Linux magazine uk 29 by Добавил Добавил

Welcome

COMMENT

Forward thinking We pride ourselves on the origins of our publication, which come from the early days of the Linux revolution.

Dear Linux Magazine Reader,

Persuading people, especially those who make the corporate decisions, that Linux is both easy to use and can cope with their demands, has just become easier. Knoppix has been a favorite of mine since just after its launch when someone at a User Group showed it to us. A bootable CD that you can put in a machine and without anything being written to the hard disk gives you a fullyfunctional Debian system. I timed this and after 53 seconds I was happily running a KDE desktop. It is possible to then install this on to your hard disk should you be tempted.

Use Linux, Be Proud As can be seen in the Community section, we have started the conference season again. Apart from being informative, they offer a chance to meet like-minded souls. The time spent with people outside the lectures is just as valuable.The main developer conferences do not have the commercialism of a Linux expo.This means you cannot buy goods or talk to vendors. Having said this, the conferences have the advantage of the community spirit and being close to the real developers. It is always nice to see some of the vendors turn up to listen to the lectures. I always feel that I can trust them as they have their heart in the right place. If you cannot get to a conference, you should try to attend a local user group. These are the best sources for help. People go out of their way to solve your problems expecting nothing in return, soon they become close friends and the community spirit grows.

Simpler for the CEO is to try WorkSpot. By pointing any browser at the WorkSpot website, you can sign up for a month’s usage for $10. This gives you a Red Hat 8.0 desktop running on the WorkSpot server, fully accessible in your web browsing window. Worried about technical support? All the major distributions offer support for their particular branding of Linux, but now IBM/HP/Dell are offering tech support for their customers. This is as good as the main Linux distributors and has the advantage of having the bigname backing that the CEO is likely to recognize. Small computers seem to be the current flavor. VIA has been busy releasing their EPIA integrated motherboards. At just 17cm square, these range from silent versions to the new 1GHz processors. They allow you to be quite creative with the casing and there are versions inside toasters, radio controlled cars etc., A recent demonstration at a Linux User Group showed diskless versions network booting from one another to give an example of a Linux Internet café. On the downside, one of the big broadband companies has decided that fast access is so good that they will impose a limit on the amount people download. At full speed you could download for less than three hours a day. Do a little bit of browsing, read your spammed email box and then try a network install from a remote server as often shown in modern Debian distributions and overstep the limit. Microsoft has managed to do it again. This time they have announced that they are seeking wide-ranging patents on the .Net technology. This will have followon effects. Certainly with the Mono

Our sister publication in Germany, founded in 1994, was the first Linux magazine in Europe. Since then, our network and expertise has grown and expanded with the Linux community around the world. As a reader of Linux Magazine, you are joining an information network that is dedicated to distributing knowledge and technical expertise.We’re not simply reporting on the Linux and Open Source movement, we’re part of it.

project and also with the standards committees who have been working with the aim of .Net becoming a standard. To quote Microsoft’s own web page “.NET is built on open standards and embraces all programming languages”. Guess they forgot to say the secret words of Software Patent. Just how much time do you want to invest in something that you may be stopped from using?

Happy Hacking,

John Southern Editor

www.linux-magazine.com

April 2003

LINUX MAGAZINE

April 2003

NEWS

Software

. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .6

Business

. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .8

World

. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .12 Get that international feeling with Linux Word News.

Insecurity . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .14 Kernel . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .16 Letters

. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .18

Groupware Test

A steadily increasing number of users are looking to free themselves from monopolistic chains and licensing policies. Mail and Groupware servers are a good place to start. New products that leverage Linuxâ&#x20AC;&#x2122;s stable base platform continue to force their way onto the market.

COVER STORY

Groupware Intro . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .19

42 Groupware Test

LindowsOS 3.0

. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .20

Just over a year ago, Lindows set about developing a Linux version capable of installing and running Windows programs. LindowsOS is currently at version 3.0. This article takes a peek behind the scenes to discover how many of those promises Lindows has actually kept and whether you should consider this distribution for your computer.

SuSE Openexchange Server . . . . . . . . . . . . . . . . . . . . . . . . .26 The Web front-end promises system admins some relief from their daily grind and offers users more support.

Samsung Contact

. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .30 Support for thousands of mailboxes with quick response times makes this something to consider.

Stalker CommuniGate

. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .33 Large scale environments with a full range of features.

Easygate Workgroup Server . . . . . . . . . . . . . . . . . . . . . . . . 36 Commercial sense with a uniform desktop.

Bynari Insight Server . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 38 Experience has given a powerful modular structure.

48 REVIEWS

LindowsOS 3.0

. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 42

KNOW HOW

Mail User Agents . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .44 Multi Distributions

. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .50 How to give a Linux distribution a trial run with access to mail and bookmarks without spoiling your existing system.

Backups . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 54 When you desperately need to restore data, will it be there? Is your software the right choice for such an important task.

April 2003

www.linux-magazine.com

Mail User Agents

Nobody likes to leave a vital task such as email to chance. The question is, which Mail User Agent (MUA) is the right one for me? With a choice between standalone specialists or those integrated with other functions, the range is large. We take a look at both groups and explain the advantages as well as the disadvantages of each program.

April 2003

LINUX MAGAZINE

SYSADMIN

Multiboot CDs

Boot floppy diskettes may now be a thing of the past, but you still tend to find them heaped in small mountains around any modern PC. A CD writer, Linux, Boot Scriptor and our easy to follow guidelines are all that you need to prepare those ancient media for recycling. Produce your own multiboot CD, with a pop-up menu to allow you to choose the floppy image of your choice to launch.

Charly’s column

. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .56

Real System Admin tips and tricks to help you.

Multiboot CDs

. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .57

Nagios . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .62 Network monitoring software that is the successor to Netsaint. Now with more features and easier configuration.

PROGRAMMING

ctags

. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 68

Coin 3D – textures

. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 72 Adding textures to simple objects can make your 3D models spring to life.

ctags

As a project codebase grows in size to the point where it becomes too complex for a developer to hold in memory, easy navigation becomes increasingly important. Ctags is a tool that will build up a tag (or index) file of language objects that can be reached from the comfort of your editor with no more effort than a couple of keystrokes.

LINUX USER

KTools: Yammi . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .78 DeskTOPia: Coolicon . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .80 Out of the Box: Chain Reaction . . . . . . . . . . . . . . . . . . . . .82 Filesystems

. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .84 Make the most of your hard disk access, as we explain how files are stored and what options are available.

COMMUNITY

FOSDEM 2003

. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .88

linux.conf.au

FOSDEM 2003

We present a report from the third anniversary of FOSDEM, Europe’s largest free and open source software developer conference, seeing fans of free software getting together at the usual venue, the Université Libre de Bruxelles. Attendance figures of over 1000 were well up on the previous two years. With keynote talks by Jon “maddog” Hall and Richard Stallman.

. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .89 Community spirit form down under.

LinuxWorld Expo . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .90 The latest information from New York.

Brave GNU World . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .91 The User Group Pages

. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .94

SERVICE

Events / Advertiser Index / Call for Papers . . . . . . . .96 Subscription CD

. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .97

Next Month / Contact Info

www.linux-magazine.com

. . . . . . . . . . . . . . . . . . . . . . . . .98

April 2003

Software

NEWS

Software News ■ Don’t drain that PDA MontaVista have announced a combination of technologies, which allow up to 50% reduction of the power drain for PDAs and mobile phones. By bringing together the IBM PowerPC 405LP embedded processor and MontaVista’s Linux Consumer Electronics Edition a dramatic reduction on the draw of current from a battery can be Architectural Overview Dynamic Power Management Strategy User/Application Space

Policy Manager

OS Kernel

DPM Policies

achieved, estimated to be in the region of 20%. The link between MontaVista and IBM is an ongoing effort to find ways in which to reduce battery consumption in a wide range of mobile products. With batteries remaining as the stumbling block, being heavier, larger and more expensive than the rest of a mobile product, this is only to be applauded. Dynamic Power Management is not a new field of research, so, it is only with recent processor developments that software, such as CEE, has been able to take full advantage. With much to know and consider about this technology, for those interested, IBM have produced a white paper which gives plenty of detail, including delights such as dynamic voltage and frequency scaling. ■ http://www.research.ibm.com/arl/ projects/papers/DPM_V1.1.pdf

■ Gnome 2.2 The Gnome 2.2.0 Desktop and platform is now available for download, offering improved usability, performance, appearance and accessibility support. The by-word for the Gnome development team is that “It just works” for everyday users, without excess complexity, while at the same time providing the rich flexibility experienced developers demand. GNOME developers see standards compliance as one of their key features, working closely with groups such as freedesktop.org. They also value their users, making a coordinated effort to see how people use a desktop. They have drawn up their own ‘Human Interface Guidelines,’ with the help of a team of professional user interface designers, to try and ensure that the user is best catered for. Nautilus, the GNOME file manager, has been reworked and now includes some very useful features, like context relevant tabs providing information about

April 2003

specific files, like audio files. Improvements have been made to the various themes available, especially good news to those users who are visually impaired. Good news on the font front, the GNOME Foundation Board have built up a relationship with Bitstream Inc. and have arranged for them to donate the Vera font family to the Free Software community. These fonts should be available to all users in the very near future.■ http://www.gnome.org/

www.linux-magazine.com

■ A vision of Version Control Version control is a critical tool in software development, pandering to every want and desire of your code, your most valuable asset, is not too much too ask, if you have been bitten by the loss of code before. Seapine Software has released its latest version, 1.2, or its version control software, Surround SCM. Surround SCM runs on Windows, Linux, Solaris and Mac OS X which allows for ease of cross platform development, has built in functionality for branching, allowing for parallel track development and support for remote development teams. If you have experience of the previous version, you will be pleased to see some of the improvements made. Most usefully, security restrictions can now be applied at the repository level. The administrator can apply these options globally across all branches or individually at each specific branch. Other changes include performance improvements and some bug fixes. ■ http://www.seapine.co.uk/

■ Open Source and eGovernment Organised specifically to discuss best practices, raise awareness and the share experiences among policy makers, the ‘Open Source for National and Local eGovernment Programs in the U.S. and EU (EGovOS) conference will draw participants from local, national and international organizations from the public, private and academic sectors. The Cafritz Conference Center at The George Washington University in Washington, DC, will be the venue for this important meeting, to be held on 17–19 March. The conference is broken up into a series of tracks, ranging form eHealth, Legal, Security and Federal Enterprise, etc., which will allow attendees to focus on their field of interest but allow for enough crossover, to make sure that all of the valuable information relayed during the conference is disseminated to all corners of the Open Source community, hopefully even further. ■ http://www.egovos.org/

Software

■ Red Hat Framework for the Enterprise

■ Summer in Edinburgh with UKUUG

To date, Red Hat Network has been been well received with many enterprise subscribers relying on the service for automated software delivery and management, normally tedious and manual process. Additionally, enterprise-class subscribers using Red Hat Network Satellite Server have reaped the benefit of faster, more secure updates while utilising less bandwidth. With the latest platform development, customers will have reliable, secure systems management for every aspect of their enterprise Linux deployment. This was outlined by Michael Tiemann, CEO of Red Hat, in his keynote speech at LinuxWorld in New York, where the enterprise systems management framework, provides software delivery, monitoring and maintenance and reporting, relieving the system administrators of this chore. Unlike other enterprise systems management applications, Red Hat Network’s monitoring tools require no agent based probes and is a complete system that includes a robust fault management engine. The system was designed from the ground up to address distributed computing environments that are currently being used in a large number of enterprises. Access to these tools is driven from a browser-based environment from anywhere, available at anytime. ■ http://www.redhat.com/europe/

Dates have been finalised for this years UKUUG meeting. The 31st July sees a tutorial day, with the 1st–3rd August

being devoted to the conference proper. All of this will take place in George Watson’s College in Edinburgh. There is a Call for Papers for the event, where the UKUUG asks for contributions of talks, to come from all areas of Linux development, with any subject of interest to *nix users and developers being considered. Should you be interested in giving a talk you will need to submit a 250–500 word abstract to the organisers by the 16th March. The topics presented in recent years have included: ARM Linux, Benchmarking, Clustering, CORBA, Debian Package Management, Enterprise Filesystems, Exim, Flightgear, GNOME, Heartbeat, I20, JFFS, KDE, Mail Servers, Memory Management, Performance Programming, Powertweak, Pymmetry, Samba, Security, SMP, VMware, Zerocopy and Zope. ■ http://www.ukuug.org/events/linux2003/

NEWS

■ KDE 3.1 It had to happen eventually, the release of KDE 3.1 has, at last, just made it from the servers to its expectant userbase. KMail has had its security systems enhanced, so that it now incorporates S/MIME, PGP/MIME and X.509v3 support. KOrganizer can now make use of calendar data from Exchange 2000 servers, so, even if you don’t take our advice in this months issue about finding alternatives to Exchange, at least you can make better use of Linux based clients. Konqueror now has tabbed browsing and will use a new download manager capable of handling multiple files in one session. Keramik, adds a fresh look to KDE, making best use of some of the KDE features that lie under the hood, like the smarter thumbnail generation code. RPMS and source code tar balls are already freely available as we write and it is likely that all of the major distributions will have updates available by the time you read this. ■ http://promo.kde.org/

■ Managing RAID For business applications, or anywhere where cost is less significant than the security of your data, you will want to be running a system that, at least, relies on RAID disk storage. O’Reilly have recently produced “Managing Raid on Linux”. If you need a book which covers everything a system administrators would need to know about putting together a system that can support RAID, then this might be just what’s needed.

From the initial introduction to the principles of RAID, the book will bring you to more advanced subjects like Performance related issues and tuning to increase it. RAID technology is becoming a standard feature of computer systems that support mission-critical services

such as file sharing, mail exchange, and web servers. Even non-Linux users will find this book full of valuable material ■ http://www.oreilly.co.uk/

Managing RAID on Linux Fast, Scalable, Reliable Data Storage By Derek Vadala ISBN 1-56592-730-3 272 pages EUR 44,00 £28.50 US $39.95

www.linux-magazine.com

April 2003

NEWS

Business

Business News ■ LinuxPark: CeBIT with a Difference March 12th will see the opening of the world’s largest IT show, to be held in Hannover, Germany. This year’s CeBIT will feature LinuxPark, a special exhibition area focusing exclusively on Linux. Many of the major Linux players will show at LinuxPark, side by side with smaller software developers and non-profit organizations, their latest and greatest developments. In addition there will be a supporting program of conferences and presentations. Other events include “Talk in the Park”, a panelbased discussion forum, which is bound to be lively. Specific themes will be given to days during the exhibition, allowing for some more focused thought and special appeal to visitors. These themes will cover topics like Security or the Enterprise use of Linux, in more detail, should visitors have a particular interest. Ever mindful that Linux has still to dominate the world, special events will be arranged, focusing on the promotion and advocacy of Linux, designed in such a way to appeal to new and inexperienced users. The list of exhibitors at LinuxPark includes AMD, Computer Associates, Hewlett-Packard, IBM, Oracle, Red Hat and SuSE, along with prominent Open Source projects, such as Apache, Debian, KDE and Samba. A central plaza with a stage and activity areas, all in Hall 6, will provide for an ideal forum for discussions between exhibitors and attendees. Linux International, a non-profit group devoted to the promotion of Linux, and Linux Magazine will be presenting a demonstration of practical Linux

April 2003

solutions. In our event, called Linux@ Work, which you will find at stand B52-370 in Hall 6. Here we will run hourly presentations providing general information highlighting the fact that Linux is ready for the Enterprise market. Practical demonstrations will show what solutions are available for a whole host

of business-oriented applications, including areas such as General Office and Order Processing solutions. Sponsors for Linux@Work include Hewlett-Packard, whose Services Division will also be on hand to answer questions about integrating various Linux-based solutions into existing IT infrastructures. Other sponsors include Oracle, SAP, SuSE and Check Point. These two events also make for an excellent opportunity for you to be able to approach manufacturers and developers, should you still have some requirement waiting to be fulfilled. Jon “maddog” Hall, with his years of experience in the industry, will be presenting the LinuxPark keynote speech in the company of other famous names like Alan Cox and Ralf Flaxa, who together will be helping to present the “Open Source Conference”. ■ http://www.linux-events.de/LinuxPark/ cebit http://www.exchangeworld.net/osc.html

www.linux-magazine.com

■ Altix Linux users around the world SGI has announced that it has started delivery of its scalable, open source supercomputing clusters designed to meet the needs of scientific discovery researchers, both around the world and across disciplines. Universities in Austria, Australia, Germany, Japan and Spain, among others, have already ordered this supercluster product, which was launched in January. Planned uses in such disciplines as biochemistry, bioinformatics, chemical computation, physics, mathematics, earthquake research and computational fluid dynamics. These new Linux OS-based superclusters combine the computational power of Intel Itanium 2 processors with the flexibility of scalability, including high-speed memory access of SGI NUMAflex shared-memory architecture. Using “brick” modules consisting of Itanium 2 microprocessors and up to 8GB of memory, researchers can scale up to 64 processors on a single SGI sharedmemory node. The University of Tokyo’s Earthquake Research Institute has purchased 64-, 32and 12-processor systems, all to be used for a variety of earthquake research projects, while the Universitat Politecnica de Valencia, located in Valencia, Spain, has purchased a 48-processor system to run various applications for chemistry, bioinformatics, physics and engineering computational needs. This scalable Linux platform will also be highly effective in grid computing environments, providing increased computing capacity for Linux OS-based applications in a sharedmemory, 64-bit environment. In medical imaging applications, where technologies such as computed tomography are generating evergrowing data sets, the new SGI product line will fill the need for high-productivity 64-bit computing. ■ http://www.sgi.com/go/sciences/

NEWS

Business

■ Greek email inoculation

■ 64-Bit support for Scyld Beowulf

RAV AntiVirus software has been chosen by mail.gr the largest email mailbox hosting service in Greece. This web based e-mail service, which houses over 100,000 mailboxes chose RAV AntiVirus for Mail Servers because they believe it will offer them state of the art protection, vital because mail.gr are also having a considerably large role to play in the distribution of email throughout the entire region. For RAV AntiVirus, this goes a long way to reinforce their strategy of expanding their antivirus products on a large scale. ■ http://www.ravantivirus.com htto://www.mail.gr

AMD, hand in hand with the Scyld Beowulf developers, are on track to release their version of this clustering OS, optimised for 64-bit Opteron processors. The Sclyd Beowulf developers have worked to bring an enhanced Linux kernel, complete with libraries and utilities specific to clustered x86 computing. Customers who use the Beowulf operating system on AMD Opteron processor-based clustered systems will see a huge increase in the amount of computing power at their disposal. In addition, they will benefit from the larger addressable memory and the ability to

run more complex applications to a realist time scale. This upcoming version of Scyld Beowulf will support both 32-bit and 64bit application development. This will allow users of legacy 32-bit applications a better migration route should they decide to take advantage of the delights of 64-bit processing. With Beowulf clusters and AMD’s Opteron processors, a host of new users will be able to get access to 64-bit computing performance at x86 economies of scale. ■ http://www.amd.com/ http://www.scyld.com/ http://www.beowulf.org/

agents for Apache and MySQL, while mainframe users can get to see new versions of Unicenter Network and Systems Management Job Management Option and Advantage CA-Easytrieve. “Organisations have moved past the experimental pilot stage with Linux and are now implementing systems that are central to their core business needs,” said Sam Greenblatt, senior vice-president and chief architect at CA’s Linux Technology Group. Enterprise customers are adopting CA’s Linux solutions as part of their overall infrastructure and information

management strategies. Customers implementing Linux on mainframe systems under VM are, for example, taking advantage of CA’s robust suite of technology for VM management. The extra input from companies with the reputation like CA will go a long way to enhance the reputation that Linux should rightly have and deserves, adding to customer confidence, especially for those looking to migrate to more affordable solutions or for those that have brand new IT requirements and less than deep pockets. ■ http://www.ca.com/

■ CA sees the Linux light Computer Associates International (CA), which has won eleven awards for excellence in the last two years, have released twelve new solutions for managing, securing, preserving, integrating and leveraging the most out of open source technology. For distributed and mainframe Linux environments, CA has released new versions of Unicenter Management for WebSphere, Unicenter Management Portal and CleverPath Aion Business Rules Expert. For those working in the distributed environments, CA has released BrightStor ARCserve Backup

■ SCOsource to license Unix IP As is mentioned on page 90, SCO announced at LinuxWorld 2003 the creation of SCOsource, whose sole role is to manage the the licensing of its UNIX intellectual property, including running an array of licensing programs. SCO’s patents, copyrights and core technology date back to 1969 when Bell Laboratories created the original UNIX source code. The first offering from SCOsource will be SCO System V for Linux. This will be an end-user licensed product for use on Linux systems. This, in turn, provides unbundled licensing of SCO’s UNIX System shared libraries for use with UNIX applications, enabling them to be used with Linux applications.

April 2003

www.linux-magazine.com

There is frequent use of SCO’s shared libraries allowing UNIX applications to run on Linux. In the past, SCO’s UnixWare and OpenServer license agreements did not allow these UNIX libraries to be used outside of SCO’s operating systems. With this announcement, customers can now license these libraries from SCO for use with Linux without having to license the entire SCO operating system. This will enable customers to now run thousands of UNIX applications on Linux. SCOsource will offer SCO System V for Linux for $149 per CPU. Volume licensing discounts will also be available to enterprise customers and OEMs. ■ http://www.sco.com/scosource/

NEWS

World

World News ■ New and improved: Linux Australia Australia’s national Linux conference, linux.conf.au 2003 (see page 89) has been more successful than ever. As the conference makes a profit each year, the question arises: “Where does all the money go?” Linux Australia, the non-profit organisation behind the conference, takes the challenge, and wishes to use these funds to help out the nationwide Linux community and give it a strong voice. To make this move from a conference organiser to a lobbyist, the organisation needs powerful leadership, and the elections for the committee, held at the annual general meeting during the conference, showed the way: Pia Smith was voted the first female president of Linux

Australia. The network engineer from Sydney won the ballot against former president and now treasurer Anand Kumria. Anyone attending the meeting was allowed to run for one for the seven committee seats, and 25 candidates did so. Asked about her plans to get Linux Australia moving, Pia went hands-on: restructuring the organisation, recruting new members, increasing communication within the Australian Linux community and media presence, and last but not least promoting education by and for the community. Looks like Linux Australia’s website will soon offer a lot more than its current promises. ■ http://www.linux.org.au/

■ Taking Linux to the Indian road It’s on the road: literally. Open Source and Free Software shows are making it across various big cities in India. Bangalore’s early-December megabash has become an annual event (see Linux Magazine issue 27, p. 91). Calcutta (Kolkata, what the world knows as Mother Teresa’s city of joy) LUG in eastern India took part in an ambitious IT event called COMPASS, a four day event, starting on the 24th of January, 2003. More than 8000 people came to visit the event and the LUG Calcutta used this opportunity as a plattform to introduce GNU/Linux and the philosophy of free Software to the visitors. They demonstrate, that the combination of both, free software and Linux can be a viable alternative to Microsoft Windows an proprietary software. A report from the LUG can be downloaded at http://www. ilug-cal.org/compass/pr/press-release.pdf. Symbiosis College in Pune, central India, is having its own event (see Linux Magazine issue 28, p. 13). Bombay was toying with the idea. So as a hundred initiatives bloom, Open Source tourists to India, be prepared! ■ http://www.ilug-cal.org/

■ FLOSS: One view from Iran Someone asked, in the course of a recent Internet discussion, whether there was “any case” for Free/Libre and Open Source Software helping to avoid the digital divide or providing education-to-all. “It’s a red herring. I challenge anyone to tell me how open source will solve any of our major problems,” said a prominent professor from the US. Arash Zeini, a KDE developer from Iran, had a very clear answer: “In Iran, we live under sanctions from the US. The result is that as an Iranian you can not do any business with an American company. This may be good, it may be bad. But in any case, the only way we can empower ourselves is FLOSS. This approach gives us the necessary freedom.” “We have access to the best technology and it is Free/Libre/Open and not

April 2003

restrictive. It does not put us in chains, we do not need to wait until the US decide about us. If only the Iranian government would see it this way too!” Zeini went on to explain that it would have been “ages” until proprietorial software giant Microsoft decided to implement Farsi (Persian) in a correct way into their OS. “But with KDE around we can do it ourselves and we can do it better. With FarsiKDE we have now a desktop that is in Farsi, it is based on our own standards and does not include the mistakes that M$ has in its attempts to support Farsi. Doesn’t this help us when having computers at schools? A 12 year old does not need

www.linux-magazine.com

to learn English first in order to use a computer. The minimum is that they can type in Farsi with the correct alphabet, not the MS Farsi alphabet, which is just a mess,” was Zeini’s logic. Proof enough? To top it all, when he contacted KDE at first “I was not asked for my nationality, I did not need to prove that I am not a terrorist, and I was welcomed to the project and received all the support that one can dream of!” ■

World

NEWS

■ Courts Deny LUG Use of “Linux” Name

■ Make those distros affordable!

■ Danish Linux conference sold out in record time

It’s red tape to the max in Germany as an official at the Courts of Law in Wilhelmshaven, Germany, called on the local Linux User Group to prove their right to use the “Linux” brand name. As the official correctly noted, the group, who seek to register as an incorporated society, do not own the “Linux” brand name; he went on to state that “Linux” denotes an operating system. In Germany, the brand name is formally owned by Linus Torvalds; it was assigned to him in Cologne during the GUUG annual conference on 17 September 1997. Linus by no means strict in the application of the brand name and so far has not refused a single user group the use of it. The LUG has contacted everyone concerned with the case and looks forward to being able to officially register their society name in the near future. ■ http://www.lug-whv.de

What do you do if you’re poor in resources and rich in talent? You share software, and you do that in style. Sofall (short for “Software For All”) is the initiative of 21-year-old student Ajay Kunkolienkar from Goa, India. His aim is to make it easy for people to share resources – in places where even blank CDs may be hard or costly to come by and broadband internet access rare. Elsewhere in India, other young students are taking the Free Software revolution forward by selling Linux on CDs for an affordable price: Lincds.com is a couple of engineering students’ initiative from Bangalore. Linuxplaza.org is run out of Mumbai (Bombay). Sukrit, a high school student, recently launched LinCDz from the former French colony of Pondicherry. Each of them offers CDs for less than 75 US cents (i.e. Rs 30 or less) plus courier charges. ■ http://sofall.vze.com/ http://www.lincds.com/ http://www.linuxplaza.org/

Only 25.5 hours after the ticket sale opened, all 501 tickets available at the price of 100 DKK (13.5 EUR) were gone. The event causing this run was the 6th LinuxForum 2003, held in Danmark’s capital Copenhagen 1st March. Traditionally a Linux and *BSD meeting, LinuxForum featured an exposition and two conference tracks, surrounded by keynotes held by security expert Bill Cheswick and GIMP evangelist Simon Budig. Amongst the talks in Danish or English, were those by kernel-hacker Jens Axboe describing the Linux kernel moving from 2.4 to 2.6 and KDE’s Kalle Dalheimer, introducing the Kroupware project. ■ http://linuxforum.dk/2003/english/

■ LUG Camp in Switzerland much in the style of the software that is the event’s major focus. To more or less cover their costs, the organizers will be charging an attendance fee of 45 Euro. This not only buys you lodgings and food, but also an excellent agenda of workshops and discussions. ■ http://www.lug-camp.ch

For four years now, German Linux User Groups have joined forces with Linux User Groups from neighboring countries at the LUG Camp. These informal events are characterized by their campsite atmosphere with undertones of a developer and hacker congress. Following last year’s event that saw 120 attendees gathering in Flensburg, Germany, the camp will be taking place across the border in Switzerland for the first time. The LUG Camp is scheduled for 29 May 2003 through 1 June 2003 in and around Felsberg School. Attendees can look forward to some serious camping and talking shop around the campfire. LUG Camp started life as an event organized for and by German-speaking Linux User Groups, but new members are welcome –

www.linux-magazine.com

April 2003

NEWS

Insecurity

Insecurity News ■ wget In a typical file transfer operation, one participant (the client) requests a file while a second participant (the server) provides the requested file. Before processing each request, many server implementations will consult an access control policy to determine whether the client should be permitted to read, write, or create a file at the requested location. If the client is able to craft a request that violates the server’s access control policy, then the server contains a vulnerability. Since most vulnerabilities of this type involve escaping a restricted set of directories, they are commonly known as “directory traversal” vulnerabilities. Directory traversal vulnerabilities are most often reported in server implementations, but recent research into the behavior of FTP clients has revealed vulnerabilities in several file transfer applications, including the wget utility. To exploit these vulnerabilities, an attacker must convince the victimized user to access a specific FTP server containing files with crafted filenames.

When an affected version of wget attempts to download one of these files, the crafted filename causes the utility to write the downloaded files to the location specified by the filename, not by the victim user. In some cases, the attacker must use a modified FTP server to allow the crafted filenames to be passed to the client. ■ CERT reference VU#210148

■ Xpdf Updated Xpdf packages are now available that fix a vulnerability in which a maliciously-crafted pdf document could run arbitrary code. During an audit of CUPS, a printing system, Zen Parsec found an integer overflow vulnerability in the pdftops filter. Since the code for pdftops is taken from the Xpdf project, all versions of Xpdf including 2.01 are also vulnerable to this issue. An attacker could create a PDF file that could execute arbitrary code. This could would have the same access privileges as the user who viewed the file with Xpdf. ■ Red Hat reference RHSA-2003:037-09

Security Posture of Major Distributions Distributor Debian

Security Sources Info:www.debian.org/security/, List:debian-security-announce, Reference:DSA-… 1)

Mandrake

Info:www.mandrakesecure.net, List:security-announce, Reference:MDKSA-… 1)

Red Hat

Info:www.redhat.com/errata/ List:www.redhat.com/mailing-lists/ (linux-security and redhat-announce-list) Reference:RHSA-… 1)

SCO

Info:www.sco.com/support/security/, List:www.sco.com/support/forums/ announce.html, Reference:CSSA-… 1) List:www.slackware.com/lists/ (slackware-security), Reference:slackware-security …1)

Slackware

SuSE

Info:www.suse.de/uk/private/support/ security/, Patches:www.suse.de/uk/private/ download/updates/, List:suse-security-announce, Reference:suse-security-announce … 1)

Comment Debian have integrated current security advisories on their web site.The advisories take the form of HTML pages with links to patches.The security page also contains a note on the mailing list. MandrakeSoft run a web site dedicated to security topics. Amongst other things the site contains security advisories and references to mailing lists.The advisories are HTML pages,but there are no links to the patches. Red Hat categorizes security advisories as Errata:Under the Errata headline any and all issues for individual Red Hat Linux versions are grouped and discussed.The security advisories take the form of HTML pages with links to patches. You can access the SCO security page via the support area.The advisories are provided in clear text format.

Slackware do not have their own security page, but do offer an archive of the Security mailing List. There is a link to the security page on the homepage. The security page contains information on the mailing list and advisories in text format. Security patches for individual SuSE Linux versions are marked red on the general update page and comprise a short description of the patched vulnerability.

1) Security mails are available from all the above-mentioned distributions via the reference provided.

April 2003

www.linux-magazine.com

■ w3m New w3m packages are available that fix two cross-site scripting issues. An XSS vulnerability in w3m 0.3.2 allows remote attackers to insert arbitrary HTML and web script into frames. Frames are disabled by default in the version of w3m shipped with Red Hat Linux. Therefore, this problem will not appear as long as users do not use w3m with the -F option, or enable frame support in either the /etc/w3m/w3mconfig or ~/.w3m/config configuration files. The Common Vulnerabilities and Exposures project (cve.mitre.org) has assigned the name CAN-2002-1335 to this issue. An XSS vulnerability in versions of w3m before 0.3.2.2 allows attackers to insert arbitrary HTML and web script into image attributes. The Common Vulnerabilities and Exposures project (cve.mitre.org) has assigned the name CAN-2002-1348 to this issue ■ Red Hat reference RHSA-2003:044-20

■ PHP Updated PHP packages are available that fix a vulnerability in the wordwrap() function and a number of compatibility bugs. A heap-based buffer overflow was found in the wordwrap() function in PHP versions after 4.1.2 and before 4.3.0. If wordwrap() is used on user-supplied input this could allow remote attackers to cause a denial of service or execute arbitrary code. ■ Red Hat reference RHSA-2003:017-06

■ geneweb A security issue has been discovered by Daniel de Rauglaudre, upstream author of geneweb, a genealogical software with web interface. It runs as a daemon on port 2317 by default. Paths are not properly sanitized, so a carefully crafted URL can lead geneweb to read and display arbitrary files of the system it runs on. ■ Debian reference DSA-223-1 geneweb

■ courier-ssl The developers of courier, an integrated user side mail server, discovered a problem in the PostgreSQL auth module. Not all potentially malicious characters were

Insecurity

sanitized before the username was passed to the PostgreSQL engine. An attacker could inject arbitrary SQL commands and queries exploiting this vulnerability. The MySQL auth module is not affected. ■ Debian reference DSA-247-1 courier-ssl

■ bugzilla Two vulnerabilities have been discovered in Bugzilla, a web-based bug tracking system, by its authors. The Common Vulnerabilities and Exposures Project identifies the following vulnerabilities: CAN-2003-0012 (BugTraq ID 6502) The provided data collection script intended to be run as a nightly cron job changes the permissions of the data/ mining directory to be world-writable every time it runs. This would enable local users to alter or delete the collected data. CAN-2003-0013 (BugTraq ID 6501) The default .htaccess scripts provided by checksetup.pl do not block access to backups of the localconfig file that might be created by editors such as vi or emacs (typically these will have a .swp or ~ suffix). This allows an end user to download one of the backup copies and potentially obtain your database password. This does not affect the Debian installation because there is no .htaccess as all data file aren’t under the CGI path as they are on the standard Bugzilla package. Additionally, the configuration is in /etc/bugzilla/localconfig and hence outside of the web directory. ■ Debian reference DSA-230-1 bugzilla

■ dhcp3 Florian Lohoff discovered a bug in the dhcrelay causing it to send a continuing packet storm towards the configured DHCP server(s) in case of a malicious BOOTP packet, such as sent from buggy Cisco switches. When the dhcp-relay receives a BOOTP request it forwards the request to the DHCP server using the broadcast MAC address ff:ff:ff:ff:ff:ff which causes the network interface to reflect the packet back into the socket. To prevent loops the dhcrelay checks whether the relay-address is its own, in which case the packet would be dropped. In combi-

nation with a missing upper boundary for the hop counter an attacker can force the dhcp-relay to send a continuing packet storm towards the configured dhcp server(s). This patch introduces a new command line switch -c maxcount and people are advised to start the dhcp-relay with dhcrelay -c 10 or a smaller number, which will only create that many packets. The dhcrelay program from the “dhcp” package does not seem to be affected since DHCP packets are dropped if they were apparently relayed already. ■ Debian reference DSA-245-1 dhcp3

■ cvs Stefan Esser discovered a problem in cvs, a concurrent versions system, which is used for many Free Software projects. The current version contains a flaw that can be used by a remote attacker to execute arbitrary code on the CVS server under the user id the CVS server runs as. Anonymous read-only access is sufficient to exploit this problem. ■ Debian reference DSA-233-1 cvs

■ libpng A buffer overflow vulnerability was discovered in libpng due to a wrong calculation of some loop offset values. This buffer overflow can lead to Denial of Service or even remote compromise. After the upgrade, all applications that use libpng should be restarted. Many applications are linked to libpng, so if you are unsure of what applications to restart, you may wish to reboot the system. ■ Mandrake reference MDKSA-2003:008 : libpng

■ MySQL Aleksander Adamowski informed MandrakeSoft that the MySQL developers fixed a DoS vulnerability in the recently released 3.23.55 version of MySQL. A double free() pointer bug in the mysql_change_user() handling would allow a specially hacked mysql client to crash the main mysqld server. This vulnerability can only be exploited by first logging in with a valid user account. ■ Mandrake reference MDKSA-2003:013 : MYSQL

NEWS

■ printer-drivers Karol Wiesek and iDefense disovered three vulnerabilities in the printerdrivers package and tools it installs. These vulnerabilities allow a local attacker to empty or create any file on the filesystem. The first vulnerability is in the mtink binary, which has a buffer overflow in its handling of the HOME environment variable. The second vulnerability is in the escputil binary, which has a buffer overflow in the parsing of the --printer-name command line argument. This is only possible when esputil is suid or sgid; in Mandrake Linux 9.0 it was sgid “sys”. Successful exploitation will provide the attacker with the privilege of the group “sys”. The third vulnerability is in the ml85p binary which contains a race condition in the opening of a temporary file. By default this file is installed suid root so it can be used to gain root privilege. The only caveat is that this file is not executable by others , only by root or group “sys”. Using either of the two previous vulnerabilities, an attacker can exploit one of them to obtain “sys” privilege” and then use that to exploit this vulnerability to gain root privilege. ■ Mandrake reference MDKSA-2003:010 : printer-drivers

■ SuSEhelp During a code review of the susehelp package the SuSE Security Team recognized that the security checks done by the susehelp CGI scripts are insufficient. Remote attackers can insert certain characters in CGI queries to the susehelp system tricking it into executing arbitrary code as the “wwwrun” user. Please note that this is only a vulnerability if you have a web server running and configured to allow access to the susehelp system by remote sites. We nevertheless recommend an update of this package. As a temporary workaround you may un-install the susehelp package by issuing the following command as root: rpm -e --nodeps susehelp

■ SuSE reference SuSE-SA:2003:005

www.linux-magazine.com

April 2003

NEWS

Kernel

Zack’s Kernel News ■ Bug hunting The saga of the bug database seems unlikely to resolve itself any time soon. In addition to Martin J. Bligh’s and others’ work on a Bugzilla system for kernel development, and John Bradford’s ongoing investigation into a possible replacement, a third project has popped up to solve roughly the same set of problems. In late January, Dan Carpenter announced Smatch, a bug hunting and tracking system based on the Stanford Checker. Unlike Bugzilla or John’s database, Smatch attempts to identify bugs on its own by modifying the kernel sources, and then running scripts to identify problems in those sources. Any problems it finds are stored and organized in its own custom bug tracking database. Smatch is still in the early stages of development, but already starting to be

functional. Meanwhile, John’s work on his own bug tracking system is moving right along, with a number of enhancements. As of early January users may create their own account on the web page itself, making it much easier to start using the system for serious work. If a bug report is accompanied by a .config file, it is possible for developers to download a corresponding .config file with the same options set. Patches can also be submitted against particular bugs, and automatically checked to see if they apply against any number of kernel trees. He’s also made significant advancements on a command-line interface to the system, that could operate via email. This would, among other things, allow developers to automate and refine their database searches, to prune away all reports but the most relevant to the task at hand. ■

■ Perl futures It looks as though Perl will be required for kernel compilation in the near future. Many developers have fought against this contingency for a long time, on the grounds that only software that is virtually guaranteed to be installed on a given system, should be required for kernel compilation. Now it seems that Perl has been elevated from the status of ‘just another optional tool’ to that of ‘oh come on, everyone has it’. When the subject came up on the mailing list in January, Jeff Garzik revealed that the klibc code, intended to be a small subset of the C library, would soon be merged into the main kernel tree, and it has Perl dependencies. So all architectures would soon require Perl in order to build the kernel.

Folks who follow such things will remember Eric S. Raymond’s bitter experience with CML2, a kernel configuration system based on Python. CML2 was flamed into oblivion, partly because of that dependency, and Eric retreated entirely from the kernel mailing list. Even now there are many developers who feel that any code currently using Perl should be rewritten in C. The argument against this is that Perl is the best tool for playing with text, and one thing any kernel configuration system will do a lot of is play with text. Regardless of what actually happens, there will undoubtedly be developers who will forever oppose the presence of Perl, and others who will insist it should be included. ■

Figure 1: KNewsTicker showing that you can keep up to date with kernel traffic news

April 2003

www.linux-magazine.com

INFO The Kernel Mailing List comprises the core of Linux development activities.Traffic volumes are immense and keeping up to date with the entire scope of development is a virtually impossible task for one person. One of the few brave souls that take on this impossible task is Zack Brown. Our regular monthly column keeps you up to date on the latest discussions and decisions, selected and summarized by Zack. Zack has been publishing a weekly digest, the Kernel Traffic Mailing List for several years now, reading just the digest is a time consuming task. Linux Magazine now provides you with the quintessence of Linux Kernel activities straight from the horse’s mouth.

■ The extra mile Mel Gorman decided to go where no one had gone before, and in mid January announced actual honest-to-goodness documentation for the virtual memory subsystem. Aside from some slides presented by Andrea Arcangeli at a conference long long ago, this appears to be a first. He chose to cover the 2.4.20 kernel for his initial work, as the 2.5 tree was still in too much flux. He actually wrote two separate documents. One was an overview of the VM subsystem, giving an organized presentation of its various pieces and how they worked. The second document dug right down into the code, giving commentary on the various functions. Something like this happens very rarely, and when it does it is accompanied by shouts of joy and happiness throughout the world. Someone even suggested starting a SourceForge project for these docs, but Mel said he already planned eventually to merge his work into the Linux Kernel Documentation Project on GNU’s Savannah site. Over the next few weeks Mel continued his work, announcing several revisions on the kernel mailing list. ■

NEWS

Letters

Letters to the editor

Write Access ■ Unsupported I have taken up the challenge to stop using Microsoft software in favour of Linux. I am not a developer, a programmer nor do I run a business of any size. I am just a humble home user who has decided to not use Microsoft. The discussion continues about how well positioned Linux is to handle the desktop market, but for me it provides all I want for my modest computer needs – an office suite, e-mail and web browsing (with some minor complaints) and the ability to handle all the hardware I have, though this is helped by some wise purchasing choices. So, the Linux desktop is ready for me, unfortunately, me and my Linux desktop are not ready for the rest of the world. A little while ago I started suffering problems with my broadband connection, provided by Telewest. I found that I was suffering a huge amount of dropped packets, up to 70% dropped in some cases. This meant that my access to the internet was severely restricted, anything moving more than a few kilobytes of data would result in a mail or web server timing out. Nothing had changed on my system, I was certain of that, so I had no option other than to phone customer services, with the run around beginning thus… “Hello sir, what version of Windows are you using?” says the support guy. “I’m not,” says I, “I am using a Linux based system.” Obviously the wrong thing to say because no one, yet, offers any support for Linux users. Even though I was able to provide Telewest with all of the information they wanted, everything a Windows user would have needed to provide, pings, traceroutes and modem parameters, they were still unable to resolve the problem. I was then told that they couldn’t help me any further because I was using an unsupported operating system, leaving the unresolved matter there. I’m sure you will all breath a sigh of relief when

April 2003

you hear that it all started working again, all by it self, several hours later. Up until this time I had not appreciated how vital the support from suppliers is, being lucky enough not to have called on them before. This ingredient, now obvious to me, is vital to the mix when declaring a market ready for everyday use, be that market for home desktop, SOHO, or whatever use. The aim of this letter isn’t to put people off from using Linux just because I’ve acknowledged Linux lacks something, that is, outside support. My hope is that more people will ask directly for it support from suppliers, otherwise this viscous circle will never be broken. Simon Tunsley, by e-mail

LM Obviously Telewest have not done anything wrong, they do clearly list what systems they support. However, from our position they haven’t done anything right either. You are right when you say that support is a vital ingredient, not just ISPs, but hardware and software manufactures too. Those who start to supply this to Linux users are going to very quickly capture the lions share of a growing market. ■

■ Initial impressions I recently became curious about using Linux on my computer and obtained a copy of Red Hat Linux version 8. The installation seemed to go well and I was presented with a desktop full of things waiting for me to explore. This piqued my interest even more and I started to look forward to learning what was available to me. There was so much for me to learn that I felt I really needed a book to help give me a path to follow. I had also been given a Linux magazine, admittedly not yours, who I phoned looking for advice on books. They suggested I phone Red Hat directly, which I did, but with little reward. The Red Hat Education depart-

www.linux-magazine.com

Please send your comments and suggestions to letters@linux-magazine.com ment came up with the suggestion for me to look to Amazon for a book. I was hoping for something a little more specific. Luckily, I’ve now made contact with my local user group, who have been able to give me the sort of ‘user’ advice I was looking for. What worries me is that others may not be so lucky and may not bother to investigate further options. It’s a shame that more couldn’t be done. Antonella Lasta, by e-mail

LM You were kind enough to attach the follow-up e-mail you received from Red Hat after querying the response you got from them on your search for further Linux education, where they point out the responsibility and effort involved in providing accurate book recommendations, this we must accept. Thankfully, there are lots of books out there and any single company would find it impossible to read them all and to provide a valid response to such a query. Is Amazon the best place to recommend after that though? Red Hat is, for many, synonymous with Linux and a new user could very easily choose a Red Hat distribution purely because it’s the name they know. Surely they must shoulder some of the responsibility in catering for new users. In other countries the same would be true of SuSE or TurboLinux. Would it not be possible for them to work together to create a list of resources that might direct new users in appropriate direction in the search for further information. ■

Change Exchange

Linux Products Replace Exchange Server

Free at Last A steadily increasing number of users are looking to free themselves from monopolistic chains and licensing policies. Mail and Groupware servers are a good place to start. New products that leverage Linux’s stable base platform continue to force their way onto the market. BY THOMAS DRILLING AND JAN KLEINERT

hether home-grown or out of the box, Linux mail servers have good reason to look to tried and trusted standard components like Cyrus IMAP, Postfix, and OpenLDAP. In either case you need solid Linux system skills to implement the server and plan the communications infrastructure. System administrators and decision makers with Linux experience often have a hard time understanding why they should pay for an Open Source finished product, instead of just building it themselves. And this is one of the reasons why mail server manufacturers have a hard time producing conclusive sales arguments. Thus, to help things along, they tend to add closed source Groupware components.

Cover Story Groupware Test .....................20 In the lab we test and compare Linux server products that support Outlook .

SuSE Openexchange ...........26 Web based administration for a stable mail server. LAN users get what they want.

Samsung Contact .................30 Giving flexibility as well as scalability, performance is not an issue for Samsung.

Stalker CommuniGate .......33 Suitable for large scale environments. It shows off its feature list to admins.

Easygate Workgroup ..........36 A uniform desktop could save you time along with remote and security monitoring.

Bynari Insight Server..........38 A modular product with plenty of power and web based administration.

SuSE, for example, has invested in the powerful Comfire Groupware product by Netline-IS and seamlessly integrated the product with their Openexchange Server 4, as previously noted in Linux Magazine Issue 27.

Microsoft Customers … Microsoft customers form the main target group for Linux based Groupware servers, and a certain amount of optimism is understandable, as Microsoft will be discontinuing support for Exchange 5.5 in December 2003 in favor of Exchange 2000. Instead of opting for an involuntary upgrade, customers might be tempted to move to a stable and inexpensive Linux Groupware product. The hordes of potential customers will not be convinced, unless the product in question can offer the complete functionality previously provided by Exchange 5.5.

COVER STORY

solutions. We should try not be too overzealous – after all, the MAPI protocol specifies that the Groupware server should reflect the user’s preferences and not the other way round. In Corporate to Workgroup mode Outlook expects a specific set of functions, if it is provide its users with private mail, public folders, forms, calendar functions, appointments, group appointments, to-do lists and contacts. Some Linux programs, specifically SuSE’s Openexchange Server 4, are more fully featured than Exchange 5.5 and this gives rise to the question of how Outlook can actually leverage the enhanced functionality. In any case, providing connectivity to Outlook will entail installing replication software or a special connector.

Migrating Data Admins with large user databases on existing Groupware servers will definitely want to migrate their data to Linux if at all possible. LDAP, a directory service that most products support, provides a good place to start – although it must be said that our five test candidates handled the migration process with varying degrees of success. ■

… and what they can expect from Linux Let’s not forget one important aspect: most users will want to carry on running Windows and Outlook on their desktop PCs – a question of habit and acquired skills. IT service providers with a Linux bias can try to persuade their customers to look into the advantages of Webmail

www.linux-magazine.com

April 2003

COVER STORY

Groupware Test

Outlook/Exchange Compatible Linux Groupware

Reasons for Leaving SuSE, Bynari, N&H, Samsung, or Stalker – all of these manufacturers’ server products promise a comprehensive functional and financial alternative to Exchange and its manufacturer Microsoft. One pre-requisite is that Outlook clients will continue to work as usual. BY THOMAS DRILLING, MICHAEL MIELEWCZIK, ANDREAS REITMAIER AND CONCHITA WELKER

f the Linux target product is envisaged as being a mail server with address book with calendar built in, then all of the products we tested are capable of replacing Exchange. That’s only half the story. Genuine Exchange functionality is more pervasive than simply IMAPing mail. You would also expect the client to be capable of moving mail between folders, retrieving erroneously dispatched mail, creating vacation responses and honoring server-side rules. Additionally, a dispatch scheduler and mail distribution facility should be available. Table 1 provides an overview of the results.

SuSE Openexchange Server 4 SuSE’s Linux Openexchange Server 4 is based on the popular SuSE Email Server 3.1, with added Samba functionality and Comfire Web Groupware. The product’s central architectural elements are LDAP and PostgreSQL for receiving mail, and managing mail folders, address books, and appointments. The communication hub comprises tried and trusted solutions like Cyrus IMAP and Postfix. An Apache Jakarta Tomcat serves up web pages, and United Linux provides the basic operating system. The administrator can tell Openexchange Server to distributed incoming mail automatically to specific folders, or forward messages to other email addresses. This also allows you to apply a spam filter. The SIEVE mail filter can additionally apply a maximum size rule for mail, or filter by other criteria. The Openexchange Server does not automatically enable a virus scanner, although Amavis for Linux can be added later. [1]

April 2003

Figure 1: The SuSE Openexchange Server Web client can handle tasks, of course. Any data entered here can also be viewed in Outlook

The Openexchange Server offers a neat Web application that provides users access to their mail, appointments and address management, with enterprise level project and task management, document management, discussion forums, notices and a knowledge base also available. LDAP based address books, access control, and module or global full-text search functions are available for all of these functions. When scheduling tasks, the program analyses the available resources and searches for a convenient timespan. The document management system allows

www.linux-magazine.com

rights based access to a central depository of important documents on the server, and can link documents to contacts and projects. A hierarchy of folders and version control functions help you keep to track of internal documents. The fact that users can attach notices to documents is another impressive function that allows a user to document the history of a contact, for example. Assignments can be created, modified, viewed and forwarded, split up into subassignments, delegated and assigned to projects, depending on assigned rights.

Groupware Test

Figures 2 and 3: In contrast to its competitors’ MAPI services, SuSE’s tool synchronizes Outlook data directly with the server. This allows you to precisely define what action to take in case of conflicting or deleted data, and specify database priorities

Completed assignments and projects are archived. The forum function is useful for large-scale projects. The knowledge database raises high expectations, but turns out to be a small add-on to the document management system that may be suitable for storing short how-tos for everyday things.

software. A wizard prompts the admin user to define rules (see Figures 2 and 3). The administrator can additionally create a distributed configuration file to reduce the client-side replication effort. Tasks are synchronized to the extent that Outlook’s functionality permits. It is interesting to note that some of the enhanced functions are accessible via Outlook add-on forms. Personal appointments can be created, modified and deleted in Outlook, and are available on the Openexchange Server after replication. Unfortunately, the current version, which uses data replication, cannot define group appointments or delegate assignments. At least Outlook can display group appointments created with the Web interface. A realtime connector for Outlook that permits typical Exchange functions is under development according to SuSE and due for release at the CeBIT 2003. The product will not be a genuine alternative for Exchange until then.

COVER STORY

privileges, locally globally stored email, tasks, contacts, appointments, and notices. Some Exchange functions are not supported and cannot be migrated. These include journals, recurring tasks, categories and user-specific subfolders. During the migration process the SuSE crew use tools to export the Exchange and Outlook user source files and convert them to the target file types required by the SuSE server: XML, PostgreSQL, Cyrus Mail, and LDAP. Detailed documentation on the migration program is available from [2], and the article on page 26 provides more info on the SuSE server.

Bynari Insight

The Insight Server is available as an “Intel Platform Edition” and an “Enterprise Server”. The former is targeted at SuSE’s Outlook Connector small and medium-sized businesses and optimzed for SuSE 7.3 and Red Hat 7.2. SuSE support their advertising claim that In contrast, the Enterprise Edition is tarOpenexchange Server is a fully fledged geted at large enterprises and runs on alternative to Microsoft Exchange 5.5 IBM’s zSeries. with a purely client-side migration and Although Insight Server is designed as replication tool for Microsoft Outlook 98, a replacement for MS Exchange, they can 2000, and XP. However, customers are be run side by side on the network. This expected to download this tool from the makes sense, if you are looking for a cost Maintenance Web Support site after saving solution to extending an existing completing their registration process. Exchange Server. Outlook clients for The replication software synchronizes Windows or Linux Insight clients can mail, contacts, tasks, and appointments. then access both servers. The server uses POP and IMAP to Bynari supplies special client software provide mail functionality. that utilizes the Insight Server’s full Any other functions, including range of features. Access is also possible enhanced mail manipulation, rely on using any Windows or Linux mail client replication. These include synchronizing Migrating Exchange to – this also applies to the SuSE and addresses and contacts in both direcOpenexchange Neuberger & Hughes products. To use tions, which will honor any write and the whole range of features, MS Outlook read privileges that apply. Conflicts A combination of Exchange and Openwill need the Insight connector, which is caused by duplicate entries or insuffiexchange Server 4 is not feasible and available for Outlook 97 through 2002. cient privileges when deleting a contact, migration of Exchange 5.5 data to Outlook uses the connector to manifor example, are reliably fielded by the Openexchange requires special support pulate the Bynari Server’s calendar and where the SuSE support address book. Additionally, personal staff, or a SuSE partner, folders are available on the server. analyze the active MS Bynari calendaring basically uses the Exchange system ondata provided by an MS Exchange site and submit an offer Server. We tested Insight 3.5.5 in our lab, for a D-day migration. although Version 4.0.0 is due for release The following data is in the first quarter of 2003, and, by then, kept: the user list with should then support virtual domains, server-side filtering, resource management and quotas. The Insight Connector Figure 4: If you intend to use Outlook with Bynari Insight, you need Figure 5: Installing the Insight Connector adds will then support POP3 in the Insight Connector add-on a few new buttons to Outlook

www.linux-magazine.com

April 2003

COVER STORY

Groupware Test

Table 1: Overview of Alternatives Exchange Server Product

SuSE Linux Openexchange 4

Bynari Insight Groupware 3.5.5

N & H Easygate Workgroup 5.0

Manufacturer

SuSE Linux UK Ltd

Bynari Inc.

Neuberger and Hughes GmbH

Address

Appleton House,139 King Street

2639 Electronic Lane Suite 110

Im Bruckenwasen 1

London W6 9JG

Dallas,Texas 75220,USA

73207 Plochingen

Phone

+44 2088463918

+1-214-350-5772

+49-7153-61200

Fax

+44 2087480538

+1-214-352-3530

+49-7153-612033

Website

www.suse.co.uk/

www.bynari.com/

www.n-h.de

Prices and Support

see box on p26

see box on p38

see insert on p36

Requirements

SuSE Linux Enterprise Server 8 (included in package)

SuSE 7.2 and 7.3 recommended[2]

any Linux distribution

Connector

Replication[1]

Bynari Insight Connector

N&H MAPI Service Provider[6]

Outlook MAPI Support

Global MAPI address book

partial no[3]

yes

Outlook Mail

yes

Outlook Contacts

yes

Outlook Tasks

yes

Outlook Calendar

yes

Other Clients

Web Client

Insight Client for Linux

Web Client

Windows CE Synchronization

yes

yes,via Outlook

Palm Pilot Synchronization

yes

yes,via Outlook

Web portal page

yes

Contact management

yes

Address management

Human resource management

yes

yes (as part of contact management)

Address management,groups definable

Appointment management

yes

Calendar private / public

Project management

yes

Document management

yes

Task management

yes

yes yes[4]

Knowledge Base

yes

Bookmark management

yes

Notices

yes

yes[5]

Notice private / public

Outlook Functionality yes

Other Clients and mobile devices

Groupware Facilities

yes

Security Rights

yes

Encryption

SSL,TLS

VPN

yes

VPN w. Ipsec,Firewall

Antivirus toolkits

as add-on,e.g. Amavis

60 day trial by RAV Anti-Virus

Option

Spam filter

yes

Backup

manual add-on,e.g. SEP

manual add-on

Grade Features

good

average

good / very good (Exchange)

Handling

very good

average

good

Value for money

good

Total

good

average

good

native Windows client available

Bill Server is Open Source

Special Features

Footnotes [1] Replication on demand,no realtime exchange,as provided by connector [2] Some system services must be disabled on this distribution [3] Uses a Microsoft LDAP address book,which is configured individually for each client [4] Shared module with appointment management

April 2003

www.linux-magazine.com

[5] Notices can be linked to calendar entries [6] Supports both Microsoft conform TNEF encoding via winmail.dat,and individual MIME attachments for Non-Outlook clients [7] Uses a separate LDAP address book for each client; must be configured individually

Groupware Test

Samsung Contact Server 8.0

Communigate Pro 4.0

Samsung Contact SDS Europe Ltd

Stalker Software Inc.

200 Brook Drive, Green Park

655 Redwood Hwy,Ste 275

Reading,Berkshire RG2 6UB,GB

Mill Valley,CA 94941 U.S.A

+44 118 9497056

+1 415 383 7164

+44 118 4947256

+1 415 383 7461

www.samsungcontact.com/

www.stalker.com/

see box on p30

see box on p34

any Linux distribution

MAPI-Connector

yes

partial no[7]

yes yes

yes,POP3 and IMAP

yes

prop. Java Client

various

yes,via Outlook

yes

Calendar

yes

SSL,TLS

as third party plugin

yes

manual add-on

yes

good / very good (Unified Messaging)

average

good

very good

average

good

various clustering facilities, prop. migration tool

Clustering available,MMS and SMS solution integrated

addition to IMAP. The manufacturer has also announced a Webclient service, a migration tool, and a fax server. Page 38 and following provide further details on Insight.

Easygate Workgroup Server Easygate is available either as a software package, or as a hardware and software based appliance. The software package comprises Easygate, whence the product derives its name and Bill Workgroup Server, which is Open Source software, courtesy of Neuberger & Hughes. The administration of both is browser based. Easygate is primarily an access package that provides an Internet gateway and a LAN communication hub that either uses fixed IPs or addresses assigned by its own DHCP server. DNS, file and proxy servers are also available. A firewall and content filter provide blacklist and whitelist functionality, and a SPAM filter keep things safe and clean. The Pro Version is also capable of connecting to individual hosts or gateways over a VPN. The basic server package without Bill Workgroup Server is quite capable of handling internal POP3, IMAP and SMTP communications. The integrated Worldpilot handles Web mail services. Organizations looking to replace an MS Exchange Server with Easygate need Bill Workgroup Server, a Groupware solution ported by Neuberger and Hughes, and the client MAPI driver. Mail is handled by IMAP, and the “N&H MAPI Service Provider” costs 39 Euro per license. The server comes with five licenses by default.

COVER STORY

Bill manages mail, appointments, address books, to-do lists and notices in public and private folders. The current Bill, version 2.2, provides two new functions in comparison with earlier products – and some competitors – Free & Busy supports the Outlook controlled vacation feature, and thanks to Invitation Outlook users can send appointment queries (invitations) to other Outlook users, who can then confirm or refuse the offered date. The comprehensive administrative and user guides are useful. [3] provides further details on Bill’s Exchange components, a free, unrestricted version of the server, with a 30 day trial version of the client software. The manufacturer expects to have a Web client that can access workgroup data ready in time for this year’s CeBIT. Work is also in progress on integrating workgroup clients from other operating systems. Turn to page 36 for more details on Easygate.

Samsung Contact Samsung Contact is a successor of Hewlett Packard’s Openmail, a product commonly used in large enterprises. The current version, 8.0, which is publicly available following registration, was easy enough to install on a Red Hat Linux machine. The Web interface is nicely done and useful for initial administration steps. A MAPI driver for Outlook access was available in the previous HP Openmail product. The successor, Contact, has kept to the same paradigm. Contact’s MAPI software can be downloaded from the Samsung website. This allows easy booking of appointments for multiple resources by reference to the server’s LDAP address book. We also had no trouble creating folders (not subfolders in the inbox), and uploading documents. A few documents that we stored on the Bulletin Board using the Web client were not immediately visible in Outlook. A quick review of the ACLs and access privileges for the account soon resolved the issue. Additionally, there were some issues connected with the automatic updating of free/busy information. Samsung Contact’s Exchange functionality is quite convincing overall.

www.linux-magazine.com

April 2003

COVER STORY

Groupware Test

The same applies to mails for viruses. As the migration process. A regards security, Comconnector is available for munigate offers SSL, migrating Exchange SASL, CRAM-MD5, and address books by synAPOP. chronizing the data with Communigate Pro the Contact directory. concentrates on mesLocal user data can be saging and Internet moved to Outlook by access by email client drag & drop. Other or Webmail. LDAP manufacturers’ products support is available – may provide more comfor creating and fortable GUI access, but manipulating address there is nothing to prebooks – but the MAPI vent you performing a connector is not suffimigration using only the cient for genuine internal tools provided Groupware functionalby Contact. ity. Thus, we were However, Samsung unable to access the Figure 6: Easygate Server is manContact is not primarily LDAP address book, or aged via a Web tool that allows intended for Outlook create tasks or group you to create users, rename or disintegration; instead it appointments on our able mailboxes shows its usefulness as a lab machine. On Unified Messaging Server with Web and account of its restricted MAPI functionalJava clients in a widespread IT environity Stalker is only recommended as an ment. Thus, Contact is suited to ASPs alternative to Exchange for extremely and service providers whose customers basic assignments. require extreme scalability and availabilThis is counteracted by an astonishity. Turn to page 30 for more details on ingly easily configured and powerful Contact. Internet access software that provides excellent Web client based configuration. Stalker Communigate Pro The system could also be of interest to Internet providers looking for a specialCommunigate Pro by Stalker is ized email server solution, specifically extremely easy and quick to install. The because the program is available for RPM we added to a SuSE Linux 8.1 such a large variety of operating systems. machine was up and running in next to Turn to page 33 for more details on no time. The postmaster can use a neat Communigate. Web front-end to configure the server. And the software immediately came up Conclusion as a correctly configured mail router. The server software provides a The results of this Anti-Exchange dynamic clustering option that makes it contest need some explanation, in the useful for large numbers of accounts. light of the claims made by the manuA mail filter and an antispam function facturers. are also integrated. Additionally, you Easygate Groupware Server and can add a plugin to check incoming Samsung Contact are probably your best

Janus head MAPI by Syntegra If you run Outlook 98 or 2000 in CW (Corporate and Workgroup) mode, you lose the ability to access IMAP4/IMAP4rev1 folders.This is annoying if you want to migrate mail functionality from Exchange Server to a Linux server. Syntegra’s IMAP4 Message Store Service Provider (IMAPSP) MAPI connector solves this problem – for a license fee http:// www.us.syntegra.com/ imapsp.

bet, if you are looking for a qualified replacement for Exchange that provides Outlook MAPI support. There are two realtime connectors for Outlook that really work: Easygate’s “N&H Service Provider” and Samsung’s “Contact MAPI Service Provider”. Communigate Pro and the Bynari package only provide partial MAPI support. Insight does not have a global MAPI address book or a MAPI transport service, but provides each client with a separate, customizable LDAP address book and configurable POP/IMAP/SMTP services which almost bring it up to par. In our lab Stalker’s Communigate MAPI Connector only supported email and calendar functionality. We were unable to create tasks, or even access an LDAP address book on the Communigate Server. Finally, SuSE’s Openexchange Server is a stable and well-written piece of Groupware, although it currently does not qualify as a genuine replacement for Exchange. Its weak point is the Outlook replicator that lacks a realtime MAPI connector. The connector will be available as of this year’s CeBIT, but it still raises the question why so many products are released before they are ready for the market? ■

INFO [1] Amavis Linux software for SuSE Openexchange: http://sdb.suse.de/de/ sdb/html/rsimai_slox_amavis.html [2] SuSE migration program: http//www.suse.de/en/business/ products/suse_business/openexchange/ misc/ms_exchange_migration.pdf Figure 7: Mulitsocket listening is easily configured under the Communigate Pro product. This makes the software more flexible to your specific needs

April 2003

www.linux-magazine.com

[3] N&H Exchange component Bill Workgroup: http://www.billworkgroup.org

COVER STORY

SuSE Openexchange Server

SuSE Openexchange Server 4

Posture The Web front-end provided by SuSE’s all-inclusive workgroup package promises system administrators some relief from the daily grind and offers users more support with their daily work. However, you know what it’s like with promises – some are kept, and some are not. BY NICO LUMMA

nyone who feels like doing so can just grab a Linux distribution and put together a workgroup server to their own liking. Distributors such as SuSE offer complete package deals that ideally leave only the configuration of local parameters to the admin. Whereas the first product generation, such as SuSE E-Mail Server, mainly focused on providing integrate mail services, later packages, such as SuSE’s Openexchange Server 4 [1] now look towards providing workgroup solutions and establishing themselves as competitors to Microsoft Exchange. In contrast to many competitive products Openexchange Server 4 is not an add-on for an existing system, but a complete package for Intel compatible PCs, including a Linux distribution. The latter turns out to be SuSE’s Linux Enterprise Server 8 (SLES 8) on the basis of the 2.4.19 kernel – attentive administrators will also note the United Linux logo that appears during installation. Thus, the distribution is both current and stable, and provides users with a comprehensive maintenance program. The email and groupware components are stored on a separate CD, with Postfix 1.1.11 serving as the Mail Transport Agent (MTA), and IMAP functionality courtesy of Cyrus IMAPD 2.1.9. The Groupware facilities are based on Com-

fire [2] and replace Skyrix in the former SuSE E-Mail Server 3 software. User data is handled by OpenLDAP 2.1.4 LDAP server, and groupware data is stored in a PostgreSQL repository. The bundle is rounded off by the Apache 1.3.26 web server, bind 9.1.3 as a Domain Name server, Samba 2.2.5, a spam filter (SpamAssassin 2.31), and an anti-virus scanner (Amavis Postfixd 20020531). The Nuremberg based company provides a pretty box to go with the bundle, throwing in both a user manual and a more comprehensive admin guide. Both manuals explain the use of the feature rich Web front-end that provides both a neat Webmail solution and an interface to the range of Groupware features. In addition to calendaring and contact management, you can expect a knowledgebase, to-do lists, project and document management facilities, a forum and a billboard [4]. An Outlook replicator ensures that Microsoft clients can synchronize calendar, contact, and to-do data. Mail facilities are available to any IMAP capable client.

SuSE Openexchange Server 4 Manufacturer:

SuSE Linux AG

Internet:

http://www.suse.co.uk/uk/index.html

Prices: License for ten groupware clients, unlimited external email clients (POP3/IMAP) and 30 days installation support, 12 months system maintenance and update service

approx. 1,440 Euro

Additional license for groupware, for example five clients

approx. 290 Euro

April 2003

www.linux-magazine.com

Newly Installed As you would expect from SuSE, the installation is more or less fully automated. Package selection has been dumped in favor of automatically installing pre-selected packages for SuSE Openexchange Server 4 and, of course, that saves a lot of time. The procedure assumes a blank system and there is no way to stop the complete SuSE distribution, plus the mail and groupware components, from taking over that system. If you are upgrading from SuSE E-Mail Server 3, you should use the backup script supplied by SuSE to backup your mail, user, contact and any other valuable data before you start. After installing a new system, the Openexchange update script converts and restores any data you had backed up. After completing the installation, the admin is again allowed to specify a few

SuSE Openexchange Server

configuration options for the LDAP server in YaST. When you are done, you might like to go to the Maintenance Web site at http://support.suse.de/psdb/ to check what is on offer there, as a number of bugfixes and important security patches have become available since the package was released last autumn. To do so, you will need to register your productâ&#x20AC;&#x2122;s support key at http://support. suse.de/en/register/, to obtain a password for access to the SuSE Maintenance Web site. Content on the site is sorted by data and product, providing both an overview of the range of updates and patches for each product (for Openexchange Server 4 this is http://sdb.suse.de/en/psdb/ html/SuSE-Linux-Openexchange-Server4.html) and some insight into their history. In addition to descriptions for each patch, the Maintenance Web site also has links to downloads and installation notes. Alternatively, SuSE allows you to use YaST. Look for the Online-Update option under Software and specify http://sdb. suse.de/download/ as the source. Again you will be required to authenticate, as already described. Depending on whether you opt for a manual or automatic update, YaST will either present you with a list of optional packages (Figure 1) or simply download and install any required patches. The Web front-end provides functionality for both configuring and managing Openexchange, conveniently allowing you to create or modify users. These

resources are stored in LDAP and can additionally be viewed using the LDAP Web based browser supplied by SuSE.

Web Based Configuration The admin user can specify the extent to which users can modify their own data, and at the same time assign privileges for working with groupware features, or disable/enable Samba accounts. Of course, the dialog also allows the admin to change passwords and compose vacation notes for users. Additionally, users can change their own passwords and create their own vacation notes on the Web front-end, although it may be preferable to leave this task to the admin. It is quite easy to create groups and assign users to them; although assigning a share IMAP folder for multiple users and groups was more convoluted, patient admins should be able to talk the Web front-end into complying. Unfortunately, there is no way for the admin to assign shares for mail folders to users â&#x20AC;&#x201C; this is a task users have to take care of themselves. As Cyrus IMAPD privileges may not be entirely intuitive at first glance, this does cause unnecessary irritation. Admins wishing to give their users a helping hand are forced to use the cyradm command line tool. Listing 1 shows an example where the admin uses lm to view a directory, and sam to assign lookup (l), read (r), and store (s) privileges, so that users in the tech group will have access to the folder. Mail alias make things really confusing. You can use the user management

COVER STORY

facilities to define aliases for arbitrary users and store them in LDAP. Shared folders can be configured not to store incoming mail, but to forward it to one or multiple users. Independently of this, the admin user can fire up her favorite editor and add alias addresses to /etc/aliases. As there is no way of providing a central overview of aliases, you can soon lose track of them.

Making Sure the Mail Gets Through The Web front-end provides the Postfix, Postfix for Experts, IMAP Configuration and Fetchmail configuration items for electronic mail. Five options are provided for the basic Postfix MTA configuration: the admin user needs to specify a Relay host, and enable or disable Dial-on-Demand, SMTP Auth (SASL), TLS and the Spam filter. Expert configuration mode allows you to edit the default Postfix configuration parameters and add new parameters. Experienced admins may find the Web interface somewhat restricting and prefer to edit /etc/postfix/main.cf manually. The Web interface parser will honor any manual changes, thus guaranteeing an overview of any expert parameters you set. IMAP configuration is similarly concise and comprehensible and should not prove too challenging even to inexperienced admins. Message retrieval options for Fetchmail are also simple and uncluttered.

Certificates and Domains Anyone who has tackled OpenSSL and its range of command line options in order to create an SSL certificate will appreciate the convenience that the Openexchange Web front-end provides. In this case SSL support for POP3, IMAP,

Listing 1: Creating shares for user specific mail folders cyrus@smtp:~> cyradm --auth login localhost IMAP Password: localhost> lm user.nico.test user.nico.test (\HasNoChildren) localhost> sam user.nico.test group:tech lrs localhost> lam user.nico.test cyrus lrswipcda nico lrswipcda group:tech lrs Figure 1: YaST can be used to update the product

www.linux-magazine.com

April 2003

COVER STORY

SuSE Openexchange Server

Figure 2: Convenient manipulation of user data

Figure 3: Creating a virtual user

and LDAP is simply enabled or disabled below Security – and it is just as easy to remove a certificate. At first glance it might seem to make sense to use the Openexchange server as a Samba PDC or nameserver, but implementing this might be tricky. Basic Samba configuration is not too challenging. You first create a new SMB host, and then share the Samba account to your users to provide access to basic Samba functionality. Changing the basic setup means manually editing the smb.conf configuration file to suit your needs – SuSE does not provide forms for this task in the admin front-end. Configuring a Domain NameServer is even more annoying. The Web interface only provides the option of supplying a host name for the machine in a subnet of an existing domain. This is a mere fraction of the functionality provided by a real DNS server. If you want more, you will again need to edit the zone file and modify /etc/named.conf manually. Of course, the Postfix mail server supports the virtual domain paradigm, and thus can accept mail not primarily destined for the host, but reaching it by reference to its MX record. To utilize this feature, the admin uses the Web frontend to create a virtual domain, selects Export, and then under Users (Figure 3) creates so-called virtual users who can be mapped to actual user accounts on the system. The Web front-end automatically stores the virtual domain in the Postfix configuration file, /etc/postfix/ localdomains.

Tools

Figure 4: Viewing mail statistics for the last 24 hours

April 2003

www.linux-magazine.com

In addition to the LDAP browser mentioned at the outset of this article, SuSE permits Web based manipulation of system-critical configuration files, although there is no help of any kind, meaning that admins with little experience of Unix (and not only them) will have some difficulty using this feature. Text based forms are provided for editing the configuration files, although many admins will find this less useful than simply firing up their favorite editor. The system monitoring facilities appear far more beneficial in comparison, proving the admin both with an overview of the current Web front-end users, and – using rrdtool – with views of

SuSE Openexchange Server

Whatâ&#x20AC;&#x2122;s Missing? It is not only the fact that more and more spammers are making an effort to circumvent the SpamAssassin spam filter that makes you wish SuSE had integrated RBLs. If you want to block determined spammers, the Web frontend will be of no assistance, instead you will need to edit the Postfix configuration file, /etc/postfix/access, manually. Admins wishing to scan both incoming and outgoing mail will be pleased to hear that the system is preconfigured to use Amavis, although you will need to specify the exact configuration. A bundle comprising a license for an anti-virus scanner might be the more

customer-friendly alternative and would allow SuSE to pre-configure Amavis by default. As most larger LANs today need a DHCP server, one might ask why the Web front-end does not allow you to configure dhcpd, after all you can use it to configure SMB hosts. We were also disappointed by the fact that SuSE Openexchange Server 4 does not include Arkeia backup software, unlike its predecessors, which even provided comprehensive documentation for Arkeia. It is up to the admin to take precautions, to avoid losing data should disaster strike.

modern mail and groupware server: a Web front-end, Outlook synchronization and tools for daily chores. Within this framework, Openexchange Server can handle the tasks often performed by Exchange Server. â&#x2013;

INFO [1] SuSE Openexchange Server: http://www. suse.co.uk/uk/business/products/ suse_business/openexchange/index.html [2] Comfire: http://www.comfire.de/englisch/ produkt/produkt.htm [3] Rrdtool: http://www.rrdtool.org/ [4] SuSE Openexchange Server, Linux Magazine, Issue 27, p44

Conclusion It remains to be seen if SuSE can take care of the rough edges discussed in this article before the next update. The current version presents itself as a stable mail server with a convenient Web-based facility for most of the administrative chores. Users on the LAN get exactly what they expect from a

THE AUTHOR

the system and mail load [3]. An overview of the mail queue (Figure 4) is also useful, and you can use the Web front-end to clear the queue. The fact that the admin user can send a message to all users via the Web interface may prove to be a useful gimmick in production environments.

COVER STORY

Nico Lumma is the Head of IT at Orangemedia.de GmbH and looks back on years of experience with the practical application of Linux in enterprise environments.

COVER STORY

Samsung Contact

Samsung SDS Contact

Contact Sport If you are looking to support thousands of mailboxes, operate multiple sites and at the same time provides redundancy, quick response times and protecting your investment, you tend to turn to tried and trusted manufacturers first. Contact, despite having been renamed, is one of them. BY STEPHAN KAUFHOLD

n large scale IT environments the decision to invest in a software package is influenced by both the product’s maturity and its potential to protect your investment, which depends mainly on its pervasiveness on the current market. Contact is a promising alternative to Exchange for this target group, and this prompted us to put its 15 years of experience in the data exchange area on test in our lab. It might surprise you to hear that Contact has been around for so long – but of course, it did used to be called HP Openmail. Due to closer cooperation with the IT giant Microsoft, Hewlett Packard decided to discontinue the development of Openmail and in November 2001 Openmail was taken over by Samsung SDS, who belong to the Korean Samsung concern and are Asia’s largest IT Solution Provider, employing a staff of 6700. The Openmail homepage [4] provides more historical detail.

Internet, and Contact will run on almost any Linux server. If you do not like surprises or dissecting programs, you might like to keep to the steps described in the documentation and use the Installation Wizards to put Contact through its installation paces. This runs in a a graphical mode and seems to do a good job.

According to Samsung, some 15 million mailboxes run on Contact and Openmail, mainly in large scale companies and banks. Since Samsung SDS took over the reins, they have been looking to recruit more small and midrange business.

Wizard based Installation

Preferences The list of supported platforms includes Linux and – surprise, surprise – HP-UX, The installation defines the IP, hostname IBM AIX, and Sun Solaris. Official Linux and domain; other details can be support is provided only for Red Hat changed later. Sendmail and apache.conf Version 7.2 or later. SuSE is currently are automatically configured by the going through certification, and work is in Linux System progress at Debian, although Debian users Samsung Contact may have to wait a Message Queues & little longer for official Queue Manager SDS support. Samsung Of course, you do Contact Services not need to certify to Message Store evaluate a test version, available on the System Directory

Contact 8.0 Manufacturer:

Samsung SDS

Internet:

http://www.samsungcontact.com/

POP

IMAP

UAL

SMTPRelay

Prices: (Examples) Mailboxes/Client Licenses 50 Users 1,000 Users 10,000 Users

The client license is payable for Webmail and the Java client. IMAP/POP clients or MAPI access via Outlook is free. Support: (Examples) Mailboxes/Clients Support (8x5) 50 User 1,000 Users 10,000 Users

April 2003

approx. 1,330 Euro/330 Euro approx. 18,600 Euro/5,500 Euro approx. 139,000 Euro/37,600 Euro

www.linux-magazine.com

Sendmail

Web Server

approx. 3,950 Euro/1,050 Euro approx. 66,100 Euro/16,200 Euro approx. 452,000 Euro/116,000 Euro

POP Client

Web or MAPI Wap Client Client Connecting Clients

IMAP Client

Internet

Figure 1: The LDAP based organizational structure give you some idea of the functional scope and scalability of the system

Samsung Contact

User machine

Frontend Server

Web Browser

Web Client user program

IMAP4 Client

IMAP4 Server Daemon

POP3 Client

POP3 Server program

Portal Server User name search in directory Portal Server Software Server Hostname lookup with DNS

Figure 2: The admin can distribute heavy loads; in this example the admin distributes the load over three Contact servers. This does not provide redundancy

Cluster Systems Mailbox size is not the real issue when planning and dimensioning a system. Instead you should establish the number of simultaneous requests, and will need

one machine uses the data stored on another. Contact is capable of all kinds of combinations. Examples: The setup in Figure 2 distributes the tasks assigned to a heavily loaded system to three machines. Figure 3 shows two possible network topologies, allowing multiple sites with single servers to synchronize. Figure 4 shows a possible high-availability cluster scenario. No tools are supplied to manage the two servers in this scenario, although thirdparty management tools are available.

Administration and Backup

3rd Server stops users mailbox forwarding

installation routine. Do not make the mistake of blindly trusting the configuration files; take a look at the contents of the /opt/openmail/examples directory to double-check. System integrators should ensure that the hardware reflects the expected volume of data and the number of mailboxes. A Pentium class PC with a clock speed of 500 MHz should be fine for 20 users. As the server uses a file based repository rather than a database, multiprocessor RAID systems should be capable of reducing the average response time for several thousand mailboxes with a traffic volume of several terabytes to less than a second.

COVER STORY

to distinguish between the load caused by programs that mainly work offline and only open a connection to fetch or send mail, such as Netscape and KMail, and programs such as Outlook with its permanent open connections. Less frequently used systems will be perfectly happy running the server on a single machine. The LDAP based organizational framework and the 28 services and daemons that the kernel server comprises do give you some idea of the functionality, scope and potential scalability of the system (see Figure 1). Almost all of these services can be customized. Services responsible for heavily used queues can be configured to initiate a response to increasing loads, spawning a maximum of 21 instances per service. Additionally, multiple servers can run simultaneously on a single server, but clustering does not make sense unless the machines can synchronize, or that

Contact comes with an SMTP daemon of its own, although it can be disabled and replaced by an external MTA, such as sendmail, postfix or exim, if required. In fact, this is common practice and helps to optimize mail routing. Contact uses Fetchmail to retrieve messages from external accounts and forward them to its own mail system. Apache, the tried and trusted http server, is used as to provide Webmail functionality; Contact does not provide a HTTP service of its own. A variety of command-line tools are available for configuration and management tasks. They lend themselves to scripting and can thus be used to automate commonly recurring tasks. A Web front-end is also available for management tasks. Although its capabilities are restricted, it is useful for performing typical user, directory and mail node management tasks (see Figure 5). You can even customize the browser based tool, although you will need Tcl/Tk skills to do so. Further information is available from [1]. The server provides its own tools for backing up and restoring individual user

Figure 3: Two possible network topologies that synchronize multiple sites with single Contact servers

www.linux-magazine.com

April 2003

COVER STORY

Samsung Contact

Server X

Data

Contact Server A

Server Y

Contact Server B

Interface Program

Application Link API

Contact Server B

Figure 4: Possible high availability cluster where two servers access a single data repository

mailboxes. You can even backup a running system; this merely entails stopping client access for the duration of the backup.

Third Party Software & APIs Third party support is excellent due to the global pervasiveness of the predecessor to Contact. Yomi [2] provide an example in the Unified Communication area. HP offer MC/Serviceguard [3] for managing high availability cluster systems. As the SMTP server is open, you can use any anti-virus software that runs on Linux. We were particularly impressed by the fact that the package includes an Application Link Server that allows applications to use Contact to exchange data. The daemon comes with a proxy server that provides connectivity to platforms that Contact does not support. A well documented C interface is available for a number of programs to round off the usefulness of this service.

Non-Outlook Clients

intuitive designer tool. Diary and calendar support is sadly missing from both. This is why we recommend a third Web client, developed by Samsung, that includes functions for appointment management, calendar, info boards and business cards. The user interface, that looks like a mixture of Outlook and KOrganizer, makes the Web front-end a really useful application. PC desktops using the Web front-end should be able to do without other client programs. Samsung also supply a Java client with similar look and feel as part of the client package. Of course, the Java client runs on both Windows and Linux desktops. Contact also has a PDA and WAP interface that provides email access for these device types.

The Licensing Model: Fairly Straightforward Samsung Contact is a commercial product. In contrast to its competitor Microsoft Exchange the licensing policy for Contact is fairly straightforward, and refers only to the number of mailboxes required. Samsung are not interested in the number of devices that will access a

Samsung Contact supports a full range of IP based clients, provided they can speak SMTP, POP3, IMAP4, IMAP4rev1, HTTP, HTTPS, WAP or LDAP. They even provide a Client package of its own, including a Web client that dates back to the days of Openmail. Where version 5.10 is a somewhat Spartan, some would say uncluttered, Webmailer, while Version 6.0 is a highly nonFigure 5: Contact provides an administrative Web front-end by default

April 2003

Sales

Contact Server A Data

Purchasing

www.linux-magazine.com

Samsung Contact

Figure 6: Contact’s ability to exchange data between applications

mailbox, although there is an extra charge for the client package discussed above. The server itself – and even a multiple server cluster – with five mailboxes are free. Schools and colleges need a commercial license for staff, but a free license is available for pupils and students. You can run Contact for a 30 day evaluation period with an unrestricted number of mailboxes. A license key is not required. However, you should be aware that the package will not revert to evaluation mode if you supply a license key. Deleting and re-installing is the only solution in that case.

Conclusion Contact is not a plug & play server. Admins will need appropriate skills and a considerable amount of time, if they want to leverage the product’s full potential. The Tech Guide alone comprises 700 pages of configuration information. The software will reward this effort with its considerable flexibility and even more impressive scalability. Distributed Groupware for several thousand mailboxes is no problem for what used to be HP Openmail, and performance is not an issue. ■

INFO [1] Information on the administrative Web front-end: http://www.sowandpigs.co.uk/ mailtest/owat/ [2] Unified Communications Products: http://www.yomi.fi [3] Add-on for high availability clusters: http://www.hp.com/products1/unix/ highavailability/ar/mcserviceguard/ [4] HP Openmail: http://www.openmail.com

CommuniGate

COVER STORY

Stalker CommuniGate Pro 4.0

In the Movies Stalker is not only the antihero of a Russian movie, but also the name the CommuniGate directors chose for their company. Not only is the server suitable for large-scale environments, but it also ensures that admins are aware of its full range of functions. BY THOMAS GRAHAMMER

talker is a character from the Russian science fiction novel “Roadside Picnic” and also the title of a breathtaking movie based on the book and made in 1979 by Andrej Tarkowski. It tells the story of a man searching, and hunting in a dangerous and mythical area, called the Zone, in the company of two other men, an author and a physicist. The laws of nature as we know them do not apply in the Zone. Stalker leads the other two men to an enigmatic room that is said to be capable of making wishes come true. Stalker Software, a US company named after this character, sees its strength in the quest for new technologies.

CommuniGate Pro by Stalker can be downloaded without any registration requirements from the Stalker site. The RPM file weighs in at around 3.2 Mbytes, and the sourcecode is also available. Typing rpm -i CGateProLinux.i386.rpm will install CommuniGate Pro in the /opt directory within a few minutes, creating a CommuniGate subdirectory during the process. A quick look at the directory shows that it contains two files called mail and sendmail, probably intended as a replacement for the standard programs of the same name. To keep things consistent, the original mail program in /bin was renamed to LegacyMail and a softlink to CommuniGate mail created. To uninstall, you simply copy the legacy mail program back to its original position. According to the installation manual – http://www.stalker.com/ CommuniGatePro/default.html#Current – the /etc/rc.d/init.d should contain a

Figure 1: The Settings area in the Web configuration tool. Useable defaults are pre-defined for most parameters, such as the domain name, for example

start/stop script called CommuniGate, and /var/CommuniGate is the main CommuniGate Pro directory. Time to configure the server. To make things simple for the admin, Stalker merely asks the admin user to type http://your.server.domain:8010, where your.server.domain is your CommuniGate server’s address. The admin user is required to authenticate as postmaster before starting to configure. The access password is generated randomly during the installation procedure, and is located in the third line of /var/Communi Gate/Accounts/postmaster.macnt/account. settings. After authenticating, a page with various configuration parameters will appear. Although it may appear complex at first glance, a closer look reveals that the page is well organized. The five items in the main menu Settings, Accounts, Domains, Directory and Monitors all branch off to various submenus. We will only be looking at a few of the most important parameters, as the defaults are normally quite sensible.

www.linux-magazine.com

April 2003

COVER STORY

CommuniGate

Admins interested in more advanced configuration tasks are advised to consult the manual.

blacklist (Whitehole List), again accessing an external Domain Name server to do so. Header and body filters should be applied with care to avoid filtering Settings non-spam mails. The CommuniGate Pro server is capaThe Settings menu (Figure 1) provides ble of automatic mail processing. A set access to a variety of features, allowing of rules applied to incoming mail defines the admin user to quickly perform the the action to be taken; this is similar to steps for a basic setup. The first subitem, the filter functions offered by many mail GENERAL, describes the basic preferclients. The versatility of the rule set is ences and contains the domain name convincing and allows you to filter for the server. You can specify the scope Security: Multiple Filter by time of day, date, or weekday of the Internal Log by selecting from Support for example. The range of available Crashes Only, Failures, Major & Failures, actions is considerable and way beyond Problems, Low Level through All Info. Spam filters are applied under Protection. the capabilities of any mail clients in The last two levels guarantee a huge You can block specific client IPs and the author’s experience. This approach logfile. create a blacklist of sender IPs. To do so, provides options for pre-filtering The Crash Recovery in the Web configyou either use a so-called Blacklisting that will be particularly useful in coruration tool refused to work in our lab. DN server or use a Realtime Blackhole porate environments – and of course Although it restored most of the data List (RBL). You can even use an inverted CommuniGate Pro is targeted at when we provoked it by killing corporations. the process, it unfortunately lost CommuniGate Pro 4.0 There is no need to change the the data used by the current Manufacturer: Stalker Software QUEUE preferences, unless the instance. Internet: http://www.stalker.com admin prefers to forward specific This might not be a problem Prices: error reports to herself or change under practical conditions as at License charges depend on the number of user accounts and the handling for return mail. least two instances of Communimailing lists.The number of domains, account and domain Although this should not norGate will be running. The backup aliases, groups and forwarders, or the number of mailing list mally be the case in typical instance handles communication recipients is unlimited. production environments. when the primary instance fails. Single Server: This cannot be said of the In case of failure the server imme50 Accounts, 5 Mailing lists approx. 580 Euro Events item, however. As the diately re-initializes, and that 200 Accounts, 15 Mailing lists approx. 1,160 Euro name suggests, this item is means a downtime of less than 1,000 Accounts, 100 Mailing lists approx. 2,320 Euro responsible for event handling, one tenth of a second. 30,000 Accounts, approx. 5,800 Euro where functions are assigned Mailing lists unlimited Divide and Conquer to specific events – like sending 200,000 Accounts, approx. 34,800 Euro an email to the admin user, Two clustering options, static and Mailing lists unlimited to supply a typical example. dynamic, are available to admins Accounts and Mailing approx. 69,600 Euro You can use the Elements item wanting to run CommuniGate Pro lists unlimited to assign a specific system on a server with multiple Clusters and Virus scanners action to an event. For example, domains. Static clusters use a (McAfee and Sophos) on request you could assign the warning server for each domain. If a static MAPI Function: action to the smtpInputActive cluster wants to interact with an 25 Connections approx. 1,390 Euro event, in order to mail the postaccount in another cluster, it com50 Connections approx. 2,320 Euro master. The number of actions municates with the other 100 Connections approx. 4,060 Euro available is so immense, that the host-server by TCP/IP only. In the 400 Connections approx. 11,600 Euro system can react sensibly to case of a dynamic cluster, the 1,000 Connections approx. 23,200 Euro almost any situation you could cluster server accesses the Support: imagine. account data directly. This archi2 years update download and free tecture guarantees maximum standard email support DNR and SMTP Service availability for the cluster, as 5 pre-arranged calls approx. 700 Euro a single server is sufficient to CommuniGate Pro provides its 5 calls with max. 4 hour reaction approx. 2,320 Euro handle any existing accounts. own Domain Name Resolver time (DNR) to handle name resoluUp to 4 tele-sessions per month approx. 5,800 Euro/year Who is Allowed to Do tion. The resolver in turn (reaction time max. 8 hrs) What? accesses either the internal or an Up to 4 tele-sessions per month 8,120 Euro/year external DNS server. However, it TCP Activity Scheduling is (reaction time max. 6 hrs) does not make much sense to use another interesting feature, and

April 2003

allows the admin user to define when and how often a server can cause TCP/IP traffic, or to be more precise, how often it can retrieve mail. Again various log levels are available. The configuration under ROUTER should be appropriate for most scenarios although some advanced administration may be required if you intend to use the server as a relay for other systems, for example.

www.linux-magazine.com

CommuniGate

external DNS as this would lead to enormous performance overheads. CommuniGate Pro requires you to set up an SMTP server to handle communication with the outside world (see Figure 2). Incorrect settings will prevent mail exchanges. The Send Directly to Recipients will send each message directly to the recipient’s server – this is quite common and sensible, if you do not require any security mechanisms. However, if you use an external virus scanner or a mail proxy, you will need to forward messages to this server. It is also possible to send SSL/TLS encrypted mail to specific domains. Mail relays are a sore point with most admins, and unfortunately CommuniGate Pro has not come up with a perfect solution to this problem.

COVER STORY

Slave Labor

Accounts & World Wide Mail

The RPOP item (see Figure 3) is used to set up individual accounts. Configurable polling times are extremely useful, as is the option for restricting the maximum number of accounts per user. With respect to local mail delivery the software provides variable hold times for accounts in danger of overfilling their mail queues. Hold times can range between one second to several weeks. We were pleasantly surprised by the facility that allows POP access to be restricted to specific addresses or address ranges. This is particularly useful in intranets. The Access item, which allows you to set up this feature, also lets you change the listener port, and thus secure the system against external access.

If a mobile user just happens to be visiting Majorca – well, everyone needs a vacation, it would be so nice to get away from the rain for a change – and has a laptop in his luggage, you can forget about relying on Outlook. Fortunately, CommuniGate Pro does provide a Webbased user interface that allows the user to check for the latest mail from the boss in the Internet café round the corner. The most important CommuniGate setup steps are performed in the Accounts area, which allow you to create and edit various accounts, and assign users to groups. The fact that you can enable and disable specific services (POP, IMAP, Web interface, etc.) for individual users is a good thing. The limitations you can apply are praiseworthy, allowing you granular control of space restrictions at mail level, in 1 kb steps. The Accounts facility also allows you to set up and maintain mailing lists. Another nice feature – Stalker provides user specific skins for each Web interface. Of course, the usefulness of individual Web interfaces is debatable, but our lab team was quite amused. Let’s not forget the Monitoring function provided by the configuration tool; it provides attentive admins with the option of pro-actively monitoring the groupware product, from logfiles through queues to the cluster itself.

Conclusion

Figure 2: Setting up the SMTP service

Figure 3: The RPOP area is used for administrating polling intervals, hold-times and limits

For the men in Tarkowski’s movie “Stalker” the quest ends in oblivion. Although they find the room, fulfillment and belief elude them. As Stalker already knew, the road is the goal. So at least CommuniGate is on the right road. The software provides an unusual rich feature set that is almost impossible to exploit fully with a single production installation. Having said that, CommuniGate remains easy to configure – even less experienced admins should have no trouble establishing a workable setup due to the sensible defaults the software provides. This alone makes CommuniGate Pro Server a genuine alternative to Microsoft’s Exchange Server. Judging from the licensing fees for the MAPI drivers at least, it would seem that the manufacturer knows that. ■

www.linux-magazine.com

April 2003

Easygate Workgroup Server

COVER STORY

Neuberger and Hughes Easygate Workgroup Server

Semi-easy, Semi-free Easygate Server provides Internet access for the corporate network and can even replace Exchange given an additional Open Source component called Bill Workgroup. BY FRED ANDRESEN

he version number has gone up by four tenths since our last lab test and the asking price for the software has actually fallen without comprising the product’s ergonomics. Neuberger & Hughes’ [1], Easygate Workgroup Server 4.5 is a combination of the Easygate Internet Access Gateway [2] Software and the Bill Workgroup Data Exchange [3] server. The Easygate component connects corporate networks with up to 200 users onto the Internet via ISDN and/or DSL, and the Bill server acts as an MS Exchange Server for MAPI clients, that add on to Microsoft Outlook’s functionality. The bundle does not include an IMAP4 server. An ISO image of the current version 4.5.74 is publicly available on the manufacturer’s site [2]. The hardware requirements are moderate: 64 Mbytes of main memory, an empty (!) 2 Gbyte hard disk, a network interface, and an

additional Internet connection – all based on PC architecture. In fact, any computer capable of running Debian 3.0 should suffice, as Debian is the operating system that the Easygate installation will automatically place on your hard disk. Note: The customized Debian Linux version does not support SCSI hard disks.

Speedy Install The installation requires virtually no user interaction: the computer boots from the CD, tells you that it is booting Linux, prompts you to enter the hard disk for the installation and displays a warning to the effect that it intends to format the disk. The system is up and running in next to no time. The network and ISDN

Easygate Workgroup VPN 4.5 Manufacturer:

Neuberger & Hughes

Internet:

http://www.n-h.com

Pricing: Easygate Workgroup Per additional client: 1 year Basic Support 24/7 Monitoring/Autoupdate Including Security Check

Package incl. 5 MAPI Clients approx. 1,300 Euro 39 Euro 600 Euro 150 Euro 400 Euro

Alternative without the communication server: Bill Workgroup Server incl. 5 MAPI Clients

approx. 500 Euro

April 2003

www.linux-magazine.com

adapter configuration uses curses and is dialog based. After a few progress messages the system reboots, and Lynx is used to configure the basic network preferences for Easymail. Easygate comes up with a DHCP server running and should not be attached to production networks that use DHCP without prior attention. After customizing Easygate to reflect your own network settings, you will need to reboot the server. The character based “Service” menu can be accessed via the console and allows you to check the numerous partitions, /dev/hda1 through /dev/ hda13, manage profiles, and create or restore system backups. Shell access is provided; to quit the shell and return to the menu, simply press [Alt]+[F2]). The system applies restrictions to the administrators user’s privileges; permitting access to only five of the thirteen available drives with the root file system, working and configuration directories for the file server, with the other partitions remaining out of bounds for the admin user.

Web Interface The administration of a newly created system is not restricted to those with

options, with access to Licensing forms and client Internet access logfiles being made available from several points on the menu tree. The EasyCache proxy server is not configured in the EasyCache, as you would expect, but in an EasyConfig submenu a few levels lower down. The most annoying Figure 1: Handling aliases is straightforward with the use of the web aspect of the confiinterface guration is that you have to reboot the system after every physical access to the machine – any modification. For a workgroup server further configuration steps can be perdesigned, according to the manufacturer, formed remotely using a Web interface to serve 200 clients (and one that is runwith nested configuration levels. ning Debian), this kind of behavior is To prevent the administrator from simply unacceptable. becoming completely lost, the submenus The Bill Open Workgroup sourcecode stay open and visible when preferences is free, available under GPL, and can be are modified. This may not be aesthetidownloaded from [3] along with an cally pleasing, but it does at least work. installation guide. However, MAPI The main menu comprises the services for Outlook clients are only items EasyMail, EasyCache, EasyWeb, available on commercial license. MAPI EasyStatistik, and EasyConfig. The clients use a connector and Corba to registry and basic system preferences are emulate Outlook commands on the Bill also stored here. server. The Bill server, which was EasyMail provides access to user written in Python, speaks Corba and accounts and aliases, and allows you to saves your users’ Outlook Groupware co-ordinate forwarding and vacancies, objects with very little administrative passwords and external mail addresses. interaction, saving to time. EasyCache allows you to configure Internet access control and logging for Conclusion individual clients. Access can be globally allowed or denied, restricted to specific The GUI provided by the Easygate times or to a specific time limit. administration software is similar to EasyWeb controls access to individual other tools, such as Webmin. The websites. The system provides three package does make sense for commercial pages by default: Intranet, Test and users, as a uniform desktop does save Publication; you can add more sites and time – or at least it would, if you didn’t map them to internal addresses to need to keep rebooting. provide read and write access for all of The manufacturer also offers 24 by 7 your clients. remote monitoring, including security The EasyStatistik menu provides monitoring, if required. ■ access to logfiles for client Internet access and ISDN connections. Things INFO start to get interesting in the EasyConfig [1] Neuberger & Hughes: menu (see Figure 1). The first of the two http://www.n-h.com options available in the menu, System [2] Internet access gateway: configuration and System diagnosis takes http://download.Easygaten-h.com you down into the depths of the system. [3] Bill Workgroup Server: http://www. Unfortunately, the whole configuration billworkgroup.org/billworkgroup/home/ process is confused by redundant menu

COVER STORY

Bynari Insight

Bynari Insight Server

Understanding The Texan software manufacturers Bynari can look back on years of experience in connecting Outlook clients to their own server products. The latest version requires some skills, but with its modular structure it is powerful. BY THOMAS GRAHAMMER

aving said that, Insight Server is based on tried and trusted components, such as Exim and Cyrus IMAP. The product’s strong points are its spam filters and anti-virus protection. The Bynari Insight Groupware server that we looked into in the Linux Magazine labs was as TGZ file containing version 3.5.4. A quick glance at the readme file told us that some preparatory steps would be required. In this respect, the product assumes a higher skill level than Communigate Pro, for example. The admin user is expected to disable the FTP, Mail, HTTP, POP3 and other system services that may be running on the server. Otherwise “./setup” quits with an error message. After successfully launching the setup routine and answering a few prompts, a message soon appears telling you that

the Web interface is now available. The interface uses the standard HTTP port 80, of course this is not to the liking of other Web servers on the machine.

Third Party A closer look at the thin looking 104 page manual reveals that Insight Server is made up of a number of third party modules. It uses Cyrus IMAP and the Exim Mail Transport Agent (MTA), for example. You will also discover that both an HTTP daemon (Apache) and Proftp are running. Most administrative tasks can be performed using the Web interface – and in fact this is Bynari’s biggest contribution to the product, as Insight Server is a bundle of third party products linked by a Web interface when you get down to nitty gritty. Figure 1 shows the structure of Insight Server and its individual components.

Exim is one of the better known modules. As most distributions expect you to perform hardcore configuration of Exim by editing the configuration files, you might be quite happy with what appears to be an intuitive front-end at first glance. A closer look reveals that the Web interface could be far more intuitive. The “Basic Configuration” area allows you to enter basic setup information, such as host names, domains and relay domains. The “Performance Options” that can considerably boost Exim’s performance are also of interest. This is where you can set the maximum size for mail and the maximum spool space, for example. Interested admins should also look into the “Advanced Options” that permit further fine tuning. This is where you specify the default LDAP server, rejects, and error messages. The “Log Options” allow you to specify the size of the logfiles.

No Spam Thanks to Exim, Insight Server can handle a Realtime Blackhole List (RBL). This allows active spam prevention via a list

Insight Server 3.5.4 Manufacturer:

Bynari

Internet:

http://www.bynari.com

Prices (approximate guide prices): Family Standard Edition for up to 25 Users US $600

Figure 1: Structure of the Bynari Insight Server system

April 2003

www.linux-magazine.com

25 + Users 100 + Users 500 + Users 1000 + Users

US $500 extra US $1,950 extra US $9,500 extra US $18,000 extra

Prices for IBM i- and z-Series

on request

Bynari Insight

that is managed and updated on remote central servers. To do so, you add the domains and hosts responsible for maintaining the list under “RBL Options”. Exim filters provide additional spam protection. Make sure that you know what you are doing, before you start changing the defaults; the wide range of options may cause inexperienced admins to apply filters that prevent any mail whatsoever getting through to their users. Another interesting feature that Exim offers is granular configuration of its SMTP options. System administrators can set the maximum “Alive time” and “Receive timeout”, for example.

Although there is no real reason to change the defaults, which seem to be perfectly okay for most sites. Finally, you can also influence how Insight Server handles messages, adding a header to received messages, or specifying the maximum number of headers to accept simultaneously, for example. In general, the Insight Server interface allows full control of Exim, and is easy to use.

Reduced Danger of Viruses Thanks to RAV there is virtually no risk of viruses attacking Insight Server. Unfortunately, Bynari only include a 60 day trial version of the RAV Antivirus

COVER STORY

package. The “RAV Setup” allows you to configure RAV (see Figure 3). The interesting thing is that “RAV Action Configuration” not only allows you to specify what action to take in case of virus attacks, but also to define actions of your own. “RAV Groups Configuration” is used to map the action to a group, as RAV handles incoming mail by reference to groups. This is also where you define when and how the system scans incoming mail, and what to do in case of virus infections. There are numerous possibilities: from warning the recipient, warning the sender, or secretly disposing of the message – you can even create groups for

SCO Office Mail Server 2.0 The brand new 2.0 version of SCO Office Mail Server (formerly Volution Messaging Server) reached our labs after close of press and too late for a real test. Our first impressions are based on the comprehensive HTML and PDF documentation that accompanies the product. Besides a user guide, SCO Office Mail Server 2.0 also includes an step-by-step introduction, and an administrator’s guide on CD.The product provides language support for English, French, German, Italian, Polish, and Spanish. SCO Office Mail Server 2.0 can be installed on SCO Linux distributions, United Linux, and UnixWare 7.1.3, where a Linux Kernel Personality is required.The manufacturer claims that the product can support up to 2500 simultaneous users running on standard hardware. The Webmail client, Horde IMP 3.1, and an updated SCO Office Mail Connector for Microsoft Outlook, are the most important new features. Although an additional per client license fee is levied for the latter, it does provide the added benefits of shared folders, group calendaring and other groupware functions.

OpenLDAP and the LDAP PAM module to authenticate users. Numerous admin tools are provided; over 30 special command line programs allow the admin user to create mail users, modify ACLs, query calendar information, or specify passwords. SCO also provide a Web front-end for admins who prefer not to use the command line, and of course Webmin is available for Linux system administration. A user account is comprised of: • General info, such as name, password, and phone • Email address with additional parameters (such as mail forwarding) • Cyrus Inbox

• Spam filter with Realtime Blackhole List

• shared calendaring

• shared form libraries

• Simple Mailing lists (aliases)

Security

• Cyrus Message Store

Open Mail Server requires POP before SMTP by default: users are not permitted to send mail via the SMTP server without first accessing their mailbox via POP or IMAP. Thus, the server prevents misuse as an open relay, at the same time allowing SMTP server access to users in different networks.

Thanks to Cyrus Message Store, mail users do not need an account on the server; Cyrus uses

• shared global address books

• delegation of calendaring and folders

• Quotas

• Postfix Mail Transport Agent (MTA)

• Authentication and administration via OpenLDAP

The SCO Office Mail Connector allows users with Microsoft Outlook versions 97 through XP to leverage functionality otherwise provided by an Exchange Server.The manual emphasizes the following features:

• shared contacts

The documentation emphasizes the new IMAP server (Cyrus 2.1.0).The other components are:

• Apache Web server for the admin interface

SCO Office Mail Connector

• shared message folders

• Auto reply functions (vacation mail handling)

The software does not provide a backup function of its own; the admin guide refers you to standard tools, such as tar, cpio and afio.The server also provides programs that create a configuration for various Outlook versions.The Web application offers detailed descriptions of the user settings required to support Netscape, Eudora, Kmail, and IMP.

New Components

SCO do not provide any antivirus software, although it is easy to add this facility later, as Postfix provides the “content_filter”interface for external scanners.The admin guide describes the required steps. SSL encrypted connections are envisaged for Web server access; and both the IMAP and POP servers can be secured using SSL.

Additionally, the Connector displays a toolbar that allows users to configure their email accounts, select folder options, share folders, and define access privileges for folders. The user guide also describes a simple migration path for Exchange emigrants. After installing the SCO software, Outlook clients can access both servers. Users can then copy their folders from their Exchange mailboxes to their mailboxes on the SCO Open Mail Server.To replace the global address lists provided by Microsoft Exchange, SCO provides an LDAP client for Microsoft Outlook. Pricing for Office Mail Server will be based on the number of clients logged; details of which were not available before going to press.

www.linux-magazine.com

April 2003

COVER STORY

Bynari Insight

Figure 2: Exim Web configuration interface

individual domains to provide distinct mail handling within your own Intranet in contrast to normal Internet mail. The Web interface is not really necessary for user management; the admin user can perform all the relevant tasks manually, as Bynari uses Open LDAP and Cyrus for address and mail handling. An LDIF file (LDAP Directory Information File) is used to store the configuration. The file format is quite simple: the parameters are stored with their current values in a single line. Unfortunately, there does not seem to be any way to import multiple users simultaneously. Admins who have not lost their programming skills are advised to consult the readme files and the FAQ, and then write a few tools to export the LDIF file from another file or from a database and pass it to Insight Server.

Chop and Change This allows Insight Server to import user information from Exchange 5.5 – although the procedure is not exactly trivial. The initial steps are described in the “Exchange Migration” box. The procedure described in the insert will not work for Exchange 2000, however, although the Insight Server manual does explain how to handle Exchange 2000 data.

Exchange Migration A few tricks allow Insight Server to import user information from Exchange 5.5.The following command imports data from the Exchange Server with the IP address 192.168.1.13: mail:/home/tom # ldapsearch -L -h 192.168.1.13 "uid=*" > exchange.ldf Add the following syntax to restrict the fields imported from the Exchange Server’s repository, possibly because you intend to replace some data : mail:/home/tom # ldapsearch -L -h 192.168.1.13 "uid=*" objectclass cn rdn Company uid givenName mail > exchange.ldf The fields quoted here are for reference only, you will want to specify the fields you intend to import. After creating an Exchange Server data file, you may need to convert the data to Bynari LDAP format using the “dn:”parameter.Then type “ldapadd”(or “ldapmodifi”if the second line of each entry contains “changetype: add”): mail:/exchangedata # ldapadd -cv -D "cn-manager, c=US" -w Password -f exchange.ldf These steps import the Exchange Server user database to Insight Server.You will need to tell the Cyrus mail server all about this. Pass a tcl file to the “cyradm”command to tell Cyrus about the userbase (later Cyrus versions will expect a Perl script).

April 2003

www.linux-magazine.com

Conclusion Bynari Insight Server is a useful and well-thought out product that provides Web interface based administration, although it is not always easy to use. One advantage that Insight Server has in comparison to its competitors is its modular structure which allows you to replace individual modules when updating. ■

THE AUTHOR

Figure 3: RAV configuration. Unfortunately, this is only a 60 day trial version

Thomas Grahammer has a degree in Computer Science, and has years of experience in system administration and programming. In the summer of 2002 he started up his own software company way down in the South of Bavaria. His main interests are LAMP programming and Linux administration.

REVIEWS

LindowsOS 3.0

Window Dressing Just over a year ago, Lindows set about developing a Linux version capable of installing and running Windows programs. LindowsOS is currently at version 3.0. This article takes a peek behind the scenes to discover how many of those promises Lindows has actually kept. BY FRANK WIEDUWILT

he manufacturer’s [1] stated target group for LindowsOS is made up of first time computer users and users wanting to migrate from Windows without becoming involved in system configuration and administration issues. We tested the LindowsOS Membership Edition, which costs US $119 in the download version and US $129 in the CD version. Our lab environment comprised of a computer with an AMD Duron/750 MHz and 256 MB RAM. The machine also had an Elsa Erazor video adapter, an ATAPI Zip drive, a CD writer and a Fritz ISDN card.

Installation Installing LindowsOS was easy. After inserting the installation CD and rebooting the machine, Lindows plugged & played our hardware and automatically launched a GUI installation routine. We were prompted to agree to the “End User License Agreement” and choose an installation method. Two flavors are available: standard mode re-partitions and formats the hard disk before installing the System. Advanced Install allows the user to choose a partition for the new LindowsOS installation. As there are no other options available in Advanced Install mode, you end up

April 2003

with the US keyboard layout; additionally the X environment is configured without any possibility of user interaction. The setup program then went on to prompt us for a computer name and a password. The help text does not point out that this is actually the password for the system administrator. The installation program allows the installer to choose an empty password; in fact you can install and run the system without setting the password for root. After double-checking, the installation program started setting up the system – the process took about ten minutes on our lab machine. The computer rebooted without any trouble and displayed a character based login prompt. However, things started to go wrong on executing startx to launch the X server, as the kernel module needed to support the nVidia chipset used by the video adapter failed to initialize. As we were unable to setup the video adapter using the xf86config script, we had to resort to an older card that we happened to have in hand. To keep things simple, we repeated the complete installation procedure; this time everything worked, and GUI login appeared to welcome us to Lindows. A modified KDE desktop appeared after replying to the password prompt (see Figure 1). The first task is to select a time zone and possibly create a new user – the First Time Setup dialog box appears automatically to simplify this setup. Any new users created on Lindows are placed in the root group by default, and thus possess root privileges for the system. For security reasons it may be preferable to create a “normal”, non

www.linux-magazine.com

privileged user and log on with that user’s account – most other distributions take care of this step as part of the installation procedure. As X is preconfigured with a 60 Hz display frequency, it might also be a good idea to select a more comfortable setting. You can then use the KDE control center to change the keyboard setting, if required; menus and help texts are displayed in English by default.

Where Did All the Programs Go? A glance at the program menu reveals a minimal software configuration, mainly comprising of Netscape 7 and a few CD and MP3 players, but conspicuously lacking Office and graphics programs. Lindows uses a system called Click-NRun Warehouse to install program packages. The “Warehouse” offers a large selection of programs available via Internet download. The Lindows system maintenance and program setup tool automatically recognizes and resolves

LindowsOS 3.0

REVIEWS

gram (gpaint), a communications program for accessing digital cameras and a snapshot tool for screenshots.

What’s in a Name? Lindows’ original goal was to allow users to install and run Windows programs, but the distribution seems to be well offtarget at present. The only support Lindows provides for Windows software is an unmodified Wine [2] version, and you will need to launch Click-N-Run to install the package. Wine launched older and smaller Windows programs on our lab machine without any trouble, but our attempts to run any graphics programs like Corel Draw or Designer failed. We were also unable to launch any of the major Office programs.

Conclusion

Figure 1: Lindows uses KDE for a Desktop

register with Lindows before you can start downloading. Doing so revealed that the free Junior Membership Edition allows you to install a total of 10 of the 1700 programs in the Warehouse. Access to all the programs in the Warehouse requires full membership at US $99 per annum. Connect me! The Lindows manual did not mention any localised language versions, but a The next disappointment occurred when quick search of the Warehouse revealed we attempted to use the ISDN card to that they were available. After using connect to the Internet. Lindows only Click-N-Run to install one of these packsupports Internet via modem, DSL or a ages (it took two attempts as the routine LAN with internet connection. After concrashed shortly before completing on the necting to the Internet via modem, the first attempt), localized menus were Click-N-Run program took a few minutes available on the desktop. to update the installation and display a Localized menus are only available selection of software. You will need to for KDE based programs. Any other tools, such as Netscape, will still use the default English menus and help texts. The Word Pro program available with the Junior Membership Edition turned out to be KWord after we installed it. Apart from that, the selection is restricted to a few games, a simple graphics proFigure 2: Installing programs through the Warehouse package dependencies during package installation (see Figure 2). The fact that you need an Internet connection to install programs is annoying – this even applies to the programs on the additional Membership Edition CD.

Lindows has a lot less to offer than many other distributions. The selection of programs available in a default installation is too meager to be of any use. The business model, which envisages selling free programs for a large annual fee, is dubious. A buggy installation routine and the lack of ISDN support for Internet connections are further points of criticism. Lindows is well off target with respect to its original goal of running Windows programs on a Linux distribution; The wine version is only capable of running older or extremely simple applications. Taking a look under the Lindows hood reveals Debian 3.0 Woody [3] with XFree 4.2 thrown in. A Debian package manager (such as apt or dselect) will allow you to bypass the Lindows Software Warehouse and install other programs. Having said that, if you want to use a Debian system, why not go for the original? Beginners are better off with distributions like SuSE or Mandrake that provide a good selection of programs for a variety of interests without enforcing a long-winded and complicated Internet based installation procedure. ■

INFO [1] Lindows homepage: http://www.lindows.com [2] Wine project: http://www.winehq.com [3] Debian: http://www.debian.org

www.linux-magazine.com

April 2003

KNOW HOW

Mail User Agents

Mail and more Nobody likes to leave a vital task such as email to chance. The quest is, which mail user agent is the right one for me? BY ANDREA MÜLLER AND PATRICIA JUNG

he old Unix paradigm that every program is a thin specialist geared to handle a specific task, instead of a jack of all trades that can’t see the job for functions, not only applies to numerous shell tools, but also to application software. These can be standalone tools, such as Balsa and Kmail or integrated within more complex packages, such as Mozilla and Evolution. Modern “Mail User Agents” (MUAs) for Linux tend to be GUI based. They not only manage local mailboxes, but can access remote mailboxes on POP3 or IMAP servers. Most of them no longer rely on a local MTA, but can speak enough SMTP to forward outgoing mail to a smart host. Add a whole range of additional functionality that simplifies reading and writing messages and, by this point, it starts to become a question of taste. What is important to one user is a pain for another. This article takes an indepth look at standalone MUAs.

Balsa Talking about taste, even choosing the right balsa can be challenging. Should I opt for the brand new GTK 2 version, or keep to the tried and trusted 1.4.2? As both provide a comparable range of functions, most distributions now opt for GNOME 2, and the GTK 2 version has seen more intensive development, we decided to test version 2.0.5. The first – equally superfluous and annoying – obstacle awaits the users during the initial setup phase, as entries such as smtp.provider.co.uk for the SMTP server do not lead to a working system. We were at a loss to understand why balsa attempts to dispatch outgoing mail via port 587, something which is

April 2003

doomed to failure in the case of most mail providers. Although the appropriate RFCs explicitly specify this port for mail forwarding, in reality most providers opt for the normal SMTP port 25. So you need an SMTP server entry such as smtp.provider.co.uk:smtp to get things working. The unintuitive interface is also annoying in some places: a mixture of languages and confusing dialog boxes, such as the one shown in Figure 1, make the program difficult to set up and use. Additionally, balsa does not provide a function for creating address books; if you want to use one, you first have to create it with gnome-card. This is unfortunate, because balsa is definitely worth looking into – if you need a quick mail program that integrates well with GNOME 2 and do not need things like GPG support or multiple SMTP servers. The fact that you can organize your mail folders in registers instead of a tree structure is interesting, this provides you with space that you lose in a tree structure. Balsa can cope with different kinds of encoding in both the body and subject of a message. Operations with POP accounts and local mailboxes are quick and stable. Unfortunately, this is not always the case for IMAP facilities – the IMAP standard components that the program implements commonly crash. Actions such as copying individual messages, or creating a subfolder, often cause the program to freeze. And balsa misbehaves when you delete a message on a server – even after scanning the directory tree a second time, it still displays deleted messages occasionally, and sporadic error messages indicating that the connection to the IMAP server is down, which often

www.linux-magazine.com

occur when you change directory. This does very little to build up a user’s trust.

Sylpheed Originating in Japan, sylpheed [1] enjoys increasing popularity in Europe. The reason for this is the program’s speed and functionality; it can be used both for mail handling and as a news reader. Visually appealing three-panel optics and solid localization mean that users moving to sylpheed from other mail clients should have no trouble getting used to the program (Figure 2). Sylpheed is a good choice, if you do not run a local MTA, as it allows you to set up any number of mail accounts on different SMTP servers. In addition to dependable and speedy mail processing it is the little things that make sylpheed so attractive. If you have multiple mail addresses, you can assign a standard account for each individual folder. Once set up this way, sylpheed will ensure that messages to mailing lists, for example, will always be dispatched with the address you used to join that list. The Configuration / Actions menu additionally lets you add the functionality of external programs to sylpheed. If you feel the need to send rot13 encoded messages, you can create an item in the actions menu for this purpose. To do so, add the following command: |tr a-zA-Z n-za-mN-ZA-M|

to the Command line box. Type a name for the entry in Menu name, and click on

Mail User Agents

Figure 1: A mixture of languages in the balsa configuration menus

Register to provide access to the action via Tools / Actions. Sylpheed provides quite a few nice features of this kind: Gnus users do not even need to do without their treasured XFaces. Where there’s light, there’s shade, and the integrated editor is probably the ultimate black spot in sylpheed‘s case. With its inconvenient editing functionality, sylpheed often dispatches messages with overlong lines. Of course, you can resort to an external editor to remedy this situation. The fact that the program defaults to two subject lines will annoy some mail targets. Another annoying thing is the fact that only the first message in a thread will be moved, if you attempt to move the whole thread to another folder.

KNOW HOW

Figure 2: Mail and news accounts in Sylpheed

The fact that the program is under active development means that functions that are missing today might be available tomorrow. If you cannot wait to get your hands on the latest features, you might like to look at the developer version, called sylpheed-claws [2]; claws had mail queries based on SMTP after POP and Scoring on offer before this issue went to print. As it is a bleeding edge version, sylpheed-claws may contain severe errors, so a look at the archive for the mailing list [3] is recommended.

Mulberry Modern-day nomads wishing to access their mail from various machines at various sites have no alternative but to use an IMAP server as their central mail repository. A well-implemented mail

client can offload a lot of work onto the server (such as searching for specific messages) and thus save the resources of the local machine. Unfortunately, IMAP is not only a powerful protocol, but also an extremely complex one, and there are not many MUAs capable of leveraging its strengths. mulberry is a client that gets an IMAP server working really hard. You can even organize mailboxes on different servers in a so-called cabinet and apply numerous search rules. Unfortunately, the program does not scale well (and slow servers are not always to blame). If a user has amassed too many mailboxes and other files (many IMAP servers allow access to the complete home directory, for example), it can take several minutes after an IMAP logon before mulberry is ready to respond.

GLOSSARY MTA: Short for “Mail Transfer Agent”is a program that takes care of forwarding email messages, often referred to as a mail server. Postfix, Sendmail, and Exim are some of the most popular members of this category. SMTP:“Simple Mail Transfer Protocol”is the language two mail servers on the Internet use to talk to each other and ensure that messages reach the right recipient. Smart host: A remote mail server (mainly run by Internet service providers) that, much like a mailbox, accepts outgoing mail from computers that do not have a mail server or, at least, do not have a mail server permanently listening on the Internet, forwarding it to the mail server (“Mail Exchanger”, MX) responsible for the recipient’s domain. Port: A place where client programs bind to access services running on other machines in an internet.

RFC: The first “Request for Comment”was issued by Steve Crocker in 1969 and was an invitation to discuss an article he had composed.This kind of scientific exchange was completely new, and gave rise to more requests. Many of the network protocols in use today were (and still are) standardized by RFCs. Encoding: In order to represent non-standard characters that do not occur in the US alphabet, you need to select an encoding method other than 7 bit ASCII.Thus, you can use ISO-8859-1 encoding, although this does not include the Euro sign.You need ISO-8859-15 to represent the Euro sign. Unicode UTF-8 encoding has most of the alphabets used world-wide. However, a character set must be installed (or embedded) to allow a program to display its characters. rot13: A cipher commonly used in mailing lists and on Usenet to “encrypt” texts that should not be immediately legible, e.g. the contents of

serials that have not yet been broadcast. Each letter is replaced by the letter that occurs 13 letters down the alphabet, special characters and spaces remain unchanged.Thus “abc” becomes “nop”and vice-versa. XFace: A header line that some MUAs can display as a monochrome image.To use a graphic as an XFace, you need to store it as a 48x48 .xbm file, and use the compface package to convert it to a header line. Thread: A group of mail or news messages that relate to one another.The thread view of a MUA displays threads in a tree view by content rather than date and time. Scoring: Grading system for email. Messages are awarded scores by arbitrarily definable evaluation criteria.The total score is calculated by adding and subtracting points, and decides whether a message will be highlighted (high score) or not displayed at all (kill score).

www.linux-magazine.com

April 2003

KNOW HOW

Mail User Agents

Figure 3: Mulberry 3.0 Beta with a traditional window layout

The subjective speed of this proprietary program is not always convincing, especially considering the fact that it tends to take things one step at a time. You cannot start composing a message while mulberry is busy logging on to a server, for example. Users with multiple reply addresses will find that the MUA offers excellent identity management facilities; signatures, X-headers, PGP/GPG keys etc., can be combined to form reply addresses that you can choose. This functionality is counteracted by severe usability issues. Tool tips occasionally point out the use and usefulness of an operative element, but bubble help tends to be lacking for icons and menu items that may puzzle even experienced users at first glance (or entirely). The more or less non-existent documentation for the Linux version is unforgivable in a commercial product. The dialog boxes hardly win prizes for ergonomic design; it takes a while to figure out that you are expected to click on a radio button somewhere on the right margin (Figure 3 lower right) to toggle a quick configuration of an individual mail account to an expert configuration mode. Our tests also showed that the program was by no means stable, and not only the Beta version of the next stable release, 3.0.

April 2003

The policy of opening a window per message, mailbox, or overview, tends to clutter the desktop and waste time searching. Thus, the new 3.0 version will put a fix to this and allow you to choose the 3 panel view typical of modern GUI mail clients. The program can also bounce mail and add mail addresses to an address book automatically or via a shortcut. Unfortunately, there is no way of quickly inserting mail headers selectively â&#x20AC;&#x201C; the function is either enabled or disabled. You can hide quote levels when viewing messages.

KMail KDE provides an application for almost every task, so, it was no surprise to hear that KDE had an email client of its own. KMailâ&#x20AC;&#x2DC;s major strength lies in its POP account management facility, and most users will appreciate the convenience of this feature. Users with dial-up access to the Internet will appreciate the ability to filter mail directly on the server, provided they have enabled this feature in the preferences for the account in question. This avoids downloading unsolicited adverts or overly large attachments. KMail also allows you to delete unwanted mail directly on the server, or to leave messages on the server and download them later.

www.linux-magazine.com

Local filters help organize home repositories. You can specify a folder where mail for an account will be stored when creating the account; the filter menu allows more granular control. The fact that clicking on Cancel to close the filter menu occasionally crashes what is otherwise an extremely stable program is a minor annoyance. You can create identities to ensure that you access the right SMTP server; to specify a server for outgoing mail, click on Special transport in the Advanced tab. Alternatively, you can specify the server you want to use in the Composer window for the current message. Happily, the developers are particularly keen on security; HTML is displayed as source-code by default, active content is not executed and a security prompt appears when you open attachments. If you prefer to display HTML, you can select to do so globally, or for individual folders. A combination of this feature and filtering rules allows you to display rendered HTML from trusted sources only. KMail shows its weaker spots in the context of IMAP, as it does not leverage the full power of this protocol; you cannot search a server, for example. The attempt to integrate an external editor is also a let down, as the editor does not launch automatically, instead waiting for you to press a key in the Composer window. A glance at version 1.5, which is part of KDE 3.1 Release Candidate 6, indicates that the future does hold some promise. In addition to improved graphics, functions such as LDAP support are in the offing. The filter dialog box no longer crashes, and you can specify the view type for HTML encoded mail individually without accessing the menu (Figure 4). The developers have still not resolved one problem: the latest KMail version still requires enormous amounts of memory to dispatch messages with large attachments.

Mutt Users who compose and edit large numbers of email messages soon feel restricted by the point and click paradigm and slow response of many GUI based programs. In this case, they might look to mutt, the only character

Mail User Agents

Figure 4: KMail 1.5 handles each HTML message individually

based MUA in our test. Although the interface may look spartan, a few keyboard shortcuts will soon see users reading mail as fast as their cognitive skills allow them to. Although the Web is full of useful introductory howtos, there is a lack of useful documentation for the more interesting and advanced features. The online manual is well structured and extremely readable, but the program’s author seems to think that examples are unnecessary, especially ones that explain things step by step. The numerous third party ~/.muttrc configuration files published on the Web are no consolation either, as they tend to come without comprehensive explanations. Interested users really need a good guide, because mutt can do more or less anything, with a little help from specialized external programs – strictly in line with the traditional Unix paradigm. Thus, mutt needs a local MTA to send messages. The EDITOR environment variable, or an entry in the configuration file, specifies the editor used for composing messages; if this entry is missing, you get the system default (that is vi). This provides users with plenty of

KNOW HOW

Figure 6: Mutt checking a PGP signature

leeway: vi users can specify the following entry in ~/.muttrc, for example set editor="vim +2 -c 'set U tw=72'"

to insert a line feed every 72 characters in a reply, and to send the cursor to the start of the second line (+2) – that is (provided you have commented set edit_headers out of ~/.muttrc) the first line of the quote. Of course, users have complete control over mail headers. Similar entries allow you to customize mutt in detail to reflect your own requirements. Things start to get really complicated when users start playing around with “hooks”. These are commands that “hook into” mail accounts, folders, messages, actions and are executed for a specific type of access. Thus, you can use an account hook to specify the reply address used when responding to messages sent to a specific mail account. Mutt makes excessive use of regular expressions [4] here (and elsewhere), allowing you to specify personalities, the reply address, the PGP/GPG key to use, signatures, and individual headers. Missing shortcuts, the lack of a configuration dialog to create new shortcuts (with a second configuraFigure 5: Well hidden: [c-TAB] allows you to select local mail folders; another tion dialog for [TAB] allows you to choose between the accounts listed after the “mailsetting up new boxes” keyword in .muttrc

accounts being a bonus) and the extremely rudimentary support for IMAP are the main points of criticism. This by no means detracts from the program’s popularity – once they have taken the initial obstacles, most users never want to leave, even though they may only have rudimentary understanding of one or more of the program’s complex configuration options.

Mail and More Managing private or business contacts, arranging appointments, keeping up-todate with the latest developments, chatting and surfing – the Internet fulfills a whole range of wishes and more. The problem used to be learning an assortment of tools and interfaces and, if you were unlucky, not even being able to exchange data between programs. Integrate mail programs that promise the user an all-inclusive solution might be the answer.

Evolution In addition to mail functionality evolution [5] offers a contact manager, calendar, and task planner, in fact, it looks much like a genuine groupware product. The program allows you to plan meetings and send calendaring data to other evolution users to find a vacant timeslot. The recipient can then confirm or reject an appointment in the mail window. The program takes care of everything else, transmitting an answer

www.linux-magazine.com

April 2003

KNOW HOW

Mail User Agents

Figure 7: GnuPG encryption in Evolution

and possibly entering the appointment in the calendar. Visually, evolution reminded us of Microsoft Outlook, the left-justified shortcut bar, for example, immediately caught our attention. We were impressed by the customizable overview that provides the user with a list of unread mail and uncompleted tasks. You can integrate weather reports, or newstickers. evolution is not afraid of competition: a few mouse clicks will see the GTK program serving up the latest news from dot.kde.org. Evolution‘s mail management functionality leaves more or less nothing to be desired, allowing users to create multiple mail accounts offering useful integrated GnuPG support (see Figure 7). Although evolution is capable of sending HTML messages filled with graphic based emoticons, if required, the developers are aware of the fact that not everyone wants HTML messages. The address book allows you to add a note

for addressees who will not accept HTML mail and warns you, if you attempt to send HTML messages to them. The developers themselves seem to be quite happy with HTML; evolution hides the text variant of any messages tagged as multipart/alternative (to indicate that they included, multiple format variants), displaying the more “colorful” variant, such as HTML. It is bad enough that the user is not allowed to choose a format – but not displaying an attachment symbol is an insult to the user’s intelligence. Apart from this, evolution often uses clever techniques when accessing attachments: the inline address book minicard viewer not only allows you to view vCards, but to click on a card to transfer to your address book. Formats that cannot be displayed inline can be opened in external applications. Virtual folders allow users to sort messages according to various filter criteria, or even store search results. This allows you to group messages thematically, without endless copying.

Mozilla Mail&News

If you simply cannot get to grasps with the philosophy of a separate mail program that may offer scheduling facilities, you might like to take a look at Mozilla. This all-in-one Internet suite not only manages your mail, but comprises a Web browser, mail and news clients, an IRC program and a HTML editor. Figure 8: Mozilla shows you what the recipient thinks

April 2003

www.linux-magazine.com

There are enough configuration options, but not too many to save Internet newbies from headaches. A wizard is available for setting up an account; this ensures that your basic configuration will be up and running in next to no time. When you get round to fine-tuning, you may notice a few peculiarities, such as the fact that you assign accounts for SMTP servers you have previously defined via the Advanced feature in the main account tab, instead of in Server Preferences, which would be the logical place to look. Six additional tabs provide further configuration options, and allow you a tidy overview of things like the maximum download size for mail attachments, or how Mozilla should react when asked to confirm message receipt. Global preferences are set in Edit / Preferences / Mail & Newsgroups and the submenus below this level. The mail management facility itself is quite friendly. Mozilla handled both IMAP and POP without any trouble, configurable filters kept things tidy, and a graphic display for ASCII emoticons is nice extra (Figure 8). Mozilla had no problem with larger mail folders, although the user might be shocked by empty folders from time to time. In this case the mst file containing internal Mozilla administrative information for the folder is probably damaged. If you read the file, Mozilla re-reads the messages and displays them. However, any preferences you may have set for the folder, such as enabling the thread view, will be lost. Any self-respecting browser should be able to handle HTML. The good thing is: the mail and news clients do not launch JavaScript by default, and you can even stop the clients from loading graphics off the Web. The decision to send HTML formatted mail by default is not a good idea, however. Of course Mozilla can use text/plain, provided you leave out any of the HTML formatting options, such as bold typeface or colors, but most mail newbies will not realize that a colored font will cause some recipients to dump their messages directly in the trash can. Just like evolution, Mozilla does not bother to inform the user that multipart/ alternative mails not only contain

Mail User Agents

KNOW HOW

GLOSSARY ~/: Shortcut for your own home directory. Inline display: Refers to the technique of displaying non-text components “between the lines”of a message, that is, without opening a separate window. IRC:You can use an “Internet Relay Chat”Client to attach to an IRC network (e.g. IRCNet) server and chat to other users in channels which are typically organized by subject.

Figure 9: Reminders are stored in the Calendar mailbox

HTML, but also a text section. If this does not concern you, and if you prefer to keep all your Internet applications under one roof, you will find that Mozilla is a powerful but still newbiefriendly mail program.

Mahogany Don’t be surprised if 99% of your friends have never heard of this wallflower, a mail software called mahogany. One reason for this is the fact that most major distributions don’t bother supplying the packages. Mahogany does not deserve to be ignored. Users of multiplatform Linux and Windows machines will probably appreciate the fact that the combined mail and news client is available for both operating systems. The program uses the wxWindows GUI toolkit as the bridge between these two worlds. Mahogany owes its categorization as an integrated MUA to its modular structure that allows you to add more functionality to the program. The developers supply a calendar module, although enabling will cause mahogany

Figure 10: Mahogany’s folder config dialog

TOFU: Pejorative for mail with text at the top and a full quote at the bottom. Sending TOFU is generally regarded as being extremely impolite as the recipient is forced to scroll back and forward to see what the sender is referring to. Unnecessary full quotes also increase download times and this is annoying in case of longer mail exchanges.

to freeze, if you forget to create a Calendar mailbox beforehand because mahogany needs this mailbox to store reminders (Figures 9). It is extremely likely that this freeze will happen as the documentation does not mention this issue. If you drag a message or an e-mail to the calendar window, the dialog box that then appears will prompt you to specify when you want to be reminded about the event – when the time comes, mahogany will inform you that have received a new message and display the reminder text you previously defined. The program has a lot more to offer than that. As mahogany actually is an IMAP client, managing POP accounts is quite simple. You can set individual preferences for each account, and the HTML viewer renders HTML tags without displaying active content – a sensible compromise between security and convenience. mahogany‘s quoting facilities are exemplary; the default settings allow you to mark a section in a message and then formulate a replay – mahogany will then quote only the highlighted section and place the cursor at the end of the section to avoid TOFU. One of mahogany‘s strengths turns out to be one of its weaknesses at the same time. About a dozen tabs are available for detailed customizing the characteristics of each identity, or folder (Figure 10). Users who do not take time to get to know the program or RTFM tend to lose track, as the options appear to be organized arbitrarily, although sensible defaults are some consolation. The integrated spam filter is nice try, but not particularly effective – that is, the filter actually caught 89 of 1000 spam mails.

You can accept the fact that GnuPG and UTF-8 support is not available, especially considering the fact that they are right at the top of the developers’ to-do list.

Fun for all the family In contrast to the standalone MUAs, the integrated mail programs are not direct competitors; each one of them is targeted at a different group. Home users can opt for Mozilla to cover all their Internet specific needs. Commercial users might appreciate Evolution as an alternative to Outlook, and users looking for a simple, but extensible, MUA with calendaring facilities should look to Mahogany. Users who prefer the speed of access that mutt provides are unlikely to move to KMail, although the latter provides a similar feature range and easier configuration options. Both programs show weaknesses with regard to IMAP. Mulberry could fill the gap, but you will need to be patient. Or should you go for Sylpheed after all? Everyone has their own opinion of what makes a program usable, and choosing the right MUA is a question of taste, when all is said and done. Take a look at the programs we discussed in this article to find out for yourself. ■

INFO [1] Thomas Zell:“Mail enough for everyone”, Linux Magazine, Issue 26, p42 [2] http://sylpheed-claws.sourceforge.net/ [3] http://sourceforge.net/mailarchive/ forum.php?forum=sylpheed-claws-users [4] Marc André Selig:“Needles in a haystack”, Linux Magazine, Issue 24, p82 [5] Evolution: http://www.ximian.com/

www.linux-magazine.com

April 2003

KNOW HOW

Multi Distributions

Installing Multiple Distributions Back to Back

Linux Allsorts It is not always that easy to give a Linux distribution a trial run. On the one hand you might want to keep Windows and the original Linux system, but you still need access to your bookmarks and mail. This article explains how you can achieve that. BY DANIEL COOPER

he release of a new distribution is often quite a temptation: Should I really upgrade the old system, will the new Linux really be stable, and will it really support my hardware? Wouldn’t it be wonderful just to install the new distribution without affecting the running system? Well it is possible, but it does involve completely rebuilding your system first; as a structure of the required type is quite difficult to achieve. Your patience will be rewarded with a system that allows you to install, try out, and possibly remove new releases in the future, if you decide against keeping them. Additionally, the home directories of these distributions should be identical with the exception of a few distribution specific components to ensure that you have identical mail, Mozilla settings, and text files on each Linux system. Running multiple, parallel distributions requires some careful planning, preferably before you start installing the first Linux system. Thus, we will be starting from scratch with a computer where Windows XP occupies the whole hard disk – after all, this is normally the case when you buy a new computer. The first step is to make room for Linux by deleting the XP partition, creating a smaller partition and reinstalling Windows. Re-installing can prove to be the first obstacle, because instead of a Windows XP CD many computers offer only a recovery CD that restores the original system – including the original partitioning in many cases. Partition Magic, which is available for 99 Euro (£75) in a software bundle with SuSE Linux 8.1 Professional from the distributor, should help. Partition Magic comes on a bootable CD of its own, so

April 2003

you do not need to install the program. Simply insert the CD into the drive and reboot your computer. The Partition Magic desktop should appear after about a minute, allowing you to resize the existing Windows partition.

Planning for Partitions The question is: How much space do I need for Linux? Most users can make do with 2 or 3 GB for a Linux system, although a full installation will need 5 or 6 GB. Let’s work on the assumption that you intend to install a second distribution back to back with your working copy, and need more room for a third Linux system – that you possibly found on the Linux Magazine subscription CD. We’ll add a swap partition that should be twice the size of your computer’s memory – so that makes about 10 GB altogether. We will be using Grub as the boot loader. For one thing, Grub is the standard boot loader for most current distributions, and for another Grub allows you to create a central boot configuration for all of your Linux

www.linux-magazine.com

systems. You will probably need a boot partition with about 20 to 50 MB where the kernels for all the distributions you use will reside later. You can either create new /home directories for each distribution, or use a shared partition for all your Linux systems like we will be doing in this example. The home partition will need to be big enough; 500 MB, the size used in our examples, should thus be regarded as an absolute minimum. A shared home partition has the advantage that bookmarks, browser, and email preferences can be shared by all your systems, meaning that you do not need to search several systems to find a bookmark. After resizing the Windows partition, you can start to install the working system, in this case SuSE Linux 8.1. Boot from the first CD or the DVD, select your language preference, then choose Partitioning, Custom Partitioning for experts, and create the required partitions manually in the dialog box that appears. This is the only way to

Multi Distributions

KNOW HOW

Figure 1: Partitions /dev/hda2 through /dev/hda6 are shared by all

Figure 2: Mandrake is installed on /dev/hda8 and merely uses /dev/hda5 as a

distributions; the system files for SuSE Linux 8.1 will reside on /dev/hda7,

swap partition. The partitions for /boot and /home will be merged manually

which is the seventh partition on the first IDE hard disk

after installing

completely ignore any suggestions made by the installation program.

Dividing Up the Hard Disk The following partitioning may seem a little strange at first sight, but its value has been proved in practical applications. As you can see in Figure 1, Windows XP sits on the first partition, /dev/hda1. Depending on your original setup, the numbers may be different – the important thing is that Windows occupies the start of the hard disk. Now create /boot as the next primary partition, (/dev/hda2), and format it with Ext2, the size should be between 20 and 50 MB. The remaining partitions occupy the larger area shown as /dev/hda3 in Figure 1; this is actually the total remaining hard disk space. The first so-called logical partition (/dev/hda5) is used as the swap area and will be shared by all of our Linux systems later. Swap is followed by the home partition /dev/ hda6 (also Ext2, but only 500 MB in our example); again this partition will be shared. Of course, you can use Ext3 or ReiserFS instead of the Ext2 filesystem for the home partition – but make sure that all of your distributions understand the file system you choose. Ext2 is the smallest common denominator, and will be supported even by older distributions. Ext2 is also definitely recommended for the boot partition, as the boot loader has to understand it – and at least you are on

the safe side, if you decide to install Lilo or a completely different boot loader instead of Grub later.

A Partition for Each Distribution Up to this point our partitioning is quite generic and independent of the working system we will be installing later. Now define /dev/hda7 as the root partition of your working system; this is where you will be installing your favorite distribution. In the case of SuSE 8.1 2.5 GB should be fine for a standard installation. Figure 1 shows the final status after using SuSE to partition the hard disk as described so far. You can follow the normal steps to install SuSE; the defaults suggested by the installation routine will be just fine, thank you.

Rescuing Your SuSE Settings After completing the installation and setup you will need to log on as a normal user to setup your desktop preferences. Following this, log off and then log back on again as root and launch Konqueror. If multiple distributions will be sharing a home directory, you will need to save the standard user’s desktop configuration; the standard user is called mdoelle in our example. The desktop configuration contains several generic and some distribution specific configuration options that need changing when you switch Linux systems. The symlinker script from [1] will take care of this task later, and will place distri-

bution specific files in the .SuSE directory in each user’s home directory. Rename the /home/mdoelle directory to /home/.SuSE first, and create a new, empty directory called /home/mdoelle. If you really need to use Konqueror to do this, first enable Show Hidden Files in the View menu, as .SuSE is a hidden directory and will not be displayed otherwise. The next step is to modify the permissions for /home/mdoelle (for example by typing chown mdoelle:users /home/mdoelle) and to move .SuSE into the directory by typing mv /home/.SuSE /home/mdoelle. Of course you can perform this task more conveniently using Konqueror: right click on the mdoelle directory to open the drop-down menu, select Properties and then click on the Permissions tag. Enter mdoelle as the Owner, and users as the group and click on OK to confirm. When you are done, move the .SuSE directory to mdoelle. This concludes the preparatory steps for running parallel distributions; you can now close the current session and get ready to install the second Linux system.

Installing a Second Linux System Our second Linux system is Mandrake Linux 9.0. The important thing is to ensure that you perform an expert installation – a default installation would simply overwrite the SuSE Linux system you just installed.

www.linux-magazine.com

April 2003

KNOW HOW

Multi Distributions

Partitioning the second system is quite simple: you simply place everything in /dev/hda8, a partition with 2.5 GB unused space, as shown in Figure 2. Most importantly, do not integrate the boot and home partitions you created previously, as this would overwrite the boot loader, kernel and user preferences you created for SuSE 8.1 without prompting you to confirm. We will be merging the systems manually at a later stage.

Boot Loader Trap You can follow the defaults for the installation up to a certain point; but be careful when you reach Bootloader installation. Select the floppy disk drive, /dev/fd0, as your boot device, and insert an empty formatted disk. This will ensure that the boot loader is not written to your hard disk, where it would inevitably overwrite your SuSE 8.1 boot loader. You will only require the floppy when booting Mandrake for the first time, so you can ignore the prompt to create a second boot disk. After completing the installation and configuration steps, you can boot the Mandrake system by inserting the boot loader disk, and log on as a normal user, to set up the desktop with a little help from the First Time Wizard. Immediately after doing so, log off and log back on as root – a console with root privileges is no help, as the standard user cannot be logged on at this stage.

Grub – One for All Let’s add the Mandrake entries to the SuSE Linux 8.1 boot loader first. To do so, mount the boot partition by typing mount /dev/hda2 /mnt/disk

and then type on the command line: cp -a /boot /mnt/disk/mandrake

to copy the kernel and various configuration files to the mandrake subdirectory on the boot partition. The boot preferences for Mandrake are stored in /boot/grub/menu.lst. Use an editor to open the file, KEdit, for example. You only need the title linux entry and the following two lines: title linux kernel (hd0,7)/boot/vmlinuz U root=/dev/hda8 quiet devfs=U mount vga=788 initrd (hd0,7)/boot/initrd.img

Select the appropriate lines (as shown in Figure 3) and copy them to the shared Grub configuration /mnt/disk/ grub/menu.lst. The next step is to modify the path to the vmlinuz and initrd. img files in the shared configuration so that the kernel and the initialization modules will be residing in the /mandrake directory on the boot partition and not in /boot. You will also need to edit the boot partition entry, changing (hd0,7) (which actually refers to /dev/hda8). The new boot partition is /dev/hda2 or (hd0,1) in Grub notation . Save the file and quit the editor.

Mounting the Boot Partition Now we need to ensure that the boot partition is mounted when Mandrake is launched. To do so, open the /etc/fstab file and enter the following in the second line: /dev/hda2 /boot ext2 defaults 1 1

A final call to umount /mnt/disk followed by mount -a will mount the boot partition in the right position. If you prefer, you can remove all the files in /boot first by typing rm -fR /boot/* – but this is not necessary, as the boot partition will overwrite any existing entries. On the contrary, keeping the /boot directory on the Mandrake partition will allow you to boot Mandrake from the boot loader disk, if the worst comes to the worst.

Home Mergers The next step assumes that you want to use the same user home directories on Mandrake as on SuSE – although some distribution specific menu customization will be required. This causes one or two issues, as both distributions use the same name for their desktop configuration files, although they contain completely different entries. So when you launch one system, the home directory will need to be customized to reflect the current distribution. On the other hand, it is desirable to keep an identical configuration for some programs, as this means that you only need to set up KMail once, for example, or that Midnight Commander will be the same in both systems. To ensure that this merger works, some modifications to the second, and any other distribution you add, are inevitable. During the installation procedure, Mandrake placed the home directory for the standard user on /dev/hda8, that is the Mandrake system partition. To merge both distributions, first mount the home partition, /dev/hda6, and then move the home directory belonging to the Mandrake user, mdoelle in this case, to the home partition. Symlinker [1] will also need to rename the directory to .Mandrake. Finally, unmount the home partition again: mount /dev/hda6 /mnt/disk mv /home/mdoelle U /mnt/disk/mdoelle/.Mandrake umount /mnt/disk

Figure 3: KEdit allows you to conveniently move the Mandrake boot configuration (left) to the shared Grub configuration /mnt/disk/grub/menu.lst (right)

April 2003

www.linux-magazine.com

You will want to mount the home partition under /home in future; to do so, add the following as the third line in /etc/fstab:

Multi Distributions

/dev/hda6 /home ext2 defaults 1 1

After saving the file, type mount -a to mount the home partition at the right position. Now it’s time to look at synchronizing the user and group IDs, as SuSE and Mandrake go completely different ways in this respect. Mandrake creates a group, with the same name and ID as the user, for each user – the group ID for the first user is 501. Mandrake also has a common group for all users called users like the one SuSE uses, but there are no members in the group.

Normalizing Users It makes sense to apply the user and group settings for your working system to the new distribution. To do so for Mandrake, you will need to edit the /etc/passwd file manually. Each line in the passwd file represents a user, and the fields are colonseparated: mdoelle:x:501:501:Mirko Dölle:/U home/mdoelle:/bin/bash

The first field in each line contains the user name. The simplest way of doing this would be to copy the entry from SuSE Linux 8.1; but you could also add the new user ID (500) to the third column, and the new group ID (100) to the fourth. The finished entry should read approximately as follows: mdoelle:x:500:100:Mirko Dölle:/U home/mdoelle:/bin/bash

This does not complete the conversion: Linux uses numbers to specify the owner of a file, or to be more precise, it use the user and group ID. Thus, any files with the user ID 501 and group ID 501 will need to change owner and group to 500 and 100 respectively to reflect the changes made in the /etc/passwd file. The following two commands take care of this task on the whole system: find "{}" find "{}"

/ -gid 501 -exec chgrp 100 U \; / -uid 501 -exec chown 500 U \;

You can ignore any errors reported for CD or floppy drives, and for files in the /proc directory.

Changing Distributions Both distributions are now configured to expect the standard user mdoelle‘s home directory in /home/mdoelle – but in fact, the home directory created by Mandrake is in /home/mdoelle/ .Mandrake, and the one created by SuSE is in /home/mdoelle/.SuSE. If mdoelle logged on in this state, the default configuration for KDE, GNOME, bash, and many other programs would be missing – the configuration details for most programs are stored in hidden files and directories when you start up a system for the first time (their names start with a period). Enter the Symlinker program [1]: Symlinker has to be installed on any distributions you use, and will search user homes for hidden directories with distribution specific preferences – .Mandrake or .SuSE in this case, depending on the distribution that is currently running. If it finds preferences for the current distribution, Symlinker creates a symbolic link to the home directory of the current user, thus linking the files to their original position, and allowing programs to find their defaults. When you down the system, the link is removed; thus leaving a clean home directory when you launch a different distribution, and allowing Symlink to create appropriate links. The really impressive thing about Symlinker is the fact that it checks the users home directory first, to see whether it contains a configuration file. If so, Symlink does not create a symbolic link – so if you copy the .bashrc file with the Bash preferences from /home/mdoelle/.SuSE to /home/mdoelle, Symlinker will simply leave .bashrc when you launch Mandrake. The same principle applies to configuration files for KDE programs, which are normally stored in the .kde/share/config directory.

Installing Symlinker Symlinker installs automatically when you invoke ./symlinker install as the root user. Manual installation is only required if the script fails which involves copying

KNOW HOW

symlinker to the directory with your init scripts, typically /etc/init.d or /etc/rc.d/ init.d. Also, you will need a symbolic link called K01symlinker in your runlevel directories 0 through 6, and a link called S99symlinker in runlevel directories 2 through 5; each link will point to the script. The runlevel directories rc0.d through rc6.d are typically found in /etc/rc.d or /etc/init.d. After completing the installation you will need to customize the name of your distribution in the script; the variable is called Distribution and is at the start of the file. If you want details of how Symlinker works, you might like to read the comments for the important steps in the script file. The Documents and public_html directories lend themselves to sharing, as they do not contain any distribution specific settings. If you like, you can also share your .bashrc, or your mailboxes (typically Mail or mail) to all your distributions. To do so, first remove the symbolic link in the home directory, and then copy the required file or directory from the distribution directory, .Mandrake or .SuSE, directly to your home directory.

Conclusion The scenario shown here may appear complex at first sight, and careful planning is required before partitioning and for creating user directories. The procedure for installing a third or even fourth distribution is the same as outlined for Mandrake; first install the distribution in a partition of its own, and store the boot loader on a floppy, then extend Grub manually, and finally move the home directory for the standard user to the home partition. Removing a distribution is extremely easy. To do so, simply remove the distribution specific partition and the Grub entry. Users then simply remove the distribution specific files from their home directory – this should not influence any other distributions you may have installed. ■

INFO [1] Symlinker script: http://www. linux-magazine.com/issue/28/Download

www.linux-magazine.com

April 2003

KNOW HOW

Backups

Have You Really Backed up?

Tape problems When you desperately need to restore data will it be there? Is your software the right choice for such an important task. BY ADRIAN KERTON

our hard drive has crashed, but there’s an inner contentment. Not only did you back up the whole system last night, but you keep a spare new hard disk drive at hand for just such an eventuality. No Problem; just put in the new disk, partition and format it, add the operating system, install the backup programme, (or on Unix and Linux use tar or cpio), and watch the tape drive recover the whole lot whilst you have some coffee. You’ll have it all restored before most people get in for work. You start the restore, but why is the tape drive thrashing around so much? Your heart sinks as you realise the restore is not restoring. An error message appears on the screen. It doesn’t matter what the message says, you know you are now in deep trouble. The restore has failed and you know you cannot get at your information! You eject the tape and put in the previous backup tape, OK it’s last week’s, but that’s better than nothing. Misery sets in as the same thing happens again. The phone rings. Your boss and his boss want to know why their computers are not on line. You start to explain and they make it quite clear that if you cannot get their computers on-line in an hour, you won’t have a job at the end of that hour. Why? What could have brought you to this miserable episode? Well there are a number of causes and it’s probably worth examining them to make sure you don’t get caught like this. Analysts have determined that 20-30% of backups fail, and the user doesn’t even know it. It doesn’t matter which technology you are using to backup; tape, disk, optical, whatever, there are some golden rules you need to follow. Generally the

April 2003

backup hardware will be dictated by the amount of data you want to backup, but don’t be fooled by what at first sight appears to be obvious.

Case 1 You’re safe. Your drive has Read After Write (RAW). Just about all tape drives have read after write capability. This means that there is a read head positioned just after the write head and the tape drive verifies that what it reads is exactly what it has written. If there is drop out on the tape Read After Write will detect it, the backup application will try to write the data again and if there are problems it will move down the tape and write again on a good piece of the tape, so no problem there! Or is there? Some backup applications rely on the read after write function within the tape drive to serve as the backup verification mechanism, but there are a lot of hurdles in the way of the data trying to get to the tape head. If the data is going across a network then the problems are magnified as corruption can occur anywhere in the network hardware or software before it gets close to the backup device. Read After Write won’t help you if you present corrupt data to the tape drive. Consider data coming off a disk and going to a SCSI tape drive on the same computer. It travels from the disk, onto the bus to memory and then back from memory to the bus to the SCSI host bus adapter (HBA) where the software driver has to be correctly matched to the operating system. Then through the adapter hardware to the SCSI cable to the tape drive, where the tape drive’s firmware needs to match the adapter card driver. Finally through the tape drive hardware.

www.linux-magazine.com

Within a tape drive, the data presented to the tape is often manipulated in structured ways to ensure that it gets the best distribution of flux transitions on to the tape. This makes sure your data is in the most robust format there can be. It is not unknown for something to go wrong between the data connector and the write head. In such cases Read After Write will report all is well because the read head reads the data that the write head wrote, but this data is not the data you wanted to write! It is corrupt, and if something has gone badly wrong it could be random data. The result? Garbage on the restore.

Golden Rule Don’t rely on RAW or backup software (including Unix/Linux embedded apps) that relies on Read After Write. ALWAYS run a verify pass on your backup. If the backup application does not support verify, ditch it for one that does and do it now before it is too late.

Case 2 You go to restore a data file and find it is not on the backup set. Why? Because the backup application had a complicated user interface and you misunderstood the include/exclude feature on the backup application, or you mistyped the latest free backup command line programme by one letter. Result you only backed up system files when in fact you wanted to include only data files. This can easily happen when a new job is created, because once a backup job has been created it does its job each time running in the background, and the administrator forgets all about it. When a new job is required the administrator has to “relearn” the application because

Backups

it is used so rarely, sometime only once every two or three years. Often, during the needs for a new backup job the administrator has changed, so the person creating the new backup job has to start from scratch with a package they have never seen before and no one else is around to act as a mentor.

Golden Rule ALWAYS try a restore from a backup whenever a new backup job has been configured (to a test directory is useful) to make sure the files you want are actually there. You should always do this even if you have run a verify pass, as this will only verify that the files you selected to be backed up are actually there. If you selected the wrong files, verify alone will not help you. It helps if your backup package is easy to use and doesn’t have too many bells and whistles to learn. Don’t choose a backup package that does everything, unless you really need the extras.

Case 3

approach is if one block of data cannot be read during a recovery, data from the multiple clients will be lost. Also restores are complex requiring the management of the multiple tape sets just to recover a single client system.

Golden Rule Choose a backup application that has built in error handling. Surprisingly very few backup applications can satisfactorily accommodate errors during a restore. Check with the software company to understand what they do to ensure the availability of the data. An application’s bells and whistles are no good if the underlying technology cannot deliver the data. Your data is important, so meticulous care should be taken to check a backup software’s capabilities to fully understand the level of protection it affords.

Case 4 You backed up with a verify pass, the restore runs perfectly, but then the complaints start rolling in. The data has errors, some files are in error with characters missing. Why? When a backup application is based on the cpio format, the checksums used to verify the data’s accuracy are only calculated on the meta data (data “about” the data block), and does not checksum the actual data. Therefore a cpio verify pass cannot verify the actual data is correct, only that the header information is correct. Some backup applications verify the backup by conducting test restores on random backup sets. The same issue previously addressed applies here. If the backup data hasn’t been 100% verified, users can still experience aborted restores because corrupt data can still be experienced. If the first bit of the restore

You have backed up, run a verify pass and a restore, but 3 months later the restore fails with some error message, that usually says the restore will be aborted. Typically tar or cpio will generate “tape I/O read error” and the restore will be aborted. Why? The backup application met a bad spot on tape and quite rightly found an error because it couldn’t read the data properly. Now you have the first few files from the backup, the bulk of it is still on the tape. This is typical of a backup application that is just a user interface built on top of tar or cpio. Another problem that might arise is when the backup application uses multistreaming from different client systems to the same tape. In this technique, data from one client group is interleaved with data from other client groups onto the same tape. This means that any particular client group’s data will be divided and spread amongst the data of the other client groups on the backup media. If the backup is large it may have spread over a number of tapes. The danger in this Figure 1: Read After Write Logic on the tape

KNOW HOW

is bad, the entire backup will be lost even though segments of the backup set proved to be accurate. It should be noted that a tar archive can be fully verified using a bit by bit check against the disk. This doubles the time it takes to do a complete backup. Nothing must change on the disk between the backup and verify, otherwise errors will be generated and each error will have to be investigated. This approach is impractical because of today’s shrinking backup windows. Some applications note the problems with a backup and record them in the fault log. It is very easy to forget to check the log, particularly if it is someway down the directory chain, so you will not know if your backup has failed.

Golden Rule Make sure your backup application incorporates the checks and balances to assure that the data you believe you backed-up actually made it to the backup media accurately and can be successfully and accurately recovered. Without this assurance, all other application functionality is window dressing. Make sure your backup application has some sort of notification that alerts you when there is a problem with the backup, usually by email.

Finally “I don’t need backup – I’ve got RAID.” RAID is fault tolerant, it is not fault free. The Internet is full of tales of RAID arrays that fail. Remember also that users deleting their data is one of the most common causes of lost data, and in that case RAID will not help you. If the building catches fire, the RAID array may be lost, but a tape backup made with a reliable backup package and stored offsite will save the day. Backing-up data is a simple concept; just move data to a safe place and bring it back when it’s needed. In reality, how this work gets done is very complex. The process should not be an “art form,” but good science and engineering. The availability of your data, and your sanity, depends on it. ■

www.linux-magazine.com

April 2003

SYSADMIN

Charly’s column

The Sysadmin’s Daily Grind: Zeus Load balancer 1.6 in test

Olympian Heroes Hot on the trail of the free load balancer Pen, as discussed recently in this column, a new challenger enters the ring. Zeus Loadbalancer 1.6, a commercial product, is now available for Linux, FreeBSD, Solaris, HP-UX, IRIX, AIX and Tru64. BY CHARLY KÜHNAST

SYSADMIN Multiboot CDs ........................57 Create your own CD of all your boot floppies and throw the diskettes away.

Nagios ..........................................62 NetSaint’s new successor for network monitoring is easier to configure. It has added new features and an improved open architecture.

April 2003

the client with the smallest number of clients to handle the next request. However, this approach will not work for backend machines with widely differing performance figures. To avoid this shortcoming, there is a unique Figure 1: Zeus Load Balancer has an intuitive browser GUI feature, ‘locality aware request distribution’ which makes Loadbalancer are worth the money comclever use of the caches on the remote pared with a less fully-featured, but free, machines, trying to server data from solution such as Pen. If money is not the machines that have already accessed the issue, you might also consider a hardsame data. ware based load balancer. Although the Whereas other balancers select a target asking price may be on a par with a well (such as a Web server) based on one known luxury car, the Olympians themprotocol only (such as http), the Zeus selves would show some respect for the load balancer goes one step further. It star on its hood. ■ inspects the incoming requests and might, for example, forward dynamic INFO PHP pages to a different server than the [1] Zeus: http://www.zeus.com one handling static pages. [2] Pen: http://siag.nu/pen/

A Question of Talents Of course everything has its price: a simple configuration – a Zeus balancer that can handle two backends – costs 4,800 Euro, whereas the top-notch configuration, with two Zeus balancers handling an arbitrary number of backends will set you back a hefty 13,500 Euro. Maintenance costs an extra 15 per cent of the list price on top, and standard support a further 30 per cent. Premium support will cost you 13,500 Euro plus 35 per cent of the list price of the software. Admins with generous budgets can decide for themselves whether the obvious advantages of the Zeus

www.linux-magazine.com

[3] Homer:“Odysseus”and the “Iliad”: http://digital.library.upenn.edu/webbin/ gutbook/author?name=Homer

THE AUTHOR

he mighty Zeus weighs in at just under 8 Mbytes including a GUI [1], [3] and is capable of anything you might expect from a load balancer. It distributes multi-protocol connections without any noticeable delay to an almost unlimited number of backend machines – 200 or more given the right hardware, according to the documentation. Zeus respects existing client/server mappings to avoid destroying sessions. To prevent the load balancer itself from becoming a single point of failure, you can configure a second Zeus as a backup for the first, which would also give you a performance boost because Zues runs in active-active mode, unlike the free Pen [2] product which runs in hot-standby mode. The main difference being that Zeus comes without the sourcecode but with more features and more comfort. The mythical father of the gods has a fairly neat browser based GUI, for example. When deciding which backend system should handle the next connection, Zeus does not follow a strict “Round Robin” procedure. Instead Zeus analyses the response times of the backends it controls to discover how much load each one can handle. If that is too much like Voodoo for your liking, you tell Zeus to choose

Charly Kühnast is a Unix System Manager at a public datacenter in Moers, near Germany’s famous River Rhine. His tasks include ensuring firewall security and availability and taking care of the DMZ (demilitarized zone). Although Charly started out on IBM mainframes, he has been working predominantly with Linux since 1995.

Multiboot CDs

SYSADMIN

Multiboot CDs with Boot Scriptor

Burn Baby Burn! Boot floppies may be a thing of the past, but you still tend to find them heaped next to any modern PC. A CD writer, Linux, Boot Scriptor and the following guidelines are all you need to prepare these ancient media for “thermal recycling”. SIMON RUTISHAUSER

display convenient and complex menus on screen.

Licensing Quirks Boot Scriptor is not licensed under the GPL, but has its own license that permits non-profit projects to use it provided they credit the author. Boot Scriptor can also be used for proprietary programs, although an undefined charge is levied in this case. The program’s author reserves the right to refuse a license, with the inclusion of clauses like “And in extreme cases (although I can’t immediately think of a reason we might actually want to do this) we may refuse to let you do it at all.”

Boot Scriptor Controls How Your PC Starts Up Boot Scriptor allows you to boot from CD as shown in Figure 1. If your BIOS is capable of booting from CD (see “El Torito: A little known standard”), it will fire up automatically. ATAPI CD drives can also choose to detour via Smart Boot [4] before booting from CD. The BIOS first loads a program from the CD boot sector – in Boot Scriptor’s case this is the loader.bin program. This

tool copies itself to an address other than 0x07c0 and runs Boot Scriptor. This is similar to an MBR without a boot manager that automatically runs specific code, typically the Linux kernel. Boot Scriptor then searches for the bscript.ini script in /bscript and launching it when found. Failing this, Boot Scriptor displays a command prompt. Finally, Boot Scriptor launches an external module – as specified in a script or on the command line – normally with the goal of simulating a floppy or hard disk boot. Currently, Boot Scriptor provides the following five modules: • Memdisk [3] helps to solve the issues Isolinux has with some BIOS types. Memdisk writes the complete image to a ramdisk before booting, thus allowing the running operating system to write to the virtual disk. Of course these changes are not persistent.

THE AUTHOR

n time, most Linux users will acquire a heap of boot floppies, I am speaking from experience here, as I recently discovered no less than 16 somewhat dusty floppies on my own shelves. Previous attempts to do away with them were doomed to failure, considering the fact that every one of them could have saved me hours of work if the worst came to the worst. Help is at hand – instead of 16 floppies, I am now the proud owner of one do-it-yourself CD – a multiboot CD, to be more exact. Put simply, this is an El Torito boot CD (see the “El Torito: A little known standard”) that contains images of my boot floppies. When you boot from the CD, a menu pops up, allowing you to choose the floppy image of your choice to launch. Compiling a CD of this kind is not as easy as you might think, but thanks to Linux and a helpful tool called Boot Scriptor, the obstacles on the road to a multiboot CD have become easier to manage. Boot Scriptor [1] is, at the same time, a programmable and powerful front-end for diskemu [2] and isolinux/memdisk [3], as well as an interpreter for a simple scripting language that allows you to

Simon Rutishauser still attends the MNG Kirchenfeld highschool in Bern, Switzerland and dabbles in topics such as (multi)boot CDs, Java programming with SWT, Linux (Debian Potato, Kernel 2.2.17 and later), and recently FreeBSD.

www.linux-magazine.com

April 2003

Multiboot CDs

SYSADMIN

BIOS load loader.bin

No El Torito

Smart Boot

loader.bin Start Boot Scriptor Diskemu

Boot Scriptor

Script

Isolinux/Memdisk Ranish Partition Manager Other External Module

Figure 1: Booting from a multiboot CD with Boot Scriptor

• Isolinux [3] provides similar functionality to Boot Scriptor and also includes an emulator for booting images. Boot Scriptor provides a flexible scripting language and a front-end/backend instead. • Diskemu [2]: The predecessor of Boot Scriptor was originally designed as a stand alone program; its development has been discontinued in favor of Boot

Scriptor. Programs launched from a floppy disk cannot write to disk when Diskemu is active. In contrast to Memdisk, Diskemu does not store images in RAM. The tool is still useful in some scenarios where Isolinux/Memdisk will not run. • The well-known Ranish Partition Manager tool also provides direct support for Boot Scriptor. • Boot Scriptor is open for customization and enhancement; which will need to be written in Assembler at present, although support for C is planned. An emulator for Boot CD ISO images is at the top of most people’s list, as both Diskemu and Isolinux/Memdisk only support floppy and hard disk images at present. Volunteers with expert knowledge are welcome, says the author!

Creating a Directory Structure To create your own multiboot CD, your first need a directory tree as shown in

Figure 2. The easiest way to create a directory tree is to use the current version of Build Multiboot (refer to the section on burning later on in this article) and the Boot Scriptor plugin (downloadable from [20]): unzip buildmultiboot-0.5.zip unzip bootscriptor-1.2.14.zip

Only the contents of the lib/bscript and cds/bscript/disk1/bscript directories in this directory tree will actually be placed on the boot CD. The former contains the current Boot Scriptor [1] version, or to be more precise the bscript folder from the binary archive. Alternatively, you can type the following to update to the latest Boot Scriptor version after downloading (currently 1.2.18; 1.1 is no longer supported): cd /tmp unzip U Boot\ Scriptor\ (1.2.18).zip cp -R bscript ~/BuiltMultibootU /lib/bscript

El Torito: A little known standard IBM and BIOS manufacturer Phoenix released the El Torito standard in 1994, and its principles are accepted world-wide. El Torito envisages three ways of booting from CD: • No Emulation:The BIOS loads a fixed number of sectors from the CD (up to 640 Kbytes, the real mode memory limit for a PC) and runs the code. • Floppy emulation:The BIOS handles the image of a floppy on CD (1.2 Mbytes, 1.44 Mbytes or 2.88 Mbytes) like a genuine floppy. • Hard disk emulation:The BIOS handles the image of a hard disk – with a maximum size of 700 Mbytes like a real hard disk. Of course, read access is slower than for a genuine hard disk, and many operating systems have difficulty coping with the read-only medium. Practical implementations of the specification are tricky. Floppy and hard disk emulation is hardly supported, and BIOS support for multiboot CDs, as originally envisaged, is totally obscure. All BIOSs support no emulation mode, and that means that running Boot Scriptor is no trouble at all.

Booting from IDE Drives The BIOS on the motherboard has the responsibility for booting ATAPI drives.The El Torito specification is an issue with many older boards, and even some new ones.The reason for this is that the mechanism is a lot more complicated than booting a hard disk or floppy. Help:The Smart Boot bootmanager from [4] is capable of booting from ATAPI CD drives, no matter whether the BIOS supports El Torito. Stored on a floppy it provides invaluable support for users of Boot Scriptor or Knoppix CDs [5].

Booting from SCSI Drives SCSI drives boot differently; typically the Motherboard BIOS has nothing to do with this process as the adapter will provide a BIOS of its own. It is the adapter BIOS that is responsible for implementing the El Torito standard. SCSI adapters without a BIOS are either incapable of booting – this applies equally to hard disks – or they place this responsibility firmly in the hands of the motherboard BIOS. A Smart Boot extension to provide native support for SCSI drives is not planned, and highly unlikely due to the lack of space in the MBR.

April 2003

www.linux-magazine.com

Figure 2: A directory tree like the one shown is needed for creating multiboot CDs

Multiboot CDs

SYSADMIN

Listing 1: A simple bscript.ini 01 call menu 02 restart ;Main Loop

/dev/hda1

onkey d boot 0x81 ;Boot

36 printhead: ;Print the (colored)

/dev/hda2

04 menu:

;Main

19 return

clear

print "\c8f F1: Main Menu F2:

call printhead

21 keys: ;Handle the keys

type menu.txt

call printfoot

call keys

onkey F1 restart

;onkey F2 goto linuxdisks

41 printfoot: ;Print the "Type

Boot Managers F3: Dos Tools

getkey

F4: Linux Tools

39 return

onkey 1 memdisk partimag.img

onkey 2 memdisk hal.img

onkey home restart

print "\n"

onkey 3 memdisk tomsrtbt.img

onkey b

print "

onkey 4 memdisk eltorito.img

onkey 5 diskemu smartbt.img

onkey q

quit

setpos 1 24

onkey x

quit

print "\n"

onkey a boot 0 ;Boot the

onkey end

quit

print "\c8f Type command at

right disk

onkey esc

quit

onkey c boot 0x80 ;Boot

34 return

15 16 17

command at prompt" message restart

b) Go

back to main menu"

the prompt

47 return

Any disk images you want to place on cally launched by Boot Scriptor at system the Cdrpack 1.3 archive, as it contains the CD must be copied to ~/BuildMulti startup and is thus predestined for a the Windows version of Build Multiboot boot/cds/bscript/disk1/bscript or a submenu. [20] – or vice-versa as Build Multiboot is directory below this level. The menu text itself has been stored in the platform independent Cdrpack clone, Table 1 provides an overview of variListing 2 to improve readability. In this when regarded from an evolutionary ous boot disks. You can even use 2.88 configuration, Listing 2 cannot contain perspective. Mbyte floppy images, although your PC more than 20 lines, that is 25 lines on A Simple Boot Menu may not have a drive of that size. Other screen minus the header and footer lines files that need to be stored on the CD the script outputs. The maximum line A simple boot menu, as shown in Figure should be placed in the ~/Build width is 80 characters. The cryptic look3, completes the CD. The files required Multiboot/cds/bscript/disk1 folder. ing characters are actually a frame that for the menu should be stored with the Note that Boot Scriptor supports the Boot Scriptor uses. images in the ~/BuildMultiboot/bscript/ ISO 9660 filesystem only; thus a file The script starts with a loop that calls disk1/bscript directory. Listing 1 shows a name length restriction of 13 characters the menu method. It clears the screen, simple, but easily customized, example applies. Incidentally, you do not need to outputs the header line, the menu for the bscript.ini file, which is automatirecreate the complete direcdefined in Listing 2, and tory tree to create other the footer line and waits for Listing 2: The Main Menu menu.txt multiboot CDs: instead, you user input in the keys 01 ÚÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄ¿ simply copy the ~/Build method. 02 ≥ Boot Scriptor MultibootCD ≥ Multiboot/cds/bscript folder The \cXY instruction in a 03 ≥ ≥ to ~/BuildMultiboot/cds/ print command sets the 04 ≥ This CD created by Simon Rutishauser ≥ bscript2 for example. The colors of the header and 05 ≥ simon.rutishauser@gmx.ch ≥ Boot Scriptor files stay in footer, X defining the 06 ÀÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÙ lib. foreground and Y the back07 It is also quite simple to ground color, as shown in 08 1) Partimage integrate CDs that Boot Table 2. If you specify blink 09 2) Hal91 Scriptor does not need, such on color 7 and higher, they as Windows Setup CDs, for will blink wherever they 10 3) Tomsrtbt example. occur on screen, but blink 11 4) Boot Dos with CD-Rom (eltorito.sys) support Plugins for Cdrpack 1.3 off allows you to disable 12 5) Smartboot are available from [2]; simthis “feature”. 13 ply expand the plugin keys (line 21) allows you 14 a) Boot from first floppy drive (0x00) archive in ~/BuildMultito interface to additional 15 c) Boot from first hard drive (0x80) boot to install a plugin. menu pages in the style of 16 q) Quit script, go to command prompt Linux users will not need menu.txt. If the user

www.linux-magazine.com

April 2003

Multiboot CDs

SYSADMIN

Figure 3: A simple menu for a multiboot CD, as defined by bscript.ini. This

Figure 4: A graphical menu that is quite complicated to program, although it

example shows Listing 1 and 2 in action

does not actually offer more functionality than the menu in Figure 3

presses a key, keys first performs a few global queries; for example, [Q] and [Esc] quit the script. If the user does not press any of these keys, Boot Scriptor moves down to the return keyword in line 34 and then to line 8 where the method is called, and then goes on to parse the next line. Keypresses are used to select an image for launching. If the user presses the [1] key, the instructions in keys are omitted and the command memdisk partimag. img at line 10 is launched. memdisk or diskemu will terminate Boot Scriptor and launch the corresponding image. When the user shuts down a Linux system launched by partimag.img [7], the PC will not return to Boot Scriptor, but go down normally. A list of script commands is available from [1]. If you feel ambitious, you can use [19] to build

more complex menus that deserve to be called graphic, as shown in Figure 4, for example. Is it really worth the effort? The menu in Figure 3 is just as easy to use as the one in Figure 4. You can even integrate a bitmap, the Windows equivalent of an XPM, as a splash screen that hides the console while it displays. The bitmap file is called ~/BuildMultiboot/ cds/bscript/disk1/bscript/bscript.bmp, and the image can be 320 by 240 pixels with 8 bit depth. The file cannot be larger than 126 Kbytes and must be RLE compressed. Alternatively, you can use the tolls/convert tool from the standard Boot Scriptor distribution to convert a 24 bit, 640 by 480 pixel image, and display it instead of the bitmap. The path will be ~/BuildMultiboot/cds/bscript/disk1/ bscript/bscript.bsi in this case. The show

Table 1: Practical Boot Disks Name

Description

Eltorito.sys

A boot disk with DOS and the Eltorito.sys CD driver is a must. It allows you to access the CD drive you booted from no matter whether it is attached to an IDE,SCSI,USB or Firewire bus. See the “DOS Boot Disk with Eltorito.sys”for further details. Download from [2].

Grub

Partimage

Toms Root

Hal91

Color

Blue

Green

Turquoise

Red

The partitioning program moves,deletes,resizes,and creates FAT,Ext-2/3 and ReiserFS partitions. Mandrakes Diskdrake is based on GNU Parted. Download from [6].

Pink

Orange

Can create an image of any partition (FAT,NTFS,ReiserFS,BSD-FFS,Ext-2/-3,JFS,XFS), either on another partition or across a network. Partimage uses gzip or bzip2 to compress images. Download from [7].

Light gray

Dark gray

Tomsrtbts Motto “The most Linux on one Disk”is programmatic. Available either on an overlength 1.44 Mbyte or a 2.88 Mbyte floppy,where the former uses the Lilo bootloader,which can cause problems. Download from [8].

Light blue

Light green

Light turquoise

Light red

Light pink

Yellow

White

An all purpose Mini-Linux from print server, through firewall to wireless router. Download and extensive documentation from [10].

Do-it-Yourself

Table 2: Boot Scriptor’s Color Codes Black

Not as many programs as Tomsrtbt, but Hal91 requires only a normal 1.44 Mbyte format floppy. Download from [9].

Fli4l

All that remains now is to store the results of that hard work on a CD, a task

The mini boot manager may not be able to hold a candle to Grub for normal operations,but it can boot from IDE CD ROM drives,independently of BIOS support for this feature. Download from [4].

GNU Parted

Burning: Traditional Approach or Swing Front-end

Hexcode

The boot manager runs Linux from almost any file system. Grub searches the path to find the kernel in the filesystem and only needs to re-write the MBR in case of massive changes. Cannot boot from CD! Download from [11].

Smart Boot

image file.bmp command displays the bitmap in the script, and show console restores the console. The bscriptw.com from the Boot Scriptor package can be used to test your script. It should allow you to test more complex menus and create screenshots without wasting any blank CDs. Bscriptw.com must be in the same folder as the bscript.ini file you want to test; the only way to do this at present – due to restrictions in Bscriptw.com – is to create a temporary copy of bscriptw.com and the modules directory. Unfortunately, the program will not run on Wine.

A specialized Linux version (based on [3]) with kernel 2.4,USB and Firewire.

April 2003

www.linux-magazine.com

Multiboot CDs

typically performed by mkisofs and cdrecord: mkisofs -no-emul-boot -eltoritoU -boot BSCRIPT/loader.bin -hide U BSCRIPT/loader.bin -c BSCRIPTU /boot.catalog -hide BSCRIPT/U boot.catalog -boot-load-U size 4 -bootU -load-seg 0x07C0 U

~/BuildMultiboot/lib/bscript U ~/BuildMultiboot/cds/bscript/U disk1 | cdrecord -dev=0,0,0 U -speed=4 -eject -

Command-line challenged user might also like to look into the Swing Build Multiboot program (see Figure 5). It requires a current Java 2 JRE. The frontend is launched by java -jar build

SYSADMIN

multiboot.jar in the ~/BuildMultiboot/ bin directory or by ~/BuildMultiboot/ buildmultiboot.sh. The dialog prompts your for a SCSI device, the CD you want to burn and a few other options. You might prefer to start with a CDRW, as first attempts very rarely work perfectly, but some trial and error should quickly lead to useable results. And that brings us right back to “thermal recycling” for floppies – now where’s that lighter? ■

INFO [1] Boot Scriptor: http://www.bootscriptor.org [2] Diskemu and Eltorito boot disk: http://www.nu2.nu [3] Isolinux and Syslinux: http://syslinux.zytor.com [4] Smart Boot: http://btmgr.sourceforge.net [5] Knoppix: http://www.knopper.net/knoppix [6] GNU Parted: http://www.gnu.org/ software/parted/parted.html [7] Partimage: http://www.partimage.org [8] Tomsrtbt: http://www.toms.net/rb/ [9] Hal91: http://www.itm.tu-clausthal.de/ Figure 5: Build Multiboot is a comfortable Java Swing front-end for burning multiboot CDs. It is ideal for

~perle/hal91/ [10]Fli4l: http://www.fli4l.de

users who are allergic to endless chains of commands

[11] Grub:

A DOS Boot Disk with Eltorito.sys

http://www.gnu.org/software/grub

The Eltorito.sys CD ROM driver may be a piece of DOS software but interesting all the same. It enables DOS to access the CD ROM drive it booted from, no matter whether the drive is attached to a SCSI controller, a USB, IDE or parallel port.Thanks to Bart Lagerweijs’documentation, it is quite simple to create a suitable disk (Bart’s El Torito CD-ROM Boot Disk [2]):

[12] Modboot 2.1 files: http://download.nu2.

• Create a DOS boot floppy using MS DOS 6.x or later: format a: /u /s.

nu/nu2files/modboot21.zip [13] Eltorito.sys CD driver: http://download. nu2.nu/nu2files/elboot.cab [14] CD ROM extensions: http://download. nu2.nu/nu2files/mscdex.cab

• If the drvspace.bin is on the disk: attrib -s -h -r a:\drvspace.bin and del a:\drvspace.bin. • Now create a folder called \bin on the disk and add the DOS files himem.sys, emm386.exe, and smartdrv.exe to the folder.

[15] Batch utilities:

• Download the modboot21.zip archive from [12] and extract it on the disk under Linux: mount /floppy; cd /floppy; unzip ~/modboot21.zip.

[16]CD Autorun: http://download.nu2.nu/

• Download archives [13] through [18] and copy them to the corresponding directories on the disk (do not extract them!): [13] to \level3; [14] to \lib; [15] and [16] to \level0; [17] and [18] to \level1.

[17] Help modules:

http://download.nu2.nu/nu2files/utils.cab nu2files/cdautrun.cab http://download.nu2.nu/nu2files/help.cab [18] Mouse support: http://download.nu2.nu/ nu2files/mouse.cab

• Optionally create a text file, /diskid.txt, on the disk.

[19]Complex boot menu:

• Create an image of the floppy on Linux using cat /dev/fd0 > eltorito.img.

http://911cd.tripod.com

• Following the instructions in this article, add the image to your multiboot CD. If you do not own an MS-DOS license, or are a staunch Open Source supporter, you can of course use FreeDOS [21].The boot CD available on the website also uses Eltorito.sys; thus you can either use the image directly, or as a template for your own disk.

[20] Build Multiboot: http://buildmultiboot.sourceforge.net [21] FreeDOS: http://www.freedos.org

www.linux-magazine.com

April 2003

SYSADMIN

Nagios

Network Management with Nagios, Netsaint’s Successor

What’s Going On? K

nowing what is going on in a network is a most critical task for most systems administrators. Has a computer just failed, is a filesystem full, has a service just crashed? The admin should be the first to know, and quick to remedy the situation. Network monitoring programs like Nagios [1] can help. Ethan Galstad released Version 1.0 late in 2002 – and just like its immediate predecessor, Netsaint, Nagios was released under GPL. The new name is based on the Greek word, hagios (saint). Nagios inherits the features and open architecture of its predecessor, adds some functionality and a more simple, template based configuration. In the short time since the programme was released, Nagios has proved its value in at least one large installation (see the “Nagios in the Austrian Salt-Mines” box). Nagios comprises several components (see Figure 1). The core component, referred to by the documentation as the Nagios Process or Core Logic, is the central process. It uses plug-ins [4] to collect information, parses the data, and writes to log files. When the central process recognizes a problem, it sends a message to the administrators. The Web interface and its CGI scripts read the information collated in files and render it in a browser. You can use a named pipe, referred to as an external command file, to pass additional commands to the Nagios process. This interface, which is also Web based, writing commands to the pipe file which are read and executed by Nagios.

Plug-in Architecture The Nagios processes call plug-ins to collect information on the status of hosts and services. These plug-ins can be arbitrary scripts or compiled programs, provided they implement the Nagios interfaces. The status of the query is itself contained in the return code of the plug-in; see Table 1. Additionally, Nagios reads the first line of the plug-in output (“stdout”), stores the information it has

April 2003

Nagios is network monitoring software that will help admins keep an eye on their networks. It is the successor to Netsaint’s and is now easier to configure, adds new features and an improved architecture. BY DIETMAR RUZICKA

read in the log files and, if required, notifies the admin.

Quicker Plug-ins thanks to Embedded Perl Nagios can optionally be compiled with the EPN interpreter; the complete system is then referred to as Embedded Perl Nagios. The EPN interpreter calls Perl plug-ins very efficiently: it uses a library call instead of the fork exec process normally required, and thus does not need to load the Perl interpreter every time. Unfortunately, some Perl plug-ins will not work with EPN, and debugging facilities are restricted. The “contrib” directory provides the “mini_epn” program, which is a lot handier for testing plug-ins than a full-blown Nagios system. The Nagios process is configured using text files, the central files being “nagios. cfg”, “resource.cfg”, and “cgi.cfg”. “nagios.cfg” binds additional files that contain object configurations for hosts, services, and contacts (see Table 2). A

www.linux-magazine.com

new feature allows the admin to bind complete directories, including the files they contain, to Nagios: cfg_file=/etc/nagios/hosts.cfg cfg_dir=/etc/nagios/hosts

Formerly (that is, with Netsaint), extended information on hosts and services had to be entered directly in the “cgi.cfg” file. Nagios allows you to swap the “hostextinfo” and “serviceextinfo” configuration out to individual files, which are then bound by “cgi.cfg”. The syntax of these files is a lot clearer than the old method. The administrator defines objects to represent a network with its hosts and services in Nagios, specifying the host for each service (for example an NFS export or mail server). Individual hosts can be combined to form a “hostgroup”; a host can be a member of several groups. This makes it easy to assign a service to our group of hosts.

Nagios

Structured Configuration The “parents” directive allows the admin to define the structure of the network when defining a host. This is very useful because, if a router that connects the Nagios server to another subnet goes down, Nagios simply reports a router failure. The system then marks any hosts that have this router defined as a parent as unreachable. The administrators of monitored systems are also grouped as the “contactgroup” in the Nagios configuration. An admin can belong to several groups. Nagios sends system status messages to the groups. If the Web interface requires authentication, contacts are also used as user names. The Web front-end automatically hides any hosts from which the authenticated contact should not receive messages. Authentication is also necessary if you want to use the Web interface to influence the Nagios process, such as preventing it from checking a service for a short time. Nagios checks hosts and services periodically. The “timeperiod” specifies the times to perform tests or send messages to contacts. This feature is extremely useful in real-life situations, as an admin will often not care whether a

External Program

Webinterface

External Command File

Logfiles

NagiosProcess (Core Logic) Embedded Perl

Plugin

Perl Plugin

Diverse Commands

Figure 1: The Web interface and other external programs use External Command Files to control the Nagios process. Nagios itself uses plug-ins to

service is reachable or not outside office hours. Having said that, there are some services (such as the Web service) that the admin needs to look into right away. To allow Nagios to run external commands, the admin needs to define objects for these commands in the configuration file, where “command” describes the command line including any options and parameters. Commands are mainly used for testing hosts and services, but they may also handle events, or even transmit mail or short messages to the admin. Nagios has two types of component states soft states and hard states, which can be defined as up, down or warning. This allows the program to differentiate

SYSADMIN

between real problems and temporary malfunctions. A change in status can initiate various actions, depending on whether it occurs in a soft or hard state. If the plug-in notices a host service failure, it will first change to the appropriate soft state. If, after performing additional tests, Nagios ascertains the status of “OK” before the “max_check_ attempts” threshold has been reached, Nagios terminate the soft state without generating a message. A real problem has not occurred in this case. If too many tests fail, the status type changes to hard state, and this prompts the Nagios process to initiate messaging routines (who gets what message?) and run the registered event handler.

Nagios at the Austria Salt-Mines The Austria Salt-Mines [2] are one of the oldest industrial companies in Europe; salt has been mined in the Austrian Salzkammergut region since pre-historic times. Today modern 24x7 technologies replace traditional skills. The mining equipment is controlled by a high availability IT network with 750 nodes, comprising a total of 100 servers that offer almost 1000 services.The Austria Salt-Mines gave Vienna based Cubit IT the job of installing Nagios in this environment to provide non-stop network monitoring. New Plug-ins The task of detailed monitoring of Oracle instances, run by the “check_oracle”plug-in, has clearly exceeded the capabilities its original job description.Three new plug-ins have been developed to resolve the issue: “check_oracle_sql”,“check_oracle_tablespace”, and “check_oracle_tablespace_ status”.They require a database account to read meta-data.The plug-ins are also capable of remotely checking Oracle.

checks the status of the DRBD by reading the /proc filesystem entries. New plug-ins also monitor the enterprise wide Novell Groupwise mail system. Some status data can be retrieved via SNMP (Simple Network Management Protocol), although the “check_aktiv_email”plug-in performs more exhaustive tests.This sends a mail message to an external host, which autoreplies.The plug-in then uses POP3 to accept the mail back into the Groupwise system, thus ensuring that email exchanges with the rest of the world still work. Checking network connectivity was a real challenge.The salt-mines use a Novell Border Manager as a proxy, and the system requires regular user authentication. Lynx provided a solution for this challenge: the “check_ bordermanager”plug-in now attempts to load a few national and international pages.

The three Perl scripts connect using the Perl DBI (Database Interface) to contact the database and run SQL statements. In the case of “check_oracle_sql”, the “SELECT user FROM dual”statement checks whether the instance is running correctly.“check_oracle_ tablespace”checks the space usage in the table, using system view to do so.“check_ oracle_tablespace_status”returns the tablespace status. A Linux Heartbeat cluster [9] with a DRBD (Distributed Replicated Block Device, [10]) is used for final production control (salt packaging) and as a database server at the salt-mines.The new “check_drbd”plug-in

Nagios monitors the whole salt-mine network from this room

monitor hosts, for example

www.linux-magazine.com

April 2003

SYSADMIN

Nagios

Central Nagios Server Nagios Process

External Command File check_by_ssh (Plugin)

check_nrpe (Plugin)

NSCA Client

SSH Daemon

NRPE Daemon

Local Agent

Local Plugin

NSCA-Daemon

External Host, Passive Test

External Host, Active Test

External Host, ActiveTest

Figure 2: Nagios has three ways of running tests on external systems: actively using SSH or NRPE (Nagios Remote Plugin Executor), or passively using NSCA (Nagios Service Check Acceptor). The passive variant involves the host reporting events

Testing Hosts and Services Nagios distinguishes two types of service test: active and passive. The Nagios process launches plug-ins for active tests at regular intervals, as defined in “normal _check_interval”. The plug-in polls the status of the service or host. A plug-in running locally on the Nagios server can only check the external behavior of a host. Ethan Galstad has programmed an additional module, called the NRPE (Nagios Remote Plugin Executor), to run plug-ins directly on external hosts. The Nagios server uses the “check_nrpe” plug-in to communi-

Status

Test completed successfully, the service works.

Warning

Test completed successfully,but the result was outside tolerance.

Critical

Test did not complete successfully,or the result was critical.

April 2003

High availability networks need to plan downtime, and Nagios needs to know when this is, to avoid unnecessary alerts. Sooner or later the system will need some maintenance or an upgrade. Systems that do not need to be available 24x7 can be shut down outside of normal working hours, with high availability systems having to wait for a scheduled downtime window. Another new feature in comparison to Netsaint is the fact that Nagios can choose between flexible and fixed downtime. Whereas the latter defines a fixed starting and endpoint, a flexible downtime simple defines a limited period during which the host (or service) does not have to be available. If the host fails during a flexible downtime period, Nagios will wait for a pre-defined period before re-checking the host.

characteristics in a group. Each “host”must belong to at least one host group.

Table 1: Plug-In Return Codes

Unknown

Scheduled Downtime

cate with the NRPE daemon on the monitored host. Alternatively, Nagios can call the “check_by_ssh” plug-in to use SSH to launch a program on the host. In the case of passive tests, Nagios expects an agent to report its findings using an “External Command File”. Passive tests are particularly useful for asynchronous events, such as Table 2: Configuring Nagios Objects SNMP traps. Object Description Agents can transhost Defines a server,a workstation, etc. fer data generated service Describes a service (HTTP,NFS etc.) provided by the server. by events of this contact Nagios informs this person in case of emergency. kind to the Nagios hostgroup Collates multiple “host”entries with the same

Return Code

server using the convenience of the NSCA (Nagios Service Check Acceptor). The client-side “send_nsca” then sends its results to the NSCA daemon which is running the passive command of the Nagios process. The freshness check is another of Nagios’ new features compared to Netsaint. In the case of passive tests, Netsaint cannot determine whether an agent has simply stopped working or if a problem simply has not occurred for awhile. This issue is resolved by the “freshness_check”: if the Nagios process has not had a message from an agent within the defined period, it will initiate an active test.

Meaning

The plug-in was unable to perform the service test; the result is ambiguous.

www.linux-magazine.com

contactgroup

Groups people to allow sending messages to them simultaneously.

timeperiod

Defines the times when a “host”or “service”can be tested or a “contactgroup”should be informed.

command

Describes how to launch plug-ins and other external tools.

host/service dependency

Defines the dependencies for “host”and “service”

host/service/hostgroup escalation

Defines the notification escalation procedure.

Nagios

Web Interface Nagios provides a comprehensive Web interface offering an overview of the current network status. In addition to the Tactical Overview (Figure 3) which provides information on the Nagios process, by showing the service and host tests planned next, with any comments entered by admins and the next

Templates and Inheritance The most important new features in Nagios compared with Netsaint are the program’s object oriented configuration methods – templates,which means admins only having to type repeated parameters just once. Templates are available for every service and host specific setting.They use three new variables: define objecttype{ name Template name use Name of parent template register [0/1] # object specific definitions } The “name”variable defines a unique identifier for an object. Other objects can call the “use”directive and refer to this object by name, to inherit the settings defined in the template.“register”specifies whether this object is real, and will thus be seen by the Nagios process (“1”), or an abstract object (“0”) that is used only as a parent for other objects. As is typically the case in inheritance, local definitions will override inherited characteristics: define host{ host_name host1 check_command check-host notification_options d,r max_check_attempts 5 name template1 } define host{ host_name host2 max_check_attempts 3 use template1 } “host2”calls “use template1” to inherit the characteristics of “host1”. It overwrites the value for “max_check_attempts”with a value of “3”, instead of “5”for “host1”. A well defined template structure greatly simplifies the configuration, especially if it affects several similar hosts and services.Thus a new host can be monitored by adding a few lines to the configuration.

scheduled downtimes. The comprehensive reporting facilities play an important role, and you can also view transmitted messages, the event log, and the configuration. The Status Summary displays the status of the complete system in a neat table. The Status Map (see Figure 4) provides various views of the network structure and shows the host dependencies. This view only makes sense for smaller networks, however, because it soon becomes confusing. The Alert Summary is new, and helps the admin quickly discover vulnerable servers. The Alert Histogram is another new feature that shows accumulations of problems. Admins can also manipulate the Nagios process via the Web interface, using it to enable or disable individual tests, add scheduled downtime or comments, or re-start processes.

Alerts on the Network In cases of alerts, administrators normally prefer to be notified rather than open the Web interface to discover what has happened. Nagios reflects this by generating a notification whenever a hard state changes. Special filters prevent the admin from being bombarded with thousands of messages. The first filter level allows you to enable or disable notification globally. The second stage provides host and service filters divided into four different

SYSADMIN

levels. Additionally, Nagios will not notify the admin when: • downtime is scheduled for the host or service, • a component keeps oscillating between two states (flapping), • notification has been disabled globally for a component, or • the problem occurs outside of the notification period. The last filter level comprises contact filters. The admin can define the status that Nagios will have to reach before notify each user of, say warning or critical. These definitions can be based on the hosts and/or services. This level also allows the admin to define notification times for the user.

The Right Contacts Nagios uses contact groups to find out what admin it should notify for a specific service or host group. Nagios prevents an admin receiving identical messages more than once. There are no restrictions to the channels used for alert messages. Email, SMS or instant message services, such as ICQ, are typical candidates. In the case of the salt-mines, both email and Nokia GSM 20 [5] in combination with gsmlib [6] have proved to be most valuable: Nagios uses these resources to send a message, by SMS or phone, to the admin. Nagios provides multiple alert levels (notification escalation), allowing for unrestricted definition of notification

Listing 1: Example of a contact definition 01 # generic contact definition 02 define contact{ 03 name 04 service_notification_period 05 host_notification_period 06 service_notification_options critical, recovery 07 host_notification_options 08 service_notification_commands 09 host_notification_commands 10 register 11 } 12 13 # 'nagios' contact definition 14 define contact{ 15 use 16 contact_name 17 alias 18 email 19 }

generic-contact 24x7 24x7 w,c,r #warning, d,r #down, recovery notify-by-email host-notify-by-email 0

generic-contact nagios Nagios Admin nagios

www.linux-magazine.com

April 2003

SYSADMIN

Nagios

Figure 3: Nagios uses the Tactical Overview to show an overview of the

Figure 4: The Status Map uses the Circular View to provide an overview of

system status. The area in the red frame shows that two hosts are down.

the network structure. The parent relationships of the various hosts are

In this case the downtime was scheduled

shown in a tree structure

processes. Normally, that is without escalation, Nagios sends a single alert in case of a problem and repeats the message after a defined interval. The system administrator can define the messages, and intervals for more urgent cases.

Notification Escalation The salt-mines use notification escalation for a few critical systems (see Listing 2). In case of failure in the final production plant, Nagios not only transmits a standard alert by email, but sends a short message for the first three alerts to the system administrator in charge. If the administrator fails to react within this period, the system calls the admin’s cellphone every 15 minutes. This takes care of situations where short messages

get lost or the on-duty admin does not notice that a message has arrived. Notification escalation can also be used for event handling. At first glance this may seem a slightly roundabout way of doing things, but it does provide flexibility. Nagios, in this mode, can first attempt several automatic responses to an issue, before alerting an admin at home. A normal event handler only has one shot, in contrast.

Clever Use of Escalation The idea is to create a pseudo-contact. A “contact” definition includes both “service_notification_commands” and “host_notification_commands”. Instead of dispatching an e-mail or short message, the admin can define additional

Listing 2: Escalation Notification Levels 01 02 03 04 05 06 07 08 09 10 11 12 13 14 15 16 17

# AS/400 everything define serviceescalation{ host_name service_description first_notification last_notification contact_groups notification_interval } define serviceescalation{ host_name service_description first_notification last_notification contact_groups notification_interval }

April 2003

susen2 * 1 3 admins, notify-by-sms 5

susen2 * 4 0 admins, notify-by-call 15

www.linux-magazine.com

actions, such as rebooting the Web server. This method is admittedly complex, as the admin needs to define both the command, and additional objects, such as the “contact_group”, a “contact” and a “serviceescalation”. If you do not need escalation levels, you might prefer to stick to simple events. You can use events as triggers that refer to “command” definitions to launch arbitrary programs. Nagios calls the event handler when a service or host fails, when a host enters a soft fail state, changes from a soft to a hard state, or reverts to a normal state. In large networks it is often necessary to distribute network monitoring to several servers at several sites, but at the same time collate this data in one central

Central Nagios Server

Remote Nagios Server

Nagios Process

External Command File

OSCP Command

NSCA Daemon

NSCA Client

Figure 5: Distributed monitoring requires servers to report status information to the central monitoring server via the OSCP command (Obsessive Compulsive Service Processor) and NSCA (Nagios Service Check Acceptor)

Nagios

Distributed Monitoring The distributed servers and the central server use the NSCA to communicate. The services running on the distributed servers are defined as passive tests on the central server. Hosts cannot be tested in this way, even though the central server still needs to perform an active test. The “obsess_over_services” directive is responsible for passing information from distributed servers to the central repository. If this facility is active, Nagios runs the Obsessive Compulsive Service Processor Command for each service test, following the event handler and notification. The command can be defined to pass information to the NSCA client, which uses the NSCA daemon to pass the information to the Nagios process. In typical heterogeneous environments you tend to encounter problems that might be difficult to solve without resorting to a few tricks. Nagios’ open structure is a big help in this case. One of the stipulations set by the saltmines for Nagios was that the network monitoring system should include the final production and the automatic forwarding systems. Although these systems use a Linux cluster as an application and database server, the clients themselves run on Windows, and there are even some Netware servers in there. All of these systems require different agents to interact with Nagios. The most critical agents perform log checking and query applications to discover if they are still alive.

Log Checks on Multiple Platforms The log check uses a cronjob to check the log files at regular intervals, testing for regular expressions and reporting the status to Nagios. The activity check tests whether a monitored application regularly modifies files, and raises an alerts if not. Both programs are

implemented in Perl; the interpreter is available for all three platforms. The problem was getting the log check the send its results to the Nagios process in the form of a passive test. This is trivial on Linux; NSCA provides everything you need. Windows needs to take a little detour: the agent uses OpenSSH (in the Cygwin version) to launch the “send_nsca” command remotely on the Nagios server. OpenSSH also provides for active management of the Windows hosts: if required, Nagios can log on to the Cygwin SSH server and reboot a computer, for example. The range of possibilities was far more restricted on Netware. Here, the local agents uses e-mail to send its results to the central server, which in turn, evaluates the message and then uses an external command file to pass them on to Nagios.

To be Announced A few useful features are in the pipeline for the next major release of Nagios, some of them have already been implemented. One of the functions that has already been set in place is the

Integrating Other Operating Systems

performance passive hosts testing, which greatly simplifies distributed monitoring. If you have to revise your Nagios configuration regularly, you will appreciate the fact that the Web interface only works as expected if your configuration is consistent. Version 2 will use a Cached Object Definition File to prevent problems if configuration files are modified after launching Nagios. The use of regular expressions should help save the admin a lot of typing in future. Nagios 2.0 will be dropping quite a few older features. For example, it will no longer be possible to enter our checks definitions and advanced host information directly in the “nagios.cfg” file, although this method was available both in Netsaint and Nagios 1.0. A more flexible template based solution will then permanently replace the older variant. Version 3 plans to exchange CGIs programmed in C PHP Web interface. Status files, comments scheduled downtime data are currently stored in three log files, although Ethan Galstad with currently considering placing them in an XML formatted file. ■

INFO [1] Nagios: http://www.nagios.org

In most large networks, admins will be expected to take care of one or two Windows servers, Netware servers, an AS/400 or other operating systems. An operating system specific client is required to allow Nagios to monitor these systems. In the case of Windows this is the NS Client (Netsaint Windows Client) by Yves Rubin [7]. It allows you to monitor the CPU load, memory and hard disk usage, the status of various services and processes, and many other things.The NS client must be installed on the Windows host; the information it produces being read by the “check_nt” plug-in. James Drews’[8] MRTG extension provides an extremely useful Netware client.The Netware extension allows you to monitor the CPU load, volume usage, the amended thread count, various caches and buffers, the status of the DS database, login status (enabled or disabled) and many other things.To do so, you simply load the “MRTGEXT.NLM”module on the Netware host, and allow Nagios to collect the data using “nwstat.pl”or the “check_nwstat” plug-in.

[2] Austria Salt-Mines: http://www.salinen.com [3] Cubit IT: http://www.cubit.at [4] Nagios Plug-ins: http://nagiosplug.sourceforge.net/ [5] Nokia Products for Business: http://www. nokia.com/nokia/0,5184,2970,00.html [6] Gsmlib: http://www.pxh.de/fs/gsmlib/ [7] NS Client: http://nsclient.ready2run.nl/ [8] MRTGEXT.NLM: http://www.engr.wisc. edu/~drews/mrtg/ [9] Linux-HA, Heartbeat: http://www.linux-ha.org/ [10]DRDB: http://www.complang.tuwien.ac. at/reisner/drbd/

THE AUTHOR

repository. Nagios provides suitable facilities. The central server has the same features and components as a single server, whereas the distributed servers are restricted to the Nagios process and its plug-ins.

SYSADMIN

Dietmar Ruzicka is a computer science student at the Technical University in Vienna, Austria. He is responsible for Vienna based Open Source service provider, Cubit IT’s, Nagios project.

www.linux-magazine.com

April 2003

PROGRAMMING

ctags

Source Code Navigation

Finding your way

hile high level approaches such as class hierarchy diagrams or comprehensive documentation can help to cut down on the time spent searching source files, a more important factor is the effort of context switching. When you are already in your editor writing code, you should not have to break the flow and leave it to look up a method or function. While most good editors will let you shell out and run a grep or a find command over the file system, we are going to explore a tool that is more integrated with our editor, assuming you use one that is listed at http://ctags. sourceforge.net/tools.html, which includes both Emacs and Vim. This tool, called ctags, builds up a tag (or index) file of language objects that can be reached from the comfort of your editor with no more effort than a couple of keystrokes.

April 2003

As a projects code-base grows in size to the point where it gets too complex for a developer to hold in memory, easy navigation becomes increasingly important. BY DEAN WILSON As of version 5.4 ctags is aware of 28 different languages. So while we use code samples written in Java, the same principles can be applied to your own project no matter which language it is in. The exact objects available varies for each language, typically these include equivalents to classes, methods, functions and packages.

Getting Ctags Ctags is available from http://ctags. sourceforge.net/ under the GPL and follows the standard install process (see Listing 1). Once you have compiled and installed the application, you can run the command ctags --version to ensure that it has

www.linux-magazine.com

installed correctly, followed by the command ctags -V. This second command will display a list of file extension to language mappings and any configuration files ctags has found and will use when run. Due to Unix paying little heed to the extension of a file, ctags runs through a number of methods to detect which language a source-file is written in: â&#x20AC;˘ File extension (.pl, .java) â&#x20AC;˘ Shebang line (If the file is executable) If neither of these returns a language ctags recognizes then the file will be ignored. ctags behaviour as it runs through a selection of files can be viewed by running a ctags -V, it will display the name of each file encoun-

ctags

Listing 1: Standard Install # where <version> is a string # such as 5.4 tar -zxvf ctags-<version>.tar.gz cd ctags-<version> ./configure #start the actual build make #this requires root privileges make install

tered and either list the language matched or show it as skipped. If you have a number of script files without file extensions then they are required to have executable permissions set, otherwise ctags will not parse the shebang line (The first line of the script, #!/bin/perl is an example of a shebang line.) This is not documented in the man pages and can cause some puzzlement when you first begin using the tool. Now we have installed ctags and have some diagnostic capabilities under our belt we can look at the benefits that the tool provides. Shown in Listing 2 are two

Listing 2: Java source //simple counter class, Tally.java public class Tally { int tally; public Tally() { tally = 0; } public Tally(int num) { //start tally at 'num' tally = num; } public void incrTally(int num) { tally += num; } public void decrTally(int num) { tally -= num; } }

PROGRAMMING

small snippets of Java source Listing 3: usetally.java code, a class and an application that uses it. While the // usetally.java examples are simplistic and public class usetally { very stripped down they will public static void main(String[] args) { serve to illustrate the principles of the tool. Tally delivered = new Tally(); The Tally.java class found Tally dispatched = new Tally(10); in Listing 2, should be fairly self explanatory even to nondelivered.incrTally(5); Java coders, an instance of delivered.incrTally(5); this class serves as a counter dispatched.decrTally(5); that can either be increased } or decreased and has multiple constructors, the first of } which creates the instance with a value of zero while Using ctags with Vim the second allows a starting value to be defined. Now we have a tag file let us begin naviThe usetally.java source which is gating by using it in conjunction with shown in Listing 3, does very little, it vim (A short introduction to ctags and creates and then modifies two instances Emacs can be found in the sidebar.) All of the Tally object before exiting silently. Java applications have a main() method If we now run ctags * in the directory that serves as an entry point to the containing these two files a new file program and is executed first. While we called tags is created. If we open this file only have two source files to worry in our editor we can then see how simple about unless you know which file this the tag file format is. method is in you may end up having to We first have a number of comments search through both of them, using vim detailing the version of ctags being used, we can pass the problem to ctags: these can be recognized by the ! at the start of the line. Following these lines is $ vim -t main the actual information we are interested in (wrapped to fit, in the tag file By default vim looks for a file called (not it is all one line): surprisingly) tags for the tag definitions it should be aware of. You may have in the past invoked vim with either vim incrTally Tally.java /^ U +12 filename to go directly to line 12 of public void incrTally(intnum)U filename or even a vim +/word filename {$/;" m class:Tally to jump directly to the first occurrence of a word in the document, but in this case Working through the tab delimited you are telling vim which tagged object fields the first field is the name of the you would like. Vim will then look-up object found, in this case its one of the name of the file containing the object our methods, incrTally. and the pattern that matches it from the The second field is the file name tag-file and with this information take the object was found in while the you to that object. third field is the regular expression Now that we are in the usetally.java used by ctags to locate the object in file, if we find a method call we want to the file. The fourth field is a short investigate (such as decrTally) then we description of the objects type, possican move directly to its definition by ble values vary by language, in this entering :tag decrTally in Vimâ&#x20AC;&#x2122;s comcase an m in a Java file means a mand mode. method. To return to our starting position in the The full list of languages and the usetally.java file you can enter Ctrl t and objects supported under them is we will be whisked back. If you move available in the ctags manual at through a chain of tags one after the sourceforge (http://ctags.sourceforge. other you can use the command :tags to net/ctags.html)

www.linux-magazine.com

April 2003

PROGRAMMING

ctags

display the path you have taken. You can navigate through this list using :[num] tags to move forward the specified number of tags and [num] Ctrl t to move back. If you wish to jump back to the tag at the top of the list you can use the quick command :tag to save going back multiple levels. While it is useful to be able to jump to another tag by name regardless of position it is much more common in day to day editing to need a refresher regarding a piece of code that is on screen. In an attempt to save the number of keystrokes needed to type in the full-name of the object we are interested in, we have a shortcut available. To see this in action move down to the line containing dispatched.decrTally(5); and move the cursor over decrTally, you can now type Ctrl ] and you will be whisked away to the method definition without needing to know which file or even which directory the method was defined in. To jump back to where you were editing once you have browsed through the method you can enter Ctrl t and be back in usetally.java. If you are unsure of the full name of an object that you want to display or are just a lazy typist, you can use vim to auto-complete the potential options by typing :tag Tall while in vimâ&#x20AC;&#x2122;s command mode and then pressing tab. If any tags are available that begin with Tall then the tag name will be autocompleted. In the event of more than one tag being a possible match, pressing tab again will move to the next tag; eventually this will cycle through all the possible tags and return to the first match. Once you find the tag you wish to move to, you just need to press return. In a similar vein if you are unsure of the tags name then you can do a wildcard search with :tag /tally and then use the tab key to iterate through all the tags containing the string tally (This method

Listing 4: getTally method // add to Tally.java within the // outermost curly braces public int getTally() { return(tally); }

April 2003

Listing 5: getTally calls //this line already present dispatched.decrTally(5); System.out.println("Num delivered: " + delivered.getTally()); System.out.println("Num dispatched: " + dispatched.getTally());

is case insensitive) until you find the desired match. You may have noticed that when we displayed an object using a tag, the screen updated to show us only the code at our destination. To keep both on screen simultaneously we can either enter :stag tagname instead of :tag tagname to open an arbitrary tag in another window or we can use Ctrl W ] to do the same with the object under the cursor. If the window created using the latter is not large enough then you can specify a number of lines before the command, so to open the object under the cursor in a 20 line window you would type 20 Ctrl W ] in command mode.

Advanced Tag Files You may have noticed that we said you wouldnâ&#x20AC;&#x2122;t need to know even the directory containing the method, if your project has a simple structure with a single base point then you can run: $ ctags -R *

Which will recursively walk through each directory building up a single tag file containing the objects for all the source files it finds. Some important details to note when using this approach to create a project wide tag file is that by default ctags builds its tag-file using relative paths; a tag file that is moved from one directory to another is unlikely to continue working. A second issue that crops up when using ctags like this is that of projects with different base directories. The source files used in your project may come from completely different parts of the file system. One of the simplest ways of working around this is to run ctags once for each base path, but with the -a option so that the tag file is appended to rather than overwritten. This will also sort the tagfile for efficient searching.

www.linux-magazine.com

While we have workarounds to both of the annoyances presented above it is possible to use a little knowledge of ctags, shell and the find command to tailor the contents of the tag-file to meet our needs. If ctags is given an absolute file name to search through then the objects listed in the tag-file will retain the absolute path, while this may seem like trivia it allows us to generate a tag file full of absolute paths with a find command: $ ctags `find /usr/src/javaU project/ -name "*java" -print`

In this example the back-ticks surrounding both the find command and its arguments alter the order of command execution so that find is run before ctags. When it has finished running its output is passed back into ctags providing the arguments ctags needs. This also allows us to run ctags over a number of different source trees at once by specifying multiple paths to find. Combining ctags with other commands allows its functionality to be extended to meet the specific needs of your project. Most languages have the ability to reuse external code so with a little ingenuity you could even use ctags to dynamically generate comprehensive tag files based upon the projects current code base without even needing to know the libraries used, they could be determined from the code itself. Now we have covered how to build both a tag-file and navigate within vim using it we can look at some less obvious details. Whenever we have mentioned the tag-file we have said that it uses patterns rather than line numbers to match objects. This design has both strengths and weaknesses, lets add some code to each file and then look at them. In the Tally.java class add the getTally method to the body of the class, its exact position is irrelevant (see Listing 4). We can then add some calls to getTally in

ctags

Working When ctags scans through the tag-file the first object that matches your destination is returned, in this case it is the first constructor every time as ctags does not look at the argument list of an object, in the eyes of ctags all constructors are created equal. At first glance this seems like a show stopping bug but in line with the “Keep It Simple Stupid” (KISS) philosophy ctags delegates the resolution of this to the editor itself, ctags gathers information about all available object, how to best resolve conflicts is left to the editor. In Vim we have the tnext and tselect commands to remove this issue. If you jump to a match (Using either :tag tagname or Ctrl ]) and do not see the code you are expecting you can issue a

Table 1: vim commands command

moves to

:tfirst

first match

:[num]tprevious

[num] previous match

:[num]tnext

[num] next match

:tlast

last match

Tagging Emacs Although we use vim to illustrate the uses of ctags in the body of this article it is also possible to use tags from within Emacs, allowing us all of the same benefits. By default Emacs uses an external application called etags to generate its tag-files (which are named TAGS and have a different internal format from those generated by ctags.) Fortunately when you install ctags a symbolic link is created called etags that invokes the ctags binary but in etags emulation mode. When invoked as etags its output is in the TAGS file format. Emacs allows the full set of tag operations that vim does and this is a brief introduction to some of them. For more details about the when and why you would use them you should consult the main body of the text. Emacs is a complex and powerful editor, unless you are already an Emacs user familiar with principles such as the META key, this brief :tnext in command mode and you begin to cycle forward through the possible matches. In this case if you try and jump to the second constructor you will be taken to the first match, which is incorrect, you can then issue a :tnext to continue through to the next possible match. When dealing with an object that has a number of constructors or a class hierarchy that has multiple classes with identically named methods, iterating though the potential matches can be as time consuming as looking up the documentation. Instead of going through one at a time you can enter :tselect and be presented with a list of all possible matches along with some metadata about the match, such as the type of object and the name of the file containing it. In addition to the basic tnext and tselect navigation commands shown vim cal also use additional commands (see Table 1). If not specified in the command then [num] defaults to one. As an aside the :tselect command can take a search

explanations given here will not be enough to get you started. To read in a TAG file enter M-x and type visit-tags-table followed by return. You will then be prompted for the location of the TAGS file you wish to use. Select this and press return. To jump to a tag by name type M-. and then you can either type the full tagname or enter a partial name and use tab for auto-completion. If you want to jump to the tag under the cursor then you enter the same command (M-.) but press return to accept the default value, which is the currently selected tag. To return to your base point you enter M-*. If there are multiple possible matches for the destination tag once you have visited the first match you can always iterate through them with C-u M. Full details of tags within Emacs can be found within the Emacs tag info page, a document that excels in coverage if not in being user-friendly. string (such as :tselect /Tally) and it will return a list of everything in the tag file that matches, along with a small amount of meta-data that may make your choice a little easier.

Closing Tag Now that you have been introduced to the basic functionality of ctags when used in conjunction with a powerful editor, you will hopefully find navigating through a tangle of unfamiliar source code much less of a chore. ctags is a paragon of the “each tool should do one thing and do it well” philosophy and once you start to include it in your toolbox, either running it by hand or combining it with your other build tools you will wonder how you ever got along without it. ■

THE AUTHOR

usetall.java under the dispatched. decrTally(5); line (see Listing 5). We now run ctags -a * to append any new objects to the tag-file. Running ctags in append mode will not add all the functions twice, it will only add those not present without needing to adjust those already in the file. This added to the fact that changing the code around the tagged objects does not break the tags are the two main reasons for choosing this implementation. However, like most benefits, this tactic brings problems of its own into play. If we go back and look at the Tally.java class then it becomes clear that it has two constructors. Open the usetally.java file and move the cursor to the Tally() section of the Tally delivered = new Tally(); line. If you then jump to the constructor using Ctrl ] you will be taken to the first constructor, the one that takes no arguments, as expected. Now navigate back and then repeat the process with the line beneath. In this line the Tally object is created with an argument passed in. Notice how you are, incorrectly this time, taken to the same constructor as before?

PROGRAMMING

Dean Wilson is a Unix system admin and software developer at WebPerform Group Ltd. He has encountered outdated documentation once to often for his own good.

www.linux-magazine.com

April 2003

PROGRAMMING

Coin 3D – textures

Interactive 3D Worlds with Coin and Qt

Moving Objects Coin and a few lines of C++ will allow you to implement even the most ambitions ideas, creating and animated 3D world from a few simple objects with textures and complex VRML models. BY STEPHAN SIEMEN D objects do not really look realistic, until you apply a texture to them. Coin and C++ (see the “Review” box) provide you with simple means to use this approach, and this does not involve tedious manual programming of objects. Open Inventor, and thus Coin, can integrate VRML 1.0 files for which tried and trusted graphic modeling tools are available. Animation allows the scenes you develop really come to life. The scene graph is the common denominator that connects the various elements of a 3D worlds. It is a classic case of “divide and conquer”, a complex scene is far easier to program when divided into smaller parts. Before programming a scene it is advisable to

01 02 03 04 05 06 07 08 09 10 11 12 13 14 15 16 17 18

Figure 1: The earth in 3D. A sphere and a suitable surface texture are all you need for this graphic

create a list of the required objects and their characteristics. A group node is needed for each geometrical type; the required transformations (such as rotation or scaling) are added first, followed by the material attributes (such as the color) and finally by the actual geometry. This order is imListing 1: Drawing the Earth portant as Open SoSeparator* drawEarth() Inventor uses Open{ GL for rendering. // Objects for group nodes and texture SoSeparator *earth = new SoSeparator; When subdividing SoTexture2 *texture_earth = new SoTexture2; the scene, you should attempt to re// Name of texture file use as many objects texture_earth->filename = "worldmap.rgb"; as possible, as this approach saves code // Add texture to group node and is easier to keep earth->addChild(texture_earth); track of. One possible approach would // Add sphere to group node be to write functions // => Draw texture on surface of sphere earth->addChild(new SoSphere); that use a pointer to return smaller scene return earth; graphs or groups. } This would allow

April 2003

www.linux-magazine.com

more convenient integration of available components into scene graphs. Programmers tend to swap out code recurring segments to libraries, graphics programming is no exception. Libraries can be used to integrate pre-defined descriptions for recurring, complex objects, the most common variant being three dimensional scenes, described by scene graphs of their own, and 2D images (also referred to as textures in this context). The latter are applied to the surfaces of other objects.

Textures Textures are designed to make other objects appear more realistic. Open Inventor offers two flavors: textures that are described by a matrix stored in memory, or as a two dimensional file based image. The former approach is extremely time-consuming and normally unnecessary. In order to load a texture from a file, the program first creates an object of the “SoTexture2” class, which is then passed the name of the image file:

Coin 3D – textures

SoTexture2 *texture = U new SoTexture2; texture->filename.setValueU ("texture.rgb");

The texture object must be inserted into the scene graph before the object that it is applied to. Open Inventor provides two ways of applying textures to objects: it can either apply a single (default) or multiple instances of texture to an object. Coin uses the “simage” library [5] to load textures and supports the following formats: JPEG (“.jpg”), GIF (“.gif”), Targa (“.tga”), PIC (“.pic”), SGI RGB (“.rgb”, “.bw”) and XWD (“.xwd”). Listing 1 shows some code that applies a world map to a sphere. The code is implemented as a function that returns a pointer of the “SoSeparator” type. The group node contains a texture called “SoTexture2”, and a sphere, “SoSphere”. The file “worldmap.rgb” is available from [8]; and was originally an Inventor Mentor sample file. Figure 1 shows the results of running the function within the context of a scene graph and rendered by “SoQtExaminer”.

External Geometries As previously mentioned, multiple instances of an object with various sizes and aspects can appear at multiple positions within a scene graph. As Open Inventor describes the shape indepen-

Review The first part of our mini-series on Coin [1] described how three dimensional graphics are produced in C++ using Coin and SoQt . Coin [2] is a free clone of Open Inventor (SGI [3] and TGS [4]), which is based on OpenGL. The examples in this and the previous article do not contain Coin specific code.Thus, the programs should run with any Open Inventor version and any clone, with the possible exception of the window system binding: Qt is used in place of Motif here. One advantage of Open Inventor in comparison with OpenGL is the fact that the former uses scene graphs to describe 3D scenes.The scene graph is a tree structure, where nodes are used to store 3D elements.The position in the graph defines where and how will Coin displays a node.This allows you to store a scene or part of it, and program its behavior (interaction and animation).

dently of the position, orientation and aspects (such as color), programmers can re-use an object arbitrarily. As the example with the chair in part one [1] showed, the objects only need to be defined once. A large amount of code is required to describe an object’s geometry, particularly in the case of more complex objects. To keep largescale projects simpler, it normally makes sense to store complex objects in separate files. Open Inventor uses a special file format for this purpose, just like VRML. The file suffix is “.iv”, and the content can be either ASCII or binary. It is normally preferable to store smaller scenes in (readable) ASCII format. Larger scenes should be stored in binary format to save space and allow Coin to load them more quickly.

PROGRAMMING

The “loadGeometry()” function described in Listing 2 returns a pointer to a a scene graph stored in a file. The function contains several error handling routines to ensure that only valid scenes will load. Some more sample Open Inventor files are available from [8], such as “boeing767.iv” that describes the geometry of a Boeing 767 jet. Figure 2 shows the scene in “SoQtExaminer”. A quick look at the ASCII text version soon shows how complex the scene description is. In graphical programming, modeling tools are normally used to develop complex objects (such as figures and vehicles). The designer can then export the objects to the required file format (Open Inventor “.iv” or VRML “.wrl”), and Coin loads the files at runtime. Lots

Listing 2: Loading Geometry from a File 01 SoSeparator* loadGeometry(const char *filename) 02 { 03 // Root of scene graph 04 SoSeparator *file_scene = new SoSeparator; 05 06 // Handler for Open Inventor file 07 SoInput myScene; 08 09 // Open scene file 10 if (!myScene.openFile(filename)) 11 { 12 printf("Error loading file '%s'\n", filename); 13 return NULL; 14 } 15 16 // Is the file format valid? 17 if (!myScene.isValidFile()) 18 { 19 printf("File '%s' is not a valid Inventor file\n", filename); 20 return NULL; 21 } 22 23 // Read scene and add to group node 'file_scene' 24 file_scene = SoDB::readAll(&myScene); 25 26 if (file_scene == NULL) 27 { 28 printf("Error reading file '%s'\n", filename); 29 myScene.closeFile(); 30 return NULL; 31 } 32 33 // Close file 34 myScene.closeFile(); 35 36 return file_scene; 37 }

www.linux-magazine.com

April 2003

PROGRAMMING

Coin 3D â&#x20AC;&#x201C; textures

Listing 3: Earth Rotation 01 #include <Inventor/Qt/SoQt.h>

converter->a.connectFrom(&counter->output);

02 #include

converter->expression.set1ValueU (0,"oa=a/(2*M_PI)");

<Inventor/Qt/viewers/SoQtExaminerViewer.h> 03 #include <Inventor/SoInput.h>

04 #include <Inventor/nodes/SoSeparator.h>

// Connect counter to earth rotation node

05 #include <Inventor/nodes/SoSpotLight.h>

earthrotation->angle.connectFrom(&converter-

06 #include <Inventor/nodes/SoScale.h>

>oa);

07 #include <Inventor/nodes/SoTexture2.h>

08 #include <Inventor/nodes/SoTranslation.h>

// Add earth group node

09 #include <Inventor/nodes/SoRotationXYZ.h>

root->addChild(earth);

10 #include <Inventor/nodes/SoSphere.h>

11 #include <Inventor/engines/SoTimeCounter.h>

// Create group node for plane

12 #include <Inventor/engines/SoCalculator.h>

SoSeparator *plane = new SoSeparator;

14 // Insert Code for Listing 1 and 2 here

// Move plane from center of scene

SoTranslation *altitude = new SoTranslation;

16 int main(int argc, char ** argv)

17 {

altitude->translation.setValue(0,0,1.2); plane->addChild(altitude);

// Initialize SoQt (creates a Qt window)

QWidget *window = SoQt::init("main");

// Scale plane down and turn through 90

SoScale *scale = new SoScale;

scale->scaleFactor.setValueU

20 21

// Create scene graph

SoSeparator *root = new SoSeparator;

root->ref();

(0.0025,0.0025,0.0025); 71

plane->addChild(scale);

SoRotationXYZ *course = new SoRotationXYZ;

// Spotlight scene: also creates shadow

SoSpotLight *light = new SoSpotLight;

course->axis.setValue("Y"); course->angle = 1.5707963;

light->location.setValue(0,0,2);

light->direction.setValue(0,0,-1);

light->cutOffAngle = 1.5;

// Read plane geometry from file

plane->addChild(loadGeometry("boeing767.iv"));

29 30

root->addChild(light);

plane->addChild(course);

// Group node for rotating earth

// Add plane to scene

SoSeparator *earth = new SoSeparator;

root->addChild(plane);

// Set rotation node

// Create viewer

SoRotationXYZ *earthrotation = new

SoQtExaminerViewer *b = new

SoRotationXYZ; 37 38

SoQtExaminerViewer(window);

earthrotation->axis.setValue("Y"); earth->addChild(earthrotation);

b->setSceneGraph(root);

b->setHeadlight(FALSE);

b->show();

// Add earth to scene

earth->addChild(drawEarth());

// Show windows and wait for "Exit"

SoQt::show(window); SoQt::mainLoop();

42 43

// Set Counter

SoTimeCounter *counter = new SoTimeCounter;

counter->max=360;

// Delete viewer and scene reference

counter->step=1;

delete b;

counter->frequency=0.03;

root->unref();

// Convert values: Degrees -> Rad

SoCalculator *converter = new SoCalculator;

98 }

April 2003

www.linux-magazine.com

return 0;

PROGRAMMING

Coin 3D – textures

contain objects that Open Inventor does not understand. Version 2.0 of Coin, which is currently planned, will provide support for newer VRML versions however. If your modeling software does not support VRML or Open Inventor, you might like to try a 3D file converter, such as 3dc [6], or see [7] for further tools.

Animations So far we have only discussed static objects, although users could view the scenes from several sides as the programs used the “SoQtExaminerViewer” class. Open Inventor also provides scene animation classes. There are two steps required. The first is to program an object that triggers changes in the animation – this is also referred to as an engine. There are two basic groups of engines: counters and computers. The second step involves assigning the output from the engine to an object attribute in a scene graph, allowing the attribute to react to that output. To allow the globe in Figure 1 to rotate about its own axis, you first add a “SoRotationXYZ” class object to the graph, ensuring that it occurs at a position before the globe. The class has two fields: a rotational axis (axis) and an angle of rotation (angle). The rotational characteristics will produce the desired animation when linked to an engine. Listing 3 creates a node group that will draw a rotating globe when called by the “drawEarth()” function in Listing 1. A “SoTimerCounter” class engine creates the required angles. However, Open Inventor expects angles as radials (and thus as floating point values), and

Figure 2: The plane model is described in a text file which is loaded by a Coin program and integrated into the scene graph

of modeling tools are available and some of them are free for private use. They normally support multiple file formats.

VRML Not all modeling programs can export 3D objects to the Open Inventor file format, although most tools will understand the common VRML format (Virtual Reality Modeling Language) that Open Inventor is based on. As you can imagine, it is quite simple to convert VRML files to Open Inventor files. To convert a VRML 1.0 ASCII format file to Open Inventor format, you simply edit the first line: #VRML V1.0 ascii

The same line would read as follows in Open Inventor: #Inventor V2.0 ascii

VRML 1.0 and Open Inventor tags are identical, although later VRML versions

Figure 3: A plane flying around the rotating earth in 3D. It’s simple to program this animation with Coin

“SoTimerCounter” supplies integers. “SoCalculator” takes care of converting integers to radials, using common arithmetic expressions to reformat the input values.

Take off To complete the example, we added the plane shown in Figure 2 to the scene. Figure 3 shows the results, and Figure 4 the scene graph used to create them. The scene graph does not contain aspect or geometry descriptions, as they are either stored in an external file (and loaded by a call to “loadGeometry()”), or described by a function (“drawEarth()” in this case). The nodes used here contain groups and transformations. Open Inventor offers a whole range of additional features, providing scope to define animations that use other engine types. The online documentation for Coin [2] provides detailed descriptions of all these engines, indicating their effect and potential. ■

INFO

root

[1] Stephan Siemen,“Virtual Worlds : Linux Magazine Issue 28, p72 [2] Coin: http://www.coin3d.org

plane

earth

light

[3] Open Source Variant of Open Inventor: http://oss.sgi.com/projects/inventor/

transformation

try eo me dG

co ur se

sc ale

converter

loa

counter

drawEarth()

alt itu de

[4] TGS: http://www.tgs.com earthrotation

seperator

assigned scene graph

engine

Figure 4: The scene graph for this example contains the earth and the plane as group objects. The counter ensures that the earth will rotate about its own axis

April 2003

www.linux-magazine.com

[5] Simage library: ftp://ftp.coin3d.org/pub/coin/src/ [6] 3dc, a 3D converter: http://www.on-the-web.ch/3dc/ [7] Additional information: http://prswww.essex.ac.uk/stephan/3D/ [8] Files for this article: ftp://ftp.linux-magazin.de/pub/listings/ magazin/2003/03/3d/

LINUX USER

deskTOPia

Coolicon

Clickstart A desktop environment needs icons. KDE and GNOME provide these mini launch pads by default, but users of more simple window managers need not do without. BY ANDREA MÜLLER

f you want to run a GUI Linux desktop on older hardware, you need to pick your options carefully. A window manager, like icewm, that puts your resources to good use is a fine starting point for intuitive and convenient use [1] but, in contrast to integrated environments, it does lack desktop icons. The good news is that you can use an external application, such as the coolicon program, a part of the cooledit package (http://cooledit.sourceforge.net/) to add them.

Installation Debian users are in luck as their distribution actually provides a special coolicon package. Users of other distributions should look for the cooledit package, installing a manpage viewer and the editor, which has been written by Paul Sheer , along with coolicon. Do-it-yourselfers should have no trouble running through the typical configure; make; make install routine. If cooledit is too much ballast for you, Table 1 provides a list of alternative applications for desktop icons.

Colorful! You can launch coolicon without previously configuring the program. Menus are available for setting up personal preferences, which are stored in the ~/.coolicon file. The program’s author recommends launching coolicon from ~/.xinitrc or an ~/.xsession, but an

X terminal program and the following syntax are fine for a trial run: coolicon &

In the case of some window managers this causes the icons to overlap open windows. Overlarge, simplistically drawn icons are a disappointment. The logical thing to do is to check the coolicon manpages to discover where more pleasing mini-images are available. For reasons of brevity, the article refers only to the images supplied with the package, although we did use the convert command from the ImageMagick package to re-size them (Figure 1): convert Originalimage -geometryU 50x50 small_image

The original images are located in /usr/X11R6/lib/coolicon on Debian; do-ityourselfers should try /usr/local/share/ coolicon. A subdirectory of your home directory is the best place to store the mini-images. All you need to do, is right click on each icon and select Edit Icon… in the pull down menu, and supply the path to the mini-image for Icon XPM filename in the window that then appears. The coolicon command center is accessible via the Icon manager. In contrast to other icons, the Icon manager does not react when double clicked, but offers a drop-down menu when right-clicked. Note that you need to hold down the

April 2003

right mouse button to navigate the menu; releasing the mouse button selects an entry. Some of the Icon manager menu items are available for other icons. The dropdown menu of every icon allows you to save the icon position (Save icons) or add new icons (New icon…). You can delete any icon with the exception of the screwdriver icon.

Customization Assuming you use aterm as your terminal program instead of the default rxvt, you can right-click on the rxvt icon, select Edit icon… and change the title first. The major change occurs in the lower right Script for double click: panel of the configuration dialog box. Use the first line to specify the command interpreter to run, /bin/sh in this case – this will tend to be a link to bash. Now type the aterm command in the second line, making sure that you supply any options you need (Figure 2). Now click on the green checkmark to confirm your changes to apply them immediately. Follow the same procedure to change the functionality of other icons. Listing 1 shows a Mount CDROM script for SuSE users, for example. After performing these changes, double clicking the Mount CDROM icon will launch the mount /media/cdrom command and send error output to a temp

Table 1: Alternative Desktop Icon Tools

DESKTOPIA Only you can decide how your desktop looks.With deskTOPia we regularly take you with us on a journey into the land of window managers and desktop environments, presenting the useful and the colorful viewers and pretty toys.

Figure 1: Coolicon drawing icons for icewm

Desktop

Tools

Website

desklaunch

Icons for launching programs,for purists

http://www.dreamind.de/oroborus.shtml

dfm

Icons and file manager belonging to the Workplace Shell (WPS) – OS/2 look and feel

http://www.kaisersite.de/dfm/

rox

File manager with icon management facilities [2]

http://rox.sourceforge.net/

www.linux-magazine.com

deskTOPia

LINUX USER

Listing 1: Customizing icon functionality #!/bin/sh mount /media/cdrom 2> /tmp/$$coolicon if [ -s /tmp/$$coolicon ] ; then cat /tmp/$$coolicon | coolmessage "Mount CDROM" else cd /media/cdrom coolbrowse & fi

file. The script then tests for non-zero error output, and if it finds any, that is, if an error has occurred, the coolmessage tool that belongs to the coolicon package is used to display the message. Otherwise, the coolbrowse file browser, which is also included in the package, launches in the mount directory. You can customize the commands for accessing the Internet (PPP dial-in) and interrupting the connection (Hang up) to reflect your local environment. Simply add the script your distribution provides for dialing in to the Internet. Assuming you use Debian, then this will work: #!/bin/sh pon myprovider

Drag&Drop … coolbrowse, the File browser… accessible via the icon with the same name, allows you to navigate the directory tree, although file manager facilities, such as copying or deleting files are sadly lacking. If you require drag&drop, you will need coolbrowse. When launched, coolbrowse opens two windows, showing a file list of the current directory on the left, and allowing you to change directory on the right. You can click on a file to select it. Now drag the mouse down slightly to change the highlight color to light yellow. You can

GLOSSARY X terminal program: An input window for commands. Just like working on several character based consoles, you can open multiple X terminal windows. rxvt, xterm, and the more comfortable variants aterm and eterm are typical examples of this type of program. Format strings: A simple formatting method used by a number of programming languages: a variable indicated by a % sign is assigned a value.The format specification that follows the % sign specifies the variable type.Thus, %s indicates an arbitrary length string.

now drag the file to an icon and drop it there; you may need a few trial runs before you get the hang of this technique.

Figure 2: The Icon Configuration menu

…and Nothing but Trouble The lower left panel of the configuration menu allows you to define what this action actually does. The bad news is: the program’s author uses format strings which are explained in the coolicon manpage. An entry of the type: #!/bin/sh program %p/%f

should launch a program and pass the path (%p) and file name (%f) of a file dropped on the icon to the program as arguments. However, this refused to work on various systems in our lab. The following customization of the X View icons shows how to run drag&drop despite this fact, by using display instead of xv as a viewer. The following entry: #!/bin/sh display "`sed s/file:// %A`"

passes the right file name to display. The variable %A is a pointer to a temporary file created by coolbrowse that contains the type and path name for the dragged object, such as file:/home/andi/ pic0001.png. The non-interactive sed line editor reads the file, deletes file: and display the remaining content, that is /home/andi/pic0001.png. To ensure that display is passed the output and not the sed command itself as an argument, you have to put the command in backticks. The doublequotes, ensure that the script can handle

file names containing spaces. Make sure that you do not delete the content of the A prioritised comma separated list of MIME types : field, as an empty field will remove the registered actions for a drag&drop icon. If everything turns out okay, the drop event will launch the display program with the dropped file. The import function, which belongs to the ImageMagick package just like display can produce screenshots when double clicked. The following entry: #!/bin/sh import -window root /home/U username/screen$U (date +%%d-%m-%Y_%H:%M).png

in the Script for double click: field creates a screenshot in your home directory, using a filename that contains the current date and time. The second % before %d is not a typo: it stops coolicon interpreting %d as a format string for the current directory. Of course, you do not need an icon for every application; instead you can use the Launcher to open an input window where you can run programs that you do not access regularly. The items discussed so far, should allow you to carry on customizing and experimenting to your heart’s content. ■

INFO [1] Andrea Müller: deskTOPia, Linux Magazine, Issue 28, p84 [2] Joachim Moskalewski: deskTOPia, Linux Magazine, Issue 24, p73

www.linux-magazine.com

April 2003

LINUX USER

KTools

Yammi

Hard Disk Jukebox Do you need a tool to get all of your MP3 collection organized? A combination of Yammi and the ubiquitous XMMS MP3 player works really well – and as an added perk it makes burning CDs easier than ever. BY STEFANIE TEUFEL

usic adds pleasure to your life; the right kind of background music can help you finish off your notes for a boring presentation or a complicated piece of writing. Of course, this assumes you manage to locate your favorites out there in the hard disk jungle. Speaking for myself, I know there are tons of mp3 files spread picturesquely all over my hard disk, and it might be preferable to have them nicely organized in directories, just waiting for me to launch them. Yammi – “Yet Another Music Manager I” – could be the answer; it allows you to organize and index your mp3, wav, and ogg files so that you might even get round to launching them with your XMMS player.

The current version (0.7) is available from http://prdownloads.sourceforge. net/yammi/yammi-0.7.tar.gz. Additionally, you will need version 1.2.6, or later, of the XMMS player, the id3lib library (http://www.id3lib. org/), including dev(el) package, and everything connected to libvorbis (http://www.vorbis.com/ download_unix.psp). The latter libraries should be preinstalled on most machines – as most distributors have by now recognized that a large number of programs depend on them. Yammi needs the id3lib library to parse and modify the ID3 tags which contain the track information. If you do not require this feature, or simply don’t feel like installing id3lib, you can call configure --disable-id3lib before installing as of version 0.7 to stop the compiled program using the library. This also applies to the libvorbis files, which allow Yammi to read Ogg tags. If you do not need this feature, simply add -disable-ogglibs to configure. You may never have compiled a KDE program previously; if so the configure script, which is launched by typing ./configure (and possibly specifying a few options) in the expanded yammi-0.7 directory, may prompt you for missing libraries, like Qt. In this case you will need to install the appropriate dev(el)

KTools

Figure 1: Specifying a base directory

April 2003

In this column we present tools, month by month, which have proven to be especially useful when working under KDE, solve a problem which otherwise is deliberately ignored, or are just some of the nicer things in life, which – once discovered – you would not want to do without.

www.linux-magazine.com

packages before you log on as root, relaunch configure and then run make; make install to create the program.

Configurations and Databases After typing yammi & in your favorite terminal emulation, a dialog box pops up to tell you what to do next: that is, configure the program and update your non-existent database. So let’s click on OK and get on with it! Unsurprisingly, the Settings / Configure Yammi… menu option (Figure 1) allows you to configure Yammi. The General tab, and in particular the Path to files item are important. Use the base directory for scanning text box to enter the path where most of your audio files

KTools

Figure 2: Your personal jukebox

are stored. This is the path that Yammi will search first for new additions to your track collection. It is a good idea to let Yammi scan your hard disk. To do so, select Database / Scan Harddisk… in the menu. The dialog box that then appears allows you to change the scan directory, and discover any media files hiding in the nooks and crannies of your disk storage. Click on Start Scan… to start the search operation; this may take a while depending on the scale of the search. When Yammi is finished, the results are displayed in a window like the one shown in Figure 2. The main window will soon fill up with tracks, unless, of course, your hard disk is completely devoid of any such media files. Yammi parses the information available in the ID3/Ogg tags and stores it in the database, thus providing an overview of the release year, genre and so on. In addition, Yammi can use this information to group songs in the so-called Quickbrowser on the left of the program window. The program will group tracks by the same artist or of the same genre in a single directory, for example. The top directory All Music contains all the tracks listed in your database.

Figure 3: ID3 tag editing feature

LINUX USER

Figure 4: Ready to burn

Tracks with the same name, etc. are classified by Yammi as problematic and placed in the Problematic Songs folder; Yammi prefers the user to classify songs of this type. Incidentally, the program allows you to edit song tags or add information to them. To do so, click on the track in the main window to select it, and then click on the blue icon with the white i in the menu bar. A window like the one displayed in Figure 3 allows you to add or modify the information as required. The Search menu item provides access to the convenient functions, allowing you to locate tracks. Type in a search key, and the results are displayed in the main window only a few seconds later. The program checks all the information available in the database – genres, song titles, albums etc. – grading the results by percentage match.

Let the music play! When you launch Yammi, you are certain to notice its close ties to XMMS, as Yammi automatically launches the player in the background. To play a song from your database, right-click on the song in the main window and select Play…. You can specify that you want to …Play Now!, …Play as next, or place it on your playlist (…Enqueue). There is also an option for removing songs from the playlist with Dequeue. Yammi conveniently creates a Quickbrowser folder called Playlist that provides for a one-click overview of the selected tracks. Tracks you have already played are placed in the Songs Played folder. Color coding also helps to differentiate between categories. Yammi will normally display tracks in black, however,

tracks from the playlist are displayed in blue, the song currently playing in the background in red, and any songs played in the current session in green.

Ready to Burn You can select songs on your playlist that you want to place on a CD, and then Advanced… / Burn to Media… in the drop down menu to create the CD. The window that then appears allows you to type a name for the album, and an additional window allows you to define a starting point for the index. Yammi will store your selection in a folder below $HOME/.yammi/media and use symbolic links to the appropriate hard disk files. Additionally, the program ensures that none of these directories are larger than the maximum value defined in size of media (MB) under Settings / Configure Yammi / Burning folder. You will want to enter the media size you typically use, for example 700 MB. Yammi displays the results in a window such as the one shown in Figure 4. You will need to use an external program to burn a CD with your track selection. You will need to make sure that you tell the program to follow symbolic links that point the way to the physical file locations. ■

GLOSSARY Drop down menu: A menu that is opened when you right-click an object on a GUI desktop.The menu provides options that only make sense within the context of the selected object. $HOME: A short form for a user’s home directory.To be more precise, the dollar sign actually reads the “HOME”environment variable that contains the path to the home directory.

www.linux-magazine.com

April 2003

LINUX USER

Out of the Box

Chain Reaction

Critical Mass Blobs may appear to be totally harmless objects. They just sit around on a square playing field, looking shiny and colorful and explode from time to time. They only exploded when they reach a critical mass. BY CHRISTIAN PERLE

Do-It-Yourself

THE AUTHOR

Chain Reaction is not available as a binary, and so you will need to compile the game. To do so, you will need various libraries – specifically SDL –

Christian Perle currently works as a developer at secunet Security Networks AG. Christian discovered Linux in 1996, after playing around with the Sinclair ZX 81, Atari ST and finally IBM PC.When not hacking Linux stuff he can often be found playing guitar and “Magic:The Gathering”.

April 2003

Fritz von Beust, visipix.com

program called Chain Reaction? Although it may sound like a virtual atomic reactor simulation, in fact Chain Reaction is a strategy game for two to six players. Written by Lee Haywood, Chain Reaction distributes the blobs in each player’s color onto any free square or it increases the mass of its own blob conglomerations. If a group of blobs reaches the total mass of the blobs in the surrounding squares, it explodes and spreads to the surrounding squares. If these squares were occupied by blobs of different colors before the explosion, they now assume the color of the exploding blob group. If one of the neighboring blobs reaches critical mass on account of the explosion, it will also explode, and this can lead to extremely potent chain reactions. The game ends when all of the blobs are the same color. With this in mind, the aim of the game is to place your blobs strategically to recolor as many of your opponent’s blobs as you can.

and the appropriate development packages with the header files. These are: • libsdl and libsdl-dev • libsdl-image and libsdl-image-dev • libsdl-mixer and libsdl-mixer-dev. Package names can vary depending on your distribution. You might like to use the package search tool provided by your distribution! The Chain Reaction source code archive is available at http://www.deth. dsl.pipex.com/reaction.html or on the subscription CD. The archive includes the rcinst.sh script that automates the installation steps. You will need to copy this file and reaction-1.28.src.tgz to a directory, before launching the installation by typing: sh rcinst.sh

If everything works out okay, you will find the new software ready to run in the

www.linux-magazine.com

/usr/local/bin and /usr/local/lib/reaction directories.

Two or More You can type reaction & in a terminal emulation to launch the game in its default two-player mode. To add more players simply click on a blank space in the score list on the right of the playing field. The game starts with player one placing a blob in a square on the playing field. Figure 1 shows a game between two players. It is the blue player’s turn, and she needs to decide whether to attack the red player’s area (top left) or

OUT OF THE BOX There are thousands of tools and utilities for Linux.“Out of the box” takes a pick of the bunch and each month suggests a little program, which we feel is either absolutely indispensable or unduly ignored.

Out of the Box

Figure 1: Chain Reaction in Action

defend her own area (bottom right). As red does not pose an immediate threat, you can assume that blue will choose the first option.

Trapped Even though direct neighboring blobs may not reach critical mass when an explosion occurs, there are often more subtle ways of achieving this. You can arrange your own blobs to surround other squares and increase their critical mass from several angles, thus extending the chain. In Figure 2, bottom left, red has surrounded the magenta colored blobs. However, it is magenta’s turn, and she can foil this ploy. Before red’s next turn blue might also pose a threat in the top left corner. As the total mass distributed amongst the squares continually grows throughout the game, the chain reactions towards the end become increasingly severe. Shortly before the end of the game, major shares of the playing area can shift quickly, allowing an outsider to win a game with a single well-planned explosion.

LINUX USER

Figure 2: Has red trapped magenta?

When playing Chain Reaction, take care not to leave too big a gap in your blob area, as your opponents can easily exploit it. As the corner squares only have two neighbors, the danger of explosions is extremely high – if an opponent has control over a corner (see Figure 2 lower right), you need to act fast, as the critical mass will be reached in the next round.

Terraforming If a square playing field gets boring, you can use the integrated game editor to create your own “worlds”. Before you start playing, simply press the right mouse button to remove or add individual squares. Isolated squares are not permitted, as they have no neighbors and thus cannot be re-colored. If you are happy with the playing field you have created, you can click on the Save button at the bottom of the windows to store the game to the savedgame file in the current directory. This function not only saves the game, but also the current positions and previous moves. The Undo and Redo buttons

allow you to re-construct any moves previously made. Figure 3 shows an edited playing field. Some corner squares only have a single neighbor. Any blobs placed on these fields explode immediately and attack their neighbors’ mass. So these squares remain permanently empty and pose a constant threat of attack. This also forces you to rethink your tactics; you cannot concentrate on the corners, as it is impossible to defend them. ■

Figure 3: The playing field editor livens up the game

GLOSSARY Library: A “library”contains a collection of useful C functions for specific purposes, such as libXt that provides functions for X Window programming. Libraries are often used by multiple programs, that is they are shared. SDL: The “Simple Directmedia Layer”library allows both graphic and sound output independent of the hardware and operating system.

Header files: Header files (also known as “include files”) list the functions and parameters available in a library.The C compiler requires this information when it translates a program. Most distributions add the dev or devel extension to the header packages for a given library. Terminal emulation: Years ago, mainframe users used to enter commands on so-called

terminals (ttys). Programs that emulate this kind of device (adapted to modern computer and operating system standards) have inherited the name. On Linux, a terminal emulation refers to displaying a virtual console in VGA text mode or a separate X Window program for commandline access, such as xterm, console or gnome-terminal.

www.linux-magazine.com

April 2003

LINUX USER

Filesystems

How Hard Disks and Filesystems Work

Compress and Store Anybody making full use of an off-the-shelf computer will want to gain access to the hard disk. Very few users are aware of how files are stored on a hard disk, or of the various options and with some fundamental knowledge, such access will be worry free. BY MARTIN SCHULZE

rom a purely physical viewpoint hard disks are made up of rotating disks and moving read/write heads. The number of disks and read/write heads depends on the individual hard disk type. When a computer boots, the hard disk is automatically started, and the drive motor ensures that the disks rotate at uniform speed. Older hard disks typically run at 5,400 or 7,200 revolutions per minute (rpm), newer models run at speeds of 10,000 or even 15,000 rpm. Read and write operations require the read/write head to the correct position, in a process known as a seek operation. The noises that hard disks tend to make are caused by two things; firstly by the rotating disks and the drive motor that powers them. This is a permanent background noise. If your hard disk is too loud, you may be able to reduce its rotational speed, thus making your drive purr instead of whining. The other source of noise is the movement of the read/write heads or more accurately their drive motors, and this noise only occurs during hard disk access.

Addressing

THE AUTHOR

Two different schemes are used to address the data on a hard disk. In order to store data on the disks, the operating system needs a means of describing where to write the data, or where to read

Martin Schulze spends most of his time developing, improving and promoting free software, for example, by organizing LinuxDays, lectures, and workshops.You can contact Martin at joey@infodrom.org.

April 2003

it from later. To do so, the OS tells the drive the required position; the drive then moves the head to the right position and either reads or writes data. The smallest addressable unit is a sector, which has a capacity of 512 bytes. A track comprises of multiple sectors. Tracks form concentric circles on the surface of a disk and are organized around the hub of the disk (see Figure 1). The number of tracks and sectors depend on the density of the of the area to which we are going to write to. The more tightly you can store bits, the smaller the gap between tracks and sectors, so there will be more of them. A hard diskâ&#x20AC;&#x2122;s capacity is a function of these aspects. Track 0 is the outside track and numbers increase towards the center

www.linux-magazine.com

of the disk. Tracks with the same number are assigned to cylinders. The capacity of a disk is thus the result of multiplying the number of heads, by the number of tracks or cylinders, by the number of sectors per track and finally by the sector size. When the Linux kernel is executed, it outputs details of the disks it has recognized on the console. Linux also indicates the disk geometry advertised by the disk, and displays the number of sectors and the total capacity derived from these Figures (see Figure 2). CHS is one possible addressing scheme; the abbreviation is derived from the first letters in â&#x20AC;&#x153;Cylinder Head Sectorâ&#x20AC;?. To access a sector on a drive, the operating system calls interrupt 0x13 (hexadecimal 13, decimal 19) to pass a

Filesystems

View from overhead

access the total disk space on older modern drives. The screenshot in Figure 2 shows that physical geometry of the second IDE hard disk as CHS= 119108/16/63, however, the BIOS shows different values, CHS= 7473/255/63, and this is what the kernel will report, when displaying the partition table a few lines lower down.

Side view Track

Sector

Read/write head

Read/write heads

Figure 1: Hard disk internals

combination of the required head, cylinder and sector to the BIOS (see Table 1).

Size restrictions Unfortunately, this scheme has a drawback. The number of bits available for representing the address in the computer’s BIOS and in the interface between the BIOS and the hard disk is restricted. This in turn enforces restrictions on the maximum addressable disk size and geometry. The specification as shown in Table 2 applies to the interface between the computer BIOS and the hard disk. It allows a maximum addressable size of 65536 x 16 x 256 x 512 Byte = 128 GB. This specification dates back to a time when nobody could even imagine having a disk of this capacity or even using that amount of space. Of course, this predates on-line file sharing and digitized movies. Way back then nobody could imagine a computer needing 1 GB RAM and I can even remember someone saying “640 KB should be enough for anybody”. Western Digital recently launched the WD2000 drive family with a capacity of 200 GB, which is no longer fully addressable using this scheme. The problems do not stop there, as the conventional (and somewhat antiquated) PC BIOS is extremely miserly, providing only 24 bits instead of 28 and

LINUX USER

also re-arranging them (see Table 3). If you are good at maths, you should already have noticed that only 1024 x 256 x 63 x 512 bytes = 7.844 GB are addressable. As the smallest data field is significant for all the others, this unfortunately leaves you with the values as shown in Table 4. So that leaves you with a mere 1024 x 16 x 63 x 512 bytes = 504 MB of addressable space, and that is really not a lot by modern standards. A BIOS upgrade or the Ontrack Disk Manager was required to use larger disks. After upgrading to a BIOS capable of translating the CHS values, the logical geometry of large hard disks no longer corresponds to the physical geometry. The logical geometry is supplied by the BIOS and automatically mapped to the physical geometry when the disk is accessed. At least this allowed users to

LBA Addressing As you can see, this addressing scheme is stretched to its limits by today’s hard disks. The solution is a completely different type of addressing which was introduced in 1995 and is known as LBA. LBA is short for “Logical Block Addressing” and numbers the sectors, or data blocks, on a hard disk sequentially, starting with 0. Initially, only 28 bits were available for LBA; but this was a major improvement on CHS addressing and supported disks with up 128 GB. Today, 48 bits are available for addressing – assuming a block size of 512 bytes, this would permit disks with up to 131,072 terabytes. Post 2000 computers should actually have 64 bits available for LBA addressing – again assuming a block size of 512 bytes, this would allow disks with up to 8,589,934,592 terabytes to be addressed.

Kernel Support for Multiple Addressing Schemes The kernel developers always attempt to allow Linux to support as many systems

Table 1: Calculating disk capacity Cylinder

Head

Sector

Sector size

Capacity

5005

x 255

x 63

x 512 Bytes

= 40 GB

119108

x 16

x 63

x 512 Bytes

= 60 GB

Figure 2: Linux discovers three hard disks on booting

www.linux-magazine.com

April 2003

Filesystems

LINUX USER

Table 2: Bits between BIOS and IDE interface

Table 3: IDE address bits in the BIOS

Table 4: Total bits for IDE addressing

Number

Available

Bits

Available

Bits

Bits for cylinders (0..65535)

Bits for cylinders (0..1023)

Bits for heads (0..15)

Bits for heads (0..255)

Bits for heads (0..15)

Bits for sectors (0..255)

Bits for sectors (0..62) (max. 63 sectors)

as possible. This is why the Linux kernel supports multiple addressing schemes. 48 bit LBA has the highest priority. If the hardware or the BIOS does not support this scheme, the IDE driver uses 28 bit LBA, defaulting to 28 bit CHS addressing only if this fails. Incidentally, this problem only concerns IDE drives. SCSI drives, which are typically used for server systems and professional (Unix) workstations, are not affected. Server drives generally need more capacity, as they are typically required to store more data than a simple IDE drive sitting in someone’s home PC. This is why SCSI drives traditionally use LBA as their block addressing scheme.

Reading from a Hard Disk The whole hard disk is divided into data blocks of 512 bytes each. Thus each read or write operation will apply to a multiple of 512 bytes. In other words, hard disk access always occurs for blocks with a fixed length. Incidentally, the same principle also applies to CD ROMs. Under the LBA addressing scheme when a hard disk is told to read a sector, the hard disk controller first needs to translate the sector number to the appropriated cylinder/head/sector. CHS addressing supplies these values directly as part of the request. The read/write head is then moved to the required position and reads the bits while the surface of the disk rotates past the head. After buffering the data temporarily, the hard disk controller issues an interrupt to let the operating system know that it has successfully read some information, returning the storage position in this case, or that it has complied with a write request. The operating system can now go on to process the information. To enhance access speeds, particularly if the same sectors are re-read, the kernel can implement a block cache. Linux uses excess memory for this purpose and

April 2003

reduces the cache size should normal programs require more memory.

Master Boot Record The operating system will put some of the sectors on a hard disk to a very specific use. The first block on the hard disk is reserved for metadata. On a PC this block stores the computer’s boot program, which is called by the BIOS when the computer is powered on. Linux either stores lilo or grub in the MBR, the Master Boot Record. The boot loader can then call other programs, such as the Linux kernel, for example; the position of the Linux kernel on the hard disk is also stored in this hard disk sector. The role of the Master Boot Record doesn’t finish here though. The partition table is also stored at the end of this block and contains a description of the logical hard disk structure from the operating system’s viewpoint. Operating systems tend not to use the hard disk as a whole, but to divide the disk into so-called partitions (Figures 3 and 4). The third component in the magic number 0xAA55, which informs the OS that it really is an MBR.

Storing Information After dealing with the technical details, a further question arises: “how is information stored on a hard disk?”. A simplistic approach would be to write any information that needs to be stored on the disk sequentially in contiguous blocks, as shown in Figure 4. The first

Available

file occupies three blocks and is followed by a file that occupies five. This used to be followed by a file that occupied five blocks, but was deleted later, and the space is followed by a file that occupies three blocks. Although this approach seems quite simple, it does have a major disadvantage: the file names have not been stored. Although a program could access files one through four, it cannot map them to an intuitive name, and although a computer might be quite happy with a setup of this kind, humans tend to prefer descriptive file names with symbolic names such as /bin/bash or /usr/bin/ emacs. Having said that, a variant of this scheme is still in use today. If you ever had the pleasure of writing to a floppy disk on an older Unix system, you will be familiar with commands such as the following: tar cf /dev/fd0 directory/

The files in the directory supplied as a parameter are compressed by tar and then written block by block to the disk. The command was simply reversed, to read the same data: tar xf /dev/fd0

This approach may allow you to place an archive on a floppy and restrict access to the tar program, but floppies are slow and provide limited storage capacity,

0 (0x0000)

MBR Boot program

Partition table

446 (0x01BE) 510 (0x01FE)

Magic Number Figure 3: The Master Boot Record (MBR)

www.linux-magazine.com

Figure 4: Contiguous data storage

Filesystems

LINUX USER

tion file for filesyscovers the filesystem that stores the file. tems to be mounted On Unix oriented filesystems every file at start-up is called (and every directory, being a special type /etc/ fstab. of file) is mapped to an inode. Inodes This is a major map directory entries to data blocks on a asset of Linux and partition. Inodes themselves are special similar systems. data blocks that store metadata for the Instead of using files they point to. You can envisage drive letters that them as a kind of data structure that change when a stores additional information for a file, partition is added or such as its length, access permissions, removed, filesysownership, access times, and pointers to Figure 5: Configuring the filesystem on two computers tems are simply the blocks in use. Inodes are normally added to the tree below / (root). used by the internal filesystem only. so you can probably live with the Even if the hard disk label changes at a Users can also find out which inode restrictions. Random access to arbitrary later date, or if you add an additional belongs to which file. The ls -i command files, allowing you to manipulate, delete hard disk, this will not affect the logical (see Figure 6) shows both the filename and create files at any time is simply not position in the filesystem tree, as the IDs and the inode it uses. Thus, the number possible using this approach. reflect the IDE or SCSI channel. There is of files and directories on a file system is Today the DOS filesystem and the M no need to reconfigured applications or not only restricted by the size of the files tools are typically used for floppies, paths, instead you and the total capacity of although tape drives will still tend to simply edit the configthe partition, but also by write raw data, just like floppies used to. UID uration file, /etc/fstab. the number of inodes â&#x20AC;&#x201C; In this case, the filenames are kept, as GID Smaller systems this is a point to watch out tar places them in the code it stores, and commonly provide a for, when setting up a they are available after reading the Mode single root filesytem, /. system. archive. Size Larger systems might The general structure of The Filesystem additionally place /var, an inode is shown in atime /usr, and /home on Figure 6. The actual strucObviously, simplistic contiguous storage ctime partitions of their own, ture will depend on the is not sufficient to permit names and to provide more space basic filesystem. The strucattributes to be stored along with the file mtime and independence. ture used by the Second data, particularly if random access to llinks_count Extended Filesystem, the arbitrary data or files is required. Inodes Linux standard, is Instead, a uniform structure is blocks_count described in the ext2_fs.h required to accommodate the files (and The Linux kernel autoblock1 kernel file. directories) in the storage space (normatically places files The Linux filesystem mally a partition). This structure is on the correct file sysblock2 provides access to a variety typically referred to as a filesystem. tem, or reads them block3 of information that users The mount command is used to attach from it, by reference to ... will be confronted with in filesystems to a running system. This is the path name and the various forms. Whether on normally taken care of automatically on mounted file system. the command line or in booting a computer. Some manual To do so, a kernel the kernel â&#x20AC;&#x201C; the filesystem editing is required after adding a new mechanism parses the Figure 6: General structure of an is literally ubiquitous. â&#x2013; drive or partition. The system configurapath name and disinode

SELLING

OUT FAST! More information at: www.linux-magazine.com/Backissues

COMMUNITY

FOSDEM 2003

FOSDEM 2003 Brussels

Join us now and share… The third anniversary of FOSDEM, Europe’s largest free and open source software developer conference [1], saw fans of free software getting together at the usual venue, the Université Libre de Bruxelles. Attendance figures of over 1000 were well up on the previous two years. BY HEIKE JURZIK

ackers had arranged for an “Early Bird” meeting which took place before the official events started. About 60 FOSDEM attendees gathered in a cosy pub in the center of Brussels to talk shop, exchange community gossip and, of course, sample Belgium’s culinary delights. Free software is by no means just a modern trend. In his Keynote speech, Jon “Maddog” Hall, the President and Executive Director of Linux International, and a familiar figure to most attendees, gave an overview of the movement’s early days, and explained how it tied in with UNIX development. Maddog asked “Who owns Linux?”, and went on to liken the software and support problem to the chicken and egg problem, asking what came first. He emphasized the importance of free software in various fields of application, and stated that “free” should automatically imply “freedom of choice”. Maddog thanked everyone involved in authoring free software: “Free software is like a megaphone: I give so little, and I get back so much.” The organizers took this

opportunity to reward Maddog for his dedication – with Belgian beer, of course. Richard Stallman then went on to criticize the imminent introduction of software patents and gave an overview of the current scenario. After lunch, the event continued with various tutorials and talks. Jakub Steiner presented some new features in the GIMP developer version (1.3.x) [2] – the menu elements have been thoroughly revised, and screen positions are now stored between sessions. In the GnomeMeeting [3] tutorial, Damien Sandras demonstrated a practical application of the software for video conferencing. Using two computers, webcams, microphones, and telephones, Damien turned the seminary room into a virtual conference room, showing various applications for the system in what was an extremely convincing presentation. The first day at FOSDEM came to a climax with the presentation of the Free Software Awards [4]. The award did not go to a developer this time, but to Lawrence Lessig, Professor of Law at

Figure 1: Geeks from around the world

Stanford Law School, who was rewarded for his commitment to intellectual freedom. After a moving speech, Professor Lessig received standing ovations as the developer community showed their respect for his achievements. To round off the first day at FOSDEM the attendees all joined in with an enthusiastic rendering of Richard Stallman’s “Free Software” song. The second day of the conference was packed with talks and open sessions. These included talks on toolkits like GTK, wxWindows, and Tcl/Tk, but also featured security topics. Various educational projects were presented, such as DebianEdu [5], where a group of French teachers had selected elements suitable for classroom use from the well-known distribution. A new installer is claimed to have DebianEdu up and running a preconfigured desktop within 15 minutes. FOSDEM 2003 was a successful event in every respect. The organizers, numerous volunteers, and a good showing of attendees made the Free and Open Source Developers’ European Meeting a really rewarding experience. ■

INFO [1] http://www.fosdem.org/index [2] http://www.gimp.org/ [3] http://www.gnomemeeting.org/ [4] http://www.gnu.org/award/award.htm [5] http://wiki.debian.net/DebianEdu Figure 2: A Packed FOSDEM audience listens to Stallman’s gospel

April 2003

www.linux-magazine.com

linux.conf.au

COMMUNITY

linux.conf.au 2003

Linux down under First it happened in Sydney, afterwards in Melbourne, a year later Brisbane took over, and finally it reached the magnificent West Australian city of Perth: “It” carries the name “linux.au.conf” and happens to be Australia’s annual Linux technical conference. BY DAVYD MADELEY

Linus, the penguin Wednesday denoted the start of the official conference, with registrations starting at a bright and early 8am. The Octagon theatre was packed as people waited for the official opening. Organiser

Figure 2: It’s dinner time at linux.conf.au

James Bromberger didn’t leave them disappointed, informing them it was true; we did have a special guest. At this point he indicated to Tux the penguin, who was waddling across the stage. People cheered as Tux again waddled off stage and James continued to welcome everyone. Then came the real surprise. Again, Tux waddled out, however this time, without his costume head. Revealing the man inside the costume to be non other than Linus Torvalds. Wednesday and Thursday proceeded very much to plan, with tutorials by Rusty Russell, Rasmus Lerdorf and a host of others. ARQuake (Augmented Reality Quake) was popular, as was the presentation on distcc, a program to distribute the compilation of C or C++ code across several machines.

Samba style engineering Andrew Tridgell gave everyone an extended lecture on reverse engineering networking protocols, using his experience in the Samba project. Bdale told us Debian was older then humanity, and Rusty Russell… well, Rusty contradicted the statement he made last year, informing us that kernel hackers are in fact wimps. If you want to get the babes, become a toolchain hacker. Friday continued with the presentation of more papers. Hemos from Slashdot, H. Peter Anvin and Alan Cox all did their part. The days’ paper session was followed by the

Cyberknights & Linux Australia

rom the 20th to 25th of January, the University of Western Australia, played host to the biggest and the best linux.conf.au [1] so far, with registrations filling to 110 percent of capacity. Some 400+ people descended on the event, surprising organisers, who had only catered for 350 at most. Even during the first two days, before the bulk of the talks had started, it seemed vibrant. People from all over the world were meeting, greeting and discussing their common passion, Linux. The first two days, Monday and Tuesday being designated the mini-conf days, weren’t all that official. There were conferences on Debian, IPv6, Linux in education and Linux gaming. The Debian mini-conference involved about one third of the delegates, roping in speakers such as Debian project leader Bdale Garbee, and release manager Anthony “AJ” Towns.

Figure 1: The kernel of the penguin

“Birds of a Feather” groups (BOFs). These included Python versus Perl, alt.sysadmin.recovery and who the coolest kernel hacker is. Friday night was also the conference dinner. Held at Currie Hall, the university’s own hall of residence, the function was attended by some 300 delegates. Friendly discussion, the meeting of new people, wine and beer went on well into the night. Saturday, the last day of the conference, seemed a little sadder. With people recovering from the night before, the atmosphere seemed slightly dimmed. The closing seemed almost as overwhelming as the opening. Tux made another appearance, this time it wasn’t Linus. Instead he presented Linus, the other speakers and the organisers with bottles of wine from the local Swan Valley; aptly labelled, “Penguin Pee”. People hung around to ask questions of the speakers, have Linus sign their shirts and exchange PGP keys, but unfortunately it was over for another year. Next year the conference will be in Adelaide, South Australia. Of course, Adelaide hopes to be bigger and better still, while retaining the relaxed atmosphere linux.conf.au is famous for. ■

INFO [1] http://www.linux.conf.au/, http://www.linux.org.au/

www.linux-magazine.com

April 2003

COMMUNITY

LinuxWorld Expo

LinuxWorld Conference & Expo 2003

Linux in the Big Apple The IDG LinuxWorld Expo took place from 21-24 January at the Javits Center in New York. The fair and conference, which happened at the same time, attracted more than 19,000 visitors, according to IDG sources. BY MATTHIAS KRANZ

espite greatly reduced exhibition floorspace, the fact that over 60% more attendees were willing to pay registration fees is indicative of growing acceptance within business circles. Of course, this can be attributed to the solid presence shown by global IT players such as IBM, SUN, Computer Associates, Silicon Graphics, HP, Dell, AMD, Intel and many others.

Keynotes by AMD, IBM, and Dell

Figure 2: Calm before the storm – The Javits Convention Center in New York

This year’s Keynotes were presented by Hector Ruiz, President and CEO of AMD, Steven A. Mills, Senior Vice President at IBM, and Randy Mott, Senior Vice President with Dell. The common denominator was commitment to Linux and the desire to promote innovation. A further Keynote by Red Hat CTO Michael Tiemann, with Jeffrey M. Birnbaum, focused on Morgan Stanley’s Unix to Linux migration. One of the main attractions was the Enterprise Solutions Center, organized by Wild Open Source. This area featured a virtual financial services company designed to demonstrate practical Linux

and Open Source applications in all areas of the enterprise. (A similar demonstration will be presented in the LinuxPark section of CeBIT, to be held in Hannover, Germany in March. Linux International, Linux Magazine and sponsor HewlettPackard will be providing a practical demonstration of Linux@Work.) In addition a Financial Summit took place for the first time this year, and achieved its primary aim of attracting customers and supporters from the world of finance.

And the Winner is … Microsoft

The biggest surprise at this year’s annual Open Source Excellence Awards was the fact that Microsoft won the “Best System Integration Software” category with their “Services for Unix 3.0” product. Other winners were IBM and Ximian (2 each), SuSE, Red Hat, Computer Associates, HRsmart, SCO and SGI. SuSE had a pavilion of their own for the first time this year, and were obviously delighted at Figure 3: The Golden Penguin Bowl hosted by Chris DiBona

April 2003

www.linux-magazine.com

the attendees’ positive responses. SCO caused an uproar by releasing a press statement to the effect that the company had mandated a well-known law firm to look into violations on intellectual property and its rights to the UNIX trade mark. A “SCOsource” division has been founded to this end. It remains to be seen what effect this will have on Linux distributors, developers and users.

Geeks and Nerds at the Golden Penguin Bowl The Golden Penguin Bowl has by now become a tradition at the LinuxWorld Expo; it involves two teams, the Geeks and the Nerds, answering sensible and nonsensical questions for points. Chris DiBona once again hosted the show, a purely fun event. Amongst others, this year’s participants were Dan Quinlan (LSB), and Stacy Quandt (Giga), while Rob ‘Cmdr Taco’ Malda (Slashdot) held sway in the jury. Over the course of the last two years, the LinuxWorld Expo has quite obviously shifted its focus from a Community to a business event. Although you might still meet well-known Linux experts at some manufacturers’ booths, you will more often find that the focus has moved to eloquent and rhetorically trained demonstrators. However, this is not necessarily a bad thing, as the aim is to promote the capabilities and power of Linux and Open Source Software to a wider audience. Additionally, the .org pavilion still offers a meeting point to renew those old acquaintances and provides a platform for one or two innovative, or just downright crazy, projects. ■

Brave GNU World

COMMUNITY

The monthly GNU column

Brave GNU World E

ven though some projects are probably of primary interest to developers, we still hope that less technical readers will also be able to draw new perspectives and be inspired by the projects shown here.

Welcome to another issue of the Brave GNU World, which will be a little more technical this month. BY GEORG C. F. GREVE

for the RULE project in the last issue, [6] this is only true for a small part of mankind. The first topic this month is Twin, [5] There is a group that profits from a multi-window, multi-application textTwin, that is normally not the focus based environment by Massimiliano when thinking about new software: Ghilardi. Consequently, Twin is an blind and visually impaired people. As acronym for “Text WINdows” or they may depend on using Braille termi(even better) “a textmode window nals, they have little use for graphical environment.” user interfaces. The project aims at people who seek With Twin, they can now also use a to have an environment with several full environment with multiple windows windows without needing or wanting all and applications. the features of X11 – especially its signifiTechnically speaking, the project concant resource hunger. sists of a server, called “twin” like the Combining Twin with Links, a textwhole project. This accepts connections mode web browser, only requires about from the clients and creates or modifies 5% of the resources compared to X11 windows according to their commands. with the graphical browser Konqueror. Also the server dynamically manages the All applications that can be used on a different displays and devices. console or in a terminal window can also Twin currently handles the console be used under Twin. with mouse support via gpm and every In a time where graphic cards are termcap or ncurses compatible terminal trying to outrace each other with new with mouse support through the “xterm” features and where what was impossible mouse protocol, if available. But it is also to afford yesterday is available for pocket possible to use X11 by means of a simple change the day after, this seems almost X11 driver or the graphically enhanced anachronistic. But as already explained gfx-driver for output as well as another Twin server on another machine. The General Graphics Interface (GGI) is also supported, but since it still lacks keyboard support, this most probably makes it rather unsuitable for most applications. Among the other components are the libraries Figure 1: Twin showing off some graphical features in text

Twin

libTw, which handles the communication with the server, as well as libTT, which as the toolkit library provides an abstraction from of the more graphically oriented server-side functions to the more window/object oriented functions clients prefer. The third library is libTutf, a Unicode library, which allows transferring text from and to unicode. This library will probably become obsolete by using standard libraries some time in the future when the final open issues have been addressed. Finally there are the clients. Currently there are only a few of them, of which two are built into the server. Both the window manager, which can be configured through a “~/.twinrc” configuration file, and a terminal emulating the console have been integrated into the server for technical reasons. Other clients are an additional terminal emulator (twterm), a login manager similar to xdm/gdm/kdm (twdm), a system monitor (twsysmon), utilities to (de-)register displays with the server as well as other smaller clients that are more suited for testing than real work. The project has been written entirely in C, one of the reasons for its small memory footprint – a Twin server usually requires less memory than the Bash shell. And of course Twin is Free Software – its licenses are the GNU General Public License (GPL) for server and clients and the GNU Lesser General Public License (LGPL) for the libraries. Further development is pursued by Massimiliano in his free time, and he still has a lot of ideas. First he’d like to complete the toolkit library and its documentation, then more editors, task bars, file managers, web browsers, email programs and TTY based programs should be expanded to use it.

www.linux-magazine.com

April 2003

COMMUNITY

Brave GNU World

C++ Packages The column continues with some projects that should make the life of C++ developers more easy and were all released by Christian Holm around December 1st 2002. [7] When people communicate with computers, they need to agree upon a common language to be used in communication. Especially when this communication does not happen in real time or is very complex. That is for instance the case with programming languages or configuration files. The basic problem is that functions for syntax checking and reading or evaluating of such languages can easily become very complex. When changes of definition or grammar become necessary, this often results in a very time consuming search for bugs. For this reason, tools have been created that can automate the translation of definitions of grammar into functions that can read that grammar. Of course this means that the definition of grammar itself needs to be machine readable. The probably most common form of such a definition is the “Lookahead Left to Right Parsing” (LALR) context-free grammar. One of the best and most-popular LALR(1) parser is Bison, [8] the Yacc equivalent of the GNU Project. Yacc itself stands for “Yet Another Compiler-Compiler” and Bison has deliberately been kept compatible to Yacc in order to ease transition from Yacc to Bison. An application often working hand in hand with Bison is Flex, [9] which can

be used to generate routines that allow dissecting a source input into single expressions, because it automates generation of source code for pattern matching.

Yacc/Lex-Both Bison [8] and Flex [9] usually create C source code. Is this code used in C++, they tend to clutter the global namespace; also there are no C++ interfaces available. For this reason Christian Holm Christiansen has written a group of header files called Yacc/Lexx--, which allow encapsulating the C output of Bison and Flex in C++ classes. The changes to the parser/scanner specifications were deliberately kept at a minimum to allow for greatest possible flexibility. In fact Flex itself provides capabilities to generate C++ sourcecode, but the output was too inflexible for Christian’s liking and also it didn’t fit well with the parser classes generated by Bison. Therefore he wanted a common encapsulation for both. Compared to projects like bison++, which has the advantage of direct C++ output, Christian sees the advantages of his method in being independent from the internals of the employed Yacc/Lex implementation. Therefore it is more stable with respect to changes in the Yacc/Lex projects and not immediately affected by their internal modifications. But there are also some Yacc/Lex clones displaying odd behaviour and are not POSIX compliant; these can be problematic to use, which is a special problem of this project. Christian plans to test more Yacc/Lex implementations and would be happy to receive help in this area.

Readline--

Figure 2: Christians website showing his range of programs

April 2003

www.linux-magazine.com

The GNU Readline Library [11] provides functions that allow integrating a versatile commandline into other projects.

Among the features of GNU Readline are a vi and EMACS mode, it can save old input, recreate it and allow editing it again or also complete the beginnings of previously entered commands similar to the csh shell. The Readline-- project by Christian Holm Christensen allows C++ programmers to access the GNU Readline Library by means of C++ classes. Not surprisingly, C++ developers seeking to include a commandline interface in their applications are the main target group of this project. The program originated when Christian himself needed a commandline interface to test his C++ parser, a task during which he also created the previous project. The largest problem is that the library is not yet thread-safe, so it should be handled with care in complex applications. Fixing this and improving the interface are Christian’s next plans for the project, because even though the interface is complete, he considers it unintuitive in some places.

Option-With Option--, Christian provides a C++ parser for commandline options; a library that allows C++ programs to find and evaluate commandline options passed at program start. The major advantage of the project compared with similar projects is that possible options are represented by template-classes, which makes the project very flexible. Option-- only works for non-positional arguments, though. So if the user needs to be forced by syntax to only use a certain option at a certain position in the commandline, Option-- is not a good choice.

Thread-The last project by Christian Holm Christensen in this issue is Thread--, a project to use Threads in C++ programs. Essentially, all computers work linear. If they get a task, they will complete it step by step in the given order with all their capacity. In most cases, this would only allow running one program at a time, however. In order to allow working on several programs simultaneously - the so-called “multi-tasking” - the executing kernel of

Brave GNU World

the computer, the processor, jumps from task to task. Each of these tasks in turn is again worked on in a strictly linear fashion, but the method allows splitting the computers capacity between programs. As the programs and their tasks become more complex, working only strictly linear within a program is increasingly unsatisfactory. A solution to this problem is threading. Threads allow splitting programs into different “task threads” that again can be worked on linearly to solve different subunits of the complex problem. The interaction and communication between these different threads of course also needs to be co-ordinated and controlled, a functionality which can be accessed by means of Thread-- from C++. Different from similar projects like Boost::Thread, ZThread or Common C++, Thread-- does not distribute preprocessor macros throughout the source code. Implementation specific parts are instead put into Traits. This makes the library quite small and extensible. Christian originally began working on Thread-- in order to test the thread-safety of Readline-- and according to him it works fine on GNU/Linux, but GCC

versions of 2.95.x and below are problematic, so it is advisable to check for the GCC version. The other problems are semaphores under Solaris and Threads under Win32; he could not test it on other platforms. Help with these problems as well as information about other platforms is very welcome.

TUX&GNU@school Towards the end of this issue it is my pleasure to point readers to another remarkable column. Mario Fux, himself a long-time reader of the Brave GNU World, began last year to write a similar column dedicated specifically to Free Software in school. By now he has finished 5 issues of the “TUX&GNU@school” column, which has found its new home on the FSF Europe home page. [17] I wish Mario, as well as Christian Selig and Kristian Rink, who support him as a kind of editorial board, all the best for the future.

6th EC Framework Programme

As mentioned [12], the FSF Europe [13] wrote a recommendation [14] to the European Commission on April 30th, 2002. The recommendation, first of all explained the advantages of Free Software for the region Europe and European countries in order to then suggest giving Free Software priority status. On December 17th 2002 the 6th Framework Programme was finalized and it seems that the recommendation to make Free Software the preferred form for project proposals has been heard. This effectively means that the whole budget of the IST Work Programme, containing 1725 Figure 3: The latest version of TUX&GNU@School column

COMMUNITY

INFO [1] Send ideas, comments and questions to Brave GNU World: column@brave-gnu-world.org [2] Home page of the GNU Project: http://www.gnu.org/ [3] Home page of Georg’s Brave GNU World: http://brave-gnu-world.org [4] “We run GNU”initiative: http://www.gnu.org/brave-gnu-world/ rungnu/rungnu.en.html [5] Twin home page: http://linuz.sns.it/~max/twin/ [6] Brave GNU World, Issue #46: http:// brave-gnu-world.org/issue-46.en.html [7] C++ Packages: http://cholm.home.cern.ch/cholm/misc [8] Bison home page: http://www.gnu.org/software/bison/ [9] Flex home page: http://www.gnu.org/software/flex/ [10]The Lex & Yacc page: http://dinosaur.compilertools.net [11] GNU Readline library: http://cnswww.cns. cwru.edu/php/chet/readline/rltop.html [12] Brave GNU World, Issue #40: http:// brave-gnu-world.org/issue-40.en.html [13] Free Software Foundation Europe: http://fsfeurope.org [14] Recommendation by the FSF Europe for the 6th FP: http://fsfeurope.org/ documents/fp6/recommendation.html [15] 6th Framework Programme: http://www.cordis.lu/fp6/ [16]Call for participation of the FSF Europe: http://mailman.fsfeurope.org/pipermail/ press-release/2002q4/000047.html [17] TUX&GNU@school column: http://fsfeurope.org/education/tgs/

million Euro, has been opened for Free Software. This is most likely the largest sum that was ever available for Free Software funding. In order to now support companies, universities and research centers to launch projects for and with Free Software within this framework, the FSF Europe sent out a request [16] in which it asks all parties to get in touch.

Until next month Enough Brave GNU World for this month, as usual I’d like to ask for questions, ideas and comments by mail. [1] So much for now, until next month. ■

www.linux-magazine.com

April 2003

Events / Advertiser Index / Call for Papers

LINUX MAGAZINE

Linux Events LinuxPark CeBIT 2003 Hannover–Germany

Mar 12–19 2003 www.linux-events.de/LinuxPark/ cebit

Open Source Conference CeBIT Mar 17 2003 Hannover–Germany www.exchangeworld.net/ osc.html EGovOS Conference Washington, DC–USA

Mar 17–19 2003 www.egovos.org/march-2003

PyCon DC 2003 Washington, DC–USA

Mar 26 –28 2003 www.python.org/pycon

Ruby Con Dearborn, MI–USA

Mar 28–30 2003 www.rubi-con.org

Call for Papers

e are always looking for article submissions and new authors for the magazine. Although we will consider articles covering any Linux topic, the following themes are of special interest: • System Administration • Useful hints, tips and tricks • Security, both news and techniques • Product Reviews, especially from real world experience • Community news and projects

CanSecWest/core03 Conference April 9–11 2003 Vancouver–Canada www.cansecwest.com MySQL Conference & Expo 2003 Apr 10–12 2003 San Jose, CA–USA www.mysql.com/events/uc2003 RSA Conference 2003 San Francisco, CA–USA

Apr 13–17 2003 www.rsaconference.net/rsa2003

LinuxUser & Developer 2003 Birmingham, UK

Apr 15–16 2003 www.linuxuser.co.uk/expo

Advertiser Index Advertiser

Web Site

Page

1&1

oneandone.co.uk

9, 25

Cyclades

www.cyclades.co.uk

Outside Back Cover

Dedicated Servers

www.dedicated-servers.co.uk

Digital Networks

www.dnuk.com

GeCAD Software

www.ravantivirus.com

Hewlett-Packard

www.hp.com/uk/ linuxwhitepaper

Inside Front Cover

Linux@Work

www.linux-magazine.com

LinuxPark CeBIT

www.linux-events.de/ LinuxPark/cebit

Inside Back Cover

Linux Magazine Back Issues

www.linux-magazine.com

Linux Magazine Subscription

www.linux-magazine.com

Bind-in 66–67

Open Source Conference CeBIT

www.exchangeworld.net/ osc.html

O’Reilly

www.oreilly.co.uk

April 2003

www.linux-magazine.com

If you have an idea for an article, please send a proposal to edit@linux-magazine.com. The proposal should contain an outline of the article idea, an estimate of the article length, a brief description of your background, and your complete contact information. Articles are usually about 800 words per page, although code listings and images often reduce this amount. The technical level of the article should be consistent with our typical content. Remember that Linux Magazine is read in many countries, and your article may be translated for use in our sister publications. Therefore, it is best to avoid using slang and idioms that might not be understood by all readers. Be careful when referring to particular dates or events in the future. Many weeks will pass between the submission of your manuscript and the final copy in the reader’s hands. When submitting proposals or manuscripts, please use a subject text that helps us to quickly identify your email as an article proposal for a particular topic. Screenshots and other supporting materials are always welcome. Additional information, e.g. on how to format your text, how to invoice us etc., is available at www.linuxmagazine.com/Writers. Please send all correspondence to edit@linux-magazine.com. ■

Subscription CD

LINUX MAGAZINE

Subscription CD

he CD ROM with your subscription issue contains all the software listed below, saving you hours of searching and downloading time. On this month’s subscription CD ROM we start with the latest development software to hit the servers. Included along side the latest Gnome desktop environment we have all the files that we mention in the magazine.

Gnome 2.2 The GNOME 2.2.0 Desktop and Platform release is the latest version of the popular, free desktop environment. While GNOME 2.0 was a major upgrade to the entire Desktop and Developer Platform, GNOME 2.2.0 is a simpler time-based release that includes a number of improvements that have been completed since the previous release: • The user interface of Nautilus, the GNOME file manager • The panel can now be themed • GNOME 2.2 includes the GStreamer multimedia framework • Desktop-wide support for fontconfig and Xft2 • Simultaneous connections to multiple X servers, and X servers with multiple screens

Mozilla 1.3 New to this version of Mozilla: • Image auto sizing allows a user to toggle between full-sized images and images sized to fit the browser window. • Mozilla Mail’s junk-mail classification is mostly complete. Users can now automatically move junk mail to a spam folder. • Find as you type, formerly known as type ahead find, has a new preferences panel. • When installed, Chatzilla now has a normal Mozilla preferences panel.

PyXML The PyXML package is a collection of libraries to process XML with Python. It contains, among other things: • xmlproc: a validating XML parser. • Expat: a fast non-validating parser. • sgmlop: a C helper module that can speed-up xmllib.py and sgmllib.py by a factor of 5. • PySAX: SAX 1 and SAX2 libraries with drivers for most of the parsers. • javadom: An adapter from Java DOM implementations to the standard Python DOM binding.

LyX 1.3 LyX is an advanced open source document processor that produces high quality, professional output – using LaTeX, an industrial strength typesetting engine, in the background. No knowledge of LaTeX is necessary to use LyX, although it will give a user more power.

Chain Reaction Chain Reaction (aka Critical Mass, aka Atoms) is an addictive, multi-player ‘board’ game. It’s easy to learn to play: • Players take turns to add units (blobs) of their color to either an empty cell or a cell they already occupy. • Once the number of blobs in a cell equals the number of neighboring cells – 2 in a corner, 3 along an edge and 4 elsewhere – the blobs ‘explode’, adding 1 blob to each neighbor and leaving the original cell empty. • The neighboring cell may then have enough blobs to explode as well – making their neighbors explode, and so on – a chain reaction.

Wish you had the CD? Each subscription copy of the magazine includes a CD like the one described above – free of charge! Order now and save yourself hours of download time!

■ Significant savings

over the cover price! ■ Money Back Guarantee – cancel at any time for a full refund! ■ Guaranteed delivery ensures you’ll never miss an issue again!

Order Online: www.linux-magazine.com/Subs Or use the order form between pages 66 and 67

Subscribe to Linux Magazine today! www.linux-magazine.com

April 2003

LINUX MAGAZINE

Highlights

May 2003: Issue 30

Next month highlights Editor

John Southern, jsouthern@linux-magazine.com Assistant Colin Murphy, Editor cmurphy@linux-magazine.com International Patricia Jung, pjung@linux-magazine.com, Editors Heike Jurzik, hjurzik@linux-magazine.com, Ulrich Wolf, uwolf@linux-magazine.com International Patricia Jung News Editor Contributors Fred Andresen, Zack Brown, Daniel Cooper, Thomas Drilling, Thomas Grahammer, Georg C. F. Greve, Heike Jurzik, Stephan Kaufhold, Adrian Kerton, Jan Kleinert, Matthias Kranz, Charly Kühnast, Nico Lumma, Davyd Madeley, Michael Mielewczik, Andrea Müller, Christian Perle, Andreas Reitmaier, Simon Rutishauser, Dietmar Ruzicka, Martin Schulze, Stephan Siemen, Stefanie Teufel, Conchita Welker, Frank Wieduwilt, Dean Wilson Production Hans-Jörg Ehren, Coordinator hjehren@linux-magazine.com Layout Judith Erb, Elgin Grabe, Klaus Rehfeld Cover Design Pinball Werbeagentur Advertising www.linux-magazine.com/Advertise Sales All countries Brian Osborn, ads@linux-magazine.com (except phone +49 651 99 36 216, Germany, fax +49 651 99 36 217 Austria, Switz.) Germany Osmund Schmidt, Austria anzeigen@linux-magazine.com Switzerland phone +49 6335 9110, fax +49 6335 7779 Management (Vorstand) Hermann Plank, hplank@linux-magazine.com, Rosie Schuster, rschuster@linux-magazine.com Project Management Hans-Jörg Ehren, hjehren@linux-magazine.com Subscription www.linux-magazine.com/Subs Subscription rate (12 issues including monthly CD) United Kingdom £ 39.90 Other Europe Euro 64.90 Outside Europe – SAL Euro 74.90 (combined air / surface mail transport) Outside Europe – Airmail Euro 84.90 phone +49 89 9934 1167, fax +49 89 9934 1199, subs@linux-magazine.com Linux Magazine Stefan-George-Ring 24 81929 Munich, Germany info@linux-magazine.com, phone +49 89 9934 1167, fax +49 89 9934 1199 www.linux-magazine.com – Worldwide www.linuxmagazine.com.au – Australia www.linux-magazine.ca – Canada www.linux-magazine.co.uk – United Kingdom While every care has been taken in the content of the magazine, the publishers cannot be held responsible for the accuracy of the information contained within it or any consequences arising from the use of it. The use of the CD provided with the magazine or any material provided on it is at your own risk. The CD is thoroughly checked for any viruses or errors before reproduction. Copyright and Trademarks © 2002 Linux New Media Ltd. No material may be reproduced in any form whatsoever in whole or in part without the written permission of the publishers. It is assumed that all correspondence sent, for example, letters, e-mails, faxes, photographs, articles, drawings, are supplied for publication or license to third parties on a non-exclusive worldwide basis by Linux New Media unless otherwise stated in writing. Linux is a trademark of Linus Torvalds. ISSN 14715678 Printed in Germany. Linux Magazine is published monthly by Linux New Media AG, Munich, Germany, and Linux New Media Ltd, Manchester, England. Company registered in England. Distributed by COMAG Specialist, Tavistock Road, West Drayton, Middlesex, UB7 7QE, United Kingdom

April 2003

Threads

abcde

We examine the inner workings of the kernel. Threads are “light weight processes”. These help to reduce the overall overhead of the processor by sharing fundamental parts. By sharing these parts, switching happens much more frequently and efficiently. We explain the differences between the two types of threads and where they occur.

A guide to using A Better CD Encoder. Ordinarily, the process of grabbing the data off a CD and encoding it, then tagging or commenting on it, is very involved. abcde is designed to automate this. It will take an entire CD and convert it into a compressed audio format – Ogg Vorbis or MPEG Audio Layer III (MP3). Abcde is a front-end command-line utility (actually, it is a shell script) that gives you all the control you need to help rip those CDs, all in one go.

Transmeta Kit The Transmeta Crusoe processor with Code Morphing software is designed to give little heat and so open up a range of new marketplaces.

KDE vs Gnome

We take a look at the development kit and just what is required to optimise your code and take full advantage.

Subversion Subversion is a free source code manager and version control system intended to replace CVS. Most open source developers have, at some stage, come across CVS. It is the de facto standard Software Configuration Management on free software projects. The primary goal of the Subversion project is “to build a compelling replacement for CVS in the open source community”. In other words, it is designed to implement all of the functionality of CVS, with a familiar interface, while fixing its design flaws, and offering much improved functionality. We explain how it differs and why you should consider changing.

www.linux-magazine.com

The ultimate test. As both of the big desktop environment systems have released new versions recently we decided to put them through our gruelling laboratory test. We compare all the new features and explain the differences in design and application. An independent test to give you all the information that you need to decide which suits you best. Will KDE with its new integrated development environment win your

On Sale: 4 April