Like most recent
university graduates I had quite a bit of spare
time, so wrote the code to glue g95 and
GCC together.
64 LXF66 MAY 2005
LXF66.feat_gcc 64
>> version will be no worse than the performances are plotted in Fig 3 (for
experimental one. details about the various tests, refer to
The same applies to gfortran, the home page of the benchmarks).
which at the moment runs at about GCC 4.0 overperforms its
half the speed of the Intel Fortran predecessor in most tests, often by a
Compiler version 8.1 in our self- wide margin. Even more excitingly,
developed Fortran 90 benchmark GCC 4.0 now runs neck and neck with
suite (we could not compare directly the Intel compiler, and outperforms it
LXF: Why did you decide to fork g95?
PB: The original g95 author likes to keep with GCC 3.4, since Fortran 90/95 by a significant margin in at least two
very tight control of the project, ensuring support is a new feature of GCC 4.0). tests. Still, at the moment a tedious
that all code meets his personal standards With all this in mind, we tested the optimisation bug (a wrong move of
and ways of doing things. We felt that it performance of the code generated floating-point variables through integer
was important to have a more open by GCC 4.0 CVS with the SciMark2 registers) affects the performance of
development environment, and to work
benchmark suite (http://math.nist. GCC 4.0. As this bug will be fixed
more closely with the rest of the GCC
community. Our initial goal was to integrate
gov/scimark2), designed for gauging before the official release, expect the
gfortran into the main GCC CVS repository, the speed of floating-point operations, official version to perform much better
making it part of official GCC releases. and did the same with GCC 3.4.3 and than in our tests. We don’t expect you
the Intel C Compiler release version to have a dual Opteron on your desks,
LXF: Is there any cooperation among 8.1. For the GNU compilers we used so we repeated the tests on a Pentium
the two Fortran implementations of
the optimisation flags IV 1.7 GHz with 768 MB of RAM, which
GCC? For instance, are you exchanging
‘gcc -O3 -funroll-loops -D__ threw up roughly the same results.
code for the libraries?
PB: No, not much. In practice the two NO_MATH_INLINES -ffast- The tests confirmed our hopes that
projects have diverged sufficiently that math -march=opteron - GCC 4.0 will be a great release. But
most changes do not transfer easily. mfpmath=sse,387 -ftree- the GCC developers have no time to
There has also been some difficulty vectorize -onestep -fomit- bask in the glory, since they are
obtaining up-to-date versions of the g95 frame-pointer -finline- already working on new features and
source code.
functions -static’ additions. GCC still lags behind
except for the -ftree_vectorize commercial competitors in the high-
LXF: What needs to be done to
consider the implementation complete? option, which is specific to tree-SSA performance computing market, and
PB: Gfortran should still be considered (other tree-SSA optimisation options we expect this gap to be filled pretty
beta quality. Most Fortran 95 language are automatically activated by the -O3 soon. The GOMP project (http://gcc.
features have been implemented, and switch). For ICC we used: gnu.org/projects/gomp), aimed at
some large applications (eg the SPEC ‘-O3 -tpp7 -xW -ipo -align - providing support for the powerful
CPU2000 benchmarks) can be
Zp16 -static’. OpenMP parallel instruction extensions,
successfully compiled. However, there are
still many bugs, and many of the language
Without the static option, which would is an initial step in that direction. LXF
extensions supported by g77 aren’t yet have hidden the features we were
implemented. interested in. The compilation time on
I’ll consider gfortran done when the few 4.0 was on average about 10% slower ACKNOWLEDGEMENTS
remaining corners of Fortran 95, and most than on 3.4.3, and the size of the
of the extensions supported by g77, are Thanks to Vladimir Marakov, Paolo
executable was about 2% larger. The
working. GCC 4.0 will be the first GCC Bonzini, Uros Bizjak and especially
generated code was then executed on Richard Guenther for discussing
release to include gfortran. We expect that
by then gfortran will be usable for many a dual AMD Opteron 244 processor optimisation flags in GCC 4.0.
purposes, though it may not be suitable as machine with 4GB of RAM. Measured
a production compiler or as a direct
replacement for g77.
LXF: Do you have any idea of how
gfortran compares in terms of
performance with commercial
implementations such as Intel’s?
PB: For Fortran 77 code gfortran should
generate code that is at least as good as
g77, and comparable to many commercial
compilers. For some complex Fortran 95
code we generate code that is significantly
slower than commercial compilers. Most of
the work on gfortran is concerned with
correct implementation of missing features:
there’s a lot of work left to do to improve
performance. Having said that, gfortran
uses the same optimisers as GCC and
G++, so any improvements to these will
benefit gfortran. GCC 4.0 will contain many
new optimisations, like autovectorisation.
These should help close the gap between
gfortran and commercial compilers.
www.linuxformat.co.uk
15/3/05 4:36:40 pm
 INTERVIEW STEPHEN TWEEDIE
D
espite most of us thinking
that the ext3 journalling
filesystem is a finished work,
development on it continues
at a furious pace in the 2.6
kernel. The coders behind it
– spearheaded by author and Red Hat
fellow Dr Stephen Tweedie – continue
to make it more stable while
squeezing out all the performance
they can.
Mr Reliable
Writing a filesystem takes a programmer a cut above the rest. Writing a
filesystem that’s reliable to the extreme? That takes Stephen Tweedie…
We caught up with Dr Tweedie and
asked him about his original vision for
ext3, his plans for the future and what
else he finds cool in the kernel…
LXF: Everyone knows you for ext3
– you’re the man that made it
happen. Can you tell us what your
design goals were?
ST: I am fundamentally very
concerned with filesystems. I believe
that filesystems should be – as far as
a user is concerned – an amazingly
boring thing. Once your filesystem
starts displaying curiously interesting
behaviour you start to worry.
I got involved with ext2 early on,
working on the performance side of
things. I wrote the defragmenter, and
that had to interact with ext2. Ext2
had no intelligent placement policy for
placing stuff on disk, and any
defragmenter had to interact with
what the kernel was placing – called a
usermode defragmenter.
So, I got involved with ext2 doing
the enhanced block allocation stuff,
and it was just a gradual process of
improvement on ext2. But really, a lot
of that stuff we did early on was
making it stable and getting the really
hard bugs out of it. There were one or
two core VFS bugs very early on in
66 LXF66 MAY 2005 www.linuxformat.co.uk
LXF66.iview 66
Linux that took a long time to flush
out – just generally stabilising.
For ext3 I simply wanted to
continue that, to add journalling so
you didn’t have to do a complete
filesystem check every time you
crashed, The goal was to make it as
completely compatible as possible –
no rewrites of the code, no major
unnecessary changes. Just as simple
as possible: add journalling.
The idea was to copy the codebase
from ext2 to ext3. The only reason it
has a different number is that I wanted
to work with both filesystems in my
tree at the same time, so that I had
my system running on ext2 and could
have a test filesystem running on ext3
for development. Ext3 is just ext2 with
an extra inode on disk. Ext2 has a
number of reserved inodes defined
already; we’re using them for the
online resize inode, access control lists.
You can create an ext3 filesystem,
unmount it then remount it as ext2
and it will be fine – the two are
completely compatible. This
compatibility is there so that people
could upgrade transparently from ext2
to ext3 just by adding a journal.
LXF: A lot of people, including us,
view ext3 as a finished work.
ST: No software is ever finished – at
least until the author decides he isn’t
going to write code for it any longer.
“COMPROMISE IS PRESENT
IN EVERY PART OF KERNEL
DEVELOPMENT.”
LXF: So you’re still adding to
ext3?
ST: The whole on-disk filesystem has
versioning flags and feature flags in
the superblock. Those flags allow you
to add new features, and to record in
the superblock which of these features
are present.
LXF: Could you explain superblock
for our readers?
ST: The superblock is a sort of header
that tells the kernel… it describes the
layout of the filesystem. When your
system boots up, the superblock is the
first thing the kernel looks for – one of
the things on there is the feature flag
‘is the journal enabled?’.
As an example, there are a few
different feature sets. One is
‘compatible’, the other is ‘read-only
compatible’, and one is ‘incompatible’.
When the kernel is told to mount a
filesystem, and it sees an unrecognised
feature on that filesystem, it will react
according to which feature it is. If it is a
compatible feature, it will just mount
the filesystem anyway.
So, for example, if you had a
feature that says, ‘there’s extra
performance information on this disk’,
you can actually use the filesystem
safely without that information, so
that’s a compatible feature. If it’s a
read-only compatible feature, then
you say ‘well, the disk is laid out that
the kernel can read, but there’s extra
stuff you don’t know about that has to
be kept consistent, so it’s not safe for
an old kernel to write to’. An
incompatible feature is one that says,
‘there’s something on this disk that you
just don’t understand, so don’t try to
mount it at all’.
In ext3, the journal is a compatible
feature. The existence of a journal file
doesn’t stop you mounting it as ext2
with an older kernel. However, when
ext3 is mounted and the journal is
active, it sets another feature flag that
says the journal needs recovery and
that the feature flag is incompatible.
That stops you mounting an unclean
ext3 filesystem as ext2 and losing the
journal recovery. Once the journal has
15/3/05 5:53:56 pm
 INTERVIEW STEPHEN TWEEDIE

been recovered, that clears the flag inode tables and ones that organise it definitions, but it does require some
and you can mount it as ext2. as a tree. There are flexibility small amount of filesystem work.
These feature flags give us a way of advantages in both – you can grow
expanding the filesystem’s capabilities the number of files in a system that is LXF: You mentioned what changes
without having a completely new not statically allocated, but in a system were needed to enable SELinux;
revision of the filesystem. Recently that is statically allocated you can and it’s a given that they were
we’ve had the extended attribute code recover deleted files. going to be prioritized quite highly.
go on, and online resize has gone in. The ideal would be that most users But how do you determine the
One of the recent [additions] was large would not encounter these special priorities of other extensions and
inodes – you can have inodes larger edge cases. SELinux has been one of new features – is it just by what
than 128 bytes on disk. That has been the concerns recently, where ext3 and things you personally think are
used to allow us to put some of the
extended attribute into the inode block
XFS were the first two to get the
necessary extended attribute support;
cool, or are they things that are
demanded by the community?
>>
itself – it’s more efficient that way. Reiser came later.
All these features are just marked
in the superblock how compatible LXF: So Reiser now supports
they are. We haven’t had to do a new SELinux?
ext4 for any of these. ST: Reiser3 supports extended
attributes, and I’m fairly sure that it
LXF: There are obviously a number supports SELinux too – I would have
of different Linux filesystems, and to double-check that. SELinux requires
some seem to have certain a way for the filesystem to let the rest
notoriety for particular of the kernel know whether this is a
applications. XFS, for example, is special reserved attribute or not. We
claimed to be faster when dealing don’t want normal users to go around
with bigger files. Is it necessary to changing the SELinux context on their
make compromises to ext because own files, so there has to be some way
it’s a general filesystem, or can of flagging what kind of attribute this is
any filesystem include these at the filesystem level. Typically that’s
enhanced features? just a case of adding a flag
ST: Well, ext3 is being continually somewhere in the filesystem
enhanced. The hashed directory trees
allow us to have many more files in a
single directory efficiently. 2.6 has
redone a lot of the locking in ext3 to
make it more scalable in SMP, and
also more scalable when you have
many parallel transactions going on.
But there will always be other
filesystems, and there will always be
room for filesystems that are
customised for specific workloads. The
flash filesystems, for example, are very
specialised, and even in general on-
disk filesystems there are things that
are still not in ext3 that are helpful in
certain situations. XFS has extent
maps, so an entire large chunk of disk
can be mapped by a single descriptor
in an inode so that you have much
less metadata to hunt through when
trying to map a large file to disk.
There are some fundamental
differences between certain filesystems,
but not that many. If you think about
LFS [the log-structured filesystem] –
that has a very different way of dealing
with filesystems, and completely
different performance characteristics.
Most of the Linux filesystems – ext3,
JFS, XFS, and Reiser – don’t do that.
You have a difference between
filesystems that statically allocate their

www.linuxformat.co.uk LXF66 MAY 2005 67

LXF66.iview 67 15/3/05 5:54:00 pm

 INTERVIEW STEPHEN TWEEDIE
Mr Reliable
>>
ST: It’s a combination. Partly it’s how
easy is it do to. I had a vague design
for ext3 long before I started working
on it. But I was working on DEC [now
part of HP] at the time and didn’t
have the time to sit down and do the
journalling layer. Once I started
working for Red Hat it was much
easier to find that time.
There are other extensions that are
relatively minor, and much easier to do
in my spare time while at DEC, so that
was part of it. The ext3 reservations
code that went in was started off by
people at IBM. In those cases I helped
do all the final code reviews, tidying
“THERE’S ALWAYS A
TRADE-OFF BETWEEN THE
BENEFIT AND RISK OF A
NEW FEATURE.”
68 LXF66 MAY 2005 www.linuxformat.co.uk
LXF66.iview 68
them up to get them into proper
shape to get them into Linus’s kernel.
There have been many other people
involved, so partly it’s what others are
able to develop.
But my aim is to have a filesystem
that is reliable and usable. That means
that performance bottlenecks and
required functionality are more
important to me than adornments like
shiny bells and whistles.
LXF: So there’s a compromise
between things you want to work
on and getting the existing stuff
reliable?
ST: Yes, but that conflict is present in
every part of kernel development. It’s
one of the big debates we’ve had in
2.6: to what extent should Linus’s tree
be stable? The feature rate in 2.6 is far
higher than we had in 2.4. We have
Andrew Morton’s -mm tree for a
proving ground before it goes into
Linus’s tree, so things have a chance
to stabilise.
But there’s always a trade-off
between the benefit a feature would
give and the risk of changing code.
That’s one of the main values that
vendors have – even within the
kernels that Red Hat produces, you
have a choice between the rapidly-
changing Fedora that has a higher risk
kernel and the ultra-conservative,
change-as-little-as-possible Enterprise
Linux kernels. There’s a whole
spectrum of risk trade-offs there, and
one of the advantages of Linux is that
you get to choose. I run Rawhide on
my laptop, but I wouldn’t recommend
you run it on your enterprise Red Hat
web server.
LXF: The ReiserFS team make a
big deal out of their filesystem’s
performance. If what they say is
true – if Reiser really is much
faster than everything else out
there – why don’t you join their
efforts?
ST: I don’t have any particular interest
with working on Reiser. There are
plenty of other things I would quite
like to get involved with. I feel I have a
responsibility to ext2, I feel I need to
help continue that. But if in three of
four years’ time another filesystem is
so far ahead of the field that it’s
clearly the only one to use, then good
on them! It may be that there are still
compromises and that people want
choice; choice is always a good thing.
LXF: So apart from ext3, what
other things are there in the
kernel that are cool and that
interest you?
ST: Well, in the last 12 months it was
SELinux. Right now, I think that Xen
virtualisation is looking very interesting,
and I can see that eventually giving
me the ability to test a cluster on a
single box. I get kernel boot times of
about ten seconds on a Xen partition.
With boxes with SCSI adaptors and
lots of memory, it can take two or
three minutes just to get through BIOS
when doing a physical reboot, so there
are all sorts of advantages as a
developer for using Xen.
LXF: Will Xen be shipped out of
the box with RHEL?
ST: No, but it is now in the Rawhide
tree for Fedora, though there is still
lots and lots to be done there. They
are only starting to get SMP tests
working, and the only stable tree is
x86. They are still working on x86-64
and IA64. I hear that those ports are
going well, but they aren’t really stable.
It’s so new that until people start
deploying it and testing it widely you
just don’t know it will work.
You don’t make an enterprise
product just by doing some testing –
you get lots of people to test it, you
stress all sorts of edge cases and
corners that you wouldn’t anticipate.
Until it’s had that kind of exposure, it’s
not really trustable for enterprise work.
That kind of technology is interesting,
and having it in Fedora is a great way
of getting more people using it. Purely
from a developer’s point of view,
virtualisation is really cool. I used to
use QEMU to run virtual hosts. It’s a
bit slow, but it’s useful. User-mode
Linux has been useful in the past.
Kernel development is
fundamentally different from
userspace, because kernels don’t
behave repeatedly. If you run a user
program, you expect it to run in exactly
the same way each time. But in the
kernel the timing is always important –
tests are never quite repeatable,
especially for the filesystem. Having
virtualisation is one of these tools in
the toolbox that will help.
LXF: We can’t even imagine how
you’d start to debug a
filesystem…!
ST: All sorts of ways. You sit there
adding print statements to the kernel
15/3/05 5:54:04 pm
 INTERVIEW STEPHEN TWEEDIE

“I DON’T HAVE ANY PARTICULAR

INTEREST WITH WORKING ON REISER.”
and see what comes out. One of the
things in the 2.4 kernel that helped…
Andrew Morton added a buffer history
to ext3 so that you can trace activity
of usage in the filesystem, If something
goes wrong, you can easily identify it
and figure out how it got there.
This allows you to find out why it
went wrong. Sometimes it’s just a
matter of staring at the code and
trying to reproduce it enough times to
finally make it crash – something that
gives you an “aha!” moment.
I had a problem I spent three
weeks trying to solve, and it turned out
to be a hardware fault. It looked like a
software fault, because if I built the
scheduler with a particular set of
compiler options it worked fine, but if I
used a different set of options it broke.
So I was going through the assembly
listing saying, “OK, which bit is being
miscompiled… which optimisation is
going wrong and breaking this?” Then I
changed the hardware, and it was fine.
So that’s always been something
that I’ve enjoyed doing. Of course, I
wear two hats – my Red Hat and my
kernel developer hat. For Red Hat,
that’s still part of what I do. Customers
coming in with problems have Level 1,
2, and 3 support, but eventually
problems that have been properly
categorised come down to engineering
for debugging and fixing.
That side of my work isn’t actually
very different to being in a support
organisation for a company. The other
side of things, kernel development,
isn’t very different to what I was doing
part-time while working at DEC. That
hasn’t changed very much, although
now it’s actually being done on >>
company time!

LXF: As a high-profile contributor

to the Linux kernel, do you find it
hard to work on such a visible
project?
ST: Doing what I want to do is largely
what I am doing. 1.2.13 was a relatively
stable kernel, but we had a number
of users who were really
pushing it to the limits.
There were people
running 100 modems
off the back of a single
Pentium 200. They were
pushing the PPP stack
really hard, so there were a
few of us – Alan Cox, myself, and
others – who were maintaining a
branch called 1.2.13LMP.
Part of what I like doing with Linux
is making it really reliable, and that
was essentially become a
maintenance engineer. Some of the
things that Alan was doing was taking
a variable-frequency square wave
generator, plugging it into a serial port,
then ramp the frequency up to see
how quickly the machine dies. He
fixed some amazingly subtle bugs in
the serial stack doing that, and ended
up with a machine that would happily
run for years on end.

www.linuxformat.co.uk LXF66 MAY 2005 69

LXF66.iview 69 15/3/05 5:54:08 pm

 INTERVIEW STEPHEN TWEEDIE
“IT’S HARD TO MOTIVATE
PEOPLE TO FIX BUGS IN
FIVE-YEAR-OLD CODE.”
Mr Reliable
>>
LXF: Are there many trade-offs
between what you want to do and
what Red Hat needs you to do?
ST: Well, sure – there are always trade-
offs. It’s hard to motivate people to fix
bugs in five-year-old code. But one of
the promises we’re making to our
customers is that Enterprise Linux 2.1
– 2.4.9-based code – will still be bug-
fixed. As a developer you usually want
to work on the cutting-edge stuff. And
OK, that’s still valid – that’s part of
being a developer.
But I believe you don’t really
understand code until you have
debugged it, and that goes for code
that you have written yourself. You
write a whole pile of code, then
discover a subtle bug in there. And
while fixing that bug, you suddenly
realise that there’s an aspect you
didn’t understand properly, and you
70 LXF66 MAY 2005 www.linuxformat.co.uk
LXF66.iview 70
learn a bit more. Debugging and
finding these problems is a part of the
development process. If you were just
working on upstream, you would like
to do that on 2.6.
With Red Hat, we have customers
who will want those fixes on 2.4.9. I
wouldn’t say there’s a conflict of
interest, but there’s stuff you’re doing
for commercial reasons as opposed to
just being interesting. But I’m
interested in making this stuff usable,
so that’s OK.
LXF: Would you describe yourself
as a good coder, then, or do you
get many patches rejected?
ST: I would hate to try to characterise
myself like that – you would have to
ask somebody else! But I don’t usually
get too much rejected. A lot of the
time that’s because patches initially go
out as requests for testing and
requests for comment. By the time
you actually submit that to the kernel,
you’ve already had quite a lot of
feedback – you’ve addressed a lot of
the problems with the first version. So
it’s an iterative thing.
This is one of the things that
commercial companies have had to
learn when dealing with the
community. There has been a
temptation to go off and write some
new feature, then try to give it to the
kernel and dump a pile of code.
Upstream doesn’t like that. They like to
have a set of patches that address the
problem, that are broken down into
clean, well described subunits. If you
follow that way of business with
upstream, then people have a good
chance of seeing the patch,
understanding what it does, and
commenting on it.
You’re not saying “please merge
this” the first time you have a version.
You say, “here’s an initial prototype,”
and you’ll get comments from the
community about what its good and
bad points are. So, you’re not actually
getting rejected at that point, because
all you’ve done is floated an idea – not
submitted it for inclusion. LXF
15/3/05 5:54:12 pm
 LINUXPRO SECURITY
SECURITY
THE NEXT
BIG THREAT?
Worried about the future? Given the growth of
spyware, perhaps we all should be, says Nick Veitch.
Computer viruses have been with us for some time. Although headline-grabbing tales
like the Melissa and Kournikova outbreaks alerted the world to the dangers of viruses
and their devastating power, we have, to be frank, got off lightly so far. Plenty of
people have suffered badly at the hands of some virus strains, but in most cases – even
when the virus caused substantial damage – companies have got up and running again
in fairly short order.
Aside from that, pretty much everybody now uses some
form of virus scanning, either at the mail gateway, on the
desktop, on the server or (in smart companies), everywhere.
There are plenty of solutions available from reputable
companies, and keeping up to date isn’t much of a problem.
We shouldn’t get complacent, but viruses are not the threat
they once were.
In many ways, adware and spyware are building up to be
the bigger headache. With viruses, most attacks are apparent
fairly immediately. Even though they can cause devastating
damage, they can to an extent be protected against, and a
sensible backup policy will mean that no critical data is lost.
SILENT MENACE
The dangers posed by spyware are completely different.
Often in the form of cookies and occasionally legitimate,
spyware applications at the simplest level monitor a PC user’s
behaviour online. A hacker can gather personal data this
way; or a company can trigger ads when the user visits a
certain site (this is adware). Apart from those that make their
annoying presence felt, spyware applications slip on to
systems without a sign and exist happily without being
Use a firewall like this Astaro AA10 in
combination with other security tools
such as content filtering, which you
can get from Astaro on subscription.
72 LXF66 MAY 2005
LXF66.adware 72
spotted. A recent survey conducted by Cyberguard found
that the average Windows desktop has 13 adware or spyware
components installed.
In the past, adware has not raised too many concerns.
The more annoying examples may reset browser homepages,
rewrite search results or layer specific ads over the browser
window. Though this doesn’t result in any damage, it can still
be a tremendous waste of bandwidth – some analysts
estimate that the content-heavy ads served up by such
software can account for 40–50% of the web traffic going to
an affected browser. Of course, many adware applications are
‘legitimate’, in the respect that the software itself requires the
user to accept advertising as a condition of use. Whether
they have been installed legitimately is another matter.
The line between adware and spyware becomes blurred
when the software component also relays your surfing habits
back to base, or keeps a record of the ads that you clicked
on. More obvious spyware may attempt to locate useful
information in your user account area. It can target simple
stuff such as your email address books, but spyware has
been found that searches through text files for useful
numbers, potential passwords and so on. Spyware isn’t just
about stealing saleable contact data anymore, it can do a lot
of the donkey-work for identity theft, too. Identity theft is one
of the fastest growing crimes in the UK, and in spite of the
adverts, it isn’t always as a result of Alistair McGowan
rummaging through your bins – online fraud is surging, as
recent reports have revealed.
While this is all very disconcerting for the home user, it
should strike slightly more fear into the corporate
environment. Theft of data from workstations may result in
more than the regrettable but hardly life-threatening loss of
an employee’s credit-card details. What if the spyware were
able to make off with some customer data?
LINUX IS SAFE... RIGHT?
Linux is inherently more secure than many other desktop
operating systems. The lack of user access to core system
files is a great safeguard. However, it is still possible for
malicious software to manipulate and install itself in the user
filespace, and even run itself from there. It may only have
access to the user’s data rather than the whole filesystem,
but this is all most spy- or adware needs.
As Linux use increases, and open source software
becomes more of a target, there is a real possibility that
17/3/05 10:21:47 am
 Linux-based malware will evolve. For the moment Windows
desktops are those most under threat. This is good news for
those with heterogeneous networking solutions, because
Linux can form part of a possible solution.

DEFEND IN NUMBERS
Because adware and spyware components very often use
the same web services as those used by browsers for normal
operation, it is rather difficult to keep them out using software
layers or even firewalls. A firewall may block dodgy sockets
being opened, but when the data appears to be a
straightforward web request, it’s a little harder to protect
against. And while most ISPs these days will run anti-virus
and anti-spam software as a service for users, adware
blocking is not something that’s easy to operate in this way.
There are plenty of adware-blocking clients. Even
Microsoft has acknowledged the threat, offering a free
downloadable adware scanner. It is certainly advisable to
deploy the clients – it can’t hurt – but it may be a mistake to
rely on them alone. Essentially they work in the same way as
anti-virus software. They have a ‘brain file’ of known problem
software which they scan for and remove.
Unfortunately, users can’t be relied upon to update the
software, or to run it. Even when the clients are set to
autorun on start, users can often find ways of interrupting
them to get on with work. And of course, many scanners
won’t stop the software being installed in the first place;
they’ll just remove it once it has breached the firewall.
A good backup defence may be content filtering. From
the fairly crude solution of preventing certain file-types ever
getting to the browser in the first place, to a more complex
solution involving what type of data is allowed to be
transferred and where, content filtering allows a
proportionate response to the dangers of spyware. It’s no
magic bullet: steps still need to be taken to prevent spyware
being installed by other means (such as from locally-

“SPYWARE ISN’T JUST ABOUT

STEALING DATA ANY MORE.
IT CAN DO A LOT OF THE DONKEY
WORK FOR IDENTIFY THEFT, TOO.”
mounted CDs). A simple host blacklist may not be sufficient
to negate all threats, but at least more advanced content
filtering software can dynamically filter out suspicious data.
There are plenty of Linux solutions for content filtering.
Those you might consider include:
■ SurfControl (www.surfcontrol.com) A commercial tool
that offers rules-based as well as list-based filtering.
■ Dansguardian (http://dansguardian.org) Excellent open
source (GPL) filtering, but it does require some user setup.
■ Astaro (www.astaro.com) Astaro produces a secure
Linux distro and a number of appliances and software.
■ Smoothwall (www.smoothwall.com) A module
supported by SmoothWall for its corporate software editions.
The idea of using content filtering to protect against
adware and spyware connections may not yet be fully
developed – but it will be and there’s nothing to stop you
using the more advanced solutions right now. ■■■

LXF66.adware 73 17/3/05 10:21:50 am

 LINUXPRO TRIPWIRE

SECURITY

INTRUDER
ALERT!
Don’t trust your defences to a firewall alone.
Nick Veitch sets up some booby-traps.

Securing your systems with iptables-based firewalls is sensible. Locking down

services and closing ports you don’t intend to use is equally so. But you can’t leave most up-to-date version already if you have a fairly recent
security at that. Sure, nine times out of ten, when someone exploits a vulnerability distro. Packages are available for SUSE, Fedora, Mandrake,
and compromises your server they’ll leave a trail like a radioactive slug, which you’ll Debian and so on, or you can grab the source from
be able to use to fix things up again. But malicious hacker number ten may be http://sourceforge.net/projects/tripwire.
smarter, and leave no clues about how they got in, or what they are up to... Whichever way you get it, you’ll still need to do some
work. As Tripwire is policy-based you need to create the
policy files for your system. Let’s take a look at the build first.
A typical modern Linux workstation can have a quarter of
a million files on it – KDE alone has over 16,000 INSTALLING TRIPWIRE
components – and there’s no way you can spot when a While Tripwire comes packaged with most modern Linux
corrupt binary has appeared, or a configuration file subtly distributions the installers won’t set Tripwire up to work
edited, without outside assistance. effectively with your system – they’ll usually provide a
Any good intrusion detection system should be able to generic set of configuration files and nothing else.
securely monitor the files on your server or desktop and Also note that Tripwire 2.3 is only suitable for Intel Linux
detect suspicious changes. One such tool is the excellent systems, while earlier versions ran on BSD and non-Intel
Tripwire. Tripwire is a policy-driven filesystem scanner – that is, Linuxes, as well as other Unixes. For this reason, some quite
it has a predefined set of configuration files and a database early versions of Tripwire are still kicking about; for example
that tells it what your filesystem should look like. You can SUSE 7.3 ships with Tripwire1.2 rather than Tripwire 2.3. You
safely exclude those chunks of the filesystem that aren’t can use the older, free, Tripwire; or download the Tripwire 2.3
important to system integrity, such as individual user sources from SourceForge and compile them yourself.
accounts: serious hacking attempts focus on subverting the Kim and Spafford wrote To do this, extract the tarball, cd into the src subdirectory,
operating system tools, and user data is rarely a target. Tripwire in 1992 while at and type make release.
Indiana’s Purdue University. Kim
When you first run Tripwire, you create a baseline is now CTO of the corporation tar xvzf tripwire-2.3.1-2.tar.gz
database that contains a snapshot of your important files that sells enterprise versions. cd tripwire-2.3.1-2
(and an MD5 checksum for each of them). You then place
the baseline database on a read-only medium such as a
write-protected floppy disk or a CD, so that if a hacker gains
access to the machine they can’t spoof the database.
Subsequently, you run the Tripwire tool to scan the
filesystem, and it will report only those files that have
changed. If you are confident that the machine is secure and
the only changes are official ones, you can merge approved
changes into a new baseline database copy: if you’ve been
attacked, the output from Tripwire will tell you what files the
attackers have changed.
Tripwire1.x was originally a free software project, released
under the GPL and written to run on any Unix system. The
developers subsequently created a company, Tripwire
Security (www.tripwire.com), to sell commercial versions
of Tripwire and ‘change auditing’ products for business.
However, the GPL version of the software is still available,
supported by Tripwire the company. This app hasn’t changed
much in the last couple of years, so you should have the

74 LXF66 MAY 2005 www.linuxformat.co.uk

LXF66.tripwire 74 15/3/05 6:03:29 pm


cd src
make release
The makefile provided with the sources doesn’t install
Tripwire 2.3; to do that, you need to edit the file install.cfg
(located in the subdirectory tripwire-2.3.1-2/install/),
specifying the directories you want the Tripwire programs to
go into, the various Tripwire installation options (such as the
SMTP host to email reports through), and so on. Then run
the script install.sh:
sh install.sh
This script reads the settings in install.cfg, edits the
template configuration files that come with the distribution,
and installs everything. It will also prompt you for a
passphrase and uses this to digitally sign the configuration
file, policy file, and database files (to make unauthorised
modification harder).
MAKING POLICIES
To set up Tripwire1.2, you need to create a tw.config file.
This contains a list of directories to be scanned, and the type
of changes Tripwire can safely ignore without reporting to the
owner. The resulting information is collected in the tw.db
database. Having created a tw.config file, you need to run
tripwire -initialize to build the first tw.db file. This will be
created in the directories specified to hold databases (at
build time), and will be called tw.db _hostname (where
hostname is the name of your computer).
Tripwire 2.0 stores files in /etc/tripwire by default. The
file tw.cfg stores the location of Tripwire’s data files, while
the Tripwire policy file, tw.pol, specifies what system
resources Tripwire should monitor, how the data should be
collected, and who should be notified of policy violations. The
files site.key and hostnamelocal.key are protected using a
passphrase, and must be unlocked in order to decrypt the
Tripwire configuration files before virtually any operation
The command-line tool twadmin is used to manage
these keys. Finally, the Tripwire databases are stored in a
subdirectory called /var/lib/hostname.twd/, and report files
are created under /var/lib/tripwire/report. To set up
Tripwire 2.x, you use twadmin; its manual page will give you
all its options, but for now note that twadmin --print-
polfile prints the policy file in readable form. You can save
this, edit it, and replace the policy file with
twadmin --create-polfile policyfile.txt
and twadmin will prompt you for the site password before
encrypting the new policy file. The Tripwire 2.0 policy file
format is defined in depth on the twpolicy manual page.
Having specified a policy (or accepted the default one
created by install.sh), Tripwire 2.x users should create a
default database like this:
/usr/sbin/tripwire -m i
Please enter your local passphrase:
Generating the database...
*** Processing Unix File System ***
### Warning: File system error.
### Filename: /usr/sbin/fixrmtab
### No such file or directory
### Continuing...
Wrote database file:
/var/lib/tripwire/np1.plopcast
The database was successfully generated.
LXF66.tripwire 75
The task of editing a Tripwire
policy file is made easier by the
comments littered throughout.
CHECKING THE
ESSENTIALS
One useful tip to prevent disk
thrashing and report overload is
to maintain two separate
databases/policies for Tripwire.
This requires some advanced
setup, but does mean that you
can set up a very fast system
for a small set of crucial files
(index.html or /etc/passwd
for example) that can be run
every ten minutes without
compromising the performance
of the server, saving the more
detailed checks for less
frequent intervals.
www.linuxformat.co.uk
TRIPWIRE LINUXPRO
The warning in the preceding code indicates a file that is
labelled in the policy but wasn’t actually found on the
filesystem – this will happen a lot if you just modify the
default policy files. While it won’t stop the software from
working, too many of these bogus files could prevent you
from spotting a real problem!
TRIPWIRE IN EVERYDAY USE
To check your filesystem against the baseline database, and
report deviations (such as changes to system configuration
files or programs) using Tripwire 2.3, run:
tripwire --check --email-report
Tripwire will write a very lengthy report and email it to the
administrator you have designated. The level of reporting can
be specified in the config files, and it is strongly
recommended that you are very careful with it. If Tripwire is
sending out 30-page emails every half hour, you aren’t going
to be any better off than when you weren’t using the
software at all, because after the novelty wears off, the
reports will just get binned.
It is best to add the check to root’s cron jobs. How
frequently you run it may depend on a number of factors
such as:
■ How much damage could be done on your server.
■ How much time you have to spend on admin.
■ How busy the server is.
■ How big a filesystem Tripwire is checking.
Because the report generation means checking all the
marked files, be aware that the process will involve a lot of
disk access and possibly a fair amount of processor time.
When you change files legitimately on the server, you’ll
need to remember to update the database. This can be
done with the command tripwire --update, which will
generate a report, then throw you into a text editor where
you can enter Xs in checkboxes against each changed item.
Tripwire will then digest the report and update its database
accordingly as long as you give it the correct password. You
should take the time to be sure that your system is clean at
the time of an upgrade, otherwise modified files will slip
through your defences.
Tripwire will not prevent your server from being hacked. It
will not stop someone from hijacking your site to send spam,
nor prevent them from installing a root kit. However, it will tell
you that these things have happened, and in a way that
enables you to take action in a timely manner; and can even
direct you towards what sort of action you need to take.
As part of any co-ordinated security plan, you need a tool
like Tripwire. ■■■
LXF66 MAY 2005 75
15/3/05 6:03:36 pm
 TUTORIAL First Steps: Kino

FILM EDITING AND SPECIAL EFFECTS

First steps with Kino

PART 2 With footage captured in the correct format, Andy Channelle moves on to the editing phase in
his quest to create the perfect home video – My First Sports Day meets The Big Channellski.

Film-making enthusiasts are being spoiled these days: This is just a case of dragging scenes and dropping them in the
the advance of digital video editing software makes it desired slot. Remember that this won’t change the content of
easy to craft creative, sophisticated home movies. Last each scene; we’re just messing with the order. It’s also possible
month we used the open source package Kino to control a to completely (and safely) remove a scene by selecting it and
standard consumer grade video camera and to capture raw doing Edit > Cut.
digital video of a school sports day ready for editing. This time Should you get completely tangled up in files, just slide the
we’ll start to move the footage around to create the right effect, line dividing the scenes from the preview window to the right to
trim start and end points, and work with some of the transitions see each scene’s file name. This will also show their original
Kino provides to avoid the jerky jump cuts that usually position in the project. We’ll need this extra information shortly,
characterise home videos. for more advanced editing.
The captured scenes should be stored at the pre-defined
location on a hard disk and named numerically. We could
reassemble the contents of our tape simply by playing these
files back in the same order, but that would defeat the object of
editing; which, according to Dictionary.com, is defined as putting
something in “an acceptable form”. In other words, while you
may be thrilled at watching five minutes of teacherly preamble
before the big 3A Infants flat race, your audience will probably
just want you to get on with it.
The first part of the editing process is ensuring that the files
are in the correct order. Of course, they may have been shot in
the intended order, but if not we can move scenes around to
create the desired effect. The simplest way to do this is to
launch Kino, open the previously-saved project – we’re treating
the project as separate from the raw video – and then use the From this directory full of raw footage we’ll cut scenes
mouse to order scenes in the left-hand pane of the interface. and add effects to create something Oscar-worthy.

78 LXF66 MAY 2005 www.linuxformat.co.uk

LXF66.tut_begin 78 15/3/05 4:08:04 pm


Once running order is sorted, it’s time to make some
changes to individual scenes. The most fundamental thing we
can change, the very essence of good editing, is the timing.
Kino makes it really simple to adjust the start and end points of
individual scenes within a sequence without altering the
underlying footage.
Going back to our sports day capture, it’s noticeable that
section 14 is a rather long, static shot and could do with a trim.
To do this, select the chosen scene in the left-hand pane to
take you to the beginning of the scene, then hit the Trim tab on
the right. In the most basic use of this section, there are two
ways to define the ‘in’ and ‘out’ points for a scene: visually or
numerically. To do it visually, simply grab either of the right-
angled triangle markers on the blue line immediately beneath
the preview. Move the left one to change the in point, and alter
the out point by moving the triangle on the right.
Ruthless editing
Beneath the blue line are two text entry boxes and some icons
that allow more precise editing of the in and out points. The text
boxes allow us to edit points numerically – these values are
reset for each individual scene, so they won’t correspond to the
position of the scene within the whole project. Additionally. each
‘in’ point will default to 0.0000 min. To change this, just append
the figures.
The triangles next to these boxes will set the in or out points
to whatever position the playhead is in, which is ideal for
watching the preview and using the Stop button in combination
with the Step Forward/Back One Frame buttons for more
precise control. The next button in the sequence will reset the
points to the start and end of the actual file.
In the centre of these two sets of controls is a broken chain
icon. Selecting this will link the in and out points, so moving one
will also move the other. This is especially useful when you have
a long take and a specific space or time in which to insert it. Set
the two points at, for example, 0.000min and 1.0000min and
you will have a one-minute section set. Hit the chain icon and
move the in point marker to select any one-minute section
within the scene.
Finally, at the far right of the icon set is the Looping option.
By default the selected clip will loop around the entire length –
when it comes to the end it will immediately begin to play back
from the beginning. However, by selecting this option we can
loop only between the in and out points. This can be useful to
getting the timing of a cut just right. The only problem with it is
that it’s not possible to alter the entry or exit points while the
clip is playing, so as soon as you grab one of the handles,
playback ceases.
Director’s cut
The next section in the Trim tool is Mode. Trim is capable of
working in two modes: Insert and Overwrite. Kino chooses
the latter by default – as its name suggests, this mode will
overwrite the selected clip with the changes that you make
using the Trim tool. Be aware of the fact that the file will
remain unchanged even after you’ve made changes and hit
the Apply button.
As well as trimming existing clips, we can also import a clip
to this section and use it to overwrite whatever we have
selected. To do this you can either click on the Browse For A
File button (which is displayed as a folder), and manually find
the file you want to import; or drag and drop a file from either
Nautilus in Gnome or Konqueror in KDE.
This is useful if you have two takes of a scene and, after
setting up the running order, decide the second take is better
than the first. In this case, drag the new file into the Trim
www.linuxformat.co.uk
LXF66.tut_begin 79
TUTORIAL First Steps: Kino
Cut a long story short with the Trim tool.
window, set the in and out points and then hit Apply. The
original scene will be overwritten with the new one.
Conversely, Insert just adds the clip within the Trim window
to the timeline either before or after the currently selected clip.
This will be useful in the sports day film we’re assembling for
this issue’s tutorial.
In one section of our production, the main subject of the
film is triumphant in her running race – and we want to make
the most of that moment. First we take the scene, in this case
called sportsday016.dv, and trim it to the required length,
removing some of the race preamble. Once this is done,
making sure the mode is set to Overwrite, hit Apply to
have the trimmed section updated on the timeline.
Remember that editing so far is non-destructive, so
check the in and out points in terms of the sequence
you’re building and then, once you’re satisfied, go back
into the Trim window with the same clip loaded.
The next job is to trim this; once again, highlight just
the few seconds at the end of the race. Once this is
done, change the mode to Insert, and then select After to put
the new clip into the timeline after the clip you have selected.
The point about adding a second clip that shows the same
event is that we can slow it down for a real Chariots Of Fire
effect, and that is what we’ll do now.
Slow motion
Digital technology makes it possible to add special effects to a
piece of video relatively easily. And while the effects tools in
Kino are branded ‘experimental’, they seem perfectly capable of
basic jobs for home productions.
To complete this part of the tutorial you will need to ensure
you have the Kino-timfx, kinoplus and kino-dvtitler packages
installed, and these should be available for most distributions.
The first task for this production is to take our duplicated
moments from the flat race and slow the film down. With the
right clip selected, hit the FX tab on the right of the preview
window to get into the Effects toolbox. The section of interest is
at the top of the window. By default the Overwrite tab should
be highlighted and the From and To boxes should show the
start and end time of the clip. By adjusting these it’s possible to
apply an effect to just a section of a clip, but we’re doing the >>
whole thing so we don’t need to change them.
LXF66 MAY 2005 79
15/3/05 4:08:07 pm
 TUTORIAL First Steps: Kino

>> The bit we’re interested in is Advanced Options, entitled

Speed. By selecting this radio button and dragging the slider to
the left we can add a slow-motion effect to the footage. Normal
speed has the value 1.00, so changing it to 0.50 will effectively
slow it down to half speed.
Once we’ve set the slider (and prayed for the next version of
Kino to have a numerical input device for this tool), we can view
our slowed clip with the Preview button at the bottom.
There are a few Preview options in the right of the window,
so experiment with these to make the most of your hardware.
On our test machine we got a pretty good look at the effects of
our creations without changing any of these options.
Once you’re happy with the effect, hit the Render button
and wait for the clip to be ‘effected’, which will depend on the
size of the clip and speed of your hardware. One thing to note
Adding a slow motion effect with the speed slider is easy
is that adding effects this way is ‘destructive’. That means that but it lacks the accuracy of numerical input.
the file will be completely overwritten with the affected shot,
which will also physically remove any footage outside the trims Now that’s finished, go back to the main sequence and look
we made earlier. at the results. The original file plays, followed by the last few
Once we finish rendering, the timeline will have a new file in seconds in slow mo. But what’s that noise? When Kino slows
place of the original, with a name something like 001.kinofx.dv. something down it also slows down the audio, so if you have
You can also go the other way and speed things up by half-speed video, you will also have similarly-affected sound.
anything up to a factor of 25. Using only small adjustments to Not a treat for the ears.
a clip’s speed it is possible (for example) to make a piece of To change this we can highlight the affected section and go
footage fit a gap that it might otherwise have been too long back into the FX tab. The section we want this time is Audio
or short for. Execise restraint with this, as changes above a few Filter. Click on the drop-down list, select Silence, make sure the
points on the slider will look obvious. Speed button is not selected, then hit Render. As before, the

KINO FOR SLIDESHOWS

So far we have been concerned with
using Kino to present moving images,
but it’s quite possible to use the
application to build up slideshows of still
photos, or even to add visual polish to a
presentation. In this short tutorial we’ll
pull in a few digital photos, set the time
for them to remain on screen and add
effects and transitions just as we did
with videos.
the Repeat option with a numerical value
displayed. DVD displays at 25 frames per
second, so for every second that you
want the image to appear on the screen,
a value of 25 needs to be added to the
number in this box. In this example
we’ve set images to display for two
seconds, or 50 frames. Once this is set,
select each image in turn, make sure
you’ve selected Before Current Edit
Frame, and then hit Render.
4/ Add filters (the ever-useful Pan and
Zoom are always good value for family
snapshot slideshows) and transitions as
you did for video.
5/ If you want titles to appear in the
style of PowerPoint or Keynote, add
multiple versions of the same image,
giving them titles using the DVtitler
filter. Use the x and y offsets to position
the text in well-defined lines – then set
up the Fade transition: your titles should
now be floating in space.

1/ Start a new project by going through

File > New.

2/ Go into the FX tab and, in the top

section, make sure the Create option is
selected. In here you can add colour
frames, random noise, gradients and
images to frames. From the drop-down
list we need to select Multiple Image
Import and then browse to the folder
containing the images to display. JPEG
and GIF format both appear to work
well, but we’ve not had much success
with PNG files – though Kino claims to
support them, so this may be a bug in
the version of the software we’re using.

3/ Once the images are imported they

need to be added to the timeline. This
can be done by selecting each image
in turn and clicking the Render button.
If you jumped straight into this, you
would notice the pictures spin by in a
blur. This is because we haven’t set a
repeat argument yet. Just below the
file selection dialog (near the ever useful
Maintain Aspect Ratio radio button) is Kino supports rare file types including BMG, SVG and XPM for still-frame import and export.

80 LXF66 MAY 2005 www.linuxformat.co.uk

LXF66.tut_begin 80 15/3/05 4:08:10 pm

 TUTORIAL First Steps: Kino

original file will be overwritten – it should now be called

002.kinofx.dv and will be blissfully silent
This is perhaps the simples effect Kino is capable of. We’ll
now look at a few of the more advanced options for changing
not just the look of the clips but the way in which one clip gives
way to another. The former is called a filter while the latter is
known as a transition.

Filters in Kino
In video, filter takes its name from the physical filters such as
coloured gels that a photographer might place over the lens of
their camera, and this is a pretty good metaphor for the way in
which they work. In Kino, you select a filter and it’s added
globally to a clip. To do this, select a clip, go into the FX tab and,
in the third section, ensure Video Filter is selected.
Kino offers some interesting filters (available from the drop-
down list) including tools for isolating individual colours in a clip,
adding titles or a sepia tint, reverse video (for that Ashes To
Ashes look) and a pan and zoom option (otherwise known as
the Ken Burns effect), which is useful for still images and is
much beloved of documentary film makers
We’re going to add a title to the first clip in our sequence, so
we select the DVtitler option from the drop-down. The options
in here should be instantly familiar as they deal with font
selection, text and background colour. It’s also possible to set
the X and Y offset to position the text absolutely accurately
within the frame.
A tip to remember is that video uses projected light, so
white text will be more readable than black text, even on quite
pale images. Once these elements are set, simply type the
required text in the box provided and hit the Preview button.
When you’re satisfied with the look and content of the title, just
click Render and let the computer do its work.
It’s very instructional to play around with these effects to
understand what digital video is capable of. For example, using
the Colour Hold filter in conjunction with a standard colour
selector, it’s possible to isolate individual elements of an image
to retain their hue while the rest of the frame becomes black
and white (instant Pleasantville!) while the Soft Focus filter adds
a dreamlike quality to film that lends itself to flashback
sequences à la Deckard’s unicorn dreams.
Smooth transition
Transitions change the way in which frame 1 changes to frame 2.
Back in the days of manual home video editing this involved
clean cuts – or jump cuts – from one scene to the next, but
applications such as Kino provide a far wider range of options.
The standard effect, one so common in film that you’d hardly thoughtful touch from Kino, and a reminder of how much you
even notice it, is where one image is faded on the top of
another over a series of frames. Technically this is called a
dissolve. To achieve this effect in Kino, select the start clip – the
scene that will be fading away – and hit the FX tab.
Now select the Video Transition option and choose Fade
from the drop-down list. If you were to now click the Preview
button you would see the first clip fade out over its complete
length into the next scene in the time line; this is because the
From and To buttons at the top of the screen automatically
follow the start and end points of the clip. To begin the
transition later, adjust the From figure so that it’s closer to the To
number (the closer these two numbers are, the faster the
transition will be).
On the typical home video where the state of the audio is
often forgotten about it’s worth also defining the Audio
Transition here, too. In the relevant section, select Cross-Fade
from the drop-down list to create the aural equivalent of the
video dissolve.
Install the dvtitler package to add titles to your video.
Again, you can preview the effect painlessly and when you’re
happy, render it. Once rendered, a new clip will be added to the
timeline following the 00x.kino.dv convention; this will contain
the small section that has the transition. The really lovely thing
about this transition tool is that the application creates a new
file for the actual transition and then sets automatic trim points
in the original pair of files (the ‘before’ will have a section
trimmed at the end, the ‘after’ will have a section trimmed at
the beginning) so that if you decide to abandon an effect after
living with it for a while, the original files will be untouched.
As with the filters, it’s worth taking some time to experiment
with transitions. Nice ones to try include Tweenies, which does a
‘picture in picture’-style transition or, for a smoother version of
this, the OpenGL-powered Corner Out effect. One particularly
nice effect is the Image Luma tool, which takes the luma (light)
values from a third image and uses them to set the transitions.
This might be useful if you were adding video to a corporate
presentation and wanted to use the company logo to transition
from one image to the next.
Another clever touch is that when you exit Kino after a
session, the application will sort through the various effects
you’ve rendered and discarded, note the ones that are no
longer needed and offer to delete them. It’s a typically
can get out of the program and improve your video skills. LXF
NEXT
MONTH
Now we have our footage
captured, trimmed, filtered
and transitioned, in our next
tutorial we will come to what
can be the hardest part of the
distribution process: creating
a DVD. We’ll cover the whole
job from ensuring everything
is in the right format to
burning the finished product
for playback on a household
Transitions can be used to alter video and audio
DVD player.
simultaneously with Kino.

www.linuxformat.co.uk LXF66 MAY 2005 81

LXF66.tut_begin 81 15/3/05 4:08:13 pm

 TUTORIAL Emacs
EDITING SHORTCUTS
A Beginner’s guide to Emacs
PART 3 Biagio Lucini opens some windows and gives Emacs a good airing.
LAST
TIME
In LXF65 our second Emacs
beginners tutorial looked at
the Emacs menus, where you
can do editing tasks from
basic to advanced. We also
learned some of the shortcuts
for elementary operations
that spare us from going to
the menus.
82 LXF66 MAY 2005
LXF66.tut_emacs 82
Once you’re familiar with Emacs shortcuts you can windows. Let’s see how this can be accomplished in Emacs.
forget about most of the menus, and even use some
features that the menus don’t provide. That’s what
First, start up the application: our favourite method is the
command line emacs /path/to/myfile &, where the optional
we’re aiming for in this, the third installment of our journey
through the Linux-based text editor. As you go through the
argument /path/to/myfile allows us to visualise directly the file
we are interested in, getting rid of the scratch buffer.
tutorial, we’d suggest that you open an Emacs session and use We may want to load another file without quitting the buffer.
the shortcuts on a test buffer until you’re confident with them. To do this, we can type C-X C-F and then enter the name (and
If you’ve been following the series you’ll know that the basic the path if needed) of the new buffer. Now, what if we want to
operations are performed in the same way in GNU Emacs and go back to the previous one? Just type C-X B and then enter
in its XEmacs clone. We refer to the former simply as Emacs, the name of the file (without the path).
and every command we suggest for this program is also You’ll notice that buffers are named after the files edited in
possible in XEmacs without having to make a single change. them. If there are more files with the same name, an
incremental suffix – <2>, <3> and so on – is appended.
The key(s) to Emacs Suppose, for instance, that we are editing a file called file1 in
There are two fundamental keys for issuing commands in dir1 and another file called file1 that’s in dir2, having opened
Emacs: the familiar Control key and the much less familiar Meta the file in dir1 first and then the file in dir2. The command C-X
key, which we will call C and M respectively. The Control key is b file1 will open the buffer corresponding to the former: C-x b
ordinarily abbreviated to Ctrl. Aside from being shorter, our new file1<2> will open the latter, always in the original window.
notation C complies more closely with the one commonly used
by Emacs. C and M are used to give a new meaning to standard
keys when pressed at the same time with them, indicated here
by a hyphen. For instance, C-X means press the keys Control
and X at the same time.
You might be wondering where the Meta key is on your
keyboard. If you’re using a recent IBM-compatible PC, the
chances are that your keyboard doesn’t have one. But don’t
worry, Emacs hasn’t let you down: you can access all the
features provided by the Meta key with the Alt or Escape (Esc)
key. If you use Alt, you should press it at the same time just as
you would with the Meta key. Thus, M-X becomes Alt-X. But if
you use Esc, you press the keys in sequence. Thus M-X
translates into Esc+X, where you hold down Esc and press X.
Like many other Emacs users, we find it convenient to use
Esc, but this is matter of personal taste.
A good text editor allows you to work with multiple files,
displayed in a single window split into frames or in different
GETTING OUT OF TROUBLE
You might find yourself getting stuck in the minibuffer while you’re
getting used to Emacs. The way out is to repeatedly press C-G,
C is for Control… Emacs shortcuts are a little unusual, so
which sends the cursor back to the buffer.
it’s helpful that they’re listed in the menus – like this one.
www.linuxformat.co.uk
15/3/05 4:37:28 pm
 TUTORIAL Emacs

Sometimes it’s useful to open files side by side, to check

differences or to do some cutting and pasting. We can open a
new frame by entering C-X 5 2. At first this frame will have the
same content as the original frame, but a new file can be loaded
with C-X C-F. An Emacs session comprises the frames spanning
from the first frame or from any subframe. These frames are
pretty much as the various windows you might open from a
browser like Firefox. When you quit the browser, all the windows
will close. In the same way, C-X C-C will close a whole session. If
we want to close a single frame, the right command is C-X 5 0.
You might want to have files on the same frame for easy
reference. Do this by splitting the Emacs window vertically with
C-X 2 or horizontally with C-X 3. This split affects only the
buffer and the mode line: after a split, the resulting window will
still have a single menu bar and a single minibuffer. Emacs
windows can be split into virtually as many parts as you want,
just by repeating the splitting commands. The space taken up by
any part of a vertically split window can be changed at will by
dragging the central mode line with the mouse – pretty much as
you would the contour of the border of any other window in X11.
Another shortcut worth knowing is C-X I. When followed by
the name of a file (typed in the minibuffer, where the command
will put the cursor automatically), it will paste in the content of
that file starting from the position of the cursor.

A cursory point
The natural reference point in any editor is the cursor.
Sometimes, when performing operations such as marking a
region it’s natural to refer to the cursor’s position as an
indication of where the mark starts and ends.
In fact, it would be more accurate to talk about the ‘point’.
This is a more abstract concept that the cursor simply
represents. Point and cursor are not completely interchangeable:
for specific applications, the cursor is on a character, while the
point is to the left of that character. For instance, taking the
above example of marking a region, the beginning and the end
of the region is set not by the cursor, but by the point.
Although this distinction isn’t important in most contexts, it’s
worth understanding to avoid confusion.
Search and replace
Despite its versatility, Emacs is first and foremost an editor, and
focuses on editing functions – as it should. Basic editing
operations consist of cutting and pasting (or yanking, in Emacs
language), marking a region and running search and replace.
This last finder function can be quite sophisticated, but we’ll
start at the most basic level. To find the word ‘Cake’ in the text,
we can type C-S Cake into the minibuffer to search forwards
from your current position and C-R Cake to search backwards.
Searching for the word ‘cake’ will match not only ‘cake’, but
also ‘Cake’, ‘CaKe’ and any other combination of upper- and
lower-case letters. When an upper-case letter is inserted in the
word to be searched, the search becomes case sensitive.
So, C-S Cake will find ‘Cake’, but not ‘cake’ or ‘CakE’. More
fine-tuning is possible through the use of regular expressions; An Emacs frame split in
but this would be the subject of a more advanced tutorial – three. You can split a frame
into smaller and smaller
next month if you’re really lucky.
windows, then reshape
To run a search again, enter C-S C-S for a forward search or them with the mouse.
C-R C-R for a backward search. This also works if you searched
forwards last time and now want to search for the same word
but backwards.
Another useful function is searching and replacing text.
To do this, execute M-X then type replace-string. Press Enter,
write the string to be replaced, then after another Enter type
the string to replace the undesired one. Suppose we have the
file food, whose content is the line ‘VI is my favourite food. I
love VI!’. This doesn’t sound right, does it? We want to replace it
with a more appropriate statement. So we open the file with
Emacs and with the cursor on the first character we execute
M-X replace-string, followed by Enter. After that, the
minibuffer will read Replace string:, so we write ‘VI’ and press
Enter. Then, the minibuffer will show the line Replace string VI
with: and we write ‘pasta’ and again press Enter.
The content of our buffer now will be: ‘pasta is my
favourite food. I love pasta!’ and this is indeed worth saving (with
C-X C-S). Any text between the active point and the end of the
buffer is replaced, so it won’t affect words above or to the left of
the cursor. The number of replacements is displayed in the
minibuffer when the operation is concluded.

UNDO AND REDO

To delete the last change made, the shortcut is C-X U. This is the
equivalent of the popular Ctrl+Z for the Undo command used in
other operating systems. There is no obvious limit to the number
of changes Emacs will undo, since this number can be chosen at
will. To redo a change there’s no need for another command, since
this operation corresponds to undoing the latest undo. If you want
to redo it’s just matter of moving the cursor so that the last undo
will be registered as the last operation (so that you exit the undo
cycle) and pressing C-X U.
Again, be careful about case sensitivity. Suppose our buffer NEXT
is ‘Vi is my favourite food. I love vi!’. If we search for ‘VI’ there
will be no match, and the buffer content will be preserved. If we MONTH
ask to replace ‘Vi’ the replacement will be case sensitive. If we In LXF67 we’ll learn some
ask to replace ‘vi’ with ‘pasta’, both ‘Vi’ and ‘vi’ will be substituted, keystrokes for navigating the
but the first will preserve its upper case V, which means it will buffer, and explore one of the
be replaced by ‘Pasta’ and not by ‘pasta’. features that really sets
If you want more precision, you can use the query-replace Emacs apart from other text
editors: managing columns
function, which you can access by pressing M-X and then
through the rectangle class
typing query-replace. It’s like replace-string, except that you
of functions.
can choose which entries should be replaced, case by case. LXF

www.linuxformat.co.uk LXF66 MAY 2005 83

LXF66.tut_emacs 83 15/3/05 4:37:32 pm

 TUTORIAL Shell secrets
TEXT FORMATTING
Shell secrets
PART 2 Time-saving tips for modifying and processing text from the command line. By Marco Fioretti.
Much of our shell tutorial this month concerns
metacharacters, the text symbols sprinkled (at random,
it often seems) throughout command line instructions.
If you can find out what they do and learn how to use them,
you’ll be able to create powerful programs for finding, inserting
and scrubbing out text.
Our first example will help you explain to a program how to
recognise a certain piece of text and what to do with that text
afterwards. The standard description of the structure of a string
of text is called a regular expression – or regex. These are dark,
mysterious beasts, but easy to use once you’ve tamed them. In
regular expressions, the characteristics of complex text patterns
are defined by a vast array of metacharacters:
/linux/
/^linux/
/linux$/
/^linux.*format$/
Weird, huh? But don’t be afraid – come closer. The first
regex here simply means that we’re looking for any line
containing the string ‘linux’ (regardless of its case, or if it’s part
of a longer word). The second and third are a bit more specific:
they’ll match only lines beginning (^) or ending ($) with that
string. The last regex describes all lines that start with the ‘linux’
string, end with ‘format’ and have any (*) number of any
character (.) in between. In other words it will match with:
linuxformat
linux Format
Linux users love Linux Format
Regular expressions are also used to substitute some text
patterns for others:
s/linux/Linux/
s/\d\d\d\d-12-25/2005-12-25/
Here the first regex capitalises all occurrences of linux, and
the second one replaces all the dates of Christmas past with
that of the next one: ‘\d’ is another metacharacter, meaning
‘any digit’, so four of them will match any year expressed in
that form.
The role of the interpreter
In practice, regular expressions are fed as arguments to
applications, or interpreters, that can put them into practice.
The location of the interpreter inside the file system is written
right after the shebang. Not sure what the shebang is? Simple:
it’s Unix lingo for the two characters at the very beginning of
84 LXF66 MAY 2005 www.linuxformat.co.uk
LXF66.tut_shell 84
every script – the charming ‘#!’ couplet. They mark the rest of
the file as a script – in other words, a series of executable
commands meant for an interpreter.
Therefore, the first line #! /bin/bash declares that you want
the program bash in the bin directory to execute your
commands (note the space after ‘!’). If the file mentioned after
the shebang doesn’t exist, or is not an interpreter, the system
will simply return a ‘Command Not Found’ error and quit.
Some Unix variants place a tight limit on the length of the
shebang line, truncating everything to 32 characters or so.
What this means in practice is that you may get the
‘Command Not Found’ error even if you’ve entered a valid
interpreter file – what’s happened is that it’s just too far from
the shebang for the system to recognise (‘Not Found’ is not the
same as ‘Not There’).
Two interpreters you’re likely to use for your regexes are
AWK and SED. They have been around since the very beginning
of Unix and although there are several other interpreters (chief
among them Perl) that can do much more, the original two are
faster and, for this reason, still widely used in boot-time scripts.
Using SED and AWK
SED works on streams of text (the name SED is just a
contraction of stream editor). It loads one line at a time, edits it
according to the commands it has received, and prints it to
standard output.
cat somefile | sed ‘/^0/d’
The command above will delete all lines beginning with 0.
AWK gets its, er, awkward name from the surnames of its
creators: Aho, Weinberger and Kernighan. It is a bit more
powerful than SED, but works in the same way – one input
record at a time. By default, each line is a separate record,
referred to as $0. Records are made of (typically)
space-separated fields, accessible as $1, $2 and so on.
awk ‘/fax/ { print }’ bin/*
Here we found and printed all lines containing the ‘fax’
string in all the files of the bin directory.
So far our examples have concerned individual phrases of
text, be it finding them, formatting them or deleting them. But
there are ways to use the shell to locate whole sections of text.
What do you do when you find a classified ad in a newspaper
page that you want to keep in your wallet? You cut it out with
scissors and discard everything else. You can program the
command line to do exactly the same thing with text streams.
15/3/05 4:38:44 pm
 TUTORIAL Shell secrets

When you you need to find and extract only relevant rows and
columns of characters it can be very convenient to visualise the
terminal window (or a whole text stream) in the same way – as
if they were sheets or rolls of paper.
Extracting blocks of text
The four most useful utilities for this task are the programs tail,
head, cut and grep. The first two return the first or last few lines
of a text stream. This is how you would get the 16th to 20th line
of somefile.txt:
head -20 somefile.txt | tail -5
The cut command does the same thing, but vertically:
cut -c20,23 somefile.txt
ls -lrt | cut -c44-
The first example returns only the columns from 20 to 23 of
somefile.txt. The second takes a detailed file listing and strips
everything but the modification date and file name.
Last but not least is the grep family. These are, on Linux,
three separate commands (grep, egrep, fgrep) that can extract
from files all the lines matching a given regex. Each grep variant
has several options and understands a limited set of regular
expression constructs. In all cases, regex matches cannot span
multiple lines. Here are some classic uses of grep:
grep Linux *.txt
grep -i -v Windows *.txt
egrep ‘Euro|Sterling’ invoice*.txt
Executing these commands would first of all return all the
lines containing the Linux string in all files with a .txt extension.
The second would give you all the lines from the same files that
do NOT contain (-v) the word Windows, regardless of its case
(-I). Finally, use the last example to show all the lines containing
either Euro or Sterling from all invoice files.
The ‘here documents’ tool
Still working with long blocks of text, we move to here
documents. They exploit a great feature of working within the
shell, namely that that you don’t have to put templates in
external files. With here documents, you can place a block of
text, possibly containing some variables, straight into a script,
and use it either as the standard input of a command or for a
variable assignment.
Here documents use a dedicated operator, <<, to define the
block of text. The syntax is very simple:
cat <<END_OF_EMBEDDED_TEXT
Dear $SUBSCRIBER
your account is past due.
Please send $INVOICE to Linux Format today
END_OF_EMBEDDED_TEXT
As you can see, the string right after the << operator (END_
OF_EMBEDDED_TEXT) is the same that marks the end of the
here document. Now imagine that the code above is in a loop,
going over the contents of a text database. The code would
create a series of payment requests with the actual names and
outstanding payments of every customer. Printing or emailing
them would be easy. Another good use of here documents is to
create temporary files or to feed sequences of instructions to
interactive programs like FTP.
To fully understand the script, refer to earlier parts of this
tutorial to remind yourself what the various metacharacters do. RESOURCES
#! /bin/bash Inspired? Here’s
\rm url_list where to go next
\rm url_control_tmp
The ultimate source of
touch url_control_tmp
grep ‘<DT><A HREF=”’ $1 | cut ‘-d”’ -f2 > url_list
reference for regular
expressions is the book
for URL in `cat url_list `
Mastering Regular Expressions,
do
published by O’Reilly (www.
echo -n $URL >> url_control_tmp
oreilly.com/catalog/regex2/).
curl --head $URL 2>/dev/null | grep ‘Not Found’ >> url_control_
Introductory tutorials are at
tmp
www.zvon.org/other/
done
PerlTutorial/Output/
awk ‘{print $1}’ url_control_tmp | sort | cat -n
contents.html and you’ll find
exit
a brief introduction to the
The first three commands simply remove (rm) any SED and AWK interpreters at
temporary file created by previous runs and then create (touch) www.faqs.org/docs/abs/
a new one, for reasons that will become clear later. HTML/sedawk.html. All the
Then the fun starts. The bookmark file is passed to the script other commands mentioned
as first argument, so its name is contained in the $1 variable. In in this article have detailed
the Mozilla bookmark file the lines that contain links start with Unix man pages. Just type:
man <command_name>
the <DT><A HREF=” string. The script extracts them with grep
and then, using the double quote character as separator
(cut ‘-d”’), discards everything but the second field (-f2); that
is, the actual URL. In this way all the links and nothing else end
up, one per line, in the url_list file.
The for line iterates every line of the url_list file,
provided courtesy of the cat command. Inside the for
loop, the echo instruction simply appends to another
file, without newline (-n), the current URL. For the
append operation to work, the file must already exist.
That’s why it was created (or touched) at the
beginning. Remember now?
Curl is a nice web browsing utility that works
from the command line to automatically retrieve
all kinds of documents from the internet. In this
example it is launched once for every URL, but it
only downloads the page HTTP headers
(-head). The headers contain bits of data
associated with each document, like this:
HTTP/1.1 200 OK
Date: Fri, 04 Feb 2005 23:09:54 GMT
Server: Apache/1.3.27 (Unix) (Red Hat/Linux)
Content-Type: text/html
The relevant line is the first one:
200 OK means that the page is available. A
non-existent page would have returned
something like 404 Not Found. When curl
is launched its error messages are ignored:
STDERR has the I/O stream number 2
(0 is input, 1 is output), so 2> /dev/null
means that this stream must be sent to
the fake device (dev/null) provided by
Unix for cases just like this.
The grep part of the command saves
only the lines containing the HTTP return
code not found to the url_control_tmp
file. The instruction starting with awk prints

How to find broken bookmarks

The last part of this tutorial is a handy script. We bet you have
hundreds – if not thousands – of links in your web bookmark
files. Chances are, a good percentage of those links are broken:
web pages move and disappear all the time. You can
immediately find out which links are dead with the script below.
It was made for Mozilla bookmarks, but modifying it for other
browser formats if you need to should be pretty straightforward.
only the URL value (first field, $1) to its standard output. The
resulting list is then sorted and printed with a serial number (cat -n). NEXT
When I tested the script, the result started with these lines:
1 http://analogbubblebath.net/~chris/misc/doc/xultut/allofit.html.
MONTH
2 http://au2.php.net/manual/en/install.configure.php. Part three of our journey
through the shell has tools for
3 http://netmail.tiscalinet.it/servizi/netmail.
printing, running calculations
This neat script shows that learning shell commands can
and processing images, all
enhance your browsing pleasure as well as help your coding,
from the command line.
and it’s a nice note to end this month’s tutorial on. LXF

www.linuxformat.co.uk LXF66 MAY 2005 85

LXF66.tut_shell 85 15/3/05 4:38:51 pm

 TUTORIAL Gimp

ILLUSTRATION JULIAN JEFFERSON

GIMP TEXT TOOLS

Warping text
Twist and scale, shear and pinch. To the Gimp, text is just another bunch of pixels
to play with. Michael J Hammel shows you how to warp letters while keeping them crisp.

Most graphic design projects require at least a little bit

of text. In most cases the words need only be
positioned, coloured and rendered using an
appropriate typeface – they might sometimes be scaled, but
other than that we don’t normally need to do anything too flash
with them.
But sometimes the text needs to be warped to stand out. In
the film poster on the right, for example, the title needed to be
fluid and fluctuating in size, so it was laid out at an angle – large
on the left and scaled down to the right – to simulate the
letters being close to the reader on the left side of the poster
and further away on the right.
To help you achieve this kind of effect, Gimp provides Scale,
Perspective, Rotate and Shear transform tools, all available from
the Gimp toolbox. When active, each tool opens a dialog box
where you can specify precise settings for the tool’s action.
Better yet, each tool works interactively – just click and drag the
grab boxes in the image window, then hit the Enter key to apply
the transformation on the current layer or selection.
While these tools are powerful in their own right, they only
work as linear transforms. Imagine a straight line running
through the text along the bottom of each letter. That imaginary
In this sample film poster, the main lettering has been
warped with Gimp’s transform tools. They’re useful if you
design flyers, posters or similar textual work.

86 LXF66 MAY 2005 www.linuxformat.co.uk

LXF66.tut_gimp 86 15/3/05 4:37:52 pm

ILLUSTRATION: JULIAN JEFFERSON
Though text is best played
with in vector programs,
there are tools you can use
in raster apps like Gimp.
You’ll need these transform
tools and grab boxes.
1/ Open a new image window at 420x300 pixels. Click on the Text tool to activate it, then click in the image window to open the text editor. Type in
the letters TIMEWARP, all in upper case. In the Text Tool Options dialog (which is normally in the dock under the Toolbox), set the font to Sans Bold,
size 70, and set the Justify option to Centred. Use the Move tool to centre the text layer over the background layer.
LXF66.tut_gimp 87
line would stay straight no
matter which of these tools
was applied. In order to get
the effect of curving text we
need the assistance of some
stock Gimp filters: Curve Bend
and IWarp.
In this month’s tutorial
we’ll explore two methods of
warping text. The first tutorial
will walk you through the
stock transforms and then
introduce the Curve Bend
filter. The second tutorial
repeats the process using
IWarp instead of Curve Bend.
A note of warning about
warping text in an image: text
rendered on a layer and warped in this way is likely to lose
some of its crisp edges. Some text, especially any that is
enlarged as a result of the transform, can become slightly
blurred or – the horror! – develop ‘stair stepping’. Stair stepping
is exactly what it sounds like: a set of steps along a slightly
www.linuxformat.co.uk
TUTORIAL Gimp
angled edge. This ugly effect can be dealt with using some
simple techniques, which I’ll discuss in the tutorials.
As a general rule you should try to avoid applying any kind
of transformation on rendered text. That includes scaling,
shearing and rotating. When possible, use a vector tool such as
Inkscape to generate warped text. Then export the text from
that program to a raster file format such as PNG, and use Gimp
to import it.
This process requires multiple tools, but it does allow for
more control over the final quality of the rendered text. It’s even
possible to export the vector paths from those tools and import
them into Gimp – though editing text-vector paths in the
current Gimp version is not for the faint-hearted or designers
with little time on their hands...
Tutorial 1: the Curve Bend filter
You can warp rendered text quickly with the transform tools
and the Curve Bend filter. This is a fast, easy and interactive
method, though it lacks a precise way to position where the
text will be curved. It also suffers from the distortion problems
common with modifying rendered text, making it unsuitable for
a final print project, but it can be useful for online projects or
prototyping layouts.
>>
LXF66 MAY 2005 87
15/3/05 4:37:56 pm
 TUTORIAL Gimp

>>
2 3

2/ Click on the Perspective transform tool. This tool, like all the transform 3/ At this point the text doesn’t show much distortion – though it might
tools, can be used interactively. Now click on the text layer again. Use the look a bit less crisp than it did before we started monkeying with it.
grab boxes to reduce the height of the right side of the lettering by Now click on the Shear transform tool. In the image window, drag the
dragging the bottom-right corner up a short distance and the top-right bottom-right grab box up a short distance. Then press Enter, or click on
box down by the same distance (this will keep the text centred the Shear button in the Shear dialog.
horizontally). Hit Enter when this is done.
The Layers dialog should have changed to show an ordinary layer
instead of a text layer: the text can still be edited, but the shearing will
be removed. If the Shear preview gets garbled with the original layer,
turn the layer visibility off in the Layers dialog. Turn the layer visibility
back on after the shear is applied.

4 5

4/ After this, the left side of the text may appear more distorted than the
right. You can clean this up a little by using the Unsharp Mask filter
(Filters > Enhance > Unsharp Mask). For this small image set the Radius to
1.3 and the Amount to 0.35, leaving the Threshold at 0.
5/ To bend the text we’re going to use the Curve Bend filter
(Filters > Distorts > Curve Bend). Click on the Upper toggle under the
Curve For Border heading and drag the line to something similar to
what’s shown here. Click on the Copy button. This copies the upper curve
to the lower curve, which has the effect of keeping the text size fairly
consistent with the original. Click on OK when this is done.

We’ve just created curved text. The problem with this method
is that we couldn’t specify precisely where on the text the curve
should occur. It also isn’t obvious that when the upper curve is
not copied to the lower curve, distortions occur that don’t seem
to follow the curve just created.
I should note that the current version of the Curve Bend
filter doesn’t handle alpha channels very well. Better results
may be possible if the white background is duplicated and
merged with the text layer before applying the Curve Bend filter.
If you don’t do this there is a risk of truly bad stair stepping
after the filter is applied.
One last gripe is that the text now appears slightly blurred.
Scarling it down will help a little, but the next tutorial will show a
more satisfactory method of cleaning the letter edges.

88 LXF66 MAY 2005 www.linuxformat.co.uk

LXF66.tut_gimp 88 15/3/05 4:37:59 pm

 TUTORIAL Gimp

Tutorial 2: the IWarp filter 2

Curve Bend does an excellent job of warping the text, but it
doesn’t feel precise. What would be better is something more
directly interactive, something to just point, click, drag and
distort. Something like IWarp.

1/ Repeat the text creation from the first tutorial up to but not including
the application of Curve Bend. Open the IWarp filter (Filters > Distorts >
IWarp). This filter is interactive – dragging the mouse through the
preview will distort the image based on the settings chosen.
2/ Set the Deform mode to Move – a deform radius of roughly 55% and
deform amount of 0.55 should be sufficient. Start in the bottom-right
corner and start to drag up through the space between the letters E and
W of TIMEWARP. Multiple drags may be necessary to achieve a
respectable result.
Messed up? Hit the Reset button and try again. Experimentation is
easy with this very user-friendly filter. When the distortion preview looks
good, hit Enter or click on the OK button.

3 4

3/ Applying Curve Bend or IWarp will blur the text slightly. To make the
lines around the text clean, create a selection around it with Layer >
Transparency > Alpha To Selection if the text is on a transparent layer.
Then invert the selection to get the background. If the text is merged
with a white background, try using the Colour Select tool, clicking on the
white region of the layer (inverting is not necessary in this case).
4/ Use Ctrl+X to delete the selected region – the transparent background
will be deleted, along with most of the blurred areas. You can change the
degree of cleaning by altering the selection tool’s feathering before you
delete. Once the selection has been deleted, further cleaning can be done
using Unsharp Mask (Filters > Enhance > Unsharp Mask). Set the Radius to
1.3 and the Amount to 0.35, leaving the Threshold at 0.

The Unsharp mask we used in the second tutorial cleans

the text by finding an edge in the pixels (defined as a sharp
difference in colour between two areas of pixels) and reducing
the contrast between them These two variables are controlled
by the Radius setting and the Amount setting respectively.
When you work with very large text layers (necessary for
large posters and other print projects), more dragging through
the IWarp preview may be necessary than with the smaller text
layers. The same effect can be achieved by moving smaller NEXT
areas many times, each a little at a time.
That’s the really cool thing about IWarp: the level of control
MONTH
it gives to the user. If you don’t get it perfectly the first time Come back next issue for
(and don’t be frustrated if you don’t) you can fiddle with it until some more graphic design
tips from Gimp.
you get things just as you want them. LXF

www.linuxformat.co.uk LXF66 MAY 2005 89

LXF66.tut_gimp 89 15/3/05 4:38:02 pm

 TUTORIAL udev
DEVICE-NAMING SYSTEM
Connect your devices with udev
Neil Bothwick explains how to code a name for your hardware when ‘Bob’ just won’t do.
‘Everything is a file’ is one of the Unix creeds. It sounds
strange at first, but in a way it’s true. Of course, we’re not
suggesting that your hard disk is a file – we all know it’s
a precision-engineered piece of electromechanical hardware
designed to store as much of your valuable data as possible
before crashing the heads into the disk and destroying the lot.
However, your hard disk is represented as a file in the Linux
filesystem, usually as /dev/hda/. You probably already know this,
but any piece of hardware you connect to your computer is
represented by a device file in /dev, be it your MP3 player or
your webcam.
The /dev directory was originally a standard directory
containing device files for every piece of hardware likely to be
connected. This usually meant that whenever a driver was
installed, the relevant files were created in /dev. This had two
really important disadvantages. The first was that as more
devices were supported, the number of files in the directory was
becoming unmanageable.
It also meant that if you tried to connect a piece of
hardware for which there was no device file, you had to create it
yourself, first scouring Google for the correct major and minor
device number to pass to the mknod command.
As the number of devices supported by Linux increased,
especially the huge number of removable devices that could be
connected to USB or IEEE1394 (aka Firewire) ports, this
became unacceptable. Not only was /dev becoming totally
unwieldy, but we were in danger of running out of major and
minor device numbers to cover every possible device that could
be connected, even though any one computer would only ever
see a tiny fraction of them.
The solution was devfs, a system in the Linux kernel that
would react to devices being connected or discovered and
90 LXF66 MAY 2005 www.linuxformat.co.uk
LXF66.tut_udev 90
create their /dev entries automatically. While this improved the
situation, there are some issues with devfs that mean its use is
now deprecated. The main problem with devfs is that it has a
number of bugs, ranging from annoying to serious, some of
which cannot be fixed.
Knowing u – a-ha!
Udev is a new alternative developed by Greg Kroah-Hartman
that can do all that devfs needs to do but in user space,
avoiding the need to keep any code for it inside the kernel.
Using the new /sys filesystem from kernel 2.6 and the hotplug
system for connecting peripherals, all the device node creation
is handled by user space programs. As devfs is not being
actively maintained now, udev has become the default choice. If
you have installed a recent distribution, you probably already
have udev without realising it.
At this point, you may be wondering why all this matters to
you. After all, the main differences between devfs and udev
seem to lie in the implementation, and how they affect the
system from a development point of view. So how does it affect
the end user? Well, we’ve saved one of udev’s best
advantages until last, and it’s a feature that will make a real
difference to you.
The feature is called persistent device naming, and it works
like this. Devices are normally named in the order in which they
are connected. That’s fine if you only have one of each type of
device, but this is becoming less common. For example, many
devices use the USB storage module to appear as disk drives.
These include digital cameras, MP3 players, USB key disks and
memory card readers, as well as external disk drives.
If you connect your camera, say, it will often be seen as
/dev/sda/. If you then hook up your USB keyring it will appear
15/3/05 4:39:13 pm

as /dev/sdb/. But if you connect the keyring first, that will
appear as /bedev/sda/.
This makes dealing with these devices through fstab entries
or automounters more complex than it needs to be. The
situation is potentially worse with printers. I have two USB
printers: a laser for text documents and an inkjet for printing
photographs. One is /dev/lp0 and the other /dev/lp1, but which
gets which depends on which is detected first. If one of the
printers is turned off when I boot, the devices can be reversed.
Udev fixes this nonsense by enabling you to specify your
own device names for each product. Using a simple set of rules,
udev will set the device name according to the identification
data available from each device. It will also create symlinks, so a
device can have more than one name. For example, a DVD-
ROM drive could be accessed as any one of /dev/hdc, /dev/
cdrom or /dev/dvd. So, how do we write our own udev rules?
Making up the rules
The rules are contained in files in /etc/udev/rules.d. The default
file is usually called 50-udev.rules. Don’t change this file as it
could be overwritten when you upgrade udev. Instead, write your
rules in a file called 10-udev.rules. The low number ensures it
will take priority over any definitions in the default file.
Each time a device is detected by the hotplug system, the
files are read in order, line by line, until a match is found. This
may be useful in more complex systems as you can set up
specific rules followed by more general ones – but we’re getting
ahead of ourselves here.
The basic format of a rule is:
key1=”value”, key2=”value”, ... keyN=”value”, name=”value”,
symlink=”value”
You must provide at least one key and a name. Extra keys
are optional, but all must match for the rule to be applied.
Symlinks are optional too. Here is an example of a udev rule,
used to detect and name an iRiver MP3/Ogg player.
BUS=”usb”, KERNEL=”sd[a-z]1”, SYSFS{product}=”iRiver
H300 Series”, NAME=”%k”, SYMLINK=”usb/iriver”
The first three items are keys used to identify the device. The
NAME, as you would expect, defines the name to be used. %k
is the name that the kernel would have given it, such as /dev/
sda1, so this rule leaves the name unchanged, but sets a
symlink to /dev/usb/iriver. The /dev/usb directory does not
need to exist, as udev will create it when needed and delete it
when the last device in there is removed. There is no standard
convention to use /dev/usb; I just find it convenient to have all
hotplugged USB devices appear here.
There are other substitutions that can be used in NAME and
SYMLINK. After %k, %n is probably the most useful (it contains
the kernel number of the device). If %k contains sda3, %n
contains 3. See the udev man page for a full list of substitutions.
Configuring udev
The real work is done by the keys, of course, so how do we
know what to use here? There are several keys available but the
three most useful ones are BUS, KERNEL and SYSFS.
■ BUS covers how the device is connected.
■ KERNEL refers to the standard kernel identification of the
device (as used by devfs or a static /dev).
■ SYSFS keys use the information on each device that appears
in the /sys directory. This directory was added for kernel 2.6
and is a virtual filesystem, somewhat like /proc, containing
information on various devices.
You can browse through this filesystem to find information
on a device, but udev provides a tool to make this task easier.
The udevinfo command is used to extract information from /sys.
You will need to be logged in as root to do most of this, so open
www.linuxformat.co.uk
LXF66.tut_udev 91
TUTORIAL udev
a terminal window and type su to become root. Now plug in
your USB device, wait a few seconds for it to be detected, type
dmesg and look for information on the device at the end of the
output. It will look something like this:
usb 1-1: new high speed USB device using ehci_hcd and
address 6
scsi8 : SCSI emulation for USB Mass Storage devices
usb-storage: device found at 6
usb-storage: waiting for device to settle before scanning
Vendor: TOSHIBA Model: MK2004GAL Rev: JC10
Type: Direct-Access ANSI SCSI revision: 00
SCSI device sdd: 39063024 512-byte hdwr sectors (20000
MB)
sdd: assuming drive cache: write through
SCSI device sdd: 39063024 512-byte hdwr sectors (20000 MB)
sdd: assuming drive cache: write through
sdd: sdd1
Attached scsi disk sdd at scsi8, channel 0, id 0, lun 0
Attached scsi generic sg5 at scsi8, channel 0, id 0, lun 0,
type 0
usb-storage: device scan complete
This tells us that the device has been
detected as
/dev/sdd with a single
partition at /dev/sdd1. It is the
partition we’re interested in
here, although some
mass-storage devices have no
partitions (much like a floppy
disk). Note that the device is
called sdd because there are other
pseudo-SCSI devices on this
computer – a few SATA hard drives. If
you have standard IDE drives and no
other USB storage devices connected, it
is more likely to be /dev/sda.
Now that we know how the device is
named, we can use udevinfo to find the
key information. First we need to find out
where in /sys the information is contained,
which we do with:
udevinfo -q path -n /dev/sdd1
This tells us that it is at /block/sdd/sdd1 (this is
relative to /sys so if you want to look at the
information directly, look in /sys/block/sdd/sdd1. Now
give this information to udevinfo to see the device
details. You will get a lot of output, so enlarge your
terminal window to full screen and pipe it through a pager
like less or, my favourite, most.
udevinfo -a -p /block/sdd/sdd1 | less
You can combine the two stages with:
udevinfo -a -p $(udevinfo -q path -n /dev/sdd1) | less
Picking the right keys
The key information is divided into sections: you will generally
be looking for matches in one of the first few sections that
appear. You cannot mix information from different directories in
/sys – all keys used in a single rule must come from the same
section of udevinfo’s output. Here are the relevant sections
from the output of the above command:
looking at the device chain at ‘/sys/devices/
pci0000:00/0000:00:10.4/usb1/1-1/1-1:2.0/host8/
target8:0:0/8:0:0:0’:
BUS=”scsi”
[snip] >>
looking at the device chain at ‘/sys/devices
LXF66 MAY 2005 91
15/3/05 4:39:16 pm
 TUTORIAL udev

>> pci0000:00/0000:00:10.4/usb1/1-1/1-1:2.0/host8/ I only have one MP3 player, so the product key should be
target8:0:0’: distinctive enough. However... it isn’t. The reason for this is that
BUS=”” the entry for sdd also contains this key, and possibly an sg*
[snip] entry too, so we need a way to differentiate between the
looking at the device chain at ‘/sys/devices/ partition and the disk containing it. This is why the rule above
pci0000:00/0000:00:10.4/usb1/1-1/1-1:2.0/host8’: has a KERNEL key too. This key uses a pattern to match the
BUS=”” first partition on any SCSI disk -- – USB storage devices
ID=”host8” are identified as SCSI disks. So /dev/sdd1 matches this, but
SYSFS{detach_state}=”0” /dev/sdd does not.
looking at the device chain at ‘/sys/devices/ You can use some standard pattern-matching characters in
pci0000:00/0000:00:10.4/usb1/1-1/1-1:2.0’: the keys: * matches zero or more characters, ? matches one or
BUS=”usb” more characters and [] matches any one of the characters
[snip] within the brackets. The above KERNEL match could just as well
looking at the device chain at ‘/sys/devices/ have been written as sd?1. The BUS=”usb” part of the rule is
pci0000:00/0000:00:10.4/usb1/1-1’: not really necessary, but it does make things a little clearer
BUS=”usb” when you have a number of rules. So the final rule is:
ID=”1-1” BUS=”usb”, KERNEL=”sd[a-z]1”, SYSFS{product}=”iRiver
SYSFS{bConfigurationValue}=”2” H300 Series”, NAME=”%k”, SYMLINK=”usb/iriver”
SYSFS{bDeviceClass}=”00” The code means: find the device on the USB bus that the
SYSFS{bDeviceProtocol}=”00” kernel identifies as the first partition of a disk and has the
SYSFS{bDeviceSubClass}=”00” product ID of iRiver H300 Series, give it its original name and
SYSFS{bMaxPower}=” 98mA” create a symlink to this name from /dev/usb/iriver. You can
SYSFS{bNumConfigurations}=”1” use /udevtest to test your rule without disconnecting and
SYSFS{bNumInterfaces}=” 1” reconnecting the device. Give it the path to your device in /sys
SYSFS{bcdDevice}=”0100” and it will report which device nodes and symlinks it will create.
SYSFS{bmAttributes}=”c0” You could put usb/iriver in the NAME field, but using
SYSFS{detach_state}=”0” symlinks means that the old-style kernel name is still there
SYSFS{devnum}=”6” should anything need it. Equally, you could put your name in the
SYSFS{idProduct}=”3003” NAME field and %k in the symlink. With udev, you control
SYSFS{idVendor}=”1006” exactly how your devices are named.
SYSFS{manufacturer}=”iRiver” Whichever way you do it, pick one and stick to it to avoid
SYSFS{maxchild}=”0” confusion later. You can create multiple symlinks to the same
SYSFS{product}=”iRiver H300 Series” device but list them in the SYMLINK section, separated by
SYSFS{serial}=”0123456789AB” spaces. Here’s an entry for a DVD-ROM drive that covers all
SYSFS{speed}=”480” the bases with the old-style name, a devfs style name and
SYSFS{version}=” 2.00” symlinks to /dev/cdrom and /dev/dvd. Wherever software may
The last section shown (several have been omitted) has look for a CD or DVD, it will find it.
information specific to the piece of hardware to be named. You KERNEL=”hdc”, NAME=”%k”, SYMLINK=”dvd cdrom cdroms/
should be looking for information that will uniquely identify your cdrom0”
device. It’s usually enough to use the model name or Note that all names, whether in KERNEL keys or the NAME
manufacturer code. Where these use a generic term, I have and SYMLINK assignations, are relative to /dev/b/.
used an Epson printer that had a model string of ‘USB printer’. How about the situation with two printers? Once again, you
You may need to use something like a serial number, but it is can use udevinfo to find information unique to each. It is
not normally necessary to be this specific unless you have more usually sufficient to use a model description, but if you have two
than one device of the same model. devices of the same model, you can still distinguish between

ALL MAPPED OUT

Forgotten the specs of a device? Here’s how to run a query

You can use udevinfo to query

devices in the udev database, but
there are graphical alternatives. The
information they provide isn’t as
graphical, nor is it in a format
suitable for pasting directly into a
rule. However, they are handy for an
overview of what information is
available on a device.
KDE users can use the KDE Info
Centre to view information on
various classes of devices. If you’re
working with USB devices, you can
also get some of this information
from USBView. This may not have
been installed by default but should The GTK program USBView (above right) maps installed
be on most distros’ installation discs. devices. You can also try KDE’s Info Centre (far right).

92 LXF66 MAY 2005 www.linuxformat.co.uk

LXF66.tut_udev 92 15/3/05 4:39:18 pm


them with the serial numbers. These are the rules I use for my
laser and deskjet printers:
BUS=”usb”, SYSFS{product}=”Samsung ML-1510_700”,
NAME=”%k”, SYMLINK=”printers/laser”
BUS=”usb”, SYSFS{product}=”deskjet 5100”, NAME=”%k”,
SYMLINK=”printers/colour”
By using NAME=”%k”, the printers still have their usual
designation of /dev/lp0 and /dev/lp1, but whichever way
around these names are allocated, /dev/printers/colour and
/dev/printers/laser point to the correct devices. Although these
rules are for two USB printers, you could use similar rules if you
have one parallel and one USB printer.
Network name-calling
Udev is not limited to devices found in /dev. It also works with
network devices, as they still appear in /sys. If you have two
network cards in your computer, you need to know which is
which. If they are different cards, you can get away with using
the order in which you load the modules to determine which is
eth0 and which is eth1, but wouldn’t it be easier if you could
give them more meaningful names, and also work easily with
more than one of the same type of card?
Information on your Ethernet device is contained in
/sys/class/net.
# udevinfo -a -p /sys/class/net/eth0
looking at class device ‘/sys/class/net/eth0’:
SYSFS{addr_len}=”6”
SYSFS{address}=”00:03:0d:06:52:b5”
SYSFS{broadcast}=”ff:ff:ff:ff:ff:ff”
# udevinfo -a -p /sys/class/net/eth1
looking at class device ‘/sys/class/net/eth1’:
SYSFS{addr_len}=”6”
SYSFS{address}=”00:09:5b:24:dc:fb”
SYSFS{broadcast}=”ff:ff:ff:ff:ff:ff”
SYSFS{address} contains the MAC address of the network
hardware. This is unique for every network card, so it provides a
guaranteed way of distinguishing between them. To give these
interfaces more meaningful and persistent names, use the
following rules:
KERNEL=”eth*”, SYSFS{address}=”00:03:0d:06:52:b5”,
NAME=”inet”
KERNEL=”eth*”, SYSFS{address}=”00:09:5b:24:dc:fb”,
NAME=”lan”
You can’t use symlinks here, because each interface can
only have one name and they are not device files in /dev. These
rules will only take effect when the interfaces are initialised. You
can rmmod the modules and reload them with modprobe
(provided they are modules and not built into the kernel), or
reboot to reload them. Now the two interfaces are named inet
and lan, far more useful for a box acting as a firewall or gateway,
and it results in easier to read iptables rules too.
Memory card readers can cause difficulties if cards are
inserted or removed while they are connected to the computer.
This is particularly acute with multi-card readers.
Only the cards present when the device was connected will
be registered. For empty slots the device for the disk will be
created, say /dev/sda, but not for any partitions like /dev/sda1,
so it’s impossible to mount a card if you insert it after
connecting the reader.
This is not too much of a problem with external readers, as
you’d simply unplug it before inserting the card, but this is hardly
practical if you have an internal card reader. Fortunately, udev
provides a solution. Instead of NAME=, use NAME{all_
partitions}=. udev will now create 15 partition nodes as well as
one for the disk. These rules work with an unbranded four slot
multi-card reader:
www.linuxformat.co.uk
LXF66.tut_udev 93
TUTORIAL udev
BUS=”scsi”, KERNEL=”sd?”, SYSFS{model}=”USB SD
Reader”, NAME{all_partitions}=”usb/sd”
BUS=”scsi”, KERNEL=”sd?”, SYSFS{model}=”USB CF
Reader”, NAME{all_partitions}=”usb/cf”
BUS=”scsi”, KERNEL=”sd?”, SYSFS{model}=”USB SM
Reader”, NAME{all_partitions}=”usb/sm”
BUS=”scsi”, KERNEL=”sd?”, SYSFS{model}=”USB MS
Reader”, NAME{all_partitions}=”usb/ms”
Ensuring a removable device always has the same device
node really comes into its own when combined
with one of the systems of automatically mounting
new devices, such as supermount.
By adding suitable lines to /etc/fstab, you can
have a device mount when you connect it and
unmount when you remove it, and the user doesn’t have to
do anything. If your kernel has supermount enabled you can
have a device automount with a line like this in /etc/fstab.
none /mnt/camera supermount fs=auto,dev=/dev/usb/
camera,--,users,sync,noatime 0 0
This assumes that you have set up a udev rule to create
/dev/usb/camera when you connect your digital camera and
that the directory /mnt/camera exists. Note that not all digital
cameras work as USB storage devices, so make sure yours does
before trying to get this to work. You must use the sync option
when creating fstab entries for this. The option ensures that
data is written to the device immediately. Without it, you could
copy files to the device, wait for the copy to finish, unplug the
device and find that when you reconnect it the files are
nowhere to be seen.
Some people don’t like supermount. An alternative is autofs.
If your distro uses this you need to add a line like:
/media /etc/autofs/auto.media
to /etc/autofs/auto.master. Then create the file /etc/autofs/
auto.media and add a line like
camera -fstype=auto,users,sync,noatime,umask=0
:/dev/usb/camera
Unlike with supermount, you do not need to create the
/media/camera or /media directories.
Access privileges
So far, we have only looked at udev’s naming rules. But you can
also control the permissions of each device node created by
udev. The default file for this is /etc/udev/permissions.d/50-
udev.permissions so put your own settings in /etc/udev/
permissions.d10-udev.permissions. You normally will not
need to do anything here, but you can easily change the
permissions or ownership of any device. The format is one
device per line, giving owner, group and permissions, separated
by colons. The device name can include pattern-matching
MORE INFORMATION
characters. The following The man pages for udev and
printers/*:root:print:0660 udevinfo provide useful
would restrict access to printers to only those users who are information and there are
members of the print group. some useful websites,
notably www.reactivated.
There is a significant difference between devfs and udev in
net/udevrules.php. Gentoo is
terms of module handling. The former will load kernel modules
one of the few distributions
for new devices. Udev is purely about creating device nodes – that does not include udev by
module loading needs to be taken care of by hotplug scripts or default in its latest release
by adding them to /etc/modules or /etc/modprobe.conf, (the 2005 release will default
depending on your distro. to udev, though). If you’re a
We doubt you’ll miss any devfs features – the fact that udev Gentoo user, you’ll appreciate
operates outside the kernel makes it much more user-friendly, the excellent tutorial on
and it supports symlinks and network devices too. Now that switching over to udev, which
devfs is obsolete, udev is being shipped with almost every distro, is easy when explained
properly, at http://webpages.
and it makes sense for you to master writing udev rules. If you
charter.net/decibelshelp/
want to go beyond this tutorial and learn more, check out our
LinuxHelp_UDEVPrimer.html.
More Information box, right. LXF
LXF66 MAY 2005 93
15/3/05 4:39:20 pm
 TUTORIAL Audio
FINALISING AND MASTERING AN AUDIO PROJECT
Audio and music production
PART 4 Mastering an audio project involves fixing all its minor inconsistencies.
Graham Morrison takes to the controls for the final stage in the process.
The final project in Ardour.
94 LXF66 MAY 2005
LXF66.tut_audio 94
We’re going to cover the final stages of a typical audio
project in our final Linux audio tutorial. This is where
the composition’s galácticos are made into a team:
frequency ranges are massaged, a little more energy is
squeezed out of certain parts, while others need to be
restrained. It’s what’s known in the industry as mastering, and is
usually performed by highly-skilled engineers, as a fresh set of
ears can make the difference between success and failure. This
is the only way to finish a piece professionally and is becoming
part of the compositional stage with many virtual studios.
Mastering uses a just few essential audio processes. We
briefly covered the basics of these effects during the first audio
tutorial but it’s worth covering them in more detail. There are
broad divisions in the way that effects are used and
implemented. Some are purely utilitarian, while others are
creative, but the majority fall somewhere between. They can be
classified into three categories according to how they act on the
sound: delays, filters and dynamics. Obviously, the best way to
get to grips and understand the various effects available is to
use them, and currently, the application that provides the best
environment for effects processing is Ardour.
Adding effects
Any Jack-compliant application can be used for inserting effects
into the audio chain, but Ardour has been built from the ground
up to take maximum advantage of this interconnectivity. This
means that effects can be inserted manually into each channel,
or you can use a function called a send in the same place. Each
send creates a separate Jack channel where a track’s audio
www.linuxformat.co.uk
There’s more to reverb than meets the ear.
can be sent to an external program and re-inserted back into
the track after processing. This is the same as working with
external processors in a studio – which you can still do, simply
by making the Jack channel connect to physical input and
output ports.
Ardour is also well suited to mastering a project, thanks
mainly to its ability to perform the same effect-sending trick
from the master bus – right at the end of Ardour’s audio chain.
This makes it perfect for the final optimisations that often need
to be made to a piece before you burn it onto a CD. To get the
same functionality out of Rosegarden would involve connecting
the mastering effects manually into the final audio stream from
Jack, and Rosegarden has neither knowledge nor control over
what happens to this stream once it leaves the application
Effects are inserted into Ardour on a track-by-track basis,
using a working style very similar to that of Rosegarden. In fact,
they both feature functionally-similar mixing windows, which is
no surprise given that they were both designed to replace
dedicated mixers. The main difference is that Ardour’s mixer
features white space before and after a channel’s fader for
inserting effects. Rosegarden only supports effects added after
the fader, and while it may not sound like it, there is a distinction
between the two. As the fader controls the volume level of a
track, it means that effects inserted before the fader will
process the original audio level before it can be amplified or
attenuated: those inserted afterwards process the audio post-
filter. Depending on the effect, this can make either a little or a
lot of difference, but we’ll get to that.
Once audio has been loaded and dropped into its own track
in Ardour, effects can be assigned to the track from the mixer
window or the channel strip in the arrange window. This is done
by right-clicking in the small box below the channel’s fader (the
post-effect slot). The corresponding box above the fader is for
pre-fader effects. LADSPA-compatible effects can be inserted
by selecting New Plugin – the first of these is a delay.
Delays, filters and dynamics
Delay effects don’t just work on sound in the immediately
obvious way. Many processes rely on an array of tiny delays to
generate a more complex effect than that of simply playing
back a section of audio at a later time. The most widely used of
these in audio production is reverb (an abbreviation of
reverberation). This is an attempt to create an acoustic
14/3/05 9:09:09 am

ON THE DVD
A complete 22 track audio project to test your new skills
On this month’s DVD you should find a complete audio project
constructed using software from the last few tutorials. The project
includes 11 stereo tracks that can be loaded into Ardour. Not only is
this useful to see how projects can be constructed, but this
particular project is perfect for practising your new-found mastering
skills, as all the audio contained in the piece is quite rough and
untamed (there is also an example of a mastered version of the
track on the DVD).
Audio takes up a lot of space (without compression these files
would take up over 800MB of space), so they’ve been compressed
using Ogg Vorbis. As long as you have this already installed, they
can easily be converted back to WAV files using this command from
the directory containing the files:
$ oggdec *.ogg
The best way to get the converted files into Ardour is to create a
new 16-track project by selecting New from the session menu, then
entering a project location before switching to the configuration tab
and selecting 16 Tracks before clicking on Create.
environment that differs from that of the source material.
Audio in a recording environment is usually recorded dry – that
is, without any external ambiance or effect. A dry signal is
versatile, and doesn’t impose its recording environment on
other tracks.
The reason that reverb is considered a kind of delay is that
it’s usually nothing more than calculated reflections and filters
from a mathematical model of a room. In a canyon-sized room
you’d get an obvious echo, but with a smaller environment you
get an almost imperceptible impression of space. As a result,
these algorithms are computationally-intensive, and it’s only
relatively recently that native processing has been able to
compete with external digital signal processing hardware.
Notable reverb effects for Linux include Freeverb and gverb, and
they’re both perfect for augmenting a synth such as one
created with AMS.
Other notable delay-based effects include phase and flanger.
Both use discrete delays to create similar effects. The flanger
was famously invented to accommodate John Lennon’s hate of
multi-tracking recording, using two tape machines and varying
the playback speed of one by holding a finger on the machine’s
reel flange to produce timing fluctuations.
The main function for filters, at least at the mastering stage,
is equalisation. In a similar way to those gigantic graphic
equalisers on the front of an eighties hi-fi, they can either
amplify or reduce the audio signal at varying frequencies.
The difference in the studio is that the frequency range can
usually be configured, as can the range and density of the
effect. Early digital designs were aimed at creating the perfect
equaliser, but it was soon discovered that there was always
something missing from their character, in the same way as with
the filters for synthesizers. This has resulted in modern designs
trying to incorporate some of the imperfections of those older
hardware devices.
The least obvious but perhaps most important group of
effects are those involved in changing the dynamics of the
audio. The simplest such device is a noise gate, which mutes
the sound when the level falls below a certain threshold. This is
especially useful for eliminating the background noise from a
typical guitar amplifier.
Another dynamic effect is called a compressor (otherwise
known as ‘the bane of modern music’). When misused, it forces
a uniform signal level across a whole track. Music shouldn’t be
this way, but that doesn’t mean that a compressor doesn’t have
its uses. In fact, it’s pretty much the only way to bring out some
www.linuxformat.co.uk
LXF66.tut_audio 95
TUTORIAL Audio
After you’ve created the project, the audio files can be imported
into Ardour by right-clicking in the Region pane on the right-hand
side of the arrange window – then you can either import a copy, or
import a link to the audio. Once each segment is listed on the right
it should be dragged to the beginning of a separate track. Pressing
Play should let you hear the whole piece.
This project presents plenty of opportunities for adding effects to
the tracks (especially the pad track which really needs something
like a flange or a phaser), and is also perfectly suited to passing
through a mastering suite such as Jamin.
This music has been released under the Creative Commons
Attribution-NonCommercial-ShareAlike licence. Despite its overly
complex name, it’s very similar to the GPL licence familiar to
application development. You can redistribute and modify the files
as long as subsequent versions share the same license, but the
audio can’t be used commercially.
For further information on the legality and the motivation behind the
Creative Commons licences see http://creativecommons.org/.
of the detail that often lies just under
the surface of a recording. This is
most obvious when recording vocals:
one look at the waveform would show
that there’s often wide variation in the
level of the signal (imperceptibly
compensated for when listened to
in isolation).
This can make the track difficult to hear
when combined with the other tracks in a
project. That’s where the compressor comes in. As >>
its name suggests, it compresses the dynamic
FREQUENCY EFFECTS
Multi-band mayhem with FreqTweak
For generating a modest amount of audio mayhem, try passing
your audio through FreqTweak, a graphical frequency-dependent
filter. It also has more practical uses (you can use it to monitor
audio, for example), as both the input and output audio stream
can be viewed as a stereo spectrogram.
Both of the colourful graphs at the top and bottom of
FreqTweak’s main window plot the volume level of each frequency
in a horizontal spectrum of colour. Blue represents the lower
levels, red hues furnish the middle and violet denotes higher
frequencies. Time is
shown on the vertical
axis, so as the audio
passes through the
spectrograph, patterns of
frequency look like
rainbows at night.
The only difference
between FreqTweak and
a conventional effects
processor is that the user
specifies which
frequencies are affected
(you do this by drawing
them on a histogram in
FreqTweak’s GUI. The first
effect, for instance, is a
filter, and removes the
frequencies from the FreqTweak enables you to draw
audio path depending on filters and delays then shows
the levels drawn into its you the difference using a pair
corresponding histogram. of spectrograms.
LXF66 MAY 2005 95
14/3/05 9:09:14 am
 TUTORIAL Audio
Jamin’s interface isn’t
as bad as its name.
>> range (that’s the gap between the loudest and the quietest
parts), generating a more consistent level. In simple terms, it
attenuates the loudest parts while amplifying the quieter.
The whole point in covering these processes in some detail
is that they’re all involved in the mastering stage of a project.
Using a compressor with equalisation on a vocal track is often
essential. The same is true, to a greater or lesser extent, of the
other components in a project. Bass tracks rely on compression
to create the pumping punctuation in a typical dance track as
much as compression on a vocal can change the emphasis in a
performance, so it’s not all about volume.
If you’ve managed to take all this in, we can now move on to
the mastering stage. Linux features a specific mastering
application, which in keeping with other dreadfully-named Linux
audio utilities is called Jamin. It’s basically a hard-wired group of
mastering effects, arranged as you might typically use them for
finalising a project. This is meant to be the last process in the
audio chain before the track is burned to disc (actually the
TAKING CONTROL
External controllers and Linux
Getting the volume levels right for a project individual track from a well-specified hardware
with 11 tracks of audio is difficult at the best of interface to an external mixer. The other way is to
times, but moving virtual sliders with a mouse use an external hardware controller that’s
button makes it even harder. Mixing consoles interfaced to the computer in some way.
give music engineers instant access to a track’s While you may think that these controllers are
volume through its corresponding fader, and the domain of other more popular operating
several faders can be moved at once. systems, this isn’t necessarily the case. Because
The only way to achieve the same most of them use MIDI as their transport
thing with a mouse is by protocol, nearly any generic interface
using automation is compatible.
to record the What’s more, there are
movement now interfaces that
on each accept incoming
channel’s MIDI, which
fader over enables them to
several passes of update their
the piece of music. surfaces to reflect the
There are two on-screen version.
possible solutions to this Behringer’s controllers
problem. One is to output each work with Linux.
96 LXF66 MAY 2005 www.linuxformat.co.uk
LXF66.tut_audio 96
very last should be a dither algorithm for making best use of
your native 32-bit sound files when they’re converted to 16-bits
for CD).
Master and servant
Ardour’s master bus has a section for processors that need to
occupy the final stage of an audio chain. It is below the master
channel fader (labelled Post-Fader Inserts, Sends & Plugins). As
Jamin is a stand-alone application rather than a plugin, Jack
connections to Jamin need to be made from the master bus.
Right-clicking in the white box below the master channel’s fader
should present you with the option of inserting a new plugin, a
send or an insert. In this context a plugin is for internal LADSPA
effects; a send simply pipes the output from the channel to an
external process; and an insert does the same but expects the
signal to be directed back to the channel. It’s this final one that
we need to use so that the output from Jamin comes back to
Ardour’s master channel.
Once an insert has been created, Jamin itself needs to be
started. By default, it automatically connects itself to the
hardware outputs in Jack. This would create a problem on
playback, as you’d get a duplication of the signal, one being
from Ardour, the other from Jamin/. To prevent this, just
disconnect Jamin’s output from within qjackctl’s connection
window. The next step is to wire Jamin into the audio chain.
While this can be done from qjackctl’s connection window,
Ardour has a considerably simpler interface and is often far
easier to use than the spaghetti wiring you often get using
qjackctl. To make this connection from within Ardour, right click
on the newly-created insert and select Edit. This brings up
Ardour’s own connection window, with the inputs on the left and
the outputs on the right. At the moment, there’s only a single
output enabled – the equivalent of sending audio in mono. This
is useful for some effects, but would be catastrophic for the
master track.
To add the other channel, just click on Add Output. To make
the connection, select the Jamin tab for both the input and
output channels, followed by clicking on the Jamin outputs as
they appear in the list. This should move them to the output
box on the left of each section and at the same time make the
connection within Jack. Finally, the insert needs to be enabled,
either from the menu, or by middle clicking on the insert (this
should remove the brackets).
If all has gone well, when you next play through the project,
the output should be routed first to Jamin and from there back
to Ardour. You can tell that Jamin is working when there’s lots
of activity in its window. That window is a little intimidating at
first, but it’s really only providing access to a combination of
three compressors and a parametric equaliser, plus a couple of
The three compressors act on different frequencies.
14/3/05 9:09:17 am

boost and limit sliders. Why three compressors? Well, each is
frequency dependant, which means they each process a
separate frequency range. To help with this, the upper area of
Jamin’s display houses a spectrum analyser, which maps the
volume on the Y axis and the frequency on the X. Lower
frequencies are on the left, higher on the right, and the
frequency at the cursor position is displayed under the window.
Parametric equalisation can be edited either from the
spectrum analyser or from the more familiar slider interface
presented under the 30 Band EQ tab. From the spectrum
analyser the equalisation curve can either be drawn by hand, or
edited by dragging the curve anchor points, which are shown in
yellow. Points over the middle line boost the signal, while those
below reduce it: the width of the boost can be edited by
broadening the curve. A tight notch at 50 or 60Hz for example
could reduce hum from an electrical supply, while a broad gain
at around 2–5KHz would lift a vocal slightly, whereas further
gain in the 15KHz+ region can introduce an almost
imperceptible definition to a recording. 15KHz is about the
upper limit of human hearing – but you dog will love this effect.
Compressed Ardour
The green and red vertical bands are the crossover points for
the three compressors. Any frequencies that fall between the
left border and the green bar are sent to the low (or bass)
compressor. Those that fall between the two bars are for the
mid-range, and those to the right of the red bar are sent
through the high frequency compressor.
Each compressor shares the same controls, labelled as
ARTrKM across the top of each section. These letters represent
attack, release, threshold, ratio, knee and makeup gain, and are
typical to nearly every compressor.
Beneath each compressor’s sliders are a pair of level
indicators. The top one displays the volume for each respective
compressor’s frequency, and the lower shows the gain reduction
incurred on the source frequency range by each compressor. All
these elements are brought together in the curves shown in the
corresponding compressor tab. These are a graphical
representation of the lower parameters and show the level of
attenuation for any given input level. Unaltered volume would
be a straight line between the lower left corner and the
right-hand end of the horizontal zero gain line (values above
this line represent gain).
In a typical session, you would move the threshold to the
point where the gain reduction indicator starts to bounce, then
alter the attack and release depending on the material and the
frequency range. Slower material obviously benefits from slower
envelopes, while punchier music needs the faster recovery
times of a quicker envelope. It’s important to hear the effect of
The before and after effects of mastering.
www.linuxformat.co.uk
LXF66.tut_audio 97
TUTORIAL Audio
LINKS
Software used
this month
Ardour 0.96beta26
www.ardour.org
FreqTweak 0.6.1
http://freqtweak.
sourceforge.net
Jamin 0.95.0-beta2
http://jamin.sourceforge.net
SWH Plugins 0.4.13
http://plugin.org.uk
And you thought you could leave wires behind.
each change, and this can be made much easier using the solo
switch, isolating the audio that’s sent to the current compressor.
The most important parameter though is ratio, as you can see
when changing this value on the graph – it changes the ratio
between the amount of attenuation and the input volume.
Once the project has been tweaked in Jamin, the next thing
to do is render or record the final output to an audio file. This
should make it relatively easy to either burn the track to a CD,
or upload your masterpiece to a website. From Ardour, open
the Export Session window (Session > Export > Export Session
To An Audio File) and change the filename. The rest is
project-dependent: for CD you would obviously need to make
sure that the sample format is set to 16 bits and that the
frequency is 44.1KHz.
The show must go on
If you have been working with high sample and bit rates (and as
Ardour uses 32-bit floats for internal processing, you probably
have) the output quality can be improved by using dither.
Dither in audio works in exactly the same way as it does in
video, and hides the imperfections inherent in digital stepping
by applying a veil of noise. For best results, experiment with the
different dither algorithms – but I find Shaped Noise often suits
my stuff best.
Finally, make sure the master outputs are selected in the
Output selection and click on Export. Ardour will then run
through the whole project and render the output to an
audio file.
And that’s it. You should now have the finished product on
your system in the shape of an audio file. Over the last few
months, this series of tutorials has covered the basics of Linux
audio, starting with the fundamentals of ALSA and Jack, NEXT
followed by synthesis and sound generation before the reaching
the final stages of mastering. While in many ways this has been
MONTH
The end is only the beginning
only a brief overview of the many audio possibilities available to
– in next month’s issue we’ll
Linux users, the main intention has been to whet your appetite
look into the future with
enough to push you into actually doing something, and if you do,
Linux and cutting-edge audio.
you know where you can send the results! LXF
LXF66 MAY 2005 97
14/3/05 9:09:19 am
 TUTORIAL PHP
LOGGING IN SITE USERS SECURELY
Practical PHP programming
Mischief-makers want to crash your site; hackers want to steal your visitors’ data. If you’re feeling under
siege, follow Paul Hudson‘s three steps to logging in users securely while keeping out internet riff-raff.
Websites that require visitors to log in first – perhaps
before posting to a forum, accessing content or
placing an order – need to take the process seriously.
That means getting the login data to the server securely,
ensuring it’s legitimate, verifying the visitor’s credentials and
then issuing them with access rights. The first of these tasks is
handled transparently by SSL, so we needn’t concern ourselves
with it. But as this tutorial will show, we can use PHP to manage
the other three steps, which we can summarise as:
■ Validate Ensure that the inputted data is what you expected,
of the correct length and correctly formatted.
■ Authenticate Check what the user provided against what
you have in your database.
■ Allocate When you have established that the user should
have permissions, issue them with an access token that gives
them access rights to their account.
Follow the advice over the next four pages and you can’t fail
to put in place a secure system for logging in users. Relatives of
African dictators, ambitious database hackers and fraudsters
with a talent for spending other people’s credit cards will all be
politely shown the door, leaving your validated, access-wielding
users to party online in peace.
Step one: validate!
Web logs have swept through the internet in recent years, to
the point that every self-respecting geek must have one. But
they’ve brought with them the scourge of comment spam –
unwanted or downright malicious messages being posted.
Two things make comment spam possible. First, Google
ranks highly websites that have a high number of links to other
98 LXF66 MAY 2005 www.linuxformat.co.uk
LXF66.tut_php 98
sites (known as PageRank). Second, most blogs use
off-the-shelf software. As a result, spammers have written
scripts that look for the Post Comment fields in a blog and fill
them full of links to their sites. Google then thinks these sites
are popular, and indexes them highly.
This technique – an automated form of Googlebombing –
has been plaguing blogs for a long time. Websites can now
place a No Follow option on unwanted links to make Google
and other search engines ignore them – perfect. However, this
doesn’t actually stop comment spam, it merely makes it less
desirable for the baddies. It’s still possible that the person
posting a comment to your site isn’t a person at all.
Another thing we should be looking at is bad input in online
forms – either people trying to type extraordinarily long
usernames or people trying to enter bad input specifically for
malicious purposes. We also need to ensure it comes from a
real person and that they haven’t tried to spoof the referer
(nb this is not a typo: our elite troupe of editing monkeys know
that this word is spelled with a double ‘r’, but the official W3C
standard is ‘referer’ – hurrah for official incompetence!).
So, first up: how can we prove the person who submitted our
form is a real person? What we want to put in place is what
Alan Turing called an imitation game, now called a Turing test:
we interrogate the entity submitting the form, and – because
computers are not (yet) able to masquerade sufficiently well as
humans – we should know for sure whether it’s a machine or a
person at the end of the wire.
A popular method right now is the Turing test image, where
you show the user some text in a picture and ask them to type
it in. This works fairly well, but has its downsides: as an image, it
15/3/05 6:17:05 pm
 TUTORIAL PHP

cannot be scaled up for people who have sight problems (and should then be $add_one + $add_two + $time. When the
their screen reader cannot read out the image contents – it’s form gets submitted, we check that the answer is correct, but
designed to be unreadable by computers, remember!), and it’s also that the post was submitted within 30 minutes of the user
invisible to people who browse the web with images turned off. being shown the form – we essentially make the hash answer
Instead, we’re going to do something text-based. Our valid for only half an hour.
solution is to ask the visitor to type in the answer to a simple Once we know that our input is from a real person, we can
sum, such as nine plus three. We don’t want to discourage eliminate potentially bad data – this is the easy part. Our goals
people from submitting comments or ordering from our store here are to:
by asking them things that will make their brains hurt, so we’ll ■ Trim all data to the size we’re expecting.
only be using the numbers one to ten and will be sticking to ■ Substitute reserved characters with their HTML equivalent.
simple addition. ■ Escape quotes.
In PHP, we’re looking at something like this: We can do all that with just one line of code, like this:
<?php $mytext = add_slashes(substr(trim($mytext), 0, 50));
$numbers[0] = “zero”; The ‘50’ part is arbitrary: you will want to change that to the
$numbers[1] = “one”; length you’re looking for.
$numbers[2] = “two”;
The final task is checking the referer, which again is quite
$numbers[3] = “three”;
simple. PHP provides it as a string in $_SERVER[‘HTTP_
$numbers[4] = “four”;
REFERER’]. As mentioned, this is easy to spoof, and in addition
$numbers[5] = “five”;
$numbers[6] = “six”; to this some firewalls are configured to strip referer information
$numbers[7] = “seven”; out of requests being sent.
$numbers[8] = “eight”;
$numbers[9] = “nine”; Step two: authenticate!
$numbers[10] = “ten”; Once we have our login information, we can run it against our
$add_one = array_rand($numbers); database to see whether the user is authorised. Of course, our
$add_two = array_rand($numbers); database passwords aren’t stored in plain text (right?). Instead,
?>
we hash them with SHA1 so that even if our Gringotts-like
<form method=”POST” action=”first.php”>
database gets broken into, the passwords will still be safe.
Some text: <input name=”Comment” type=”TEXT” /><br /><br />
This can be the easiest part of the entire process. When users
Please answer this simple question: what is <?php echo
$numbers[$add_one]; ?> plus <?php echo $numbers[$add_two]; set their password, SHA1 it and store it away. Then, when the
?>?<br /> user logs in next time, SHA1 their input and compare it with the
The answer is <input type=”TEXT” name=”CommentSumAnswer” stored copy.
/> (please write in numbers, eg 19)<br /><br /> So, yes, that’s easy – but is it the most secure option? No. Is
<input type=”SUBMIT” value=”Add comment” /> it even the most user-friendly option? Again, no. However, it is
<input type=”HIDDEN” name=”CommentSum” value=”<?php echo the easiest option if you’re lazy: it puts password stealing out of
md5(sha1($add_one + $add_two)); ?>” /> reach of nearly everyone in the world, and only has two
</form> downsides, namely: users are required to enter their full
In that code, we have an array of 11 numbers: zero to ten. password; and users cannot be given a reminder if they forget I’m glad I
validated this glass
We pick two randomly with array_rand() and add them their password.
– it’s filthy!
together. The form gets submitted with the user’s answer to the The first of these drawbacks sounds like it is entirely negated
question, plus a coded version of the correct answer. SHA1 and by SSL, because it sends the password encrypted over the wire.
MD5 are both hashing algorithms that generate a fixed-length However, if you’ve ever wanted to check your email while at a >>
string that can be used to validate another string. That is, setting conference or while sitting in an internet café abroad, you will
a HTML field, ‘CommentSum’, to the value of md5(sha1($add_
one + $add_two) will add the two numbers together (say they
were seven and six, giving 13), then hash them with the SHA1
algorithm, then hash the SHA1 algorithm with MD5.
We then transmit that to the server, and hash the user’s
answer in the same way – our two answers should match.
Yes, this is security through obscurity, but it’s a surprisingly
common trick. Often a magic number is rolled into the mix,
eg $add_one + $add_two + 0xBEEFEEBABE or 0xC0FFEE.
And that’s the least of our problems: have you spotted the
fatal flaw in the current plan? Well, consider this scenario: a
spammer visits our site personally to find out why his weapon of
mass spamming hasn’t managed to fill our site with spam.
There he sees the question, ‘what is five plus six?’ and also
sees the hash value that tells the server what the answer
should be (‘c8180c19e5a1278cddf5248331ef7fa5’).
What’s to stop him submitting the form by hand, sending ‘11’
and ‘c8180c19e5a1278cddf5248331ef7fa5’ each time? Well…
nothing – the server can’t tell that the spammer is forcing the
question and providing the set answer, so this makes our code
easy to break.
The solution is quite simple: along with the question and
answer, we provide a field marked ‘Time’ that records the time
at which the form was shown to the user. Our answer hash

www.linuxformat.co.uk LXF66 MAY 2005 99

LXF66.tut_php 99 15/3/05 6:17:08 pm

 TUTORIAL PHP
>> know that SSL only secures half the equation – it stops people
from reading the password when it’s going over the web, but it
doesn’t stop people from reading the password if they have
installed a local key logger. Paranoia rocks – just ask Ozzy.
The second drawback springs from the fact that SHA1 is a
hash algorithm that performs one-way encryption. That is, you
can’t get the plain text input from the SHA1 output. As a result,
if a user forgets their password you cannot simply ‘decrypt’ the
SHA1 key and send it to them.
Is there a solution here? Absolutely, but it takes that “easiest
part of the entire process” we wrote about and turns it into
something that requires some mathematical analysis. The
process is called symmetric encryption, but before you drop
your copy of LXF and run, hang on – despite appearances to
the contrary symmetric encryption is nothing to be afraid of,
though there are a few terms you need to know:
■ Block cipher Your source text gets split up into chunks
when it’s encrypted, and a block cipher decides how each
chunk is handled.
■ Ciphertext This is the encrypted version of your source text.
■ Initialisation Vector (IV) A value (preferably kept secret)
that’s used to make your input look less conspicuous.
■ Key This is the secret value that, combined with your IV,
encrypts your data.
On top of that, we also have a choice of encryption
algorithms and key sizes – we’ll be using 256-bit Rijndael
(commonly known as the Advanced Encryption Standard, or
AES) but there are others to choose from.
The complete encryption and decryption process follows
these steps:
1/ Select an algorithm and block cipher.
“No, I don’t
2/ Create an IV.
think authentication
will be necessary. If you 3/Create a key.
say you have $20 million 4/ Initialise the algorithm with the IV and key.
stuck in Nigeria I believe 5/ Encrypt.
you, buddy.” 6/ Unload the algorithm, IV and key.
7/ Reload the algorithm, IV and key.
8/ Decrypt.
9/ Unload the algorithm, IV and key.
100 LXF66 MAY 2005 www.linuxformat.co.uk
LXF66.tut_php 100
It’s a little harder to read in code, but if you’re still with me
at this point then I imagine nothing will scare you off.
<?php
$plaintext = “This is very important data”;
$plainkey = “There’s nowt as queer as folk”;
$td = mcrypt_module_open(MCRYPT_RIJNDAEL_256, ‘’,
MCRYPT_MODE_CFB, ‘’);
$iv = mcrypt_create_iv(mcrypt_enc_get_iv_size($td), MCRYPT_
RAND);
$ks = mcrypt_enc_get_key_size($td);
$key = substr(sha1($plainkey), 0, $ks);
mcrypt_generic_init($td, $key, $iv);
$ciphertext = mcrypt_generic($td, $plaintext);
mcrypt_generic_deinit($td);
mcrypt_generic_init($td, $key, $iv);
$decrypted = mdecrypt_generic($td, $ciphertext);
mcrypt_generic_deinit($td);
mcrypt_module_close($td);
echo <<<EOT
Input was “$plaintext”
Key text was “$plainkey”
IV was $iv
Key was $key
Ciphertext was $ciphertext
Decrypted was “$decrypted”
EOT;
?>
Do run this script before trying to understand it – if only for the
fact that it’s reassuring to see it print working data out before
committing its mechanism to memory!
First up, we create $plaintext and $plainkey to hold the
data we want to encrypt and the secret encryption string,
respectively. What you choose as your key is important, but
don’t worry about getting it to a particular length – as you can
see in the script, it gets passed into sha1() so that it uses more
characters, then trimmed to the length of the key that the
algorithm accepts.
The call to mcrypt_module_open() takes an algorithm as
the first parameter and the block type as the third parameter –
leave parameters two and four blank. As you can see in the
code, the first parameter is where you select the algorithm you
want – as mentioned above, 256-bit Rijndael is used here, but
you can use others such as MCRYPT_SERPENT_256 or
MCRYPT_TWOFISH_256.
That said, you should keep in mind that no one ever got
fired for using AES, as it is the recommended encryption
standard. While the other two algorithms are very strong pieces
of work – Twofish was Bruce Schneier’s attempt to compete
with AES; Serpent is the strongest of the three (and the
slowest!) – you should only need them if for some reason AES
doesn’t meet your needs.
Next up, we create our IV using mcrypt_create_iv(). This
takes the size of the IV to create (provided through the return
value of mcrypt_enc_get_iv_size()) and the random number
generator it should use – MCRYPT_RAND uses
/dev/random. The IV gets applied to your data before it’s
encrypted, to make it look more like white noise – a process
known as whitening (it’s essentially pre-encryption). After
generating the key, we place it and the IV into the algorithm
using mcrypt_generic_init(), then use mcrypt_generic() to
finally perform the encryption.
In between encryption and decryption, you can see that we
use mcrypt_generic_deinit() to free up the resources –
without this, decryption simply will not work (you’re welcome to
try it). At the end of the script, mcrypt_module_close() is
called to free all the resources up before the script terminates.
At the end, all the variables are printed out so you can see
exactly what has gone on – I would print the output here, but
15/3/05 6:17:11 pm
 TUTORIAL PHP

Now I’ve been

allocated access
the encrypted text uses some pretty wacky characters that rights the world is
simply won’t make it through the print process. my oyster!
Now that we have working encryption we can store
complete passwords in our database without losing the ability to
decrypt them for checking. However, that is only a stepping
stone towards our goal. In order to fully secure our users we
should ask them to type in only part of their password. For
example, it would be a smart move to ask users to enter letters
2, 5, and 3 from their password one time, 1, 4, and 5 the next
time, and so on. You’d then decrypt the password and check
individual characters.
This method doesn’t make your system foolproof (the
universe is always giving us better fools), but it does make it a
great deal stronger. That’s because to be able to piece together
the full password a hacker must monitor several login attempts
and store both the request (in order to know which letters the
user is providing) and the keys being typed.

Step three: allocate!

We’re at the last phase now, so you can get ready to put the
kettle on and give your mind a well-earned rest. Don’t let
yourself switch off yet, though – this is the most important part
of the whole operation.
You see, it’s at this point that we grant site access to our
users – the point at which we hand them the keys to our
Ferrari, as it were. This is dangerous, because if a malicious user
gets an authenticated user to relinquish their access privileges
(either through social engineering or some technical wizardry)
it can cause havoc on your system and result in a very irate
bona fide user.
So what we’re looking at here is the question of how to
allocate security privileges to a user in a way that it becomes
incredibly hard to subvert those privileges. The most common
tactic around right now is called session fixation, and is actually 7/ User carries on browsing innocently.
quite cunning. If you’ve looked into how PHP’s sessions work,
you’ll know that it sets a field called PHPSESSID with a random
value like this one: 5p6oail4fcjie309su6dkoc6o4. That value
gets stored in a cookie on the user’s local machine and gets
sent to the server with each request so that PHP knows which
session to load. Anyone able to guess the session ID of a valid
user will be able to get their access rights.
Being both long and random makes the session ID very
difficult to predict. However, it turns out that you don’t actually the function regenerate_session_id(). By ‘privilege elevation’ I
need to guess the ID at all – you can just pass a pre-generated
value and PHP will use that. For example, <A HREF=”http://
www.somesite.com/foobar.php”> would link to foobar.php
and allow PHP to generate a random session ID. But
<A HREF=”http://www.somesite.com/foobar.php?PHPSES
SID=evilhaxxor”> would link to the site and use the session
ID ‘evilhaxxor’. A dastardly villain need simply wait for someone
to click on their link and Mitnick’s their uncle.
As usual, there is a solution waiting in the wings. To foil our session ID, because if they are the victims of session fixation
attacker, we can do one of two things: tie the session to a
particular characteristic of the user that created it; or
regenerate the session ID on privilege elevation. Of course, for
maximum security we can do both – and that’s what we’re
4/ User logs into their account.
5/ Villain goes to site with same session.
6/ Site notes that villain browses with Firefox and cuts him off.
Of course, more than 80% of the world uses Internet
Explorer right now – but this doesn’t make our solution any less
valid. For example, we tried IE out on a Windows XP box, and its
user agent was ‘Mozilla/4.0 (compatible; MSIE 6.0; Windows NT
5.1; SV1; .NET CLR 1.1.4322’ – that’s pretty distinguishable! If
our hacker doesn’t have exactly the same versions of Windows,
IE and .NET, then he’ll have a different user agent – simple.
Regenerating the session ID is just as easy to do, thanks to
mean ‘whenever your user acquires access rights’. When they
click on the Evilhaxxor link through to your site, they will be
guests by default – they won’t be able to post messages, buy
things, and so on. To do that, they’ll have to log in, which usually
entails the entry of a username and password. When we
authenticate them, they’ll have their privileges elevated – they
can do all the things they would expect to do with their account.
It’s at that precise moment that we should regenerate the
then the villain will be left with the old, guest session, and our
new user will get a fresh, clean and safe session.
Using regenerate_session_id() is simple: just call it (with
no parameters) and ignore the return value. It automatically

NEXT
going to be looking at right now. copies the data across from the old session to the new, and
Tying the session to a user can be done in a number of ways. sends out a cookie to the user with the new session ID. The one
Surprisingly, the easiest way is probably the best: we take the
user agent of the visitor and store it in the session. This then
thing that might catch you out is that last part: it sends out a
new cookie, which means that you must call it before you send
MONTH
gets referred to each time the page loads, to ensure it’s the any HTML content, otherwise it won’t work. Calling this function We’ll be diving into the world
same person on the session. Step by step, we get this: is very fast – if you were particularly paranoid you could change of natural language: can we
1/ Villain sets link with known session ID. the session ID each page! spellcheck users’ input?
If not, can we at least
2/ User clicks on link, gets known session ID. But then paranoia is no bad thing on the internet right now
phonetically guess what
3/ Site notes that user browses with Internet Explorer, stores this – so setting up a secure login process like the one we’ve talked
they mean?
in session. you through here is a darned sensible step to take. LXF

www.linuxformat.co.uk LXF66 MAY 2005 101

LXF66.tut_php 101 15/3/05 6:17:12 pm

 ANSWERS
Answers
If you are really stuck and the HOWTOs yield no good result, why not write in?
Our resident experts will answer even your most complicated problems.
OUR EXPERTS Acer in a hole
Q
A while ago I took the
Whatever your question, we can plunge and installed
find an expert to answer it. From SUSE 8.2 with a Centrino
installation and modem woes to wireless card on my Acer
network administrations, we can laptop. I’ve since upgraded to 9.2
get the answer for you – just fire
and have 9.1 Professional installed
off a letter or email and it'll all be
taken care of. on my desktop.
I expected all sorts of problems
with the laptop, but they didn’t
LXF Answers guy materialise, except for one major
David Coulson is
issue – I can’t get it to talk to
a networking and
security guru with anything. That’s not quite true – it
plenty of sysadmin will connect to the internet if I cable
experience to boot. it into my Linksys router, but...
■ Neither of my Linux boxes can
see one another (I set the Samba
server up on the desktop using
Nick Veitch is the YaST, and the laptop up as a
editor of the
Samba client).
magazine, and
answers your easy ■ The wireless card won’t connect
questions! Or to the internet or see the other
indeed anything to computer.
do with Grub, LILO, netatalk, Vi... ■ I can’t get a connection via
bluetooth to my T610 phone.
■ Infrared works according to
Hans Huberland
YaST’s Test button, but won’t do
is Rackspace anything beyond this.
Managed Hosting’s ■ The inbuilt modem is recognised
Linux expert and a and dials telephone numbers, but
real-life system
administrator on
call for your questions.
Send your questions for our experts to:
Linux Format, Future Publishing,
beyond that PPPd crashes - no
connection again.
I’m on the verge of stripping
SUSE off the laptop because it’s
using up so much of my work time
30 Monmouth Street, Bath BA1 2BW
just trying to get connected to
or email lxf.answers@futurenet.co.uk.
deliver work to clients. Why does
Got a sysadmin query? Send it to Hans
at sysadminqa@rackspace.co.uk. it have to be so difficult? I’m not
a techie but I’m a very competent
Windows user.
If I could find someone to talk
me through this, I’d feel different, I
expect. As it is, I only have limited
time to trawl the internet and then
start tailoring dangerous-looking
configuration files.
I like Linux and I support
open source software and make
donations but it’s just getting to be
too much. If you can help me get
wireless and bluetooth operating
on my laptop and make my two
Linux boxes ‘see’ one another, I’d be
mighty pleased.
102 LXF66 MAY 2005 www.linuxformat.co.uk
LXF66.answr 102
Configuring laptops can be tricky.
We’d suggest you use NFS for
filesharing with your desktop.
Otherwise, I guess it’ll be back
to Windows but using as much
open source as I can. Your
magazine is excellent – I’ll probably
still read it even if I have to say bye
bye to Linux.
Richard Moore
The simplest way to solve
A this problem is to begin at
a low level and try to ping
hosts on the network. If you
can ping the other system by its IP
address, then the chances are that the
basic network is OK.
There are situations where pinging
works and file transfers do not, but
these are few and far between, and
are generally limited to complex
network configurations.
You can verify the IP configuration
and routing on the laptop using
ifconfig –a and route –n. Your
on-board Ethernet will be eth0, and
your wireless will be eth1 or wlan0,
depending on how the distribution
handles wireless access.
If you can access the wireless
router, but can’t get out onto the
Internet, then the fault is likely to be a
routing issue on the device; either
because a default route is missing, or
the system is trying to send all traffic
out of the wired Ethernet interface.
Without information on specific
configuration options, and the current
state of the system, it’s difficult to put
my finger on an individual cause of
your network problems.
Samba on each host will need to
be configured via the etc/smb.conf
file, so they’ll both belong to the same
workgroup. Even without this change,
you’ll be able to access shares
permitted in etc/smb.conf by
specifying the IP address of the host
in the Samba client.
Rather than using Samba, file
sharing on Linux is better done using
NFS, which can be configured using
the SUSE system configuration tools,
or by editing etc/exports.
With all laptops, it’s a good idea to
start over at www.linux-laptops.net,
and see what success others have had
with Linux and specific configuration
options used. Laptops are,
unfortunately, rather strange beasts,
and it can be difficult for developers
to get their hands on every single
variant out there.
You may want to give a distribution
such as Mandrake or Fedora Core a
try and see if you have anymore
success. Often, different Linux
distributions have kernel patches
installed, which resolves any problems
interacting with various hardware
devices. DC
Linux for business
Q
I’ve got a good one for
you. I’m not sure that
this can be categorised
as a technical question
but the only other places I can find
answers are bound to be biased.
I’m a Linux business user. Most
of our back-end servers and
services are Linux-based. Our users
don’t care whether we use Red Hat,
SUSE, Microsoft Windows or Baron
Samedi-style voodoo – they all
have Windows desktops and
essentially just want to browse the
net and get their mail and files.
We’re upgrading our server
14/3/05 10:48:00 am

hardware, which is extremely dated
and is about to fall out of warranty
(it’s already been End of Life for
some time).
If fortune favours us we’ll be
able to do this upgrade one server
at a time, so we’re not under
immense pressure to get the entire
network done in one go. We have a
decent budget but can’t go on a
complete shopping spree.
Now for the questions: what’s
the best server hardware to go for
if we’re looking for Linux
compatibility? We’d like the vendor
to have official Linux support – not
just some guy on the net who’s got
some source for BSD we can try to
cross-compile with mixed results.
Secondly, is it really worth going
for one of the paid-for Linux
distros? All our current servers use
Red Hat 8, which works pretty well.
A Red Hat-based distro would seem
an obvious choice but is Red Hat’s
Enterprise Linux the best option, or
would we be better off with
Fedora? Having said that, if we’re
going to be paying money for this,
would SUSE would be better?
Thanks for your help.
RJ
Wow, an IT department with
A a budget, fantastic start!
Before I give you my view
and trigger an onslaught
of hate mail please remember that
this is only the opinion of one simple
man trying to make his way in the
universe, based on my own
experience with server hardware and
Linux distributions.
Most of the hardware vendors out
there are really very good. I’d say
there are two main categories to
choose from here. The top tier
hardware vendors like Dell, HP, and
USB 2.0 is provided using the EHCI capability in the Linux kernel,
allowing for high-speed data transfers.
LXF66.answr 103
IBM etc. These guys make
phenomenal hardware – it’s their
business to, but many of them only
support Linux as an afterthought.
From my own experience Dell have it
covered on their rack-dense servers.
They can offer you Red Hat Enterprise
with SUSE preinstalled at the factory,
which means you can be confident of
having good driver support.
Another big company taking bold
strides is IBM. IBM has always been a
favourite of mine, and with the
millions of dollars they’re pumping
into open source they’d be a safe bet.
At the other end of the spectrum
you get the true grass roots Linux
companies that make their own
servers mostly out of commodity
clone hardware.
There are loads of such companies
around, and most of them are small
and so give a more personalised
service than the big hitters. These
companies are built on Linux so
providing a product built with Linux in
mind is what makes them tick.
When it comes to picking a vendor
for your software it gets more blurred.
Here are the main reasons I would be
willing to pay for a Linux distribution:
■ Updates If a company provides a
Linux package they’re obliged to keep
it running securely.
■ Support There’s someone to call;
even if it may cost a little money.
Different levels of support are available
for different budgets.
■ Accountability Often the people
paying the cheques like to know that
there is somebody they can hold
accountable for a failure in service,
either of the product or any of the
ancillary services.
I’ll focus on Red Hat in particular
as I have no real experience with
Novell/SUSE’s commercial offering.
www.linuxformat.co.uk
ALL ABOUT RACKSPACE
LXF Sysadmin
Answers – in
association
with Rackspace
Managed
Hosting
When it comes to managed hosting
Rackspace is unique. We are the only
hosting company to guarantee 100%
network uptime and we will even
pledge to replace faulty hardware (let’s
face it, it does happen) within an hour.
As you would expect from Red Hat’s
only Advanced Hosting partner you will
receive Fanatical SupportTM and instant
emergency response from
fully-qualified level three technicians,
available 24 hours a day, 365 days a
year. No answering machines, no
diversions, no silly on-hold messages.
All our customer platforms are
housed in state-of-the-art, secure data
centres and can be fully customised to
meet any requirement. A dedicated
account manager is allocated to you at
Red Hat will give you the actual
operating system license as well as a
subscription to their up2date service
for patches. Also, if they release a
newer version (such as the upcoming
RHEL4) you’ll be able to download
and install that too. For the
approximately £500 standard
package they’ll answer an unlimited
number of queries within four hours
during business hours.
This level of service can be
upgraded all the way to one-hour
response times, 24/7. SUSE’s free
product support will also work very
well for you but don’t expect anything
more than Google for help; you really
do get what you pay for when you’re
talking support.
Having said that, if you’ve been
using the free Red Hat product for
some time, you can probably support
yourself quite adequately whatever
distro you go for. HH
Hi tension
Q
I have a D845WN Intel
motherboard, which
(according to the Intel
website) has Hi-Speed
USB 2.0 ports. Unfortunately I’ve
not been able to attain high speeds,
even after installing all the relevant
ANSWERS
the outset and will remain on your
account. All Rackspace employees are
committed to ensuring customer
satisfaction, and they will not rest until
a client problem is resolved.
Since Rackspace was established in
1998, it has specialised in managed
hosting – nothing else. We’re not an ISP,
we don’t sell domain names, and we
won’t offer website design – all we do
is managed hosting. As a result, we do it
very well and 97% of our customers
would happily recommend us.
For information on how we can
improve your web hosting, please
contact us at www.rackspace.co.uk
and ask any questions you have about
the ultimate managed hosting service.
See page 107 for Rackspace’s star letter.
software for my motherboard from
the Intel site. I’m running
Fedora Core 3 on my machine and
have an external USB 2.0 hard disk.
Using it on USB 1.1 ports is
extremely frustrating. Can you tell
me how I can I enable Hi-Speed
USB 2.0 speeds?
Andrew M
USB 2.0 under Linux
A requires a supported USB
2.0 controller and the use
of the EHCI module to
access the USB subsystem. You can
verify which USB modules your system
is loading by using dmesg, which
displays kernel information from system
boot time. However, what you describe
may be related to a problem with the
EHCI module itself. The kernel 2.6.10
source included EHCI driver software
which seems to confuse some controller
cards (To be fair, the EHCI drivers are still
rather experimental).
This can cause quite a few
problems. The easiest way to fix
your woes is to change your
kernel. It is possible to go back to
an earlier version, but before you try
that, check out http://download.
fedora.redhat.com/pub/fedora/
linux/core/updates/3/ for updates to >>
the Fedora kernel. NV
LXF66 MAY 2005 103
14/3/05 10:48:01 am
 ANSWERS
FREQUENTLY ASKED QUESTIONS MOZILLA
FAQ WHAT IS MOZILLA?
IT’S SORT OF LIKE
NETSCAPE, ISN’T IT?
Mozilla was developed with the
source code originally used to build
Netscape 4. However, it has practically
all been rewritten, so apart from the
general look and feel, it’s a completely
new internet browser (technically it’s a
web suite of applications).
Netscape (which is now owned by
AOL) has in turn taken the Mozilla
code and modified it slightly to
produce Netscape 7. However, Mozilla
is still in development, so you should
consider it over Netscape 7 when
looking for a browser.
FAQ WHERE CAN I
GET MOZILLA?
Mozilla can be downloaded from
www.mozilla.org and is also packaged
by many distributions for easy installation.
Debian users need only do apt-get
install mozilla and it installs everything
for you. You can download either binary
or source releases of Mozilla, and as the
Mozilla team generate optimised
binaries, it’s often a good idea to just
>> Zipped off
Q Q
I am a subscriber to LXF
and a newcomer to Linux
generally. I’m having
problems trying to copy
the Gambas application from this
month’s CD [LXF 64].
Using find /mnt/cdrom2
gambas-1.0.1.tar.bz2 -print
results in mnt/cdrom2/Magazine/
Gambas/gambas-1.0.1.tar.bz2;
but adding this pathname to the
command tar xvf --bzip2 given
in Essential Disc Info generates the
error message ‘btar: --bzip2:
104 LXF66 MAY 2005
LXF66.answr 104
grab the binary tarballs – not to mention
the fact that it can take a matter of
hours to build Mozilla on a reasonably
powerful system, so it’s not something
you want to rebuild a few times every
day on a PII500.
FAQ IS IT STABLE, OR IS IT
LIABLE TO FALL OVER
AND BURST INTO FLAMES?
The Mozilla Foundation released its
1.0 build quite a while ago, and the
current stable release is 1.6. There are
also development releases and nightly
builds from the code residing in the
CVS tree, so you can select the level
of bleeding edge you prefer.
FAQ WHAT CAN I GET DONE
WITH MOZILLA?
Mozilla supports everything that
Netscape 4 does, including a web
browser, mail client, address book and
HTML composer to create websites.
There is also an IRC client. Due to the
nature of its development, Mozilla
includes various debugging tools for
JavaScript, HTML and CSS.
Mozilla is a great web browser and mail client for Linux systems, while
Firefox and Thunderbird provide individual components of the Mozilla suite.
Cannot open: No such file or
directory’. Replacing 1.0.1 with 2.1.0
in the filename produces the same
message. What am I doing wrong?
Howard Yates
There doesn’t seem to be
A
- try this:
anything wrong with the
steps you are trying, but the
error message suggests
your command isn’t formated properly
tar xvf --bzip2 /mnt/cdrom2/
Magazine/Gambas/gambas-1.0.1.tar.bz2
You can also use the slightly
shorter “tar xvfj [filename]” with
most versions of tar. NV
www.linuxformat.co.uk
FAQ I HEARD THERE WAS A
LOT OF COOL STUFF IN
MOZILLA? WHAT DOES IT DO
THAT NETSCAPE DOESN’T?
Generally, Mozilla is significantly more
stable than Netscape 4, and its
rendering engine (Gecko) is completely
compliant with the HTML, XHTML and
CSS standards, as well as being much
faster than the HTML rendering system
that was used with Netscape 4.
A number of HTML and CSS tests
are available with Mozilla to show off its
swanky rendering capabilities and all
the fancy stuff it can do with CSS.
FAQ ARE THERE ANY
THIRD-PARTY
ADDITIONS FOR MOZILLA?
Yes, there are a multitude of
third-party projects for Mozilla, many
of which can be found over at
www.mozdev.org. Many of these
add extra capabilities to Mozilla, or
extend upon those which are currently
available. Indeed, a number of
mozdev.org projects have been
merged into the main Mozilla tree,
Samba on SUSE
I’m having trouble getting
Samba to work on my
SUSE 9.2 box. I use a
Belkin 10/100 Ethernet
card on my Linux box; a Via Rinefire
onboard 10/100 Ethernet card on
my Windows box; and a five-port
Belkin Ethernet switch.
The Belkin NIC is detected and
configured by SUSE, but I can’t
figure out how to get Samba to
work. It worked under my old
system (Fedora Core 3) but I don’t
want to go back to this, as I want to
exposing these projects to a much
wider audience.
So hop on over to
www.mozdev.org and take a look at
the top 50 projects to see if there are
any that interest you. Some are quite
silly and don’t do anything particularly
useful, but others will be new-found
essentials that you’ll wonder how you
ever did without.
FAQ OOPS! MOZILLA DIED
ON ME. HOW DO I
REPORT THIS?
The Mozilla guys have developed a
bug tracking system known as Bugzilla
which holds a record of all the Mozilla
bugs. Anyone can submit bugs to
Bugzilla, at http://bugzilla.mozilla.
org/enter_bug.cgi?format=guided;
or you can search for existing bugs
and find out their status with a
particular Mozilla build.
In order to submit problems to
Bugzilla, you’ll need to register with
the bugzilla.mozilla.org site, and
then you’ll be able to post bugs to the
system. As always, it’s a good idea to
include as much detail as you can so
that your bug can be reproduced by
those who do the fixing.
FAQ IS MOZILLA
COMPARABLE TO
EVOLUTION?
Not at all. Evolution is a PIM, whereas
Mozilla is a web browser. Evolution is
more like Microsoft Outlook than
Mozilla. Of course, one can use both
Mozilla and Evolution, effectively
replacing the need to have Internet
Explorer and Outlook available.
listen to MP3s and use the software
(like Scribus and KMyMoney) that
comes with SUSE. Any help would
be appreciated.
Jamie
You’ll need to verify that
A Samba is running and that
the firewall is turned off –
use YaST for this. If the
firewall is enabled, remote systems will
be unable to access the Samba
service. As an alternative, you can
open up specific ports on the firewall
to permit access to Samba:
TCP: 137, 138, 139, 445
UDP: 137, 138
14/3/05 10:48:03 am

Put the following lines in the
etc/sysconfig/SUSEfirewall2
configuration file:
FW_SERVICES_EXT_TCP=”microsoft-
ds netbios-dgm netbios-ns netbios-
ssn”
FW_SERVICES_EXT_UDP=”netbios-
dgm netbios-ns”
You will also need to enable broadcast
packets on the firewall:
FW_ALLOW_FW_BROADCAST=”yes”
Et voila! Hope this works. DC
Missing modem
Q
I have just installed SUSE
9.2 from the March 2005
issue [LXF64] as a dual
boot alongside Windows
XP Home, which I still use. I am
completely new to Linux, and the
installation couldn’t have been
easier. There are, however, some
questions I can’t easily find answers
for on the net.
YaST has recognised most of my
hardware, graphics, sound etc,
including the fact that I have a USB
ADSL modem. But it doesn’t
recognise the modem itself – just
the fact that I have one. When I
click on the modem entry in the
hardware list, the Configure button
stays greyed out.
The modem is a Sagem Fast
800/840, which I have connected
via USB rather than Ethernet card.
There are instructions for Linux on
the modem’s install disc, but I’m
afraid it’s all a bit over my head. Is
there an easy way to install this
modem on SUSE? Are there simple
instructions in newbie terms?
More importantly, if I configure
the modem for SUSE, will it still
work when I switch to Windows to
go online from there? Can it be
used on both OSs without problems?
My ISP is Tiscali, and I connect
on a 512k broadband connection.
Are there any problems from
Tiscali’s side if I connect with both
Linux and Windows?
Also, where do I find the options
for setting up an internet
connection in SUSE? (ie is it as
simple as it is in Windows?) And is
email set-up similarly pain-free?
With anticipation of some help
for a helpless Linux new boy, thanks
very much.
Rick Mark
We were able to find some
A documentation on the
configuration of this modem
with Linux, although it is
fairly complex – and in French. You
LXF66.answr 105
The popular Alcatel SpeedTouch DSL modem has extensive documentation, making it easy to run with Linux.
can find it at http://lea-linux.org/
hardware/sagem.html?v=t. You’ll
be able to use the DSL modem from
both Windows and SUSE as you
dual-boot, although your ISP probably
won’t support the connection for Linux –
if it doesn’t work, don’t expect them
to help you.
Configuration for internet
connectivity via supported devices in
SUSE is performed through YaST, so if
you have any internal Ethernet
connections, or a dial-up modem, you
can set them up this way.
You have quite a choice of mail
clients – we would recommend
Thunderbird from www.mozilla.org,
which is a great client with an easy to
use interface. DC
More SUSE stuff
Q
I’ve just installed
SUSE 9.2 from your
latest DVD. I religiously
installed each of the
main distros as you published them,
hoping against hope that I would
eventually have a Linux platform
which would allow me to connect
to the internet. I have a broadband
connection via Wanadoo using an
Alcatel SpeedTouch USB modem,
which looks rather like a green,
limbless crab.
I was able to connect with this
modem back in the days of
Mandrake 8, but have been unable
to connect since upgrading. I’ve
www.linuxformat.co.uk
tried Mandrake, SUSE, Fedora and
Red Hat, all to no avail.
Can you please help me, or (if I
need to purchase a different
modem) recommend one that SUSE
will recognise? I would be forever in
your debt – as would be my barber
once I stop tearing my hair out.
Brian W
Lots of information on the
A Alcatel SpeedTouch USB
modem (otherwise known
as ‘the frog’), can be found
at http://linux-usb.sourceforge.net/
SpeedTouch/. This includes open
source versions of the drivers, as well
as setup documentation to get you
onto the internet using the modem.
As you are running SUSE 9.2, you
can follow the instructions at
http://linux-usb.sourceforge.net/
SpeedTouch/suse/index.html to get
it up and running. Wanadoo gives you
the option of using either PPP over
Ethernet, or PPP over ATM (PPPoA);
but the SpeedTouch USB
documentation suggests that using
PPPoA is a better option. In either
case, you’ll need to follow the specific
instructions for the PPP method used
to connect to your ISP. DC
Unsupported
Q
I would like to upgrade
from MySQL 3.23 to
MySQL 4, but my Red
Hat Enterprise Linux ES
server does not have the relevant
ANSWERS
package available. I can see that
a package is available from the
MySQL site but I’m worried that it
will break my server.
Can you give me any advice on
this job? I know how to do the
actual install of the RPM – I just
don’t know what the consequences
will be.
From the Rackspace Forums
A
The upgrade itself should
pose no problems. However,
please bear in mind that
the RPM from MySQL will
probably have a different username to
those used by the Red Hat version, as
well as some different paths. Any
third-party programs you have that go
into the MySQL 3.23 libraries may also
need to be updated.
The table structure between 3.23
and 4.x is totally compatible, but the
MySQL table has a few extra columns
that will need to be added. There is a
script included in MySQL called
mysql_fix_privilege_tables which
should resolve any issues with this.
One thing to think about before
you go through with the upgrade is
that Red Hat does not officially
support MySQL 4 – so you’ll lose all
support for this aspect of your
operating system. I’ve seen this
combination work many times, but if
you decide to go ahead don’t forget
to add MySQL to the up2date ignore
list, or you will automatically downgrade
to 3.23 next time up2date runs. HH
>>
LXF66 MAY 2005 105
14/3/05 10:48:06 am
 ANSWERS
The VIA chipsets are all fairly similar, and support for sound and network
capabilities are ready to go in the Linux kernel.
>> Wi-Fi gear
Q
I’ve been running
Mandrake Linux 8.2 with
Windows 98 SE on my
PC. After five months of
running both, I’ve decided to get rid
of Windows and the partitions, and
use Linux full-time. I have just
bought your Complete Linux
Handbook 2, and intend to install
Mandrake 9.2 from the DVD.
I’ve ordered 2MB broadband
(without tech support) from
Madasafish, who cater for Linux,
and I want to use a wireless
connection to my PC as it will not
be staying where it is. Can you
advise me on a wireless modem/
router? Would I be better off with
two separate units, and will I need
some sort of a card in my PC? I’m
not having any luck finding
something suitable on my own (not
knowing what I’m looking at
doesn’t help). The products need to
be reasonably simple for someone
as ignorant as me to set up. Any
help you can give me would be
gratefully appreciated.
Sean
LXF would recommend you
A start out by installing a
recent distribution of Linux,
such as Mandrake 10.1 or
Fedora Core 3, rather than trying to
fight with something a year or two old.
You can find a list of wireless
devices that work with Linux from
www.prism54.org, and you should
probably pick a DSL router from the
vendor that you’re purchasing your
wireless adaptor from. As you have a
LUG nearby [Malvern], you may want
to join their mailing lists and find out
what success others have had with
specific devices. You can either
purchase a wireless bridge, which
106 LXF66 MAY 2005
LXF66.answr 106
provides wired Ethernet access to your
device, or a PCI card which has a
wireless adaptor built in. Many
manufacturers (including D-Link and
Netgear) make DSL and wireless
devices, so you have quite a selection
to pick from.
There are also a number of
low-cost vendors – we recommend
that you avoid these, otherwise trying
to find support from a LUG or on the
internet is going to be quite a trial. DC
Say what?
Q
I’m a newbie with regards
to Linux, but with the
offer on your cover of
SUSE 9.2 I thought I’d
give it a try, and set my machine
up to dual-boot both Windows 98
SE and SUSE 9.2.
I must say I’m very impressed.
The install was a lot easier than
Windows’ and I’m thinking of doing
away with Windows altogether.
The only thing stopping me is the
inability to get my onboard
sound working.
My PC specifications are:
AMD Duron processor
running at 1,600MHz.
512MB DDR RAM.
www.linuxformat.co.uk
ASRock K7VT2 motherboard
with onboard sound, LAN,
USB 2.0, etc.
Maxtor
40GB HDD.
Bearpaw
1200Cu scanner.
Epson 810 Colour
Stylus photo printer.
Compaq Presario 1425 monitor.
Stuart Lonnen
The ASRock K7VT2
A motherboard uses a VIA
chipset, which has onboard
AC97 compatible audio. If
you are running a 2.6 version of Linux
you can add the following to your
/etc/modules.conf file:
#--- START ALSA ---#
#--- ALSA ---#
alias char-major-116* snd
alias snd-card-0 snd-via82xx
# (sound-card-0 is probably not
needed, but just in case)
alias sound-card-0 snd-card-0
#--- OSS ---#
alias char-major-14* soundcore
alias sound-slot-0 snd-card-0
#--- ALSA - CARD ---#
options snd cards_limit=1
#--- ALSA - OSS ---#
alias sound-service-0-0 snd-mixer-
oss
alias sound-service-0-1 snd-seq-oss
alias sound-service-0-3 snd-pcm-
oss
alias sound-service-0-8 snd-seq-
oss
alias sound-service-0-12 snd-pcm-
oss
#--- ALSA - /dev (OSS) ---#
alias /dev/sequencer* snd-seq-oss
alias /dev/dsp* snd-pcm-oss
alias /dev/mixer* snd-mixer-oss
alias /dev/midi* snd-seq-oss
#--- END ALSA ---#
Once the audio device is accessed,
it will automatically load the modules
for you. DC
Lost in firmware
Q
I finally have a
broadband connection
thanks to a USB
SpeedTouch 330 modem,
which, according to a multitude of
pages on the internet, can be used
with Linux.
Here is the problem: they all
mention that I need to download
firmware and perform several steps
with the firmware in order to get
the modem working.
My understanding of the
meaning of firmware is that it is the
software that sits on the modem
itself; so if I carry out the
instructions as spelled out on
http://linux-usb.sourceforge.net/
SpeedTouch/fedora/index.html for
Fedora Core 3 I should end up with
a working modem for my Fedora
Core 3 system.
If I have to update the software
on the modem to get it to work with
Linux, will it stop the modem from
working with my existing Windows
XP installation?
I really don’t want to proceed
any further until I find this out as
flashing things like BIOS/firmware
scare the living daylights out of me!
Kan Yuen
As the firmware is distributed
A by SpeedTouch, you
shouldn’t encounter any
problems when you use the
modem under Windows XP.
As always when doing any firmware
or BIOS upgrades, you should ensure
that you have a backup of the existing
image – in fact, this should be at the
top of your to-do list. Most likely, if
something goes wrong when you try
to update, you’ll have to send the
Athlon chip on an ASUS
motherboard: ready for SUSE.
14/3/05 10:48:08 am

WIN A NEUROS DIGITAL AUDIOCOMPUTER
with Rackspace Managed Hosting
www.rackspace.co.uk
Every month, the best question
related to systems administration
that a LXF reader sends in wins a
prize. This month you have the
chance to win the life-enhancing
Neuros MP3 digital audio computer.
With a Neuros, you can manage
all the music stored on your PC.
Create play lists. Delete songs. Get
new files, thanks to the Neuros
Synchronisation Manager. No more
getting stuck in front of the PC to
make changes – do it all on the
Neuros, and get on with it.
Then use its NeuroCast feature to
broadcast the music on your Neuros
device through any FM radio.
★ STAR QUESTION WINNER!
This issue's lucky winner is Paddy Tillman – your new Neuros digital audiocomputer will be with you shortly!
What a mate
Q
I have been trying to
set up a Linux box
running Fedora Core 3
for my friends to play
with. They’re mostly Windows guys
and don’t have a lot of
command-line experience, so I’m
trying to help them into the
wonderful world of open source by
setting up VNC on the Linux box so
they can log in and play around on
separate X session.
I have created a script called
vnclogon to start a VNC server
session but am having a lot of
trouble making it work. The script
is as follows:
#!/bin/bash
echo “Hello There “$USER
echo “You are about to run the
whole thing back to SpeedTouch for
them to fix it for you.
We’ve rarely had problems
ourselves with flashing devices, other
than if there is a hardware issue on
the device which corrupts the image.
We think it would be fine to flash the
modem, although you may wish to
check with the nice people in
SpeedTouch’s technical support
department first to verify that the
image will work. DC
LXF66.answr 107
NeuroCast automatically scans the
FM radio dial for an available
frequency and broadcasts using all-
digital stereo encoding, just like
broadcast towers used by
professional radio stations.
The Neuros has many recording
capabilities that make it a robust tool
for the recording hobbyist. The
device includes an on-board
microphone, perfect for the quick
memo or recorded lecture. It has
line-in recording capabilities and you
can record to MP3 or WAV, with a
choice of seven recording qualities.
Neuros also features a built-in
FM radio with five preset buttons so
VNC server service.”
echo –n “Do you want to
continue…(Y/N)”
read Decision
if [ “$Decision” = “Y” ]; then
echo “Starting your
VNC Session.”
echo “Please wait…”
vncserver :1 –name
$USER >/dev/null 2&>1
echo “VNC Session Loaded!”
else
echo “Then why did you
run the script?”
fi
The strange thing is that the
script seems to execute correctly
but when someone tries to
connect using a VNC viewer they
get the following error: ‘Unable to
connect to host: Connection
RAID distress
Q
I have been
experimenting with Linux
for the past two years
and would consider
myself to be an enthusiast – if only
at quite a basic level. I recently
purchased a new computer from
MESH and decided to opt for an
AMD 3200 Athlon 64-bit processor
on an ASUS K8VSE Deluxe
www.linuxformat.co.uk
WIN!
you can play your
favourite stations
with one click,
just like on your
car stereo.
Tempting, isn’t it?
You know what to
do: email
sysadminqa@
rackspace.co.uk.
refused (10061)’. Even stranger is
the fact that when I try to kill the
VNC session by using the
vncserver –kill:1 command, I get
the following error: ‘Killing Xvnc
process ID 4790, Kill 4790: No
such process’. The strange thing is
that when I run the VNC server
service manually, I manage to
connect.
Please help me make this work.
Paddy Tillman
You seem to have a nice
A script going and I admit that
I was a bit puzzled by the
error you got when you
tried to kill the VNC session generated
by the script.
It appears that you’ve tried to
suppress the output generated by
VNC when a VNC server session is
motherboard with the intention of
installing my favourite distribution,
SUSE Professional 9.2, in dual boot
mode with the pre-installed
Windows XP.
This is where the problems
started. The motherboard has an
on-board Promise FastTrak 378
controller, which the 200GB SATA
hard drive was configured to use in
a RAID 1+0 array. When I tried to
install SUSE Professional 9.2,
ANSWERS
launched by redirecting the output
to dev/nul using I/O redirection. The
mistake is in the syntax of the
command – instead of >/dev/null
2&>1, you should have typed
>/dev/null 2>&1.
The 2>&1 is actually a neat piece
of code which is used to send
standard error to the same place as
the standard output. You’ve sent your
standard output (1) to /dev/null, and
so standard error (2) also goes to
/dev/null. The & in 2>&1 is simply to
put the job in the background so that
you get your shell prompt back.
All in all the script seems quite
good and I believe that this correction
should help solve your problem and
allow your friends to make better
acquaintance with Fedora Core’s
X front-end. HH
having made space on the hard
drive using Partition Magic from the
Windows XP OS, the installation
procedure advised me to disable
the hardware RAID 1+0 array and
to create a software RAID 1+0
array within SUSE using YaST. I was
concerned that if I did this I would
not be able to use the Windows XP
OS installed and therefore have not
been able to install the SUSE >>
distribution. The ironic thing is that
LXF66 MAY 2005 107
14/3/05 10:48:10 am
 ANSWERS
>> I do not need to have the computer
configured to use the RAID 1+0
array as I only have one hard drive
installed.
I would like to know whether it
is possible to install SUSE
Professional 9.2 in dual boot mode
with the pre-installed Windows XP
o/s or whether I have to re-build
the computer from scratch not
using the Promise drivers during
the installation and not configuring
a RAID 1+0 array?
I have also installed a separate
40GB ATA hard drive connected to
one of the motherboard’s IDE
connector’s to see whether I could
install SuSE on to this drive but was
not successful.
I would be grateful for any
advice you could give me.
Michael
We’re rather confused as to
A
why the Promise FastTrack
controller would let you
create a RAID device with a
single disk, much less a RAID 1+0
array, which requires at least four disks.
You can try to disable any RAID
capabilities in the FastTrack BIOS, and
as you’ve only got a single disk, the
BIOS should boot from it quite happily.
SUSE will detect the RAID array as a
device, and allow you to partition and
write information to it.
As a test, you can boot using a
Knoppix 3.7 CD, or attempt to install
Mandrake 10.1 or Fedora Core 3 which
may have better support for the SATA
controller on your board.
A QUICK REFERENCE TO:
There are many instant messaging
protocols out there for those of us who
consider email to be slow, from those
provided by corporations (such as MSN,
Yahoo and AIM) to open protocols like
IRC and Jabber.
While many provide closed-source
clients for Linux, it’s not exactly useful
for those running non-i386 systems. You
also need one for each protocol – so if
we’re connected to the most common
services we might have five or six little
windows cluttering our desktop.
Somewhere down the line, there
came the bright idea that having one
client handle more than one protocol
would be a smart idea. Jabber does this
in some respects, since you can connect
to another protocol via the Jabber
server. However, this can cause problems
if the Jabber server is unavailable.
Instead, most choose to use a client
108 LXF66 MAY 2005
LXF66.answr 108
Our SUSE coverdisc has thrown up
plenty of install issues.
Many boards that provide SATA
only recognise certain ATA controller
ports. If you can’t install SUSE onto an
ATA disk, there is probably a
misconfiguration within the BIOS. You
can try to turn off ‘Legacy Mode’, to
allow both SATA and ATA to work on
their own: Legacy Mode is designed
for older Operating Systems that get
confused when SATA is available. DC
Zip it
Q
Thank you for SUSE 9.2
on the LXF64 DVD.
However, I’ve had to
revert to 9.1 as I couldn’t
get my Zip drive to run on 9.2 – the
Iomega Zip drive wasn’t even
identified. I give below the entries
I made in /etc/fstab:
/dev/hdb
hdb4 /media/zip subfs
auto auto
noauto,fs=floppyfss
{nothing},procuid,exec, user
nouser,dev\nodev,rw
I think you’ll agree I tried all
reasonable combinations. Some of
them merely echoed SUSE’s entries
for /dev/fd0 (floppy disk).
INSTANT MESSAGING
which contains protocol code for the
most popular IM systems.
Two of the most popular IM clients
on Linux are Gaim and everybuddy. The
former originally only supported AIM,
but it now has plugins for everything
from MSN to IRC, and plenty in
between. Both support almost all
protocols known to man, along with a
few others no one ever uses. Since those
running the servers can modify the
protocols as a whim, it’s worth keeping
up with the updates to both clients. It’s
not uncommon for AOL to suddenly not
like other clients and block them.
IRC is a little different, as it’s a
group-based chat system rather than an
IM service. There are hundreds of clients
for IRC on the internet – both X- and
console-based – and http://freshmeat.
net contains a comprehensive list of
what is available.
www.linuxformat.co.uk
Submission advice
I liked everything else about 9.2
and so am disappointed not to be
able to use it, but my Zip disks are
We are happy to answer all sorts of
my main archive at the moment,
Linux-related questions. If we don’t
and contain a lot of data.
know the answer, we’ll find out for
Thanks for your time and you! But in order for us to give you the
attention! I do hope you can help. best service, it helps a lot if you read
Phil Coleman the following submission advice.
You should start by verifying
A
● Please be sure to include any relevant
that the Zip drive actually details of your system. “I can't get X to
exists by running dmesg. work” doesn't really mean anything to us if
This will output a whole slew we don’t know things like what version of
X you are trying to run or what hardware
of information, which should hopefully
you are running on.
include IDE devices located during the
boot process Assuming the device ● Be specific about your problem. Things like
really exists on /dev/hdb, you need to ‘it doesn't work’ or ‘I get an error’ aren’t all
that helpful. In what way does something
mount /dev/hdb4, which can be done not work? What were you expecting to
manually with the following: happen? What does the error message
mount –t vfat /dev/hdb4 /media/zip actually say?
If this fails to mount the Zip drive, ● Please remember that the people who
the error output should indicate what write this magazine are NOT the authors
causes the problem fairly quickly. or developers of Linux, any particular
Should it work, you can add it to package or distro. Sometimes the people
responsible for software have more
fstab with the following:
information available on websites etc. Try
/dev/hbd4 /media/zip auto reading the documentation!
defaults 0 0
We will try to answer all questions. If we don't
You can then manually mount the
answer yours specifically, you'll probably find
device with the command: we've answered one just like it. We can't
mount /media/zip really reply to all your questions.
Good luck! DC
everybuddy and Gaim, it’s
On the server side, it’s somewhat
difficult to supply your own MSN, Yahoo practical to produce a server, though
or AIM services because there is no ublic no one seems to have taken the time to
code for the service. Since individuals do this. IRC and Jabber have open
have managed to reverse source servers available, so one can
engineer the protocol to easily set up a private
write clients such as network. LXF
For instant
messaging,
nothing beats
Gaim. It will
even work on
Windows, so
the familiar
look and feel
is available
whatever
the
platform.
14/3/05 10:48:12 am