Reehan's Blog

Two in-vehicle infotainment (IVI) reference platforms based on the Genivi Alliance's Linux-based automotive middleware standard have been announced in conjunction with this week's Telematics Detroit 2011 show. MontaVista and Rightware Oy are collaborating on a platform that integrates Rightware's Kanzi UI Solution with MontaVista Linux, and Renesas Electronics is readying...

Two in-vehicle infotainment (IVI) reference platforms based on the Genivi Alliance's Linux-based automotive middleware standard have been announced in conjunction with this week's Telematics Detroit 2011 show. MontaVista and Rightware Oy are collaborating on a platform that integrates Rightware's Kanzi UI Solution with MontaVista Linux, and Renesas Electronics is readying an ARM-Cortex-based & R-Car& platform incorporating CSR's SiRFstarIV-based GPS technology....

View the original article here

Say "Linux" these days, and most people automatically think, "Ubuntu." Such is the level of mainstream awareness and success Canonical's distribution has achieved, even as such goals have proven more elusive for other distributions. Of course, it can't be denied that the fact that mainstream users think *anything* when they...

Say "Linux" these days, and most people automatically think, "Ubuntu." Such is the level of mainstream awareness and success Canonical's distribution has achieved, even as such goals have proven more elusive for other distributions. Of course, it can't be denied that the fact that mainstream users think *anything* when they hear the word "Linux" is a good thing -- and an improvement over how things stood not so very long ago. One could certainly say that Ubuntu has helped Linux in that respect, then. But what's been its overall impact on the open source operating system?

View the original article here

Last week we looked at managing rules in Firewall Builder. In the last installment of our series on Firewall Builder, I'll take a look at managing firewall settings with the Firewall Builder.

We've covered quite a bit already about Firewall Builder This week, I want to open up the Firewall Settings window to illustrate how much further a Firewall can be flexed, stretched, and configured — all from a single, user-friendly window.

As should be expected, getting to the settings window is simple — so long as it's not overlooked. What I'm talking about is not the Firewall Builder Preferences. The settings I am referring to actually apply to individual firewalls. So, in order to reach the settings window, a firewall must be open within Firewall Builder. Once the firewall is open (double click on the firewall to edit it),

When the Firewall Settings button is clicked, it will open the settings window only for the currently open firewall.

The Firewall Settings button is located near the center of the window. Click that button to get to the settings in question. Let's examine this window, tab by tab.

The compiler tab (see Figure 2), as the name implies, deals with the compiling settings for the firewall. There are a few options, in particular, that I want to point out. The first option is 'Assume firewall is part of "any"'. If this option is checked, rules that are configured with "Any" in the Source or Destination fields will also generate rules for traffic destined to or from the firewall. In iptables this will result in a rule being added to either the OUTPUT or INPUT rule chain.

The configuration options here will be automatically compiled into the firewall in question.

Another important option is 'Always permit ssh access from the management workstation with this address'. This helps prevent situations where a user cuts off their access to the firewall because there isn't a rule allowing SSH access to the firewall itself. If this option is enabled, enter either a single IP address or a network using CIDR notation (e.g. 192.168.1.0/24). When the firewall is compiled, Firewall Builder will automatically add a rule permitting SSH access to the firewall from this IP address or network at the top of the generated rules.

The Installer Tab has three settings that you should pay close attention to. The first is the option "Directory on the firewall where script should be installed". This should match a directory that exists on the firewall where the firewall script should be run. Typically for iptables firewalls the directory is either /etc/ or /etc/fw (if this directory has been created on the firewall).

The second setting to pay attention to is the username. This is the username that will be used when Firewall Builder connects to the firewall to install the generated firewall script. If the username configured in the installer tab does not have administrative rights, the installation will fail. So in this section, enter a username that does have admin rights and can actually install firewall rules (if the user can use the iptables command, that user most likely has rights enough.) If the username setting is left blank the user will be prompted to enter the username when they run the install wizard.

Finally, in the installation tab, there is the additional command line parameters for both ssh and scp options. This is an incredibly helpful should ssh and/or scp use alternative ports. Should that be the case, simply add something like -p 2222 to instruct ssh to use non-standard port 2222 (instead of standard port 22).

The next tab that should be of use is the Prolog/Epilog. This tab allows for the addition of script commands in bash format to be added either to the beginning or to the end of a firewall script. For example, the amount of traffic being served up by an HTTP server can be controlled by using the Traffic Control command (tc). The commands would need to be added to the epilog (end) of the firewall as shown in Figure 3.

 

Prolog scripts can be added in three different locations, whereas Epilog scripts can only be added to the end. Make sure that the commands entered can be run as a bash shell script without any errors.

Finally, the Script Tab offers a number of setting options, of which there are four settings to pay close attention to. It is important to note that this tab directly effects the script generated for the firewall being configured and not the machine that Firewall Builder is running on. The first is "Configure Interfaces of the firewall machine." If this option is not checked the script generated will not include shell code necessary to manage IP Addresses. By default this is on.

The next option in the Script tab is for VLAN interfaces. If the checkbox for "Configure VLAN interfaces" is checked the script generated by Firewall Builder can create and remove VLAN interfaces for the firewall. If left unchecked, this feature will not be available. In other words, if VLAN interfaces are necessary, make sure this check box is checked. This same option is available for bridged interfaces. If the firewall to be installed needs to configure any bridge interfaces, the check box for "Configure bridged interfaces" must be checked, otherwise bridged interfaces will not be available to the firewall machine.

Finally, "Use iptables-restore to activate policy" is the last option I will deal with. There are two ways in which generated scripts can be loaded:

Using iptables command: This command will load the rules of a firewall one at a time.Using iptables-restore: This command will activate the rules of the firewall all at once.

The biggest difference between the two methods, with regard to Firewall Builder, is that the iptables-restore is a much faster process. This can make a significant difference when the firewall becomes longer and more complicated. If, on the other hand, a firewall is short and basic, the standard method of running iptables commands line-by-line will work just fine.

I have only scratched the surface of the Firewall Builder Firewall's Settings window. Although I have touched on many of the more important options, it would behoove you to comb through all of the tabs to make sure there aren't options available that would make a difference in a particular firewall. But the settings options illustrated here are those that most users will want to at least examine for their firewall rules, before they are compiled and installed.

View the original article here

In the KMS (kernel mode-setting) world there is not only news today to report on a new open-source Freescale KMS driver, but on the state of VIA's kernel mode-setting driver. VIA Technologies may have killed off their open-source strategy, but for the past number of months there's been a developer writing a VIA KMS/TTM DRM driver that would work with the OpenChrome user-space X.Org driver...

View the original article here

This document describes how to install a Postfix mail server that is based on virtual users and domains, i.e. users and domains that are in a MySQL database. I'll also demonstrate the installation and configuration of Courier (Courier-POP3,...

This document describes how to install a Postfix mail server that is based on virtual users and domains, i.e. users and domains that are in a MySQL database. I'll also demonstrate the installation and configuration of Courier (Courier-POP3, Courier-IMAP), so that Courier can authenticate against the same MySQL database Postfix uses. The resulting Postfix server is capable of SMTP-AUTH and TLS and quota. Passwords are stored in encrypted form in the database. In addition to that, this tutorial covers the installation of Amavisd, SpamAssassin and ClamAV so that emails will be scanned for spam and viruses. I will also show how to install SquirrelMail as a webmail interface so that users can read and send emails and change their passwords.

View the original article here

The VLC Media Player developers have released an update to the 1.1.x branch of VLC to address several security vulnerabilities, as well as fix bugs found in previous versions. Details of some of the new features coming in VLC 1.2.0 have also been announced

View the original article here

The latest pre-release of Firefox 6, Aurora 6, brings back support for WebSockets. WebSockets is a protocol for providing two-way communications between the browser and the server. Mozilla dropped support for WebSockets last year due to security issues.

Other notable features in Aurora 6 include the progress element, window.matchMedia API, better APIs for binary data and Server-Sent Events. You can download it here.

View the original article here

AMD has passed along word this morning that the AMD Embedded Solutions (AES) division has publicly released the XvBA Reference System Installer. This installer is meant to make it easy to evaluate AMD's X-Video Bitstream Acceleration API for accelerating video playback under Linux...

View the original article here

Whether you're new to Linux or an old salt, it's worth following Tony Bradley's series of columns, currently being posted on PC World's site, where he describes his effort as a Windows user to go through a self-imposed 30 days of immersion in Ubuntu. You can find Part 1 of his series here, and Part 2 is here. Bradley's reports on installing and learning to live with Ubuntu shed much light on how users familiar with Windows and other proprietary operating systems approach Linux. The reports are also good fodder for discussions on Ubuntu's usability, or lack thereof.

View the original article here

Researchers at the Pittsburgh Supercomputing Center and HP Labs have achieved unprecedented speedup of 10X on a key machine-learning algorithm. A branch of artificial intelligence, machine learning enables computers to process and learn from vast amounts of empirical data through algorithms that can recognize complex patterns and make intelligent decisions based on them. For many machine-learning applications, a first step is identifying how data can be partitioned into related groups or “clustered.”

View the original article here

Vincent Hindriksen over at Stream Computing has written up a nice summary of Bob Feldman’s panel session entitled Supercomputihng: Where to From Here, which took place at the National HPCC 2011 Conference in Newport. It was a good discussion, so a tip of the hat goes to Hindriksen for his efforts here. His blog has lots of excellent HPC content, so check it out.

View the original article here

You can now replicate data from MySQL data to MongoDB using Tungsten Replicator, an open source data replication engine for MySQL. It's sponsored by Continuent, makers of Tungsten Enterprise.

The new functionality was added by Continuent CTO Robert Hodges, Flavio Percoco Premoli of The Net Planet and Continuent employee Stephane Giron as part of a hackathon at the Open DB Camp in Sardinia.

View the original article here

Continuing to ensure that Linux benchmarks on the latest AMD Radeon HD graphics processors are available, the kind people at Sapphire have sent over another Radeon HD 6000 series graphics card. After previously reviewing the Sapphire Radeon HD 6570 and Sapphire Radeon HD 6870, up now is the Sapphire Radeon HD 6770. The Radeon HD 6770 (and HD 6750) up until recently was just offered to OEM builders, but now Sapphire has begun selling various products with these graphics processors, which end up being re-branded Radeon HD 5770/5750 "Juniper" graphics processors.

View the original article here

SSH offers a highly secure channel for remote administration of servers. However, if you face an audit for regulatory or business requirements, such as Visa/Mastercard PCI, you need to be aware of some potential authentication related short-comings that may cause headaches in an audit. In this document we are going to demonstrate how to combine two-factor authentication from WiKID on Ubuntu. First, we will configure a domain on the WiKID server, then add the  targeted server as network clients to the WiKID server, and finally configure the Ubuntu box via pam-radius.

 original article here