Sunday, 30 April 2006

Firefox Flicks - Watch and enjoy

Firefox has evolved from Mozilla to be a robust, secure and standards compliant, cross platform free web browser that it is today. And the ever increasing market share of this popular browser is proof enough that it is well received by people who are introduced to it. But what it lacked all along was a good marketing campaign which can be used to make more people aware of its advantages over competition.

Enter firefoxflicks.com. The aim of this project is to create a 30 second ad that introduces firefox to the millions of main stream web users. Recently they ran a competition which invited people to submit a 30 second ad promoting firefox web browser and the best among the submissions were to win a prize.

And the results are out. The winners of the competition are DareDevil, Wheee, Fox Fever, This is Hot and Give me the soap. And my favorites among these are 'This is Hot' for the superior animation and the message it conveys and 'Wheee' for plain humor.


Video: This is hot



Video: Wheee


By the way if you haven't noticed yet, this site is best viewed in firefox :).

Saturday, 29 April 2006

iptraf - A reliable network monitoring software for GNU/Linux

Linux has no dearth in utilities which aid a user in getting a snapshot of the network traffic which course through ones machine especially when one is connected to the internet. Some of them which come to my mind are the ubiquitous 'tcpdump' and 'ethereal'. tcpdump is installed by default by any GNU/Linux distribution. But many others need to be specifically downloaded and installed by the user in order to use them.

One such software which aids the user in keeping an eye on the exchange of IP packets to and from ones machine is IPTraf. This is a curses based menu driven utility which intercepts packets on the network and gives out information about it. Usually, such network monitoring software are run on gateways where the computer acts as a router to the outside world. But it can also be used by a home user who is connected to the net to monitor the going ons in ones machine.

To start using IPTraf, one has to first install it; which on a debian system is as simple as executing the command:
# apt-get install iptraf
Once the software is installed, one can start it to monitor the network. Unfortunately, you should have root privileges to run the software. In ubuntu, it means inserting the word 'sudo' before the command as follows:
$ sudo iptraf
Once the above command is executed, the user is shown a curses based menu where one can choose to start monitoring either the local interface or the traffic through any of the network cards installed on ones machine.

Fig: iptraf Configuration Menu

I found this network monitoring software really useful and an eye opener at the same time. For instance, I have disabled almost all the services on my machine. But I found that within just 15 minutes of getting online, IPTraf logged at least 6 attempts at connecting to my machine via SSH. Of course they could have been the result of a probe by someone using nmap to see which all ports were open on my machine. So much for obscurity while on the net.

Also this easy to use software has additional options such as enabling reverse DNS lookup in the options menu in which case, the logs will contain the DNS name instead of the IP address where ever possible and the service name instead of the port number. For example, when some traffic is generated when I connect to the yahoo.com website from my web browser, iptraf will show it as yahoo.com:www which denotes that I am connecting to the port 80 of yahoo website. It will also give a count of the number of packets transferred to and from the yahoo web server to my machine all in real time.

Same is the case with when someone tries to probe ones machine. Each and every IP packet is intercepted, the IP information of each packet decoded and the result displayed in real time. There is option to save the logs to a file which by default resides in the /var/log/iptraf directory. Even though I found it most useful for monitoring my ethernet traffic, that is not all that this nifty tool monitors. It can additionally monitor ppp, loopback, SLIP, FDDI, and ISDN interfaces.

Fig: Iptraf monitoring the eth0 device on my machine

Some of the information of the intercepted packets that is decoded by iptraf are as follows:
  • Source address and port
  • Destination address and port
  • Packet count
  • Byte count
  • Packet size
  • Window count and
  • Flag status
I would like to dwell a bit on the flag status shown by iptraf. Each TCP packet that is intercepted is associated one or more flags which convey some information like which side had initiated the connection, when the connection is closed and so on. The flags are as follows :
  • S - A SYN (or synchronisation) is taking place in preparation for connection establishment. If only an S--- is present, then the source is trying to establish a connection. But if there is an S-A- then this is an acknowledgement of a previous connection request.
  • A - Acknowledgement of a previously received packet
  • P - A request to push all the data to the top of the receiving queue.
  • U - The packet contains urgent data
  • RESET - The source machine indicated in this direction reset the entire connection.
  • DONE - The connection is done sending data in this direction and has sent a FIN (finished) packet but has not yet been acknowledged by the other host.
  • CLOSED - The FIN has been acknowledged by the other host.
  • - - A dash indicates the flag is not set.
So if I see any unusual SYN activity (S---) , then I can fairy assume that my machine is under a SYN attack.

IPTraf can display a statistical breakdown of the network packets sorted by the packet size or according to the TCP/UDP port which gives a fair idea of the network traffic to and from ones machine.

Fig: Statistical breakdown of network packets

Iptraf also supports a rich set of command line options which makes it ideal for use from within a script. True, you have an even powerful network monitor in ethereal but in my opinion, iptraf provides a right balance of functionality and simplicity which makes it an ideal tool for home users who want to monitor their network.

Wednesday, 26 April 2006

Book Review: Beginning PHP and MySQL 5 from Novice to Professional, 2nd Edition

PHP and MySQL use is so prevalent that now-a-days it is hard to miss seeing a website on the net which has been built using these technologies. And it is not a mere coincidence that most of the PHP/MySQL websites are hosted on Linux based servers. The beauty of PHP is in its open nature and the rich set of libraries and modules which imparts a lot of power and flexibility to the programmer. Similarly MySQL is a free database which is ideal for use as a backend for any website. And not surprisingly there are a plethora of books in the market which explains these two topics. One such book is "Beginning PHP and MySQL 5 from Novice to Professional" authored by W.Jason Gilmore and published by APress.

Spread over 860 pages and divided into a whooping 37 chapters, this book covers the PHP Language and MySQL database in detail. As the name indicates, the book endeavors to hand hold a newbie in the various aspects of PHP programming like the language constructs and progressively brings him to the level of a professional. The first 21 chapters of the book solely concentrates on PHP where the author explains with the aid of examples how to write good programs in PHP.

The author starts the narration by giving a brief history of PHP and then moves on to explain all the syntax constructs of this language in great detail. Arrays, functions and classes have each been provided separate chapters of their own. Usually I have found many books related to programming jumping straight into describing the language syntax and about writing code. But this book has a dedicated chapter each covering how to setup and configure PHP and MySQL on ones machine irrespective of the OS being used which breathes some fresh air to this subject. PHP language has a very good similarity with C/C++ at-least in the syntax. And in the sixth chapter, the author explains the Object Oriented Concepts like object cloning, inheritance and polymorphism of this language with clarity.

The maturity of any programming language is gauged by the type of traps that it has developed to check the errors and exceptions that might be generated dynamically when a program is run. PHP has a rich set of features for handling errors. Earlier versions of PHP already took care of notifying errors through configuration directives and support for logging. But one thing this robust language lacked was support for exception handling. And from PHP ver 5.0 onwards, this feature has also been included in it. The 8th chapter in this book titled Errors and Exception Handling explains all these important concepts in detail. The fact that the author has provided snippets of code to illustrate each concept that is explained goes a long way in understanding this topic.

Another of PHPs strengths is in its support of a rich set of regular expressions and string manipulation functions. Using regular expressions, one can match just about any string or a sub-set of it and even do manipulations to the matched string on the fly. The string matching functions form the backbone of many user input validations. In the 9th chapter titled "String and Regular Expressions", the author explains with the aid of code how to use the rich set of string manipulation functions available in PHP to get the desired results.

The 10th chapter dwells completely on working with files and operating systems where the author explains in his inimitable style different ways of reading from and writing to files. All the frequently used file manipulation functions are explained in this chapter with the aid of examples.

The first 12 chapters of the book concentrates on explaining the PHP language to the readers. In the next 4 chapters, the author moves into practical aspects like explaining how to mix PHP with HTML elements, user authentication , handling file uploads, sending and receiving email using PHP code and so on. I found the section where the author explains how to build specialized programs such as a port scanner, subnet converter and bandwidth tester all with the aid of PHP code really fascinating. The author introduces the reader to some of the MySQL concepts in this part of the book like connecting to a database and reading data from database but the more detailed aspects of database manipulation are left for later chapters which deals with MySQL in more depth.

The 21st chapter titled Secure PHP programming throws light on topics related to enhancing security while coding in PHP such as enabling safe mode for people who run PHP in a shared-server environment, PHP's encryption capabilities, securely configuring PHP via its configuration parameters and so on.

From the 22nd chapter onwards, the book takes an all together different turn and moves into explaining the database concepts which plays an important part in any dynamically generated website. More specifically, the succeeding chapters concentrate on explaining the configuration and use of MySQL 5.0 and how one can use PHP to interact with the MySQL database. The chapter titled Introducing PDO throws light on the abstraction layer used between PHP and MySQL. I especially liked the 26th chapter where the author lists the different MySQL clients which are available to the user like mysql, mysqladmin, mysqlshow and so on. In fact, each and every tool which comes bundled with the mysql server is explained thoroughly with the aid of examples. But that is not all, this chapter also explains how to configure a mysql database using third party clients like PHPMyAdmin, MySQL Query Browser, MySQL Administrator and Navicat. In the section on securing MySQL, the author goes into the finer nuances of the topic. For example, with the aid of commands, the author explains how to make sure that the user connects with the database over secure sockets layer (SSL) or ways of encrypting the MySQL database traffic which is an eye opener.

But I would say the 29th chapter titled PHP's MySQL Extension is the most important chapter in the entire book just because it is in this chapter that the author explains in detail the variety of ways in which one can connect to MySQL database and retrieve or manipulate the data using PHP code.

In the 30th chapter titled PHP's MySQLi Extension, one gets to know how to use the enhanced MySQLi extension to connect to the database. The MySQLi extension contains more enhancements over its predecessor in that it is object oriented, supports prepared statements, provides transactional support, has better debugging capabilities among other things. But the down side as the author puts it is that it requires PHP 5.0 for it to work.

The last six chapters deal with special features of MySQL and how one can write PHP code to use those features. The features like stored routines, MySQL triggers and Views have been provided with a dedicated chapter of their own. And yes, from MySQL ver 5.0, support for views have also been incorporated in the database. And the fact that this book covers these new topics in detail makes this a truly useful book not only for budding programmers but also for the gurus among us.

About the author
W.Jason Gilmore has developed countless PHP and MySQL applications over the past seven years, and has dozens of articles to his credit on this and other topics pertinent to Internet application development. He has had articles featured in, among others, Linux Magazine and Developer.com, and adopted for use within United Nations and Ford Foundation educational programs. Jason is the author of three books, including most recently the best-selling Beginning PHP and MySQL: From Novice to Professional, and, with coauthor Robert Treat, Beginning PHP and PostgreSQL 8: From Novice to Professional. These days Jason splits his time between running Apress’s Open Source program, experimenting with spatially enabled Web applications, and starting more home remodeling projects than he could possibly complete.

Book Specifications
Name : Beginning PHP and MySQL 5 from Novice to Professional - 2nd Edition
ISBN No: 1-59059-552-1
Author : W.Jason Gilmore
Publisher : APress
No. of pages : 860
Cover Price : $44.99 (US)
Rating : Excellent

I really liked the layout of the book. Each section is accompanied by PHP code snippet which shows how it is done. Just because one gets two books at the price of one does not mean that the book is short on detail. In fact the opposite is true and the 860 pages contain all that is needed for coming upto date with the latest version of PHP and MySQL. Of course the inclusion of a couple of pages giving a complete project such as a shopping cart application at the end of the book would have imparted a nice touch especially since this book is targeted mainly at beginners. But that is a minor detail and I guess there are limits to which a books of even this size can cram information. All in all an informative book which gives good value for money.

Sunday, 23 April 2006

Mind Map of Linux - Version 2

A few days back, I had posted a mind map of Linux distributions on this blog. And I received a flood of suggestions, criticisms and ideas. And guess what ? I have included (almost) all the ideas and suggestions made and have seriously taken into consideration the criticisms as well. The end result is this updated mind map of GNU/Linux with even more Linux distributions included and some color coding thrown in as well. But the challenge was in making the mind map retain its clarity even after all these changes. At the same time, I also wanted to restrict the size of the resultant image. And I think I have succeeded to a certain extent in this endeavor.

Fig: Mind Map of GNU/Linux distributions (Ver 2). Click on the image.

Suggestions and Ideas I have incorporated ...
  • More Linux distributions added
  • A separate section for multi-lingual Linux distributions
  • Color coding included on a small scale
  • Rectified some mistakes pointed out earlier.
  • The map now has a pure white background. So is much more clear.
And those I have not included ...
  • I have left out a couple of Linux distributions, especially those which are historically significant but which are not under active development like SLS, erstwhile Red Hat, Yggdrasil and so on. This is because I felt the mind map should mirror the state of current Linux distributions rather than be a historical time line of them.
  • Secondly, including these will also make the map more complex and I wanted to retain the simplicity of the mind map. And excluding such historically significant but redundant distributions helped in achieving this.
Hopefully, I will be able to add more Linux distributions as and when I get more inputs and ideas.
The credit for this updated mind map goes to all the readers of this blog who took the time to give suggestions, ideas and point out the mistakes on the previous map. Kudos to you all :) .

Update: You may download the high resolution PNG format of the mind map file here (File size: 206 KB).

Related Reads:
A complete concise history of GNU/Linux
My indomitable thoughts on GNU, Linux, Open Source, Java and free cats and dogs

Saturday, 22 April 2006

Sound Advice for College Students from an IT Professional

Many times in the past, I have come across news articles which dwell on the lack of interest shown by students in the west for a career in Information Technology. Among the many reasons sited, one thing that stands out is the inherent fear on the number of IT jobs going to third world countries like India and China. And there is a good amount of FUD spread in news forums like slashdot.org where one come across people who post comments ridiculing and lambasting Indians for grabbing others jobs. True IT has provided employment to a good number of Indians and there are a lot of software companies coming up in major metropolitan cities in India. But this picture being painted of lack of IT jobs in the west attributed to Indians is far from the truth.

Joel Spolsky has written an informative article where he explains why a career in Information Technology is something to look out for by budding students who are passionate about programming. He goes on to list a few things which might go a long way in snagging a good career in IT after graduation. Them being :
  • Learn how to write before graduating.
  • Learn C before graduating.
  • Learn microeconomics before graduating.
  • Don't blow off non-CS classes just because they're boring.
  • Take programming-intensive courses.
  • Stop worrying about all the jobs going to India.
  • No matter what you do, get a good summer internship.
Sound advice from an established software professional I would say!

Tuesday, 18 April 2006

The varied flights of Ubuntu Dapper Drake

The first time I got introduced to Ubuntu was when I installed Ubuntu Breezy 5.10 on my PC. And when Canonical released the beta version of the next major Ubuntu release called Dapper Drake, I decided to download and install it on one of the free partitions on my machine. On the other hand, I could have just upgraded from Ubuntu Breezy to Dapper Drake by modifying the sources.list file to point to dapper and then doing an apt-get dist-upgrade.

But since Dapper Drake is still alfa release - its stable version is slated to be released in June - I felt it would be prudent to install it on a separate partition. The ISO image of Dapper drake I downloaded was named flight 4. In fact Canonical has chosen to call each succeeding stage of Dapper beta culminating to its final release in June this year as flights.

So when I installed Dapper Drake flight 4, a couple of months back, I got the latest version of Gnome 2.14 bundled with it but not all the changes were included. For example, there was no integration of beagle search with nautilus file manager which is a feature of Gnome 2.14. This could be because Gnome 2.14 was released just before Dapper Drake flight 4 was released and so the developers had hastily bundled Gnome 2.14 in it and missed incorporating all the features.

Any way, I found the installation similar to Breazy but the applications were more responsive and took up lesser memory. Then I found that after every couple of days, I was prompted to upgrade the software to the latest versions. The upgrades were not just security fixes but contained additional features. And each upgrade was over 100 MB in size. After one such upgrade, when I opened nautilus, I was pleasantly surprised to find Beagle search integrated with it. Beagle search has the capability to search within files for a particular keyword. It searches within a large variety of files including PDFs. Also the deskbar applet - an applet similar to spotlight in OSX was the latest version which can be configured to search Google and Yahoo directly from the desktop.

Fig: Beagle search integrated with nautilus file manager.

And one thing I noted was after each upgrade, one or another improvement was visible though I suspect there were a lot of features being added and improvements taking place under the hood. For example, the X server bundled with flight 4 was not the latest version of X.org free X server. But after one of the upgrades, it installed the latest X server version 7.0 . With a bit of tweaking, I was also able to successfully configure the latest trend in the desktop special effects called XGL spearheaded by Novell and co.

Fig: Dialog box listing the updates for the system.

Another aspect of Ubuntu is its stress on userfriendliness. Installing security patches and software updates is a clinch which even a person who has just started using computers will feel comfortable about. Each of these actions related to system administration are conveyed to the user with the aid of eye catching message balloons.
Fig: Prompts the user for rebooting the system after a major upgrade.

But at times, the upgrades have also been problematic. Like after one such upgrade which was a major one at 225 MB download, I found that my X server refused to start automatically. The problem was with the installed proprietary NVidia graphics driver which did not work with the X server. So I had to disable the nvidia driver and tweak the xorg.conf configuration file to get X to work again.

Another problem which I currently face is with the Gimp software that is bundled with Dapper Drake. When I close any one of the numerous dialog boxes in Gimp such as the layers box, the whole software dies on me and I have to restart it.


Fig: A remind to users that this is not the final version of Dapper Drake

But I believe these are minor hiccups which will be ironed out by the time Canonical releases the final version of Ubuntu Dapper in June. Overall, this is one distribution which is going to find wider acceptance in the GNU/Linux user community. And the fact that they actually hand out free Cd's of the distribution to any one who need it draws even more people towards trying out this distribution.

Thursday, 13 April 2006

Mind Map of Linux - Version 1

Mind mapping is the process of creating a diagram used to represent words, ideas, tasks, or other items linked to and arranged radially around a central keyword or idea. I have created a mindmap of Linux to get a visual idea of the number of Linux distributions out there and their relationships with each other. There are umpteen GNU/Linux distributions and then some more. Many claim their roots in Debian and others in Red Hat. Still others swear that they are unique and were created from grounds up. Wouldn't it be nice if we had a picture which gave a broad idea of the roots of each GNU/Linux distributions? Well look no further. Here is a mind map of almost all GNU/Linux distributions (atleast the mainstream ones). Though there is a good chance that I could have missed some. The mind map below shows the relations between different GNU/Linux distributions.

Fig: Mind map of GNU/Linux distributions and their relations.
(Click on the mind map to enlarge)


Update: Mind Map of Linux Distributions Version 2 released!!

Tuesday, 11 April 2006

Bruce Perens talks on UserLinux and Ubuntu

Bruce Perens is to open source what RMS is to GNU. Bruce was the person who gave us the definition of Open Source. He is a remarkable person with deep roots and faith in the community. Recently, LinuxFormat magazine quizzed him on his pet project UserLinux and also his views on the direction taken by Ubuntu and a few other significant topics.

UserLinux is a GNU/Linux distribution project publicly launched by Bruce Perens in November 2003. The mission of UserLinux - as stated on their website - is to provide businesses with freely available, high quality Linux operating systems accompanied by certifications, service, and support options designed to encourage productivity and security while reducing overall costs. It seems he has eventually made time to concentrate on this project and bring it to a fruitful completion. He has written a rather lengthy paper titled - "The Emerging Economic Paradigm of Open Source" - where he delves into analysing how open source works and how one can make it economically sustainable.

The whole interview at LinuxFormat (though a short one) brings to light some of the ideas and opinion of one of the foremost open source community leader on topics of significance.

Monday, 10 April 2006

Steps to compile C / C++ programs using GNU compiler

Till a few years back, it was really difficult to obtain a free version of a compiler to run on ones machine to learn C or C++. And one had to resort to using a commercial compiler either by paying money and buying a licence or using a pirated copy of the same. I still remember, till a couple of years back, Borland C was considered to be the best compiler in the market for windows platform but later Microsoft's Visual-C usurped it to take the most popular position. Then GNU/Linux got wider acceptance and the rest as they say is history. Most GNU/Linux distributions ship with the gcc suite of compilers. GCC stands for GNU Compiler Collection. And it contains compilers for various languages such as C,C++,Java and so on. It is one of the most efficient free implementation of a compiler one can hope to get ones hands on and is available for multiple platforms and OSes including Windows.

Here I will list the basic steps needed to compile a C / C++ program using GCC. The first thing to do is find what version of gcc is installed on ones computer. This is achieved using the -v switch.
$ gcc -v
Using built-in specs.
Target: i486-linux-gnu
Configured with: ../src/configure -v --enable-languages=c,c++,java,f95,objc,ada,treelang --prefix=/usr --enable-shared --with-system-zlib --libexecdir=/usr/lib --without-included-gettext --enable-threads=posix --enable-nls --program-suffix=-4.0 --enable-__cxa_atexit --enable-clocale=gnu --enable-libstdcxx-debug --enable-java-awt=gtk-default --enable-gtk-cairo --with-java-home=/usr/lib/jvm/java-1.4.2-gcj-4.0-1.4.2.0/jre --enable-mpfr --disable-werror --with-tune=pentium4 --enable-checking=release i486-linux-gnu
Thread model: posix
gcc version 4.0.3 (Ubuntu 4.0.3-1ubuntu4)
This is important because depending upon the version of the GNU compiler, one can decide to use or ignore certain deprecated features.

In fact, viewing the man page of the compiler gcc, one realises that it has over a hundred different options for multiple architectures.

Lets say, I have a tiny C program as follows which I have written in a file called test.c .
/* FILE: test.c */
#include <stdio.h>
#include <stdlib.h>

int main(int argc, char** argv){
printf("Hello world\n");
system("cat test.c");
printf("\nEnd of program\n");
return 0;
}
Now once I have written the program, I have to compile it. Compilation is the process of converting human readable code into a form which the machine can understand. So to compile the above program, I give the command as follows:
$ gcc test.c
And if there are no syntax errors, the program will be successfully compiled and the compiler will create an executable file called a.out. Now to run our program, we have to execute a.out executable file.
$ ./a.out
As you can see I have used a ./ in front of a.out file. This is necessary if your current directory is not included in the PATH environment variable.

But if you want the compiler to give a different name to the executable file it generates, then you use the -o switch:
$ gcc -o test test.c
This will create an executable file by name 'test' instead of a.out .

But sometimes it is necessary to get an assembly code listing of ones program. This is desirable if we need to say, get an idea of the values stored in the registers. This is also possible in gcc using the '-S' switch.
$ gcc test.c -S -g
What it does is it creates a text file called test.s which contains the assembly code of our program. The -g flag is optionally used to produce debug symbols and line number information.

You can optimize the compiler using the -O flag followed immediately by a number (between 0 and 3) which states the level of optimization. It is good to optimize ones programs as it results in faster binaries.
$ gcc -O2 -o test test.c 
It is worth noting that one can turn off the optimization by using the -O0 switch.

For C++ programs, the gcc suite has another compiler by name g++. All the options which have been explained above works with the g++ compiler too.

Note: The steps detailed above are more useful for C/C++ developers and students interested in learning to program in C/C++ rather than users of Linux. This is because the compiling of source code is made simple in GNU/Linux by the use of the 'make' command.

Saturday, 8 April 2006

My Indomitable Thoughts on GNU, Linux, Open Source, Java and Free Cats and Dogs

Recently, when I ran a transcript of a talk given by Richard Stallman at the Australian National University, I never expected to get any adverse remarks about him and on the views expressed by him on problems faced by the free software community. But that was not to be. I was appalled to find a lot of comments ridiculing RMS for the views aired by him on various sensitive topics.

In fact, the sheer number of these negative comments make me feel that these were made not by free software users but by people who have a stake in proprietary software and they were making these comments posing as GNU users to spread FUD among potential free software converts. In real life, I have yet to come across a person who finds use for free software and who hold negative views about the leaders who made this possible. And if somebody does that, I would call it crass opportunism. RMS, Linus Torvalds, Bruce Perens, Alan Cox and many others have made great contribution in the evolution of GNU and open source movement to its present form.

But let us analyse what RMS said in his talk. His comment that Linus was apolitical when taken within the larger context of his appeal to give GNU equal credit makes perfect sense. Linus has himself gone on record saying that he hates playing politics and would like his software to speak for itself. In fact, Linus Torvalds and RMS think in entirely different planes. When the former likes to limit himself to the technical aspects of the free software , the latter thrives more in the political plane. But by doing so, they both play a very significant role in the betterment of the free software community. While Linus works to improve the Linux kernel making it more robust, RMS acts more like a watch dog for the free software community. He keeps track of the changes wrought by the powerful proprietary lobby and cries wolf when he sees one - like changes in laws which threaten one's freedom.

And much of what RMS said in his talk makes perfect sense. Take java for instance. Presently, Sun has a major say in shaping the future of Java language. It has not released the the implementation libraries under an open licence be it GPL or open source. Now there would have been no cause for concern if things remain the same even in the future. But what happens in 10 or 15 years from now, in the advent when Sun finds it difficult to stay afloat and gets acquired by say Microsoft ? Corporate acquisitions happen all the time. If an Adobe can acquire its arch rival Macromedia, what is stopping Microsoft from getting a controlling stake in Sun Microsystems? Will the language Java remain the same as it is now? Will the programs created in Java continue to run on Linux as it does now? For any language to thrive, it should be open and no single corporation should have a dominant say in chalking out its direction. And for Java to be really free, it has to be immune to corporate acquisitions. When you take this into consideration, what RMS said about Java not being truly free makes perfect sense.

The proprietary software lobby consider GNU as their arch enemy. If the free software movement gets adopted by the masses, then that will spell the death-knell for many of the non-free software firms as there won't be a market for their products. So they utilize every opportunity to attack the moves made by GNU and open source group.

When RMS talks about Treacherous Computing, we'd better sit up and take notice. Just going through the list of computer models with in-built treacherous computing chip should give a broad idea of the extent to which this has creeped into our lives. True, DRM is just a technology and the technology in itself is not bad. But the ways in which this technology is put to use by the corporations to stifle ones freedom is what prompts leaders like RMS to rally against this technology.

I believe GNU and open source to be the two sides of the same coin. Where open source has proved itself as a successful business model, GNU has remained stead fast in safeguarding the freedom of its users. Open source needs the strength of GNU ideology to maintain its focus in providing robust software and GNU in turn will benefit from the large collection of open source software under its fold. And it will be in the larger interests of the freedom loving users if open source and GNU sink their minor differences and act in synergy with each other.

It is a common misconception that free software stands for free as in free cats and dogs. That is not true. GNU doesn't say that one cannot sell or make money off the software one releases under GPL. Only that one has to make available the source code of the program to the user on demand. When you think about it, to even move an atom or molecule, one has to expend energy. And it is fundamentally wrong to expect some thing free of cost. Because what you got for free, another would have slogged to create it and you are actually enjoying the fruits of another person.

So the big question is how does one pay for the free software one uses? Interestingly, money is only one form of payment. There are other forms of payment like doing a favor in return for the convenience of your freedom. For example, one can spread the word about free software and open source. One can hand out CDs of GNU/Linux to ones friends, colleagues and relatives and persuade them to use it. I believe that by writing about free software on this blog, I am paying back to the free software community for the excellent software that I use.

Free software and open source have advanced so much that money has become a minor issue for it.Take the case of Wikipedia - the open and free encyclopedia which anyone can edit. When they were in need of funds, money started pouring in from all quarters and they were able to raise over 100,000 US dollars in a matter of weeks. What the GNU movement desperately need to make further inroads into the desktop market is more publicity and awareness which, as a user of free software, each one of us can provide. And if each one of us take it upon us to spread the word, I believe it will make a marked difference.

Friday, 7 April 2006

Book Review: Hardening Linux

Linux enjoys a large space in the server arena. It is favoured as a server over the competition by many for its robustness, stability and also its cost advantage. But now a days, it has also widely found favour as a desktop replacement for windows. But as with any OS, it is imperative to take necessary steps to make Linux more secure. This book titled - Hardening Linux - by James Turnbull concentrates on this very important topic of securing your Linux machine.

The book is divided into 11 chapters and 3 appendices each covering a niche area related to security in Linux. The author starts the narration by explaining why and how one could make the boot-loader (Grub or LiLo) more secure. He throws light on the various services that could be running on a default installation of Linux and explores which of them are beneficial and which could be stopped. In this chapter, the author goes into the nitty gritty basics of securing Linux like user and process accounting, PAM, how to harden and secure the Linux kernel through use of openwall patch and more.

A firewall forms one of the most important element in a computer's defence against attack. More so if there are servers running on one's computer. The second chapter takes an in depth look at configuring a firewall using iptables in Linux. Here the author lays stress on configuring a firewall for bastion hosts - those computers which form the gateway between a trusted and untrusted network. This chapter gives a very good idea of the concept of firewall and how one can leverage the use of iptables to make ones computer more secure.

Most Linux servers are administered remotely from different places across the world. It is common for the production server to be physically situated in one country and the support personnel in an entirely different country. In such situations, the people administering the remote server log in to the server using SSH or VPNs. The author starts the third chapter with an introduction to public-private keys and goes on to explain protocols like SSL,Transport Layer Security and OpenSSL. This chapter gives a firm foundation on how to use openssl to generate and use RSA keys, use of OpenSWAN to create a virtual private network between two subnets over the internet, port forwarding using SSH and more. In fact this book can be considered to be a hands on book with the right amount of theory explaining the concepts without overwhelming the user.

The fourth chapter of the book deals with the various facets of file and file system security. Here the author explains the basic file permissions and attributes as well as how one can make sure there are no suspicious files lying around in the system. I especially liked the part which explains ways of scanning for and finding files and objects in a variety of states like world-writable and setuid files, making your files immutable, creating an encrypted file system and so on. This chapter also goes into a detailed analysis of how one can install and configure Tripwire - a checksum and integrity scanner famed for its robustness as well as cryptic configuration commands.

Logging is a very important function in any Linux server. One can learn a lot by checking the logs generated by the various services running on it. The beauty of Linux is that one can configure to log the actions of any of the daemons running in it using the syslog daemon. In the fifth chapter of this book, the author explains in detail the working and configuration of two popular logging daemons namely syslog and its more secure counterpart syslog-NG. And true to the title of the book, all along, stress is laid on security while explaining these topics.

The sixth chapter is one which every system and network administrator will vouch as their favourite which is the use of tools like nmap, netstat, nessus and the ubiquitous find for security testing. But the author does not stop with just that. He also describes how one can use a script called Bastile Linux to harden the Linux system. I was fascinated when I read a section which explains the use of the most popular password cracking tool available called John The Ripper to check the strength of the passwords used in the system. There is also a section which explains the steps to be taken in the advent that a system gets compromised.

The next 3 chapters deal exclusively in securing a computer running a mail server. Here the author goes in-depth into configuring sendmail, postfix, fetchmail in a way that security is enhanced and not compromised. That is not all, there is an in depth section on installing and configuring Cyrus IMAP - a secure IMAP and POP server for Linux.

The penultimate chapter in this book pursues configuring an ftp server. More specifically the vsftp server known for its security. There is also a section on locking down the ftp server using the ip_conntrack_ftp iptables module.

Hardening DNS and BIND form the last and final chapter of this well written book where the author explains the potential security issues faced by a DNS server such as man in the middle attack, cache poisoning, DoS attack and data corruption and alteration. He then goes on to explain how to securely design and configure a Bind DNS server.

A word about the author
James Turnbull is an IT&T security consultant at the Commonwealth Bank of Australia. He is an experienced infrastructure architect with a background in Linux/Unix, AS/400, Windows, and storage systems. He has been involved in security consulting, infrastructure security design, SLA and support services design, and business application support.

Book Specifications
Name : Hardening Linux
ISBN No: 1-59059-444-4
Author : James Turnbull
Publisher : APress
Price : Check at Amazon.com
No. of Pages : 560
Category : Intermediate to Advanced
Rating : 4/5

Through out these chapters, the author takes a hands on approach for every topic being explained. I found it really useful that at the end of each chapter, the author has provided links to various webpages where one can get more details on the related topic. After going through the book, one gets the impression that the author has covered most of the issues related to security in Linux and how to overcome them. The book is a right mix of both theory and practice which makes it a very useful book for people who are looking forward to securing their computer running Linux.

Wednesday, 5 April 2006

Linux Wireless LAN support - Complete Listing

With the growing trend of computers going wireless and the proliferation of WiFi hotspots in major cities, there is a need to know which wireless LAN card has support for GNU/Linux while buying a PC or a laptop. Linux does have drivers for wireless LAN cards. But not all wireless cards are supported in Linux.

H.J Heins has compiled a database of all the wireless LAN cards in the market with details of how much support you can hope to get for it to work in Linux. You can browse the entire collection or a subset of it depending on the manufacture, the interface or chipset used. Just make sure that you choose a card with the green label as those are the ones which have native Linux drivers available.

Monday, 3 April 2006

The unabridged selective transcript of Richard M Stallman's talk at the ANU

Richard Matthew Stallman, the father of the GNU movement once gave a talk at the Australian National University where he explained his stand on the name GNU/Linux, the Digital Millennium Act, DRM which Stallman chooses to call Digital Restriction Management and software idea patents. He talked for over one hour explaining and throwing light on these and many other topics of interest to GNU and all freedom loving people.

RMS on why people should call it GNU/Linux instead of just Linux

... So the goal we had set out to reach in 1984 had been reached (with the development of the Linux kernel). But at the same time, a confusion developed, we started thinking that the entire operating system was Linux. And this confusion was a serious blow to the free software movement. Because, before that time, the people who saw various pieces of GNU knew that they were doing so and they became GNU fans. And so when they came across the articles written about the philosophy of GNU, they wouldn't guarantee to agree with us but at least they would pay serious attention and say we are fans of GNU and this is the philosophy of GNU.

After there was a complete GNU system with Linux that you could get to run, people started thinking that it was Linux. But before that point, our software spread the philosophy and our philosophy help spread the software because when the people read this, if they agree, they will be motivated to develop more free software and add to GNU.

However after people started using essentially the GNU system with Linux added, and called it Linux, it no longer led then to the philosophy associated with GNU - the philosophy of free software. Instead of that, the people read the philosophy that was associated with the name Linux. The apolitical philosophy of Linus Torvalds who thinks that all software licences are legitimate and it is wrong ever to violate them. So his views on this are more or less the same as Microsoft's. Now he of course has the right to promote his views but I object to our work becoming the main basis for promoting his views because it is attributed to him directly by labeling the GNU system as Linux. And that is why I ask people to call the system as GNU/Linux.

Give us equal mention. We need it. We need it not just because it is fair but because it will help people recognize what we have done so they will think about what we are asking them help us do. Our work is not finished. People will sometimes give me advice which in other circumstances might have been wise. They would say, it looks bad to ask for credit. And so they say, when the people call the system Linux, smile to yourself and take pride in a job well done. This would be very wise advice if it were true that the job is done. We made a great beginning. We have developed more than one free operating system in our community and many free application programs. But there are many application programs we still have to develop. We have developed free operating systems used by 10's of millions of users. But there are 100's of millions of users of proprietary operating systems and even the people using free operating systems often use proprietary programs on top of that. So we have a tremendous amount of work to do.

RMS on Digital Millennium Copyright Act and DRM

...
Today the main question is whether we would be allowed to develop the software that the users want. In the US, there are already two laws forbidding the development of various kinds of free software. One of these laws is the Digital Millennium Copyright Act - The law that forbids free software to access encrypted or some how blocked off data. This law was used to prohibit the free software from playing a DVD. If you buy a DVD in the US, it is legal for you to watch the movie. But the free software that would enable you to do this on your free GNU/Linux system has been censored completely. There is in fact no lawfully available software in the US that you could use to watch a DVD.

But I am afraid, they have carried this even further. There is a certain computer game that is accompanied by a network server that allows people to play against each other and they communicate with some kind of cryptic protocol. And people figured this out and implemented their own server and they have their own free game which is some what similar. They wrote it themselves and is not a modified work within modified proprietary game that won't have been illegal anyway. So they wrote their own game and they have their own server. And you could use either game and talk to either server. And they were sued. A court ruled that these free alternatives are illegal ones under the digital millennium copyright act. Now please note that using either one of these free alternatives doesn't enable one to use the proprietary one without paying. We have here two separate products being tied together through the use of this law.

The Digital Millennium Copyright Act is used to impose DRM (Digital Restriction Management) on the public. So they are not satisfied with prohibiting people from sharing with their neighbours. They want to redesign your computer system to stop you from sharing and this is wrong. DRM is fundamentally wrong in itself because it stops people from cooperating with their neighbours. And a government of the people, by the people and for the people will not enact laws that support DRM in any way. So that is one law which prohibits certain kinds of free software.

RMS on Software Idea Patents

Another law in the US which prohibits free software from any progress of any kind is the patent law. In the US, any kind of software idea for use in any kind of software can be patented by some one. Which means that when you implement that idea, you could get sued. Now large programs combine many ideas. A program can combine easily 100's or 1000's of different ideas. And if any one of these ideas is patented, your chances of developing a large program without infringing many patents is absurdly small. So software patents are obstacles to all software development. And they threaten users as well. The users can also get sued for the software they are using, for the way they have configured their machines and so on.

And this is advertised as a scheme to promote progress. But economic research shows just the opposite. Now I used to ask people to imagine how many different patents one program could be implemented by at once. I would say dozens, may be 50. Well now we do not have to imagine. Somebody did a study, must have been a lot of work. He took one particular program named Linux - the kernel of the GNU/Linux system. And he checked for all the US patents that covers something that could be found somewhere in Linux. He found 286 different US patents that covers parts of Linux. And Linux is just one part of the system. I saw an estimate somewhere else that it was 25 % of the system.

So if we note, we can get a rough estimate of around a 100,000 or so different software idea patents in the US that would cover ideas used some where in GNU/Linux system of today. Of course, it is a rough estimate and it wouldn't surprise me if it were only 30,000 or as much as 300,000. So now you see the danger. And since this danger is not only for free software developers but for all software developers aside perhaps from the mega corporations, there is actually a very broad movement against the software idea patents. This movement which I am led to say I played a major role in starting about 40 years ago has actually persuaded the European Parliament which voted to reject software idea patents. Now European Union is set out to have only a little democracy in it. ... The process is not over yet and we are still fighting it but there is a good chance that we can win at the level of the European Union. Of course Microsoft wants software idea patents. Microsoft has stated that it intends to use software idea patents to kill off GNU/Linux.


RMS on developing a free Java platform and on Flash and MS Word file formats

One of the big dangers in our community is that people start putting non-free software into the system and they call it bonus. They say it is a nice addition, it gives more features. Yes it gives you more features at the cost of your freedom. When these things are distributed separately, they call it value added packages. And that term makes it stick about your values. It says it values your convenience only, don't value your freedom. So I prefer to call them freedom subtracted packages. That makes a statement about my values.

But they also include them, incorporate them in various distributions of GNU/Linux system. For instance, Sun has a version of the GNU/Linux system which they call the Java Desktop. Now they are not giving credit either to Linux or GNU but that is not an important issue when we look at what they are doing which is really bad that is, including several non-free programs including Sun's Java platform. Sun's Java platform is not free software. You shouldn't install. If you do install it, you are putting yourself at risk of creating other problems for other people. There are people who are so attracted to java - they think this idea that will run on all platforms is so exciting - that they stop paying attention to things like what to pay attention to. They will write programs in java, they will write free programs in java and offer to people and it turns out it doesn't run on all platforms, it doesn't run on a free platform.

You see, we have free java platforms. But they don't implement all features yet. Sun keeps on adding features and our efforts are speeding up but they are still behind. So many of the java libraries or the newer language features, we don't have yet. So if you use them in your free program, it would run on a free platform and you will find that your program is actually an inducement to people to install non-free software. The same thing is happening when websites use java or websites use flash.

The use of flash websites is a major problem for our community. People are working in free software for playing flash. And now it more or less handles just the display of things but it doesn't handle reading input. If you see a website using flash, complain. Complain to the site developer saying you are excluding people who believe in maintaining their freedom. Please get rid of the flash from your site.

A similar problem occurs when people distribute files in word format. And peoples approach to this used to be find some way to arrange to read it. And I pointed out that this is actually not a right response in the long run. You see, people worked on figuring out the details of the secret of word format. And figured out a lot of them. So there is free software today like openoffice that can read word files. But it is still short term thinking just to address this problem as right because Microsoft can keep changing the word format. And every time they make word files in this new format and they send to other people and other people can't read them. And so they feel like have to upgrade word as well and the result is a large number of these windows users are using new version of word and they send us these word files in a different format which our software can't read. And maybe it is patented and we will get sued if we make our free software read.

To solve this office problem, we have to remove Microsoft's control over the language that people use to communicate with each other and with themselves - like saving your files so you could read your files later. We have to refuse to use word format for this. When people send you a word file, therefore don't cope with the situation by reading it. Instead it is much better to send back a message saying - please don't ever send me word files. This is contributing to a serious social problem. But send it in public documented formats which everyone is free to implement so you are not giving a particular company any power it shouldn't have.

Fundamentally, the use of non-free software program gives somebody power of the kind that nobody should have. And therefore software should be free. Computer users should always have the freedom to control their computers. And they should be free to cooperate with each other in doing so.

RMS on Free software Vs Opensource

... In 1998, some of them started another way of talking about free software where they call it opensource. And with this different name, they have associated a different set of ideas. They don't say that this is a matter of the freedom that every user should have. In fact, they would often say that they recommend a development methodology which they say will generally produce more powerful and reliable software. And that may be true. I hope it is true. It would be nice if freedom provides as a byproduct, security of software. But it is a terrible mistake, I think, to focus all the attention on these short term practical benefits and ignore freedom itself. The danger is, then people would fail to defend their freedom when it is threatened as they wouldn't recognize what it is.

So if you imagine two people, one who is convinced by the opensource philosophy and another who is convinced by the free software philosophy. And you show these people a powerful, reliable, convenient, non-free program. What are they going to say ?

The opensource guy would say - "I am surprised you were able to do such a good job without letting the users study the code and find the bugs for you. But I can argue with the facts. It seems a powerful and reliable program". And he will probably use it. Where as the free software person will say - "I don't care how powerful and convenient it is if it takes away my freedom. I wouldn't pay such a high price for that convenience. I am going to get to work on a free replacement for this program right away before anybody else get tempted to use that program".

One person would give up his freedom when ever you can offer him convenience in its return and the other would fight for his freedom. And if enough of you fight for your freedom, freedom may prevail.

RMS on RMS

Now people sometimes have accused me of having a holier than thou attitude. I think that is not actually true. I don't criticise and condemn people just because they don't stand up for free software strongly as I do. As long as what they are doing is good, I will say what they are doing is good and I might suggest somethings they could do.

However, I do have a holy attitude because I am a saint. It is my job to be holy. I am saint iGNUcius of the church of Emacs. I bless your computer my child. Emacs started out as a text editor which became a way of life for many users because it could do almost everything without exiting Emacs. And ultimately a religion. We even have a great schism between two rival versions of Emacs. And now we have a saint too. Fortunately no gods. In this church, instead of gods, we have an editor.

To be a member of the church of Emacs, you must recite the confession of the faith. You must say, there is no system but GNU and Linux is one of its kernels. The church of Emacs has certain advantages compared with some other churches. To become a saint in the church of Emacs does not require celibacy. However, it does require living a life of moral purity. You must exorcise the evil proprietary operating systems that posses what ever of the computers under your control and install in all of them a holy free operating system instead. And then, only install free software on top of that. If you make this commitment to live by it, then you too would be a saint and you may eventually have a halo if you can find one because they don't make them any more.

Sometimes, people ask me if it is a sin in the church of Emacs to use the editor Vi. It is true that Vi-Vi-Vi is the editor of the beast. But using a free version of Vi is not a sin but a penance. And sometimes, people ask me if my halo is really an old computer disc. This is not a computer disc. It is my halo. But it was a computer disc in a previous existence.

This talk was originally video taped by ourTV - a community TV channel in Canberra but unfortunately, they were unable to get their project off the ground because of lack of funds. You can watch the whole video here (240 MB download).

Suggested Reads:

Saturday, 1 April 2006

Configuring a WiFi card to work in GNU/Linux

You have one of those laptops which are WiFi enabled and you are itching to get on the net by accessing one of the numerous wireless hotspots dotting your city. But unfortunately, you happen to be a hard core Linux user who catches a cold at the mere mention of the dreaded Windows word. So is there an easy way to put your WiFi card to good use in Linux? Of course there is. Linux has a very good wireless network detector, sniffer, and intrusion detection system in Kismet which supports 802.11 protocol and works in data link layer of the OSI model. Kismet is said to work with any wireless card which supports raw monitoring (rfmon) mode, and can sniff 802.11b, 802.11a, and 802.11g traffic.

Aaron Weiss has put together a simple but very informative article where he lists the difference between active and passive sniffers. He also explains how one can install,configure and run kismet to work with ones WiFi card which makes an interesting read.