
950 lines
36 KiB
Raw Normal View History

2020-08-23 10:33:19 +00:00
<!--startcut ======================================================= -->
<META NAME="generator" CONTENT="lgazmail v1.4F.j">
<TITLE>More 2 Cent Tips & Tricks LG #73</TITLE></HEAD><BODY BGCOLOR="#FFFFFF" TEXT="#000000"
LINK="#3366FF" VLINK="#A000A0">
<!-- ::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::: -->
<P> <hr>
<!-- *** BEGIN navbar *** -->
<IMG ALT="" SRC="../gx/navbar/left.jpg" WIDTH="14" HEIGHT="45" BORDER="0" ALIGN="bottom"><A HREF="lg_mail.html"><IMG ALT="[ Prev ]" SRC="../gx/navbar/prev.jpg" WIDTH="16" HEIGHT="45" BORDER="0" ALIGN="bottom"></A><A HREF="index.html"><IMG ALT="[ Table of Contents ]" SRC="../gx/navbar/toc.jpg" WIDTH="220" HEIGHT="45" BORDER="0" ALIGN="bottom" ></A><A HREF="../index.html"><IMG ALT="[ Front Page ]" SRC="../gx/navbar/frontpage.jpg" WIDTH="137" HEIGHT="45" BORDER="0" ALIGN="bottom"></A><A HREF="http://www.linuxgazette.com/cgi-bin/talkback/all.py?site=LG&article=http://www.linuxgazette.com/issue73/lg_tips.html"><IMG ALT="[ Talkback ]" SRC="../gx/navbar/talkback.jpg" WIDTH="121" HEIGHT="45" BORDER="0" ALIGN="bottom" ></A><A HREF="../faq/index.html"><IMG ALT="[ FAQ ]" SRC="./../gx/navbar/faq.jpg"WIDTH="62" HEIGHT="45" BORDER="0" ALIGN="bottom"></A><A HREF="lg_answer.html"><IMG ALT="[ Next ]" SRC="../gx/navbar/next.jpg" WIDTH="15" HEIGHT="45" BORDER="0" ALIGN="bottom" ></A><IMG ALT="" SRC="../gx/navbar/right.jpg" WIDTH="15" HEIGHT="45" ALIGN="bottom">
<!-- *** END navbar *** -->
<P> <hr> <P>
<!-- QUICK TIPS SECTION ================================ -->
<!-- endcut ======================================================= -->
<H1><A NAME="tips"><IMG ALIGN=MIDDLE ALT="" SRC="../gx/twocent.jpg">
More 2&cent; Tips!</A></H1> <BR>
<!-- BEGIN tips -->
Send Linux Tips and Tricks to <A HREF="mailto:linux-questions-only@ssc.com">linux-questions-only@ssc.com</A></center>
<!-- index_text begins -->
<li><A HREF="#tips/1"
><strong>Command-line calculator</strong></a>
<li><A HREF="#tips/2"
><strong>Apache startup script improvement</strong></a>
<li><A HREF="#tips/3"
><strong>Re: De-enhancing text</strong></a>
<li><A HREF="#tips/4"
><strong>Fun with chroot jails</strong></a>
<li><A HREF="#tips/5"
><strong>Password list</strong></a>
<li><A HREF="#tips/6"
<li><A HREF="#tips/7"
><strong>using m-w online dictionary.</strong></a>
<li><A HREF="#tips/10"
><strong>PacHell DSL w/LINUX</strong></a>
<li><A HREF="#tips/11"
><strong>How we fixed "FW-I/LINUX kmalloc" problem</strong></a>
<li><A HREF="#tips/12"
><strong>DSL Drivers for USB</strong></a>
<li><A HREF="#tips/13"
><strong>gtkmm-config problem</strong></a>
<li><A HREF="#tips/25"
></a>newbie question --or--
<br><A HREF="#tips/25"
><strong>Linux equivalent for Active Directory?</strong></a>
<li><A HREF="#tips/29"
><strong>Re: [LG 72] 2c Tips #4 translated oddly</strong></a>
<!-- index_text ends -->
<!-- .~~.~~.~~.~~.~~.~~.~~.~~.~~.~~.~~.~~.~~.~~.~~.~~.~~.~~. -->
<P> <A NAME="tips/1"><HR WIDTH="75%" ALIGN="center"></A> <P>
<H3><IMG ALIGN=BOTTOM ALT="" SRC="../gx/lil2cent.gif">
<FONT COLOR="navy">Command-line calculator</FONT></H3>
Wed, 31 Oct 2001 22:40:27 -0500
<BR>Ben Okopnik (<a href="mailto:linux-questions-only@ssc.com?subject=%20Re%3A%20%5BLG%2073%5D%202c%20Tips%20%231"><em>LG</em> Contibuting Editor</a>)
One of the things I've always found amusing is watching people working at a
PC suddenly stop and go digging through their desk for a calculator. I
mean, good grief - all that processing power, and they have to go back to
the Stone Age! Well, if you're one of those unfortunates, suffer no more.
Just put the following lines in your "~/.bash_profile":
calc(){ perl -wlne'print eval'; }
export -f calc
The next time you log in (or if you source "<tt>.bash_profile</tt>"),
the function will be available to you.
ben@Baldur:~$ calc
3.141592653*6**2 # What is the area of a circle 6 meters across?
( 3 - 117 ) % 7 # If today is Tuesday, what day was it 117 days ago?
sqrt(115) * 1.34 # Hull speed of a ship with a load waterline of 115'
Note that I actually typed those comments into "calc"; it chews and
swallows them without a problem.
"calc" is actually a 'gateway' into Perl (via the "eval" mechanism); that
makes it into quite a powerful gadget. It supports all the math/trig/etc.
operations that are built into Perl - functions like "abs", "atan2", "cos",
"exp", "hex", "int", "log", "oct", "sin", "sqrt", and even "rand" (rolling
dice, anyone?)
ben@Baldur:~$ calc
print int rand(6) + 1 for 1..20 # Roll 20 6-sided dice
"calc" can be as simple as you like - or provide you with the kind of power
that calculators just can't match. It's all in what you choose to do with
it. By the way, be aware: there's nothing in "calc" that restricts you to
"math-only" commands; if you type "unlink my_important_file", Perl will
happily obey your orders (i.e., delete that file.) So, as with everything
in Linux, be careful - and have fun.
[Python's interactive mode can also be used as a calculator. -Iron.]
<!-- end 1 -->
<!-- gremlins spotted and shot. You're welcome, Ben :D -->
<!-- .~~.~~.~~.~~.~~.~~.~~.~~.~~.~~.~~.~~.~~.~~.~~.~~.~~.~~. -->
<P> <A NAME="tips/2"><HR WIDTH="75%" ALIGN="center"></A> <P>
<H3><IMG ALIGN=BOTTOM ALT="" SRC="../gx/lil2cent.gif">
<FONT COLOR="navy">Apache startup script improvement</FONT></H3>
Mon, 19 Nov 2001 08:54:27 -0500
<BR>Allan Peda (<a href="mailto:linux-questions-only@ssc.com?cc=allan.peda@verizon.net&subject=%20Re%3A%20%5BLG%2073%5D%202c%20Tips%20%232">allan.peda from verizon.net</a>)
Every thime I setup <A HREF="http://www.apache.org/">Apache</A> I add two lines to the startup script to
parse the config file for the variable containing the name of the file to
store the PID at.
It seems logical to me to automate this, since the script has an entry
for the pidfile,
but really should also "knows" the location of the config file,
why not parse any redundant information from it and remove the risk of
Here is what I add to the /etc/init.d/apache start|stop script:
PIDFILE=`sed -e '/^PidFile /!d; s/PidFile //' $CONFIG_FILE`
or for you bashers:
<blockquote><pre> PIDFILE=$(sed -e '/^PidFile /!d; s/PidFile //' $CONFIG_FILE)
Also, I usually pass the name of the config file to apache explicitly,
so that
it's obvious via "ps ef" what configuration is currently being used.
Seems to make sense to me. In fact, I'd hope this makes it into the
scripts included
in the distro.
It's a good suggestion.
Personally I think the start-up (rc) scripts from most distributions
are a bit lacking. For example I've always thought that it was
remiss of the start up script that mounts the <TT>/proc</TT> filesystems fails
to check that the mount point is a properly empty directory.
In the case of your suggestion, you are eliminating what I call
a "moving part" (an opportunity for different configuration elements
from different sources to get out of sync with one another).
Of course there are many other failure opportunities which could be
mitigated with additional tests. For example: what if there are
multiple PidFile directives? what if the case doesn't match your
sed expression (doesn't <A HREF="http://www.apache.org/">Apache</A> tread PidFile as equivalent to PIDFile,
The usual way that <A HREF="http://www.debian.org/">Debian</A> does it is also fairly sensible. This is from
"<TT>/etc/init.d/skeleton</TT>" (the template that you're supposed to use when
writing an "init.d" script under Debian), by Miquel van Smoorenburg and Ian
<p align="center">See attached <tt><a href="misc/tips/apache.init-d-fragment.txt">apache.init-d-fragment.txt</a></tt></p>
Any daemon, when started via this mechanism, gets an individual pidfile.
I think you miss his point. Debian's rc scripts are no better than
<A HREF="http://www.redhat.com/">Red Hat</A>'s in this respect. If one changes the PidFile directive
in the .conf file, then Apache's notion of its PID file location
disagrees with Debian's startup/shutdown scripts.
That could be reported as a bug to the maintainer --- but it's
unclear how far we should go in making the rc scripts more dynamic.
It would be a bit absurd to do comprehensive failure-mode analysis
and mitigation for all of the rc scripts. At some point we must
just give up (maybe calling on logger -s to emit and error message).
The problem with making foolproof systems is that the universe
keeps creating more ingenious fools.
<!-- end 2 -->
<!-- .~~.~~.~~.~~.~~.~~.~~.~~.~~.~~.~~.~~.~~.~~.~~.~~.~~.~~. -->
<P> <A NAME="tips/3"><HR WIDTH="75%" ALIGN="center"></A> <P>
<H3><IMG ALIGN=BOTTOM ALT="" SRC="../gx/lil2cent.gif">
<FONT COLOR="navy">Re: De-enhancing text</FONT></H3>
Fri, 9 Nov 2001 12:16:23 -0800 (PST)
<BR>Thomas Adam (The <em>LG</em> Weekend Mechanic)
<br>and Peter Dzimko (<a href="mailto:linux-questions-only@ssc.com?cc=dzimko@yahoo.com&subject=%20Re%3A%20%5BLG%2073%5D%202c%20Tips%20%233">dzimko from yahoo.com</a>)
<p>Richard Bly sent us:</p>
Just in case you were not aware, the utility colcrt will take a man page
output and format it without all the weird stuff.
The underlining is put on the next line so both the text and the underline
are visable.
<blockquote> [Thomas Adam]
Why not just use the following......:
man manname | col -b &gt; ./mymanpage.man
where "manpage" is the man page (obviously). The "<tt>col</tt>"
command in this case (with the <tt>-b</tt> flag) will filter
reverse line feeds.
There is also the option of using "man2html" for the
I think that following method is much simpler:
man thttpd | col -bx
<br>Peter Dzimko
<!-- end 3 -->
<!-- .~~.~~.~~.~~.~~.~~.~~.~~.~~.~~.~~.~~.~~.~~.~~.~~.~~.~~. -->
<P> <A NAME="tips/4"><HR WIDTH="75%" ALIGN="center"></A> <P>
<H3><IMG ALIGN=BOTTOM ALT="" SRC="../gx/lil2cent.gif">
<FONT COLOR="navy">Fun with chroot jails</FONT></H3>
Tue, 30 Oct 2001 13:21:58 -0500
<BR>Heather Stern (<a href="mailto:linux-questions-only@ssc.com?subject=%20Re%3A%20%5BLG%2073%5D%202c%20Tips%20%2334">The Editor Gal</a>)
<p>Ben asked:</p>
There's one you could write up (assuming you ever got the time to do
it, that is) - creating those "chroot" jails. That's something I'd love to
have the specifics of; I understand the concept well enough, but having
never implemented one, I'm short on the actual mechanics.
There's a fairly current <A HREF="http://www.freshmeat.net/">Freshmeat</A> entry called "cage". Initial release.
Not my stuff, but it's exactly the right idea - some support for a bash-shell
centered chroot jail, so you can jail more complex apps a little more safely,
e.g. make chroot a one way trip, nicking off a few linux-privs along the way.
Sounds like cool fun; I'll definitely check it out.
In the "barely enough to run an app" category, there's a helpful document for
BIND, and a different one for Postfix, iirc, but I don't have their URLs
memorized and I'm trying to avoid getting -too- distracted. (too late!)
&lt;grin&gt; I'll search for those some time this coming week...
There are a few patches and at least one kernel module (capsel) around now,
that offer to stop the <TT> chroot()</TT> call from happening more than once, preventing
the usual script-kiddy method of getting out of one, among their other helpful
Uh... what's the usual script-kiddy method? I mean, I know I can type
'exit' if I've started a regular 'chroot' without specifying a prog...
but... maybe I'm not visualizing it right. I'm seeing a chroot jail as a
"system within a system" - if you exit, you end up at a login prompt.
That's it. Real "root" is only available via a different IP; in effect,
you're logging into a different system. Correct?
Minimum Mechanics:
<li> blank hard disk
<li> install parent level with syslog, cron, ssh, sudo.
<li> create subdirs for jail areas (e.g. <TT>/home/HTTPD-jail</TT>, <TT>/home/MAIL-jail</TT>, etc.)
<li> run installer again, using "already mounted directory". Once per jail of
<br>Mhm. I wonder how hard it would be to create a stripped-down installer just
for the purpose. Might make a nice project, don't you think?
<li> tweak each jail like it was a seperate machine you could boot into normally
that was dedicated to the purpose. Each jail's ssh must be on a unique
IP address/port number combo.
<li> grafting - setup top level so it runs services out of their jails, already
chrooted there.
<li> time to make an IPL backup
<li> stripping - take more stuff out of the jails, that they will NEVER need
because they are really not the top level after all. e.g. fsck, copy of
the kernel and modules. This may require some brutal adjustments to the
packaging systems so they won't get put back if you choose to upgrade the
jails later. Possibly make it so there should never be a need to be
root inside the jail anyway. etc.
<li> time to make IPL backup #2, on a different media from #1. Allows for
return to this point, or to decide you went overboard and try shaving that
differently by starting again from #1.
Eh... you lost me there on #6; that's the part I'm not seeing. What's the
interaction mechanism between the two levels? How does the "top" see the
"bottom" without the "bottom" seeing the "top"?
I usually run a lot of things from <tt>/etc/inittab</tt> so they can be
respawned if they die.
For #8 I agree, that's the way I would do it - since root can twiddle anything
on the mounted filesystems, there shouldn't even be root access in there.
Although I would set up some sort of an "admin" account, with carefully decided
Might be helpful to have more hard disks, or seperate partitions for each jail.
I gotta stop procrastinating like this ;&gt;
I'm glad you did.
<IMG SRC="../gx/dennis/smily.gif" ALT=":)"
height="24" width="20" align="middle"> Thanks - I'll dig
into it some more!
<!-- end 4 -->
<!-- .~~.~~.~~.~~.~~.~~.~~.~~.~~.~~.~~.~~.~~.~~.~~.~~.~~.~~. -->
<P> <A NAME="tips/5"><HR WIDTH="75%" ALIGN="center"></A> <P>
<H3><IMG ALIGN=BOTTOM ALT="" SRC="../gx/lil2cent.gif">
<FONT COLOR="navy">Password list</FONT></H3>
Tue, 30 Oct 2001 08:49:40 -0500
<BR>Ben Okopnik (<a href="mailto:linux-questions-only@ssc.com?subject=%20Re%3A%20%5BLG%2073%5D%202c%20Tips%20%231"><em>LG</em> Contibuting Editor</a>)
OK, so this is straight out of any security FAQ: whatever you do, _don't_
keep a list of your passwords on your machine. Right? Right.
Now, since you're going to do it anyway...
<IMG SRC="../gx/dennis/smily.gif" ALT=":)"
height="24" width="20" align="middle">
Here's a somewhat safer way
to do it - note that I did not say "safe", just "safeR". The way I see it,
those of you who don't keep one won't be affected, and those of you that do
will notch up the security just a tad.
To make this work, you'll need something to keep your secrets for you:</p>
<p align="center">See attached <tt><a href="misc/tips/pass.bash.txt">pass.bash.txt</a></tt></p>
Here's what you do: put this script in a
directory that's in your path, say "<TT>/usr/local/bin</TT>", then set the ownership
and permissions as follows:
chown root:root /usr/local/bin/pass # You must be root to do this
chmod 755 /usr/local/bin/pass # And this, too
You now encrypt the file that contains your list of hosts, usernames, and
passwords, one per line:
www.cia.gov JohnDoe cRYpTo
www.kgb.ru IvanIvanov bOLsh0isEkRET
www.mossad.il PloniAlmoni sHiN8eT
kempeitai.jp NanashiNoGombe haITTeM0ikEmAsEN
www.mybroker.com FulanoMengano QuIenSaBE
www.mybank.bm MattiMeikalainen sAipPUakAuPPIAs
www.centralbank.an JanModaal fInanCIeeL
<p>...with a command like:</p>
crypt My1SecretPasswD &lt; mysecrets &gt; ~/pass
Move the original ("mysecrets") to a floppy and put it somewhere safe (yes,
that usually means where nobody - not even you will ever find it again.
<IMG SRC="../gx/dennis/smily.gif" ALT=":)"
height="24" width="20" align="middle">.
Remember to update it once in a while. As to the encrypted file, all anyone
is going to see when they look at it (you did set its permissions to 0600,
right?) is a bunch of binary-looking gobbledygook.
Now, let's say you want to see what the combo is for "mossad". Easy enough:
spy@Hideout.com:~$ pass mossad
Enter password (screen echo disabled):
www.mossad.il PloniAlmoni sHiN8eT
If you want to edit the file, just type "<tt>pass -e</tt>";
this will invoke your
editor ("<tt>$EDITOR</tt>" - "vi" by default)
on the decrypted version of the file.
"grep"-related tip: if you want to just see the entire file, call it as
pass $
<!-- gremlins forced to cough up their copy of the script. -->
<!-- end 5 -->
<!-- .~~.~~.~~.~~.~~.~~.~~.~~.~~.~~.~~.~~.~~.~~.~~.~~.~~.~~. -->
<P> <A NAME="tips/6"><HR WIDTH="75%" ALIGN="center"></A> <P>
<H3><IMG ALIGN=BOTTOM ALT="" SRC="../gx/lil2cent.gif">
<FONT COLOR="navy">DNS</FONT></H3>
Sun, 11 Nov 2001 12:21:43 -0900
<BR>Heather Stern (The Editor Gal)
<br>and Faber Fedor (<a href="mailto:linux-questions-only@ssc.com?subject=%20Re%3A%20%5BLG%2073%5D%202c%20Tips%20%236">The Answer Gang</a>)
<p>David Menegat asked us the following:</p>
I am trying to set up a name server on my mandrake 8 system and I
believe I installed the dns package I just don't know how to configure
it do you know where there is a faq or have any advice for me. I just
bought a domain name and this is the last piece in the puzzle before
the final configuration and I transfer the name to my machine.
Thank you
David Menegat
<Blockquote> [Faber]
Well, there's always the HOWTOs:
<A HREF="http://www.linuxdocs.org/HOWTOs/DNS-HOWTO.html"
<blockquote> [Heather]
There's also the absolutely marvelous resaources of "Ask Mr. DNS".
Although Acme Byte and Wire was bought by Network Solutions, there still
exists his marvelous archive of detailed answers to how DNS works:
<A HREF="http://www.acmebw.com/askmrdns"
If that doesn't answer what you need, you can also ask him questions
directly at his current email address... which I won't tell you, you'll have to
read his archive first
<IMG SRC="../gx/dennis/smily.gif" ALT=":)"
height="24" width="20" align="middle">
BTW as far as I can
tell, he only answers questions for DNS sites which he can access, so he can
see what things are resolving like.
We hope it helps! Let us know if Linux itself has any extra questions for
you, or there's a spot in the DNS-HOWTO we can explain a bit better for
you. We want it to make sense
<IMG SRC="../gx/dennis/smily.gif" ALT=":D"
height="24" width="20" align="middle">
<p>To which David replies:</p>
Thank you very much I'm sure I'll have no problem now
<br>thank you
<br>David Menegat
<!-- end 6 -->
<!-- .~~.~~.~~.~~.~~.~~.~~.~~.~~.~~.~~.~~.~~.~~.~~.~~.~~.~~. -->
<P> <A NAME="tips/7"><HR WIDTH="75%" ALIGN="center"></A> <P>
<H3><IMG ALIGN=BOTTOM ALT="" SRC="../gx/lil2cent.gif">
<FONT COLOR="navy">using m-w online dictionary.</FONT></H3>
Mon, 19 Nov 2001 21:30:59 -0500
<BR>Matt Giwer (<a href="mailto:linux-questions-only@ssc.com?cc=jull43@tampabay.rr.com&subject=%20Re%3A%20%5BLG%2073%5D%202c%20Tips%20%2331">jull43 from tampabay.rr.com</a>)
looking up words in the m-w dictionary. I thought you carried this
about a year ago.
create a file named def containing
# def &lt;word&gt; goes to Mirriam Webster page of it definition
lynx "<a href="http://www.m-w.com/cgi-bin/dictionary?book=Dictionary&va=$*"
used as
def word
<!-- end 7 -->
<!-- .~~.~~.~~.~~.~~.~~.~~.~~.~~.~~.~~.~~.~~.~~.~~.~~.~~.~~. -->
<P> <A NAME="tips/10"><HR WIDTH="75%" ALIGN="center"></A> <P>
<H3><IMG ALIGN=BOTTOM ALT="" SRC="../gx/lil2cent.gif">
<FONT COLOR="navy">PacHell DSL w/LINUX</FONT></H3>
Sat, 24 Nov 2001 20:47:32 -0800
<BR> (<a href="mailto:linux-questions-only@ssc.com?subject=%20Re%3A%20%5BLG%2073%5D%202c%20Tips%20%2310">j_on_e from sbcglobal.net from sbcglobal.net</a>)
<BR> (linux-questions-only@ssc.com)
<P>Johny asked us ... in quoted-printable, and in HTML:</P>
Im a newbie to Linux but want to lear really bad. Im tired of the
limitations in Windows. Anyway, I just installed OpenLinux eDesktop2.4
<A HREF="http://www.caldera.com/">Caldera</A> Systems and want to know
how to configure it for use with my
PacBell DSL using an Efficient Networks SPEEDSTREAM Modem.
<br>a.. 5260 ADSL (ITU Annex A)
<br>a.. 5260: G.DMT, G.Lite, T1.413 (ADSL)
<br>I cannot find a driver or figure out where to configure or how to
configure all of this to work so that I can get my linux online. Please
help or forward this to anyone and everyone who may be able to help me
out. Thank you very much for your time and I hope I can get this going
very soon.
First, please send mail in text format rather than text+HTML.
External DSL modems (that connect to an ordinary Ethernet card via an
Ethernet cable) work fine on Linux. Internal DSL modems are iffy,
especially if they're USB. It all depends on whether the manufacturer
provides Linux drivers or gives us enough of the card's specs to enable
us to write a driver or expand one of our existing drivers.
Unfortunately, there are so many different types of DSL modems and none
of them are as widely used as the different analog modems, so drivers
are less likely.
Also, there are analog modems called "Winmodems" that are marketed as
real modems but they actually have part of their hardware missing.
The missing portion is handled by the Windows driver. These didn't run
under Linux for several years, until some Linuxers reverse-engineered
them enough to make drivers for at least some of them. I don't know
whether DSL modems have an equivalent to these "Winmodems", but you have
to watch out for that possibility. Especially if the DSL provider
"supports only Windows".
If your modem is new enough that you can return it and get an external
modem instead, that's your best bet. It may cost $100-200 more, but it
will be worth it because the modem will be more standards compliant,
meaning fewer headaches in the future when you upgrade, move or switch
<p><em>I'm not sure if DSL has fallen victim to the "sahave off chips to save
a few cents a motherboard" craze. On the other hand, there's PPP over
Ethernet (pppoe) to run away from. Even though you in theory would get
full ethernet bandwidth, in practice that protocol slows you down to
PPP speeds deliberately. Some very knowledgeable sysadmins I know go
directly into "rant mode" when just hearing the acronym. -- Heather</em></p>
<!-- .~~.~~.~~.~~.~~.~~.~~.~~.~~.~~.~~.~~.~~.~~.~~.~~.~~.~~. -->
<P> <A NAME="tips/11"><HR WIDTH="75%" ALIGN="center"></A> <P>
<H3><IMG ALIGN=BOTTOM ALT="" SRC="../gx/lil2cent.gif">
<FONT COLOR="navy">How we fixed "FW-I/LINUX kmalloc" problem</FONT></H3>
Thu, 1 Nov 2001 17:36:28 +0200
<BR>Vitaly Karasik (<a href="mailto:linux-questions-only@ssc.com?cc=&vkarasik@ndsisrael.comsubject=%20Re%3A%20%5BLG%2073%5D%202c%20Tips%20%231">vkarasik from ndsisrael.com</a>)
It may be too small for article and too big for letter, but I hope it will
useful for LINUX/FW-1 administrators and provide a good example of OSS
Vitaly Karasik
Unix System Administrator
<blockquote><font color="#001F3F">But it's perfect for a 2 Cent Tip.
-- Iron</font></blockquote>
We've tried to replace our NOKIA FW-I box with LINUX one [FW-I v4.1 SP4 +
RedHat 6.2 2.2.19 kernel].
Installation was pretty strainforward, but every time when we tried to
install policy from our management station we got few messages in
<blockquote><pre>/var/log/messages.4:Oct 5 14:29:42 fw kernel: kmalloc: Size (786540) too
/var/log/messages.4:Oct 5 14:29:42 fw kernel: kmalloc: Size (786636) too
/var/log/messages.4:Oct 5 14:29:42 fw kernel: kmalloc: Size (789660) too
Our policy contains about 90 rules &amp; 400 objects with few VPN.
Short search with Google pointed us to a few letters with the same
problems, but didn't help to solve the problem.
(for instance, "[FW1] Strange things in RH62 + Fw1-41-Sp2( kmalloc: Size
(275548) too large )" thread on
<A HREF="http://www.firewall-1.org/2001-01/maillist.html"
According to skl1314 from Check Point SecureKnowledge, "solution is
currently not available. Issue under investigation".
But this search helped me to understand what is exactly the problem:
FW-1 call "kmalloc" function in order to get block of memory. But linux's
kmalloc [kernels 2.2.x &amp; 2.4.x] knows to allocate memory in blocks 2K,4K,
... 128K only.
And FW-1 in our case wants to get ~800 K memory.
The solution:
I fixed slab.c in order to increase kmalloc limit from 128K to 1280K.
Diff from orig slab.c for kernel 2.2.19 is below:
&lt; #define SLAB_OBJ_MAX_ORDER 8 /* 32 pages */
&gt; #define SLAB_OBJ_MAX_ORDER 5 /* 32 pages */
&lt; #define SLAB_MAX_GFP_ORDER 8 /* 32 pages */
&gt; #define SLAB_MAX_GFP_ORDER 5 /* 32 pages */
&lt; {262144, NULL},
&lt; {524288, NULL},
&lt; {1048576, NULL},
&lt; "size-131072",
&lt; "size-262144",
&lt; "size-524288",
&lt; "size-1048576"
&gt; "size-131072"
After compiling &amp; installing new kernel we're able to install fw policy
without any problem.
<!-- end 11 -->
<!-- .~~.~~.~~.~~.~~.~~.~~.~~.~~.~~.~~.~~.~~.~~.~~.~~.~~.~~. -->
<P> <A NAME="tips/12"><HR WIDTH="75%" ALIGN="center"></A> <P>
<H3><IMG ALIGN=BOTTOM ALT="" SRC="../gx/lil2cent.gif">
<FONT COLOR="navy">DSL Drivers for USB</FONT></H3>
Mon, 5 Nov 2001 13:18:19 -0500
<BR>Andy Fore (<a href="mailto:linux-questions-only@ssc.com?cc=arfore@valdosta.edu&subject=%20Re%3A%20%5BLG%2073%5D%202c%20Tips%20%2312">arfore from valdosta.edu</a>)
This is in answer to the question about USB DSL drivers for Linux.
There are drivers out there for the Alcatel SpeedTouch USB. The
SpeedStream 4060 is actually made by Alcatel.
I have setup the SpeedTouch in RedHat 7.1 and gotten it to successfully
work on my home network.
Andy Fore
<br>Computer Services Specialist III
<!-- end 12 -->
<!-- .~~.~~.~~.~~.~~.~~.~~.~~.~~.~~.~~.~~.~~.~~.~~.~~.~~.~~. -->
<P> <A NAME="tips/13"><HR WIDTH="75%" ALIGN="center"></A> <P>
<H3><IMG ALIGN=BOTTOM ALT="" SRC="../gx/lil2cent.gif">
<FONT COLOR="navy">gtkmm-config problem</FONT></H3>
Mon, 26 Nov 2001 07:09:04 -0500
<BR>Dann S. Washko (<a href="mailto:linux-questions-only@ssc.com?subject=%20Re%3A%20%5BLG%2073%5D%202c%20Tips%20%2313">The Answer Gang</a>)
When testing the gtkmm hello world code on this page I get errors:
<DD><A HREF="http://gtkmm.sourceforge.net/tutorial/sec-gettingstarted.html"
bash-2.05$ g++ test.cc -o test `gtkmm-config --cflags --libs`
In file included from /opt/gnome/include/gtk--/base.h:34,
from /opt/gnome/include/gtk--/object.h:30,
from /opt/gnome/include/gtk--/widget.h:32,
from /opt/gnome/include/gtk--/container.h:27,
from /opt/gnome/include/gtk--/bin.h:27,
from /opt/gnome/include/gtk--/button.h:27,
from test.cc:2:
/opt/gnome/include/gtk--/proxy.h:6: sigc++/signal_system.h: No such file
or directory
/opt/gnome/include/gtk--/proxy.h:7: sigc++/bind.h: No such file or
/opt/gnome/include/gtk--/proxy.h:8: sigc++/convert.h: No such file or
test.cc:4: `#include' expects "FILENAME" or &lt;FILENAME&gt;
For some reason (I believe) something is not getting passed to look for
the <tt>sigc++</tt> headers in <TT>/opt/gnome/include/sigc++-1.0/sigc++</TT>.
I was getting more errors about not being able to find <tt>sigc++</tt> headers
before I added <tt>-I/opt/gnome/include/sigc++-1.0/sigc++</tt> to the
gtkmm-config file. Without this line or taking off the <tt>sigc++</tt>
directory, produces more errors about not being able to find the headers
in <tt>sigc++</tt>.
The sigc-config file looks just right.
Furthermore, this all started when I tried to compile quickedit. During
the configure process I received and error that gtk-- was not installed
correctly and/or I should edit the gtkmm-config script to correct anything
off in there. Viewing the config.log shows the same error as above.
<p><em>... after a bit of fighting with it ...</em></p>
The problem must have been with gtkmm-config or the gtkmm packages I had
originally installed. I compiled gtkmm from the sources and everything
appears fine. Quickedit compiled without complaint. I noticed the one
line in the new gtkmm-config that was not in the old was
-I/opt/gnome/lib/sigc++-1.0/include. I had mistakenly put this in the
libs area instead of the cflags. I'm not sure whether this was the whole
crux of the problem though.
Daniel S. Washko
Lehigh Valley Linux Users Group
get slack (www.slackware.com ) and get happy
<!-- .~~.~~.~~.~~.~~.~~.~~.~~.~~.~~.~~.~~.~~.~~.~~.~~.~~.~~. -->
<P> <A NAME="tips/25"><HR WIDTH="75%" ALIGN="center"></A> <P>
<H3><IMG ALIGN=BOTTOM ALT="" SRC="../gx/lil2cent.gif">
<FONT COLOR="navy">Linux equivalent for Active Directory?</FONT></H3>
Tue, 30 Oct 2001 11:39:30 -0800 (PST)
<BR>Craig Baker (<a href="mailto:linux-questions-only@ssc.com?cc=ctbaker78@yahoo.com&subject=%20Re%3A%20%5BLG%2073%5D%202c%20Tips%20%2325">ctbaker78 from yahoo.com</a>)
Ok Im just learning Linux so bare with this
question...I know in Windows 2000 Server you can
create a Active Directory and install a Distributed
Files system...what would be the Linux counterpart to
this be? I've poored over alot of FAQs but I must not
be looking for the correct terminology. So far the
closest Ive found is NIS/NIS+ with NFS.
Take a look at LDAP (i.e., where Microsoft got the original idea) -
OpenLDAP &lt;<A HREF="http://www.openldap.org"
>http://www.openldap.org</A>&gt; has some good info on their site; their
"General LDAP FAQ" is worth a read. As well, Jeff Hodges "LDAP Roadmap"
&lt;<A HREF="http://www.kingsmountain.com/ldapRoadmap.shtml"
>http://www.kingsmountain.com/ldapRoadmap.shtml</A>&gt; is an excellent resource.
Novell with their NDS (Novell Directory Services) had an early jump at the
idea of abstracting the directory structure from the FS; chances are pretty
high (I'm making a guess here - I don't know <A HREF="http://www.caldera.com/">Caldera</A> that well) that
Caldera, being a Novell "sister" company, supports it. To confuse the
tangled skein a bit more, Novell has released the JLDAP (the LDAP class
libraries for Java) to the world - I haven't done Novell stuff in years,
but I would guess that LDAPv3 is what they're using these days. There might
be other implementations of the idea, but the key words, rather than
"Active Directory", would be "LDAP" (Lightweight Directory Access Protocol)
and "X.500" (the protocol that defines LDAP.)
<!-- end 26 -->
<!-- .~~.~~.~~.~~.~~.~~.~~.~~.~~.~~.~~.~~.~~.~~.~~.~~.~~.~~. -->
<P> <A NAME="tips/29"><HR WIDTH="75%" ALIGN="center"></A> <P>
<H3><IMG ALIGN=BOTTOM ALT="" SRC="../gx/lil2cent.gif">
<FONT COLOR="navy">Re: [LG 72] 2c Tips #4 translated oddly</FONT></H3>
Mon, 19 Nov 2001 11:31:10 -0800
<BR>Marcelo E. Magallon (<a href="mailto:linux-questions-only@ssc.com?cc=marcelo.magallon@bigfoot.com&subject=%20Re%3A%20%5BLG%2073%5D%202c%20Tips%20%2330">marcelo.magallon from bigfoot.com</a>)
I think the translation of the original message is wrong. The original
poster is asking about a content manager, not an editor. Here:
informaci&oacute;n acerca de algun manejador de PHP con el cual pueda
modificar los archivos de p&aacute;ginas de internet bajo Linux <A HREF="http://www.redhat.com/">Red Hat</A> 7.1
Even if the Spanish translation of several computer terms varies wildly
across countries, I can't imagine a place where an 'editor' would be
called 'manejador'. This word means 'manager'. Even if it's not clear
what the original author actually wants or needs, I think he's thinking
of something along the lines of Midgard, available at
<A HREF="http://www.midgard-project.org"
If the original author does mean an editor, Heather is right on the
spot: vim, in particular vim 6, has some nice features, like improved
syntax definitions and folding, that make editing of HTML and PHP files
much easier.
Thanks Marcelo.
The original querent never wrote back to tell us what he
was looking for, even after we asked him. So I'm inclined to think he's
either already found what he needs, or it's his fault if we
misunderstood it. But we've published your tip for other readers. -- Iron
<!-- end 30 -->
<P> <hr> </p>
<!-- *** BEGIN copyright *** -->
<H5 align="center">This page edited and maintained by the Editors
of <I>Linux Gazette</I>
<a href="http://www.linuxgazette.com/copying.html"
>Copyright &copy;</a> 2001
<BR>Published in issue 73 of <I>Linux Gazette</I> December 2001</H5>
<H6 ALIGN="center">HTML script maintained by
<A HREF="mailto:star@starshine.org">Heather Stern</a> of
Starshine Technical Services,
<A HREF="http://www.starshine.org/">http://www.starshine.org/</A>
<!-- *** END copyright *** -->
<!--startcut ======================================================= -->
<!-- *** BEGIN navbar *** -->
<IMG ALT="" SRC="../gx/navbar/left.jpg" WIDTH="14" HEIGHT="45" BORDER="0" ALIGN="bottom"><A HREF="lg_mail.html"><IMG ALT="[ Prev ]" SRC="../gx/navbar/prev.jpg" WIDTH="16" HEIGHT="45" BORDER="0" ALIGN="bottom"></A><A HREF="index.html"><IMG ALT="[ Table of Contents ]" SRC="../gx/navbar/toc.jpg" WIDTH="220" HEIGHT="45" BORDER="0" ALIGN="bottom" ></A><A HREF="../index.html"><IMG ALT="[ Front Page ]" SRC="../gx/navbar/frontpage.jpg" WIDTH="137" HEIGHT="45" BORDER="0" ALIGN="bottom"></A><A HREF="http://www.linuxgazette.com/cgi-bin/talkback/all.py?site=LG&article=http://www.linuxgazette.com/issue73/lg_tips.html"><IMG ALT="[ Talkback ]" SRC="../gx/navbar/talkback.jpg" WIDTH="121" HEIGHT="45" BORDER="0" ALIGN="bottom" ></A><A HREF="../faq/index.html"><IMG ALT="[ FAQ ]" SRC="./../gx/navbar/faq.jpg"WIDTH="62" HEIGHT="45" BORDER="0" ALIGN="bottom"></A><A HREF="lg_answer.html"><IMG ALT="[ Next ]" SRC="../gx/navbar/next.jpg" WIDTH="15" HEIGHT="45" BORDER="0" ALIGN="bottom" ></A><IMG ALT="" SRC="../gx/navbar/right.jpg" WIDTH="15" HEIGHT="45" ALIGN="bottom">
<!-- *** END navbar *** -->
<!--endcut ========================================================= -->