Reehan's Blog

Android phones are spectacular little devices because they're able to so much that others simply can't, but one big snag in that greatness is that many of those best features require that the phones be rooted. Whether you plan on installing custom ROMs or not, you may want to root your phone just to use the great apps that require root access. Here are the ten most essential apps available for Android that require root.

View the original article here

Android has no shortage of great music apps, but if you're looking for something that'll play nearly any local file, has a powerful equalizer, a handy tag editor, and tons of customization options, look no further than PowerAMP.

Read more at Lifehacker

View the original article here

The ChromiumPC modular computer, first unveiled by Xi3 last year, is ready to ship this summer, with an architecture designed specifically for Chrome.View the original article here

It was just yesterday that Martin Gräßlin, the lead KWin developer, had written yet another insightful blog post about the underlying improvements to KWin in KDE SC 4.7, but now he's back at it again today. This time he's writing about the different rendering back-ends that are available for KWin...

View the original article here

With a few weeks having passed since UDS Budapest where a lot of details concerning Ubuntu 11.10 "Oneiric Oncelot" were figured out and debated, and the features definition freeze now in effect, Canonical has announced the five core areas they'll be working on in this development cycle as it pertains to the Ubuntu Server release...

View the original article here

From the blogs: Jonathan Bryce explains why Ubuntu Linux is used by OpenStack and why OpenStack is a once-in-a-lifetime open source opportunity.

View the original article here

When you ask children what they want to be when they are older, how many of them say they want to be a manager? I've certainly never met one who had such aspirations. In part this is because management is a pretty amorphous concept to a ten-year-old. But it's also because we adults aren't exactly singing the praises of the management profession either.  For example, in a 2008 Gallup poll on honesty and ethics among workers in 21 different professions, a mere 12 percent of respondents felt business executives had high/very high integrity--an all-time low. With a 37 percent low/very low rating, the executives came in behind lawyers, union leaders, real estate agents, building contractors, and bankers.

View the original article here

This tutorial shows how you can set up a Linux Mint 11 (Katya) desktop that is a full-fledged replacement for a Windows desktop, i.e. that has all the software that people need to do the things they do on their Windows desktops. The advantages are clear: you get a secure system without DRM restrictions that works even on old hardware, and the best thing is: all software comes free of charge. Linux Mint 11 is a Linux distribution based on Ubuntu 11.04 that has lots of packages in its repositories (like multimedia codecs, Adobe Flash, Adobe Reader, Skype, Google Earth, etc.) that are relatively hard to install on other distributions; it therefore provides a user-friendly desktop experience even for Linux newbies.

View the original article here

Now that the first KDE SC 4.7 beta is available, Martin Gräßlin, the lead developer of the KWin, has blogged about some of the underlying improvements made to the compositing window manager for KDE during this development cycle. Of course, most Phoronix graphics junkies will already know what's changed based upon previous articles, but here's an overview for those not caught up to speed...

View the original article here

Why now? Torvalds released 2.6.39 last week. As we're looking at 2.6.40, Torvalds seems to think it's time for a change. "The voices in my head also tell me that the numbers are getting too big. I may just call the thing 2.8.0. And I almost guarantee that this PS is going to result in more discussion than the rest, but when the voices tell me to do things, I listen."

And so it has. While many developers dismiss version numbering as "just marketing," marketing does have some importance. Those in the know may understand that the version numbers indicate very little about the actual changes between versions — but the rest of the world still looks at the numbers.

The rest of the world that looks at the numbers has been waiting a long time for a version bump. It's been about seven years since the first 2.6.0 kernel was released, and the odd-numbered scheme for development kernels was abandoned, which is easily the longest stretch without a version bump:

Linux pre-1.0 versions ran from 1991 to 1994: Three years.Linux 1.x ran from 1994 through mid-1996: Two and half years.Linux 2.0.x was the mainline stable kernel from mid-1996 through early 1999: Less than three years.Linux 2.2.x was the mainline stable kernel from early 1999 through early 2001: About two years.Linux 2.4.x was the mainline stable kernel from early 2001 through late 2003: About three years.Linux 2.6.x is the mainline stable kernel since mid-December 2003: More than seven years.

Note that, of course, the kernel folks continued to release updates to previous kernels even after a new major version was released. So, for example, the 2.4 release still receives (infrequently) updates for the small number of users who are on 2.4.x. Prior to 2.6.x the kernel had an odd/even numbering scheme for development vs. stable kernels. For example, work on major new features would go into 2.5.x while 2.4.x was the mainline stable release.

The reason it's been so long for a "major" bump is that the old model of kernel development went by the wayside in favor of time-based releases. This got rid of the need for odd/even releases and major bumps in release numbers that indicated lots of new features that had been in the works.

A 2.8 release won't really indicate big changes in the kernel — but it would get press attention outside (and inside) the Linux community, which isn't necessarily a bad thing. And it would coincide nicely with the 20th anniversary of the Linux kernel, which is (arguably) in August.

Does that mean a 3.0 is within sight? Yes and no. Maybe as Linux approaches its 30th anniversary. Torvalds says, "since we no longer do version numbers based on features, but based on time, just saying 'we're about to start the third decade'" works as well as any other excuse" to name the release Linux 3.0.

View the original article here

Wow, so our theory and mockup turned out to be pretty much spot on: indeed, the oddly named ASUS PadFone does tuck itself into a shielded docking bay on the back of its companion tablet, and the latter's hinged cover appears to pop up upon releasing the latch. You can also just about make out the two ports inside, which are likely to be micro-USB and HDMI for driving the larger display, and we wouldn't be surprised if this involves an extra battery as well. Now, what we really like to know is which version of Android will be shipped with this split-personality phone? Our money's on Ice Cream Sandwich, given that this flavor will happily cater both phone and tablet form factors later this year -- bear in mind that Honeycomb was never intended for small devices, nor would ASUS risk marketing the PadFone as a Gingerbread tablet at this day and age. Well, we shall dig up more answers for y'all tomorrow, and stay tuned for some sweet hands-on time.

View the original article here

One of the mailing list messages making the rounds on the Internet today is concerning the GNOME project and whether they should no longer concern themselves with supporting non-Linux operating systems...

View the original article here

New report provides guidance and best practices on how to leverage open source.

View the original article here

The desktop version of Ubuntu 8.04 LTS has officially reached its end of life. Hardy Heron users are advised to upgrade to a later release to continue receiving updates

View the original article here

Lubuntu is now an officially supported Ubuntu derivative.

View the original article here

Firewall Builder is one of the most powerful and user-friendly firewall creation utilities available for Linux. One of the many reasons Firewall Builder is both powerful and easy to use is its objects feature. Objects are reusable elements that can be added and removed from firewall rules by dragging and dropping the object into firewall rules. Firewall Builder comes with plenty of pre-defined objects that can be used right away, and also makes for easy creation of new objects.

Objects are so crucial to the ease of use and understanding of Firewall Builder, I want to dedicate this entire article to the creation, editing, and use of objects. With a sound understanding of objects under the belt, any one should be able to create secure and flexible firewalls to fit nearly any need.

Firewall Builder stores objects in what are known as Libraries. By default Firewall Builder includes two Libraries.

Standard: The predefined objects that can be dragged and dropped into firewalls. These objects can not be edited.User: An empty pre-categorized library where users can add their own objects and then drag and drop them into firewalls.

To select a library, click on the Library drop-down (see Figure 1) and select either the Standard Library or the User Library. Let's say, for example, the firewall being created will be used to secure an HTTP server. Why bother creating TCP/UDP service objects when they already exist in the Standard Library? Simply open up the Standard Library (click the Library drop-down and click Standard), expand the Services entry, Expand the TCP entry, and the HTTP and HTTPS entries will be available. Drag and drop all of the related entries necessary for the new firewall into the desired rules for the firewall.

Another way to find the object is to use the convenient filter feature, located just below the Library drop down, that lets you quickly filter the objects in the tree to find what you are looking for.

 

It is also possible to create a Custom Library by clicking the drop-down to the left of the Libraries drop-down and selecting New Library.

In my previous article I discussed how to create objects specific to firewall used for SSH connections into a host. The methods discussed in that article describe the creation of objects for the User Library. One of the nice features of Firewall Builder is that those objects can be then reused in other firewalls. So even if the objects were initially created for the SSH firewall, they can then be re-purposed for a firewall focused on a Web server. That doesn't just apply to services; any of the objects created in a previous firewall can be re-used over and over.

Don't think objects are limited to services or addresses. In fact quite a few object types can be created and used, and here is a listing of the types:

Address Ranges: A range of addresses can be configured into a single object.Address Tables: This is an address-based object that can be created when a range of addresses is needed but the actual addresses are not known when the firewall or policy is being written. The Address Tables object has an added feature which allows for the object to be loaded at either compile time (during firewall compilation) or during run time (when Firewall Builder runs the firewall script). More on this in a moment.Addresses: A single address that can be used for an interface, source, or destination (such as a host).DNS Names: This object represents a DNS "A" or "AAAA" name and resolves to an IP address during either compile or run time. What this highlights is the intelligence of the compiler and its ability to resolve addresses to names during compilation.Groups: A group is a container that holds references to multiple objects of the same or similar type (Addresses, Address Ranges, Network Objects).Hosts: A host object represents hosts on a network: Desktops, Workstations, and any other network node that has a network address.Networks: This object describes an IP network or an entire subnet.

A group is a container that holds references to multiple objects of the same or similar type (Addresses, Address Ranges, Network Objects). When a new group is created (see Figure 2) the member objects can either be created from within the configuration of the group itself (click the "Create new object and add to this group" drop-down) or objects can be dragged and dropped into the group from one of the Libraries. During compile time the Firewall Builder compiler will determine if a group should be expanded and multiple chains needed or if a single chain can take care of the group.

 

Make sure the name given to the group adequately describes the purpose of the group so that group can be re-used without having to examine its contents.

Address Tables are incredibly handy. Essentially this object allows you to define a list of addresses and/or networks into a rule, even if the actual addresses are unknown at the time the rule is created. What must be done, however, is (when the addresses are known) a file is created that will house the addresses. That file name and location is configured into the Address Tables setup (see Figure 3).

To configure the file the addresses will be read from click the Choose File button and then navigate to file.

When you have configured the Address Table to be aware of the file containing the addresses, it is also possible to directly edit the file from within Firewall Builder. To do this click the Edit File button and the Firewall Builder Script Editor will open (see Figure 4).

Figure 4
fwbuilder_script_editor.png

You can create a file using the script editor, just enter the full path to the file and click Edit. The file will be created when you click Save.

The services objects are all fairly self-explanatory (Custom, Groups, ICMP, IP, TCP, UDP, Users). The only Service that may need explanation is the TagServices. The TagServices object allows packets to be tagged by one rule and then acted on by another rule. Packet tagging is fairly complex. Essentially a TagServices object is created and configured with either a tag number or string. To match a tag in a rule just drag and drop the service object to the Service column of the rule. To create a rule that sets the tag, set the Action to Tag and drag and drop the TagService to the bottom of the screen where it says "Drop object here."

It is also important to know that TCP and UDP Services can have definitions for both source and destination ports configured and that if a configuration of 0 is used all ports will be matched. Say, for example, it is necessary to create a service for HTTP using port 8080 as the destination, but a specific source port is not necessary. To do this enter 8080 as the destination port and leave the source port as is (set at 0).

A handy trick to know is how to locate where a service is being used within a firewall. With a firewall open, navigate to a service (either from the Standard or User Library) and right-click the service. When the context menu opens select Where Used. A pane will open in the lower half of the Firewall Builder window (see Figure 5) that will, upon clicking the Find button, display where the service is used within the firewall. This is especially handy when trying to troubleshoot a particular firewall.

 

If any child services were created from the original, make sure to search for those as well.

The creation and manipulation of objects serves as the foundation and building blocks which all firewalls are created within Firewall Builder. Because objects make the creation of firewalls more efficient and user friendly, it is important to understand how they can be best utilized. When used correctly, Firewall Builder objects help to make the administration of firewalls a far easier task.

View the original article here

Running enterprise applications on cloud infrastructure is one thing, getting those applications to integrate with enterprise identity and authentication systems is quite another.

View the original article here

The World Wide Web Consortium (W3C) sends out last call for public review of HTML5 specifications.

View the original article here

This tutorial will cover how to install the well-known CUPS printing system, and optionally tell you how to have your Canon printer work. There are extra details about where to find Canon drivers and how to install the "Print to PDF" feature.

If you didn't check any option at the Debian network installation, you will need to download and install a few packages.

Run the following command as root:

# apt-get install cups cups-client "foomatic-db*"

This will install CUPS and download a database of printer drivers.

As the Debian distribution installs a secure Linux system on your computer, most of the permissions involved by installing packages are "opt-in". This means you have to explicitly grant permission to users so that they can print.

This is done by adding them to the lpadmin group:

# adduser YOUR_NORMAL_ACCOUNT lpadmin

Power on and plug your printer, and then browse to http://localhost:631/

Go to the Administration tab and click Add printer. At that point you will be required to type your normal user and password (not root).

CUPS will look for printers available on the network or attached to your computer.

Choose your printer in the Local printers section.

Fill the form if you want to, then see if your printer driver is in the list.
NB: Your exact model number is probably not in the list, however if you've got a 3030 printer, the 3000 driver is the one you need.

If you don't find your printer in the list, either the driver just doesn't exist for non-Windows OS / Mac OS, or it is proprietary (non-free).

If you bought a Brother or HP printer, you're lucky because all of their current printers are provided with an opensource driver. Install the hplip package for Hewlett Packard printers.

You can't find Canon drivers on non-free repositories. You have to go to the Canon website and download them.

Go to www.canon.com, select your country and language, then go to the Support page, find your printer (in category "Printer" or "Multifunction").
Choose "Linux" as your operating system. Let the language setting as it is. (Because maybe the drivers could be hidden if the included manual doesn't exist in your language).

Download that UFR II driver file.

You'll end up with a zip file / archive.

Open your Terminal again, change to your Downloads directory, and unzip that file:

$ unzip *ufr2*.zip

The unzipped directory is the language you choose, e.g. "english" or "italiano". cd to that directory, then open the "driver" directory corresponding to your architecture (32 or 64 bits), and finally open the RPM folder.

As you may know, RPM is the "Red Hat Package Manager", but Debian uses APT. RPM files have the ".rpm" extension and Debian packages get a ".deb" extension.

So, we will have to convert them.

For that purpose, install a program called alien. And I'd advice to install fakeroot as well. (Fakeroot allows you to work on Debian packaging without root privileges, which are not needed until the installation part.)

# apt-get install alien fakeroot

Then convert the packages:

 $ fakeroot alien --to-deb *.rpm

Finally you can now install them as usual:

# dpkg -i *.deb

Reload the "Add printer" page on the CUPS web interface, and this time you should be able to find your printer model in the list. (You can also press "Choose another ...." and go back to "Canon" again.)

You should not need to restart cups, but if you want to, just to be sure, do the following as root:

# service cups restart

Voilà ! You've successfully installed your printer!

Here is a trick that could be helpful. If you're using an application that doesn't provide an "Export to PDF" function, you can simply print as normally and select a special "PDF printer."

In order to do that, you have to install the "cups-pdf" package:

# apt-get install cups-pdf

Your "PDF printed" documents will be put in a folder called "PDF" in your home directory, i.e. ~/PDF/

You may have to create this directory yourself if you have issues with the cups PDF printer.

The CUPS web user interface is the place to go whether you need to manage your printers and printing jobs, and find the reasons of printing issues. You can pause or cancel a job and even re-print a document.

Note you have to modify your /etc/cups/cupsd.conf configuration file if you want the interface to be accessible from other computers in your network.

View the original article here

All kinds of organizations need bug trackers. Whether it's software developers, Web site developers, or just organizations with significant IT needs, bugs must be tracked. (And, you know, fixed.) To that end, there are plenty of bug tracking tools available, but none that are open source and as easy to install and manage as Mantis Bug Tracker. This weekend, get started tracking bugs with Mantis!

Since the installation of Mantis is such an easy (and well documented) task, I want to focus on the management and flow of the work done within the tool. This means managing projects as well as reporting and managing the flow of reported bugs. The only assumption made will be that Mantis is already up and running.

Before bugs can be reported, there must be a project to report bugs on. In order to manage projects log into Mantis as the administrative user and then click on the Manage link. From this new page (see Figure 1), click on the Manage Projects link.Obviously, all Mantis management is tackled from this page, so make sure whoever has the key to this kingdom knows what they are doing — or should, anyway.

From within the Manage Projects page all that is necessary is to click the Create New Project button. From within the new page, the following information is necessary:

Project Name: Human Readable name for project. This is the only field that is required.Status: Choose from development, release, stable, obsolete.View Status: Choose from public or private.Inherit Global Categories: On or off.Upload File Path: Path for file upload. This path must be readable and writable by the web server and does not (nor should) need to be within the document root or the Mantis directory.Description: Human readable description of project.

Below the Description there are other fields that can be filled out. Per-project categories can be created on this page. Per-project categories are very important and useful to make the flow of bugs easier to follow. Getting as granular as possible in the categorization will not only make it easier for developers and admins to follow the flow of information, it will also make it much easier for reporters to report bugs (and be more specific when doing so.) Use this only if there will be categories that are only related to this particular project. The main categories are global and can be used by all projects.

There is one small hiccup with creating the categories at this point. When a category is created, it's always smart to assign that category to a user. But if no users have been created, this isn't possible. To really make the most out of the system, each category should be assigned a lead so all notifications can be funneled to the proper person. So, instead of creating Categories next, migrate over to users and create the users that will serve as the heads of the various categories. Don't worry, the project can be modified later, after users have been created. Naturally, this won't be necessary on a Mantis installation that already contains the necessary users.

The managing of users is a fairly straight-forward task, but it's one that's quite important. When users are created they are assigned an access level which dictates their effective permissions within Mantis. So, it should go without saying, to pay close attention to the access level of a new user. To create said new user click on (from the Mantis home page) Manage > Manage Users. From the Manage Users page, click the Create New Account button and fill out the necessary information:

Username: The username the user will log in with.Real Name: The human readable name of the user.E-mail: E-mail address for the user.Access Level: Choose from viewer, reporter, updater, developer, manager, or administrator.Enabled: Check to enable to user. Uncheck to temporarily disable the user.Protected: When an account is protected its attributes can not be changed.

With the users created, now it's possible to assign categories to those users to further refine how Mantis is used.

Go back to the Manage Projects page. From this page it is possible to create Global Categories. As mentioned earlier, Global Categories are available to all projects, so do not create categories here that relate to a specific project. To create a category simply type the category name in the field to the left of the Add Category button and click Add Category. This will add the category, but will not assign the category to a user. In order to assign a category to a user click the Edit button associated with the category, which will open that category up for editing (see Figure 2).

 

At this point the category name can also be changed.

To assign the category to a user, just select the user from the drop-down and then click Update Category. With the project, categories, and users created it is now possible for users to report bugs against the project.

As crucial as categories are to the ability for reports and manages to work the flow of information, email alerts are, without a doubt, the single most important feature of Mantis for quick response to issues. These alerts make those who need to know aware when bugs are reported and/or have status changes. This feature, of course, requires a working SMTP server configured in the config_inc.php configuration file. With that in place, do the following:

Go to the Mantis main page.Click on the Manage link.Click on the Manage Configuration link.Click on the E-mail Notifications link.Configure Access Levels for each user type (See Figure 3.)Click Update Configuration.

Settings highlighted in green override all others. Settings in blue are project-specific.

The flow of bug tracking can range from the fairly simple to the very complex. This will be dictated on how detailed bugs become, how frequent bugs are reported, and how granularly those bugs are managed. Regardless of how complex your bug reporting can get, this is how Mantis manages the flow of bugs:

User logs onto Mantis site.User reports issue for a particular project, making sure to select either a Global or Project-specific category.Notification is sent to Project Manager (or whoever is configured to receive notifications.)Manager (or administrator) of project confirms bug and assigns bug to developer.Developer resolves bug and sets bug status to resolved.Manager (or administrator) can then close bug when resolution is confirmed.

As is shown in Figure 4, it is very easy to access quite a large amount of information about a bug. Each blue link is clickable and will reveal different aspects about an individual but, a category, a user, a project, and more.

 

In this example there are two projects with a bug attached, Mobuntu and WidgetOne.

A user with the correct permissions could click on any of the listed bugs and view, edit, promote, demote, assign, and much more. Bugs can even have their status changed in batches by checking off all the bugs to be changed and then selecting the new status from the drop-down (below the bug listing window). Once the new status is selected, click the OK button to update. Depending the change, a new window may be opened for user interaction (such as with an assigning of bugs.)

Different companies will use Mantis differently. Some will be able to function with just the very basics, whereas others will depend upon a highly detailed usage. Regardless of how it is used, it is important to know that Mantis Bug Tracker offers numerous ways to manage the flow of bugs in and out of the system.

View the original article here

This tutorial provides step-by-step instructions on how to install Xen (version 3.0.3) on a CentOS 5.6 (x86_64) system.

Xen lets you create guest operating systems (*nix operating systems like Linux and FreeBSD), so called "virtual machines" or domUs, under a host operating system (dom0). Using Xen you can separate your applications into different virtual machines that are totally independent from each other (e.g. a virtual machine for a mail server, a virtual machine for a high-traffic web site, another virtual machine that serves your customers' web sites, a virtual machine for DNS, etc.), but still use the same hardware. This saves money, and what is even more important, it's more secure. If the virtual machine of your DNS server gets hacked, it has no effect on your other virtual machines. Plus, you can move virtual machines from one Xen server to the next one.

I will use CentOS 5.6 (x86_64) for both the host OS (dom0) and the guest OS (domU).

This howto is meant as a practical guide; it does not cover the theoretical backgrounds. They are treated in a lot of other documents in the web.

This document comes without warranty of any kind! I want to say that this is not the only way of setting up such a system. There are many ways of achieving this goal but this is the way I take. I do not issue any guarantee that this will work for you!

This guide will explain how to set up image-based virtual machines and also LVM-based virtual machines.

Make sure that SELinux is disabled or permissive:

vi /etc/sysconfig/selinux

# This file controls the state of SELinux on the system.# SELINUX= can take one of these three values:# enforcing - SELinux security policy is enforced.# permissive - SELinux prints warnings instead of enforcing.# disabled - SELinux is fully disabled.SELINUX=disabled# SELINUXTYPE= type of policy in use. Possible values are:# targeted - Only targeted network daemons are protected.# strict - Full SELinux protection.SELINUXTYPE=targeted

If you had to modify /etc/sysconfig/selinux, please reboot the system:

reboot

To install Xen, we simply run

yum install kernel-xen xen

This installs Xen and a Xen kernel on our CentOS system.

Before we can boot the system with the Xen kernel, please check your GRUB bootloader configuration. We open /boot/grub/menu.lst:

vi /boot/grub/menu.lst

The first listed kernel should be the Xen kernel that you've just installed:

[...]title CentOS (2.6.18-238.9.1.el5xen) root (hd0,0) kernel /xen.gz-2.6.18-238.9.1.el5 module /vmlinuz-2.6.18-238.9.1.el5xen ro root=/dev/VolGroup00/LogVol00 module /initrd-2.6.18-238.9.1.el5xen.img[...]

Change the value of default to 0 (so that the first kernel (the Xen kernel) will be booted by default):

The complete /boot/grub/menu.lst should look something like this:

# grub.conf generated by anaconda## Note that you do not have to rerun grub after making changes to this file# NOTICE: You have a /boot partition. This means that# all kernel and initrd paths are relative to /boot/, eg.# root (hd0,0)# kernel /vmlinuz-version ro root=/dev/VolGroup00/LogVol00# initrd /initrd-version.img#boot=/dev/sdadefault=0timeout=5splashimage=(hd0,0)/grub/splash.xpm.gzhiddenmenutitle CentOS (2.6.18-238.9.1.el5xen) root (hd0,0) kernel /xen.gz-2.6.18-238.9.1.el5 module /vmlinuz-2.6.18-238.9.1.el5xen ro root=/dev/VolGroup00/LogVol00 module /initrd-2.6.18-238.9.1.el5xen.imgtitle CentOS (2.6.18-238.el5) root (hd0,0) kernel /vmlinuz-2.6.18-238.el5 ro root=/dev/VolGroup00/LogVol00 initrd /initrd-2.6.18-238.el5.img

Afterwards, we reboot the system:

reboot

The system should now automatically boot the new Xen kernel. After the system has booted, we can check that by running

uname -r

[root@server1 ~]# uname -r
2.6.18-238.9.1.el5xen
[root@server1 ~]#

So it's really using the new Xen kernel!

We can now run

xm list

to check if Xen has started. It should list Domain-0 (dom0):

[root@server1 ~]# xm list
Name                                      ID Mem(MiB) VCPUs State   Time(s)
Domain-0                                   0     3343     2 r-----     18.1
[root@server1 ~]#

Paravirtualization With Xen On CentOS 5.6 (x86_64) - Page 2

View the original article here

Map-based navigation: it's one of the killer apps for any mobile platform. The only sticking point is getting the maps. Downloading map tiles on the fly is the default solution for most navigation apps, but pre-loading makes more sense when it's possible. Unfortunately, open source navigation apps have earned a reputation for clunky and awkward map-loading interfaces. This weekend, let's look at a simpler method, so you can get on the road quicker.

Sure, whenever you have solid data coverage and a cheap-but-fast mobile plan, you can stream maps on-demand — but even then your download speed can to a crawl at just the wrong moment. Plus, you can forget about streaming maps if you're traveling to the back woods or headed overseas with a pre-paid SIM. Pre-loading map sets bypasses the entire problem, plus for many apps it allows you to calculate routes while offline as well.

The problem is that the open source apps make pre-loading into a colossal pain. Some provide a pre-loading interface that falls flat — such as by requiring you to manually enter unformatted latitude and longitude coordinates for the corner points, by not allowing you to see which maps it already has stored, or by attempting to download every zoom level in the database. Others simply have no pre-loading interface at all, requiring manual configuration file editing to point the app towards the right storage directory.

If you had unlimited disk space, you could always grab the entire OpenStreetMap global data set, but for all practical purposes the way most people will operate is to keep a small set of maps on their device at any one time — home, the destination city for a particular trip, and so forth.

Complicating matters slightly is the fact that different navigation apps utilize different map sources. If you're hiking cross-country, you probably want a topographic map, so OSM's street map source isn't going to be any good, regardless of how easy it is to partition off the relevant boundary lines and download tiles. If you use more than one app then typically you double the amount of work involved, since most navigation apps have their own package format and directory structure — even when dealing with the same map source.

We can simplify the process by using the Java application Mobile Atlas Creator (or MOBAC for short). MOBAC includes a web map renderer on which you can select the region of which you're interested in generating an offline map source, plus controls that let you configure zoom level and other options. Whenever you have your "atlas" (which is MOBAC's term for each individual offline map bundle) configured, you can have MOBAC batch-download the tiles and properly configure them for the navigation device of your choice.

You can download MOBAC from the project's site on SourceForge.net. For most users, all you will need to do is grab the .jar package linked to under "Download" on the home page. It requires Java 1.6 or newer, which is standard fare for Linux. The developer recommends you also download the latest build of Java Advanced Imaging from Sun (or presumably, Oracle), although this is optional. A subset of mapping applications also require the Sqlite database; the Download section links to the appropriate Java library.

The current release of MOBAC is version 1.9 beta 5, which officially supports 28 different navigation and mapping apps. There are others that use a compatible format, but don't make the main list. Most are turn-by-turn mobile navigation aids like AndNav, OsmAnd, and Osmdroid, but off-road utilities like Mobile Trail Exporer, specialty apps like Nokia Sports Tracker, and GPS-logging apps are supported as well — including those for dedicated GPS hardware like Magellan and Garmin units.

After you've downloaded the requisite files, cd into the resulting directory and launch MOBAC with ./start.sh &. The left-hand window pane holds a series of expandable settings docks; click on the arrow in each dock's title bar to see its content. The right-hand pane is for GPX data, which is a different enough use case that we don't have time to discuss it. In the center is the map view widget.

The atlas-building process is a bit quirky, but you will soon get the hang of it. The "Map source" selection dock on the left lets you choose which map is displayed in the map view. "Atlas Content" further down displays the map components you have selected so far. By default, MOBAC starts a new atlas project named "Unnamed atlas" at startup. You can work on more than one at a time — use the "New" button to create one. Just keep an eye on which atlas project is selected as you work: every time you make a selection on the map view, you can click the "Add selection" button to add it to the currently chosen atlas project.

In the map view widget, the right mouse button acts as a "grab" controller, with which you can pan and scroll the map view. The left mouse button allows you to draw a selection rectangle onto the map. The scroll wheel zooms in and out. When you have selected the region you want to save, go to the "Zoom Levels" dock and check which levels you want to download. There is some trial-and-error involved, but if you're new you can learn a lot by visiting OSM's web renderer and watching the zoom level there. You probably don't need more than two or three levels; it simply depends on the detail level you want.

What makes MOBAC exceptionally useful, however, is that you don't have to stop at one selection rectangle or one map source. You can add multiple cities (at a high zoom level) and a large swatch of highway (at a lower zoom level) all to one atlas. You can also grab OSM street data and OSM public transport or hiking maps, and merge them all into a single atlas.

When you have all of your selections made, choose "Convert atlas format" from the "Atlas" menu. This dialog lets you select the output format of your maps. The README file (which is also accessible through the Help menu) describes which format is required for each of the supported apps. For other apps, you need to look online for documentation (Mappero, for example, uses the "OSMTracker tile storage" format, which seems to be popular among the open source apps, although AndNav has its own). If you installed the Java Advanced Imaging package mentioned earlier, you can select some custom tile processing options (such as reducing the color data to save space), but it's not required. When you're ready, click "Create atlas" and MOBAC will download all of the tiles in your atlas selections, convert them, and package them for use on your device.

At this point, all that remains is to copy your freshly-minted atlas to your mobile device. Here the process varies from app to app. Start by clicking the "Open Atlas Folder" button in MOBAC's "success" dialog. Each atlas project you've built will be saved in one location, so you can maintain a local library. Whether you can simply drag-and-drop an atlas folder from your hard disk to a USB-attached device, or whether you need to navigate inside it and drag the sub-folders independently depends on the app. Start by consulting the README file; if you don't find instructions there, go to the MOBAC wiki, which maintains pages on the subject — often linked to real-world how-to guides.

You may have noticed that there is a long list of map sources rambling down the sidebar of the MOBAC homepage, but that I have only discussed using OSM-based data sets. That is because Robert, MOBAC's lead developer, recently made a change to the application that disabled most of the commercial and proprietary map sources. As he explains on the forum, he did not do this because the map data was licensed in a manner incompatible with MOBAC's GPLv2 , but because the terms of use for a handful of the more litigious map providers explicitly forbid so-called "bulk" downloads through their APIs.

Whether your personal usage of MOBAC constitutes a "bulk" request depends on how much you select, but Robert did not feel like working it all out individually. Instead, he disabled the problematic services, and now says he will re-enable any of them for which a clearly-expressed deal can be reached. He is asking MOBAC users to contact map service providers rather than doing the deal-making himself.

I have grave doubts as to whether that third-party negotiation technique will work, but in the meantime I don't mind: OSM works everywhere I have traveled, and it is explicitly free. You can read more about the map source setup process in the same thread, including how to add map sources that are free but don't offer any TOS at all (or simply don't respond to inquiries). It's important to notice, however, that a web map source has to meet some technical requirements in order to function. The MOBAC site has a list of map sources that are incompatible, and a tool to help you determine if a new source meets the requirements.

It only takes a few seconds for MOBAC to download and convert hefty map collections if you have a reasonably fast Internet connection. Doing so once might be a slight convenience when compared to making a single custom map set, but what makes MOBAC worth keeping around is how it simplifies the process on a repeating basis.

As mentioned above, you can save your old atlases for later re-use; MOBAC can also be configured to freshen already-downloaded tiles so that updates to the map are added to your existing atlas. It also allows you to bookmark map views, so that you can quickly re-visit settings; this is especially useful as you are getting used to what your preferred zoom levels are for different types of transport. In addition, MOBAC excels because of its support for multiple map layers. How uninteresting would it be if you had to choose between street maps or public transport, but not both?

Open source navigation apps have come a long way in a short period of time, particularly on Android, but they all still have room to improve in the area of offline map support. It is an understandable afterthought if you are the developer, where offline and online maps are such very different features. Which is why it's such a good thing MOBAC is available to bridge the gap.

View the original article here

This guide explains how you can run virtual machines with VirtualBox 4.0 on a headless Ubuntu 11.04 server. Normally you use the VirtualBox GUI to manage your virtual machines, but a server does not have a desktop environment. Fortunately, VirtualBox comes with a tool called VBoxHeadless that allows you to connect to the virtual machines over a remote desktop connection, so there's no need for the VirtualBox GUI.

I do not issue any guarantee that this will work for you!

I have tested this on an Ubuntu 11.04 server (host system) with the IP address 192.168.0.100 where I'm logged in as a normal user (user name administrator in this example) instead of as root.

To install VirtualBox 4.0 on our Ubuntu 11.04 server, we open /etc/apt/sources.list...

sudo vi /etc/apt/sources.list

... and add the following line to it:

[...]deb http://download.virtualbox.org/virtualbox/debian natty contrib

Then we download the VirtualBox public key...

wget -q http://download.virtualbox.org/virtualbox/debian/oracle_vbox.asc -O- | sudo apt-key add -

... and update our package database:

sudo apt-get update

Afterwards, we install VirtualBox 4.0 as follows:

sudo apt-get install linux-headers-$(uname -r) build-essential virtualbox-4.0 dkms

(The dkms package ensures that the VirtualBox host kernel modules are properly updated if the Linux kernel version changes.)

Starting with version 4.0, VirtualBox has introduced so called "extension packs" and has outsourced some functionality like remote desktop connection support (VRDP) that was part of VirtualBox packages before version 4.0 into these extension packs. Because we need remote desktop connections to control our virtual machines, we need to install the appropriate extension pack now. Go to http://www.virtualbox.org/wiki/Downloads, and you will find a link to the following extension pack:

VirtualBox 4.0.6 Oracle VM VirtualBox Extension Pack
Support for USB 2.0 devices, VirtualBox RDP and PXE boot for Intel cards.

Download and install the extension pack as follows:

cd /tmp
wget http://download.virtualbox.org/virtualbox/4.0.6/Oracle_VM_VirtualBox_Extension_Pack-4.0.6-71344.vbox-extpack
sudo VBoxManage extpack install Oracle_VM_VirtualBox_Extension_Pack-4.0.6-71344.vbox-extpack

(Make sure you grab the latest version from the VirtualBox web site.)

(Make sure you run the last command with sudo - sudo VBoxManage extpack install ... - because otherwise you will get an error like this:

administrator@server1:/tmp$ VBoxManage extpack install Oracle_VM_VirtualBox_Extension_Pack-4.0.6-71344.vbox-extpack
0%...
Progress state: NS_ERROR_FAILURE
VBoxManage: error: Failed to install "/tmp/Oracle_VM_VirtualBox_Extension_Pack-4.0.6-71344.vbox-extpack": The installer failed with exit code 127: Error creating textual authentication agent: Error opening current controlling terminal for the process (`/dev/tty'): No such device or address
administrator@server1:/tmp$

)

Now we must add the user that will run VirtualBox (administrator in this example) to the vboxusers group:

sudo adduser administrator vboxusers

VirtualBox is now installed and ready to be used.

To create a VM on the command line, we can use the VBoxManage command. See

VBoxManage --help

for a list of available switches and (highly recommended!) take a look at http://www.virtualbox.org/manual/ch08.html.

I will now create an Ubuntu 11.04 Server VM with 512MB memory and a 10GB hard drive from the Ubuntu 11.04 Server iso image (which I have stored in /home/ubuntu-11.04-server-amd64.iso):

VBoxManage createvm --name "Ubuntu 11.04 Server" --register
VBoxManage modifyvm "Ubuntu 11.04 Server" --memory 512 --acpi on --boot1 dvd --nic1 bridged --bridgeadapter1 eth0
VBoxManage createhd --filename Ubuntu_11_04_Server.vdi --size 10000
VBoxManage storagectl "Ubuntu 11.04 Server" --name "IDE Controller" --add ide
VBoxManage storageattach "Ubuntu 11.04 Server" --storagectl "IDE Controller" --port 0 --device 0 --type hdd --medium Ubuntu_11_04_Server.vdi
VBoxManage storageattach "Ubuntu 11.04 Server" --storagectl "IDE Controller" --port 1 --device 0 --type dvddrive --medium /home/ubuntu-11.04-server-amd64.iso

Let's assume you have a VM called examplevm that you want to reuse on this host. On the old host, you should have a directory Machines/examplevm in the VirtualBox directory; Machines/examplevm should contain the examplevm.xml file. Copy the examplevm directory (including the examplevm.xml file) to your new Machines directory (if your user name is administrator, this is /home/administrator/.VirtualBox/Machines - the result should be /home/administrator/.VirtualBox/Machines/examplevm/examplevm.xml).

In addition to that copy the examplevm.vdi file from the old VDI directory to the new one (e.g. /home/administrator/.VirtualBox/VDI/examplevm.vdi).

Afterwards, you must register the imported VM:

VBoxManage registervm Machines/examplevm/examplevm.xml

Regardless of if you create a new VM or import an old one, you can start it with the command:

VBoxHeadless --startvm "Ubuntu 11.04 Server"

(Replace Ubuntu 11.04 Server with the name of your VM.)

VBoxHeadless will start the VM and a VRDP (VirtualBox Remote Desktop Protocol) server which allows you to see the VM's output remotely on another machine.

To stop a VM, run

VBoxManage controlvm "Ubuntu 11.04 Server" poweroff

To pause a VM, run

VBoxManage controlvm "Ubuntu 11.04 Server" pause

To reset a VM, run

VBoxManage controlvm "Ubuntu 11.04 Server" reset

To learn more about VBoxHeadless, take a look at

VBoxHeadless --help

and at http://www.virtualbox.org/manual/ch07.html#vboxheadless.

VBoxHeadless - Running Virtual Machines With VirtualBox 4.0 On A Headless Ubuntu 11.04 Server - Page 2

View the original article here

The final segment of the LLVM blog's series on undefined behavior is up. "In this article, we look at the challenges that compilers face in providing warnings about these gotchas, and talk about some of the features and tools that LLVM and Clang provide to help get the performance wins while taking away some of the surprise."

View the original article here

Zentyal is the Linux Small Business Server, it lets you manage all your network services through one single platform. It's a Network Gateway, as well as an Infrastructure, UTM (Unified Threat Manager), Office and Communications Server. All these features are fully integrated and easy to configure, it truly helps to save system administrators time.

In this tutorial you will see how to set up a Zentyal Server to act as a gateway in a very common scenario. Zentyal will provide basic network infrastructure, load balancing between two Internet providers, firewall and HTTP proxy caching and content filtering. All these steps are well explained in the Zentyal Documentation, which is a really recommended reading. The following example network layout is used:

Zentyal runs on top of Ubuntu Server so it will work on the same hardware. You can take a look at the Ubuntu-certified hardware page for more information. There are two ways to install Zentyal:

Using Zentyal installer that you can download from the project website. This is the recommended choice, it includes all package dependencies for offline install and also makes some custom configuration.Install on top of a working Ubuntu Server, you can find detailed info and URL for the repository in the Zentyal Installation Guide.

 If you install Zentyal using the installer you will see this screen when booting from CD-ROM and a couple of wizards will guide you through the process. You can choose default settings in all of them.

Zentyal provides a web administration interface, after the installation a Firefox browser will show up giving you access to it (you can also access Zentyal from any client browser typing: https://zentyal_server_ip). User and password are the same you entered during installation.

Now you can select the desired packages to install, for this tutorial you should install the Gateway package. Later DHCP and DNS modules will also be installed by using the Software Management module.

After this step all the necessary packages are installed, now setup will guide you through configuration wizards for installed modules, in this case Network and Users. We can skip network configuration for now, so if you start this tutorial from an already installed Zentyal you can still follow it.

Zentyal Server is now installed. By following the next steps you will configure each module.

As shown in the scenario, you have to configure three network interfaces, two external routers and one for the internal network. Zentyal will balance traffic between the two Internet connections.

Go to Network -> Interfaces and configure each interface by introducing its IP and netmask. Don't forget to mark external interfaces because Zentyal uses this info in firewall rules. In the next image you can see configuration for one of the external interfaces and the internal one.

Now you have to set up both gateways in the gateways table (Network -> Gateways):

Go to Network -> Balance Traffic to enable load balancing between the gateways.

Zentyal As A Gateway: The Perfect Setup - Page 2

View the original article here

Last week marked the end of the feature proposal for GNOME 3.2, for the first major update to the GNOME3 desktop. The GNOME 3.2 release schedule has the final release set for the end of September. In this article is a list of some of the features that were brought up for GNOME 3.2...

View the original article here

This tutorial explains the installation of a Samba fileserver on Fedora 14 and how to configure it to share files over the SMB protocol as well as how to add users. Samba is configured as a standalone server, not as a domain controller. In the resulting setup, every user has his own home directory accessible via the SMB protocol and all users have a shared directory with read-/write access.

I do not issue any guarantee that this will work for you!

I'm using a Fedora 14 system here with the hostname server1.example.com and the IP address 192.168.0.100.

Please make sure that SELinux is disabled as shown in chapter 5 of this tutorial: The Perfect Server - Fedora 14 x86_64 [ISPConfig 2] - Page 3

Connect to your server on the shell and install the Samba packages:

yum install cups-libs samba samba-common

Edit the smb.conf file:

vi /etc/samba/smb.conf

Make sure you see the following lines in the [global] section:

[...]# ----------------------- Standalone Server Options ------------------------## security = the mode Samba runs in. This can be set to user, share# (deprecated), or server (deprecated).## passdb backend = the backend used to store user information in. New# installations should use either tdbsam or ldapsam. No additional configuration# is required for tdbsam. The "smbpasswd" utility is available for backwards# compatibility.# security = user passdb backend = tdbsam[...]

This enables Linux system users to log in to the Samba server.

Then create the system startup links for Samba and start it:

chkconfig --levels 235 smb on
/etc/init.d/smb start

Now I will add a share that is accessible by all users.

Create the directory for sharing the files and change the group to the users group:

mkdir -p /home/shares/allusers
chown -R root:users /home/shares/allusers/
chmod -R ug+rwx,o+rx-w /home/shares/allusers/

At the end of the file /etc/samba/smb.conf add the following lines:

vi /etc/samba/smb.conf

[...][allusers] comment = All Users path = /home/shares/allusers valid users = @users force group = users create mask = 0660 directory mask = 0771 writable = yes

If you want all users to be able to read and write to their home directories via Samba, add the following lines to /etc/samba/smb.conf (make sure you comment out or remove the other [homes] section in the smb.conf file!):

[...][homes] comment = Home Directories browseable = no valid users = %S writable = yes create mask = 0700 directory mask = 0700

Now we restart Samba:

/etc/init.d/smb restart

In this example, I will add a user named tom. You can add as many users as you need in the same way, just replace the username tom with the desired username in the commands.

useradd tom -m -G users

Set a password for tom in the Linux system user database. If the user tom should not be able to log into the Linux system, skip this step.

passwd tom

-> Enter the password for the new user.

Now add the user to the Samba user database:

smbpasswd -a tom

-> Enter the password for the new user.

Now you should be able to log in from your Windows workstation with the file explorer (address is \\192.168.0.100 or \\192.168.0.100\tom for tom's home directory) using the username tom and the chosen password and store files on the Linux server either in tom's home directory or in the public shared directory.

View the original article here

Linus Torvalds has released the 2.6.39 kernel. This release brings new features, new drivers, and one big accomplishment: Ridding the Linux kernel of the Big Kernel Lock.

The Big Kernel Lock was almost removed in the 2.6.37 kernel. That is, the kernel could be built without it — but some of the code was still there.

With the 2.6.39 kernel, the BKL is finally gone with a patch from Arnd Bergmann. This has been a long-running saga, and LWN has some good coverage of what the BKL is (or was) and the effort to get rid of it. Why the effort to get rid of it? The short answer is that the BKL was behind some performance issues and latencies that you really don't want.

But what else is in the new kernel? Plenty.

One thing you'll find in any new kernel is support for new hardware, and 2.6.39 doesn't disappoint. As LWN details, you get support for lots of laptop special keys (Dell's All-in-One series, for example) and a number of hardware controllers from Texas Instruments and ST-Ericsson. Lots of devices under Video4Linux as well.

This release also provides support for some USB 3.0 hubs — which means that Linux users should be enjoying USB 3.0 devices in the not-too-distant future.

Naturally, the kernel also includes a number of improvements to existing drivers and features. A biggie for many users will be the driver for Intel's GMA500, a graphics device in many netbooks that has been a bit of a problem for Linux users. You'll also find improvements in Nouveau for Nvidia chipsets, and support for AMD's Cayman video cards and chipsets.

But it's not all just about hardware. The 2.6.39 kernel marks the introduction of user namespaces, which provide more fine-grained control over privileges that a process can have. Namespaces provide "containers" for processes that keeps them walled off from the rest of the system (which can protect the process and/or the system). User namespaces allow unprivileged users to create a namespace, rather than having the namespace created by the system administrator.

This release also adds support for IP sets to the Linux kernel. IP sets aren't entirely new, but they weren't part of the mainline kernel previously. What is ipset? Basically, it allows creation of iptables rules that deal with a set (hence the name) of ports or IP addresses without having to have a rule for each address or port. Just using iptables, for example, you'd create a rule to block or reject packets from a single address or network — but using ipsets you could generate a rule that looks at an ipset table and deals with all the ports or addresses appropriately. (Look for a Linux.com tutorial on ipsets soon.)

Another interesting feature in 2.6.39 is the pstore filesystem, which creates a filesystem for platform-specific storage. This might be used to store a small amount of data when a system crashes, for examination later. Or it might be used to store other data across reboots. We'll see where they go with that — it could be very interesting.

It's worth noting that kernel development is not always flawless. In this case, there are some regressions in the Sandy Bridge code.

This is not great, but it's also not the end of the world. Why? Very few users get their kernel directly from kernel.org — it's not as if the minute that the kernel is released it gets pushed to every user. Some kernels aren't widely used at all. Other kernels tend to be used by several major distributions and get widespread usage — as well as continued attention and support from the kernel folks. See our piece on understanding the stable Linux kernel for more on that.

So, the new kernel has a few bugs to work out. They'll be worked out in short order, and the vast majority of users are unlikely to ever notice.

With the 2.6.39 kernel out, the merge window for the next kernel is now open. What's the merge window, some of you may wonder? After each kernel is released, there's a period of time (two weeks) that lots of patches are put in for the next version — in other words, this is the time when new features, big fixes, and so on are put into the kernel for the developers to work on. The rest of the kernel development cycle is testing and fixing bugs and regressions that creep in due to the patches that are merged.

The merge window for the next kernel (2.6.40) may be shorter than the usual 14 days. Torvalds will be attending LinuxCon Japan and he warns "if I get the feeling that I've merged 'enough', I might just make it easier for myself and cut it two days short and release before I leave on Memorial Day (which for the non-US based of you is May 30th this year)."

What's expected in 2.6.40? It's always hard to say with certainty, but it may be a small release, comparatively. Expect work towards cleaning up the ARM-related code in the Linux kernel for sure. LWN has an excellent piece on rationalizing the ARM tree for those who are interested in the nitty gritty details of kernel development.

There's also talk of Nvidia Optimus support coming in 2.6.40. If you're not a hardware geek that translates loosely into support for hybrid graphics for laptops that offer two Graphics Processing Units (GPUs) — in this case an Nvidia and Intel graphics card. This is useful for machines that you want to save power when on the road, but have a (more) powerful video card when the laptop is plugged in. There's much more to it, of course, than just switching between video output — and making it seamless (without requiring an X restart, for example) takes quite a bit of work.

There's plenty more on the way as well, and we'll have an update when 2.6.40 is released. If recent releases are any indication, the 2.6.40 release should be available in late July or early August.

View the original article here

This article describes how you can upgrade your Fedora 14 system to Fedora 15. The upgrade procedure works for both desktop and server installations.

I do not issue any guarantee that this will work for you!

The commands in this article must be executed with root privileges. Open a terminal (on a Fedora 14 desktop, go to Applications > System Tools > Terminal) and log in as root, or if you log in with a regular user, type

su

to become root.

Please make sure that the system that you want to upgrade has more than 600 MB of RAM - otherwise the system might hang when it tries to reboot with the following message (leaving you with an unusable system):

Trying to unpack rootfs image as initramfs...

First we must upgrade the rpm package:

yum update rpm

Then we install the latest updates:

yum -y update

Next we clean the yum cache:

yum clean all

If you notice that a new kernel got installed during yum -y update, you should reboot the system now:

reboot

(After the reboot, log in as root again, either directly or with the help of

su

)

Now we come to the upgrade process. We can do this with preupgrade (preupgrade will also take care of your RPMFusion packages).

Install preupgrade...

yum install preupgrade

... and call it like this:

preupgrade

The preupgrade wizard will then start on your desktop. Select Fedora 15 (Lovelock). Afterwards the system is being prepared for the upgrade.

At the end, click on the Reboot Now button.

During the reboot, the upgrade is being performed. This can take quite a long time, so please be patient.

Afterwards, you can log into your new Fedora 15 desktop.

First we must upgrade the rpm package:

yum update rpm

Then we install the latest updates:

yum -y update

Next we clean the yum cache:

yum clean all

If you notice that a new kernel got installed during yum -y update, you should reboot the system now:

reboot

(After the reboot, log in as root again, either directly or with the help of

su

)

Now we come to the upgrade process. We can do this with preupgrade.

Install preupgrade...

yum install preupgrade

... and call it like this:

preupgrade-cli

It will show you a list of releases that you can upgrade to. If all goes well, it should show something like Fedora 15 (Lovelock) in the list:

[root@server1 ~]# preupgrade-cli
Loaded plugins: blacklist, langpacks, whiteout
No plugin match for: rpm-warm-cache
No plugin match for: remove-with-leaves
No plugin match for: auto-update-debuginfo
Adding en_US to language list
Loaded plugins: langpacks, presto, refresh-packagekit
Adding en_US to language list
please give a release to try to pre-upgrade to
valid entries include:
"Fedora 15 (Lovelock)"
[root@server1 ~]#

To upgrade, append the release string to the preupgrade-cli command:

preupgrade-cli "Fedora 15 (Lovelock)"

Preupgrade will also take care of your RPMFusion packages, so all you have to do after preupgrade has finished is to reboot:

reboot

During the reboot, the upgrade is being performed. This can take quite a long time, so please be patient. Afterwards, you can log into your new Fedora 15 server.

View the original article here

The open source WordPress blogging application is being updated to version 3.1.3 this week adding multiple security fixes and improvements.

View the original article here

This howto will guide you to set up RADIUS authentication with the LinOTP 2 Community Edition. LinOTP is a one time password backend that enables you to do two factor authentication with a broad variety of different hardware devices, software tokens and SMS.

While the Enterprise Edition comes with a C module for the FreeRADIUS Server, the Community Edition, that is licensed under the AGPLv3 does not. Nevertheless, LinOTP provides very simple WEB APIs that makes it easy to talk to LinOTP in many different ways. There is also an API to do authentication, i.e. to ask the LinOTP server if a given one time password for a certain user is valid. This is the URL

https://yourServer/validate/check?user=....&pass=....

or 

https://yourServer/validate/simplecheck?user=...&pass=...

You can take a look at the complete API here.

The simple LinOTP API and some nice module of the FreeRADIUS make it easy to hack a simple solution for OTP via RADIUS. You could use the module rlm_exec to execute an external program but I'd rather use the module rlm_perl and add my limited perl knowlege ;-)

The documentation of the rlm_perl module can be found here. It has a simple example, that we need to adapt only in the function authenticate. This is the point, where we need to talk to the LinOTP server (with the above URL) and repond according the the LinOTP feedback.

So the perl module in a pre-beta ;-) will look like this:

##  This program is free software; you can redistribute it and/or modify#  it under the terms of the GNU General Public License as published by#  the Free Software Foundation; either version 2 of the License, or#  (at your option) any later version.##  This program is distributed in the hope that it will be useful,#  but WITHOUT ANY WARRANTY; without even the implied warranty of#  MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the#  GNU General Public License for more details.##  You should have received a copy of the GNU General Public License#  along with this program; if not, write to the Free Software#  Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301, USA##  Copyright 2002  The FreeRADIUS server project#  Copyright 2002  Boian Jordanov #  Copyright 2011  linotp project ## Based on the Example code for use with rlm_perl##=head1 NAMEfreeradius_perl - Perl module for use with FreeRADIUS rlm_perl, to authenticate against  LinOTP  http://www.linotp.org=head1 SYNOPSIS   use with freeradius:        Configure rlm_perl to work with LinOTP:   in /etc/freeradius/users     set:     DEFAULT Auth-type := perl  in /etc/freeradius/modules/perl     point     perl {         module =   to this file  in /etc/freeradius/sites-enabled/  set  authenticate{    perl    [....]=head1 DESCRIPTIONThis module enables freeradius to authenticate using LinOTP.   TODO:      * checking of server certificate=head2 Methods   * authenticate=head1 AUTHORCornelius Koelbel (cornelius.koelbel@lsexperts.de)=head1 COPYRIGHTCopyright 2011 This library is free software; you can redistribute it under the GPLv2.=head1 SEE ALSOperl(1).=cutuse strict;use LWP 5.64;# use ...# This is very important ! Without this script will not get the filled  hashesh from main.use vars qw(%RAD_REQUEST %RAD_REPLY %RAD_CHECK $URL);use Data::Dumper;$URL = "https://localhost/validate/simplecheck";# This is hash wich hold original request from radius#my %RAD_REQUEST;# In this hash you add values that will be returned to NAS.#my %RAD_REPLY;#This is for check items#my %RAD_CHECK;## This the remapping of return values#       use constant    RLM_MODULE_REJECT=>    0;#  /* immediately reject the request */       use constant    RLM_MODULE_FAIL=>      1;#  /* module failed, don't reply */       use constant    RLM_MODULE_OK=>        2;#  /* the module is OK, continue */       use constant    RLM_MODULE_HANDLED=>   3;#  /* the module handled the request, so stop. */       use constant    RLM_MODULE_INVALID=>   4;#  /* the module considers the request invalid. */       use constant    RLM_MODULE_USERLOCK=>  5;#  /* reject the request (user is locked out) */       use constant    RLM_MODULE_NOTFOUND=>  6;#  /* user not found */       use constant    RLM_MODULE_NOOP=>      7;#  /* module succeeded without doing anything */       use constant    RLM_MODULE_UPDATED=>   8;#  /* OK (pairs modified) */       use constant    RLM_MODULE_NUMCODES=>  9;#  /* How many return codes there are */# Function to handle authorizesub authorize {       # For debugging purposes only#       &log_request_attributes;       # Here's where your authorization code comes       # You can call another function from here:       &test_call;       return RLM_MODULE_OK;}# Function to handle authenticatesub authenticate {       # For debugging purposes only#       &log_request_attributes;        my $ua = LWP::UserAgent->new();    my $req = HTTP::Request->new(GET => $URL . "?user=" .        $RAD_REQUEST{'User-Name'} . "&pass=" .         $RAD_REQUEST{'User-Password'} );    my $response = $ua->request( $req );    die "Error at $URL\n ", $response->status_line, "\n Aborting"      unless $response->is_success;          if($response->content =~ m/:\-\)/i) {               return RLM_MODULE_OK;      } else {        $RAD_REPLY{'Reply-Message'} = "LinOTP server denied access!";               return RLM_MODULE_REJECT;    }}# Function to handle preacctsub preacct {       # For debugging purposes only#       &log_request_attributes;       return RLM_MODULE_OK;}# Function to handle accountingsub accounting {       # For debugging purposes only#       &log_request_attributes;       # You can call another subroutine from here       &test_call;       return RLM_MODULE_OK;}# Function to handle checksimulsub checksimul {       # For debugging purposes only#       &log_request_attributes;       return RLM_MODULE_OK;}# Function to handle pre_proxysub pre_proxy {       # For debugging purposes only#       &log_request_attributes;       return RLM_MODULE_OK;}# Function to handle post_proxysub post_proxy {       # For debugging purposes only#       &log_request_attributes;       return RLM_MODULE_OK;}# Function to handle post_authsub post_auth {       # For debugging purposes only#       &log_request_attributes;       return RLM_MODULE_OK;}# Function to handle xlatsub xlat {       # For debugging purposes only#       &log_request_attributes;       # Loads some external perl and evaluate it       my ($filename,$a,$b,$c,$d) = @_;       &radiusd::radlog(1, "From xlat $filename ");       &radiusd::radlog(1,"From xlat $a $b $c $d ");       local *FH;       open FH, $filename or die "open '$filename' $!";       local($/) = undef;       my $sub = ;       close FH;       my $eval = qq{ sub handler{ $sub;} };       eval $eval;       eval {main->handler;};}# Function to handle detachsub detach {       # For debugging purposes only#       &log_request_attributes;       # Do some logging.       &radiusd::radlog(0,"rlm_perl::Detaching. Reloading. Done.");} ## Some functions that can be called from other functions#sub test_call {       # Some code goes here}sub log_request_attributes {       # This shouldn't be done in production environments!       # This is only meant for debugging!       for (keys %RAD_REQUEST) {               &radiusd::radlog(1, "RAD_REQUEST: $_ = $RAD_REQUEST{$_}");       }}1;

You will need to configure some FreeRADIUS files and also adapt the $URL in the  perl module itself.

Please note, that this is an easy and simple way, to get RADIUS running. There are some things missing, error handling logging would be nice, what about redundancy, the SSL certificate is not checked!

Nevertheless it shows how easy it is to integrate LinOTP into your environment using its simple API.

View the original article here

Apple's Jeremy Huddleston has just released X.Org Server 1.10.2. This second point release was set to be released yesterday, but then there was fear of a regression causing a delay (turns out it's no longer reproducible), so now we have a holiday weekend release of xorg-server 1.10.2...

View the original article here

Firewall Builder is a firewall configuration and management GUI that supports configuring a wide range of firewalls from a single application. Supported firewalls include Linux iptables, BSD pf, Cisco ASA/PIX, Cisco router access lists and many more. The complete list of supported platforms along with downloadable binary packages and soure code can be found at http://www.fwbuilder.org.

Import of existing iptables configurations was greatly improved in the recently released Firewall Builder V4.2. Features like object de-duplication and expanded rules recognition make it even easier to get started using Firewall Builder to manage your iptables configurations.

For this tutorial we are going to import a very basic iptables configuration from a firewall that matches the diagram shown below.

 Firewall Builder imports iptables configs in the format of iptables-save. Script iptables-save is part of the standard iptables install and should be present on all Linux distribution. Usually this script is installed in /sbin/.

When you run this script, it dumps the current iptables configuration to stdout. It reads iptables rules directly form the kernel rather than from some file, so what it dumps is what is really working right now. To import this into Firewall Builder, run the script to save the configuration to a file:

iptables-save > linux-1.conf

As you can see in the output below, the example linux-1.conf iptables configuration is very simple with only a few filter rules and one nat rule.

# Completed on Mon Apr 11 21:23:33 2011
# Generated by iptables-save v1.4.4 on Mon Apr 11 21:23:33 2011
*filter
:INPUT DROP [145:17050]
:FORWARD DROP [0:0]
:OUTPUT DROP [1724:72408]
:LOGDROP - [0:0]
-A INPUT -m state --state RELATED,ESTABLISHED -j ACCEPT
-A INPUT -i eth1 -s 10.10.10.0/24 -d 10.10.10.1/32 -p tcp -m tcp --dport 22 -m state --state NEW -j ACCEPT
-A FORWARD -m state --state RELATED,ESTABLISHED -j ACCEPT
-A FORWARD -o eth0 -s 10.10.10.0/24 -p tcp -m tcp --dport 80 -m state --state NEW -j ACCEPT
-A FORWARD -o eth0 -s 10.10.10.0/24 -p tcp -m tcp --dport 443 -m state --state NEW -j ACCEPT
-A FORWARD -j LOGDROP
-A LOGDROP -j LOG
-A LOGDROP -j DROP
COMMIT
# Completed on Mon Apr 11 21:23:33 2011
# Generated by iptables-save v1.4.4 on Mon Apr 11 21:23:33 2011
*nat
:PREROUTING ACCEPT [165114:22904965]
:OUTPUT ACCEPT [20:1160]
:POSTROUTING ACCEPT [20:1160]
-A POSTROUTING -s 10.10.10.0/24 -o eth0 -j MASQUERADE
COMMIT
# Completed on Mon Apr 11 21:23:33 2011

If you are running Firewall Builder on a different system than the one that is running iptables copy the file linux-1.conf from the firewall to the system where Firewall Builder is running.

Launch the Import wizard by selecting the File -> Import Firewall menu item.

Click Browse to find the file named linux-1.conf.

Click the Continue button to move to the next step of the import process.

The next window shows a preview of the configuration file that will be imported and the type of firewall that Firewall Builder has detected it to be.

Next you need to enter a name for the firewall. This is the name that will be used in Firewall Builder to refer to the firewall after it is imported. When you click the Commit button the configuration data will be read.

By default, Firewall Builder attempts to detect if there are items, like IP addresses, used in the rules that match existing items in the object tree. If there is a match the existing item is used, if there is no match a new object is created. This feature can be disabled by unchecking the box next to "Find and use existing objects" which will result in objects being created for evry item used in the imported rules regardless of whether it already exists in the object tree or not.

After the import is complete, Firewall Builder displays a log showing all the actions that were taken during the import. Warning messages are displayed in blue font and error messages are displayed in red.

The program tries to interpret the configuration file rule by rule and recreates the equivalent rule in Firewall Builder. Note that rules imported into Firewall Builder may not always be optimized since features like defining multiple source and/or destinations are supported by Firewall Builder, but not by iptables.

The progress window displays warning and error messages, if any, as well as some diagnostics that shows network and service objects created in the process.

As you can see from the import process log, Firewall Builder detected that there are rules in the iptables configuration that allow RELATED and ESTABLISHED traffic through the firewall. This behavior can be controlled by a setting in Firewall Builder, so a warning message is shown.

Click the Done button to complete the firewall import. Next we will go through some common post-import actions.

Importing iptables Configurations Into Firewall Builder - Page 2

View the original article here

After a relatively long road traveled with a few bumps along the way, as of yesterday, Linus's mainline tree (2.6.39+) contains literally every component needed for Linux to run both as a management domain kernel(Dom0) and a guest(DomU)...

More at Wim Coekaerts' Oracle blog

View the original article here

The good news first: the updated ISPConfig 3 Manual (version 1.2 for ISPConfig 3.0.3.3) is finally available (in PDF format).

On 308 pages, it covers the concept behind ISPConfig (admin, resellers, clients), explains how to install and update ISPConfig 3, includes a reference for all forms and form fields in ISPConfig together with examples of valid inputs, and provides tutorials for the most common tasks in ISPConfig 3. It also lines out how to make your server more secure and comes with a troubleshooting section at the end.

Version 1.2 for ISPConfig 3.0.3.3 (Date: 05/04/2011)
Author: Falko Timme
308 pages

Now the bad news: we can't offer it for free. But it will be available for as low as 5 EUR per copy - we think this price is more than fair for a manual with more than 300 pages.

Download Through Your HowtoForge Subscription (A HowtoForge subscription costs 5 EUR for one month or 25 EUR for six months.)(A single copy costs 5 EUR; you will receive an email with a download link that is active for ten days. Please note that this option does not include any updates!)Added internal links to the manual.Added chapter 5.25 "How Can I Access SquirrelMail From My Web Sites?"Added description (+ new screenshot) for the "Monitor keyword" field in chapter 4.9.2.4 Interface Config (Misc tab).Added QR code for making it easy to install the ISPConfig Monitor App for Android.Do not delete the /var/www/ispconfig symlink when switching the ISPConfig interface to php-fcgi.Fixed typo in chapter 5.18.

 We don't want to bore you with long explanations, so here are the facts:

We hope that this will allow us to employ an additional full-time ISPConfig developer who can disburden the core team. This would accelerate ISPConfig development a lot and also allow us to provide more support for ISPConfig users.

Yes.

You can download it either through an active HowtoForge subscription, or you can buy a single copy.

Downloading through a HowtoForge subscription has the advantage that you get updates of the manual for free as long as you are a subscriber, while if you buy a single copy, no updates are included (i.e., you would have to pay again for new versions of the manual).

A HowtoForge subscription costs 5 EUR for one month or 25 EUR for six months.

If you want to download a single copy of the ISPConfig 3 manual, this costs you 5 EUR which is equal to buying a one-month HowtoForge subscription.

Download Through Your HowtoForge Subscription (A HowtoForge subscription costs 5 EUR for one month or 25 EUR for six months.)(A single copy costs 5 EUR; you will receive an email with a download link that is active for ten days. Please note that this option does not include any updates!)

The ISPConfig 3 manual is protected by copyright. No part of the manual may be reproduced, adapted, translated, or made available to a third party in any form by any process (electronic or otherwise) without the written specific consent of projektfarm GmbH. You may keep backup copies of the manual in digital or printed form for your personal use. All rights reserved.

This means it is not allowed to redistribute the ISPConfig 3 manual in any form (for example by offering it as a download on your web site). Your copy of the ISPConfig 3 manual will be personalized with your real name (or HowtoForge username) and email address.

If you are an ISP and need multiple copies (e.g. for your clients), please contact us (info@projektfarm.de), and we will find a solution.

1 Conventions Used In This Manual
1.1 Commands
1.2 Contents Of Files
1.3 File Names, Protocol Names, System Specifications, Technical Specifications, User Names, Etc.
1.4 Highlighting

2 ISPConfig Users - Admin, Resellers, And Clients
2.1 Summary
2.1.1 admin
2.1.2 Resellers
2.1.3 Clients

3 Installation & Updating
3.1 Single Server Setup
3.2 Multiserver Setup
3.2.1 Installing A Multiserver Setup With Dedicated Web, Email, DNS And MySQL Database Servers On Debian 5.0 With ISPConfig 3
3.2.1.1 Installing The Five Debian Base Systems
3.2.1.2 Installing The Web Server
3.2.1.3 Installing The Mail Server
3.2.1.4 Installing The MySQL Database Server
3.2.1.5 Installing The Primary DNS Server
3.2.1.6 Installing The Secondary DNS Server
3.2.1.7 Adjust The Server Settings In ISPConfig

  3.3 Mirror Setup
3.3.1 Installing A Web, Email And MySQL Database Cluster On Debian 5.0 With ISPConfig 3
3.3.1.1 Setting Up The Two Base Systems
3.3.1.2 Installing The Two Servers
3.3.1.3 Installing ISPConfig On The First (Master) Server
3.3.1.4 Installing ISPConfig 3 On The Second Server
3.3.1.5 Configure Replication In ISPConfig
3.3.1.6 Additional Notes

  3.4 Updating
3.4.1 Creating A Backup
3.4.2 Command Line Update

4 Reference
4.1 Tabs
4.2 Login
4.3 Home
4.4 Tools
4.4.1 User Settings
4.4.1.1 Password and Language

  4.5 Client
4.5.1 Clients
4.5.1.1 Add Client
4.5.1.2 Edit Client
4.5.1.3 Edit Client-Templates
4.5.2 Resellers
4.5.2.1 Add Reseller
4.5.2.2 Edit Reseller

  4.6 Sites
4.6.1 Websites
4.6.1.1 Website
4.6.1.2 Subdomain for website
4.6.1.3 Aliasdomain for website
4.6.2 FTP
4.6.2.1 FTP-User
4.6.3 Shell
4.6.3.1 Shell-User
4.6.4 WebDAV
4.6.4.1 WebDAV User
4.6.5 Database
4.6.5.1 Database
4.6.6 Cron
4.6.6.1 Cron Jobs
4.6.7 Statistics
4.6.7.1 Web traffic
4.6.7.2 Website quota (Harddisk)

  4.7 Email
4.7.1 Email Accounts
4.7.1.1 Domain
4.7.1.2 Domain Alias
4.7.1.3 Email Mailbox
4.7.1.4 Email Alias
4.7.1.5 Email Forward
4.7.1.6 Email Catchall
4.7.1.7 Email Routing
4.7.2 Spamfilter
4.7.2.1 Whitelist
4.7.2.2 Blacklist
4.7.2.3 User / Domain
4.7.2.4 Policy
4.7.3 Fetchmail
4.7.3.1 Fetchmail
4.7.4 Statistics
4.7.4.1 Mailbox traffic
4.7.5 Global Filters
4.7.5.1 Postfix Whitelist
4.7.5.2 Postfix Blacklist
4.7.5.3 Content Filter
4.7.5.4 Relay Recipients

  4.8 DNS
4.8.1 DNS Wizard
4.8.1.1 Add DNS Zone
4.8.1.2 Templates
4.8.2 DNS
4.8.2.1 Zones
4.8.3 Secondary DNS
4.8.3.1 Secondary Zones

  4.9 System
4.9.1 CP Users
4.9.1.1 Add user
4.9.1.2 Edit user
4.9.2 System
4.9.2.1 Server Services
4.9.2.2 Server Config
4.9.2.3 Server IP addresses
4.9.2.4 Interface Config
4.9.3 Firewall
4.9.3.1 Firewall
4.9.4 Software
4.9.4.1 Repositories
4.9.4.2 Packages
4.9.4.3 Updates
4.9.5 Language Editor
4.9.5.1 Languages
4.9.5.2 New Language
4.9.5.3 Merge
4.9.5.4 Export
4.9.5.5 Import
4.9.6 Remote Users
4.9.6.1 Add user
4.9.6.2 Edit user
4.9.7 Remote Actions
4.9.7.1 Do OS-Update
4.9.7.2 Do ISPConfig-Update

  4.10 Monitor
4.10.1 System State (All Servers)
4.10.1.1 Show Overview
4.10.1.2 Show System-Log
4.10.1.3 Show Jobqueue
4.10.2 Server to Monitor
4.10.3 Hardware Information
4.10.3.1 Show CPU Info
4.10.4 Server State
4.10.4.1 Show Overview
4.10.4.2 Show Update State
4.10.4.3 Show RAID State
4.10.4.4 Show Server Load
4.10.4.5 Show Disk Usage
4.10.4.6 Show Memory Usage
4.10.4.7 Show Services
4.10.4.8 Show OpenVz VE BeanCounter
4.10.5 Logfiles
4.10.5.1 Show Mail Queue
4.10.5.2 Show Mail Log
4.10.5.3 Show Mail Warn-Log
4.10.5.4 Show Mail Error-Log
4.10.5.5 Show System-Log
4.10.5.6 Show ISPC Cron-Log
4.10.5.7 Show Freshclam-Log
4.10.5.8 Show Clamav-Log
4.10.5.9 Show RKHunter-Log
4.10.5.10 Show fail2ban-Log

  4.11 Help
4.11.1 Support
4.11.1.1 Send message
4.11.1.2 View messages
4.11.2 About ISPConfig
4.11.2.1 Version

  4.12 Domains
4.12.1 Domains
4.12.1.1 Domains

5 Howtos
5.1 How Do I Create A Reseller?
5.2 How Do I Create A Client?
5.3 How Do I Create A Web Site?
5.4 How Do I Create An SSL Web Site?
5.4.1 How Do I Import An Existing SSL Certificate Into A Web Site That Was Created Later In ISPConfig?
5.5 How Do I Redirect My Web Site To Another Web Site Or To A Specific Directory On The Server?
5.6 How Do I Create An FTP Account So That I Can Upload Files To My Web Site?
5.7 How Can I Use Perl/CGI Scripts With My Web Site?
5.8 How Do I Create An Email Account?
5.9 How Do I Activate The Spamfilter/Virus Scanner For An Email Account?
5.10 How Do I Blacklist/Whitelist Email Addresses In The Spamfilter?
5.11 How Do I Fetch Emails From A Remote Server With ISPConfig And Put The Emails In A Local Email Account?
5.12 How Do I Create A DNS Zone?
5.13 How Do I Create A Secondary DNS Zone?
5.14 How Do I Create A Mirror?
5.15 How Do I Split Up Services Between Multiple Servers?
5.16 How Do I Unblock An IP Address That Got Blocked By fail2ban?
5.17 How Do I Create A Subdomain And Redirect It To A Different Folder/Web Site?
5.18 How Do I Manually Configure New IP Addresses On My System?
5.19 How To Build A PureFTPd Debian Package For OpenVZ Virtual Machines (Without Capabilities Enabled)
5.20 How To Display Hidden Files With PureFTPd On Debian And Ubuntu Linux
5.21 PureFTPd Does Not Show More Than 2,000 Files On Debian And Ubuntu
5.22 How To Speed Up Logins In PureFTPd On Debian Or Ubuntu Linux By Disabling Name Resolving
5.23 How To Enable Verbose Logging In PureFTPd On Debian And Ubuntu Linux
5.24 How To Enable FTPS For PureFTPd On Debian And Ubuntu Linux
5.25 How Can I Access SquirrelMail From My Web Sites?

6 Security Considerations
6.1 How Do I Disable Certain PHP Functions?
6.2 Enabling SSL For The ISPConfig Web Interface
6.3 Using SuExec For The ISPConfig Web Interface
6.4 What Are Secure Settings For Web Sites Created Through ISPConfig?
6.5 How Do I Make fail2ban Monitor Additional Services?
6.5.1 PureFTPd
6.5.2 SASL
6.5.3 Courier
6.5.4 Dovecot

7 Troubleshooting
7.1 How Do I Find Out What Is Wrong If ISPConfig Does Not Work?

 

View the original article here

Fabrice Bellard has developed a PC emulator (Virtual machine) using Javascript that runs a version of Linux in your web browser.

You can run a variety of Linux commands in the emulator. Since its initial release on May 16 2011, this project has seen some feature additions namely - a clipboard to exchange data between the VM and the host, and support for Opera and Internet Explorer apart from Firefox.

The clipboard is seen as /dev/clipboard in the emulator. You can use this clipboard to easily transfer data from your host machine to the virtual machine (and vice versa) as explained in the FAQ.

Do check it out. It is really a cool demonstration of the power of Javascript.

View the original article here

IPCop is a powerful, open source, Linux based firewall distribution for primarily Small Office Or Home (SOHO) networks, although it can be used in larger networks. It provides most of the features that you would expect a modern firewall to have, and what is most important is that it sets this all up for you in a highly automated and simplified way.

This book is an easy introduction to this popular application.

View the original article here

Cover Thumbnailer is a small Python script which displays music/video album covers in Nautilus in place of ordinary icons of folders, preview of pictures in a folder and more.

It is similar to what you see in Microsoft Windows 7 where the folder shows a preview of the pictures contained in it.

This is for Ubuntu users running v 9.10 Karmic, v 10.04 Lucid and v 10.10 Maverick .

Open your terminal and enter the following set of commands :

$ sudo add-apt-repository ppa:flozz/flozz$ sudo apt-get update$ sudo apt-get install cover-thumbnailer
Once Cover Thumbnailer has been installed, you will have to restart Nautilus by running the following command. $ nautilus -q
Now the specified folders containing music files will display the respective album cover / mosaic of covers.

If you are using another Linux distribution, you can download the source code from the Cover Thumbnailer website, compile it, and install it on your machine.

Cover Thumbnailer program will store a cache of cropped images of albums in a  hidden folder named .thumbnails/ in your home directory. The .thumbnails/ directory is a cache directory created by GNOME when you browse through your folders in Nautilus. It contains thumbnail pictures of images you have previously viewed.

And when you visit a particular music folder, the thumbnail of the respective album is shown on top of the folder.

You can access the Cover Thumbnailer preferences via GNOME Menu > System > Preferences > Cover Thumbnailer. Here you can specify more folders that can avail of Cover Thumbnailer's services and set many other options such as clearing the thumbnail cache and more.

Here is how the folders looks after you install cover thumbnailer program in Ubuntu. Cover Thumbnailer in action in Nautilus

View the original article here