NEWS

Newsdesk
■ Mandrake targets South America ■ Microsoft targets Wine ■ KDE 3.4 release ■ Germany sees
biggest Linux migration ever ■ Security kudos for SUSE ■ IBM buys in ■ Theo de Raadt applauded

Mandrakesoft bids to
join Linux superleague
Conectiva acquisition gives French commercial distributor road into promising Latin American market
French Linux distributor
Mandrakesoft has merged With user numbers growing and IT
budgets tight, Brazil offers Linux
with Conectiva, the developer
distributors the perfect chance to
of South America’s most popular distro, win public and private contracts.
in a bid to join Red Hat, TurboLinux
and Novell in the top tier of
open-source software vendors.
The move will give Mandrake a
foothold in the growing Latin
American market, where the low costs
of Linux are especially tempting to
cash-strapped governments.
Though Linux market share is
notoriously difficult to quantify,
Mandrake is unarguably ‘second tier’.
Some estimates put its worldwide
presence in the 1-3% range, while
others suggest the company
commands just over 19%.
Mandrake claims to have the most
popular distro in the UK, with a
46% share of the market.
Mandrakesoft co-founder Gael
Duval admitted to CNET News that
the merger wouldn’t “elevate
Mandrake to the level of Novell or enables RPM-based distros to use the to get clear with declarations from name is not expected until April, with
RedHat yet”. But he described the Debian package management system, both Mandrakesoft and Conectiva a unified distribution expected to be
merger as significant growth, which and the Crystal icons that are shipped managers about the integration of the launched toward the end of 2005.
the company will build on with more with KDE. Conectiva has several two distros, the users have calmed “Combining the two businesses enables
acquisitions in future. government contracts, including with down and supported the merger,” she us to extend the scope of our offering
the Brazilian army and navy, as well as said. Conectiva staff on the Brazilian and address more business,”
Army contract corporate partnerships with the likes side of the business have been told Bancilhon said. He also stressed
Conectiva is based in Curitiba, of IBM, HSBC, HP and Siemens. their jobs are safe. Mandrakesoft’s commitment to open
southern Brazil, and employs 60 Conectiva spokeswoman Mariana François Bancilhon, chief executive source and the GPL, maintaining the
people. Its off-the-shelf product is the Franco said reaction to the deal of Mandrakesoft, is tipped to assume new company would always offer a
Conectiva Linux distro and the among users and staff has been the leadership of the combined free version of its software.
company has also been instrumental positive. “We had the usual concerns company. It is expected to move Mandrake was formed in 1998 and
in developing some high-profile Linux regarding what will happen to forward under the Mandrake brand, built on the foundations of Red Hat’s
software including apt4rpm, which Conectiva Linux, but as things started but a definitive statement on the distribution to become the second

6 LXF66 MAY 2005 www.linuxformat.co.uk

LXF66.news 6 15/3/05 5:54:34 pm

 NEWS

SUSE wins Jono Bacon

The founder of UK

level four
Linux, KDE developer
and all-round nice guy,
Jono is also a musician
■ The numbers just get bigger whose tunes have

security and bigger. Since the launch of the

Firefox 1.0 web browser, the project
has served up a massive 25 million
featured on Slashdot.

COMMENT
certification copies of the software. The feat was

The rise of
accomplished in just 99 days.

That’ll please the government ■ Not resting on its laurels, the

Mozilla project has updated Firefox

the radio
to version 1.0.1 to fix some security
SLES 9 can be used in government Novell’s SUSE Linux Enterprise issues and squash a few bugs. The
offices and army tanks now. Server (SLES) has become the first most significant fix concerns a flaw
in the handling of Internationalised
distribution to be granted level four
Domain Names (IDN), which could
most popular Linux distribution in Common Criteria certification. It is now allow an attacker to carry out a
Europe. Revenues for 2004 topped eligible to be used for command-and- phishing expedition – that is, get The 300 or so words I
access to your financial data – by
€5 million, thanks to growing control applications across US creating a fraudulent website and scribble each month for
corporate sales and membership of government departments. using characters in the URL to this column have touched on a
its innovative Mandrakeclub, which The Common Criteria are convince a user that it’s genuine. number of things that take my
offers members premium access to international standards for measuring interest, but that I’m often not
the latest distribution releases before the security of software, ranging from actually a part of. My subject this
the general public. levels one to seven. Novell chief month is something I am heavily
With SUSE coming under the executive Jack Messman said winning involved with: internet radio.
Novell umbrella, Mandrake now certification puts Novell at the “top of With the rampant increase
stands as the continent’s only major the list when it comes to projects the in sales of the iPod/iRiver/iAudio
commercial Linux distributor. government wants to do”. and the constant broadening of
The award applies to SLES 9 internet access, net radio has
■ Silhouette Roto, a high-
Moving up? running on IBM’s eServer product line end rotoscoping tool for film and become relevant. A handful of
The company went into bankruptcy and addresses functionality and animation, has been launched as a open-source radio shows have
protection in early 2003 but interoperability issues. Red Hat recently plug-in for AfterEffects on Windows appeared, one of which being
and Mac and FinalCut Pro on Mac.
emerged newly profitable in March applied for Common Criteria The developer says a stand-alone our very own LUGRadio
2004 with ambitious acquisition certification, but its software has yet to Linux version is near completion and (www.lugradio.org). Although
will be launched soon. Rotoscoping
plans. Since then, there has been a undergo the necessary testing. is an essential task in modern film
LUGRadio has had surprising
series of deals and partnerships Speaking at the Boston LinuxWorld making, and the availability of this success (and is now planning a
including working with LaCie on a Conference and Expo, Messman said product on Linux demonstrates the day-long event scheduled for
position the platform now commands
mobile hard drive and signing an that SUSE had also managed to in the film industry. 25 June in Wolverhampton), it
agreement with the French achieve US Department of Defense has had its own set of challenges
government to supply university Common Operating Environment ■ Mozilla isn’t the only Linux-centric to overcome.
group to have posted decent figures.
computing departments. compliance, a requirement for sales to The Linux Professional Institute The most interesting
In January Mandrake announced US military establishments. (LPI) says it has now examined and challenge was that of tone.
certified 75,000 people through its
plans of a partnership programme Novell/SUSE spokesman Mark Rex LUGRadio has an offbeat,
training programme. LPI provides
with American IT suppliers and said the achievement was down to a standardised structure for Linux humorous and irreverent take on
support vendors to push its committed collaboration between training across the world, with learning radio, and this has involved some
materials and tests in seven different
enterprise products to small and Novell, IBM and the security services languages. Evan Leibovitch, president sharp talk, strong opinions and
medium-sized business buyers in evaluation team. “The successful of LPI, said: “This is an indication that plenty of debate. With an
the US. completion of this latest security there is increasing recognition for approach to open source radio
the value of the community-driven,
An emerging market like South evaluation … will give our customers vendor-independent and vendor- that’s more Radio 1 than Radio 4,
America is an altogether different and partners the confidence to deploy neutral certification process offered the effect has been more striking
to Linux professionals through LPI.”
proposition, offering the potential to SUSE Linux solutions.” to many people than the written
www.lpi.org
focus on Linux installation rather word. Although some of my
than migration from existing ■ The latest version of the QEMU writing has struck a nerve and
emulator has closed the gap on
proprietary systems. the commercial virtualisation
people have mailed me their
Mandrake and Conectiva are both applications with, the author Fabrice thoughts (thanks, y’all), I’ve had
active members of the Linux Core Bellard claims, near-native speeds far more correspondence
when a PC is emulated on a PC.
Consortium, which is attempting to The speed boost is all thanks to directed my way over things I’ve
set a standard for basic Linux the new QEMU Accelerator Module, said on the radio. It makes me
systems to make it easier for which runs most of the guest wonder if we could get more
OS’s application code directly on the
hardware and software vendors to host processor (rather than running people into open source by
certify their products more simply. through an emulation routine). talking about it than writing
This makes it very effective for
The Conectiva acquisition has running an x86 guest on an x86
about it. If the opinion is
been done, Mandrake managers said, host, such as Windows on Linux. fundamentally the same, should
with a €1.79 million (£1.24 million) The accelerator runs as a module at we be more to the point in print?
present because it is a closed-source
stock swap. element of the system, though Answers on a postcard to
The combined company will have Bellard says it could be open sourced the usual address. That is, if
Jack Messman hopes to win US if he could get sponsorship.
a workforce of 130 people, 70 of government business for his reading this gives you
them dedicated software engineers. newly-certified SUSE distro. enough of a get-go.…

www.linuxformat.co.uk LXF66 MAY 2005 7

LXF66.news 7 15/3/05 5:54:37 pm

 NEWS

Music to your ears

Good news: Rosegarden1.0 includes DSSI plugin to access VST effects

Rosegarden, the great hope

for Linux music software, has
a 1.0 release. The package
now has the DSSI (pronounced dizzy)
plugin API, which is analogous to VST
in the Windows world and Audio Units
for the Mac.
Most significantly, DSSI has a VST
wrapper available that allows Linux
users to access VST instruments and
effects via Wine.
In an interview with O’Reilly Dev
Centre, developer Chris Cannam said
Rosegarden had grown from humble
ambitions to become the biggest Linux VST instrument integration
music application available. comes to Linux via DSSI.
“Rosegarden is the only Linux music
application designed to be an
immediate alternative to the major
brand-name sequencers for other
platforms; designed to be a useful Rosegarden is a complete open-source audio solution.
compositional tool for people who
know classical notation; and designed MIDI and effects tools to create a capabilities in notation editing and workstation on a single CD. The cost of
with usability and learnability in mind complete recording studio within the input. Fervent Software, which recently the package is £49.99, or £64.99
from the outset,” he said. computer. The package relies heavily provided support to the Rosegarden including a 128MB USB stick.
Rosegarden, which is the closest on ALSA and, for more complex audio developers, has launched a new Live Rosegarden 1.0 is also available in
thing the Linux world has to Cubase, sequencing, the Jack audio server. The CD built on version 1.0 that offers source code and binary forms.
offers a full complement of audio, software is also notable for its strong users a complete audio and MIDI www.rosegardenmusic.com

CONFERENCE
NEWS
IBM: £52 million Linux commitment
Big Blue puts faith and investment in open-source future for world’s computer users
The ACCU (Association of C and C++
Users) will be hosting its annual
IBM will raise its financial
conference from Wednesday 20 April
commitment to Linux by $100 million,
to Saturday 23 in Oxford. Events will
concentrate on Java, C++ and Python
(£52 million) over the next three
development (including a full day on years. The money will be used to fund
Python hosted by Alex Martelli and a wide range of initiatives across
Anna Ravenscroft) and, for the first technical, R&D and marketing
time, there will be a whole training divisions and is intended to help
stream on programming for security. customers migrate to Linux on every
The daily rate for the conference is kind of computing device – from
£135 for members and £160 for others mainframes to PDAs.
while the four-day rate is £495 and
Much of the money will go on
£595 respectively. www.accu.org/
developing IBM’s Workplace suite,
conference/index.html.
Meanwhile, across the Severn in
which provides access to core business
Wales the countdown to one of the tools on any compatible device.
better geek expos of the summer has A well as promising a cash injection
IBM has added nuggets of code to the open-source treasure chest.
begun. The annual UKUUG Linux for its own in-house projects, IBM has
Technical Conference will be hitting donated more than 30 open source open-source sector because of its Projects covered by the new
Swansea between Thursday August 4 projects to open-source repository increasing adoption by governments initiative include Jikes, a fast Java
and Sunday 7. The organisers have put SourceForge (www.sourceforge.net) and businesses. “Organisations looking compiler, and the Life Science
out a general call for papers, with and launched a companion site to for innovative software applications to Identifier, which speeds up
more details available on the event’s
help developers improve their skills. drive their business projects are development of life science
website – www.ukuug.org/events/
Gina Poole, IBM’s vice president of looking for developers with the tools applications by providing tools for
linux2005. Details of venues and
speakers will be announced soon.
developer relations, said it was critical and skills of tomorrow - based on automatically scanning networks for
for developers to stay abreast of the open technologies,” she said. biologically significant data.

8 LXF66 MAY 2005 www.linuxformat.co.uk

LXF66.news 8 15/3/05 5:54:39 pm

 NEWS

Hoyt Duff
The co-author of Red
Hat Linux 9 Unleashed
runs a fishing pier when
■ Real Software has announced he’s not being vociferous
about users’ rights on
the availability of REALbasic 2005,
mailing lists.
a complete object-oriented rapid
application development (RAD)
package capable of creating COMMENT
self-contained executables
for Linux, Windows and OS X
from the same source code. The
company says this is the perfect
cross-platform development tool
Microsoft’s
backslap
– though as yet there is no native
Linux version of the application.
www.realsoftware.com

■ In a moment of candour, managers

at Red Hat have admitted the
company snubbed the early adopters Thanks, Microsoft, for all
who helped build its reputation when your help. Its recent
Though KDE has received a slight cosmetic makeover, most of the it went in search of more lucrative
improvements have been made under the surface. action against Wine is a public
corporate buyers in 2002. The
company says it will make amends recognition of the threat that it
with more support for the Fedora poses to the Windows OS, and is

KDE 3.4 hits the mirrors project, which acts as a test bed
for the more corporate-friendly Red
Hat Enterprise Linux line. Michael
Tiemann, vice president of open
a wonderful compliment to the
vision of the pioneers of the
Linux phenomenon.
User-friendly tweaks include text-to-speech option source affairs, said it was a mistake
to concentrate almost exclusively The Redmond Gang openly
The KDE project has launched the manager and the addition of a on enterprise customers. “It insulted admits deliberately crippling its
first – and possibly only – release number of accessibility applications some of our best supporters. But automatic update service to
worse, we lost our opportunity to do
candidate for the eagerly anticipated including a new text-to-speech option customer-driven innovation,” he said. deny software updates when
KDE 3.4 desktop environment. Under the hood there is a new Wine is being used (turn the
■ IBM has teamed up with Mountain
Additions include better theme wireless configuration manager, which page for more). MS has an
View, CA-based Veritas Software to
handling, a more integrated Plastik makes saving access controls for a develop a new hardware and software interest in locking its customers
look and improvements to many of number of networks much easier. solution built on IBM’s Power5 in, making them depend on its
processor-based OpenPower Linux
the individual KDE applications; not KDE developer Stephan Kulow servers. The package will include operating system and producing
least Kontact, which benefits from the ventured online to encourage testing Veritas’ Cluster Server, Storage software that’s generally
integration of the AKregator RSS of this first “and hopefully only” Foundation and Storage Foundation incompatible with non-MS apps.
for Oracle RAC software.
application (see page12, LXF65). release candidate. If MS Office can be run on a free
Konqueror gains RSS support, while Users who wish to test the new and open OS, the user gains
KPDF has been given a search feature desktop without running the risk of flexibility and MS loses money.
– finally allowing users to search for killing their lovingly-crafted setup can That’s what Wine threatened
specific strings in a long document – do so by downloading and burning the to do. But the Microsoft’s recent
and a new slide-show mode, which new KLAX ISO, which marries a live action has annoyed,
turns the application into a capable version of Slackware 10.1 with KDE 3.4 inconvenienced and alienated
presentation tool. to great effect. people who hold valid licences
Other improvements include better It is available via www.kde.org for MS software. For Linux, that’s
user switching in the KDM display and the usual KDE mirrors. ■ MP3 Beamer is a new product great news.
from Linspire (above) designed Linux is now positioned to
to squirt MP3 files to all of your

OpenBSD leader honoured media devices, including PCs, stereo

systems, PDAs and iPods. Linspire is
pushing both a hardware and software
take a large and significant place
in business and personal
computer use; Microsoft’s
Theo de Raadt chosen over Tridgell and Brod solution with an MP3 Beamer PC –
running Linspire, naturally – available validation of Linux’s value comes
Theo de Raadt, leading light of the Each year, members of the open from $399. at the best time possible. To the
OpenBSD and OpenSSH projects, has source community nominate ■ PDF files of the presentations public, its defence of its business
joined Guido van Rossum, Larry Wall, individuals who have made a given at the recent Open Source appears aggressive, even
Lawrence Lessig and Alan Cox in being significant contribution during the past Development Labs (OSDL) kernel heavy-handed, and it gives the
conference are now available online.
given the Free Software Award by the 12 months. There are talks from the likes of impression that it would rather
Free Software Foundation (FSF). The other nominees this year were Andrew Morton and Brian Behlendorf, spend its resources on lawyers’
and an exploration of the issues
FSF president Richard Stallman Andrew Tridgell for his work on the fees than improve its product
thrown up by the SCO litigation from
presented the 2004 award at Samba project and Cesar Brod, who Jim Harvey, of Atlanta law firm Alston and service.
FOSDEM (Free and Open Source was recognised for his efforts at open and Bird. www.osdllinuxsummit. While we revolutionaries can
org/presentations/
Developers’ European Conference) in source advocacy in Brazil. feel great for a moment, we
Brussels, saying that de Raadt’s work The award traditionally goes to ■ GUI guru Jeff Raskin, credited by must keep up the fight in the
had applications well outside the someone with a more immediate many as the creator of most modern face of MS arrogance and
computers’ look and feel, has died
scope of his original intentions. connection to Linux. The fact that this of pancreatic cancer. Raskin fostered bullying. Still, we don’t have to
De Raadt was praised particularly year it has gone to de Raadt was seen the then-revolutionary attitude that defeat them: they defeat
for OpenSSH, which is a fundamental by some as a long-overdue computers should make work easier themselves every day. Thanks,
for humans.
project for secure communication recognition of the role the so-called Microsoft: it’s where we
across the computer world. BSDs have had in the success of Linux. want to go every day.

www.linuxformat.co.uk LXF66 MAY 2005 11

LXF66.news Sec1:11 15/3/05 5:54:42 pm

 NEWS

Microsoft blocks Wine

users from Win Update
CodeWeavers stays calm as Microsoft publicly targets emulator for first time

Microsoft’s latest anti-piracy for WGA. “Microsoft does not

measure includes what knowingly provide copyrighted OS files
appears to be a concerted to users of third-party emulators or
effort to block users of the Windows cross-platform API translation
emulator Wine from installing technologies such as Wine,” they said.
otherwise freely-available software on Jeremy White, chief executive of
their Linux machines. Wine developer CodeWeavers, said he
The Windows Genuine Advantage was relaxed about the issue, as it
(WGA) validation tool, which has been marked the end of Microsoft’s policy
developed to stop pirated versions of of never even mentioning Wine, but
Windows being updated via the Despite WGA’s that things would be different if the
Windows Update site, prevents Wine best efforts, you company decided to restrict MS Office
users from downloading updates or can still install updates to those running Windows.
add-on tools. Internet Explorer This, White said, “would expose
via Crossover
A Microsoft spokesperson told the Office Pro. Oh them to legal repercussions, as they
UK’s ZDNet.com that Wine was the well boys, you would be tying one monopoly product
first emulator to be specifically tested can’t have it all. to another.”

Win4Lin adds XP support about legacy applications. “Previously,

enterprises and users needing to
SUSE Linux 9.3
Virtual OS finally runs software not consigned to retirement migrate legacy Windows applications to
Linux were stuck with either an released
Win4Lin, the company formerly The company has also said it plans expensive porting task, or with clunky, Includes Beagle search tool
known as NeTraverse, has included to integrate better WinXP compatibility non-integrated virtual machine
support for Windows 2000 and into future releases. solutions,” he said. Novell has released SUSE Linux
limited support for Windows XP in the Win4Lin chief executive Jim Curtin, Another welcome change is that the Professional 9.3, adding native support
new edition of its flagship Win4Lin said the release of Win4Lin Pro would software no longer requires users to for Apple’s iPod music player and the
Professional software. Previously, the improve the opportunities for download and install a special patched Beagle integrated search tool to its
virtual OS was only capable of companies to investigate Linux on the kernel, making installation and use of award-winning desktop product.
installing Windows 9x series products. desktop without being concerned the software potentially far easier. Beagle enables users to comb
through locally-indexed web pages,
emails, IM conversations, music files

EMBEDDED LINUX NEWS and images, as well as documents

stored in a variety of formats including
PDF, source code and files created in
● Trolltech expects a wave of Linux ● Mozilla developers are working hard to MS Word and OpenOffice.org.
smartphones to drive adoption of new knock out a production-quality Windows It was created as a demonstration
telecoms technologies – including 3G, CE/Pocket PC build of their Minimo web of the power of Mono and is a pet
which has had a slow start in the UK browser. Project leader Doug Turner has
project of Ximian/Novell vice president
and Europe. Chief executive Haavard posted a workable version on his website.
Nat Friedman. If the user’s system is
Nord said 20 phone and mobile device Until now the application has been
available exclusively for Linux PDAs, but a
‘inotify-enabled’, Beagle’s system
manufacturers are working on Qtopia-
based products for 50 hardware Pocket PC version is seen as a vital works, according to developer John
vendors. Motorola, Samsung and Philips ingredient in emulating the success of the Trowbridge, “almost in real time”. The
will all be debuting devices in 2005, and mainstream Firefox browser. Turner aims for system has some heavy dependencies,
so will Ningbo Bird, China’s biggest a public release in about four months. so SUSE 9.3 will probably be the first
handset builder. device is designed to perform along the encounter most users have with the
same lines as the iPod Photo, features an ● Motorola has joined forces with Voice technology, which competes with
● Enterprising hacker Laurent Bousis has Xscale 400MHz processor and makes a over IP company Skype to create a new Google’s Desktop Search tool and the
taken a standard issue Giga Vu Pro (above pretty good choice for an embedded system. range of ‘Skype-ready’ mobile and fixed-
much-touted but little-seen WinFS
right) from German hardware vendor Jobo The first job Bousis did was to turn the whole line phones. Speculation is rife that mobiles
from Microsoft.
and turned it into a fully-fledged 2.4 kernel thing into a Doom games console. http:// may be able to make /Skype/ calls when in
range of a wireless LAN or hot-spot.
Demos of /Beagle/ in action can be
series embedded Linux computer. The gigavupro.sourceforge.net/tutorial.html
seen at http://nat.org/demos.

12 LXF66 MAY 2005 www.linuxformat.co.uk

LXF66.news Sec1:12 15/3/05 5:54:43 pm

 NEWS

David
Cartwright
David Cartwright is an IT
consultant who specialises
in providing Linux Systems
and solutions.

COMMENT

An OS is an
OS is an OS
It wasn’t long after the
release of of Red Hat
Enterprise Linux 4 that someone
asked me: “Do I stick with
RHEL 3 or move now?” His
historical expertise was with
non-Linux operating systems,
and he didn’t know how stable
the new release would be.
The answer to this question
Deutsche Bahn may soon be the biggest Linux user in the world. is, of course: “Forget that it’s
Linux – what would you do with

German trains to run on Linux

any operating system?” It’s
obvious when you think about it.
First, some of the
applications he’s running state
IBM oversees transition in biggest project of its kind yet seen
the kernel version as their only
Deutsche Bahn, Germany’s from SAP systems and sales support IBM spokesman Steve Menadue compatibility issue, whereas a
national rail operator, has moved its to web and mail servers. congratulated Deutsche Bahn on its couple specifically mention
entire 55,000 workforce from using The project, which is being overseen visionary approach to adopting open RHEL 3.0. So until the
Lotus Notes to Linux. While all eyes by IBM – also a major hardware source. “The strategic choice is further application vendors state
were on plans of a massive migration vendor for the move – is being keenly proof that Linux has matured as an compatibility with 4.0, he
of desktops to Linux in the city of watched by Munich city council. enterprise platform, offering a variety shouldn’t be overly quick to
Munich, Deutsche Bahn had been Unable to resolve potential problems of advantages including cost savings, move across.
quietly preparing what is probably the with patents, Munich has decided not shorter development time and a high But this doesn’t mean he
biggest move to open-source software to go ahead with migration. level of security,” he said. shouldn’t be moving to the new
in history. version to some extent. A ‘big
The company says it won’t fully bang’ migration on the day that
NZ HEALTH CHIEFS MIGRATE TO LINUX
benefit from Linux until the entire his applications become officially
computing infrastructure has been New Zealand’s Ministry of Health is found that the installed system was not RHEL 4.0-compatible is a very
migrated, at some point next year. migrating its data centre operations capable of holding up under this bad idea – a more controlled,
The first step was to move its from Windows to Linux. The ministry has pressure. “Windows can’t support what methodical approach will not
timetable systems from HP to Linux, cited the current system’s inflexibility as we do, and its management controls only help him become familiar
but a spokesperson said the the reason for the move. aren’t consistent with a data centre with the new version, but also
Chief information officer Warwick operation,” he said.
subsequent desktop migration is the shake out the little foibles that
Sullivan said the organisation was IBM has won the competitive tender
most important milestone in the the new version is bound to have.
constantly hitting a resource bottleneck to provide the NZ$3 million
process. Once complete, the company I think he should get 4.0
due to a peaky processing cycle and had (£1.1 million) installation.
will be running everything on Linux, now, try it out in a lab
environment, test it to death,

AFFS grants for open source developers then perhaps roll it out to a few
real, but non-critical systems and
Three-figure sums available to projects with community appeal test it to death again. By the
time 4.0 is supported by his
The Association for Free Software winning a grant if they are judged to long as you can show that it will ‘big’ applications, he’ll have the
(AFFS) has launched a new have the capacity to attract further benefit the free software world. confidence (and the rollback
programme to reward and support funding in the future, or matched Applicants are asked to send plan!) to upgrade the
open-source developers. funding immediately. proposals to the AFFS in an open critical systems.
The group is calling for applications Interested developers should write a source-friendly format (send a DOC So remember boys, girls and
from developers and says the grants short précis of their project, stating file at your peril). system administrators: RHEL is
are likely to be three-figure sums. who is involved and why funding is More details are available at just an operating system
Projects will stand a better chance of required – this could be anything, as www.affs.org.uk/grants. – migrate it like any other.

www.linuxformat.co.uk LXF66 MAY 2005 13

LXF66.news Sec1:13 15/3/05 5:54:48 pm

 REVIEWS Gentoo Linux 2005.0

SOURCE-BASED DISTRIBUTION

Gentoo Linux 2005.0

Roll your own packages with the latest release of Gentoo, writes Neil Bothwick.

BUYER INFO
Linux distro suited to power users.
Also consider: Linux From Scratch,
Rock Linux.
■ DEVELOPER Gentoo Foundation
■ WEB www.gentoo.org
■ PRICE Free under GPL

Gentoo has something of a

reputation as the distro for
speed freaks – people who
are willing to spend days
experimenting with compiler flags and
recompiling their system in order to
get an extra 0.5% of performance. system with no ill effects, and get to
Gentoo developers themselves fed this be the first to play with the latest toys .
perception in days of yore by stressing Most of the administrative tools for
the the distro’s performance benefits Gentoo are command-line based,
Gentoo is pretty excited about Portage, its package management tool
on the official website. (it even has its own site at www.gentoo-portage.com). Porthole (right) is although there are some third-party
For the new 2005.0 release they a GTK-based Portage front-end now in its fourth release. Kentoo (left), a GUIs for Portage, including a plug-in
take a more balanced view, KDE Control Centre module, is another third-party front-end. for the KDE Control Centre and a
highlighting the configurability and stand-alone GTK front-end. For
flexibility that Gentoo offers in addition first step is usually to run the configure extremely detailed handbook that general system administration, you can
to any performance benefits. This is script. If you first do configure --help, walks you through the setup stages install the excellent Webmin and do
the first of two Gentoo releases you will see a number of options that from preparing your hard disk to everything from your web browser.
pencilled in for 2005. It refers mainly can be enabled or disabled when compiling a kernel. Installation is There are some GUI tools in the
to the version of the installation discs, building the program. laborious, but not difficult as long as pipeline from Gentoo, but progress is
as the distro can be continuously With a binary distribution, those you follow the handbook. slow: most Gentoo users are
updated without re-installation. options are chosen for you. Gentoo A stage 1 installation is the most comfortable with the command line,
uses a system of USE flags to make time-consuming option, as everything so time is spent on other projects.
Use the source the decisions based on your needs. is compiled from source. Stage 3 uses The one thing that Gentoo users
Gentoo is different from most distros Another advantage is that Gentoo’s pre-compiled binary packages for just are not short of is help (or the time to
in that (in the main) it does not have ebuilds – the installers for individual about everything but the kernel. While read it during compilation). On top of
pre-compiled binary packages. When packages – are simple bash scripts. this does go against the Gentoo the comprehensive installation
you install a program with Debian’s Any complexity is in either the Portage philosophy, it lets you go from bare handbook, there are detailed howtos
APT or Mandrake’s RPMDrake, the package management system itself, or disk to running desktop in around an for most tasks and a user community
package that you install contains the program’s own config and make hour. You can then set up your that can help with anything else.
pre-built binary programs and libraries. files. This means that Gentoo usually optimisations and recompile the If you want to learn how a Linux
Gentoo’s package management gets packages for new program system while you’re using it. distribution works – and have
system Portage works directly with the releases very quickly (the ebuilds for maximum control over it – Gentoo is
source code packages. the KDE 3.4 betas were available Prefab clout worth a try. If all you want is a simple
This is very much a distro for the before the source files themselves In addition to the core system point-and-click system without having
so-called power user – someone who were uploaded to the KDE mirrors). provided by a stage 3 install, Gentoo to worry about what’s underneath, this
wants maximum control over their The disadvantage of installing also provides GRP snapshots. These isn’t the right choice for you. LXF
system and is prepared to expend software in this way is the time it takes. are pre-built binaries of major
some effort to achieve this. If you want Even on an Athlon 64, installing KDE packages, such as X, Gnome, KDE and
to slap a CD or DVD in the drive, click is an overnight task, although the OpenOffice.org, designed to get a full
LINUX FORMAT VERDICT
a few buttons and have a full desktop computer generally remains usable desktop installed as quickly as possible. FEATURES 8/10
system running half an hour later, this while programs are being compiled. The user has the choice of running PERFORMANCE 9/10
is not the distro for you. If you want to The process of installing a new with proven, stable packages or living EASE OF USE 6/10
get your hands dirty and learn how package is no more complex than with on the bleeding edge with packages DOCUMENTATION xx/xx
everything works, read on. most binary distros. emerge from the testing ebuilds. It is possible
The main advantage of Portage is progname will download, compile to mix the two, running a largely stable If you like to stay in total control, Gentoo is
your distro.
the amount of control it gives you, and and install the code for the program system with a few testing packages
not only in terms of the compiler and for any dependencies it has. where the latest features are needed. RATING 8/10
optimisations used. When you’re Gentoo doesn’t have an automated Not that the testing packages are
installing a package from source, the installer (yet). What it does have is an unstable: many people run a testing

20 LXF66 MAY 2005 www.linuxformat.co.uk

LXF66.rev_gentoo 20 15/3/05 4:05:27 pm

 REVIEWS Gnome 2.10

DESKTOP ENVIRONMENT

Gnome 2.10
The pace of development at Gnome HQ seems to be slowing. While Paul tries to convince Graham
on page 30 that Gnome is the desktop king, can version 2.10 hold Andy Hudson’s attention?

BUYER INFO Right Take your pick - do

you want to ping, trace
Classy window manager. Also or finger that rogue IP
consider KDE 3.4 or even IceWM. address? Version 2.10
■ DEVELOPER gives you more options
The Gnome Foundation than ever before.
■ WEB www.gnome.org
■ PRICE Free under GPL and LGPL Below There’s no place
like Gnome – add as
It’s always interesting to see many of your favourite
changes made to either of FTP servers and
directories as you like to
the two dominant window this handy Places menu.
managers, Gnome and KDE.
Gnome 2.10 was released at the
beginning of March and is now
widely available either for
installation via tarballs or
pre-bundled with distros such as
Ubuntu or the new Fedora Core 4.
Gnome and KDE are both mature
packages now, sp what
improvements can actually be
made? Let’s take a look at what the
Gnome community has been up to.
We took advantage of the versions. We’re feeling generous, so
bleeding-edge nature of Ubuntu to we’ll say this slowing of progress is a
access Gnome 2.10 from the sign of this window manager’s maturity.
moment it became widely available. Most exciting is the continued work on
Our first impression was that not the configuration tools, which stands to
much had visibly changed. Previous benefit all Linux users.
versions had introduced the top panel Any seasoned Linux user will be
with its Applications and Computer used to the continuing advancement
menus, but Gnome 2.10 changes the make it easier for sysadmins to British market). Existing applets have of both Gnome and KDE and will
Computer menu to Places and adds configure and set Gnome up, been updated and new ones added in already be itching to get their hands
Desktop. Places allows you to regardless of which distro is being an effort to make things even easier on Gnome 2.10. If you’re one of them,
bookmark specific resources such as used. Work had already begun on this than they were before. our advice to you is this: don’t go
network drives and common folders, in 2.8, and 2.10 sees further looking for 2.10, but wait for it to come
putting them in easy reach, while refinement in the network, user and Sucker punch pulled to you in the form of a new distro
Desktop gives you quick access to files time/date tools. The plan is to develop All this is great, but six months is a release. There is not enough here to
that sit on your desktop so you don’t a disk management tool, enabling you long time in open source development warrant an immediate upgrade for
have to minimise the inevitable crowd to configure physical disks under and you might have expected more. anybody, unless you are the type who
of windows. Gnome. If Linux can succeed in Gnome 2.10 lacks the sheer volume of really must have the very latest in
Work has gone into minor usability providing a consistent look and feel features that traditionally makes new window managers. LXF
tweaks, and you get the impression across multiple distros, it can only releases so exciting, and no single
that the Gnome Foundation is making speed its uptake. addition matches the huge LINUX FORMAT VERDICT
gradual changes over a long time. Gnome 2.10 also includes some development leaps that have FEATURES 6/10
updates to the general look and feel happened in previous releases. Both
PERFORMANCE 7/10
Good news for Linux of the desktop. The Gnome text editor 2.6 and 2.8 introduced features that
Another area in which the Gnome gedit now sports line highlighting and (although controversial) were EASE OF USE 8/10
Foundation is making progress in is emphasis on opposing brackets – a groundbreaking for the Gnome DOCUMENTATION 7/10
the administration tools that come as feature designed to be more Foundation. Remember the inclusion
Elegant as ever, Gnome 2.10 should
standard. Although the different developer-friendly than before. The of Spatial Nautilus in 2.6? nevertheless not be high on your list of
distros that Gnome sits on have their sky-watching applet GWeather, Such advancements seem to be upgrades. Wait until you need to refresh
your distro and then worry about it.
own configuration tools (such as YaST meanwhile, has been updated to give missing from 2.10 and this will
and DrakConf), the Foundation is you even more information about the probably be viewed as a somewhat RATING 7/10
trying to provide a set of tools that are weather than before (perhaps with tame release, with the real work
standardised across all distros, to one eye on capturing more of the becoming apparent over the next few

www.linuxformat.co.uk LXF66 MAY 2005 21

LXF66.rev_gnome Sec1:21 15/3/05 4:05:46 pm

 REVIEWS OvisLink router

WIRELESS ROUTER

OvisLink Multimedia
VPN Router & Server
Graham Morrison investigates a server with a sideline in surveillance.

BUYER INFO
Wireless web access offering
high security and unprecedented
device support.
■ SUPPLIER OvisLink
■ WEB www.ovislinkcorp.co.uk
■ PRICE £160

This is no ordinary wireless

router. For a start, it runs an
embedded version of Linux understand and you should be up and
on its 170MHz RISC CPU. Using our running in no time at all.
favourite operating system has brought The WMU-9000VPN is a well drive three separate classes of USB
all kinds of advantages, mostly in the specified little gadget. A content filter device: printers, storage and
form of drivers for the in-built USB can restrict access by either keyword (unusually) webcams. The list of
sockets; but OvisLink has also taken or domain, and you can perform a compatible devices is obviously taken
the decision to release its patches virus scan on normal and compressed directly from the official Linux
under the GPL – albeit with a warning files using an onboard version of gzip. compatibility list for the 2.4 kernel –
that tinkering around with the OS can There’s bandwidth control, either by but you do need to check your
invalidate your warranty. grouped IP addresses or, more devices against this list before you buy.
The first thing that strikes you after interestingly, by application. This
removing the router from its box is its means you can deny or restrict USB heaven
size: 24x14cm. It’s also a distinctive bandwidth to the heaviest network You can use USB storage devices to The WMU supports a webcam so you
can photograph unauthorised users.
shade of metallic blue, but otherwise, users, which is a great way of ensuring share files either locally or across the
the OvisLink WMU-9000VPN looks there’s enough bandwidth for internet. In effect, the router simply with good range through walls and
just like any other router. dependent utilities such as VoIP. mounts the storage device and floors. The real selling point though
It’s a different story at the back. There’s an SPI firewall, to which provides access through an FTP must be the USB ports. Once you get
Along with the (10/100 Base-T you can add filter rules by specifying account to digital cameras, say, or around the fairly limiting compatibility
Ethernet) LAN ports, another one source and destination addresses. MP3 players. The web interface can list, the addition of shared local storage
intended for WAN broadband and the Ports are selected from a drop-down configure either user or anonymous and a printer server for little more
power connector, the rear panel list of previously configured accounts, and will also manage outlay than a regular wireless router is
houses the four aforementioned USB applications, but (unlike with the bandwidth throttling locked to an excellent value for money.
2.0 sockets. An adjacent PS/2 bandwidth control), it is possible to upload and download ratio. Printer If you’re thinking of setting up a
connection (intended to provide power define new applications. Fields support is restricted to raw TCP/IP web-casting system, the webcam
for external USB storage devices) available for each application include devices, but it’s still a great way to support alone makes the OvisLink
hints at what these are capable of. TCP, UDP and ICMP, and ports can be share a printer on a wireless network. worth its asking price. But the solid
Setting the device up is simple, entered as ranges. Another feature We plugged in our Philips firewall and bandwidth management
and in common with similar routers, that may appeal to homeworkers is PCVC675K webcam and were mean it will still be a great piece of kit
configuration is done with a web the router’s support for Virtual Private amazed to find that it worked without when the novelty wears off. LXF
browser accessed by connecting to Networking (VPN). It can handle both any further configuration. OvisLink has
192.168.1.254. The user interface isn’t the IPSec and PPTP protocols, with a provided a camera port so the user
too bad, and it’s well laid out. There maximum of 100 IPsec and 10 PPTP can keep an eye on home or office LINUX FORMAT VERDICT
are a few translation VPN tunnels. and detect unauthorised entries. FEATURES 9/10
errors in the text, but For the original features, though, The router will either save webcam PERFORMANCE 8/10
on the whole the we need to go back to those USB images on to a USB storage device or
EASE OF USE 7/10
instructions are easy to ports on the back. The router can send images via email. These
(admittedly lo-res) snaps can be VALUE FOR MONEY 9/10
scheduled or triggered via motion Any of its features, be it bandwidth limiting,
detection, Mission Impossible-style. printer server, FTP or webcam support,
makes this router worth the money.
It’s easy to forget that this device is
a wireless router, capable as it is of RATING 8/10
11GB speeds. We found it could
maintain a solid internet connection

22 LXF66 MAY 2005 www.linuxformat.co.uk

LXF66.rev_router 22 15/3/05 4:06:06 pm

 REVIEWS Slackware Linux 10.1

OLD-SCHOOL DISTRIBUTION

Slackware Linux 10.1

Tom Wilkinson finds out if the grandaddy of distros still has life in him.

would still be nice for a warning to be

BUYER INFO
displayed if no ext2 or ext3 partitions
A distribution for users prepared to
are displayed.
get stuck in. Alternatives include
Gentoo and Debian. Package selection is reasonably
straightforward, allowing you to pick
■ DEVELOPER Patrick Volkerding
different package collections (still
■ SUPPLIER Slackware Linux
called disc sets, though several
■ WEB www.slackware.org
■ PRICE Free download under GPL, packages are now bigger than any
CD version $35 floppy disc has ever been) and
individual packages, each of which is
Slackware is the oldest marked as Essential, Recommended
commercial distribution of or Optional.
Linux, even predating version The Essential package set contains
1.0 of the Linux kernel itself. Built the absolute minimum necessary to
under Patrick Volkerding with the aim build a booting system, enabling the
of being the most Unix-like distribution, distribution to be installed on
Slackware is popular but has a machines with very small disks. Indeed,
reputation for being rather intimidating. all binary packages are compiled to
This has worked to its advantage in run on a 486 processor, with the aim
that it can never reasonably be Slackware provides a range of desktops to suit all manner of hardware. of helping you turn that old computer
accused of dumbing-down. Besides, There’s always an element of choice with this distribution. gathering dust into something useful
the user-friendly sector of the Linux (assuming you don’t want to do
Below: Package management is
market is pretty much saturated. less advanced than that of RPM anything too complex) such as a name
People who see Slackware as a or APT, but robust nonetheless. server or web server.
dinosaur that hasn’t realised it’s The final task is to select your
dead yet have missed the point. window manager. As well as Gnome
Slackware’s installation script may and KDE, Window Maker, Fluxbox and
not have changed much during the Blackbox are supported, again fitting
past decade, and its package with Slackware’s ethos of compatibility
management system may lack the Above: The default kernel is with older hardware.
finesse of APT or the ubiquity of RPM, 2.4.29, though 2.6.10 is provided. Once it’s booted, Slackware leaves
but it’s robust, and its simplicity means you entirely on your own. X needs to
that it’s largely immune to the need special drivers, such as be set up before anything other than
dependency problems that affect RAID arrays or external disks. In text mode is available, and this can
other distributions at times. theory you could install Slackware to take a while to get right (our test
This simplicity does place a burden an external firewire drive, though you’d selection. This method of allowing the machine had an LCD monitor, which
on the user, as it’s up to them to need a small boot partition on the user to pick and choose which has a lower tolerance for setup error).
remember whether a dependency is internal hard disk. portions of the installation to automate Overall, though, if you want to
installed. But there are some tools to A choice of using cfdisk or fdisk was is an example of Slackware’s laudable learn about what happens underneath
aid this process. given for partitioning the disks. Cfdisk philosophy of putting as much control all the wizards and GUIs of the newer
You shouldn’t suffer from is a slightly more user-friendly as possible in the hands of the user. and more newbie-friendly distros, give
Slackware’s installation procedure program but we had problems Slackware a go. Provided you’re up to
staying much the same for ten years. accessing the partition table on our Don’t be caught out the challenge, you’ll be rewarded with
The text interface is tried and tested test machine, leaving us with the There is one problem that plagues the a tremendous level of knowledge. LXF
and does everything it needs to. It ain’t standard fdisk. While it’s a million miles installer. It allows you to choose
broke, so Slackware’s developers away from tools such as Disk Druid or between three filesystem types when
haven’t fixed it. Partition Magic, fdisk does the job and formatting partitions: ReiserFS, ext2 LINUX FORMAT VERDICT
Partitioning the disk is left entirely provides you with enough hints to be and ext3 (XFS and JFS can also be FEATURES 7/10
to you – in fact, after booting the able to work out what’s to be done installed, but a more manual approach EASE OF INSTALLATION 7/10
install CD, you’re given a shell prompt without too much brain-ache. is then required). And because EASE OF USE 5/10
and left to your own devices, along The text mode installation menu Slackware uses just the LILO boot
DOCUMENTATION 9/10
with a note to run setup to continue permits users to skip ahead to any loader, you can easily create a non-
once the disk is partitioned. While at stage in the installation, provided that bootable system without any warning A challenging distro, but one with a lot
going for it if you’re willing to learn.
first glance this method is unintuitive, the relevant prerequisites have been from the distro that you’re doing it
it provides an excellent opportunity to made. For example, if you’ve already (ReiserFS isn’t understood by LILO). RATING 8/10
mount disks in more unusual mounted your partitions and the CD, While experienced users should
configurations or mount disks that you can go straight to package know to work around this issue, it

24 LXF66 MAY 2005 www.linuxformat.co.uk

LXF66.rev_slack 24 15/3/05 4:06:28 pm

 REVIEWS Devolo MicroLink dLAN Starter Kit

POWERLINE ETHERNET KIT

Devolo MicroLink dLAN

Starter Kit
Nick Veitch gets to the garage to test a winning alternative to wireless home LANs.

BUYER INFO Of course, you need to do the same

Adaptors for setting up a local area somewhere else in the house to WHAT IS POWERLINE
network using mains power. achieve some sort of network. This ETHERNET?
Also available as a USB networking would typically be to connect the
kit. Also try: a Wi-Fi connection. other end to a remote router or In recent years, there has been a lot of But the technology employed by the
broadband modem. interest in a technology called Power Devolo MicroLink kit on test here and by
■ SUPPLIER Devolo over Ethernet, where you use the ‘spare’ other ‘powerline Ethernet’ devices is
■ WEB www.devolo.co.uk That’s really all there is to it. The
pair of signal cables in a Cat5 Ethernet almost the reverse of this. It addresses
■ PRICE £99 lights on the adaptor will come on to
cable to deliver power as well as internet the same problem, but the solution is
show that a connection has been connectivity to mobile devices. Its selling different. Instead of taking power over
Powerline Ethernet isn’t a achieved. Your installation is done, point is that, particularly with Wi-Fi the Ethernet cable, powerline Ethernet
new idea, but the explosion unless you’re worried about security... access points and some appliances, the devices transmit networking data over
of home networking has ideal location for a networking kit isn’t the mains power line. This means that,
made it one that’s profitable to Plugging the socket always where you have easy access for with suitable adaptors plugged in, the
re-explore. Devolo is one company One of the problems with using the cables and power. Plus you only need to entire mains circuit in a building can
that sees new opportunities in selling mains circuit as a network is that it’s a run one cable instead of two! become a network.
powerline Ethernet equipment, which security risk. In a large company, every
explains its new range of socket becomes a potential network for Linux as source, and should build Wi-Fi are that it’s often faster and
home-oriented products. access point. fine on most distributions. The USB perhaps more readily portable.
The starter kit on test here is Even in your own home, because variants require a kernel level driver, Wireless adaptors also tend to be
simply a double-pack of the standard of the characteristics of the mains which we haven’t tested for this review. cheaper – mainly because they’re
Devolo Microlink dLAN adaptors. signalling, signals can travel for This form of networking is slower more mass market products and are
These semi-transparent plug-in units hundreds of metres – perhaps back than doing it the wireless way, but it more likely to work with each other
look more like battery chargers or up the mains line and through the shouldn’t be unworkable. Devolo because they are created to broadly
some iMac-style surge protector. Apart consumer unit of your near- claims transfer rates of up to 14Mbps similar standards.
from the three-pin plug and a few neighbours (this depends on how between devices, and this seemed
lights, the only other notable feature is modern your meter/consumer unit is). feasible in our tests. The test network Wired or wireless?
a standard Ethernet socket. In an effort to address these issues, consisted of one unit in a house and The pluses of powerline Ethernet
Installation is simple – plug the the dLAN units can use optional 56- the second unit in a garage, on a include the fact that in most cases it’s
supplied Ethernet cable between the bit encryption to set a key on each different branch of the mains circuit, easier than Wi-Fi to secure, easier to
adaptor and your device – only units with corresponding some 50 metres away. manage and you won’t have any driver
Linux box and keys will be able to communicate. Transfer speeds peaked around problems. There is also the issue of
you’re away. Setting the key involves the use of 10Mbps, though it must be said that coverage – the Microlink dLAN units
configuration software. This is supplied some equipment (notable an angle work through solid brick walls (Wi-Fi
grinder fired up in the garage) caused doesn’t in our test location) and over
sufficient interference on the mains potentially greater distances (similarly,
circuit to drop the speed significantly. the garage in our test is out of range
For a point-to-point connection of normal Wi-Fi).
this performance is more than On the evidence of this test, the
reasonable, certainly if the main use is manufacturers piling their resources
to extend broadband access, which is into user-friendly starter kits are
not normally anywhere near these making a smart investment. LXF
speeds. One thing to
bear in mind, though, is LINUX FORMAT VERDICT
that this is the FEATURES 6/10
maximum throughput
PERFORMANCE 9/10
of the entire mains
network – if you have EASE OF USE 9/10
ten devices plugged in, VALUE FOR MONEY 8/10
Concerned parents they will all be sharing
A real ‘install and forget’ solution to
and conspiracy the 14Mbps bandwidth. networking in otherwise hard-to-reach areas.
theorists will be
Although powerline
pleased to hear that
the MicroLink plugs Ethernet is entirely different RATING 9/10
emit less radiation than from a Wi-Fi networking solution,
wireless LAN adaptors. it’s a viable alternative. The pros of

www.linuxformat.co.uk LXF66 MAY 2005 25

LXF66.rev_nwork 25 14/3/05 9:08:47 am

 REVIEWS Linspire 5.0

DESKTOP DISTRIBUTION

Linspire 5.0
Looking to ease into Linux from Windows? Chris Denton reckons Linspire could be your answer.

BUYER INFO
Newbie-friendly distro with a price
tag. Other contenders for the Linux
personal desktop crown include
Xandros, Mandrake and Lycoris.
■ DEVELOPER Linspire
■ WEB www.linspire.com
■ PRICE $49.95 as a web
download, $59.95 on a CD

Although the likes of Red

Hat, Sun and SUSE are
concentrating their Linux Above Linspire’s tutorials are
desktop efforts on winning corporate some of the best around. This one
customers, Linspire has stuck to its shows you around its download
centre, the CNR Warehouse.
guns and set its sights primarily on
home users. The latest version of its
Left Pingus is a great Lemmings
distro, Linspire 5.0, is very much in this clone – but you’ll have to pay
tradition, aiming to improve on the to play it with CNR.
simplicity, features and friendliness of
previous versions. helpful, but Linspire has gone all out corrected before the stable release. on apt-get so it’s a small matter for
With this in mind, the installation to try to guide users. The result: a Seamless integration with Windows those so inclined to amend the
process is kept very simple. There are multitude of Flash tutorials that show machines always helps, while Linspire’s configuration file and start acquiring
none of the configuration options rather than tell the novice how to get network browser is an effective Samba free Debian packages instead.
presented by Fedora, say – it’s just a to grips with system operation, which client front-end that makes locating The main problem with Linspire is
case of a few clicks and you’re done. can be scarily unfamiliar if you have network resources simple. that it’s too expensive to be a true
Obviously this only works if the never seen anything but Windows. low-cost alternative to Windows. In
defaults are acceptable, which Importantly, plenty of assistance is Instant access addition to the one-off outlay of the
thankfully for the most part they are. provided to deal specifically with Authenticating and accessing the operating system you’ll have to
We decided to test a pre-release internet connectivity – getting on to shares is just as straightforward, and account for a few years of CNR
beta version of Linspire 5.0 on a Dell the web will be the number one getting at files such as Word membership and, if you’re sensible,
desktop containing an early Pentium priority for those running Linspire, and documents and Excel spreadsheets the extra virus checking and safe-
III processor, 192MB in memory, two users can’t rely on their ISP to provide can be done with a double-click into surfing options. Perhaps the best thing
smallish hard drives and an internal good enough Linux documentation. OpenOffice.org. Impressively, the to do is to pick up a new PC with
Iomega Zip drive. It’s modest by 2005 whole process works as well or better Linspire pre-installed, such as those
standards, but this is just the kind of No warning than trying the same thing from XP offered by Tiny.
PC that would benefit from a second The friendly and gentle approach to Home Edition. Linspire targets the general PC
lease of life courtesy of Linux. Happily, computing pervades Linspire 5.0, but Linspire’s killer app is undoubtedly user who just wants to do basic things
despite it being at the bottom end of there are still pockets it hasn’t reached. the CNR (Click-N-Run) Warehouse. like surf, email, use Office apps, listen
Linspire’s system requirements the For instance, to get on to a LAN there This is a subscription-based service to music and play the odd game. On
installer was quite happy with the is a well set-out graphical network that allows users to select and install this evidence it’s pretty much hit the
hardware, and even detected the Zip properties window but, strangely, software with two or three clicks of a bull’s-eye. LXF
drive correctly. Linspire uses grub as nothing to guide you through the mouse. We decided to replace the
the bootloader and so will rub along process. Should you make a mistake, supplied Mozilla web browser and LINUX FORMAT VERDICT
quite happily with another operating such as not entering a subnet mask, email client with Firefox and FEATURES 9/10
system if you want it to. there is no warning that the details are Thunderbird, and this took a matter of
PERFORMANCE 8/10
incorrect nor any defaults that get moments. Then, purely in the interests
Flash! a-aaa! used instead. The given settings are of research, we checked out the EASE OF USE 9/10
Linspire uses KDE for its graphical seemingly accepted but the network games section and ended up helping VALUE FOR MONEY 6/10
desktop but has adapted the look and interface won’t be available, which ourselves to a rather impressive Pretty, competent and user-friendly –
feel, again to make things as clear and could easily confuse you if you’re a selection including Quake II. Linspire is little short of excellent, but you
crisp as possible. When the system Linux newbie. There are hundreds of useful (and have to pay to get the most out of it.
boots for the first time you’re Yet in other ways Linspire is not so useful) programs of various
presented with an innovative help incredibly mindful of the Linux types obtainable this way, although RATING 8/10
introduction. Help functionality on beginner, so the network settings issue some people may be put off by the
Windows and Linux alike is rarely may be an oversight that gets $49.95 annual fee. Still, CNR is based

26 LXF66 MAY 2005 www.linuxformat.co.uk

LXF66.rev_linspire 26 15/3/05 6:15:52 pm

 REVIEWS Win4Lin Home

VIRTUAL OS TO RUN WINDOWS ON LINUX

Win4Lin Home
It might be just the ticket if you’ve got an ancient Win95 database package that you can’t
live without, but Graham Morrison is left underwhelmed by this migration tool.

BUYER INFO Win4Lin is super fast in both full-

screen and windowed display modes:
Runs a virtual version of Microsoft
no sooner have you clicked on the
Windows on a Linux desktop. See
also: CrossOver Office or VMWare. desktop icon or executed win from
the shell than you’re presented with
■ VERSION 5.1
whatever flavour of Windows you’ve
■ SUPLIER Win4Lin
chosen to install.
■ WEB www.win4lin.com
■ PRICE $29.99 You can also resize the window,
and the Windows desktop doesn’t just
It’s been over 18 months scale but actually changes the virtual
since we had a look at desktop resolution, even updating the
Win4Lin’s enterprise display preferences. Win4Lin says it
application for running MS Windows has introduced some minimal
software. In the interim the Texan hardware acceleration to 5.1, using the
company has bought out its developer, X shared-memory extension, and the
NeTraverse, and worked hard on its interface does feel responsive.
product range, including the home Unfortunately, hardware acceleration
user edition reviewed here. doesn’t extend much further than this,
Few of the changes in this modest so don’t expect to run any 3D apps.
upgrade of Win4Lin Home from 5.0 to Win4Lin supports all the recent
RealPlayer works on Win4Lin, albeit without video acceleration.
5.1 could be classed as revolutionary, revisions of Microsoft’s Office suite,
but that’s a sign that the 5.0 release licence) but also suitable boot media. switch between root and user modes, including 97, 2000 and XP. Software
was very stable. Sadly, none of the This problem was highlighted in our and trying to persuade Win4Lin that it compatibility is generally excellent,
changes has brought support for enterprise review (LXF43, August has already installed the necessary especially with older software. The
Windows 2000 or XP – Win4Lin 2003), when we were assured that Windows files. First, root is used to exception is with certain system
Home still runs only the doomed ours was an exceptional case; but we copy the Windows setup files to the specific requirements, such as for a
generation of Windows earmarked for had exactly the same problems a year Linux box. Each user is expected to modern DirectX implementation.
retirement, namely 95, 98, 98SE and ME. and a half on – this problem is more execute the Win4Lin installer locally, Other notable absentees include
The Home version differs from the common than the developers think. which in effect runs through Windows’ audio recording (though playback
Win4Lin 9x enterprise version in You also need a Win4Lin version of own installation procedure. To be fair works well), direct device access,
several ways. Firstly, it’s restricted to your current Linux kernel, and while to Win4Lin, this application is intended CD/DVD burning and USB support
using only 64MB of memory, which you can patch your own source, most for home use, so there shouldn’t be beyond the mouse and keyboard.
will obviously impair performance. distributions already have a Win4Lin that many users. Our review may be mixed at best,
Also, network connectivity is through kernel available. The kernel patches Overall, this user-mode stage is but with Win4Lin it’s important to not
WinSock 2.0 rather than the VNET are mainly used to enable Windows mostly transparent, and while you can focus on the negatives. Despite only
system. Whereas VNET goes to the applications to take advantage of the see that Windows is indeed installing, supporting ageing Windows versions
trouble of emulating a physical NIC, Linux scheduler. At least the 5.1 there’s no user interaction involved (or because of it) the application is
Winsock simply passes the TCP/IP release has introduced support for the and the whole process is over in a fast and stable. The target user is
calls to the Linux stack. This effectively 2.6 kernel, and finding one for our matter of minutes. someone who wants to migrate from
limits access to the TCP/IP protocol. Mandrake 10.1 system wasn’t difficult. Windows but has old apps or utilities
Installation is also disappointing. There are still a few inconsistencies Smooth migration that just can’t be replaced with a Linux
The problem is that Win4Lin requires to work through with the installation In a similar way to Wine applications, version. If this sounds like you, using
not only the Windows files (and a valid procedure. These include having to the Windows installation is contained Win4Lin could be the answer. LXF
within the $HOME/win directory. A
BUT WHAT IF I NEED mydata directory contains the
LINUX FORMAT VERDICT
WINDOWS XP SUPPORT? ubiquitous My Documents folder – it
FEATURES 4/10
may sit incongruously, but it’s a useful
Released in February, Win4Lin Pro 6 finally addresses many of the issues that PERFORMANCE 6/10
feature that the Windows installation
Win4Lin users have been complaining about for years. For a start, there’s no
shares the Linux file system. EASE OF USE 4/10
longer the need for a custom kernel, which should make installation a breeze.
It’s even possible to copy apps VALUE FOR MONEY 7/10
More importantly, development has caught up with the latest generation of MS
from a Wine installation to a Win4Lin
Windows, with direct support for both 2000 and XP Pro. On the downside, Great value if all you need is to get an old
one. In comparison with VMWare, this
there are still some issues with boot media, and the Pro package is a lot more Windows application working in Linux.
is refreshing, and it avoids the
expensive than the Home edition. However, considering Win4Lin’s usually
complexity of shared partitions and RATING 6/10
excellent performance, there’s a good chance that the Pro version will prove a
virtual Samba clients; which is a real
viable alternative to dual booting or its fellow virtual workstation VMWare.
barrier to migration for some users.

www.linuxformat.co.uk LXF66 MAY 2005 27

LXF66.rev_w4l Sec1:27 15/3/05 4:06:48 pm

 REVIEWS Books

The Exim SMTP Mail Server

Exim came top of this month’s mail server Roundup just as Paul Hudson
finished reading the leading book on the topic…

BUYER INFO really do need to wade through quite

a few pages before you gain a firm
■ AUTHOR Philip Hazel
■ PUBLISHER UIT Cambridge grasp of a topic. What’s needed are
■ ISBN 0-9544529-0-9 some bulleted lists at the end of each
■ PRICE £37.50 chapter that give a brief recap of the
■ PAGES 595 topic so that people who want
immediate answers don’t have to read
If it were possible to extract from 30 pages first.
the brain of Exim creator Philip Hazel Surprisingly, there is one such list;
all that he knew about his popular and the surprise is that it comes right
mail server then have it committed to at the end, after the index (which, on
paper, the result would be only a tangent, is one of the best indexes
marginally different from this book. To we have seen in a long while), where
say that The Exim SMTP Mail Server is the list of the book’s sponsors are.
comprehensive is an understatement One of the sponsors, the Norwegian
akin to saying that the Pacific Ocean is Linux firm Linpro, provides six quick
a bit damp. It is a huge work that managed to finish it in time for this example, if you want to build Exim ways to tune Exim, and it works
covers every area of Exim 4 that you issue of LXF). from the source, just flick to chapter wonderfully well – let’s hope the next
could ever need to know about. Of course, this is a book about a 22 and find the part that helps you. edition follows Linpro’s example!
The previous edition of this book, mail server – if you’re expecting thrill- Similarly, the coverage of encryption,
in which Hazel discussed Exim 3.x, was a-minute content you’re looking in the database lookups and filtering is LINUX FORMAT VERDICT
produced by O’Reilly, and thus infused wrong inbox. separated into chapters, which deal Brusque and dry, but if that floats your
with the publisher’s usual amusing with each topic wholly and boat this is the Exim book for you.
tone. In contrast, this one has little in Crammed with info independently of the other chapters.
the way of spark and style, which Although some masochists might try This approach works up to a point, RATING 7/10
made reading the best part of 600 to read this book from cover to cover, but there is a noticeable lack of
pages feel very, very slow (we only just it’s best used as a reference guide. For summarising that means that you

Knoppix Hacks
Nick Veitch looks for buried treasure in the latest Hacks book.

BUYER INFO modules has some original material

■ AUTHOR Kyle Rankin not available on the Knoppix website,
■ PUBLISHER O’Reilly and hacks such as recovering trashed
■ ISBN 0-596-000787-6 hard disks or resetting NT passwords
■ PRICE £20.95 are genuinely useful. However, this
■ PAGES 316 reviewer’s overall impression is that
many of the hacks have been
Knoppix is almost certainly the conjured up from the everyday in an
best-known Live CD Linux distro, and attempt to squeeze out a magic,
with good reason. Its versatility is publisher-pleasing ‘100’ for the cover.
such that it’s just as happy being Most readers would have preferred
used as a hot-desking tool as a 50 really good hacks.
system recovery utility disc. This is A useful guide, then, to the
why Knoppix Hacks could have done potential uses of Knoppix that has
with a more explanatory subtitle than some useful tips but not much more
the boastful ‘100 industrial-strength than the sort of information readily
tips and tools’, because the book isn’t available on the Knoppix website.
so much about hacking Knoppix as words on it then try to group the tips guide to Knoppix. Unfortunately,
about hacks you can perform while together into categories. In that including such chaff dilutes the really LINUX FORMAT VERDICT
using Knoppix. respect, the approach definitely useful material – such as how to use
Needs more hacks, less fluff.
The format of the book follows seems to work better when applied to Knoppix as a repair disk or for
that used by previous titles in topics such as wireless networking. forensic analysis of a hacked system. RATING 5/10
O’Reilly’s Hacks series – think up The book starts off with some The section on how to customise
some cool stuff, write a few hundred ‘hacks’ that really just form a user’s Knoppix and build your own Knoppix

28 LXF66 MAY 2005 www.linuxformat.co.uk

LXF66.rev_book 28 15/3/05 4:05:00 pm

 REVIEWS Books

Linux Application Development

Graham Morrison forgets all he knows about Linux to review this
introduction to command-driven development.
BUYER INFO

■ AUTHOR Michael K Johnson and

Erik W Troan
■ PUBLISHER Addison-Wesley
■ ISBN 0-321-21914-7
■ PRICE £41.99
■ PAGES 702

You’re a systems programmer,

perhaps a good one. You’re well-
versed in Unix and eager to learn, but
Linux is a whole new world to you. This
may well be the book to help you get
there. It’s an ambitious attempt to
encompass Linux application
development, from the perspective of
experienced C programmers who don’t
necessarily know anything about Linux. you find in the shell or running in the quickly moves on to cover a bevy of afterthought, being not quite so
The authors assume readers have background. It’s the considerable subjects including advanced file comprehensive in its treatment as
some Unix knowledge, so scrimp on second section of the book that really handling, memory mapping and job other parts. There’s a small section on
general information but splash out on starts to delve into the details of control. There’s an interesting chapter dynamic loading and callbacks, but
Linux ideas. This second edition has system programming. on terminals, which (along with many the reader is presumed to have a
been written with reference to the 2.6 other parts of the book) provides an good understanding of functioning
kernel and the GNU C library version Clarifying the unclear excellent historical explanation for libraries already.
2.3, and the considerable amount of For a solid grounding in Linux much of what we consider esoteric Linux Application Development
source code included in the book is development there’s no better place to Linux behaviour. makes what was previously a specialist
available from a well-organised start than with the process model – This gives the book broader appeal area accessible to anyone with Unix
accompanying website. and that’s exactly where this second – it would be a good read for practised programming experience and the
The authors have managed to section kicks off. The process model is Linux users who want to understand desire to write applications. (Windows
squeeze all the essentials of Linux something I’ve often personally more about why their systems work programmers may struggle without
programming into the first 100 pages. misunderstood. If like me you’ve had the way they do. knowledge of the basic terms, despite
This section covers almost as many only a basic idea of how it all hangs the authors’ encouraging assertion to
subjects as there are pages, any of together, this chapter makes use of Sample code to try the contrary).
which could fill a whole book, but the familiar terminology and some good There follows a good section on Each chapter not only works well
highlights include chapters on Emacs examples to pull the whole concept networking with sockets, including as a reference to a Linux tool but also
and Vi, gdb, GCC, open source into order for you. manipulating IP addresses for both sparks ideas about how that tool could
licensing, the GNU C library, memory Process management also IPv4 and IPv6. This section also be developed. Using a real
debugging tools, libraries and the presents the opportunity for some includes some excellent example code, implementation of a Unix shell is a
Linux system environment. excellent sub-headings, such as including an executable version of great idea, bringing a greater
The pace makes for an ‘10.4.6 Killing Yourself’, followed by getaddrinfo(), featuring several well relevance to many of the examples,
entertaining read, but don’t expect to ‘10.4.7 Killing Others’. thought-out options for the command and you find yourself with a useful tool
gain anything more than a perfunctory To help with many of the concepts line. Another example is a Unix at the end of it. For a technical
understanding of the many subjects used in the book, the authors develop domain server written in two pages of manual the book reads very well and
covered. The authors don’t want to throughout the book a subset of the code, which will listen on a certain is relatively easily to understand, which
waste time introducing Linux tools that Unix command shell called ladsh. Each port before copying data to the is to the authors’ credit.
Unix users will already be familiar with, chapter progressively adds to the standard output. The absolutely The real value, however, comes
preferring to dedicate more of the source code, to produce a minimal colossal system programming section from being able to refer to the various
book to discussing how Linux works. shell featuring built-in commands, draws to a conclusion with security, sections of the book after closing the
What’s missing from the extensive external command execution, I/O covering both common security holes final page – and feeling inspired
list is anything on GUI design or redirection and job control. As an and access restrictions. enough to sit down and actually write
custom widgets. In fact, the book example, the file I/O is describes the If we had to criticise any part of something. LXF
doesn’t deal with modern user terms of file access, everything from the book it would be the final section,
interfaces in any way. It takes a more file ownership to ext3’s extended which touches on several subjects LINUX FORMAT VERDICT
Unix-like, command-driven approach, attributes, before applying the same under the loose definition of
A whole new world of application
and the word ‘application’ in the principles to the ladsh shell in the form development libraries. The authors use development handed to you on a plate.
book’s title is used to denote any of of redirection through files and pipes. this as an excuse to focus on
the thousands of command-driven A signal processing chapter is just everything from regular expressions to RATING 8/10
components responsible for holding as illuminating as the one on process screen management and hashed
Linux together: the kind of application management. From there, the book databases. It feels a little like an

www.linuxformat.co.uk LXF66 MAY 2005 29

LXF66.rev_book 29 15/3/05 4:05:06 pm

 KDE VS GNOME

desktop duel
KDE GNOME vs
Linux Format’s Paul Hudson and Graham Morrison fight it out
to decide once and for all which is better – KDE or Gnome?

T
here are few flame wars as together mock-ups including ones
long lived as that between that looked like KDE’s dialog,
zealots of the Gnome and KDE Windows, and Mac OS X – and agreed on before code is written,
desktops. To settle the score, they picked the best one. The nice so usability always comes first.
we have two advocates who, in thing about the dialog is that it GM: Two or three of the configuration
a series of rounds, will do their looks simple – you get favourite options are always the same. Try to
best to denigrate their opponent and places to save your files. But with find a common location for Gnome’s
maybe force a few submissions. There one click you get more options. key bindings and you’ll see what I
will be no biting or gouging, but plenty This works well for everyone. mean. Some of KDE’s interface needs
of points scored below the belt. So, In KDE, the default option is too rationalising, but it’s better to know the
contenders, return to your corners, Komplikated. Panes here, combo possibility is there than struggle to find
and come out ranting. boxes there, and no organisation. what you need. How else would you
The Gnome dialog is improved in know about Cervisia? KDE’s
ON USABILITY 2.10 with Mozilla-style type-ahead development puts functionality first,
PH: Okay, we have three minutes, find, so advanced users have even and KDE interfaces tend to evolve.
so I’ll summarise: KDE sucks. The more choice. PH: There is a common location
biggest problem with KDE is the GM: Type-ahead find? I guess when for Gnome keybindings – it’s called
K’s – K-this, K-that and K-theother. you have a single window with a Keyboard Shortcuts. Of course, it
Sure, it was the Kool Desktop simple line for entering the destination, only handles desktop shortcuts;
In the grey corner: Environment, but do we really you would need help finding the right you can’t change your AbiWord
need names like aKregator? In location. It takes 30 seconds to learn shortcuts with it. But who
PAUL HUDSON
Our modest and capable deputy Gnome, we have a few Gs, but lots KDE’s file requester, after which you really
editor represents the power of of normal names too – Evolution, can’t do without its bookmarking wants to
the Gnomic allegiance. On his Epiphany, Anjuta, Beagle... system, and its layout is simple – do that?
side is the deceptively simple
design and sleek user interface
GM: Well, if that’s the biggest problem unless you’re used to OS X. It all Perhaps
that makes Gnome so popular. with KDE, it can’t be that bad. I agree depends on what the user wants, and this is something
But will he have to account for there’s a lack of imagination in KDE that’s the point. Rather than provide for the future.
Nautilus’s spatial mode?
naming, but at the end of the day it’s too few options, KDE errs on the side Anyway, more than
how they work that’s important. of too many. It’s all about functionality. “some” of KDE’s
PH: We’ll discuss the big problems PH: Too many options is right – interface needs
later – I’m giving you a chance! there are 18 items on the default rationalising. For
But seriously, it makes life harder Konqueror menu, including one for example, right-clicking
for people. Tab completion is hard Cervisia – the CVS system for KDE. on the desktop brings up a
In the blue corner: when everything starts with a K. Some people want that, but huge number of items that simply
GRAHAM GM: In general terms, you have more normal people? Those icons sit aren’t used, like New > Device. Do
MORRISON choice. By the way, every KDE there adding clutter for most of us. so many people use that option
Graham is our staff writer, and takes application sports a handy keyboard Having a Settings menu with five that it needs to be there by
the side of that chameleon of change, shortcuts editor in case you’re not different Configure windows is default? No.
KDE. He can argue that as long as
happy with the default. If we’re to more than a case of too many GM: These usability issues are
there’s an option for it, most users
will be happy. But can he explain all trade blows over this, I don’t like the options, it’s madness. historical flotsam. KDE has developed
those configuration windows and the Gnome file dialog at all. It’s pants! We don’t have these problems so fast that when a utility like
obsession with the letter K? PH: They spent a long time in Gnome, because GUI mock-ups Supermount replaces manual device
working on that! Designers put are created first. The mock-ups are links, the UI takes time to catch up.

30 LXF66 MAY 2005 www.linuxformat.co.uk

LXF66.kdegnome 30 15/3/05 10:52:40 am

 KDE VS GNOME

PH: KParts works well. But the nurture a certain look on their desktop, implemented as a hack – they
concept is overused – such as which is especially true if you look thought it through, and made it
KVim inside Kate. Does it need to through the themes that are included seamless to the point where the
be in KDE’s messy config dialogs? with a typical distribution. There’s very users only notice that their icons
If the options were centralised little contrast. It’s easy to change the look nicer.
(as in Gnome) this would be colours, but it doesn’t stop users being GM: SVG’s potential has yet to be
less noticeable. put off by the initial feel. realised, and when larger resolutions
GM: If you spend time creating a As for the KDE hacks for make support necessary, the KDE
KPart version of your app, you can transparency, that’s one of KDE’s team will have finished their
easily re-use and integrate its strengths. Developers hack those implementation. The current version of
functionality elsewhere. KVim inside features into the system because they KDE [3.4] does support SVG
Kopete’s editor, for example, would can. They don’t need a formal backgrounds, which is perhaps one of
make more sense. gathering and Gimp previews; if it the main reasons for using the format.
PH: Is the pain of pressing works, people will use it. The new X You have plenty of choice when it
Ctrl+Enter to send messages so additions will benefit KDE as much as comes to icon size.
much that you’d rather use :send? Gnome, and I will be glad to see the The Crystal
GM: We’re back to choice again – to back of lousy Konsole transparency SVG theme in
me, Gnome seems to restrict choice. PH: Contrast isn’t necessarily a KDE looks
PH: Perhaps, but KDE provides good thing; people want to be great, and I’m
options just because it can, as if soothed looking at their sure that SVG
the developer thinks that the more computer screen. Lousy is the support will only
options they make available, the right word for Konsole’s get stronger, >>
better their app must be. All that transparency – it especially
shows is that they have no idea works, but it’s a
what usability is – they hope users waste of CPU
will take the time to make their time. Adding
apps work properly. features
GM: KDE needs to reduce the number “because they
of options. But I wouldn’t want this to can” causes
reduce the possibilities – there needs a rift in
to be an intelligent way to do this. look and
PH: So perhaps both Gnome and feel, which
KDE need a global checkbox, Show takes us
Advanced Options, that, if ticked, back to
brings up all the extra options. why Konqueror
has 18 items on its
ON LOOK AND FEEL menu bar. Planning
GM: Don’t all those pastel shades and how things will work
greys make you a little depressed? before they are
Gnome’s look and feel doesn’t have implemented leads to
much look or feel. a consistent feel to
PH: It’s true that Gnome’s people the system.
like grey and brown. Ubuntu uses Gnome implements
brown to humanise the desktop, features quietly and
and many people like it. Me, I without making a big
change the theme to Nuvola, fuss. Take SVG [the
which is full of colour. That’s small Scalable Vector
potatoes, though – Gnome focuses Graphics language] for
on getting the usability right, example. Gnome has
leaving eye candy to the X server. SVG built in, so you can
KDE, on the other hand, has hacks pick an icon on your
to do ‘transparent’ Konsole desktop and scale it to
windows, menu drop shadows, etc whatever size you want it.
– things now implemented in X. They don’t force it down
GM: The developers obviously want to your throat, and it isn’t

“GNOME’S LOOK AND

FEEL DOESN’T HAVE
MUCH OF EITHER.”
www.linuxformat.co.uk LXF66 MAY 2005 31

LXF66.kdegnome 31 15/3/05 10:52:45 am

 KDE VS GNOME

from assigning your own icons for ON FEATURES

“KDE SEEMS TO HAVE BEEN things – something KDE has done for
years. If we’re talking about
PH: I don’t think that’s about look
and feel – that’s about features...

ROLLED IN GLUE AND HAD meta-information, then it will become

part of KDE through filesystem
GM: ... and that must be KDE’s
strongest suit. It’s the features that
FEATURES THROWN AT IT.” development. Changing colours and
textures in KDE has been possible for
keep people interested, that drive
anticipation for the next release. In
a while, though I doubt that many fact, it’s hard to keep on top of all the
>> when high-res devices create demand. people use it. I’m surprised that features that keep getting added.
PH: Sure, but the implementation you are taking the time to highlight a PH: Yes, it is hard to keep on top
of SVG is the first step into a new feature that isn’t often used! of the features – particularly as
world – Gnome users can attach Anyway, you can’t deny that KDE is they get bolted on as they come
any number of ‘emblems’ to icons far more configurable. off the production line. Some
that signify the a directory’s use. PH: When you’re able to find the things in KDE Control Centre are
This extends further options! One point in Gnome’s hard to find, as they were added
to having custom favour is that many wherever there was space. New
colours and applications use GTK for their features get crammed in – one
textures in drawing. OpenOffice.org dialog has 14 drop-down boxes on
windows that are and Firefox use GTK, so they one screen! Couldn’t they show
assigned through use the Gnome theme and what’s important and use some
drag and drop. fit into the desktop. While sort of ‘Advanced’ button to reveal
GM: That’s neat, but some developers are busy the full horror?
it’s no different trying to port OOo to GM: I agree with the need for an
Qt, it will be Advanced view, but there’s a difference
unofficial at between providing features and not
best, and lag providing features. KDE’s strength lies
behind in not making assumptions about how
official the user wants to configure their
releases. system. At least Control Centre has a
search function. You’re stuck with
browsing menus with Gnome.
PH: The fact that it needs a search
button at all shows the developers
know it’s hard to find the options!
GM: They could implement a search,
GM: I so they did. The search feature was
don’t mind there long before it became so difficult
using Gnome to change the file manager’s fonts.
interfaces in KDE. PH: This goes back to whether
Linux users put up features should be implemented
with far worse! It will just because they can be. I agree
be great when that Gnome is lacking features –
there’s an OOo there are things you can configure
KPart, but until then only if you’re brave enough to dive
I’m happy using into GConf, which few people are.
Gnome apps like I hope that will change: they
this. I mean, it’s need to implement Advanced
only how they look! buttons that show more options.
More important is GM: We could give a blow-by-blow
how they integrate account of how applications weigh up
into the environment, against each another. In the end, KDE
such as bookmarks is a more versatile environment,
or icon previews. with everything from a split file
KParts brings manager to esoteric email filtering
me on to Evolution. implemented. GConf is a good
Why is it so example of how to cram in all the
cumbersome? It’s extraneous options not implemented
a great application, in the GUI. Where exactly are all the
but it’s monolithic, Gnome configuration files?
and that’s against PH: Scattered in a semi-random
one of Gnome’s way, sadly – that needs fixing.
founding However, I can see why the
principles. developers don’t want to change –

32 LXF66 MAY 2005 www.linuxformat.co.uk

LXF66.kdegnome 32 15/3/05 10:52:47 am

 3LAP?,INUXFORMAT?VERTSTRIPPDF

'SFF 

FreeDesktop.org is standardising
things, and if Gnome revamped
GM: OpenOffice.org and Firefox kept
to their ideals, despite there being
PH: Smart move! I agree that
KDevelop is good, but it seems to
TMBQPO
their filesystem conventions now it
might contradict the standard.
GM: I think it depends on what
alternatives that people considered
better. GStreamer is a different case,
as I think most KDE developers agree
have been rolled in glue and had
features thrown at it. Anyway, it
works well, and that’s what
UIFCBDL
motivates the people doing the work.
At the moment, Gnome developers
are working to build a consistent
interface, and that’s admirable. On the
that aRts has outlived its usefulness.
I think a unified audio library is a
great idea. Amarok has decided to
implement its own GStreamer
matters. And, yes, there are GTK 1
apps around, but they work.
There’s no need to change from
GTK 1 to GTK 2 if there’s no
5TIJSU
other hand, KDE has become a interface because any future aRts improvement with it – Ardour, the
feature magnet - a test bed for ideas. replacement is going to take time. music tool, does just fine in GTK 1.
The good ones stay while the bad GM: So you mean that despite those
ones get quietly dropped. ON DEVELOPMENT older apps not taking advantage of all
PH: I think the reality is that the PH: Yes, coding such a big change the new GTK design paradigms, you’d
good ones stay, while the bad ones can take some time, but KDE rather go with the best tool for the
linger on. Of course, the coders doesn’t help itself. Qt is littered job? Sounds like we almost agree.
adding these features are doing with macros, and uses its own PH: I don’t believe I said that at
what comes as second nature. version of the STL. Gnome lets you all! GTK 2 is no doubt a better tool
The rest of the KDE project has choose between C, C++, and C#, for the job. But the developers
a penchant for coding their own and uses the STL everywhere – it’s shouldn’t make the jump to GTK 2
versions of other software. KOffice a cinch to code for. because they can; they should
rather than OpenOffice.org, GM: Gnome took its time coming up move when they are ready. The
Kontact rather than Evolution, and to speed with modern languages such fact that GTK is made available
Konqueror rather than Firefox. KDE as C++. The C# work is excellent, under the LGPL allows people to
zealots say they do all this in the though. I think it’s great for Linux that do as they please without fitting
name of integration: rather than we have that support, regardless of into the restrictions of others.
write code to use the software whether it’s driven by Gnome or KDE, GM: KDE is mostly LGPL, but it seems
that people want, they write their and I hope KDE will follow. Qt can be that Trolltech’s attempts to earn a 0VS
XBZ
PG
TBZJOH
UIBOL
ZPV
own. It’s the easier route. Gnome
hooks into OpenOffice.org and
eccentric, but it’s well documented
and there’s plenty of support.
living scares people off. Now there’s a
GPLed Windows port of Qt, the time
UP
UIF
 T

PG
DVTUPNFST
Firefox to the point where both KDE has a great IDE that takes invested learning the API won’t be XIP
IBWF
SFDPNNFOEFE
VT
use GTK for rendering now, and away much of the pain, and it’s easier wasted: if you need to migrate to 8F
SFBMMZ
XBOUFE
UP
TIPX
PVS
BQQSFDJBUJPO
GPS

even use Gnome dialogs. writing for KDE than it ever was. KDE’s another OS, or sell something. FWFSZUIJOH
ZPV
IBWF
EPOF
/PU
KVTU
GPS
CFJOH

DVTUPNFST
CVU
BMTP
CFDBVTF
TP
NBOZ
PG
ZPV
IBWF

GM: Both KOffice and Konqueror pre- good design is evident in how easy it is PH: You can migrate your GTK
SFDPNNFOEFE
VT
UP
PUIFST
"OE
XIBU
CFUUFS
XBZ
UP

date OpenOffice.org and Firefox. moving from one major release to skills to both Windows and Mac TBZ
UIBOLT
UIBO
UP
JOWJUF
B
IFBSUZ
TMBQ
PO
UIF
CBDL
Firefox branched away from Mozilla another. You don’t see many KDE 2 OS, and still sell the product. (FU
ZPVS
GSFF
5TIJSU
OPX
CZ
DBMMJOH
UIF
OVNCFS

because the authors felt there was apps, but the same isn’t true for GTK. GM: Well, GPL can’t compete with CFMPX
PS
WJTJUJOH
UIF
XFCTJUF
8FBS
JU
XJUI
QSJEF
o

space for a minimal browser. Some PH: Yes, Qt is well documented; LGPL on freedom, but there are pros ZPVWF
FBSOFE
JU
Mozilla developers felt that distracted however, you made a distinction and cons to that. In the end, Qt and *UT
B
QSFTFOU
GSPN
VT
UP
ZPV
PVS
DVTUPNFST
CFDBVTF

from their own efforts, but criticism between KDE and Qt – are you KDE are as much in the public domain XFSF
TP
WFSZ
HSBUFGVM
(SBUFGVM
CFDBVTF
XF
LOPX

UIBU
SFDPNNFOEJOH
B
NBOBHFE
IPTUJOH
DPNQBOZ
JT

has quietened with the success Firefox saying KDE isn’t well documented? as GTK, which ensures the future of OPU
BO
FBTZ
UIJOH
UP
EP
:PV
IBWF
UP
CF


has enjoyed. The same is true for GM: As you have the crowbar.... Yes. both environments. LXF DPOmEFOU
PG
UIFN
o
CFDBVTF
JG
UIFZ
GBJM
ZPVS

Konqueror. One of KDE’s strengths is SFQVUBUJPO
TVõFST
UPP
its integrated file manager and #VU
XJUI
mSTUIBOE
FYQFSJFODF
PG
PVS
'BOBUJDBM

browser; it’s thanks to Konqueror Both sides have their Gnome; KDE gives 4VQQPSU™
ZPV
LOPX
XF
PõFS
B
TQFDJBMJTU
TFSWJDF

supporters, and obvious you something UIBU
QVUT
FWFSZ
PUIFS
NBOBHFE
IPTUJOH
QSPWJEFS
JO

development that KHTML can be
advantages. KDE has a more cutting-edge UIF
TIBEF

integrated into applications so easily. killer uppercut in the AND THE but perhaps less 8JUI
HVBSBOUFFE

VQUJNF
BOE
EFEJDBUFE


In the same way, KOffice was
started when a KDE suite was needed,
sheer feature-laden
richness of the user
WINNER IS… stable. They are both
premier desktop
TVQQPSU
ZPV
LOPX
XF
XPOU
MFU
BOZPOF
EPXO
5IBUT

QFSIBQT
XIZ

PG
ZPV
XPVME
SFDPNNFOE
VT
BOE

and led to some key API additions. environment, but Gnome environments for Linux, 
PG
PVS
OFX
CVTJOFTT
DPNFT
GSPN
SFGFSSBMT
PH: I realise the KDE apps has plenty of opportunity and we are well aware at %FEJDBUJPO
0CTFTTJPO
$PNNJUNFOU

to nip in with the frequent LXF Towers that it’s incredibly 'BOBUJDBM
4VQQPSU™
pre-date OOo and Firefox, but
jabs of the lean and lightweight. hard (if not impossible) to *UT
B
XBZ
PG
MJGF
that’s no reason to cling on to
Without having to inflict lasting compare the two. Despite the weaponry,
them! OpenOffice.org arrived only
months after KOffice 1.0. When a
physical harm, Paul seems to have this debate was light-hearted, and we 1IPOF



convinced Graham that KDE can’t go on know that the KDE and Gnome
better solution comes along, it providing features without moving some developers get on very well together.
should be used. off into an ‘Advanced’ area. But, as But never mind what these self-styled
Some people are doing this Graham points out, this is a result of experts believe – what do you think? Is PS
WJTJU
with GStreamer – Amarok allows
KDE actually having options and things
to configure. As with so many things
Gnome an over-rated toy? Does KDE
overwhelm you? Should we forget the
XXXSBDLTQBDFDPVLTMBQ
it. However, so much of KDE is 
$POEJUJPOT
BQQMZ
Linux, it comes down to choice: if you desktop and go back to the shell? Distill
hard-coded to use aRts that it will work in an IT department and want a your outrage into words and direct them
take a while for KDE to switch to professional GUI maybe you’d choose to [email protected].
something else.

www.linuxformat.co.uk
"O
JOEFQFOEFOU
TVSWFZ
PG
FJHIU
NBOBHFE
IPTUJOH
DPNQBOJFT
JO

SBOLFE
3BDLTQBDF
UPQ
JO
UFSNT
PG
DVTUPNFS
TBUJTGBDUJPO
BOE
MJLFMJIPPE
UP
SFDPNNFOE

LXF66.kdegnome 33 15/3/05 10:52:49 am

 Roundup
Every month we compare tons of software so you don’t have to!

MAIL SERVERS
Is your mail server working hard enough? David Coulson rounds up your message-moving options.

Most of us only see email to decide how exactly it should handle handle mailboxes as well as act as a
from the ‘client side’ – delivery of incoming messages. relay. Handling your own incoming and OUR SELECTION
Outlook Express, Mozilla,
Safari and so on – and never consider
Mail servers have two important
functions. The first is to forward mail to
outgoing email using an SMTP server
can be done very easily, although care
AT A GLANCE
the poor server working away behind another SMTP server. This is usually must be taken when configuring the
the scenes. only found where you have several server: if you don’t set it up right you
Courier IMAP.......................35
But the choice of mail server is clients connecting to one outgoing can lose emails, or have messages Exim............................................35
important, affecting the delivery rates server, rather than having each user delivered to the wrong address. IEMS ...........................................36
of your messages and the amount of run their own SMTP delivery system. That’s especially key if you’re Insight Server SE..............36
spam and email-carried malware that Nearly every ISP has an SMTP server, operating a relay: it’s imperative that Postfix .......................................37
gets through. When you decide to allowing their customers to deliver the server doesn’t let every Tom, Dick
Qmail .........................................37
forward the latest mirthless joke (has mail through their system. and Harry relay messages through it.
anyone ever been sent a good joke via The second use of an SMTP server This type of misconfiguration, known
Sendmail .................................38
email?) to everyone in your address is as a collection server, where mail as an open relay, enables spammers
book, each email will generally travel arriving at specific domains is to send messages via your system, available over the internet free of
between two mail servers using a distributed to mailboxes. Users can meaning that when someone decides charge; and commercial packages that
protocol known as the Simple Mail then collect it via POP3 or IMAP4, or to do something about it, it’s your mail come with support and – hopefully –
Transfer Protocol, or SMTP. As you can even through a shell-based mail client server that gets blocked or filtered, are much easier to install and maintain.
imagine from its name, SMTP is used such as Mutt. rather than the spammer’s. As well as evaluating their general
to send mail from one server to Most mail servers can do both We’re going to be looking at a delivery capabilities, we’ll consider
another, and it’s up to each mail server these things, having the ability to selection of mail servers: those their security and filtering features.

34 LXF66 MAY 2005 www.linuxformat.co.uk

LXF66.round 34 15/3/05 4:07:08 pm

 ROUNDUP Mail servers

Courier IMAP
Scalable server for IMAP users.
■ WEB www.courier-mta.org/imap ■ PRICE Free under GPL

While there are many open source Rather than using mBox storage,
SMTP servers, none has the ability to which is the simple flat-file method of
let users fetch their mail via POP or storing a user’s mail on UNIX, some
IMAP. Instead, you have to provide a mail servers such as qmail and Exim,
separate mail server to handle mail support the use of maildirs, which use
downloading; and there are numerous a single file for each email.
POP3 and IMAP4 daemons available Maildirs aren’t popular with Courier IMAP with a SQL back-end suits virtual hosting environments.
for this purpose. everyone, but for IMAP users they
The selection is extensive, including mean that the system can quickly look Courier IMAP is part of the Courier handle database authentication, so
UW-IMAP, which is part of the Pine through a number of simple files, mail server, though most people prefer mail accounts need not be ‘real’
package, and the more generic pop3d rather than trawl through a giant mBox. to use Exim or qmail with the Courier users on the system.
and IMAPd servers, which come with Of course, you need a POP3 and mail tools. Many of Courier’s
most distributions. Generally, these IMAP4 server capable of handling components are available individually,
simply authenticate against the system maildirs, and Courier IMAP is a so you can mix and match without
LINUX FORMAT VERDICT
users, such as /etc/passwd or NIS, particularly popular choice. Courier worrying about things not working FEATURES 7/10
and deliver the user’s mail out of can authenticate from databases, together. Using qmail (with the MySQL EASE OF INSTALLATION 5/10
/var/spool/mail/$USER. including MySQL, PostgreSQL and patches) alongside Courier can yield a EASE OF USE 5/10
This is great for a small system, LDAP, making virtual mail scalable and flexible virtual hosting DOCUMENTATION 7/10
but users with large IMAP mailboxes configurations a walk in the park to set platform for mail, capable of handling
are going to have problems – and up. And users of IMAP don’t end up a large number of domains with ease. If you’re using maildirs, there is no better
IMAP or POP server than this.
the system administrators are not with sprawls of directories and If you can’t use maildirs, Cyrus is a
going to be too happy when users messages all over their home directory POP and IMAP server for large RATING 6/10
have giant mailboxes that gobble up as maildirs create new folders and systems handling the mBox storage
system memory. move messages around on the server. format. As with Courier, Cyrus can

Exim
that you can pick up off a shelf when
things get a little complicated.
Exim is one of the most powerful
DANGER!
SECURITY ALERT!
open-source mail systems available,
The standard-bearer among Linux mail servers. and compared with the stalwart While no mail system can block all
spam, they can limit the number of
Sendmail has a particularly
■ WEB www.exim.org ■ PRICE Free under GPL junk emails entering the system – if
straightforward configuration style,
nothing else, this stops your machine
Developed at the University of done, and Exim’s flexible configuration which makes it significantly more wasting CPU time trying to deliver
Cambridge, Exim is a hugely powerful structure gives you a huge number of attractive to beginners. messages that you’ll instantly delete.
mail system designed to handle large options for each segment of the setup. There is not really a major feature A common way to avoid spam is to
quantities of mail and limit the amount A number of distributions, including that Exim lacks, so you don’t have to use a real-time black hole list (or RBL)
of spam entering a network. Debian, are using Exim, and in its rely on third-party efforts – this such as MAPS. This allows a mail
Many high-traffic services default configuration it’s particularly ensures consistency and stability server to perform domain name
(including SourceForge) use Exim, as it secure and useful. Indeed, Debian (in (which is essential when dealing with a system lookups for specific internet
scales particularly effectively and can common with most other distros), piece of software as important as a protocols and find out whether they
are sources of spam. MAPS is a
be tuned specifically to users’ needs. offers a comprehensive config tool mail server). It’s fairly complex, but the
subscription service, but there are
Whether you’ve five users sitting allowing Exim to be set up to handle capabilities of Exim are really quite
many free DNSRBLs available online.
behind a firewall or tens of thousands mail without prior understanding of astounding. You won’t find a more You should also guard against
of accounts, Exim can handle a great the raw configuration files. Once the capable system. email-based viruses, which can
range of applications and will deal with basics of the configuration format are attack exploitable systems (generally
pretty much everything you throw at it. understood it’s simply a matter of those running Windows), disrupt
Exim has a comprehensive looking up the appropriate directive for LINUX FORMAT VERDICT email and damage users’ systems.
configuration structure, offering the files within the documentation and FEATURES 9/10 Rather than pretend that the world
everything from access control lists to applying it to the system. EASE OF INSTALLATION 8/10 is a perfect place where everyone
database support for MySQL, As with most things Linux, O’Reilly updates their system with the latest
EASE OF USE 7/10 security patches, it’s much easier to
PostgreSQL, Oracle and IBM’s DB2, has produced a book looking at Exim,
DOCUMENTATION 10/10 filter out nasty messages on the
among others. There’s no need to and the Exim author, Philip Hazel, has
server. A virus checker is only useful
learn every aspect of the configuration written a follow-up for version 4.0 that The other servers in this Roundup will
struggle to match this excellent solution. if it’s kept up to date: there are
just to get Exim up and running, as LXF reviews on page 28. As we plenty of commercial virus checking
comprehensive documentation is suggested, the documentation on the RATING 9/10 programs available for Linux which
available on the Exim website. Exim site is second to none, but it’s allow you to check queued emails.
Expanding server capabilities is easily often nicer to have something in print

www.linuxformat.co.uk LXF66 MAY 2005 35

LXF66.round 35 15/3/05 4:07:13 pm

 ROUNDUP Mail servers

IEMS Insight Server SE

Modular system only let down by interface. Advanced, high-volume mail manager.
■ WEB www.ima.com/iems ■ PRICE From $995 for 250 users ■ WEB www.bynari.net/ ■ PRICE From $69

Bynari, Inc is well known among containing viruses and trojans would
windows users for MDaemon, its prefer this to be a basic option with a
popular SMTP server. But it’s relatively more accessible front-end.
unknown within the Linux community, To be completely honest, much of
even though it offers large-scale Insight’s system is simply a front-end
mailing systems based on Linux for to Exim, which really doesn’t make life
IBM S/390 and zSeries servers. As any easier for administrators – they’ll
one would expect from a product still need to know how many of the
range of this calibre, Insight Server SE options work and what capabilities
has a very impressive list of features, Exim has to configure their server
yet is quite happy to run on the most appropriately. As they’ll also need to
meagre of systems if you don’t happen learn how to use regular expressions
to have a spare S/390 mainframe just to filter mail, this really is not a
sitting around. choice for admin greenhorns.
Insight Server SE is installed purely Insight uses OpenLDAP and Cyrus
on the command line, which will for user accounting and POP/IMAP
probably put a few people off. It isn’t collection, with Exim as an SMTP
completely cryptic, however – you daemon. You have to wonder if Bynari
don’t really need to understand much has put enough time or effort into the
beyond the basic configuration to get web front-end. Do they think the
it up and running. Rather strangely, admin staff who’ll be using their
Based on open source packages, IEMS offers an organised way to build the manual explains how to add new software are happier playing with the
a complete mail system with ease. users, groups and organisations to the command line than clicking buttons
LDAP server using LDIF, which while and filling in forms in a web browser?
The Internet Exchange Messaging subscribe to lists via email, so there is being useful, indicates that Bynari is Bynari also has an annoying tendency
Server, or IEMS, is an all-in-one no need for the administrator to waste aiming the product at large in its manual to point to the
alternative to Microsoft Exchange for time adding people, unless the list is organisations with experienced Eximdocumentation (rather than
Linux and Windows, offering an array specifically configured to only permit administrative staff. If you don’t care describing the product itself).
of capabilities and features. new subscribers whom the list for the intricacies of LDAP, it can all
Rather than using open source administrator has authorised. be done via the web interface. LINUX FORMAT VERDICT
products, IEMS has been written from Unfortunately, IEMS’s web mail Controlling mail is a breeze with FEATURES 7/10
scratch, and is available in a range of client really lets the side down. It’s Insight, and the server accommodates EASE OF INSTALLATION 5/10
products, each with differing options – awfully basic, not pretty to look at and a variety of filtering methods, including
EASE OF USE 6/10
so the more you pay, the more you honestly looks more like an DNSRBL and Exim’s filtering system.
get. This pricing policy seems to make afterthought than anything else. One Sadly, if you want the latter, you’ll have DOCUMENTATION 5/10
sense until you realise that Lotus would think that most sites using IEMS to learn how Exim filters things, as it’s Little more than a collection of open source
Notes integration (which is one of would install IMP or another IMAP only referred to as an ‘advanced mail components and a web interface.
IEMS’s major selling points) is only client with more power than IEMS’s option’ – and the web interface
distributed with ‘Professional’ packages rather pitiful effort. If you’re prepared doesn’t really help any. Many RATING 6/10
for more than 250 users. to spend the extra cash in order to get businesses that are thrashed daily with
Administrators with 250 users won’t some of IEMS’s more distinguished spam and email attachments
mind, but someone with 50 is features, then it’s certainly a
probably going to be a little annoyed worthwhile product. But when it
that they can’t use Notes with IEMS. comes to Notes and cc:Mail interfaces,
The feature list of IEMS is certainly it has little competition.
very impressive, and it can handle a
large amount of mail. While it can
LINUX FORMAT VERDICT
handle many basic tasks, including
POP and IMAP, the system also
FEATURES 9/10
supports BSMTP delivery, allowing EASE OF INSTALLATION 8/10
IEMS clusters to be deployed without a EASE OF USE 8/10
great deal of effort. DOCUMENTATION 7/10
You can use IEMS to handle email
A fantastic mail server, but be prepared to
for just one user, but it will also
pay more for some features.
manage mailing lists, and can be set
up to handle endless lists with a RATING 8/10
significant number of subscribers. As With Exim under the hood, Insight Server can handle traffic for small or
with many list managers, people can large infrastructures. Alias management is a new feature.

36 LXF66 MAY 2005 www.linuxformat.co.uk

LXF66.round 36 15/3/05 4:07:15 pm

 ROUNDUP Mail servers

Postfix or indeed any of the standard mail

servers – moving over to Postfix is
fairly straightforward. Of course,
details is DBM (MySQL and PostgreSQL
don’t get a look-in), so it’s not ideal for
real-time reconfiguration.
Simple Mandrake-approved server. reconfiguration of the server from Mandrake Linux has used Postfix
scratch is required, so you’ll have to as its default SMTP service for some
■ WEB www.postfix.org ■ PRICE Free under IBM Public Licence weight up the benefits of switching to time, and its ease of configuration has
Postfix against the time it takes to set been a key factor to its success –
Postfix started out as a simpler Vmailer it has become very popular, everything up. people stick with it because it’s so
alternative to Linux favourite Sendmail, due to its simplicity and ease of use. Postfix works in a range of easy to manage. As a small-scale
but has since been developed further As Postfix was designed to be a situations, from a simple mail service server handling basic mail delivery and
into a fully-fledged mail server in its drop-in replacement for Sendmail, for to a large-scale mail server. But it’s outgoing email, Postfix is a reasonable
own right. Since its conception as systems currently running Sendmail – rare to see it used for a high-traffic choice. It lacks some of the power of
service – although it’s perfectly other mail servers, but if you’re looking
capable of operating at high volumes, for a mail server, there is little to lose
Postfix tends to be used as a simple by giving Postfix a go.
remailer on a workstation. You can
configure it so that it reads specific
LINUX FORMAT VERDICT
config options including virtual
domains and aliases from a file FEATURES 5/10
external to the main configuration. EASE OF INSTALLATION 5/10
This makes it exceptionally easy to EASE OF USE 5/10
add extra domains. But if you’re DOCUMENTATION 7/10
handling a large number of domains
and want complex virtual domain Postfix is a nice and simple SMTP server,
but it isn’t up to complex installations.
configurations, other servers will do
the job better. RATING 5/10
Also, the only database Postfix
Postfix is well-supported in the open source community. supports for storing these config

Qmail
A secure but limited option.
■ WEB www.qmail.org ■ PRICE Free, no licence

Qmail is the Marmite of the SMTP simple selection of configuration files

server world – you either love it or (mostly one-liners) in /var/qmail/
hate it. The server was designed to control, and all you need to do is
comply 100% with the RFC (Requests enter the correct domains and
for Comments) internet guidelines, hostnames within those files in order
and to this day sticks closely to the to have mail handled properly. Each of Qmail’s author is one Daniel Bernstein, a maths and computer science
standards set out for SMTP delivery these config files has an obvious, professor. He’s made the default install simple but boring.
agents – which is nice. logical name, so it’s usually easy to
As far as security is concerned, figure out which one you need to edit systems. Qmail doesn’t offer many If you’re willing to take the time to
there is a $10,000 bounty promised for each specific purpose. features beyond basic mail delivery; patch qmail, the patches will make it
to any code-slinger who can exploit Qmail can handle both mBox and however, there are more than enough much easier to maintain users, aliases
qmail: this has lain unclaimed for a maildir delivery (see Courier IMAP patches available, offering encrypted and domains. The result will be a
number of years. Your installation review, page 35), and will pipe your TLS support, MySQL configuration and serviceable mail server able to handle
won’t be impervious to external mail through whatever extras (such as IPv6 connectivity, as well as significant amounts of traffic.
attackers if you’re running something procmail or SpamAssassin) you want. performance improvements and
exploitable along with qmail (such as The server doesn’t support DNSRBL improved queue storage for
SpamAssassin or procmail), but the or virus checking support, but you mail-heavy systems (see www.
LINUX FORMAT VERDICT
core of your mail system will be sound. should find it easy to configure it to thedjbway.org/qmail/patches.html). FEATURES 5/10
Installing qmail is awfully simple, send all mail through a virus checker In fact, many large organisations use EASE OF INSTALLATION 6/10
although it isn’t the standard or spam filter. qmail to handle their mail. EASE OF USE 8/10
/configure & make you’re used to. One problem with qmail is that it The system takes a while to get
DOCUMENTATION 7/10
Configuration is even easier than forks a process for each individual used to, particularly its dot-qmail files.
installation – we liked the simple mail it tries to deliver, either remotely These enable any user to have a Qmail is a great mail server, but be
prepared to patch it if you want extras.
make option for putting some or locally. As a default, qmail will whole range of email addresses rather
essential entries into the configuration deliver 20 remote and ten local than just one – great if you don’t want RATING 6/10
so that basic mail delivery can work messages at any time, which should to give out your main email address
happily from the word go. Qmail has a be more than adequate for most when shopping.

www.linuxformat.co.uk LXF66 MAY 2005 37

LXF66.round 37 15/3/05 4:07:17 pm

 ROUNDUP Mail servers

Sendmail
Proven but time-consuming package.
■ WEB www.sendmail.com ■ PRICE Free under open source licence

Until a year or so ago almost

every Linux distribution came
with Sendmail installed as the
default SMTP server. Most of us
have learned to live with Sendmail,
rather than actually choosing to
use it.
Not that Sendmail is a mail
server to be sniffed at: it scales
particularly well and has a wide
array of features, including DNSRBL
support and smart host capabilities.
It’s the server everyone loves, but
Sendmail, Inc, formed by Sendmail not a smart option for a beginner.
developers, offers services for
businesses such as routing and email knowledgeable community of
policy management, based on the Sendmail users active on the internet,
flagship system. so even a novice user can usually get
So does it stand up? Well, the problems fixed fairly quickly.
main problem with Sendmail is that its Many Linux distributions are
configuration system is based on m4, moving away from Sendmail to simpler
which is a macro language. M4 isn’t – yet equally capable – mail systems
the most difficult language in the including Postfix and Exim: this trend is
world, but you’ll still have to spend a reflected in the choice of many
considerable amount of time learning personal users to move away from
it if you want to figure out how to Sendmail towards easier to manage
configure Sendmail securely and make servers. Should you choose Sendmail,
the system do what you want. make sure you keep up with security
Having to learn a new macro updates – as, although holes are
language just so you can configure quickly plugged by the online
your mail server is not worth it for community, it doesn’t have the
most people; and it also increases the greatest track record on this front.
likelihood of misconfiguration.
Fortunately, the default Sendmail
configuration is actually rather useful, LINUX FORMAT VERDICT
so it will work as a basic SMTP server FEATURES 7/10

MAIL SERVERS
even without you having to jump in EASE OF INSTALLATION 7/10
and hack at the config files. EASE OF USE 5/10
If you can master m4 – through
DOCUMENTATION 9/10
the Sendmail documentation or one of

THE VERDICT
the numerous books that cover the Sendmail is an excellent mail system but
you’ll have to master m4 to exploit it.
subject – this is a very powerful and
capable mail server. As you’d expect RATING 7/10
for such an established, popular
package, there is a large and
With this type of software flexible systems that have been
there is rarely a winner, developed openly over the internet
since the choice of mail can be.
server hinges on highly subjective IEMS is a neat modular system,
personal and business requirements. enabling you to add features and scale
But if we had to choose, we’d say up, but it’s costly. Of course, there’s no
old favourite Sendmail has been sense in paying for something that’s
usurped by IEMS and Exim, Sendmail freely available, so you must decide if
being too complex and vulnerable to the commercial packages like IEMS
remain our top choice. offer you something beyond the
It’s interesting to see how many standard of the open source products.
commercial systems are based on The most capable open source
open source projects. Hopefully this mail system out there – as well as the
There are plenty of books out there to take you through configuration. is an indicator of how stable and most popular – is Exim. It’s used by

38 LXF66 MAY 2005 www.linuxformat.co.uk

LXF66.round 38 15/3/05 4:07:18 pm

 ROUNDUP Mail servers

Exim is the outstanding mail

server of this Roundup. If
you’re tempted to try it,

9/10
we’d recommend you’d read a
user guide, such as the
manual written by its author,
Philip Hazel. The Exim SMTP
Mail Server is reviewed on
page 28.

commercial products and included as TABLE OF FEATURES

the standard mail server by a number
of distributions. While not the simplest
system in the world, Exim is Courier Exim IEMS Insight Postfix Qmail Sendmail
significantly easier to get to grips with POP Y N Y Y N N N
than Sendmail, and is quickly IMAP Y N Y Y N N N
becoming the SMTP server of choice.
SSL Y Y N N Y N* Y
Despite the range available, most
people are will stick with whatever LDAP Y Y Y Y Y N N

mail server is installed as default by Filter N Y Y Y Y N* Y

their Linux distribution. Fortunately, it’s RBL N Y Y Y Y N* Y
well within the capabilities of most
Overall 6 9 8 6 5 6 7
standard installations to handle a
* Available with patch
significant amount of traffic. LXF

www.linuxformat.co.uk LXF66 MAY 2005 39

LXF66.round 39 15/3/05 4:07:26 pm

 HOTPICKS

HotPicks Our pick of the best, new, open source software on the planet

ANTI-SPAM FILTER
Mike Saunders
A coder since Amiga
times, Mike’s a Linux
and BSD guru.
DSPAM
■ VERSION 3.4beta2 ■ WEB http://dspam.nuclearelephant.com
This is the place where we get
to profile some of the hottest
software around. Ah, spam. Whenever we cover
Each month we trawl anything spam-related in HotPicks, we
through the hundreds of open hope that it will be the last, and that
source projects that are the problem of unsolicited mail will
released or updated, and start to subside. The blessings of
select the newest, most seeing life through a rose-tinted GUI!
inventive and best for your Despite various efforts – legal and
perusal. Most of the HotPicks
technological – things aren’t getting
are available for you to try out
on our coverdiscs, but we've any better. Unfortunately, industrial-
provided web links if you want strength solutions like DSPAM are
to make sure you have the more important than ever.
very latest version. A statistical anti-spam filter, DSPAM
If you have any ideas for boasts ~99% accuracy in typical
open source software that we deployments. It’s being put to DSPAM’s front-end is sophisticated enough for big-business applications.
should cover, email us at widespread use in large installations
[email protected]. with hundreds of thousands of users. front-end for viewing messages that in the quest for better results – but
You can compile DSPAM out of the have been classified as spam, and for this does increase complexity.
box on all recent distros but you’ll monitoring DSPAM’s overall health. So, how does DSPAM stack up in
HOTPICKS need a database server (MySQL is terms of performance and
AT A GLANCE recommended, though Oracle, Quick learner effectiveness? Well, it shifts along at
DSPAM ..................... 40 PostgreSQL and SQLite are supported DSPAM is an adaptive filter – that is, it an impressive speed – faster even
Gourmet ................... 41 too). The installation docs are learns over time to identify spam from than the famous SpamAssassin. This
tremendously thorough, explaining all its content, and will adapt as the type can be attributed to the developers’
vshnu ........................ 41
the compilation options for the of spam changes, rather than trying to choice of programming language:
LiVES ........................ 42 supplied spam-busting engines in pick it out with a pre-coded set of DSPAM is written in C, whereas
LinkChecker .............. 43 depth such as settings for large-scale rules and tests. SpamAssassin is mostly Perl-based.
KlamAV..................... 43 setups. The exact configuration On receipt of a junk message, a This doesn’t make a difference on
XBlast ....................... 44 depends on the mail server you’re user can forward it to a special spam small installations, but for scenarios
Open Quartz ............. 44 going to integrate DSPAM with address so that DSPAM can learn from where the filter operates under high
(Sendmail, Postfix, qmail, Courier, Exim it – there’s no need for end-users to stress it becomes crucial.
gPHPEdit .................. 45 and so on), and these are detailed fiddle with any additional tools. Filter results will depend on the
ELinks ....................... 45 with the same thoroughness in Quarantined emails (those that have type and volume of spam that your
separate Readmes. been marked as spam and not server receives (and consequently
LOOK OUT FOR THE DSPAM is split into three main delivered as a result) can be managed DSPAM’s rate of learning), but in our
HOTPICKS AWARD components. As the name suggests, via the CGI interface, which also testing DSPAM lived up to its claims
Everything libdspam is a small library that can be provides graphs and stats aplenty. and caught almost all junk mail – with
covered in our linked to other apps – such as stand- A number of algorithms for dealing no dreaded false positives.
HotPicks section
is unmissable, alone email clients – or with other with spam have been proposed in DSPAM is mature and rock-solid
but each month mail processing tools. recent years. Picking the best one is and offers a wealth of well-=written
we single out
Then DSPAM itself can be difficult, as it comes down to documentation. Home users can give
one project for outstanding brilliance.
Only the very best is chosen! positioned as a rung on the mail implementation and current spam it a spin right away via the nifty
ladder, sitting between the mail server trends, so DSPAM bundles several: pop3filter integration, but DSPAM’s real
and delivery agent, or put into place Graham-Bayesian, Burton-Bayesian, strengths lie in large-scale use, and
as a POP3 proxy (an easier and Robinson’s geometric mean, and the fact that commercial support
quicker solution for small sites). The Fisher-Robinson’s chi-square. In turn, options are available makes it an
third major component is the CGI multiple algorithms can be combined attractive choice for businesses.

40 LXF66 MAY 2005 www.linuxformat.co.uk

LXF66.hot 40 15/3/05 4:04:24 pm

 HOTPICKS

RECIPE MANAGER

Gourmet
■ VERSION 0.71
. ■ WEB http://grecipe-manager.sourceforge.net The Windows port helps you share recipes with non-Linuxing relatives.

minimise clutter, with pre-defined unit converter, which fathoms out

A popular belief is that computer MetaKit and Python MetaKit are ingredient categories, an inbuilt weights and volumes, while files can
users (particularly programmers) live required, so if these aren’t in your instructions editor, image-adding and be exported in various formats (plain
off nothing but junk food and distro’s repositories, try building from heaps of settings for virtually any kind text, HTML, Gourmet’s native XML
high-caffeine drinks. We’ll admit to the the source tarballs on our coverdisc of food. Excellently done. dialect, RTF and MealMaster). The
odd Pot Noodle here and there – and (copy Mk4py.so and metakit.py into For ambitious meals, recipes can HTML output is simplistic and plain,
perhaps a 2L bottle of Pepsi during a the Site-Packages directory of your be categorised by individual but it’s fine for personal websites.
long coding session – but more Python installation). ingredients, and a spiffing shopping-list Gourmet is a splendid app, mixing
nourishing meals are always welcome. Gourmet’s main window lists all manager keeps track of what’s in the the right balance of features with solid
Gourmet is a shopping list- and recipe available recipes, which can be sorted kitchen and what’s waiting at the performance and stability. Those of us
manager designed to ease geeks into by type, rating and preparation time – supermarket. Recipes formatted for phoning Pizza Hut every other night
cooking for ourselves. essential information if you have MealMaster, another recipe won’t find it essential, but budding
It’s written in Python, so you’ll guests coming over and time is short. management programme, can be cooks will be satisfied with the ability
need that language along with its GTK Adding new recipes is pleasingly imported too – a real bonus given the to import recipes from the net and
bindings (2.3.9) to install and run it. simple thanks to the well thought-out wealth of MM recipes to be found on output them in a presentable format.
Additionally, Python Imaging Libraries, dialogs. These use collapsible panes to the net. Tasty extras include the handy Very capable for a pre-1.0 release.

VISUAL SHELL
Steve Kinzler lucidly describes the A bunch of pre-defined file

vshnu benefits of marrying the strengths of

the command line with a more
graphical approach – “life gets
operations demonstrate vshnu’s
capabilities. You can transfer files to a
PDA or view RPM package
■ VERSION 1.0129 ■ WEB www.cs.indiana.edu/~kinzler/vshnu sweeter”, he says, when your familiar ownership of files with a single
editor, text-file pager and command keystroke (the latter essentially calls
Even a suggestion of using the developers who learn to use the shell line tools segue with this visual shell. rpm –qf). But these are just
shell can send computing novices effectively can make for themselves You’ll need Perl (which is included examples – creating your own
running to the comfort of a graphical an immensely powerful and flexible in most distros’ default installations) commands using external tools is
file manager. But users and working environment. Vshnu’s author to run vshnu, along with the Screen what brings this program to life.
and ANSIColor modules (supplied Apply aggregate commands to
with the app in the libperl/ selected files using regular
directory). Vshnu’s configuration files expressions, or slot Perl statements
are also written in Per. They are into shell commands. Just about
somewhat intimidating at first, anything is possible.
especially to those unfamiliar with Vshnu is a power user’s dream.
the language, but well organised It’s massively configurable and
nonetheless. lightning fast, with no signs of any
Kinzler was clearly influenced by stability woes. Newcomers to the
the Hindu aesthetic – the filesystem command line will grasp its basic
makes lavish use of colour. Files are operation pretty quickly, and as time
assigned to alphabetic keys on a goes on can extend the program with
vertical toolbar, which can be moved their own customisations and
around in multi-column layouts with commands. The supplied features
tab and backspace. Indeed, while and shortcuts aren’t the big deal
they take a while to grasp fully, here – it’s how the user crafts and
vshnu’s configurable keybindings are tunes his or her working environment.
sensible for the most part – plus Well worth a look if you’re finding
A colourful view of the file listing and online help screen. there’s a quick reference page. the shell a bit bare.

www.linuxformat.co.uk LXF66 MAY 2005 41

LXF66.hot 41 15/3/05 4:04:28 pm

 HOTPICKS

VIDEO EDITING SUITE

LiVES
■ VERSION 0.9.5-pre1 ■ WEB www.xs4all.nl/~salsaman/lives

Digital camcorders are getting

better and cheaper all the time, and
many home computer users can now
edit their own videos at very little
expense. Linux’s support for media
formats received a huge boost with
MPlayer and its ability to support
Windows codecs. As a result, many
other tools have been built around it.
LiVES (originally the Linux Video Editing
System) has adopted a cheesy
recursive acronym (‘LiVES is a Video
Editing System’) as it is now tuned to
work on other operating systems such
as the BSD variants.
The LiVES team recommends at
least an 800MHz CPU for general use,
and 2GHz or faster for applying film
effects in real-time. RAM should be
256MB or greater. This is within the
realms of most desktop PCs and the
lack of Gnome- or KDE-specific code
keeps memory use down too.
As it makes use of the superb
MPlayer, LiVES also requires
ImageMagick, Perl and GTK 2.x to
build. (Note that MPlayer must be
compiled with --enable-jpeg to work
The editing window could be made more attractive, but who cares about looks when the app works so well?
properly.) The standard configure,
make and make install (as root)
process will suffice but you can add external tools it calls upon. A curious blurring and despeckling. Of the more scripts considerably easier, and
optional codec plugins for output to little bonus is the ability to record intriguing effects, Spin and Wave hopefully the collection will continue
SWF files or VCDs. action from a window. This proved to generate entertainingly tripped-out to grow with the LiVES community.
Actual file format and codec be a bit glitch-prone with some results that will add a hallucinogenic
support depends on whether you’re programs, but it’s an ideal system for mood to a dull family memories video. Scrappy docs
using the Win32 codec bundle for creating demonstrations or tutorials. A useful tool allows you to preview The remaining documentation is rather
your MPlayer installation. With the video effects, applying them to a few scrappy, spread across various
appropriate add-ons LiVES can export Splice it up seconds of footage to give you an idea Readmes and small tutorials, but it’s
to MPEG4, VCD, Shockwave Flash, Basic video editing is simple: just drag of how they’ll turn out. not a problem as most of the app is
animated GIF (yes!) and heaps of the sliders to select a range of frames, You can add more effects with self-explanatory.
other formats. then cut, copy and paste as required. plugins through the RFX system, LiVES won’t replace professional
Initially, LiVES’s colour scheme can Clipboard contents can be mixed into developed by the same author editing software, but it is happy to
seem a tad off-putting, as the default the main video clip as insets, fades or (Gabriel Finch). These help to keep stitch together video clips, add effects
draws attention to the video clip splices – all with a good handful of the main LiVES program relatively and convert them to different formats.
sections rather than the other widgets. settings – while audio manipulation compact (the binary weighs in at A spot of polish and refinement in a
It’s fortunate, then, that you can options include resampling, exporting 600K) while giving few places would help – otherwise it’s
change the colours in the Preferences and overlaying new soundtracks. more demanding reliable and speedy enough for
menu to something brighter – like a It’s all easy to grasp and we found users some extras day-to-day use. Worth
splendidly garish yellow theme – or to no unusual behaviour or gremlins. For to try out. Plugins investigating.
a display with no enhancements over correcting errors, a single level of include additional
the current GTK settings. A combined undo is provided (ideally, though, LiVES spinning and
toolbar and menu sits at the top of would offer multiple undos, which zooming effects,
the display to minimise screen waste, really shouldn’t be a problem for an subtitle removal,
with the viewing boxes below. There’s a app that consumes so much RAM). text overlays
reassuring amount of textual feedback LiVES’s developers have bundled in and others.
provided in the status panel. an impressive number of video effects Guides and
General UI aspects of the program and filters. These include generic specs make
can be altered – options include a colour, brightness and contrast settings, writing
full-screen mode via SDL – as can the frame rotation and flipping, and new

42 LXF66 MAY 2005 www.linuxformat.co.uk

LXF66.hot 42 15/3/05 4:04:30 pm

 HOTPICKS

WEBSITE LINK TESTING

LinkChecker
■ VERSION 2.2 ■ WEB http://linkchecker.sourceforge.net

Frustrating and time-consuming or local file will initiate the testing

for website administrators, broken links process, as it recurses to a
can also be disappointing for visitors, configurable depth (by default it’ll go
who may get the impression that a as far as possible). A wealth of settings
site is unmaintained or sloppily can be specified at the prompt or in
managed. While a quick manual check the config file.
to find dead links isn’t a major chore LinkChecker provides you with
for small websites, larger setups with plenty of feedback. A status line
their often labyrinthine arrangements appears every five seconds to detail its
of pages demand a dedicated app. progress, and coloured terminal output
Various small tools and scripts to this emphasises the errors. Broken links
end can be found on the internet. are pinpointed with the exact line and LinkChecker’s web-based front-end and command-line interface tool.
LinkChecker is one of the more column. Helpfully, regex (regular
functional solutions, which assists site expression)-matching enables certain outputs into other applications. and a lot meatier than other link
coders by hunting down broken links URLs to be skipped over. This stops Output options include plain text, verifiers we’ve used (typically just very
and highlighting any problems. the tool straying to unrelated websites neatly laid-out HTML, CVS, GML, XML small scripts).
Installing LinkChecker is a breeze – and wasting time. Another bonus is and SQL. As a nice extra touch, the Administrators looking after large
the program is written in Python and the authorisation support, which gives programmer has also slotted in a CGI websites will find the output options
the few modules that need to be LinkChecker the freedom to visit script for checking via a browser- particularly useful, but it also works
compiled beforehand are supplied password-protected areas. based front-end. well as a time-saver on lighter sites.
with the app. Once you’ve got it in If you want to manipulate the It won’t blow your socks off, but Thorough documentation finishes off
place, calling LinkChecker with a URL resulting data you can import lengthy LinkChecker is certainly more versatile this polished and tidy little utility.

VIRUS SCANNER

KlamAV
■ VERSION 0.10 ■ WEB http://klamav.sourceforge.net

In the Christmas 2004 HotPicks right now, but if you’re passing files on
(LXF61) we profiled ClamAV, a to Windows users it’s a good idea to These
widely praised anti-virus toolset check them over first. sub-bundles
that’s been taken up by several The KlamAV bundle, which needs are a hassle to
demanding websites. The coders of KDE development packages to build, sort out manually.
KlamAV are working on a slick includes the klammail scanning plugin Thankfully, a one-stop
front-end to bring Clam’s noted and Dazuko’s kernel module for script does all the work with ease.
power to KDE users’ desktops. file-access monitoring. ClamAV should (Note there’s a bug in the script: it then either quarantine the file or
Viruses aren’t a problem on Linux be installed separately. looks for dazuko-2.0.4 whereas the notify the user. A maximum file size
real dir is -2.0.5. Rename it to fix.) limit is available to prevent KlamAV
When started up, KlamAV grabs from thrashing the disk too often.
the latest virus definitions from the Basic integration with two popular
internet. You can configure it to email clients (Kmail and Gnome’s
update these definitions at set Evolution) is supported, and piping
intervals or as and when required. new messages through klammail
The interface is a tidy affair. It isn’t too tricky for most other clients.
avoids the traditional menu and There’s very little in the way of
toolbar layout, instead opting for a documentation (though you won’t
super-simple tabbed window. This need much instruction), nor is
provides access to scanning reports, KlamAV much to look at.
quarantined files and various settings Nevertheless, it’s an ideal app for
– all very workable. KDE users who deal with Windows
Dazuko comes into play with the files. And with Clam’s exhaustive
auto-scanning feature. Here, you can database behind it (over 30,000
construct a list of directories, and viruses, worms and trojans can be
KlamAV will keep tabs whenever a file identified) there’s little fear of it
Hurrah – a clean system! Not much point in scanning /proc, though.… within it is accessed or executed. It will missing anything critical.

www.linuxformat.co.uk LXF66 MAY 2005 43

LXF66.hot 43 15/3/05 4:04:33 pm

 HOTPICKS

FREE SOFTWARE QUAKE GAME DATA

ACTION GAME

XBlast Open Quartz

■ VERSION 040801 ■ WEB http://openquartz.sourceforge.net
■ VERSION 2.10.0 ■ WEB http://xblast.sourceforge.net

According to some, violent For those unfamiliar with

videogames are a bad influence on Bomberman-esque games, you’re
children. Well, given the number of dropped into a very simple 2D
us that misspent our youth on maze-like arena with other players
Hudon Soft’s wickedly addictive (human or CPU) and given the
multiplayer mode Bomberman, we controls Drop Bomb, up, down, left
should all be kicking explosives and right. Explosions demolish walls
around and riding kangaroos. If like and uncover power-ups, while
us you still fancy dropping the (more importantly)
bomb from time destroying your
to time, this opponents. XBlast
clone should retains these
interest you. gameplay aspects.
While Hudson There are a
Soft was too staggering 1,191
ambitious with levels, and the
later Bomberman neat built-in level
releases, over- editor is available to create even “Hello? HELLO? Ah, everyone’s dead. Might as well clock in for the day...”
complicating the gameplay’s more. Character sprites and level
immediacy with redundant fluff, objects are competently drawn; After the planet-shaking success of looking for fun, all in a single outdoor
XBlast TNT retains the charms of while XBlast’s music deserves a Doom, id Software did well to follow up arena). Multiplayer is where the real
the original series with new goodies special mention for its mixture of with an equally playable first-person action is. Several arenas are available
sprinkled on top. XBlast has a busy playfully upbeat, funky ditties. While shooter in the form of Quake. Three for networked play with human
online community and active players can crowd around a years after the game’s 1996 release, id competition or bots, and the designers
development work is taking place. keyboard for multiplayer made the game’s engine free to all haven’t skimped on fabulously nasty
Most of the tarball is taken up shenanigans, a network mode is under the GPL – but not the graphics, weapons. Quake fans who’ve tried
with the game’s sounds and music; available for LAN or interweb-based level designs or music. That’s other flavours doing the rounds will
a smaller version is also available nukage, and with a decently fast understandable. The Open Quartz find the usual config settings for
for where disk space is limited. connection you shouldn’t have any project is beavering away on totally visuals, sounds and gameplay.
XBlast only requires SDL to latency hassles. free (as in speech and beer) game Open Quartz is a fantastic idea: a
compile, so it should build straight XBlast is better than the data, hopefully constructing a Quake robust and respected game engine
away on almost every system (make good-but-rough BomberClone, its implementation that can be included (despite looking a bit dated in places)
sure you have the SDL -devel or abundance of levels ensuring plenty in the likes of Debian without any coupled with completely open data
similar package installed). If you of merriment. It’s not perfect (the licence complications. files will give distro vendors a better
encounter problems with the make CPU players act idiotically in Several flavours of the GPL Quake opportunity to bundle quality games.
install phase, you can run the places), but has all the appeal of a engine are floating around the Net. There’s much to be done in OQs
game straight from the build Bomberman take-off and is a fun The Open Quartz team has chosen single-player mode, but the
directory with ./xblast. multiplayer game to boot. Dark Places for its speed and multiplayer game is marvellous fun
portability – it certainly zips along at a and the textures and enemy models
good pace, even on our older test box, are very respectable. It’s a promising
with no stability issues. Texture-wise, project to get involved in – and coding
they’re doing a commendable job; the skills aren’t essential!
grass and stone graphics work well, as
do the copious amounts of blood shed
in battle (yum). Indoor textures are
equally good, and although proper
background music is still missing, the
small range of sound effects is more
than adequate.
Right now, the
single-player mode isn’t
much to write home
about (you’re
thrown into a
melée of
violence with
Red bloke cowers in Pacifist Bomberman (maybe Hudson Soft should
a gang of
have tried that)... XBlast is a smashing multiplayer game.
vicious trees

44 LXF66 MAY 2005 www.linuxformat.co.uk

LXF66.hot 44 15/3/05 4:04:36 pm

 HOTPICKS

HotPicks REVISITED
PHP EDITOR When we covered gPHPEdit in out of the coder’s way. Syntax

gPHPEdit
November 2003’s HotPicks (LXF46), highlighting and checking, along with
we found it to be a top-notch app for code-block collapsing, a nifty
writing PHP code – not bursting at the find-as-you-type search box and a
seams with features, but very usable primitive macro facility, make up the
■ VERSION 0.9.50 ■ WEB www.gphpedit.org
all the same. program’s editing features.
Since our look at 0.4.3, the lead Additions and updates since 0.4.3
developer Andy Jeffries has been include a system for plugins (only a
steadily adding new features and fixing few available at present, but they’re a
bugs, and as it approaches 1.0 the doddle to write); support for the
editor deserves a quick catch-up. GnomeVFS library, a reworked
Handily, the superb Scintilla editing Preferences dialog box and a time-
component has been rolled into the saving mini templates/shortcut system
main source tarball, thus eliminating a (enter a keyword, and then expand it
dependency (just Gnome is required). to a full block).
On the outside, there haven’t been These new features transform
any drastic changes to gPHPEdit’s gPHPEdit from a decent little PHP
minimal interface: it’s uncluttered and editor into a much more useful tool,
compact, with tabs for multiple and newcomers and regular coders
documents, works well at lower alike should find it a useful tool. A
resolutions and, most importantly, keep couple of important extras (such as
bookmarks) are in the development
GPHPEdit in action on a file, with pipeline - they’ll make gPHPEdit1.0 a
the new Prefs box popped up. well-rounded release.

TEXT-BASED WEB BROWSER

ELinks
■ VERSION 0.10.2 ■ WEB http://elinks.or.cz

It’s been nearly two years since Appropriate colouring (up to 256
we looked at ELinks in HotPicks – colours with some terminals)
LXF43 from August 2003 to be provides reasonably accurate
exact - and we’re pleased to report it rendering, as does the smart table
has come along in leaps and bounds. and frame support. When you
This text-mode web browser, a include cookies, proxies,
descendant of Links, is becoming authentication and FTP support, only
more suited to everyday browsing ELinks’ lack of images keeps it from
tasks with each release. Its parity with other browsers.
requirements are pleasingly minimal Since our last look, ELinks’s busy
- extra features can be enabled with coders have incorporated a shedload ELinks on eBay with the main menu up. It does a great job in text mode.
optional dependencies, but of goodies including a Perl-scripting
otherwise it will compile out of the back-end, rudimentary CSS support, ELinks is satisfyingly configurable, fantastic – the rendering engine
box on virtually every distro. an early JavaScript engine (installed with much to be tweaked via the screams along and it’s all rock-solid.
ELinks is operated via drop-down from the Mozilla codebase) and pop-up dialogs and tree-based Highly recommended, especially for
menus and highlighted links and much more. Thankfully these haven’t configuration manager. For navigating older machines that sink under the
mouse support is also available. affected its overall stability. through purely textual content it’s weight of Firefox or Konqueror. LXF

ALSO RELEASED LIST

New and updated software that also deserves a look...
■ NewsFeed 2.0 – RSS feed reader ■ Muine 0.8.2 – Mono/GTK#/Gnome ■ Eric3 3.6.0 - Python IDE ■ Disk ARchive 2.2.0 Back-up
http://thor.prohosting.com/~mdoege/ music player http://muine.gooeylinux.org www.die-offenbachs.de/detlev/ http://dar.linux.free.fr/
newsfeed/ ■ GNUstep LiveCD 0.9.4 - OSS OPENSTEP eric3.html ■ HighMoon1.1.2 – Space-based,
■ SSH Filesystem1.0 framework www.linuks.mine.nu/gnustep/ ■ GalaxyHack1.0 – AI-driven space Worms-like game
FUSE-based filesystem ■ OMake 0.9.4 – Alternative to GNU Make shoot-’em-up http://highmoon.gerdsmeier.net
http://fuse.sourceforge.net/sshfs.html http://lists.metaprl.org/pipermail/ http://galaxyhack.sourceforge.net ■ Pucko 0.6.0 – Text-mode music player
■ Centericq 4.20.0 – Text-mode instant metaprl-announce/2005-January/ ■ Visopsys 0.53 – Unique open source www.student.hig.se/~nd02aho/pucko/
messaging http://thekonst.net/centericq 000005.html operating system www.visopsys.org ■ softflowd 0.9.7 – network traffic
■ ROX-Filer 2.2.0 – RISC OS-esque file ■ Kdissert 0.3.5 - Mind-mapper ■ AmyEdit 0.7 – LaTeX editor in GTKmm analyser
manager http://rox.sourceforge.net/ freshmeat.net/projects/kdissert/ http://amyedit.sourceforge.net/ www.mindrot.org/softflowd.html

www.linuxformat.co.uk LXF66 MAY 2005 45

LXF66.hot 45 15/3/05 4:04:39 pm

 WHAT ON EARTH Plone

What on Earth is...

PLONE?
Updating a website with fresh content is a pain – but if you give the job to inexpert users they might
ruin your carefully-designed pages. Jono Bacon discovers a free system that will do the work for you.

This Plone thing sounds like some

>> kind of wireless or VoiP handset.
content in interesting ways. Traditionally, organisations
have needed to have bespoke CMS systems
place on the site; and (c) that the information
triggers other types of content such as a press
I’m guessing I’m wrong, unless this specially written for them by software companies, releases or a news items. A CMS helps you achieve
magazine is now Wi-Fi World... but open source CMSs such as Plone provide a all these things.
We’re not talking about telephones, don’t worry. platform on which to build a tailored CMS and gain
So a CMS is just a website?
Plone is a powerful content management system,
you know.
from the open source benefits such as access to
source code and using the software free of charge. >> Not exactly, no.

Content management system? So is a CMS a database, like Huh?

>> That sounds less than thrilling. >> MySQL? >> Let me explain. Firstly, although most CMSs
What does it mean? No – a CMS provides much more. A CMS system are web-based, not all of them are. Secondly, the
Don’t judge too hastily. A content management gives the users tools to automate how information is web-based CMSs are not just websites, they’re web
system (CMS) is a nifty piece of software that’s managed. Let’s assume that you run a website, and applications, and are designed to give people the
designed to manage, process and effectively deal you want to post a list of events on it. opportunity to add and manage information in a
with content in different ways. In recent years, CMSs No doubt, when you add an event you’ll want: (a) non-technical way.
have attracted the attention of business, as they an easy and convenient way to add the information; For example, if you were to add an event to a
provide a means to manage large quantities of (b) that the information will be displayed in the right non-CMS website, you’d probably need to add the

46 LXF66 MAY 2005 www.linuxformat.co.uk

LXF66.woe 46 15/3/05 4:08:56 pm

 WHAT ON EARTH Plone

How flexible?
>> Plone is a very, very capable
of possibilities and options, and the Plone developers
have been keen to give users the ability to change
open source CMS. The Plone team (a common parts of the Plone templates without
mixture of Americans, Norwegians having to resort to CSS hacking. This gives you the
and Brazilians), has developed it as a flexibility to make simple changes or create
platform that can provide virtually advanced CSS files that give you a unique design.
unlimited flexibility in how you want
So Plone is flexible and
a website to be set up. In some
other CMSs, you are forced to use a >> feature-driven? Why do I sense a
particular template for structuring ‘but’ coming?
your site. You can change the The only problem is complexity. With the sheer
images, fonts and colours and so flexibility of the system comes an enormous amount
on, but are still limited to where of choice in how you set up the CMS. It’s made
information is located and how it is Plone possibly the most complex open source CMS.
accessed on the page. In addition to the number of variable options and
Plone breaks these rules and levels of flexibility, Plone is complicated in the way
gives you the chance to locate that the constraints applicable to some other CMSs
your information anywhere on don’t apply to Plone. Unfortunately, this entails a bit
your page. In addition to this, of learning – you’ll need to work out exactly what
Plone is incredibly extensible. you can carry over to Plone from the CMS you’re
used to to implement your specific design.
Extensible?
>> Sounds like more OK, so I’ll have to do a bit of work.
jargon... >> Where do I start?
Sorry: extensible just means The first place to begin is the Plone architecture, and
you can add additional this in turn begins with Zope. Zope is a special
modules and features to the application server which provides an underlying
system for your specific needs. framework for building web applications. Several
event details directly to the database and possibly In many cases, these additions are limited by the large organisation use it, including Red Hat, the US
edit some HTML or other static content. On a CMS, constraints of the CMS in question. Within the Plone Navy and General Electric.
you could log into the system and fill the details into CMS, this extensibility covers wide ranges, and a The intriguing bit about Zope is its
a form, which would then submit the information to huge range of vastly different Plone additions are object-oriented approach to web applications. If you
the right place in the database. On a clever CMS, available. On top of this, the in-built flexibility of think about the different types of information that
the event information could be sucked from another Plone gives you the ability to use these additions in are contained within a website, they are all merely
site, reformatted and then added to your database many different ways. objects that relate to one another in different
and displayed. ways. If you take this further, you can
So give me some details – what
Why not just create a website that >> kind of additions?
think of how different parts of a web

>> does all this? Anything that’s related to website functionality. Web
application consist of a number of
>>
files that relate together to form a
The main thing to remember about a CMS is that it photo galleries, address books, weather information, common purpose. Taking a
provides a pre-written website that provides you with RSS syndication tools, instant messaging, groupware
many of the tools and features that you would or collaboration tools, navigation bars, document
otherwise have to code into a website yourself. In control... the list goes on. Plone also includes nifty
addition to this, a CMS often provides the ability to features such as WYSIWYG editors for adding
run new technologies and plug-ins that you may not content to sites and tools to create
have the time to investigate and implement yourself. specific types of content that your
This means that by using a CMS, you have the site can manage.
opportunity to keep up to date with the latest
This all sounds
technology, and not have to constantly rewrite
chunks of your website. >> interesting, but
There are, however, a few limitations with CMSs. If I’d be concerned that
you think of a CMS as a generic website to which the design of my site
you can add your own information, you are restricted would be
by the way the developers of the CMS have decided compromised.
to do things. This can involve limitations in how the Plone includes a templating
content is stored or, more typically, limitations in how system that allows you to
the information is displayed. adjust the design of different
Some CMSs are very inflexible in this visual parts of your site. Each of
representation of the content, and getting around these templates is controllable
this has proved to be extremely difficult. Luckily, with Cascading Style Sheets (CSS),
Plone is more flexible than these other CMSs and the technology that’s used to design
you can configure every aspect of how the website is and colour the web. CSS is a complex
displayed and managed. and involved subject with a huge array

www.linuxformat.co.uk LXF66 MAY 2005 47

LXF66.woe 47 15/3/05 4:08:59 pm

 WHAT ON EARTH Plone

How is Zope different from Tell me more about these objects.

>> Plone, exactly? >> Zope objects are fundamental to everything
Zope is the platform that Plone runs on. you do with Zope and Plone. You have different
Zope provides a means of creating objects for the different things you need to do in a
special objects that can interact with CMS: objects to display information, objects to
each other in different ways, and gather information from a user, and objects to
Zope also provides its own process information. Then there are objects that
transactional object database deal with very specific types of functionality. These
called ZODB. It’s as much a objects fit into three approximate categories:
database platform as a web ■ Content. This can include plain text, audio, video,
application platform. spreadsheets, images, or any other type of content
on your website.
Does this mean ■ Presentation. These kinds of objects deal with
>> that Zope/ presenting information to the user. This includes
Plone doesn’t need a creating the design and layout of your pages.
database such as ■ Logic. These objects provide scripted logic that
MySQL or can be used to process information and other
PostgreSQL? objects. Logic is critical in ensuring that the CMS
That’s right. Within the does exactly what you want it to do.
Plone system, virtually Although there are three broad categories, many
everything is provided to of the objects’ requirements can spread across
give you a complete categories – for example, there’s no reason why you
>> shopping basket as an example, there are several application server. It’s like the LAMP (Linux, Apache, can’t create a Presentation object that has some
files that are written to implement the shopping MySQL, PHP) system in one – it includes its own Logic coded into it. This is where that complexity
basket functionality, but each of these different files database and even its own web server. issue can rear its head...
is fundamentally related to the concept of a Fear not, though: you can use Plone with Apache
What kind of language is used to
shopping basket object.
This concept also applies hierarchy to the mix.
(some members of the Plone community
recommend Apache for use as an underlying web >> write these objects and create
If you were to visit www.foo.com, you would be server). You can also connect some aspects of Plone web applications with Plone and Zope?
accessing the root directory of the web server. If you to other databases, but putting the entire database in The language at the core of the Plone and Zope
access www.foo.com/bar/, you would be accessing a separate server is difficult – mainly because ZODB system is Python. Although this may come as a
the bar folder that’s further down the hierarchy in provides an object database, whereas MySQL, surprise if you were expecting to see PHP running
the web server. PostgreSQL and the like provide a relational database. the show, Python does a remarkable job of creating

48 LXF66 MAY 2005 www.linuxformat.co.uk

LXF66.woe 48 15/3/05 4:09:00 pm

 WHAT ON EARTH Plone

an easy-to-use language for dealing with these configuration file to see which
objects. Python is both simple and effective, and has port you need to use. Inside
proved to be really popular in recent times. One of /etc there should be a Zope
the reasons for this popularity is that so much is built directory. This varies among
into the core Python libraries. distributions, but it is likely to
be called something like zope
How does Python compare with
>> PHP and Perl?
or zopectl.
Inside this directory there
Many people seem to consider Perl as a similar should be a file called
language to that of the bash shell. In turn, some default.conf or zope.conf,
people consider PHP to share aspects with Perl, but and inside that file will be a
also bits of bash shell and possibly even bits of C. line such as ‘HTTP-Port: 9673’.
Python, on the other hand, shares many of its In this example the port has
similarities with high-level languages such as Visual been set to 9673, and you
Basic, and it’s more similar to VB than PHP or Perl. can access this by visiting the
Python is also very similar to the C# language that local IP address that points to
has proved so popular with the .NET platform and the machine you are currently
the totally hip open source implementation of .NET using (127.0.0.1) and issue the
know as Mono. port: http://127.0.0.1:9673.
When you access this URL,
You’ve done a good job of selling
>> Plone. What kind of server do I
you should see some
information about Zope
need to run it on? appear. This demonstrates
With its interpreted Python foundation and that Zope is working!
comprehensive support built in for so many different Once you’re in, begin by
kinds of functionality, Plone needs a little more familiarising yourself with the
oomph from your server than most other CMSs. Zope Management interface.
Many Plone users and developers believe the best developer base behind it. Then there is a huge
What’s that?
option is to run Plone on a dedicated server or
dedicated hosting service. >> An extensive web application giving you
community of users who support the software on
mailing lists, IRC channels and by writing tutorials
Running Plone on a dedicated server meets its access to the many intricacies of the Zope and guides about using Plone. It’s a good example of
additional hardware requirements, and it’s also useful application server and the ability to configure a large and successful open source project that
to be able to SSH into your Plone box and edit your virtually anything involved with Zope. benefits from an expansive network of volunteers.
configuration.If you want to target your resources to You can access the Zope Management interface To augment this community, and inkeeping with
the most put-upon resource for a Plone server, give by appending /manage to the URL, as in the trend of large open source projects setting up
it lots of RAM. Plone uses RAM extensively and you http://127.0.0.1:9673/manage. You will then be official organisations, the Plone Foundation was
should have at least 100MB of it. presented with a login box in which you should type formed in 2004 to offer a more regulated side to
the username and password for your user account Plone. Its duties include acting as the ‘voice of Plone’
And how do I install it?
>> Plone is packaged for a number of
on your computer, and you will be given access to
the management console.
for official announcements, press releases, and other
communications; as well as the essential often
distributions and is available at www.plone.org. When you fire up the management interface, overlooked function of and generating funds. The
The Plone team have worked hard to ensure that you’ll see a sidebar down the left-hand side and foundation has established an electoral process and
they release the software in a number of different main view. The sidebar contains a list of folders and anyone is welcome to get involved.
supported package types. The Plone packages objects that you have access to. In the main part of
As helpful as you’ve been, I’d like
include the Zope application server that you need to
run Plone; but if you just want Plone itself, you can
the window, you can then view these resources and
edit information about them. >> to find out more about Plone.
get the Plone Core packages. Adding resources to the Zope system is also fairly Where should I go next?
If you’re running a distribution with an archive of straightforward. In the top right-hand side of the Your first port of call should be the Plone website at
available packages, you’re best off downloading the main part of the screen, you should be able to see a www.plone.org. This has a documentation section
software from this supported archive This will ensure drop-down box with a large list of possible actions. that’s stacked full of information about Plone and
that the many different elements in the Plone This box gives you all the options you need to create also contains some tutorials. Aside from a general
system are installed and configured correctly. events, methods, documents and files; to add scripts, Google search for Plone tutorials, another potential
If you want to run Plone on a Windows or Mac images and more. avenue to explore for information is The Definitive
OS X box, you can use one of the stand-alone You can also use this box to create your Guide to Plone by Andy McKay (Apress, $44.99).
installers available at www.plone.org. These Plone-managed website. Select the option to create The book provides a fantastic, easily accesible
packages provide the familiar Windows/Mac OS X a new site and then fill in the form in the main part introduction to Plone and how to create a
point-and-click installer and are very simple to use. of the screen to create your website. comprehensive Plone-based website.
If you’re looking for specific help and assistance
Where should I start after With of all of this functionality
>> installing Plone? >> and the companies you discussed
with the CMS, you should also join up on one of the
mailing lists at http://plone.org/documentation/
You’ll first need to access the Zope server on the earlier using it, how is Plone dealing lists. There is also the #plone channel on the
right port. This tends to differ from machine to with increasing demand? Freenode IRC network. Try using the irc.eu.freenode.
machine, but you should check in your Zope Well, it’s a comprehensive project with a large net server to connect to the channel. LXF

www.linuxformat.co.uk LXF66 MAY 2005 49

LXF66.woe 49 15/3/05 4:09:03 pm

 FIREFOX TAKE BACK THE WEB

Take back the web:

FIREFOX

Firefox is one of the most successful

open source projects ever. With help
from its creator, Blake Ross, Linux
COVERRE Format reveals how it made the
FEATU breakthrough in five key areas.

50 LXF66 MAY 2005 www.linuxformat.co.uk

LXF66.firefox 50 16/3/05 12:29:57 pm

 FIREFOX TAKE BACK THE WEB

O
n February 25, the Mozilla Internet Explorer, an advantage that’s by Internet Explorer have now created
Foundation announced that shared by all the open-source a stable environment. There’s no FIREFOX TIPS
its Firefox web browser had browsers. Transgressions of web reason for open-source browsers not Throughout this feature you’ll
been downloaded more standards are quickly highlighted by to comply. “It’s hard to implement find our favourite Firefox features.
than 25 million times since users and web developers and can be standards, period – but that doesn’t They’re a reminder of why it’s so
its official 1.0 release less checked out almost immediately – mean it’s harder to do just because popular – and, we hope, will improve
than 100 days before. We knew from even non-programmers can contribute. you’re innovating,” believes Meyer. your web browsing experience...

the 0.8 release that Firefox was good, The continual development process “Opera, Firefox, Safari – all of these
but something about this felt different: of open source also means that fixes browsers have been innovating while
it was edging closer to the mainstream, get rolled out quickly, without the need sticking as close as they can to
and receiving more mainstream press to wait for a major release. As CSS standards, and with far, far less
coverage, than any other open source guru Eric Meyer puts it, “Even a resources than Microsoft commands.”
project had been able to do. crawling man will get ahead of a In fact, Meyer believes open-source
Today, close to 30 million users stationary man, and a running man will projects may even be ahead: “When it
have, to use Mozilla’s own slogan, get even further ahead.” came out, [IE] was pretty darned good,
‘taken back the web’: happily browsing Mozilla has embraced open source but the web marches on and IE
the internet faster, more safely and development without stinting on has been standing still.”
with fewer interruptions than at any standards-compliance. Used to ensure It’s quite telling that should
time in the last five years. But why has web pages are accessible to as many you browse the Bugzilla logs for
Firefox been so astoundingly popular? users as possible, web standards were Firefox (Bugzilla is Mozilla’s
How has it made the breakthrough? at first often theoretical benchmarks bug-tracking system), you’ll
find that many are logged as
invalid – these are the original

“WHY HAS FIREFOX BEEN ‘bugs’ resulting from other

browsers (mostly IE) failing to
SO HUGELY POPULAR? implement strict standards
that are followed in the
HOW HAS IT MADE Mozilla family.

THE BREAKTHROUGH?” 2 It’s secure

Firefox is built on the
We knew there must be something that some browser developers found success of the Mozilla
about the Firefox story that other open hard to apply in practice. web suite, inheriting
source developers and advocates In many ways, the World Wide Web much of the advantages
could learn from, and we found Consortium (W3C) relied on browser of that software’s
plenty. Here are the five secrets of developers to create and innovate the rigorous approach to
Firefox’s success. features that could become standards standards and security.
– if the resulting standard didn’t quite Decisions such as
1 It’s open source match the code already implemented, eschewing ActiveX on Windows, the
This might elicit a loud “Doh!” from our developers were left to choose source of many problems on IE, has The ‘Get Firefox’ campaign
readers, but beyond the free-software between rewriting significant chunks of given it a reputation for being safe included a two-page advert in the
New York Times, paid for entirely
community Firefox has managed to code (breaking backwards compatibility from malware, phishing attacks and so
by user donations.
make its open-source status a selling in the process) or being branded bad on – especially in comparison with the
point, rather than a limitation. The fact guys by the code cognoscenti. But ‘other’ browser.
that the code is open gives it an standards have matured, though, and Perceived security is a major >>
immediate advantage over Microsoft’s the years of browser space domination reason for its success. Starting out

HOW FIREFOX CAME TO BE

Key developments in the browser’s history (1980–April 1994)

1980 1992 March 1993 April 1994

Tim Berners-Lee, The future co-founder Andreessen announces Andreessen bumps
while working as of Netscape, Marc Mosaic, a “networked into SGI’s displaced
a contractor to Andreessen (right), information systems founder Jim Clark
CERN, proposes works with Eric Bina browser”, and at the (right). Together they
a project designed to port an HTML same time releases start up the Mosaic
to facilitate the sharing of information browser from beta version 0.10 of Communications
among researchers. His idea is based expensive UNIX Mosaic for X/Motif Corporation, the first
on hypertext, allowing documents to workstations to a including full source company to capitalise on
be dynamically cross-referenced. more user-friendly PC. code and binaries. the growing world wide web.

www.linuxformat.co.uk LXF66 MAY 2005 51

LXF66.firefox 51 16/3/05 12:30:31 pm

 FIREFOX TAKE BACK THE WEB

FIREFOX TIP: >>with security high on the agenda is and I think everyone on the team has default options that benefit the
a bonus: the alternative of retro-fitting been very pleased with the dearth of company more than the end user.
SHORTCUTS security features to existing software is bugs uncovered thus far.” Marketing data is very valuable, so
Firefox has shortcuts scattered hard and rarely as comprehensive as valuable that in many cases it’s
everywhere to make it fast and easy to integrating a system at the start. 3 It’s non-commercial profitable to develop and distribute
use, so why not take advantage of Yes, it has vulnerabilities – Mozilla No adware extensions, no pop-ups… software for the sole purpose of
them? For example, press Ctrl+Enter has already issued a security update Firefox has gained support among harvesting it. Such ‘spyware’ can be
to have Firefox add ‘www’ and ‘.com’ including a fix of a phishing users for eschewing commercial downright criminal, but even the
to your URLs; Shift+Enter to have it
vulnerability – but there’s a lot of applications that are vulnerable to more innocuous examples give pause
use ‘.net’, and Ctrl+Shift+Enter to have
evidence to suggest that open-source exploitation. Its timing is perfect, as the for thought.
it do ‘.org’. If you don’t have the
location bar selected, hit Ctrl+L first, applications are at least as secure as world becomes weary of in-your-face Back in 2000, Netscape caused a
or use Ctrl+K to select the Web Search. proprietary counterparts. selling and underhand data snooping. stir when users noticed that the
“The security problems and In the beginning, of course, the SmartDownload file-downloading utility
apparent stagnation of IE gave the web was a happy place. In the Elysian issued each install with a unique ID
digerati an itch to look elsewhere. fields of interconnected ether, ideas and communicated back to Netscape
Firefox, with its open-source nature and information were exchanged freely details of every file that the user
and power-user abilities, was a perfect and without barriers. There weren’t so downloaded. There was no alert dialog
place to turn,” says Meyer. many things you could do on the web, to tell the user it was sending secret
The long-heard and quite to be sure, but it wasn’t a dangerous information on their surfing habits
reasonable assumption is that Internet place to be frightened of. Then back to base – the software just called
Explorer is more of a target because of business moved in. Money-makers home whenever it liked.
its larger install base. Presumably then, paved over paradise and put up an e- Of course, the user had accepted
as Firefox becomes more popular, there commerce store. such an arrangement in the small print
will be plenty of people looking at ways The effects of the new e-conomy of the licensing agreement when
to subvert it. appear in both the profit and loss installing it. And everybody reads that,
columns. On the plus side: far more don’t they?
features, services and a more Whether or not you mind your data
“THIS IS OPEN SOURCE’S connected internet lifestyle. It is easily
imaginable that you could run your life
being harvested, such situations foster
distrust between the user and software
BEST CHANCE TO FREE on the internet – bank your money, providers. There is a sense of ‘caveat

THE WORLD FROM IE.” and spend it on food, clothes, holidays,

pensions and Buffy DVDs without ever
emptor’ when installing new software –
ironically this is especially true if it’s
leaving your chair.
Not necessarily, according to its In the other column, the
author, Blake Ross. “Sure, it will monetisation of the internet has led to
FIREFOX TIP: become a target. But that doesn’t spam, pop-ups and, indirectly, to
FORENSICS mean hackers will be successful,” he phishing scams and many Nigerians
Whether you’re debugging your own says. “Firefox’s code has been freely finding it difficult to inform people of
web pages or just curious about other available on the web for years, and the legitimate investment opportunities. In
peoples’ work, the DOM Inspector lets Mozilla Foundation encourages top a darker, less visible way, it has
you pick apart the construction of a
people in the security industry to try to also altered the objectives of
website and see what Firefox is doing
find vulnerabilities. In fact, the proprietary software
to the code. To run the inspector, visit
the web page and then click Tools > foundation actually pays security developers. Many commercial
DOM Inspector from the menu bar. experts to search for security bugs and companies have been guilty of
report them in a responsible manner, including features or selecting

HOW FIREFOX CAME TO BE

(continued: July 1994–June1997)

July 1994 October 1994 November 1994 April 1995

Unix Mosaic developer Mosaic Communications Corp releases a After a protracted lawsuit Netscape1.1 is
Jamie Zawinski, during a web browser called Mosaic Netscape 0.9, with Andreessen’s previous released. A
brainstorming session to find a an ‘Internet institution, the University milestone in web
new name, blurts out a Navigator optimised of Illinois, Mosaic browsing, it
suggestion of “Mozilla!” – for 14.4 modems’, Communications changes its offers support for tables
supposedly a (very) loose including X, name to Netscape, and its and many other new attributes.
amalgam of Mosaic and NCSA. Microsoft Windows browser is renamed This, and the later 1.2 release
and Mac versions. Netscape Navigator. pushes Netscape’s browser
market share to more than 80%.

52 LXF66 MAY 2005 www.linuxformat.co.uk

LXF66.firefox 52 16/3/05 12:30:46 pm

 FIREFOX TAKE BACK THE WEB

FIREFOX INTO THE FUTURE FIREFOX TIP:

Developers are already working towards A key target for developers in future
RENDERING
the next major release: Firefox 2.0. But is adding per-site customisation Firefox pauses for a quarter of a
it’s not a one-step hop from 1.0 to 2.0. options, which should allow us to save second before drawing web content,
Instead, they’ve split the transition into user agent settings, cookie options but you can override that and force it
three bite-sized chunks: 1.1, codenamed and security levels that depend on draw content immediately. To do this,
Deer Park; 1.5 codenamed The Ocho (see which URL is open. enter about:config into the location
the film Dodgeball to get this obscure bar, and look for the nglayout.
reference); and 2.0. Resist... you must resist initialpaint.delay setting. If it’s not
Thanks to the long test cycle of Firefox Following on from previous Firefox there, right-click and select New >
preview releases, the Gecko build inside releases, one thing we’re sure isn’t Integer, and give it that name. The
Firefox1.0 is out of date. But that’s going to change is Firefox’s default value is 250 (milliseconds), but
changing – 1.1 will resync with the resistance of extensions. Where you can set it to 0 to make Firefox feel
Mozilla tree, bringing in the rendering other browsers sling features into much snappier.
fixes and tweaks made since Firefox1.0 the main code, Firefox has
was stabilised. For web developers, this consistently remained thin and
includes big changes like the inclusion of light, with any feature additions coming
CSS 3 columns and cursors, but most of in the form of extensions. If anything, Firefox continues – the Spread Firefox
us will probably notice that the infamous this process is going to be tightened as team and the advert that they placed in
Slashdot rendering bug is fixed – hurrah! extensions are given more control over the New York Times in December have
One minor change expected in 1.1 is the browser without increasing the initial given the browser a good public profile,
more support for the Gnome human browser download size. and it must not be allowed to slip. This is
interface guidelines, resulting in Although no official dates are the open source software’s best chance
smoother integration between browser available, we expect Firefox1.1 to be to liberate the world from the insecurity
and desktop. In 1.0, changing your available by the time you read this, with of Internet Explorer, which means it’s
Gnome theme while Firefox is running 1.5 approaching its first developer imperative that Firefox1.1 comes out
will update everything but Firefox – this preview (alpha) release. The race is now quickly to keep up the pace – and raise
is fixed in 1.1. on to ensure that the thrust behind the pressure.
FIREFOX TIP:
HIDE YOUR
proprietary software that you haven’t Users may berate the laxness of your own itch’ scenario. A user wants a
actually bought. Internet Explorer when it comes to particular application, but finds that
HISTORY
Then there’s pop-up advertising: a ActiveX, but at least Microsoft seems to none is available or that none works in As you browse around the web,
curse on most web users who don’t be trying to put the users’ needs first. quite the way required. So the user, Firefox keeps track of all the sites you
visit. This helps when you visit the
want their bandwidth compromised or It is possible for proprietary developers with some programming ability, creates
same sites repeatedly in the same
their screen cluttered with 1,001 offers to make the right decisions. Blake Ross an application themselves and releases session, but also means others can
every time they hook up to the web. agrees: “Google is involved in it into the wild. If it fulfils a more follow your footsteps later on. If you
For reasons still not clarified, when ‘important stuff’ like writing a search general need others will begin using it don’t want this to happen, look in the
Netscape released a browser based on engine, and has emphatically spoken and perhaps contributing to it. .mozilla/firefox directory in your
the Mozilla code that included the out against pop-up ads on its website,” Over time, these projects attract a home directory, and you’ll see a
directory named xxxxxxxx.default (eg
ability to stop JavaScript from opening he points out. “Google and other great deal of momentum and
wqye4sug.default). Go in there, type
new windows, it neglected to include thriving companies have figured out contributors. Usually this will lead to
‘rm –f history.dat’, then restart
that option. that earning users’ trust will eventually more features being added and Firefox – this deletes your history, then
In the ensuing backlash, Netscape lead to far greater revenues than more complex software applications, has Firefox recreate a blank file. Close
released an update that did block anything a pop-up could rake in.” which can hopefully serve more it again without doing anything, then
pop-ups, but there was a buried general needs. Often though, it can type ‘chmod 444 history.dat’ to make
whitelist in the preferences that by 4 It’s focused lead to a whole load of features that it read-only. Now any URLs you visit

default allowed any pop-ups served Historically, open source software nobody really needs, but which >> with Firefox will be forgotten as soon
as you close your browser!
from AOL or Netscape. projects have started from the ‘scratch developers think are cool.

September 1995 March 1996 August 1996 June 1997

Microsoft bundles Internet Explorer Netscape Navigator 2 implements Netscape releases Navigator 3.0. Netscape releases
1.0 with its Windows 95 Plus Pack. several new and unique features New to this version are Communicator version 4.
While IE is still technically inferior to (including Java and JavaScript) multi-column text, This version supports
Navigator, bundling free software that pave the way for much of horizontal and vertical most of CSS 1.1, and
with commercial the modern web experience. spacing, strikeout and and introduces Layers for the
packages draws the This month also sees AOL bundle table cell background first time. Communicator
line of battle for the (notice the use of this word applied to colours. New plug-ins are not only includes the
coming of the a certain company again) Internet supported, including browser, but also an email
Browser Wars. Explorer with its own software. Apple’s QuickTime. and news client.

www.linuxformat.co.uk LXF66 MAY 2005 53

LXF66.firefox 53 16/3/05 12:30:49 pm

 FIREFOX TAKE BACK THE WEB

FIREFOX EXTENSIONS
Firefox is purposely plain. But if you’re after more features, here’s how to add them

Blake Ross wrote Firefox to avoid the

creep of new features that was
bogging down Mozilla. As a result,
using the browser can be a rather
spartan experience, but Ross and his
developers have made sure that you
can add functionality easily through
what they call extensions.
Extensions are installed and
managed through their own window –
accessed within Firefox from the Tools
menu – and the easiest way to install
them is by simply clicking on Get More
Extensions. When a new version of
Firefox is released all the installed
extensions can be updated in a single
stroke from the same window.
Firefox’s extensions page is at update.
mozilla.org, along with other recent
updates. Installation is usually as
simple as clicking on the link, with
Firefox’s extension manager
automatically handling the details.
After download, most require a
complete restart of the browser
(including the download manager). You
can acceess options pertinent to each
extension from the Tools menu, or
directly from the Extensions window.
Firefox can be customised to feel like a completely different browser.

Ad-free web browsing it gives you more control. Once installed, usually obvious, either by their file
Top of the list when it comes to Adblock makes itself known via a small extension (.swf for Flash for example) or
extension must-haves is Adblock. While box in the lower right of the main their domain. Adblock also places a small
this may annoy advertisers and window. Clicking on this presents you tab into the rendered page that, when
jeopardise the continuing existence of with a list of items on the current page clicked, allows you to remove the
FIREFOX TIP: many ‘free’ websites, there’s no doubt that it’s possible to block. Adverts are offending advertisement directly.
HTTP
PIPELINING >> Mozilla itself is a notable example this made sense to the developers – kernel for Linux comes in at under
Send your network of this (see Firefox Extensions box, but did it make sense to users? A far 5 million lines. The size of the software
performance through the roof by above). The original Netscape code lesser proportion of web users now wouldn’t be an issue if it weren’t for
enabling HTTP pipelining, a neat trick attempted to create a suite of have any need for a visual HTML the fact that much of it is for non-core
that allows Firefox to request multiple applications. As well as the browser, composer, but because the idea was functionality. In a clear example of the
files simultaneously. about:config
there was an email client, which there already, it was hard to imagine Pareto principle, 80% of users may
comes to our rescue – set
doubled as a newsreader too. So far, so leaving it out. need only 20% of the features.
network.http.pipelining to true, and
you can also enable network.http. reasonable. Then came Composer, a The initial Mozilla release There is also a tendency in open
proxy.pipelining while you’re there. web-layout tool. In some ways, approached 30 million lines of code: source for the existing code to be
because of economies of sharing code, impressive, but a bit of a worry – the extended and ‘made better’ by

HOW FIREFOX CAME TO BE

(continued: October 1997–August 2002)

October 1997 January 1998 March 1998 April 1998

Internet Explorer 4.0 is Facing annihilation at the An early development Netscape Communications announces a
released. Despite IE hands of Microsoft’s snapshot of Netscape new browser rendering engine, initially
playing catch-up to bundled browser, Netscape Communicator is released as named Raptor. In what will become
Navigator over the makes the decision to source code to the a theme for Mozilla, this
previous 18 months, release Navigator for free. recently-founded Mozilla name is already taken
this release marks the This includes the binary Organisation. Developers are – it opts for the
start of its domination of code, as well as most of the encouraged to download the more lizardy (and
the marketplace. code-base under an code (8MB) and post their geekier-sounding)
open-source licence. own enhancements. Gecko instead.

54 LXF66 MAY 2005 www.linuxformat.co.uk

LXF66.firefox 54 16/3/05 12:30:53 pm

 FIREFOX TAKE BACK THE WEB

of them initially and they had a clear

idea of where they wanted to go. Blake FIREFOX TIP:
Ross admits: “A major problem with DISABLE BLINK
the old Mozilla software was that
it makes a lot of sense to integrate Although the <b> and <i> HTML tags
literally dozens of people influenced get our goat (use semantic tags,
Gmail directly, and that’s exactly
what the Gmail Notifier extension the product’s direction. That just dammit), they are mere bagatelles
does. This great little tool sits in doesn’t scale.” compared with <blink> – the evil
the status bar and simply informs horror that makes text and other
you of any outstanding Gmail 5 It puts users first elements flash on the page.
messages. Clicking on the little Fortunately, Firefox users can disable
Who is software for? It’s a question
red envelope opens a Gmail this through about:config – just look
that the Firefox developers have
session under a new tab, quickly for browser.blink_allowed and set it
giving access to all that spam.
constantly asked themselves. They’d to false, and your eyeballs need never
say it’s for the user, but in proprietary be scalded again!
Download peekaboo development, there are obvious
Other extensions worthy of a compromises to be made. For one, the
mention include:
■ Download Status Bar, which
Firefox’s extension manager. lets you see the status of downloading
files without having to resort to the “USABILITY IS MORE
Drawing shapes with the mouse to
control a browser (rather than clicking
external window.
■ User Agent Switcher changes the IMPORTANT THAN
buttons on the GUI) was considered too
esoteric for the main Firefox release, but
browser identifier sent to a site, often
providing access to stubborn locations FUNCTIONALITY.”
this power is easily installed using the such as online banks that insist on a
All-In-One Gestures extension. Basic certain browser.
business itself needs to be maintained,
gestures include forward, backward and ■ Translate performs BabelFish magic.
which is still the case even when
reload, but there are also more advanced ■ MediaPlayerConnectivity allows you
gestures such as tab switching, scrolling to open embedded media content with proprietary software is delivered for
and font sizes. New gestures can be a configurable external program – a free. There is an incentive to put the
added manually by drawing the great way of avoiding those terribly business aims before those of the user.
corresponding action on to a canvas, and constrained RealPlayer windows. Even in the arena of open source,
once you get used to them it’s difficult to Best of the bunch, though, is the the end user is not the focal point of
go back to buttons. ScrapBook extension. This lets you drag
all development. Ask the average
You know Gmail has reached critical highlighted clips from a web page into
mass when there’s more than a dozen the side bar for later reference. The
developer what makes them devote so
ways of managing your inbox. As Firefox is clips includes text and images, along much time and energy to coding, and
probably the default browser for with a link to the original source, and creating usable applications with a
accessing Gmail (especially for KDE users) can become irreplaceable. wide appeal isn’t likely to be their top FIREFOX TIP:
reason. It’s natural to want to do more
developers, which usually results in it so let’s start working to reduce it rather – to do more complicated things, to
RESIZE FRAMES
getting longer as team-based than increase it. Resist the all-too- satisfy the code equivalent of Page frames can be a boon to site
usability, but we froth at the mouse
contribution exercises are generally common tendency to add more code. machismo by doing hard things,
when inconsiderate programmers force
additive rather than reductive. The Try to remove code, simplify over- sometimes in an obscure but
them to a specific width – we have big
whole Mozilla team have recognised complicated code [and] undo essentially cunning way. For software monitors for a reason and don’t want
this problem, and there are efforts premature optimisations.” that’s going to be used by people of 120-pixel width restrictions, thank-
within the Mozilla developer In retrospect, the decision of the same mindset, this isn’t so much of you-so-very-much. Firefox comes to
community to address it. The current Firefox’s developers to split off and a problem. the rescue. Look in about:config and
roadmap exhorts programmers: work on a minimised browser probably But to switch over into broad >> set layout.frames.force_resizability to
true – and breath a sigh of relief.
“Tinderbox now measures code footprint, succeeded because there were so few mainstream use, usability is more

November 1998 November 2000 August 2002

AOL buys Netscape for After a three-year hiatus, Disillusioned by Mozilla’s
$4.2 billion. There are Netscape 6.0 is released. bloated and feature-rich
worries that this could signal Based on the Mozilla 0.6 direction, developers
the end of Netscape’s quirky branch, it’s a total failure – Blake Ross and David Hyatt
Gecko project, but AOL thanks to the terrible UI, take a partial fork of the
remains committed to awful page rendering and Mozilla code base. They
financing Mozilla.org despite stability that would make intend to build a lean
having no plans to switch Cristiano Ronaldo look like a browser with a laser-
from using IE. mountain goat. sharp focus on the user.

www.linuxformat.co.uk LXF66 MAY 2005 55

LXF66.firefox 55 16/3/05 12:30:57 pm

 FIREFOX TAKE BACK THE WEB

Two browsers showing the same

site. You can’t tell the difference in
>> important than functionality, users, not control them.” It’s not about the Firefox model: ease of use
something emphasised by Blake Ross. isolated in a development bubble: and simplicity should be the driving
speed from a static picture, but you “The key to Firefox’s success is simplicity. Firefox knows what users want and principles of any software project, open
can see the extra complexity of the
example on the left, the beta I can’t stress that enough. Software puts them first. So it’s hello tabbed source or not. I think Firefox is making
version of Netscape Browser 8.0. developers seem to be stuck in an browsing, live bookmarks and Google waves because it’s the first
What are all the buttons for? We endless search for ‘the next big feature’. Search in the toolbar. open-source product to really dive
used it for a few hours and still
With Firefox, we zoom in on each and headfirst into the consumer pool, and I
can’t tell you. Firefox, on the
right, is simple enough for your every part of the product, reworking Community call hope our success is a signal to the rest
granny to use. and refining and tweaking it until it’s Firefox is a well-conceived idea, of the community that they can come
just right for mom and dad. All these developed properly with an eye on on in, the water’s fine.”
little things add up to a superb overall security, restraint when it comes to new So a consumer-friendly model can
experience, and that’s the big feature.” features and sole consideration for the work in open source. Perhaps it’s the
So ‘Taking back the web’ isn’t just a end user. Are its five ‘secrets’ really movement’s best chance of winning
catchy slogan for Firefox, there are enough to account for its revolutionary mainstream acceptance. “The era of
some real issues at the heart of it, as success? “Unfortunately, yes,” says Ross. ‘by geeks for geeks’ software
FIREFOX TIP: Blake explains: “Back when we “I say “unfortunately” because there development is over,” says Ross. “Open
MAXIMISE worked at Netscape, we read the shouldn’t be anything revolutionary source can play in the big leagues.” LXF
feedback that users submitted almost
Once you make the switch to
obsessively, and a common thread FURTHER RESOURCES
tabbed browsing, having multiple
browser windows open becomes a bad emerged: people complained that
they’d lost all control of their browsing For more information about Firefox, Eric Meyer is a leading expert on CSS,
memory. But how can you make the
check out the home page at principal consultant at Complex Spiral
most of your screen real estate? With experience and were now at the whim
www.mozilla.org/products/firefox and and the author of several excellent
Firefox, the answer is simple: tap F11 of pop-up ads and spyware and other advocacy site www.spreadfirefox.com. books. Check out his homepage,
to switch to Full Screen mode. Firefox annoyances. They were spending more www.meyerweb.com.
will take up – surprise, surprise – the
time fighting with the web than using it Blake Ross is a founder of the Firefox
whole screen, getting rid of the
to get stuff done. team and an all-round nice guy. Catch Read exclusive full interviews with Blake
window decoration at the top and also
“This seemed backwards to us: up with his life and thoughts at Ross and Eric Meyer on our relaunched
any menu bars you have at the bottom.
www.blakeross.com. website, www.linuxformat.co.uk.
technology is supposed to empower

HOW FIREFOX CAME TO BE

(continued: September 2002–November 2004)

September 2002 April 2003 February 2004 November 2004

First binary release of the Trademark issues force the team Following further problems Official release of version
forked project, named to change the name of the with a free database called 1.0 of the Firefox browser.
Phoenix, version 0.1. project to Firebird. This name is Firebird, the project makes The volunteer advocacy
According to the release notes, used for the following month’s its final name change to group Spread Firefox
the browser’s features include 0.6 release, which features Firefox. This is followed takes out a two-page ad
a customisable toolbar, a smooth scrolling and automatic with the 0.8 milestone in the New York Times to
quick search facility (for image resizing. release, now with publicise the launch.
bookmarks and history) and Windows installer and
speed, speed, speed. download manager.

56 LXF66 MAY 2005 www.linuxformat.co.uk

LXF66.firefox 56 16/3/05 12:31:00 pm

 GCC 4.0 UP CLOSE

UP CLOSE

The compiler at the heart of open source is heading for a new release. GCC
fan and sometime contributor Biagio Lucini talks to leading developers for
an exclusive preview.

N
othing we do with open find out if these new additions are the in 1992 with the publication of version
source would be possible result of harmonious exploration – or 2.0, which also added support for C++.
without the compiler acrimonious forks. GCC was beginning to be adopted as
collection GCC. It may be That history began in 1984, when the official compiler on several
mastered only by an inner Richard Stallman wrote the first chunk software platforms (including Linux),
circle of C++ gurus but it of GCC, the C front-end. In the same and its 2.7 manifestation received
affects us all. It’s GCC that allows your year the GNU project officially began, special praise.
distributor to build the system you’re and it’s no surprise that GCC is at the
running right now, and every heart of it: it’s hard to imagine how Fork ahead
improvement to it results in shorter you could provide freely modifiable Through the nineties, GCC
execution times and smaller binaries. software without providing a way to development remained in the firm
GCC is where the magic takes convert the modifications into hands of the Free Software
place, and that’s why we’re paying executable code. Foundation (FSF), which was more
close attention to the major Three years later, in 1987, Stallman focused on stabilising than on
forthcoming release of GCC 4.0, a decided to expand the front-end into improving the compiler. As a
benchmark for the project. Mailing lists a fully-blown compiler, beginning consequence, third-party patches
talk of faster optimisation, improved GCC’s journey to the version 4.0 we’re aimed at simplifying the building
security and cool hacks. Given GCC’s awaiting. Architectural limitations of process on some architectures or
chequered history, we were keen to this first release series were overcome adding functionalities were very often

58 LXF66 MAY 2005 www.linuxformat.co.uk

LXF66.feat_gcc 58 15/3/05 4:36:21 pm

 GCC 4.0 UP CLOSE

compiler meant to be used to

CODE BREAKERS recompile the kernel). Alas, the fiasco
Watch out for these GCC breakages was by then irreversible. Red Hat
insisted on this dual compiler
Because GCC standards are pretty
complicated, they haven’t always been approach (followed closely by other
implemented; particularly in early 3.4. Here are three to look out for: vendors including Mandrake) for about
versions. Recent releases have been NEW FORTRAN FRONT-END a year, until GCC 3.0 was officially
more standards-compliant, but this Don’t expect all of your code to be released. That said, Red Hat has been
means the old bad code is now breaking parsed as before. and still is one of the major
with updates. In fact, version 3.0 JAVA ABI Breaks binary compatibility of
contributors to GCC; today, some of
showed signs that certain features Java applications, pretty much as
would break. The good news is that the happened with C++ from 2.95 to 3.0.
the leading GCC developers are Red
level of breakages in this latest update is VARIABLE TRACKING This new feature Hat staff.
lower than the transition from 3.3 to requires the user to upgrade to GDB 6.1.
Truly open at last
rejected. But because GCC was still compiler collection (still in heavy GCC 3.0 was the natural result of the
GPL software, users could choose to development) would. efforts started with EGCS. The focus
apply the patch set they liked best. Keen to provide a unified base was still on stability, but improvements
This gave rise to a dangerous spread system across all supported platforms, were no longer renounced, even if
of unofficial versions, with the risk that Red Hat made the decision to provide sometimes they could have broken
a serious fork would slow the as its official compiler a heavily compatibility. In fact, GCC 3.0 broke
development of the official version. To patched version of what should have binary compatibility for C++ code,
avoid this, in 1997 some leading GCC become GCC 3.0. By itself this would since it contained a major
developers breathlessly decided to not have been a big deal, but it turned improvement in the form of a new
fork the project themselves. out that that this compiler (which Red Application Binary Interface (ABI) for
This was the birth of EGCS Hat named GCC 2.96 without that language. It took another minor
(pronounced eggs). Among the permission from the FSF) failed in
declared objectives of EGCS were building the Linux kernel. Even worse,
improvements in the C++ area and
the addition of Fortran 77 support
the so-called GCC 2.96 was binary
incompatible with both the stable and
“USERS ASSUMED THAT
(g77). The project was very successful the development versions of GCC. THE FSF HAD RELEASED
and many vendors included EGCS side
by side with GCC in their distributions.
Users assumed the FSF had released
a buggy program that was unable to A BUGGY PROGRAM.”
Within a few years the superiority compile the kernel and that broke
of EGCS over GCC became striking, binary compatibility. release for the ABI to stabilise, but the
leading the FSF to give its official The GCC team reacted promptly, neat result was a more standards-
blessing to the development model at issuing an official statement in which compliant and predictable compiler.
the root of EGCS in late 1999. EGCS, they clarified their position on GCC Throughout the 3.x series,
which was itself undergoing forks such 2.96 and blamed the poor developers have continued to improve
as the PGCC project (aimed at building performance on Red Hat. Even Red and stabilise the set of features
fast executables on Pentium-class Hat tried to explain its actions and introduced in GCC 3.0. Although most
machines), became GCC 2.95. One of resolved some of the problems by of the work has centred on C++,
the differences between the providing an alternative compiler support for the other officially- >>
development process of EGCS and the based on EGCS (known as KGCC, a included languages (Objective C,
previous GCC was that the open
model of EGCS was tailored to make INSTRUCTIONS FOR THE IMPATIENT
forks useless, and projects like PGCC How to set up GCC 4.0 for immediate use
slowly died out, being either
reabsorbed or superseded by EGCS. As with many open source projects, you ../gcc/configure --prefix=/opt/gcc --
can obtain GCC via anonymous CVS. enable-languages=c,c++,f95
For this, you need CVS installed on your --enable-shared --enable-threads=posix export PATH=/opt/gcc/bin:$PATH
Storm in a red hat system. Once you’ve made sure you have --disable-checking --enable-long-long export LD_LIBRARY_PATH=/opt/gcc/lib:/
Despite that, the story of forks was far it, open a terminal and perform the --enable-__cxa_atexit --enable- opt/gcc/libexec:$LD_LIBRARY_PATH
from over. About a year after the following operations: clocale=gnu --disable-libunwind- into a terminal and invoke GCC or
adoption of EGCS as the official GCC, mkdir /tmp/gcc exception equivalent commands.
Intel released the Itanium, a promising cd /tmp/gcc make bootstrap The command gcc -v should now
new architecture with the potential to export CVS_RSH=ssh and as root: contain as the last line of the output
cvs -d :pserver:[email protected]:/ make install something like ‘gcc version 4.0.0
become a leading platform in the
cvs/gcc -z 9 co -P gcc This will install the compiler in /opt/ 20050223 (experimental)’, where the
middle- to high-end server sector. Red This will create a new directory, gcc gcc. The location has been chosen in date refers to the CVS version you have
Hat was faced with a problem: it inside /tmp/gcc. It’s now time to build the such a way that no conflict is generated checked out. Remember that those
wanted to provide out-of-the-box sources. If you are interested only in the with the existing GCC installation, since settings will be lost when you quit the
support for the new IA64 architecture; C, C++ and Fortran front-ends, you can you will need the old GCC for compiling shell. Of course, you can make
the official version of GCC at that time proceed as follows: new kernel modules and so on. GCC 4.0 your default compiler, but until
mkdir build The last step is to tell the system your distribution migrates to it this is
(2.96) did not support the Itanium,
cd build where to look for GCC. Type highly inadvisable.
but the upcoming version of the GNU

www.linuxformat.co.uk LXF66 MAY 2005 59

LXF66.feat_gcc 59 15/3/05 4:36:27 pm

 GCC 4.0 UP CLOSE

WHAT IS SSA?
A framework for better optimisation.
It will improve your life!
When writing code, it’s common to
reuse names of dummy variables. Take, have a new name. In the SSA
for instance, the code snippet: representation, the same code becomes:
a = 3; a1 = 3;
b = f(a); b1 = f(a1);
a = 4; a2 = 4;
The a that appears at line 3 has The scopes of the variables are now
nothing to do with the a at lines 1 and clearly exposed. This representation
2. What the Single Static Assignment offers a powerful tool for analysing
does is to give a different name to dependencies among different portions
logically independent variables, so of a program, which is the starting point
each newly referenced variable must for effective optimisations.

C trees C genericise

C++ trees GENERIC Gimplify GIMPLE GIMPLE GIMPLE RTL

C++ genericise trees optimiser expander

Java trees Java genericise 2/ The tree-SSA framework (taken from http://gcc.gnu.org/projects/tree-ssa/).
GCC writers believe it will play a vital role in optimisation advances in future releases.

>> Fortran 77, Ada and Java) has been unofficial distribution maintained in the will go to a branch, which will be the
vastly improved. As a result of the the form of a CVS branch of the main basis for the version following the next
language-independent infrastructure repository is started, to be periodically one. At Stage Three the known bugs
being revised, the generated code is synchronised with mainline. Being are fixed. The final check consists of
generally faster than the corresponding experimental software, the criteria for analysing the results obtained by
2.x executables, and support for more code that’s checked into a branch are running the compiler on the provided
architectures has been added (there less strict than those for mainline test suite: there must be no regression
are few platforms to which GCC 3.x additions. If and when the branch with respect to the previous version
has not been ported). proves to do useful work without before the compiler can be tagged
Having learned its lesson with destabilising the compiler, it will be with the release number.
EGCS, GCC now welcomes new ideas – merged with mainline. Otherwise it will The person responsible for this
and the transformed open nature of have been just an interesting exercise. process is the release manager. Since
the development process is a large Many of GCC’s major projects version 3.0, the release manager for
factor in GCC’s success and swift began life in one of these branches. GCC has been Mark Mitchell
development. CVS access is restricted The projects are overseen by the (see Q&A, right).
to a few trusted developers and, as steering committee, a group of leading
GCC is still the property of the FSF, all developers who decide what direction High hopes
contributors need to sign a copyright GCC should follow. It includes GCC is now at version 3.4.3, expected
transfer form to donate their code to developers from different companies to be the last release in the successful
the project. But there’s plenty of room and institutions (such as David 3.x series before the coming of version
for developers who want to Edelsohn, a K42 researcher at IBM, 4.0, which is at Stage Three in its
experiment with new constructs within Jeff Law of Red Hat and Gerald development at the time of writing
the framework of GCC. Pfeifer, who works on Itanium at (and the chances are that it will be out
Everyone can contribute patches SUSE), with the aim of balancing by the time you read this).
by sending them to gcc-patches@gcc. different or even opposing needs The big jump in the release
gnu.org. These will be peer reviewed, within the user community. number reflects a major development:
and if they’re considered correct, Before a new version is released, the adoption of a new optimisation
adherent to GCC coding conventions its source code undergoes three framework that makes use of the
and useful to the community, they will different stages. In Stage One the Single Static Assignment (SSA)
be checked into the main tree. project is under heavy development transformations. Once the framework
Patches that require heavy and major modifications can be matures, it will provide faster and
modification of the architecture accepted. In Stage Two only better generated code and be the
undergo a stricter review process. First, stabilisation of the approved features basis for further optimisation. The
the main code is forked. Then an can be performed. Any major revision initial SSA implementation is largely

60 LXF66 MAY 2005 www.linuxformat.co.uk

LXF66.feat_gcc 60 15/3/05 4:36:31 pm

 GCC 4.0 UP CLOSE

just a framework for the future, but readers of Paul Hudson’s LXF series
the next few releases of GCC will on compilers will know, the clever way Language 1
include optimisations (tweaks, to reduce the work is to make sure
basically) based on this initial release. that the middle-end is logically
Language 2 Architecture 1
To understand why the new separated from the front-end and the
optimisation framework will make such back-end. If the middle-end also Intermediate
language
a difference, we have to take a step makes use of a representation of the Architecture 2
Language 3
backward and talk about compilers in source code that is not language-
general. A compiler is a software specific, front-ends of different
program that transforms a text file languages can share it. Language 4
written according to well-defined In the same way, it’s possible to
lexical and syntactical rules specified interface several back-ends to the Front-ends Middle-ends Back-ends
by the programming language into same middle-end. For a compiler that
machine executable code. The follows this structure, to support x and the RTL representation is not well 2/ An ideal compiler that supports
compilation process comprises a languages on y architectures you suited for high-level optimisations. four languages on two different
architectures.
parsing part, in which the source is would need x + y separate projects Each front-end has to know about
validated; an optimisation part, in emitting or accepting code according optimisations, which – apart from
which the code is restructured for to the rules dictated by the middle- causing duplication of efforts – means
improving its performance; and a end. Fig 2 represents the structure of the quality of the generated code is
generation part, in which the such a compiler. dependent on the language and
executable is built. Technically, we refer In principle, old versions of GCC optimisation processes in the
to them respectively as the front-end, have followed that structure, with the particular front-end.
the middle-end and the back-end. front-end emitting abstract syntax What’s the answer? The new tree-
The three components do not have trees (ASTs) and the intermediate SSA framework, which will offer a
to be kept distinct, but if they aren’t, to language being Register Transfer language-independent infrastructure
support x languages on y different Language (RTL). Unfortunately for fans for optimisations, sitting as it does
architectures one would need to write of smooth compiling, the ASTs between the front-ends and the >>
x times y different compilers. As generated by each front-end differ, RTL (see What Is SSA? box, left).

MARK MITCHELL: GCC GUARDIAN

As GCC’s release manager, Mark Mitchell has the heavy responsibility of overseeing new additions to the
collection. We ask him if the project is feeling the heat from rival IBM compilers.

new version of the compiler. I also help steer It’s a pretty diverse set of goals, and
what changes go into the compiler at which sometimes the goals are incompatible.
points in the development cycle and I try to
facilitate high-level technical conversations LXF: How is GCC developed?
about the desirability of particular changes. MM: GCC is developed by a pretty large
Historically, I’ve done a lot of development team. Most of the major contributors are contain the tree-SSA infrastructure. There
of the G++ compiler. I still do some of that, now being paid for their efforts, which is are some programs that run a lot faster with
but now I’m working more on other things, somewhat different from five or ten years GCC 4.0.
including managing CodeSourcery’s rapid ago. But there’s still a tremendous amount of I think that GCC 4.1 will demonstrate even
growth. I can get a lot more done by helping volunteer effort as well. I don’t want to name more of an across-the-board win. Frankly,
others than by trying to do it all myself! particular organisations because I’ll probably replacing most all of the optimisers in GCC
leave somebody out, and I don’t want to be with brand-new technology, and having it (a)
LXF: What are the goals of GCC? accused of promoting particular interests. In work, and (b) not generate worse code is a
MM: It depends a lot on who you ask. One general, the major contributors are software huge achievement!
LXF: How have you been involved in of the challenges is that the goals of the development businesses (like CodeSourcery), GCC 4.0 also contains a Fortran 95
GCC’s development? various stakeholders are not uniform. Some GNU/Linux distribution vendors, operating front-end. It’s not as polished as C or C++ at
MM: I’ve enjoyed working on compilers and people want to see releases very frequently system vendors and hardware vendors. this point, but it’s coming along very nicely.
programming languages for a long time: in so that improvements are always available to The development model has come out of The C++ front-end is substantially faster
fact, my elementary school computer people. The distribution vendors want to see years of evolution. It’s a balance between when compiling without optimisation. As
teacher was a wonderful woman who was releases that contain the features their freeform development and a strictly top- always, there is support for more chip
very interested in programming languages. customers need on a schedule that works down model. The GCC Steering Committee variants, newer versions of operating
So I think I was doomed to like compilers for them. Some people want maximum sets some high-level policies, but most systems, and tons of bugfixes.
from about age five! backwards compatibility with older versions technical decisions are being made by the
My biggest role is release manager. I of the compiler. Some people want strict individual maintainers. There’s a lot of back- LXF: Has the availability of the Intel
decide when it’s time to officially release a conformance with language standards. and-forth between the developers to work compilers had any impact on the
out how best to solve problems. We use peer development goals of GCC?
review to check each other’s work and MM: I believe that competition is great for

“I THINK I WAS DOOMED decide on designs. GCC. People say a lot of things, positive and
negative, about the Intel compilers. I’m not

TO LIKE COMPILERS FROM LXF: What can the end user expect from
GCC 4.0?
going to do that; I’ve not examined them
closely enough to say for sure. I’m confident

ABOUT THE AGE OF FIVE.” MM: It’s going to be a bit of smorgasbord.

The reason for the major version number
change [from 3 to 4] is that GCC 4.0 will
that there exist programs for which those
compilers generate better code, and that will
push GCC to improve as well.

www.linuxformat.co.uk LXF66 MAY 2005 61

LXF66.feat_gcc 61 15/3/05 4:36:32 pm

 GCC 4.0 UP CLOSE

variables by a single operand. This

TIGHTER SECURITY Version 4.0 gives you added protection operation is known as gimplification,
and the step as GIMPLE. The step
Security-minded readers will be pleased comes in the form of the
which follows consists of a rewriting
to hear that GCC 4.0 addresses a -D_FORTIFY_SOURCE switch. When
performed with no or very little run
using SSA rules. Once the code is in
common exploit known as buffer enabled, sanity checks will be performed
overflow. This is where an attacker by the compiler, and if there is the time overhead. There are two levels of the SSA form it’s straightforward to
passes a huge string or number to a sick possibility of an overflow, more secure fortification: -D_FORTIFY_SOURCE=1 is implement some high-level
program, gaining access to memory areas library functions will be called instead of the standard, while -D_FORTIFY_ optimisation procedures before the
and often taking on root privileges. the default ones. For this reason, you’ll SOURCE=2 gives even more security, at code is passed to RTL for further
The answer is to perform sanity checks need the glibc library (version 2.3.4 or the expense of possible failures of some
lower-level optimisations (see Fig 1).
for possible buffer overflows in any line later) or a patch for it. conforming programs. Read more at
Among the optimisations that have
of code – but unfortunately this isn’t One of the biggest advantages of this http://gcc.gnu.org/ml/gcc-
done by default. Version 4.0’s solution method is that the check can be patches/2004-09/msg02055.html. been implemented are eliminating
unreachable code, constant
propagation and a sketched
Before code can be converted to To avoid heavy intervention at the autovectorisation. Some of those
the SSA form, two preliminary steps front-ends, GENERIC was written to optimisations were possible within the
are needed, which go under the translate trees emitted by the front- old framework, but the new SSA
names of GENERIC and GIMPLE. ends into a common language. Still, scheme generally outperforms it (for
GENERIC was introduced to overcome this is not enough: SSA acts on simple more, see Diego Novillo Q&A, below).
a thorny problem: though the middle- instructions; hence, lines such as
end expects input in the form of a a = b + c*d; Fortran news
common intermediate language from need to be simplified as follows: Although tree-SSA is without doubt
the front-ends, it turns out that there e = c*d; the biggest addition to GCC, version
are inconsistencies between the a = b + e; 4.0 will have many other
intermediate language that each front- so that each assignment operation improvements that catch the eye.
end emits. consists of the reduction of two Among them, the addition of Fortran

DIEGO NOVILLO: SSA MAESTRO

Much of the buzz surrounding GCC 4.0 is being generated by the new tree-SSA infrastructure,
which promises fast, language-independent optimisation. Linux Format talks to its creator.

are bound to make the branch too unstable, now implement optimisations like
particularly if mainline is in Stage 1, ie open vectorisation and software pipelining that
to major changes. If you let too much time were difficult or impossible to implement on
pass between merges, you may spend quite RTL. It also separates the front-ends from the
LXF: How did you get involved in GCC? a few hours fixing merge problems, back- and middle-ends so that adding new
DN: I am originally from Argentina and came particularly if the branch is too active, like languages to GCC won’t be nearly impossible
to Canada in 1993 to do a PhD in Computer tree-SSA used to be. anymore. Before, every front-end had
Science at the University of Alberta. I started Branches are not much different to intimate ties with the back-end and the
getting involved with compilers and ended mainline In terms of contributions either. First internal interfaces were slim or non-existent.
up developing techniques for analysing and and foremost, you have to make sure that As with any other internal infrastructure
optimising concurrent programs. everyone contributing to the branch has all overhaul, these major changes typically
In 1999 I came into contact with Cygnus their FSF copyright paperwork in order. mean little to the user. But in this case, the
and started working for the GCC team. Until As far as stability goes, branches also two major visible changes will be the
then I only knew about GCC by name – I operate in stages. Initially, you allow just inclusion of Fortran 95 and mudflap [a
had played with it a little bit during my about any change that is reasonable, and as technology for checking run-time errors]. The
research, but not to any serious extent. After you are getting ready to merge into mainline new optimisations will probably help some We are also
graduation, I relocated to Toronto and kept you start clamping down. The tree-SSA users. For instance, the new scalarisation starting to add intermodule optimisations –
working on GCC (now as part of Red Hat, branch was pretty flexible initially, but in the capabilities are likely to help C++ code with optimisations that can work across function
since [Cygnus was] acquired in late 1999). months prior to the final merge, I would not lots of short-lived small objects that were calls and even file boundaries. Explicit
allow any patch that broke bootstraps on the demoted to memory too early in previous concurrency in the form of OpenMP [a
LXF: What does it mean in practical terms 5 or 6 architectures I was testing. Even if the versions of GCC. Also, the autovectorisation shared-memory API] or something along
to be the maintainer of a branch of GCC? patch was not at fault, we would remove it passes may come in handy for some codes. those lines is also likely in the mid- to long
DN: The work isn’t much different to what and ask the author to figure it out. I don’t expect GCC 4.0 to do the job term. Dynamic languages like Java will also
you do on mainline. Perhaps the major across the board, but the new architecture benefit from the new architecture. People
liability is merging changes from mainline LXF: Can you explain what tree-SSA is? will certainly help us improve and maintain it will be able to implement analyses like
into the branch. It’s a delicate balance you DN: Basically, it is an overhaul of GCC’s a lot better than before. escape analysis and devirtualisation.
have to strike – if you merge too often, you optimisation infrastructure. With it, we can
LXF: How do you see the future of LXF: Do you plan to work on other
tree-SSA and of GCC in general? innovative projects for GCC?

“SOPHISTICATED LOOP DN: GCC is becoming a pretty good

compiler and it’s quickly assimilating modern
DN: I’m very interested in GOMP, an
implementation of OpenMP. In the short

TRANSFORMATIONS WILL optimisation techniques that were previously

only seen in commercial compilers:
term, I’m working in several propagation
optimisations to help analyses like mudflap

POP UP IN NEW VERSIONS.” vectorisation, for instance. Expect several

sophisticated loop transformations to start
popping up in subsequent versions of GCC.
reduce the amount of memory-bound
instrumentation. I’m also interested in
reducing bounds and type checking for Java.

62 LXF66 MAY 2005 www.linuxformat.co.uk

LXF66.feat_gcc 62 15/3/05 4:36:34 pm

 GCC 4.0 UP CLOSE

they are buying CPU time, which is

fairly likely among number crunchers).
Whatever your background, we’re
sure that you want benchmarks for
GCC 4.0, and we are not going to
disappoint you. However, the usual
caveat that the only benchmark that
should really matter to you is the one
based on your code still applies. We
should also point out that CVS
versions of the compiler are very
different from stable versions, even if
they have the same release number,
so you should take the benchmark
95 support in the form of gfortran private. In older software this feature results as a very rough estimate, with >>
(short for the GNU Fortran 95 project) required a substantial amount of the understanding that the stable
will be welcomed by the many monkeying to make it work. New
scientists and engineers who use this projects are encouraged to use visibility
programming language – Fortran has options right from their inception.
never been one of GCC’s strong points. With a careful choice of private
Gfortran (http://gcc.gnu.org/ symbols, the loading time of a library
FFT
fortran) is a good example of the can be sharply reduced. It also gives GCC 3.4.3
benefits of a more open development the added benefits of up to 20% GCC 4.0
model. It was forked from the original reduction in the size of executables,
g95 project (still under heavy better scope for the optimiser to SOR ICC 8.1
development at http://g95.sf.net) improve the code and reduced
because the maintainer of g95 liked likelihood of symbol crashing. The
Computational kernels

to keep very tight control. The advantage of using the visibility

developers of what is now gfortran features should be pondered on a MC
argued for tighter integration with GCC case-by-case basis; however, any large
and bet on tree-SSA succeeding when C++ library making heavy use of
it was still an experimental project. templates is expected to benefit
Their bravery is about to be rewarded – considerably from them. That said, it is
like any other GCC subproject, gfortran for C++ programs only – KDE and
MML
is now the property of the FSF (for OpenOffice.org are already taking
more, see Paul Brook Q&A, page 64). advantage of this, but Gnome – being
Even at this early stage of C-based – has not and will not.
development, gfortran has the Among other improvements in LU
potential to fill the gap between version 4.0, we’re excited by the
Fortran and the other languages (promised) much faster C++ parser,
supported by GCC, and has been the new ABI for Java and the
reckoned mature enough to replace implementation of some mathematical Com
the ageing g77 front-end, although functions on the IA32 and x86-64
there is still some work to be done. In architectures as inline intrinsics, for the
particular, the compatibility with benefit of number crunchers. A
0 250 500 750 1,000
Fortran 77 is still far from perfect. For complete list of all the features of GCC
this reason, Linux distro vendors are 4.0 can be found at http://gcc.gnu. Mflops
expected to provide a port of g77 org/gcc-4.0/changes.html.
KEY

alongside the new gfortran.

Mflops = Floating point operations
More speed
per second, in millions
Symbol clearout Of course, everyone wants a fast
The slow start-up time of essential compiler and everyone expects a new FFT = Fast Fourier Transformation
software like OpenOffice.org, Mozilla, release of a compiler to be faster than SOR = Jacobi SOR
KDE and Gnome is a common gripe the previous one. However, there is no MC = Monte Carlo integration
among Linux users. With GCC 4.0 this universal consent about the meaning MML = Sparce matrix multiply
should be greatly speeded up – of the word ‘faster’. Maintainers of LU = LU factorisation
provided that software developers large software repositories for which Com = Composite score
make use of the new features. The key speed is not critical would prefer a
is the new GCC visibility patch. This compiler that focuses on improving
offers you the possibility of deciding the compilation time, while people
which ELF symbols should be who deal with performance-critical 3/ Floating-point performance of GCC 3.4.3, GCC 4.0 and ICC 8.1 as
measured by the benchmark suite SciMark2, which was developed at the
exported (ELF is the format of Linux software would rather benefit from US National Institute of Standards and Technology to compare processing
executables) and which should remain shorter execution times (especially if speeds of programs written in both C and Java.

www.linuxformat.co.uk LXF66 MAY 2005 63

LXF66.feat_gcc 63 15/3/05 4:36:38 pm

 GCC 4.0 UP CLOSE

>> version will be no worse than the performances are plotted in Fig 3 (for
experimental one. details about the various tests, refer to
PAUL BROOK: FORTRAN VISIONARY
The same applies to gfortran, the home page of the benchmarks).
Together with Steven Bosscher, Paul Brook made it his mission to
which at the moment runs at about GCC 4.0 overperforms its
have a Fortran 95 front-end as a part of the official GCC distribution.
We asked Paul where the project’s at today. half the speed of the Intel Fortran predecessor in most tests, often by a
Compiler version 8.1 in our self- wide margin. Even more excitingly,
developed Fortran 90 benchmark GCC 4.0 now runs neck and neck with
suite (we could not compare directly the Intel compiler, and outperforms it
LXF: Why did you decide to fork g95?
PB: The original g95 author likes to keep with GCC 3.4, since Fortran 90/95 by a significant margin in at least two
very tight control of the project, ensuring support is a new feature of GCC 4.0). tests. Still, at the moment a tedious
that all code meets his personal standards With all this in mind, we tested the optimisation bug (a wrong move of
and ways of doing things. We felt that it performance of the code generated floating-point variables through integer
was important to have a more open by GCC 4.0 CVS with the SciMark2 registers) affects the performance of
development environment, and to work
benchmark suite (http://math.nist. GCC 4.0. As this bug will be fixed
more closely with the rest of the GCC
community. Our initial goal was to integrate
gov/scimark2), designed for gauging before the official release, expect the
gfortran into the main GCC CVS repository, the speed of floating-point operations, official version to perform much better
making it part of official GCC releases. and did the same with GCC 3.4.3 and than in our tests. We don’t expect you
the Intel C Compiler release version to have a dual Opteron on your desks,
LXF: Is there any cooperation among 8.1. For the GNU compilers we used so we repeated the tests on a Pentium
the two Fortran implementations of
the optimisation flags IV 1.7 GHz with 768 MB of RAM, which
GCC? For instance, are you exchanging
‘gcc -O3 -funroll-loops -D__ threw up roughly the same results.
code for the libraries?
PB: No, not much. In practice the two NO_MATH_INLINES -ffast- The tests confirmed our hopes that
projects have diverged sufficiently that math -march=opteron - GCC 4.0 will be a great release. But
most changes do not transfer easily. mfpmath=sse,387 -ftree- the GCC developers have no time to
There has also been some difficulty vectorize -onestep -fomit- bask in the glory, since they are
obtaining up-to-date versions of the g95 frame-pointer -finline- already working on new features and
source code.
functions -static’ additions. GCC still lags behind
except for the -ftree_vectorize commercial competitors in the high-
LXF: How long have you been working LXF: What needs to be done to
on GCC? consider the implementation complete? option, which is specific to tree-SSA performance computing market, and
PB: I’ve been involved with GCC since I left PB: Gfortran should still be considered (other tree-SSA optimisation options we expect this gap to be filled pretty
university in 2002, and have been working beta quality. Most Fortran 95 language are automatically activated by the -O3 soon. The GOMP project (http://gcc.
for CodeSourcery on GCC for just over a year. features have been implemented, and switch). For ICC we used: gnu.org/projects/gomp), aimed at
I’m joint maintainer of the GCC ARM back- some large applications (eg the SPEC ‘-O3 -tpp7 -xW -ipo -align - providing support for the powerful
end and Fortran front-end, and spend most CPU2000 benchmarks) can be
Zp16 -static’. OpenMP parallel instruction extensions,
of my time working on these. successfully compiled. However, there are
still many bugs, and many of the language
Without the static option, which would is an initial step in that direction. LXF
LXF: Why do you believe that GCC must extensions supported by g77 aren’t yet have hidden the features we were
support Fortran 95? implemented. interested in. The compilation time on
PB: Fortran is still quite widely used for I’ll consider gfortran done when the few 4.0 was on average about 10% slower ACKNOWLEDGEMENTS
computationally-intensive numerical remaining corners of Fortran 95, and most than on 3.4.3, and the size of the
simulations, particularly in academic of the extensions supported by g77, are Thanks to Vladimir Marakov, Paolo
executable was about 2% larger. The
institutions. It is quite common for new code working. GCC 4.0 will be the first GCC Bonzini, Uros Bizjak and especially
generated code was then executed on Richard Guenther for discussing
to be written in Fortran 95, then combined release to include gfortran. We expect that
with legacy Fortran 77 libraries. by then gfortran will be usable for many a dual AMD Opteron 244 processor optimisation flags in GCC 4.0.
Support for Fortran 95 is essential if GCC purposes, though it may not be suitable as machine with 4GB of RAM. Measured
is to remain a viable alternative in this area. a production compiler or as a direct
GCC’s free availability and portability to a replacement for g77.
large number of hardware and OS platforms
make it particularly attractive for a user LXF: Do you have any idea of how
wanting to develop an application on a local gfortran compares in terms of
workstation, then migrate it to a high- performance with commercial
performance cluster. implementations such as Intel’s?
PB: For Fortran 77 code gfortran should
LXF: How did you get the idea of adding generate code that is at least as good as
F95 support to GCC? g77, and comparable to many commercial
PB: My final year project at university compilers. For some complex Fortran 95
involved modifying a fluid simulation code code we generate code that is significantly
written in Fortran 95. I was frustrated by the slower than commercial compilers. Most of
lack of a free Fortran 95 compiler, which the work on gfortran is concerned with
meant I was restricted to working on a few correct implementation of missing features:
university machines. there’s a lot of work left to do to improve
After finishing university I joined the g95 performance. Having said that, gfortran
project. At that time g95 could parse most uses the same optimisers as GCC and
Fortran 95 source, but had no real code G++, so any improvements to these will
generation capabilities. Like most recent benefit gfortran. GCC 4.0 will contain many
university graduates I had quite a bit of spare new optimisations, like autovectorisation.
time, so wrote the code to glue g95 and These should help close the gap between
GCC together. gfortran and commercial compilers.

64 LXF66 MAY 2005 www.linuxformat.co.uk

LXF66.feat_gcc 64 15/3/05 4:36:40 pm

 INTERVIEW STEPHEN TWEEDIE

D
espite most of us thinking Linux that took a long time to flush LXF: So you’re still adding to
that the ext3 journalling out – just generally stabilising. ext3?
filesystem is a finished work, For ext3 I simply wanted to ST: The whole on-disk filesystem has
development on it continues continue that, to add journalling so versioning flags and feature flags in
at a furious pace in the 2.6 you didn’t have to do a complete the superblock. Those flags allow you
kernel. The coders behind it filesystem check every time you to add new features, and to record in
– spearheaded by author and Red Hat crashed, The goal was to make it as the superblock which of these features
fellow Dr Stephen Tweedie – continue completely compatible as possible – are present.
to make it more stable while no rewrites of the code, no major
squeezing out all the performance unnecessary changes. Just as simple LXF: Could you explain superblock
they can. as possible: add journalling. for our readers?
ST: The superblock is a sort of header

Mr Reliable
that tells the kernel… it describes the
layout of the filesystem. When your
system boots up, the superblock is the
first thing the kernel looks for – one of
the things on there is the feature flag
‘is the journal enabled?’.
As an example, there are a few
different feature sets. One is
‘compatible’, the other is ‘read-only
compatible’, and one is ‘incompatible’.
When the kernel is told to mount a
filesystem, and it sees an unrecognised
feature on that filesystem, it will react
according to which feature it is. If it is a
Writing a filesystem takes a programmer a cut above the rest. Writing a compatible feature, it will just mount
filesystem that’s reliable to the extreme? That takes Stephen Tweedie… the filesystem anyway.
So, for example, if you had a
feature that says, ‘there’s extra
We caught up with Dr Tweedie and The idea was to copy the codebase performance information on this disk’,
asked him about his original vision for from ext2 to ext3. The only reason it you can actually use the filesystem
ext3, his plans for the future and what has a different number is that I wanted safely without that information, so
else he finds cool in the kernel… to work with both filesystems in my that’s a compatible feature. If it’s a
tree at the same time, so that I had read-only compatible feature, then
LXF: Everyone knows you for ext3 my system running on ext2 and could you say ‘well, the disk is laid out that
– you’re the man that made it have a test filesystem running on ext3 the kernel can read, but there’s extra
happen. Can you tell us what your for development. Ext3 is just ext2 with stuff you don’t know about that has to
design goals were? an extra inode on disk. Ext2 has a be kept consistent, so it’s not safe for
ST: I am fundamentally very number of reserved inodes defined an old kernel to write to’. An
concerned with filesystems. I believe already; we’re using them for the incompatible feature is one that says,
that filesystems should be – as far as online resize inode, access control lists. ‘there’s something on this disk that you
a user is concerned – an amazingly You can create an ext3 filesystem, just don’t understand, so don’t try to
boring thing. Once your filesystem unmount it then remount it as ext2 mount it at all’.
starts displaying curiously interesting and it will be fine – the two are In ext3, the journal is a compatible
behaviour you start to worry. completely compatible. This feature. The existence of a journal file
I got involved with ext2 early on, compatibility is there so that people doesn’t stop you mounting it as ext2
working on the performance side of could upgrade transparently from ext2 with an older kernel. However, when
things. I wrote the defragmenter, and to ext3 just by adding a journal. ext3 is mounted and the journal is
that had to interact with ext2. Ext2 active, it sets another feature flag that
had no intelligent placement policy for LXF: A lot of people, including us, says the journal needs recovery and
placing stuff on disk, and any view ext3 as a finished work. that the feature flag is incompatible.
defragmenter had to interact with ST: No software is ever finished – at That stops you mounting an unclean
what the kernel was placing – called a least until the author decides he isn’t ext3 filesystem as ext2 and losing the
usermode defragmenter. going to write code for it any longer. journal recovery. Once the journal has
So, I got involved with ext2 doing
the enhanced block allocation stuff,
and it was just a gradual process of
improvement on ext2. But really, a lot “COMPROMISE IS PRESENT
of that stuff we did early on was
making it stable and getting the really
IN EVERY PART OF KERNEL
hard bugs out of it. There were one or
two core VFS bugs very early on in
DEVELOPMENT.”
66 LXF66 MAY 2005 www.linuxformat.co.uk

LXF66.iview 66 15/3/05 5:53:56 pm

 INTERVIEW STEPHEN TWEEDIE

been recovered, that clears the flag inode tables and ones that organise it definitions, but it does require some
and you can mount it as ext2. as a tree. There are flexibility small amount of filesystem work.
These feature flags give us a way of advantages in both – you can grow
expanding the filesystem’s capabilities the number of files in a system that is LXF: You mentioned what changes
without having a completely new not statically allocated, but in a system were needed to enable SELinux;
revision of the filesystem. Recently that is statically allocated you can and it’s a given that they were
we’ve had the extended attribute code recover deleted files. going to be prioritized quite highly.
go on, and online resize has gone in. The ideal would be that most users But how do you determine the
One of the recent [additions] was large would not encounter these special priorities of other extensions and
inodes – you can have inodes larger edge cases. SELinux has been one of new features – is it just by what
than 128 bytes on disk. That has been the concerns recently, where ext3 and things you personally think are
used to allow us to put some of the
extended attribute into the inode block
XFS were the first two to get the
necessary extended attribute support;
cool, or are they things that are
demanded by the community?
>>
itself – it’s more efficient that way. Reiser came later.
All these features are just marked
in the superblock how compatible LXF: So Reiser now supports
they are. We haven’t had to do a new SELinux?
ext4 for any of these. ST: Reiser3 supports extended
attributes, and I’m fairly sure that it
LXF: There are obviously a number supports SELinux too – I would have
of different Linux filesystems, and to double-check that. SELinux requires
some seem to have certain a way for the filesystem to let the rest
notoriety for particular of the kernel know whether this is a
applications. XFS, for example, is special reserved attribute or not. We
claimed to be faster when dealing don’t want normal users to go around
with bigger files. Is it necessary to changing the SELinux context on their
make compromises to ext because own files, so there has to be some way
it’s a general filesystem, or can of flagging what kind of attribute this is
any filesystem include these at the filesystem level. Typically that’s
enhanced features? just a case of adding a flag
ST: Well, ext3 is being continually somewhere in the filesystem
enhanced. The hashed directory trees
allow us to have many more files in a
single directory efficiently. 2.6 has
redone a lot of the locking in ext3 to
make it more scalable in SMP, and
also more scalable when you have
many parallel transactions going on.
But there will always be other
filesystems, and there will always be
room for filesystems that are
customised for specific workloads. The
flash filesystems, for example, are very
specialised, and even in general on-
disk filesystems there are things that
are still not in ext3 that are helpful in
certain situations. XFS has extent
maps, so an entire large chunk of disk
can be mapped by a single descriptor
in an inode so that you have much
less metadata to hunt through when
trying to map a large file to disk.
There are some fundamental
differences between certain filesystems,
but not that many. If you think about
LFS [the log-structured filesystem] –
that has a very different way of dealing
with filesystems, and completely
different performance characteristics.
Most of the Linux filesystems – ext3,
JFS, XFS, and Reiser – don’t do that.
You have a difference between
filesystems that statically allocate their

www.linuxformat.co.uk LXF66 MAY 2005 67

LXF66.iview 67 15/3/05 5:54:00 pm

 INTERVIEW STEPHEN TWEEDIE

Mr Reliable
>> them up to get them into proper
shape to get them into Linus’s kernel.
LXF: So apart from ext3, what
other things are there in the
There have been many other people kernel that are cool and that
involved, so partly it’s what others are interest you?
able to develop. ST: Well, in the last 12 months it was
ST: It’s a combination. Partly it’s how But my aim is to have a filesystem SELinux. Right now, I think that Xen
easy is it do to. I had a vague design that is reliable and usable. That means virtualisation is looking very interesting,
for ext3 long before I started working that performance bottlenecks and and I can see that eventually giving
on it. But I was working on DEC [now required functionality are more me the ability to test a cluster on a
part of HP] at the time and didn’t important to me than adornments like single box. I get kernel boot times of
have the time to sit down and do the shiny bells and whistles. about ten seconds on a Xen partition.
journalling layer. Once I started With boxes with SCSI adaptors and
working for Red Hat it was much LXF: So there’s a compromise lots of memory, it can take two or
easier to find that time. between things you want to work three minutes just to get through BIOS
There are other extensions that are on and getting the existing stuff when doing a physical reboot, so there
relatively minor, and much easier to do reliable? are all sorts of advantages as a
in my spare time while at DEC, so that ST: Yes, but that conflict is present in developer for using Xen.
was part of it. The ext3 reservations every part of kernel development. It’s
code that went in was started off by one of the big debates we’ve had in LXF: Will Xen be shipped out of
people at IBM. In those cases I helped 2.6: to what extent should Linus’s tree the box with RHEL?
do all the final code reviews, tidying be stable? The feature rate in 2.6 is far ST: No, but it is now in the Rawhide
higher than we had in 2.4. We have tree for Fedora, though there is still
Andrew Morton’s -mm tree for a lots and lots to be done there. They
proving ground before it goes into are only starting to get SMP tests
Linus’s tree, so things have a chance working, and the only stable tree is
to stabilise. x86. They are still working on x86-64
But there’s always a trade-off and IA64. I hear that those ports are
between the benefit a feature would going well, but they aren’t really stable.
give and the risk of changing code. It’s so new that until people start
That’s one of the main values that deploying it and testing it widely you
vendors have – even within the just don’t know it will work.
kernels that Red Hat produces, you You don’t make an enterprise
have a choice between the rapidly- product just by doing some testing –
changing Fedora that has a higher risk you get lots of people to test it, you
kernel and the ultra-conservative, stress all sorts of edge cases and
change-as-little-as-possible Enterprise corners that you wouldn’t anticipate.
Linux kernels. There’s a whole Until it’s had that kind of exposure, it’s
spectrum of risk trade-offs there, and not really trustable for enterprise work.
one of the advantages of Linux is that That kind of technology is interesting,

“THERE’S ALWAYS A you get to choose. I run Rawhide on

my laptop, but I wouldn’t recommend
and having it in Fedora is a great way
of getting more people using it. Purely

TRADE-OFF BETWEEN THE you run it on your enterprise Red Hat

web server.
from a developer’s point of view,
virtualisation is really cool. I used to
BENEFIT AND RISK OF A LXF: The ReiserFS team make a
use QEMU to run virtual hosts. It’s a
bit slow, but it’s useful. User-mode
NEW FEATURE.” big deal out of their filesystem’s Linux has been useful in the past.
performance. If what they say is Kernel development is
true – if Reiser really is much fundamentally different from
faster than everything else out userspace, because kernels don’t
there – why don’t you join their behave repeatedly. If you run a user
efforts? program, you expect it to run in exactly
ST: I don’t have any particular interest the same way each time. But in the
with working on Reiser. There are kernel the timing is always important –
plenty of other things I would quite tests are never quite repeatable,
like to get involved with. I feel I have a especially for the filesystem. Having
responsibility to ext2, I feel I need to virtualisation is one of these tools in
help continue that. But if in three of the toolbox that will help.
four years’ time another filesystem is
so far ahead of the field that it’s LXF: We can’t even imagine how
clearly the only one to use, then good you’d start to debug a
on them! It may be that there are still filesystem…!
compromises and that people want ST: All sorts of ways. You sit there
choice; choice is always a good thing. adding print statements to the kernel

68 LXF66 MAY 2005 www.linuxformat.co.uk

LXF66.iview 68 15/3/05 5:54:04 pm

 INTERVIEW STEPHEN TWEEDIE

“I DON’T HAVE ANY PARTICULAR

INTEREST WITH WORKING ON REISER.”
and see what comes out. One of the So that’s always been something
things in the 2.4 kernel that helped… that I’ve enjoyed doing. Of course, I
Andrew Morton added a buffer history wear two hats – my Red Hat and my
to ext3 so that you can trace activity kernel developer hat. For Red Hat,
of usage in the filesystem, If something that’s still part of what I do. Customers
goes wrong, you can easily identify it coming in with problems have Level 1,
and figure out how it got there. 2, and 3 support, but eventually
This allows you to find out why it problems that have been properly
went wrong. Sometimes it’s just a categorised come down to engineering
matter of staring at the code and for debugging and fixing.
trying to reproduce it enough times to That side of my work isn’t actually
finally make it crash – something that very different to being in a support
gives you an “aha!” moment. organisation for a company. The other
I had a problem I spent three side of things, kernel development,
weeks trying to solve, and it turned out isn’t very different to what I was doing
to be a hardware fault. It looked like a part-time while working at DEC. That
software fault, because if I built the hasn’t changed very much, although
scheduler with a particular set of now it’s actually being done on >>
compiler options it worked fine, but if I company time!
used a different set of options it broke.
So I was going through the assembly
listing saying, “OK, which bit is being
miscompiled… which optimisation is
going wrong and breaking this?” Then I
changed the hardware, and it was fine.

LXF: As a high-profile contributor

to the Linux kernel, do you find it
hard to work on such a visible
project?
ST: Doing what I want to do is largely
what I am doing. 1.2.13 was a relatively
stable kernel, but we had a number
of users who were really
pushing it to the limits.
There were people
running 100 modems
off the back of a single
Pentium 200. They were
pushing the PPP stack
really hard, so there were a
few of us – Alan Cox, myself, and
others – who were maintaining a
branch called 1.2.13LMP.
Part of what I like doing with Linux
is making it really reliable, and that
was essentially become a
maintenance engineer. Some of the
things that Alan was doing was taking
a variable-frequency square wave
generator, plugging it into a serial port,
then ramp the frequency up to see
how quickly the machine dies. He
fixed some amazingly subtle bugs in
the serial stack doing that, and ended
up with a machine that would happily
run for years on end.

www.linuxformat.co.uk LXF66 MAY 2005 69

LXF66.iview 69 15/3/05 5:54:08 pm

 INTERVIEW STEPHEN TWEEDIE

“IT’S HARD TO MOTIVATE

PEOPLE TO FIX BUGS IN
FIVE-YEAR-OLD CODE.”

Mr Reliable
>> learn a bit more. Debugging and
finding these problems is a part of the
the problems with the first version. So
it’s an iterative thing.
development process. If you were just This is one of the things that
working on upstream, you would like commercial companies have had to
to do that on 2.6. learn when dealing with the
LXF: Are there many trade-offs With Red Hat, we have customers community. There has been a
between what you want to do and who will want those fixes on 2.4.9. I temptation to go off and write some
what Red Hat needs you to do? wouldn’t say there’s a conflict of new feature, then try to give it to the
ST: Well, sure – there are always trade- interest, but there’s stuff you’re doing kernel and dump a pile of code.
offs. It’s hard to motivate people to fix for commercial reasons as opposed to Upstream doesn’t like that. They like to
bugs in five-year-old code. But one of just being interesting. But I’m have a set of patches that address the
the promises we’re making to our interested in making this stuff usable, problem, that are broken down into
customers is that Enterprise Linux 2.1 so that’s OK. clean, well described subunits. If you
– 2.4.9-based code – will still be bug- follow that way of business with
fixed. As a developer you usually want LXF: Would you describe yourself upstream, then people have a good
to work on the cutting-edge stuff. And as a good coder, then, or do you chance of seeing the patch,
OK, that’s still valid – that’s part of get many patches rejected? understanding what it does, and
being a developer. ST: I would hate to try to characterise commenting on it.
But I believe you don’t really myself like that – you would have to You’re not saying “please merge
understand code until you have ask somebody else! But I don’t usually this” the first time you have a version.
debugged it, and that goes for code get too much rejected. A lot of the You say, “here’s an initial prototype,”
that you have written yourself. You time that’s because patches initially go and you’ll get comments from the
write a whole pile of code, then out as requests for testing and community about what its good and
discover a subtle bug in there. And requests for comment. By the time bad points are. So, you’re not actually
while fixing that bug, you suddenly you actually submit that to the kernel, getting rejected at that point, because
realise that there’s an aspect you you’ve already had quite a lot of all you’ve done is floated an idea – not
didn’t understand properly, and you feedback – you’ve addressed a lot of submitted it for inclusion. LXF

70 LXF66 MAY 2005 www.linuxformat.co.uk

LXF66.iview 70 15/3/05 5:54:12 pm

 LINUXPRO SECURITY

SECURITY

THE NEXT
BIG THREAT?
Worried about the future? Given the growth of
spyware, perhaps we all should be, says Nick Veitch.
Computer viruses have been with us for some time. Although headline-grabbing tales spotted. A recent survey conducted by Cyberguard found
like the Melissa and Kournikova outbreaks alerted the world to the dangers of viruses that the average Windows desktop has 13 adware or spyware
and their devastating power, we have, to be frank, got off lightly so far. Plenty of components installed.
people have suffered badly at the hands of some virus strains, but in most cases – even In the past, adware has not raised too many concerns.
when the virus caused substantial damage – companies have got up and running again The more annoying examples may reset browser homepages,
in fairly short order. rewrite search results or layer specific ads over the browser
Aside from that, pretty much everybody now uses some window. Though this doesn’t result in any damage, it can still
form of virus scanning, either at the mail gateway, on the be a tremendous waste of bandwidth – some analysts
desktop, on the server or (in smart companies), everywhere. estimate that the content-heavy ads served up by such
There are plenty of solutions available from reputable software can account for 40–50% of the web traffic going to
companies, and keeping up to date isn’t much of a problem. an affected browser. Of course, many adware applications are
We shouldn’t get complacent, but viruses are not the threat ‘legitimate’, in the respect that the software itself requires the
they once were. user to accept advertising as a condition of use. Whether
In many ways, adware and spyware are building up to be they have been installed legitimately is another matter.
the bigger headache. With viruses, most attacks are apparent The line between adware and spyware becomes blurred
fairly immediately. Even though they can cause devastating when the software component also relays your surfing habits
damage, they can to an extent be protected against, and a back to base, or keeps a record of the ads that you clicked
sensible backup policy will mean that no critical data is lost. on. More obvious spyware may attempt to locate useful
information in your user account area. It can target simple
SILENT MENACE stuff such as your email address books, but spyware has
The dangers posed by spyware are completely different. been found that searches through text files for useful
Often in the form of cookies and occasionally legitimate, numbers, potential passwords and so on. Spyware isn’t just
spyware applications at the simplest level monitor a PC user’s about stealing saleable contact data anymore, it can do a lot
behaviour online. A hacker can gather personal data this of the donkey-work for identity theft, too. Identity theft is one
way; or a company can trigger ads when the user visits a of the fastest growing crimes in the UK, and in spite of the
certain site (this is adware). Apart from those that make their adverts, it isn’t always as a result of Alistair McGowan
annoying presence felt, spyware applications slip on to rummaging through your bins – online fraud is surging, as
systems without a sign and exist happily without being recent reports have revealed.
While this is all very disconcerting for the home user, it
should strike slightly more fear into the corporate
environment. Theft of data from workstations may result in
more than the regrettable but hardly life-threatening loss of
an employee’s credit-card details. What if the spyware were
able to make off with some customer data?

LINUX IS SAFE... RIGHT?

Linux is inherently more secure than many other desktop
operating systems. The lack of user access to core system
files is a great safeguard. However, it is still possible for
malicious software to manipulate and install itself in the user
filespace, and even run itself from there. It may only have
access to the user’s data rather than the whole filesystem,
Use a firewall like this Astaro AA10 in but this is all most spy- or adware needs.
combination with other security tools
such as content filtering, which you As Linux use increases, and open source software
can get from Astaro on subscription. becomes more of a target, there is a real possibility that

72 LXF66 MAY 2005

LXF66.adware 72 17/3/05 10:21:47 am

 Linux-based malware will evolve. For the moment Windows
desktops are those most under threat. This is good news for
those with heterogeneous networking solutions, because
Linux can form part of a possible solution.

DEFEND IN NUMBERS
Because adware and spyware components very often use
the same web services as those used by browsers for normal
operation, it is rather difficult to keep them out using software
layers or even firewalls. A firewall may block dodgy sockets
being opened, but when the data appears to be a
straightforward web request, it’s a little harder to protect
against. And while most ISPs these days will run anti-virus
and anti-spam software as a service for users, adware
blocking is not something that’s easy to operate in this way.
There are plenty of adware-blocking clients. Even
Microsoft has acknowledged the threat, offering a free
downloadable adware scanner. It is certainly advisable to
deploy the clients – it can’t hurt – but it may be a mistake to
rely on them alone. Essentially they work in the same way as
anti-virus software. They have a ‘brain file’ of known problem
software which they scan for and remove.
Unfortunately, users can’t be relied upon to update the
software, or to run it. Even when the clients are set to
autorun on start, users can often find ways of interrupting
them to get on with work. And of course, many scanners
won’t stop the software being installed in the first place;
they’ll just remove it once it has breached the firewall.
A good backup defence may be content filtering. From
the fairly crude solution of preventing certain file-types ever
getting to the browser in the first place, to a more complex
solution involving what type of data is allowed to be
transferred and where, content filtering allows a
proportionate response to the dangers of spyware. It’s no
magic bullet: steps still need to be taken to prevent spyware
being installed by other means (such as from locally-

“SPYWARE ISN’T JUST ABOUT

STEALING DATA ANY MORE.
IT CAN DO A LOT OF THE DONKEY
WORK FOR IDENTIFY THEFT, TOO.”
mounted CDs). A simple host blacklist may not be sufficient
to negate all threats, but at least more advanced content
filtering software can dynamically filter out suspicious data.
There are plenty of Linux solutions for content filtering.
Those you might consider include:
■ SurfControl (www.surfcontrol.com) A commercial tool
that offers rules-based as well as list-based filtering.
■ Dansguardian (http://dansguardian.org) Excellent open
source (GPL) filtering, but it does require some user setup.
■ Astaro (www.astaro.com) Astaro produces a secure
Linux distro and a number of appliances and software.
■ Smoothwall (www.smoothwall.com) A module
supported by SmoothWall for its corporate software editions.
The idea of using content filtering to protect against
adware and spyware connections may not yet be fully
developed – but it will be and there’s nothing to stop you
using the more advanced solutions right now. ■■■

LXF66.adware 73 17/3/05 10:21:50 am

 LINUXPRO TRIPWIRE

SECURITY

INTRUDER
ALERT!
Don’t trust your defences to a firewall alone.
Nick Veitch sets up some booby-traps.

Securing your systems with iptables-based firewalls is sensible. Locking down

services and closing ports you don’t intend to use is equally so. But you can’t leave most up-to-date version already if you have a fairly recent
security at that. Sure, nine times out of ten, when someone exploits a vulnerability distro. Packages are available for SUSE, Fedora, Mandrake,
and compromises your server they’ll leave a trail like a radioactive slug, which you’ll Debian and so on, or you can grab the source from
be able to use to fix things up again. But malicious hacker number ten may be http://sourceforge.net/projects/tripwire.
smarter, and leave no clues about how they got in, or what they are up to... Whichever way you get it, you’ll still need to do some
work. As Tripwire is policy-based you need to create the
policy files for your system. Let’s take a look at the build first.
A typical modern Linux workstation can have a quarter of
a million files on it – KDE alone has over 16,000 INSTALLING TRIPWIRE
components – and there’s no way you can spot when a While Tripwire comes packaged with most modern Linux
corrupt binary has appeared, or a configuration file subtly distributions the installers won’t set Tripwire up to work
edited, without outside assistance. effectively with your system – they’ll usually provide a
Any good intrusion detection system should be able to generic set of configuration files and nothing else.
securely monitor the files on your server or desktop and Also note that Tripwire 2.3 is only suitable for Intel Linux
detect suspicious changes. One such tool is the excellent systems, while earlier versions ran on BSD and non-Intel
Tripwire. Tripwire is a policy-driven filesystem scanner – that is, Linuxes, as well as other Unixes. For this reason, some quite
it has a predefined set of configuration files and a database early versions of Tripwire are still kicking about; for example
that tells it what your filesystem should look like. You can SUSE 7.3 ships with Tripwire1.2 rather than Tripwire 2.3. You
safely exclude those chunks of the filesystem that aren’t can use the older, free, Tripwire; or download the Tripwire 2.3
important to system integrity, such as individual user sources from SourceForge and compile them yourself.
accounts: serious hacking attempts focus on subverting the Kim and Spafford wrote To do this, extract the tarball, cd into the src subdirectory,
operating system tools, and user data is rarely a target. Tripwire in 1992 while at and type make release.
Indiana’s Purdue University. Kim
When you first run Tripwire, you create a baseline is now CTO of the corporation tar xvzf tripwire-2.3.1-2.tar.gz
database that contains a snapshot of your important files that sells enterprise versions. cd tripwire-2.3.1-2
(and an MD5 checksum for each of them). You then place
the baseline database on a read-only medium such as a
write-protected floppy disk or a CD, so that if a hacker gains
access to the machine they can’t spoof the database.
Subsequently, you run the Tripwire tool to scan the
filesystem, and it will report only those files that have
changed. If you are confident that the machine is secure and
the only changes are official ones, you can merge approved
changes into a new baseline database copy: if you’ve been
attacked, the output from Tripwire will tell you what files the
attackers have changed.
Tripwire1.x was originally a free software project, released
under the GPL and written to run on any Unix system. The
developers subsequently created a company, Tripwire
Security (www.tripwire.com), to sell commercial versions
of Tripwire and ‘change auditing’ products for business.
However, the GPL version of the software is still available,
supported by Tripwire the company. This app hasn’t changed
much in the last couple of years, so you should have the

74 LXF66 MAY 2005 www.linuxformat.co.uk

LXF66.tripwire 74 15/3/05 6:03:29 pm

 TRIPWIRE LINUXPRO

cd src The task of editing a Tripwire

policy file is made easier by the
make release
comments littered throughout.
The makefile provided with the sources doesn’t install
Tripwire 2.3; to do that, you need to edit the file install.cfg
(located in the subdirectory tripwire-2.3.1-2/install/),
specifying the directories you want the Tripwire programs to
go into, the various Tripwire installation options (such as the
SMTP host to email reports through), and so on. Then run
the script install.sh:
sh install.sh
This script reads the settings in install.cfg, edits the
template configuration files that come with the distribution,
and installs everything. It will also prompt you for a
passphrase and uses this to digitally sign the configuration The warning in the preceding code indicates a file that is
file, policy file, and database files (to make unauthorised labelled in the policy but wasn’t actually found on the
modification harder). filesystem – this will happen a lot if you just modify the
default policy files. While it won’t stop the software from
MAKING POLICIES working, too many of these bogus files could prevent you
To set up Tripwire1.2, you need to create a tw.config file. from spotting a real problem!
This contains a list of directories to be scanned, and the type
of changes Tripwire can safely ignore without reporting to the TRIPWIRE IN EVERYDAY USE
owner. The resulting information is collected in the tw.db To check your filesystem against the baseline database, and
database. Having created a tw.config file, you need to run report deviations (such as changes to system configuration
tripwire -initialize to build the first tw.db file. This will be files or programs) using Tripwire 2.3, run:
created in the directories specified to hold databases (at tripwire --check --email-report
build time), and will be called tw.db _hostname (where Tripwire will write a very lengthy report and email it to the
hostname is the name of your computer). administrator you have designated. The level of reporting can
Tripwire 2.0 stores files in /etc/tripwire by default. The be specified in the config files, and it is strongly
file tw.cfg stores the location of Tripwire’s data files, while recommended that you are very careful with it. If Tripwire is
the Tripwire policy file, tw.pol, specifies what system sending out 30-page emails every half hour, you aren’t going
resources Tripwire should monitor, how the data should be to be any better off than when you weren’t using the
collected, and who should be notified of policy violations. The software at all, because after the novelty wears off, the
files site.key and hostnamelocal.key are protected using a reports will just get binned.
passphrase, and must be unlocked in order to decrypt the It is best to add the check to root’s cron jobs. How
Tripwire configuration files before virtually any operation frequently you run it may depend on a number of factors
The command-line tool twadmin is used to manage such as:
these keys. Finally, the Tripwire databases are stored in a ■ How much damage could be done on your server.
subdirectory called /var/lib/hostname.twd/, and report files ■ How much time you have to spend on admin.
are created under /var/lib/tripwire/report. To set up ■ How busy the server is.
Tripwire 2.x, you use twadmin; its manual page will give you ■ How big a filesystem Tripwire is checking.
all its options, but for now note that twadmin --print- Because the report generation means checking all the
polfile prints the policy file in readable form. You can save marked files, be aware that the process will involve a lot of
this, edit it, and replace the policy file with CHECKING THE disk access and possibly a fair amount of processor time.
twadmin --create-polfile policyfile.txt
and twadmin will prompt you for the site password before
ESSENTIALS When you change files legitimately on the server, you’ll
need to remember to update the database. This can be
encrypting the new policy file. The Tripwire 2.0 policy file One useful tip to prevent disk done with the command tripwire --update, which will
format is defined in depth on the twpolicy manual page. thrashing and report overload is generate a report, then throw you into a text editor where
Having specified a policy (or accepted the default one to maintain two separate you can enter Xs in checkboxes against each changed item.
created by install.sh), Tripwire 2.x users should create a databases/policies for Tripwire. Tripwire will then digest the report and update its database
default database like this: This requires some advanced accordingly as long as you give it the correct password. You
/usr/sbin/tripwire -m i setup, but does mean that you should take the time to be sure that your system is clean at
Please enter your local passphrase: can set up a very fast system the time of an upgrade, otherwise modified files will slip
Generating the database... for a small set of crucial files through your defences.
*** Processing Unix File System *** (index.html or /etc/passwd Tripwire will not prevent your server from being hacked. It
### Warning: File system error. for example) that can be run will not stop someone from hijacking your site to send spam,
### Filename: /usr/sbin/fixrmtab every ten minutes without nor prevent them from installing a root kit. However, it will tell
### No such file or directory compromising the performance you that these things have happened, and in a way that
### Continuing... of the server, saving the more enables you to take action in a timely manner; and can even
Wrote database file: detailed checks for less direct you towards what sort of action you need to take.
/var/lib/tripwire/np1.plopcast frequent intervals. As part of any co-ordinated security plan, you need a tool
The database was successfully generated. like Tripwire. ■■■

www.linuxformat.co.uk LXF66 MAY 2005 75

LXF66.tripwire 75 15/3/05 6:03:36 pm

 TUTORIAL First Steps: Kino

FILM EDITING AND SPECIAL EFFECTS

First steps with Kino

PART 2 With footage captured in the correct format, Andy Channelle moves on to the editing phase in
his quest to create the perfect home video – My First Sports Day meets The Big Channellski.

Film-making enthusiasts are being spoiled these days: This is just a case of dragging scenes and dropping them in the
the advance of digital video editing software makes it desired slot. Remember that this won’t change the content of
easy to craft creative, sophisticated home movies. Last each scene; we’re just messing with the order. It’s also possible
month we used the open source package Kino to control a to completely (and safely) remove a scene by selecting it and
standard consumer grade video camera and to capture raw doing Edit > Cut.
digital video of a school sports day ready for editing. This time Should you get completely tangled up in files, just slide the
we’ll start to move the footage around to create the right effect, line dividing the scenes from the preview window to the right to
trim start and end points, and work with some of the transitions see each scene’s file name. This will also show their original
Kino provides to avoid the jerky jump cuts that usually position in the project. We’ll need this extra information shortly,
characterise home videos. for more advanced editing.
The captured scenes should be stored at the pre-defined
location on a hard disk and named numerically. We could
reassemble the contents of our tape simply by playing these
files back in the same order, but that would defeat the object of
editing; which, according to Dictionary.com, is defined as putting
something in “an acceptable form”. In other words, while you
may be thrilled at watching five minutes of teacherly preamble
before the big 3A Infants flat race, your audience will probably
just want you to get on with it.
The first part of the editing process is ensuring that the files
are in the correct order. Of course, they may have been shot in
the intended order, but if not we can move scenes around to
create the desired effect. The simplest way to do this is to
launch Kino, open the previously-saved project – we’re treating
the project as separate from the raw video – and then use the From this directory full of raw footage we’ll cut scenes
mouse to order scenes in the left-hand pane of the interface. and add effects to create something Oscar-worthy.

78 LXF66 MAY 2005 www.linuxformat.co.uk

LXF66.tut_begin 78 15/3/05 4:08:04 pm

 TUTORIAL First Steps: Kino

Once running order is sorted, it’s time to make some

changes to individual scenes. The most fundamental thing we
can change, the very essence of good editing, is the timing.
Kino makes it really simple to adjust the start and end points of
individual scenes within a sequence without altering the
underlying footage.
Going back to our sports day capture, it’s noticeable that
section 14 is a rather long, static shot and could do with a trim.
To do this, select the chosen scene in the left-hand pane to
take you to the beginning of the scene, then hit the Trim tab on
the right. In the most basic use of this section, there are two
ways to define the ‘in’ and ‘out’ points for a scene: visually or
numerically. To do it visually, simply grab either of the right-
angled triangle markers on the blue line immediately beneath
the preview. Move the left one to change the in point, and alter
the out point by moving the triangle on the right.

Ruthless editing
Beneath the blue line are two text entry boxes and some icons
that allow more precise editing of the in and out points. The text
boxes allow us to edit points numerically – these values are
reset for each individual scene, so they won’t correspond to the
position of the scene within the whole project. Additionally. each Cut a long story short with the Trim tool.
‘in’ point will default to 0.0000 min. To change this, just append
the figures. window, set the in and out points and then hit Apply. The
The triangles next to these boxes will set the in or out points original scene will be overwritten with the new one.
to whatever position the playhead is in, which is ideal for Conversely, Insert just adds the clip within the Trim window
watching the preview and using the Stop button in combination to the timeline either before or after the currently selected clip.
with the Step Forward/Back One Frame buttons for more This will be useful in the sports day film we’re assembling for
precise control. The next button in the sequence will reset the this issue’s tutorial.
points to the start and end of the actual file. In one section of our production, the main subject of the
In the centre of these two sets of controls is a broken chain film is triumphant in her running race – and we want to make
icon. Selecting this will link the in and out points, so moving one the most of that moment. First we take the scene, in this case
will also move the other. This is especially useful when you have called sportsday016.dv, and trim it to the required length,
a long take and a specific space or time in which to insert it. Set removing some of the race preamble. Once this is done,
the two points at, for example, 0.000min and 1.0000min and making sure the mode is set to Overwrite, hit Apply to
you will have a one-minute section set. Hit the chain icon and have the trimmed section updated on the timeline.
move the in point marker to select any one-minute section Remember that editing so far is non-destructive, so
within the scene. check the in and out points in terms of the sequence
Finally, at the far right of the icon set is the Looping option. you’re building and then, once you’re satisfied, go back
By default the selected clip will loop around the entire length – into the Trim window with the same clip loaded.
when it comes to the end it will immediately begin to play back The next job is to trim this; once again, highlight just
from the beginning. However, by selecting this option we can the few seconds at the end of the race. Once this is
loop only between the in and out points. This can be useful to done, change the mode to Insert, and then select After to put
getting the timing of a cut just right. The only problem with it is the new clip into the timeline after the clip you have selected.
that it’s not possible to alter the entry or exit points while the The point about adding a second clip that shows the same
clip is playing, so as soon as you grab one of the handles, event is that we can slow it down for a real Chariots Of Fire
playback ceases. effect, and that is what we’ll do now.

Director’s cut Slow motion

The next section in the Trim tool is Mode. Trim is capable of Digital technology makes it possible to add special effects to a
working in two modes: Insert and Overwrite. Kino chooses piece of video relatively easily. And while the effects tools in
the latter by default – as its name suggests, this mode will Kino are branded ‘experimental’, they seem perfectly capable of
overwrite the selected clip with the changes that you make basic jobs for home productions.
using the Trim tool. Be aware of the fact that the file will To complete this part of the tutorial you will need to ensure
remain unchanged even after you’ve made changes and hit you have the Kino-timfx, kinoplus and kino-dvtitler packages
the Apply button. installed, and these should be available for most distributions.
As well as trimming existing clips, we can also import a clip The first task for this production is to take our duplicated
to this section and use it to overwrite whatever we have moments from the flat race and slow the film down. With the
selected. To do this you can either click on the Browse For A right clip selected, hit the FX tab on the right of the preview
File button (which is displayed as a folder), and manually find window to get into the Effects toolbox. The section of interest is
the file you want to import; or drag and drop a file from either at the top of the window. By default the Overwrite tab should
Nautilus in Gnome or Konqueror in KDE. be highlighted and the From and To boxes should show the
This is useful if you have two takes of a scene and, after start and end time of the clip. By adjusting these it’s possible to
setting up the running order, decide the second take is better apply an effect to just a section of a clip, but we’re doing the >>
than the first. In this case, drag the new file into the Trim whole thing so we don’t need to change them.

www.linuxformat.co.uk LXF66 MAY 2005 79

LXF66.tut_begin 79 15/3/05 4:08:07 pm

 TUTORIAL First Steps: Kino

>> The bit we’re interested in is Advanced Options, entitled

Speed. By selecting this radio button and dragging the slider to
the left we can add a slow-motion effect to the footage. Normal
speed has the value 1.00, so changing it to 0.50 will effectively
slow it down to half speed.
Once we’ve set the slider (and prayed for the next version of
Kino to have a numerical input device for this tool), we can view
our slowed clip with the Preview button at the bottom.
There are a few Preview options in the right of the window,
so experiment with these to make the most of your hardware.
On our test machine we got a pretty good look at the effects of
our creations without changing any of these options.
Once you’re happy with the effect, hit the Render button
and wait for the clip to be ‘effected’, which will depend on the
size of the clip and speed of your hardware. One thing to note
Adding a slow motion effect with the speed slider is easy
is that adding effects this way is ‘destructive’. That means that but it lacks the accuracy of numerical input.
the file will be completely overwritten with the affected shot,
which will also physically remove any footage outside the trims Now that’s finished, go back to the main sequence and look
we made earlier. at the results. The original file plays, followed by the last few
Once we finish rendering, the timeline will have a new file in seconds in slow mo. But what’s that noise? When Kino slows
place of the original, with a name something like 001.kinofx.dv. something down it also slows down the audio, so if you have
You can also go the other way and speed things up by half-speed video, you will also have similarly-affected sound.
anything up to a factor of 25. Using only small adjustments to Not a treat for the ears.
a clip’s speed it is possible (for example) to make a piece of To change this we can highlight the affected section and go
footage fit a gap that it might otherwise have been too long back into the FX tab. The section we want this time is Audio
or short for. Execise restraint with this, as changes above a few Filter. Click on the drop-down list, select Silence, make sure the
points on the slider will look obvious. Speed button is not selected, then hit Render. As before, the

KINO FOR SLIDESHOWS

So far we have been concerned with the Repeat option with a numerical value select each image in turn, make sure 5/ If you want titles to appear in the
using Kino to present moving images, displayed. DVD displays at 25 frames per you’ve selected Before Current Edit style of PowerPoint or Keynote, add
but it’s quite possible to use the second, so for every second that you Frame, and then hit Render. multiple versions of the same image,
application to build up slideshows of still want the image to appear on the screen, giving them titles using the DVtitler
photos, or even to add visual polish to a a value of 25 needs to be added to the 4/ Add filters (the ever-useful Pan and filter. Use the x and y offsets to position
presentation. In this short tutorial we’ll number in this box. In this example Zoom are always good value for family the text in well-defined lines – then set
pull in a few digital photos, set the time we’ve set images to display for two snapshot slideshows) and transitions as up the Fade transition: your titles should
for them to remain on screen and add seconds, or 50 frames. Once this is set, you did for video. now be floating in space.
effects and transitions just as we did
with videos.

1/ Start a new project by going through

File > New.

2/ Go into the FX tab and, in the top

section, make sure the Create option is
selected. In here you can add colour
frames, random noise, gradients and
images to frames. From the drop-down
list we need to select Multiple Image
Import and then browse to the folder
containing the images to display. JPEG
and GIF format both appear to work
well, but we’ve not had much success
with PNG files – though Kino claims to
support them, so this may be a bug in
the version of the software we’re using.

3/ Once the images are imported they

need to be added to the timeline. This
can be done by selecting each image
in turn and clicking the Render button.
If you jumped straight into this, you
would notice the pictures spin by in a
blur. This is because we haven’t set a
repeat argument yet. Just below the
file selection dialog (near the ever useful
Maintain Aspect Ratio radio button) is Kino supports rare file types including BMG, SVG and XPM for still-frame import and export.

80 LXF66 MAY 2005 www.linuxformat.co.uk

LXF66.tut_begin 80 15/3/05 4:08:10 pm

 TUTORIAL First Steps: Kino

original file will be overwritten – it should now be called

002.kinofx.dv and will be blissfully silent
This is perhaps the simples effect Kino is capable of. We’ll
now look at a few of the more advanced options for changing
not just the look of the clips but the way in which one clip gives
way to another. The former is called a filter while the latter is
known as a transition.

Filters in Kino
In video, filter takes its name from the physical filters such as
coloured gels that a photographer might place over the lens of
their camera, and this is a pretty good metaphor for the way in
which they work. In Kino, you select a filter and it’s added
globally to a clip. To do this, select a clip, go into the FX tab and,
in the third section, ensure Video Filter is selected.
Kino offers some interesting filters (available from the drop-
down list) including tools for isolating individual colours in a clip,
adding titles or a sepia tint, reverse video (for that Ashes To
Ashes look) and a pan and zoom option (otherwise known as
the Ken Burns effect), which is useful for still images and is
much beloved of documentary film makers
We’re going to add a title to the first clip in our sequence, so
we select the DVtitler option from the drop-down. The options Install the dvtitler package to add titles to your video.
in here should be instantly familiar as they deal with font
selection, text and background colour. It’s also possible to set Again, you can preview the effect painlessly and when you’re
the X and Y offset to position the text absolutely accurately happy, render it. Once rendered, a new clip will be added to the
within the frame. timeline following the 00x.kino.dv convention; this will contain
A tip to remember is that video uses projected light, so the small section that has the transition. The really lovely thing
white text will be more readable than black text, even on quite about this transition tool is that the application creates a new
pale images. Once these elements are set, simply type the file for the actual transition and then sets automatic trim points
required text in the box provided and hit the Preview button. in the original pair of files (the ‘before’ will have a section
When you’re satisfied with the look and content of the title, just trimmed at the end, the ‘after’ will have a section trimmed at
click Render and let the computer do its work. the beginning) so that if you decide to abandon an effect after
It’s very instructional to play around with these effects to living with it for a while, the original files will be untouched.
understand what digital video is capable of. For example, using As with the filters, it’s worth taking some time to experiment
the Colour Hold filter in conjunction with a standard colour with transitions. Nice ones to try include Tweenies, which does a
selector, it’s possible to isolate individual elements of an image ‘picture in picture’-style transition or, for a smoother version of
to retain their hue while the rest of the frame becomes black this, the OpenGL-powered Corner Out effect. One particularly
and white (instant Pleasantville!) while the Soft Focus filter adds nice effect is the Image Luma tool, which takes the luma (light)
a dreamlike quality to film that lends itself to flashback values from a third image and uses them to set the transitions.
sequences à la Deckard’s unicorn dreams. This might be useful if you were adding video to a corporate
presentation and wanted to use the company logo to transition
Smooth transition from one image to the next.
Transitions change the way in which frame 1 changes to frame 2. Another clever touch is that when you exit Kino after a
Back in the days of manual home video editing this involved session, the application will sort through the various effects
clean cuts – or jump cuts – from one scene to the next, but you’ve rendered and discarded, note the ones that are no
applications such as Kino provide a far wider range of options. longer needed and offer to delete them. It’s a typically
The standard effect, one so common in film that you’d hardly thoughtful touch from Kino, and a reminder of how much you
even notice it, is where one image is faded on the top of can get out of the program and improve your video skills. LXF
another over a series of frames. Technically this is called a
dissolve. To achieve this effect in Kino, select the start clip – the
scene that will be fading away – and hit the FX tab.
Now select the Video Transition option and choose Fade
NEXT
from the drop-down list. If you were to now click the Preview
button you would see the first clip fade out over its complete
MONTH
Now we have our footage
length into the next scene in the time line; this is because the
captured, trimmed, filtered
From and To buttons at the top of the screen automatically and transitioned, in our next
follow the start and end points of the clip. To begin the tutorial we will come to what
transition later, adjust the From figure so that it’s closer to the To can be the hardest part of the
number (the closer these two numbers are, the faster the distribution process: creating
transition will be). a DVD. We’ll cover the whole
On the typical home video where the state of the audio is job from ensuring everything
often forgotten about it’s worth also defining the Audio is in the right format to
Transition here, too. In the relevant section, select Cross-Fade burning the finished product
for playback on a household
from the drop-down list to create the aural equivalent of the Transitions can be used to alter video and audio
DVD player.
video dissolve. simultaneously with Kino.

www.linuxformat.co.uk LXF66 MAY 2005 81

LXF66.tut_begin 81 15/3/05 4:08:13 pm

 TUTORIAL Emacs

EDITING SHORTCUTS

A Beginner’s guide to Emacs

PART 3 Biagio Lucini opens some windows and gives Emacs a good airing.

Once you’re familiar with Emacs shortcuts you can windows. Let’s see how this can be accomplished in Emacs.

LAST forget about most of the menus, and even use some
features that the menus don’t provide. That’s what
First, start up the application: our favourite method is the
command line emacs /path/to/myfile &, where the optional
TIME we’re aiming for in this, the third installment of our journey
through the Linux-based text editor. As you go through the
argument /path/to/myfile allows us to visualise directly the file
we are interested in, getting rid of the scratch buffer.
In LXF65 our second Emacs
beginners tutorial looked at tutorial, we’d suggest that you open an Emacs session and use We may want to load another file without quitting the buffer.
the Emacs menus, where you the shortcuts on a test buffer until you’re confident with them. To do this, we can type C-X C-F and then enter the name (and
can do editing tasks from If you’ve been following the series you’ll know that the basic the path if needed) of the new buffer. Now, what if we want to
basic to advanced. We also operations are performed in the same way in GNU Emacs and go back to the previous one? Just type C-X B and then enter
learned some of the shortcuts in its XEmacs clone. We refer to the former simply as Emacs, the name of the file (without the path).
for elementary operations and every command we suggest for this program is also You’ll notice that buffers are named after the files edited in
that spare us from going to possible in XEmacs without having to make a single change. them. If there are more files with the same name, an
the menus.
incremental suffix – <2>, <3> and so on – is appended.
The key(s) to Emacs Suppose, for instance, that we are editing a file called file1 in
There are two fundamental keys for issuing commands in dir1 and another file called file1 that’s in dir2, having opened
Emacs: the familiar Control key and the much less familiar Meta the file in dir1 first and then the file in dir2. The command C-X
key, which we will call C and M respectively. The Control key is b file1 will open the buffer corresponding to the former: C-x b
ordinarily abbreviated to Ctrl. Aside from being shorter, our new file1<2> will open the latter, always in the original window.
notation C complies more closely with the one commonly used
by Emacs. C and M are used to give a new meaning to standard
keys when pressed at the same time with them, indicated here
by a hyphen. For instance, C-X means press the keys Control
and X at the same time.
You might be wondering where the Meta key is on your
keyboard. If you’re using a recent IBM-compatible PC, the
chances are that your keyboard doesn’t have one. But don’t
worry, Emacs hasn’t let you down: you can access all the
features provided by the Meta key with the Alt or Escape (Esc)
key. If you use Alt, you should press it at the same time just as
you would with the Meta key. Thus, M-X becomes Alt-X. But if
you use Esc, you press the keys in sequence. Thus M-X
translates into Esc+X, where you hold down Esc and press X.
Like many other Emacs users, we find it convenient to use
Esc, but this is matter of personal taste.
A good text editor allows you to work with multiple files,
displayed in a single window split into frames or in different

GETTING OUT OF TROUBLE

You might find yourself getting stuck in the minibuffer while you’re
getting used to Emacs. The way out is to repeatedly press C-G,
C is for Control… Emacs shortcuts are a little unusual, so
which sends the cursor back to the buffer.
it’s helpful that they’re listed in the menus – like this one.

82 LXF66 MAY 2005 www.linuxformat.co.uk

LXF66.tut_emacs 82 15/3/05 4:37:28 pm

 TUTORIAL Emacs

Sometimes it’s useful to open files side by side, to check

differences or to do some cutting and pasting. We can open a
new frame by entering C-X 5 2. At first this frame will have the
same content as the original frame, but a new file can be loaded
with C-X C-F. An Emacs session comprises the frames spanning
from the first frame or from any subframe. These frames are
pretty much as the various windows you might open from a
browser like Firefox. When you quit the browser, all the windows
will close. In the same way, C-X C-C will close a whole session. If
we want to close a single frame, the right command is C-X 5 0.
You might want to have files on the same frame for easy
reference. Do this by splitting the Emacs window vertically with
C-X 2 or horizontally with C-X 3. This split affects only the
buffer and the mode line: after a split, the resulting window will
still have a single menu bar and a single minibuffer. Emacs
windows can be split into virtually as many parts as you want,
just by repeating the splitting commands. The space taken up by
any part of a vertically split window can be changed at will by
dragging the central mode line with the mouse – pretty much as
you would the contour of the border of any other window in X11.
Another shortcut worth knowing is C-X I. When followed by
the name of a file (typed in the minibuffer, where the command
will put the cursor automatically), it will paste in the content of
that file starting from the position of the cursor.

A cursory point
The natural reference point in any editor is the cursor.
Sometimes, when performing operations such as marking a
region it’s natural to refer to the cursor’s position as an
indication of where the mark starts and ends.
In fact, it would be more accurate to talk about the ‘point’. fine-tuning is possible through the use of regular expressions; An Emacs frame split in
This is a more abstract concept that the cursor simply but this would be the subject of a more advanced tutorial – three. You can split a frame
into smaller and smaller
represents. Point and cursor are not completely interchangeable: next month if you’re really lucky.
windows, then reshape
for specific applications, the cursor is on a character, while the To run a search again, enter C-S C-S for a forward search or them with the mouse.
point is to the left of that character. For instance, taking the C-R C-R for a backward search. This also works if you searched
above example of marking a region, the beginning and the end forwards last time and now want to search for the same word
of the region is set not by the cursor, but by the point. but backwards.
Although this distinction isn’t important in most contexts, it’s Another useful function is searching and replacing text.
worth understanding to avoid confusion. To do this, execute M-X then type replace-string. Press Enter,
write the string to be replaced, then after another Enter type
Search and replace the string to replace the undesired one. Suppose we have the
Despite its versatility, Emacs is first and foremost an editor, and file food, whose content is the line ‘VI is my favourite food. I
focuses on editing functions – as it should. Basic editing love VI!’. This doesn’t sound right, does it? We want to replace it
operations consist of cutting and pasting (or yanking, in Emacs with a more appropriate statement. So we open the file with
language), marking a region and running search and replace. Emacs and with the cursor on the first character we execute
This last finder function can be quite sophisticated, but we’ll M-X replace-string, followed by Enter. After that, the
start at the most basic level. To find the word ‘Cake’ in the text, minibuffer will read Replace string:, so we write ‘VI’ and press
we can type C-S Cake into the minibuffer to search forwards Enter. Then, the minibuffer will show the line Replace string VI
from your current position and C-R Cake to search backwards. with: and we write ‘pasta’ and again press Enter.
Searching for the word ‘cake’ will match not only ‘cake’, but The content of our buffer now will be: ‘pasta is my
also ‘Cake’, ‘CaKe’ and any other combination of upper- and favourite food. I love pasta!’ and this is indeed worth saving (with
lower-case letters. When an upper-case letter is inserted in the C-X C-S). Any text between the active point and the end of the
word to be searched, the search becomes case sensitive. buffer is replaced, so it won’t affect words above or to the left of
So, C-S Cake will find ‘Cake’, but not ‘cake’ or ‘CakE’. More the cursor. The number of replacements is displayed in the
minibuffer when the operation is concluded.

UNDO AND REDO

Again, be careful about case sensitivity. Suppose our buffer NEXT
To delete the last change made, the shortcut is C-X U. This is the
is ‘Vi is my favourite food. I love vi!’. If we search for ‘VI’ there
will be no match, and the buffer content will be preserved. If we MONTH
equivalent of the popular Ctrl+Z for the Undo command used in ask to replace ‘Vi’ the replacement will be case sensitive. If we In LXF67 we’ll learn some
other operating systems. There is no obvious limit to the number ask to replace ‘vi’ with ‘pasta’, both ‘Vi’ and ‘vi’ will be substituted, keystrokes for navigating the
of changes Emacs will undo, since this number can be chosen at but the first will preserve its upper case V, which means it will buffer, and explore one of the
will. To redo a change there’s no need for another command, since be replaced by ‘Pasta’ and not by ‘pasta’. features that really sets
this operation corresponds to undoing the latest undo. If you want If you want more precision, you can use the query-replace Emacs apart from other text
to redo it’s just matter of moving the cursor so that the last undo editors: managing columns
function, which you can access by pressing M-X and then
will be registered as the last operation (so that you exit the undo through the rectangle class
typing query-replace. It’s like replace-string, except that you
cycle) and pressing C-X U. of functions.
can choose which entries should be replaced, case by case. LXF

www.linuxformat.co.uk LXF66 MAY 2005 83

LXF66.tut_emacs 83 15/3/05 4:37:32 pm

 TUTORIAL Shell secrets

TEXT FORMATTING

Shell secrets
PART 2 Time-saving tips for modifying and processing text from the command line. By Marco Fioretti.

Much of our shell tutorial this month concerns every script – the charming ‘#!’ couplet. They mark the rest of
metacharacters, the text symbols sprinkled (at random, the file as a script – in other words, a series of executable
it often seems) throughout command line instructions. commands meant for an interpreter.
If you can find out what they do and learn how to use them, Therefore, the first line #! /bin/bash declares that you want
you’ll be able to create powerful programs for finding, inserting the program bash in the bin directory to execute your
and scrubbing out text. commands (note the space after ‘!’). If the file mentioned after
Our first example will help you explain to a program how to the shebang doesn’t exist, or is not an interpreter, the system
recognise a certain piece of text and what to do with that text will simply return a ‘Command Not Found’ error and quit.
afterwards. The standard description of the structure of a string Some Unix variants place a tight limit on the length of the
of text is called a regular expression – or regex. These are dark, shebang line, truncating everything to 32 characters or so.
mysterious beasts, but easy to use once you’ve tamed them. In What this means in practice is that you may get the
regular expressions, the characteristics of complex text patterns ‘Command Not Found’ error even if you’ve entered a valid
are defined by a vast array of metacharacters: interpreter file – what’s happened is that it’s just too far from
/linux/ the shebang for the system to recognise (‘Not Found’ is not the
/^linux/ same as ‘Not There’).
/linux$/ Two interpreters you’re likely to use for your regexes are
/^linux.*format$/
AWK and SED. They have been around since the very beginning
Weird, huh? But don’t be afraid – come closer. The first of Unix and although there are several other interpreters (chief
regex here simply means that we’re looking for any line among them Perl) that can do much more, the original two are
containing the string ‘linux’ (regardless of its case, or if it’s part faster and, for this reason, still widely used in boot-time scripts.
of a longer word). The second and third are a bit more specific:
they’ll match only lines beginning (^) or ending ($) with that Using SED and AWK
string. The last regex describes all lines that start with the ‘linux’ SED works on streams of text (the name SED is just a
string, end with ‘format’ and have any (*) number of any contraction of stream editor). It loads one line at a time, edits it
character (.) in between. In other words it will match with: according to the commands it has received, and prints it to
linuxformat standard output.
linux Format cat somefile | sed ‘/^0/d’
Linux users love Linux Format The command above will delete all lines beginning with 0.
Regular expressions are also used to substitute some text AWK gets its, er, awkward name from the surnames of its
patterns for others: creators: Aho, Weinberger and Kernighan. It is a bit more
s/linux/Linux/ powerful than SED, but works in the same way – one input
s/\d\d\d\d-12-25/2005-12-25/ record at a time. By default, each line is a separate record,
Here the first regex capitalises all occurrences of linux, and referred to as $0. Records are made of (typically)
the second one replaces all the dates of Christmas past with space-separated fields, accessible as $1, $2 and so on.
that of the next one: ‘\d’ is another metacharacter, meaning awk ‘/fax/ { print }’ bin/*
‘any digit’, so four of them will match any year expressed in Here we found and printed all lines containing the ‘fax’
that form. string in all the files of the bin directory.
So far our examples have concerned individual phrases of
The role of the interpreter text, be it finding them, formatting them or deleting them. But
In practice, regular expressions are fed as arguments to there are ways to use the shell to locate whole sections of text.
applications, or interpreters, that can put them into practice. What do you do when you find a classified ad in a newspaper
The location of the interpreter inside the file system is written page that you want to keep in your wallet? You cut it out with
right after the shebang. Not sure what the shebang is? Simple: scissors and discard everything else. You can program the
it’s Unix lingo for the two characters at the very beginning of command line to do exactly the same thing with text streams.

84 LXF66 MAY 2005 www.linuxformat.co.uk

LXF66.tut_shell 84 15/3/05 4:38:44 pm

 TUTORIAL Shell secrets

When you you need to find and extract only relevant rows and To fully understand the script, refer to earlier parts of this
columns of characters it can be very convenient to visualise the tutorial to remind yourself what the various metacharacters do. RESOURCES
terminal window (or a whole text stream) in the same way – as #! /bin/bash Inspired? Here’s
if they were sheets or rolls of paper. \rm url_list where to go next
\rm url_control_tmp
The ultimate source of
Extracting blocks of text touch url_control_tmp
grep ‘<DT><A HREF=”’ $1 | cut ‘-d”’ -f2 > url_list
reference for regular
The four most useful utilities for this task are the programs tail, expressions is the book
for URL in `cat url_list `
head, cut and grep. The first two return the first or last few lines Mastering Regular Expressions,
do
of a text stream. This is how you would get the 16th to 20th line published by O’Reilly (www.
echo -n $URL >> url_control_tmp
of somefile.txt: oreilly.com/catalog/regex2/).
curl --head $URL 2>/dev/null | grep ‘Not Found’ >> url_control_
head -20 somefile.txt | tail -5 Introductory tutorials are at
tmp
www.zvon.org/other/
The cut command does the same thing, but vertically: done
PerlTutorial/Output/
cut -c20,23 somefile.txt awk ‘{print $1}’ url_control_tmp | sort | cat -n
contents.html and you’ll find
ls -lrt | cut -c44- exit
a brief introduction to the
The first example returns only the columns from 20 to 23 of The first three commands simply remove (rm) any SED and AWK interpreters at
somefile.txt. The second takes a detailed file listing and strips temporary file created by previous runs and then create (touch) www.faqs.org/docs/abs/
everything but the modification date and file name. a new one, for reasons that will become clear later. HTML/sedawk.html. All the
Last but not least is the grep family. These are, on Linux, Then the fun starts. The bookmark file is passed to the script other commands mentioned
three separate commands (grep, egrep, fgrep) that can extract as first argument, so its name is contained in the $1 variable. In in this article have detailed
from files all the lines matching a given regex. Each grep variant the Mozilla bookmark file the lines that contain links start with Unix man pages. Just type:
man <command_name>
has several options and understands a limited set of regular the <DT><A HREF=” string. The script extracts them with grep
expression constructs. In all cases, regex matches cannot span and then, using the double quote character as separator
multiple lines. Here are some classic uses of grep: (cut ‘-d”’), discards everything but the second field (-f2); that
grep Linux *.txt is, the actual URL. In this way all the links and nothing else end
grep -i -v Windows *.txt up, one per line, in the url_list file.
egrep ‘Euro|Sterling’ invoice*.txt The for line iterates every line of the url_list file,
Executing these commands would first of all return all the provided courtesy of the cat command. Inside the for
lines containing the Linux string in all files with a .txt extension. loop, the echo instruction simply appends to another
The second would give you all the lines from the same files that file, without newline (-n), the current URL. For the
do NOT contain (-v) the word Windows, regardless of its case append operation to work, the file must already exist.
(-I). Finally, use the last example to show all the lines containing That’s why it was created (or touched) at the
either Euro or Sterling from all invoice files. beginning. Remember now?
Curl is a nice web browsing utility that works
The ‘here documents’ tool from the command line to automatically retrieve
Still working with long blocks of text, we move to here all kinds of documents from the internet. In this
documents. They exploit a great feature of working within the example it is launched once for every URL, but it
shell, namely that that you don’t have to put templates in only downloads the page HTTP headers
external files. With here documents, you can place a block of (-head). The headers contain bits of data
text, possibly containing some variables, straight into a script, associated with each document, like this:
and use it either as the standard input of a command or for a HTTP/1.1 200 OK
variable assignment. Date: Fri, 04 Feb 2005 23:09:54 GMT
Here documents use a dedicated operator, <<, to define the Server: Apache/1.3.27 (Unix) (Red Hat/Linux)
Content-Type: text/html
block of text. The syntax is very simple:
cat <<END_OF_EMBEDDED_TEXT The relevant line is the first one:
Dear $SUBSCRIBER 200 OK means that the page is available. A
your account is past due. non-existent page would have returned
Please send $INVOICE to Linux Format today
something like 404 Not Found. When curl
END_OF_EMBEDDED_TEXT
is launched its error messages are ignored:
As you can see, the string right after the << operator (END_ STDERR has the I/O stream number 2
OF_EMBEDDED_TEXT) is the same that marks the end of the (0 is input, 1 is output), so 2> /dev/null
here document. Now imagine that the code above is in a loop, means that this stream must be sent to
going over the contents of a text database. The code would the fake device (dev/null) provided by
create a series of payment requests with the actual names and Unix for cases just like this.
outstanding payments of every customer. Printing or emailing The grep part of the command saves
them would be easy. Another good use of here documents is to only the lines containing the HTTP return
create temporary files or to feed sequences of instructions to code not found to the url_control_tmp
interactive programs like FTP. file. The instruction starting with awk prints

How to find broken bookmarks

only the URL value (first field, $1) to its standard output. The
resulting list is then sorted and printed with a serial number (cat -n). NEXT
The last part of this tutorial is a handy script. We bet you have
hundreds – if not thousands – of links in your web bookmark
When I tested the script, the result started with these lines:
1 http://analogbubblebath.net/~chris/misc/doc/xultut/allofit.html.
MONTH
files. Chances are, a good percentage of those links are broken: 2 http://au2.php.net/manual/en/install.configure.php. Part three of our journey
through the shell has tools for
web pages move and disappear all the time. You can 3 http://netmail.tiscalinet.it/servizi/netmail.
printing, running calculations
immediately find out which links are dead with the script below. This neat script shows that learning shell commands can
and processing images, all
It was made for Mozilla bookmarks, but modifying it for other enhance your browsing pleasure as well as help your coding,
from the command line.
browser formats if you need to should be pretty straightforward. and it’s a nice note to end this month’s tutorial on. LXF

www.linuxformat.co.uk LXF66 MAY 2005 85

LXF66.tut_shell 85 15/3/05 4:38:51 pm

 TUTORIAL Gimp

ILLUSTRATION JULIAN JEFFERSON

GIMP TEXT TOOLS

Warping text
Twist and scale, shear and pinch. To the Gimp, text is just another bunch of pixels
to play with. Michael J Hammel shows you how to warp letters while keeping them crisp.

Most graphic design projects require at least a little bit

of text. In most cases the words need only be
positioned, coloured and rendered using an
appropriate typeface – they might sometimes be scaled, but
other than that we don’t normally need to do anything too flash
with them.
But sometimes the text needs to be warped to stand out. In
the film poster on the right, for example, the title needed to be
fluid and fluctuating in size, so it was laid out at an angle – large
on the left and scaled down to the right – to simulate the
letters being close to the reader on the left side of the poster
and further away on the right.
To help you achieve this kind of effect, Gimp provides Scale,
Perspective, Rotate and Shear transform tools, all available from
the Gimp toolbox. When active, each tool opens a dialog box
where you can specify precise settings for the tool’s action.
Better yet, each tool works interactively – just click and drag the
grab boxes in the image window, then hit the Enter key to apply
the transformation on the current layer or selection.
While these tools are powerful in their own right, they only
work as linear transforms. Imagine a straight line running
through the text along the bottom of each letter. That imaginary
In this sample film poster, the main lettering has been
warped with Gimp’s transform tools. They’re useful if you
design flyers, posters or similar textual work.

86 LXF66 MAY 2005 www.linuxformat.co.uk

LXF66.tut_gimp 86 15/3/05 4:37:52 pm

ILLUSTRATION: JULIAN JEFFERSON
TUTORIAL Gimp

line would stay straight no angled edge. This ugly effect can be dealt with using some
matter which of these tools simple techniques, which I’ll discuss in the tutorials.
was applied. In order to get As a general rule you should try to avoid applying any kind
the effect of curving text we of transformation on rendered text. That includes scaling,
need the assistance of some shearing and rotating. When possible, use a vector tool such as
stock Gimp filters: Curve Bend Inkscape to generate warped text. Then export the text from
and IWarp. that program to a raster file format such as PNG, and use Gimp
In this month’s tutorial to import it.
we’ll explore two methods of This process requires multiple tools, but it does allow for
warping text. The first tutorial more control over the final quality of the rendered text. It’s even
will walk you through the possible to export the vector paths from those tools and import
stock transforms and then them into Gimp – though editing text-vector paths in the
introduce the Curve Bend current Gimp version is not for the faint-hearted or designers
filter. The second tutorial with little time on their hands...
repeats the process using
IWarp instead of Curve Bend. Tutorial 1: the Curve Bend filter
A note of warning about You can warp rendered text quickly with the transform tools
warping text in an image: text and the Curve Bend filter. This is a fast, easy and interactive
Though text is best played rendered on a layer and warped in this way is likely to lose method, though it lacks a precise way to position where the
with in vector programs, some of its crisp edges. Some text, especially any that is text will be curved. It also suffers from the distortion problems
there are tools you can use
enlarged as a result of the transform, can become slightly common with modifying rendered text, making it unsuitable for
in raster apps like Gimp.
You’ll need these transform blurred or – the horror! – develop ‘stair stepping’. Stair stepping a final print project, but it can be useful for online projects or
tools and grab boxes. is exactly what it sounds like: a set of steps along a slightly prototyping layouts.

1/ Open a new image window at 420x300 pixels. Click on the Text tool to activate it, then click in the image window to open the text editor. Type in
the letters TIMEWARP, all in upper case. In the Text Tool Options dialog (which is normally in the dock under the Toolbox), set the font to Sans Bold, >>
size 70, and set the Justify option to Centred. Use the Move tool to centre the text layer over the background layer.

www.linuxformat.co.uk LXF66 MAY 2005 87

LXF66.tut_gimp 87 15/3/05 4:37:56 pm

 TUTORIAL Gimp

>>
2 3

2/ Click on the Perspective transform tool. This tool, like all the transform 3/ At this point the text doesn’t show much distortion – though it might
tools, can be used interactively. Now click on the text layer again. Use the look a bit less crisp than it did before we started monkeying with it.
grab boxes to reduce the height of the right side of the lettering by Now click on the Shear transform tool. In the image window, drag the
dragging the bottom-right corner up a short distance and the top-right bottom-right grab box up a short distance. Then press Enter, or click on
box down by the same distance (this will keep the text centred the Shear button in the Shear dialog.
horizontally). Hit Enter when this is done.
The Layers dialog should have changed to show an ordinary layer
instead of a text layer: the text can still be edited, but the shearing will
be removed. If the Shear preview gets garbled with the original layer,
turn the layer visibility off in the Layers dialog. Turn the layer visibility
back on after the shear is applied.

4 5

4/ After this, the left side of the text may appear more distorted than the 5/ To bend the text we’re going to use the Curve Bend filter
right. You can clean this up a little by using the Unsharp Mask filter (Filters > Distorts > Curve Bend). Click on the Upper toggle under the
(Filters > Enhance > Unsharp Mask). For this small image set the Radius to Curve For Border heading and drag the line to something similar to
1.3 and the Amount to 0.35, leaving the Threshold at 0. what’s shown here. Click on the Copy button. This copies the upper curve
to the lower curve, which has the effect of keeping the text size fairly
consistent with the original. Click on OK when this is done.

We’ve just created curved text. The problem with this method may be possible if the white background is duplicated and
is that we couldn’t specify precisely where on the text the curve merged with the text layer before applying the Curve Bend filter.
should occur. It also isn’t obvious that when the upper curve is If you don’t do this there is a risk of truly bad stair stepping
not copied to the lower curve, distortions occur that don’t seem after the filter is applied.
to follow the curve just created. One last gripe is that the text now appears slightly blurred.
I should note that the current version of the Curve Bend Scarling it down will help a little, but the next tutorial will show a
filter doesn’t handle alpha channels very well. Better results more satisfactory method of cleaning the letter edges.

88 LXF66 MAY 2005 www.linuxformat.co.uk

LXF66.tut_gimp 88 15/3/05 4:37:59 pm

 TUTORIAL Gimp

Tutorial 2: the IWarp filter 2

Curve Bend does an excellent job of warping the text, but it
doesn’t feel precise. What would be better is something more
directly interactive, something to just point, click, drag and
distort. Something like IWarp.

2/ Set the Deform mode to Move – a deform radius of roughly 55% and
deform amount of 0.55 should be sufficient. Start in the bottom-right
corner and start to drag up through the space between the letters E and
W of TIMEWARP. Multiple drags may be necessary to achieve a
1/ Repeat the text creation from the first tutorial up to but not including respectable result.
the application of Curve Bend. Open the IWarp filter (Filters > Distorts > Messed up? Hit the Reset button and try again. Experimentation is
IWarp). This filter is interactive – dragging the mouse through the easy with this very user-friendly filter. When the distortion preview looks
preview will distort the image based on the settings chosen. good, hit Enter or click on the OK button.

3 4

3/ Applying Curve Bend or IWarp will blur the text slightly. To make the 4/ Use Ctrl+X to delete the selected region – the transparent background
lines around the text clean, create a selection around it with Layer > will be deleted, along with most of the blurred areas. You can change the
Transparency > Alpha To Selection if the text is on a transparent layer. degree of cleaning by altering the selection tool’s feathering before you
Then invert the selection to get the background. If the text is merged delete. Once the selection has been deleted, further cleaning can be done
with a white background, try using the Colour Select tool, clicking on the using Unsharp Mask (Filters > Enhance > Unsharp Mask). Set the Radius to
white region of the layer (inverting is not necessary in this case). 1.3 and the Amount to 0.35, leaving the Threshold at 0.

The Unsharp mask we used in the second tutorial cleans

the text by finding an edge in the pixels (defined as a sharp
the IWarp preview may be necessary than with the smaller text
layers. The same effect can be achieved by moving smaller NEXT
difference in colour between two areas of pixels) and reducing
the contrast between them These two variables are controlled
areas many times, each a little at a time.
That’s the really cool thing about IWarp: the level of control
MONTH
by the Radius setting and the Amount setting respectively. it gives to the user. If you don’t get it perfectly the first time Come back next issue for
When you work with very large text layers (necessary for (and don’t be frustrated if you don’t) you can fiddle with it until some more graphic design
tips from Gimp.
large posters and other print projects), more dragging through you get things just as you want them. LXF

www.linuxformat.co.uk LXF66 MAY 2005 89

LXF66.tut_gimp 89 15/3/05 4:38:02 pm

 TUTORIAL udev

DEVICE-NAMING SYSTEM

Connect your devices with udev

Neil Bothwick explains how to code a name for your hardware when ‘Bob’ just won’t do.

‘Everything is a file’ is one of the Unix creeds. It sounds create their /dev entries automatically. While this improved the
strange at first, but in a way it’s true. Of course, we’re not situation, there are some issues with devfs that mean its use is
suggesting that your hard disk is a file – we all know it’s now deprecated. The main problem with devfs is that it has a
a precision-engineered piece of electromechanical hardware number of bugs, ranging from annoying to serious, some of
designed to store as much of your valuable data as possible which cannot be fixed.
before crashing the heads into the disk and destroying the lot.
However, your hard disk is represented as a file in the Linux Knowing u – a-ha!
filesystem, usually as /dev/hda/. You probably already know this, Udev is a new alternative developed by Greg Kroah-Hartman
but any piece of hardware you connect to your computer is that can do all that devfs needs to do but in user space,
represented by a device file in /dev, be it your MP3 player or avoiding the need to keep any code for it inside the kernel.
your webcam. Using the new /sys filesystem from kernel 2.6 and the hotplug
The /dev directory was originally a standard directory system for connecting peripherals, all the device node creation
containing device files for every piece of hardware likely to be is handled by user space programs. As devfs is not being
connected. This usually meant that whenever a driver was actively maintained now, udev has become the default choice. If
installed, the relevant files were created in /dev. This had two you have installed a recent distribution, you probably already
really important disadvantages. The first was that as more have udev without realising it.
devices were supported, the number of files in the directory was At this point, you may be wondering why all this matters to
becoming unmanageable. you. After all, the main differences between devfs and udev
It also meant that if you tried to connect a piece of seem to lie in the implementation, and how they affect the
hardware for which there was no device file, you had to create it system from a development point of view. So how does it affect
yourself, first scouring Google for the correct major and minor the end user? Well, we’ve saved one of udev’s best
device number to pass to the mknod command. advantages until last, and it’s a feature that will make a real
As the number of devices supported by Linux increased, difference to you.
especially the huge number of removable devices that could be The feature is called persistent device naming, and it works
connected to USB or IEEE1394 (aka Firewire) ports, this like this. Devices are normally named in the order in which they
became unacceptable. Not only was /dev becoming totally are connected. That’s fine if you only have one of each type of
unwieldy, but we were in danger of running out of major and device, but this is becoming less common. For example, many
minor device numbers to cover every possible device that could devices use the USB storage module to appear as disk drives.
be connected, even though any one computer would only ever These include digital cameras, MP3 players, USB key disks and
see a tiny fraction of them. memory card readers, as well as external disk drives.
The solution was devfs, a system in the Linux kernel that If you connect your camera, say, it will often be seen as
would react to devices being connected or discovered and /dev/sda/. If you then hook up your USB keyring it will appear

90 LXF66 MAY 2005 www.linuxformat.co.uk

LXF66.tut_udev 90 15/3/05 4:39:13 pm

 TUTORIAL udev

as /dev/sdb/. But if you connect the keyring first, that will a terminal window and type su to become root. Now plug in
appear as /bedev/sda/. your USB device, wait a few seconds for it to be detected, type
This makes dealing with these devices through fstab entries dmesg and look for information on the device at the end of the
or automounters more complex than it needs to be. The output. It will look something like this:
situation is potentially worse with printers. I have two USB usb 1-1: new high speed USB device using ehci_hcd and
printers: a laser for text documents and an inkjet for printing address 6
photographs. One is /dev/lp0 and the other /dev/lp1, but which scsi8 : SCSI emulation for USB Mass Storage devices
gets which depends on which is detected first. If one of the usb-storage: device found at 6
printers is turned off when I boot, the devices can be reversed. usb-storage: waiting for device to settle before scanning
Udev fixes this nonsense by enabling you to specify your Vendor: TOSHIBA Model: MK2004GAL Rev: JC10
own device names for each product. Using a simple set of rules, Type: Direct-Access ANSI SCSI revision: 00
udev will set the device name according to the identification SCSI device sdd: 39063024 512-byte hdwr sectors (20000
data available from each device. It will also create symlinks, so a MB)
device can have more than one name. For example, a DVD- sdd: assuming drive cache: write through
ROM drive could be accessed as any one of /dev/hdc, /dev/ SCSI device sdd: 39063024 512-byte hdwr sectors (20000 MB)
cdrom or /dev/dvd. So, how do we write our own udev rules? sdd: assuming drive cache: write through
sdd: sdd1
Making up the rules Attached scsi disk sdd at scsi8, channel 0, id 0, lun 0
The rules are contained in files in /etc/udev/rules.d. The default Attached scsi generic sg5 at scsi8, channel 0, id 0, lun 0,
file is usually called 50-udev.rules. Don’t change this file as it type 0
could be overwritten when you upgrade udev. Instead, write your usb-storage: device scan complete
rules in a file called 10-udev.rules. The low number ensures it This tells us that the device has been
will take priority over any definitions in the default file. detected as
Each time a device is detected by the hotplug system, the /dev/sdd with a single
files are read in order, line by line, until a match is found. This partition at /dev/sdd1. It is the
may be useful in more complex systems as you can set up partition we’re interested in
specific rules followed by more general ones – but we’re getting here, although some
ahead of ourselves here. mass-storage devices have no
The basic format of a rule is: partitions (much like a floppy
key1=”value”, key2=”value”, ... keyN=”value”, name=”value”, disk). Note that the device is
symlink=”value” called sdd because there are other
You must provide at least one key and a name. Extra keys pseudo-SCSI devices on this
are optional, but all must match for the rule to be applied. computer – a few SATA hard drives. If
Symlinks are optional too. Here is an example of a udev rule, you have standard IDE drives and no
used to detect and name an iRiver MP3/Ogg player. other USB storage devices connected, it
BUS=”usb”, KERNEL=”sd[a-z]1”, SYSFS{product}=”iRiver is more likely to be /dev/sda.
H300 Series”, NAME=”%k”, SYMLINK=”usb/iriver” Now that we know how the device is
The first three items are keys used to identify the device. The named, we can use udevinfo to find the
NAME, as you would expect, defines the name to be used. %k key information. First we need to find out
is the name that the kernel would have given it, such as /dev/ where in /sys the information is contained,
sda1, so this rule leaves the name unchanged, but sets a which we do with:
symlink to /dev/usb/iriver. The /dev/usb directory does not udevinfo -q path -n /dev/sdd1
need to exist, as udev will create it when needed and delete it This tells us that it is at /block/sdd/sdd1 (this is
when the last device in there is removed. There is no standard relative to /sys so if you want to look at the
convention to use /dev/usb; I just find it convenient to have all information directly, look in /sys/block/sdd/sdd1. Now
hotplugged USB devices appear here. give this information to udevinfo to see the device
There are other substitutions that can be used in NAME and details. You will get a lot of output, so enlarge your
SYMLINK. After %k, %n is probably the most useful (it contains terminal window to full screen and pipe it through a pager
the kernel number of the device). If %k contains sda3, %n like less or, my favourite, most.
contains 3. See the udev man page for a full list of substitutions. udevinfo -a -p /block/sdd/sdd1 | less
You can combine the two stages with:
Configuring udev udevinfo -a -p $(udevinfo -q path -n /dev/sdd1) | less
The real work is done by the keys, of course, so how do we
know what to use here? There are several keys available but the Picking the right keys
three most useful ones are BUS, KERNEL and SYSFS. The key information is divided into sections: you will generally
■ BUS covers how the device is connected. be looking for matches in one of the first few sections that
■ KERNEL refers to the standard kernel identification of the appear. You cannot mix information from different directories in
device (as used by devfs or a static /dev). /sys – all keys used in a single rule must come from the same
■ SYSFS keys use the information on each device that appears section of udevinfo’s output. Here are the relevant sections
in the /sys directory. This directory was added for kernel 2.6 from the output of the above command:
and is a virtual filesystem, somewhat like /proc, containing looking at the device chain at ‘/sys/devices/
information on various devices. pci0000:00/0000:00:10.4/usb1/1-1/1-1:2.0/host8/
You can browse through this filesystem to find information target8:0:0/8:0:0:0’:
on a device, but udev provides a tool to make this task easier. BUS=”scsi”
The udevinfo command is used to extract information from /sys. [snip] >>
You will need to be logged in as root to do most of this, so open looking at the device chain at ‘/sys/devices

www.linuxformat.co.uk LXF66 MAY 2005 91

LXF66.tut_udev 91 15/3/05 4:39:16 pm

 TUTORIAL udev

>> pci0000:00/0000:00:10.4/usb1/1-1/1-1:2.0/host8/ I only have one MP3 player, so the product key should be
target8:0:0’: distinctive enough. However... it isn’t. The reason for this is that
BUS=”” the entry for sdd also contains this key, and possibly an sg*
[snip] entry too, so we need a way to differentiate between the
looking at the device chain at ‘/sys/devices/ partition and the disk containing it. This is why the rule above
pci0000:00/0000:00:10.4/usb1/1-1/1-1:2.0/host8’: has a KERNEL key too. This key uses a pattern to match the
BUS=”” first partition on any SCSI disk -- – USB storage devices
ID=”host8” are identified as SCSI disks. So /dev/sdd1 matches this, but
SYSFS{detach_state}=”0” /dev/sdd does not.
looking at the device chain at ‘/sys/devices/ You can use some standard pattern-matching characters in
pci0000:00/0000:00:10.4/usb1/1-1/1-1:2.0’: the keys: * matches zero or more characters, ? matches one or
BUS=”usb” more characters and [] matches any one of the characters
[snip] within the brackets. The above KERNEL match could just as well
looking at the device chain at ‘/sys/devices/ have been written as sd?1. The BUS=”usb” part of the rule is
pci0000:00/0000:00:10.4/usb1/1-1’: not really necessary, but it does make things a little clearer
BUS=”usb” when you have a number of rules. So the final rule is:
ID=”1-1” BUS=”usb”, KERNEL=”sd[a-z]1”, SYSFS{product}=”iRiver
SYSFS{bConfigurationValue}=”2” H300 Series”, NAME=”%k”, SYMLINK=”usb/iriver”
SYSFS{bDeviceClass}=”00” The code means: find the device on the USB bus that the
SYSFS{bDeviceProtocol}=”00” kernel identifies as the first partition of a disk and has the
SYSFS{bDeviceSubClass}=”00” product ID of iRiver H300 Series, give it its original name and
SYSFS{bMaxPower}=” 98mA” create a symlink to this name from /dev/usb/iriver. You can
SYSFS{bNumConfigurations}=”1” use /udevtest to test your rule without disconnecting and
SYSFS{bNumInterfaces}=” 1” reconnecting the device. Give it the path to your device in /sys
SYSFS{bcdDevice}=”0100” and it will report which device nodes and symlinks it will create.
SYSFS{bmAttributes}=”c0” You could put usb/iriver in the NAME field, but using
SYSFS{detach_state}=”0” symlinks means that the old-style kernel name is still there
SYSFS{devnum}=”6” should anything need it. Equally, you could put your name in the
SYSFS{idProduct}=”3003” NAME field and %k in the symlink. With udev, you control
SYSFS{idVendor}=”1006” exactly how your devices are named.
SYSFS{manufacturer}=”iRiver” Whichever way you do it, pick one and stick to it to avoid
SYSFS{maxchild}=”0” confusion later. You can create multiple symlinks to the same
SYSFS{product}=”iRiver H300 Series” device but list them in the SYMLINK section, separated by
SYSFS{serial}=”0123456789AB” spaces. Here’s an entry for a DVD-ROM drive that covers all
SYSFS{speed}=”480” the bases with the old-style name, a devfs style name and
SYSFS{version}=” 2.00” symlinks to /dev/cdrom and /dev/dvd. Wherever software may
The last section shown (several have been omitted) has look for a CD or DVD, it will find it.
information specific to the piece of hardware to be named. You KERNEL=”hdc”, NAME=”%k”, SYMLINK=”dvd cdrom cdroms/
should be looking for information that will uniquely identify your cdrom0”
device. It’s usually enough to use the model name or Note that all names, whether in KERNEL keys or the NAME
manufacturer code. Where these use a generic term, I have and SYMLINK assignations, are relative to /dev/b/.
used an Epson printer that had a model string of ‘USB printer’. How about the situation with two printers? Once again, you
You may need to use something like a serial number, but it is can use udevinfo to find information unique to each. It is
not normally necessary to be this specific unless you have more usually sufficient to use a model description, but if you have two
than one device of the same model. devices of the same model, you can still distinguish between

ALL MAPPED OUT

Forgotten the specs of a device? Here’s how to run a query

You can use udevinfo to query

devices in the udev database, but
there are graphical alternatives. The
information they provide isn’t as
graphical, nor is it in a format
suitable for pasting directly into a
rule. However, they are handy for an
overview of what information is
available on a device.
KDE users can use the KDE Info
Centre to view information on
various classes of devices. If you’re
working with USB devices, you can
also get some of this information
from USBView. This may not have
been installed by default but should The GTK program USBView (above right) maps installed
be on most distros’ installation discs. devices. You can also try KDE’s Info Centre (far right).

92 LXF66 MAY 2005 www.linuxformat.co.uk

LXF66.tut_udev 92 15/3/05 4:39:18 pm

 TUTORIAL udev

them with the serial numbers. These are the rules I use for my BUS=”scsi”, KERNEL=”sd?”, SYSFS{model}=”USB SD
laser and deskjet printers: Reader”, NAME{all_partitions}=”usb/sd”
BUS=”usb”, SYSFS{product}=”Samsung ML-1510_700”, BUS=”scsi”, KERNEL=”sd?”, SYSFS{model}=”USB CF
NAME=”%k”, SYMLINK=”printers/laser” Reader”, NAME{all_partitions}=”usb/cf”
BUS=”usb”, SYSFS{product}=”deskjet 5100”, NAME=”%k”, BUS=”scsi”, KERNEL=”sd?”, SYSFS{model}=”USB SM
SYMLINK=”printers/colour” Reader”, NAME{all_partitions}=”usb/sm”
By using NAME=”%k”, the printers still have their usual BUS=”scsi”, KERNEL=”sd?”, SYSFS{model}=”USB MS
designation of /dev/lp0 and /dev/lp1, but whichever way Reader”, NAME{all_partitions}=”usb/ms”
around these names are allocated, /dev/printers/colour and Ensuring a removable device always has the same device
/dev/printers/laser point to the correct devices. Although these node really comes into its own when combined
rules are for two USB printers, you could use similar rules if you with one of the systems of automatically mounting
have one parallel and one USB printer. new devices, such as supermount.
By adding suitable lines to /etc/fstab, you can
Network name-calling have a device mount when you connect it and
Udev is not limited to devices found in /dev. It also works with unmount when you remove it, and the user doesn’t have to
network devices, as they still appear in /sys. If you have two do anything. If your kernel has supermount enabled you can
network cards in your computer, you need to know which is have a device automount with a line like this in /etc/fstab.
which. If they are different cards, you can get away with using none /mnt/camera supermount fs=auto,dev=/dev/usb/
the order in which you load the modules to determine which is camera,--,users,sync,noatime 0 0
eth0 and which is eth1, but wouldn’t it be easier if you could This assumes that you have set up a udev rule to create
give them more meaningful names, and also work easily with /dev/usb/camera when you connect your digital camera and
more than one of the same type of card? that the directory /mnt/camera exists. Note that not all digital
Information on your Ethernet device is contained in cameras work as USB storage devices, so make sure yours does
/sys/class/net. before trying to get this to work. You must use the sync option
# udevinfo -a -p /sys/class/net/eth0 when creating fstab entries for this. The option ensures that
looking at class device ‘/sys/class/net/eth0’: data is written to the device immediately. Without it, you could
SYSFS{addr_len}=”6” copy files to the device, wait for the copy to finish, unplug the
SYSFS{address}=”00:03:0d:06:52:b5” device and find that when you reconnect it the files are
SYSFS{broadcast}=”ff:ff:ff:ff:ff:ff” nowhere to be seen.
# udevinfo -a -p /sys/class/net/eth1 Some people don’t like supermount. An alternative is autofs.
looking at class device ‘/sys/class/net/eth1’: If your distro uses this you need to add a line like:
SYSFS{addr_len}=”6” /media /etc/autofs/auto.media
SYSFS{address}=”00:09:5b:24:dc:fb” to /etc/autofs/auto.master. Then create the file /etc/autofs/
SYSFS{broadcast}=”ff:ff:ff:ff:ff:ff” auto.media and add a line like
SYSFS{address} contains the MAC address of the network camera -fstype=auto,users,sync,noatime,umask=0
hardware. This is unique for every network card, so it provides a :/dev/usb/camera
guaranteed way of distinguishing between them. To give these Unlike with supermount, you do not need to create the
interfaces more meaningful and persistent names, use the /media/camera or /media directories.
following rules:
KERNEL=”eth*”, SYSFS{address}=”00:03:0d:06:52:b5”, Access privileges
NAME=”inet” So far, we have only looked at udev’s naming rules. But you can
KERNEL=”eth*”, SYSFS{address}=”00:09:5b:24:dc:fb”, also control the permissions of each device node created by
NAME=”lan” udev. The default file for this is /etc/udev/permissions.d/50-
You can’t use symlinks here, because each interface can udev.permissions so put your own settings in /etc/udev/
only have one name and they are not device files in /dev. These permissions.d10-udev.permissions. You normally will not
rules will only take effect when the interfaces are initialised. You need to do anything here, but you can easily change the
can rmmod the modules and reload them with modprobe permissions or ownership of any device. The format is one
(provided they are modules and not built into the kernel), or device per line, giving owner, group and permissions, separated
reboot to reload them. Now the two interfaces are named inet by colons. The device name can include pattern-matching
MORE INFORMATION
and lan, far more useful for a box acting as a firewall or gateway, characters. The following The man pages for udev and
and it results in easier to read iptables rules too. printers/*:root:print:0660 udevinfo provide useful
Memory card readers can cause difficulties if cards are would restrict access to printers to only those users who are information and there are
inserted or removed while they are connected to the computer. members of the print group. some useful websites,
notably www.reactivated.
This is particularly acute with multi-card readers. There is a significant difference between devfs and udev in
net/udevrules.php. Gentoo is
Only the cards present when the device was connected will terms of module handling. The former will load kernel modules
one of the few distributions
be registered. For empty slots the device for the disk will be for new devices. Udev is purely about creating device nodes – that does not include udev by
created, say /dev/sda, but not for any partitions like /dev/sda1, module loading needs to be taken care of by hotplug scripts or default in its latest release
so it’s impossible to mount a card if you insert it after by adding them to /etc/modules or /etc/modprobe.conf, (the 2005 release will default
connecting the reader. depending on your distro. to udev, though). If you’re a
This is not too much of a problem with external readers, as We doubt you’ll miss any devfs features – the fact that udev Gentoo user, you’ll appreciate
you’d simply unplug it before inserting the card, but this is hardly operates outside the kernel makes it much more user-friendly, the excellent tutorial on
practical if you have an internal card reader. Fortunately, udev and it supports symlinks and network devices too. Now that switching over to udev, which
provides a solution. Instead of NAME=, use NAME{all_ devfs is obsolete, udev is being shipped with almost every distro, is easy when explained
properly, at http://webpages.
partitions}=. udev will now create 15 partition nodes as well as and it makes sense for you to master writing udev rules. If you
charter.net/decibelshelp/
one for the disk. These rules work with an unbranded four slot want to go beyond this tutorial and learn more, check out our
LinuxHelp_UDEVPrimer.html.
multi-card reader: More Information box, right. LXF

www.linuxformat.co.uk LXF66 MAY 2005 93

LXF66.tut_udev 93 15/3/05 4:39:20 pm

 TUTORIAL Audio

FINALISING AND MASTERING AN AUDIO PROJECT

Audio and music production

PART 4 Mastering an audio project involves fixing all its minor inconsistencies.
Graham Morrison takes to the controls for the final stage in the process.

We’re going to cover the final stages of a typical audio

project in our final Linux audio tutorial. This is where
the composition’s galácticos are made into a team:
frequency ranges are massaged, a little more energy is
squeezed out of certain parts, while others need to be
restrained. It’s what’s known in the industry as mastering, and is
usually performed by highly-skilled engineers, as a fresh set of
ears can make the difference between success and failure. This
is the only way to finish a piece professionally and is becoming
part of the compositional stage with many virtual studios. There’s more to reverb than meets the ear.
Mastering uses a just few essential audio processes. We
briefly covered the basics of these effects during the first audio can be sent to an external program and re-inserted back into
tutorial but it’s worth covering them in more detail. There are the track after processing. This is the same as working with
broad divisions in the way that effects are used and external processors in a studio – which you can still do, simply
implemented. Some are purely utilitarian, while others are by making the Jack channel connect to physical input and
creative, but the majority fall somewhere between. They can be output ports.
classified into three categories according to how they act on the Ardour is also well suited to mastering a project, thanks
sound: delays, filters and dynamics. Obviously, the best way to mainly to its ability to perform the same effect-sending trick
get to grips and understand the various effects available is to from the master bus – right at the end of Ardour’s audio chain.
use them, and currently, the application that provides the best This makes it perfect for the final optimisations that often need
environment for effects processing is Ardour. to be made to a piece before you burn it onto a CD. To get the
same functionality out of Rosegarden would involve connecting
Adding effects the mastering effects manually into the final audio stream from
Any Jack-compliant application can be used for inserting effects Jack, and Rosegarden has neither knowledge nor control over
into the audio chain, but Ardour has been built from the ground what happens to this stream once it leaves the application
up to take maximum advantage of this interconnectivity. This Effects are inserted into Ardour on a track-by-track basis,
means that effects can be inserted manually into each channel, using a working style very similar to that of Rosegarden. In fact,
or you can use a function called a send in the same place. Each they both feature functionally-similar mixing windows, which is
The final project in Ardour. send creates a separate Jack channel where a track’s audio no surprise given that they were both designed to replace
dedicated mixers. The main difference is that Ardour’s mixer
features white space before and after a channel’s fader for
inserting effects. Rosegarden only supports effects added after
the fader, and while it may not sound like it, there is a distinction
between the two. As the fader controls the volume level of a
track, it means that effects inserted before the fader will
process the original audio level before it can be amplified or
attenuated: those inserted afterwards process the audio post-
filter. Depending on the effect, this can make either a little or a
lot of difference, but we’ll get to that.
Once audio has been loaded and dropped into its own track
in Ardour, effects can be assigned to the track from the mixer
window or the channel strip in the arrange window. This is done
by right-clicking in the small box below the channel’s fader (the
post-effect slot). The corresponding box above the fader is for
pre-fader effects. LADSPA-compatible effects can be inserted
by selecting New Plugin – the first of these is a delay.

Delays, filters and dynamics

Delay effects don’t just work on sound in the immediately
obvious way. Many processes rely on an array of tiny delays to
generate a more complex effect than that of simply playing
back a section of audio at a later time. The most widely used of
these in audio production is reverb (an abbreviation of
reverberation). This is an attempt to create an acoustic

94 LXF66 MAY 2005 www.linuxformat.co.uk

LXF66.tut_audio 94 14/3/05 9:09:09 am

 TUTORIAL Audio

ON THE DVD
A complete 22 track audio project to test your new skills
On this month’s DVD you should find a complete audio project After you’ve created the project, the audio files can be imported
constructed using software from the last few tutorials. The project into Ardour by right-clicking in the Region pane on the right-hand
includes 11 stereo tracks that can be loaded into Ardour. Not only is side of the arrange window – then you can either import a copy, or
this useful to see how projects can be constructed, but this import a link to the audio. Once each segment is listed on the right
particular project is perfect for practising your new-found mastering it should be dragged to the beginning of a separate track. Pressing
skills, as all the audio contained in the piece is quite rough and Play should let you hear the whole piece.
untamed (there is also an example of a mastered version of the This project presents plenty of opportunities for adding effects to
track on the DVD). the tracks (especially the pad track which really needs something
Audio takes up a lot of space (without compression these files like a flange or a phaser), and is also perfectly suited to passing
would take up over 800MB of space), so they’ve been compressed through a mastering suite such as Jamin.
using Ogg Vorbis. As long as you have this already installed, they This music has been released under the Creative Commons
can easily be converted back to WAV files using this command from Attribution-NonCommercial-ShareAlike licence. Despite its overly
the directory containing the files: complex name, it’s very similar to the GPL licence familiar to
$ oggdec *.ogg application development. You can redistribute and modify the files
The best way to get the converted files into Ardour is to create a as long as subsequent versions share the same license, but the
new 16-track project by selecting New from the session menu, then audio can’t be used commercially.
entering a project location before switching to the configuration tab For further information on the legality and the motivation behind the
and selecting 16 Tracks before clicking on Create. Creative Commons licences see http://creativecommons.org/.

environment that differs from that of the source material. of the detail that often lies just under
Audio in a recording environment is usually recorded dry – that the surface of a recording. This is
is, without any external ambiance or effect. A dry signal is most obvious when recording vocals:
versatile, and doesn’t impose its recording environment on one look at the waveform would show
other tracks. that there’s often wide variation in the
The reason that reverb is considered a kind of delay is that level of the signal (imperceptibly
it’s usually nothing more than calculated reflections and filters compensated for when listened to
from a mathematical model of a room. In a canyon-sized room in isolation).
you’d get an obvious echo, but with a smaller environment you This can make the track difficult to hear
get an almost imperceptible impression of space. As a result, when combined with the other tracks in a
these algorithms are computationally-intensive, and it’s only project. That’s where the compressor comes in. As >>
relatively recently that native processing has been able to its name suggests, it compresses the dynamic
compete with external digital signal processing hardware.
Notable reverb effects for Linux include Freeverb and gverb, and
FREQUENCY EFFECTS
they’re both perfect for augmenting a synth such as one
Multi-band mayhem with FreqTweak
created with AMS.
Other notable delay-based effects include phase and flanger. For generating a modest amount of audio mayhem, try passing
Both use discrete delays to create similar effects. The flanger your audio through FreqTweak, a graphical frequency-dependent
was famously invented to accommodate John Lennon’s hate of filter. It also has more practical uses (you can use it to monitor
audio, for example), as both the input and output audio stream
multi-tracking recording, using two tape machines and varying
can be viewed as a stereo spectrogram.
the playback speed of one by holding a finger on the machine’s
Both of the colourful graphs at the top and bottom of
reel flange to produce timing fluctuations.
FreqTweak’s main window plot the volume level of each frequency
The main function for filters, at least at the mastering stage, in a horizontal spectrum of colour. Blue represents the lower
is equalisation. In a similar way to those gigantic graphic levels, red hues furnish the middle and violet denotes higher
equalisers on the front of an eighties hi-fi, they can either frequencies. Time is
amplify or reduce the audio signal at varying frequencies. shown on the vertical
The difference in the studio is that the frequency range can axis, so as the audio
usually be configured, as can the range and density of the passes through the
effect. Early digital designs were aimed at creating the perfect spectrograph, patterns of
frequency look like
equaliser, but it was soon discovered that there was always
rainbows at night.
something missing from their character, in the same way as with
The only difference
the filters for synthesizers. This has resulted in modern designs
between FreqTweak and
trying to incorporate some of the imperfections of those older a conventional effects
hardware devices. processor is that the user
The least obvious but perhaps most important group of specifies which
effects are those involved in changing the dynamics of the frequencies are affected
audio. The simplest such device is a noise gate, which mutes (you do this by drawing
the sound when the level falls below a certain threshold. This is them on a histogram in
especially useful for eliminating the background noise from a FreqTweak’s GUI. The first
effect, for instance, is a
typical guitar amplifier.
filter, and removes the
Another dynamic effect is called a compressor (otherwise
frequencies from the FreqTweak enables you to draw
known as ‘the bane of modern music’). When misused, it forces
audio path depending on filters and delays then shows
a uniform signal level across a whole track. Music shouldn’t be the levels drawn into its you the difference using a pair
this way, but that doesn’t mean that a compressor doesn’t have corresponding histogram. of spectrograms.
its uses. In fact, it’s pretty much the only way to bring out some

www.linuxformat.co.uk LXF66 MAY 2005 95

LXF66.tut_audio 95 14/3/05 9:09:14 am

 TUTORIAL Audio

very last should be a dither algorithm for making best use of

your native 32-bit sound files when they’re converted to 16-bits
for CD).

Master and servant

Ardour’s master bus has a section for processors that need to
occupy the final stage of an audio chain. It is below the master
channel fader (labelled Post-Fader Inserts, Sends & Plugins). As
Jamin is a stand-alone application rather than a plugin, Jack
connections to Jamin need to be made from the master bus.
Right-clicking in the white box below the master channel’s fader
should present you with the option of inserting a new plugin, a
send or an insert. In this context a plugin is for internal LADSPA
effects; a send simply pipes the output from the channel to an
external process; and an insert does the same but expects the
signal to be directed back to the channel. It’s this final one that
we need to use so that the output from Jamin comes back to
Ardour’s master channel.
Once an insert has been created, Jamin itself needs to be
started. By default, it automatically connects itself to the
hardware outputs in Jack. This would create a problem on
playback, as you’d get a duplication of the signal, one being
from Ardour, the other from Jamin/. To prevent this, just
disconnect Jamin’s output from within qjackctl’s connection
window. The next step is to wire Jamin into the audio chain.
Jamin’s interface isn’t
as bad as its name.
>> range (that’s the gap between the loudest and the quietest While this can be done from qjackctl’s connection window,
parts), generating a more consistent level. In simple terms, it Ardour has a considerably simpler interface and is often far
attenuates the loudest parts while amplifying the quieter. easier to use than the spaghetti wiring you often get using
The whole point in covering these processes in some detail qjackctl. To make this connection from within Ardour, right click
is that they’re all involved in the mastering stage of a project. on the newly-created insert and select Edit. This brings up
Using a compressor with equalisation on a vocal track is often Ardour’s own connection window, with the inputs on the left and
essential. The same is true, to a greater or lesser extent, of the the outputs on the right. At the moment, there’s only a single
other components in a project. Bass tracks rely on compression output enabled – the equivalent of sending audio in mono. This
to create the pumping punctuation in a typical dance track as is useful for some effects, but would be catastrophic for the
much as compression on a vocal can change the emphasis in a master track.
performance, so it’s not all about volume. To add the other channel, just click on Add Output. To make
If you’ve managed to take all this in, we can now move on to the connection, select the Jamin tab for both the input and
the mastering stage. Linux features a specific mastering output channels, followed by clicking on the Jamin outputs as
application, which in keeping with other dreadfully-named Linux they appear in the list. This should move them to the output
audio utilities is called Jamin. It’s basically a hard-wired group of box on the left of each section and at the same time make the
mastering effects, arranged as you might typically use them for connection within Jack. Finally, the insert needs to be enabled,
finalising a project. This is meant to be the last process in the either from the menu, or by middle clicking on the insert (this
audio chain before the track is burned to disc (actually the should remove the brackets).
If all has gone well, when you next play through the project,
the output should be routed first to Jamin and from there back
TAKING CONTROL
to Ardour. You can tell that Jamin is working when there’s lots
External controllers and Linux
of activity in its window. That window is a little intimidating at
Getting the volume levels right for a project individual track from a well-specified hardware first, but it’s really only providing access to a combination of
with 11 tracks of audio is difficult at the best of interface to an external mixer. The other way is to three compressors and a parametric equaliser, plus a couple of
times, but moving virtual sliders with a mouse use an external hardware controller that’s
button makes it even harder. Mixing consoles interfaced to the computer in some way.
give music engineers instant access to a track’s While you may think that these controllers are
volume through its corresponding fader, and the domain of other more popular operating
several faders can be moved at once. systems, this isn’t necessarily the case. Because
The only way to achieve the same most of them use MIDI as their transport
thing with a mouse is by protocol, nearly any generic interface
using automation is compatible.
to record the What’s more, there are
movement now interfaces that
on each accept incoming
channel’s MIDI, which
fader over enables them to
several passes of update their
the piece of music. surfaces to reflect the
There are two on-screen version.
possible solutions to this Behringer’s controllers
problem. One is to output each work with Linux.
The three compressors act on different frequencies.

96 LXF66 MAY 2005 www.linuxformat.co.uk

LXF66.tut_audio 96 14/3/05 9:09:17 am

 TUTORIAL Audio

boost and limit sliders. Why three compressors? Well, each is

frequency dependant, which means they each process a LINKS
separate frequency range. To help with this, the upper area of Software used
Jamin’s display houses a spectrum analyser, which maps the this month
volume on the Y axis and the frequency on the X. Lower Ardour 0.96beta26
frequencies are on the left, higher on the right, and the www.ardour.org
frequency at the cursor position is displayed under the window. FreqTweak 0.6.1
Parametric equalisation can be edited either from the http://freqtweak.
spectrum analyser or from the more familiar slider interface sourceforge.net
Jamin 0.95.0-beta2
presented under the 30 Band EQ tab. From the spectrum
http://jamin.sourceforge.net
analyser the equalisation curve can either be drawn by hand, or
SWH Plugins 0.4.13
edited by dragging the curve anchor points, which are shown in
http://plugin.org.uk
yellow. Points over the middle line boost the signal, while those
below reduce it: the width of the boost can be edited by
broadening the curve. A tight notch at 50 or 60Hz for example
could reduce hum from an electrical supply, while a broad gain
at around 2–5KHz would lift a vocal slightly, whereas further
gain in the 15KHz+ region can introduce an almost
imperceptible definition to a recording. 15KHz is about the
upper limit of human hearing – but you dog will love this effect.

Compressed Ardour
The green and red vertical bands are the crossover points for
the three compressors. Any frequencies that fall between the
left border and the green bar are sent to the low (or bass)
compressor. Those that fall between the two bars are for the
mid-range, and those to the right of the red bar are sent
through the high frequency compressor. And you thought you could leave wires behind.
Each compressor shares the same controls, labelled as each change, and this can be made much easier using the solo
ARTrKM across the top of each section. These letters represent switch, isolating the audio that’s sent to the current compressor.
attack, release, threshold, ratio, knee and makeup gain, and are The most important parameter though is ratio, as you can see
typical to nearly every compressor. when changing this value on the graph – it changes the ratio
Beneath each compressor’s sliders are a pair of level between the amount of attenuation and the input volume.
indicators. The top one displays the volume for each respective Once the project has been tweaked in Jamin, the next thing
compressor’s frequency, and the lower shows the gain reduction to do is render or record the final output to an audio file. This
incurred on the source frequency range by each compressor. All should make it relatively easy to either burn the track to a CD,
these elements are brought together in the curves shown in the or upload your masterpiece to a website. From Ardour, open
corresponding compressor tab. These are a graphical the Export Session window (Session > Export > Export Session
representation of the lower parameters and show the level of To An Audio File) and change the filename. The rest is
attenuation for any given input level. Unaltered volume would project-dependent: for CD you would obviously need to make
be a straight line between the lower left corner and the sure that the sample format is set to 16 bits and that the
right-hand end of the horizontal zero gain line (values above frequency is 44.1KHz.
this line represent gain).
In a typical session, you would move the threshold to the The show must go on
point where the gain reduction indicator starts to bounce, then If you have been working with high sample and bit rates (and as
alter the attack and release depending on the material and the Ardour uses 32-bit floats for internal processing, you probably
frequency range. Slower material obviously benefits from slower have) the output quality can be improved by using dither.
envelopes, while punchier music needs the faster recovery Dither in audio works in exactly the same way as it does in
times of a quicker envelope. It’s important to hear the effect of video, and hides the imperfections inherent in digital stepping
by applying a veil of noise. For best results, experiment with the
different dither algorithms – but I find Shaped Noise often suits
my stuff best.
Finally, make sure the master outputs are selected in the
Output selection and click on Export. Ardour will then run
through the whole project and render the output to an
audio file.
And that’s it. You should now have the finished product on
your system in the shape of an audio file. Over the last few
months, this series of tutorials has covered the basics of Linux
audio, starting with the fundamentals of ALSA and Jack, NEXT
followed by synthesis and sound generation before the reaching
the final stages of mastering. While in many ways this has been
MONTH
The end is only the beginning
only a brief overview of the many audio possibilities available to
– in next month’s issue we’ll
Linux users, the main intention has been to whet your appetite
look into the future with
enough to push you into actually doing something, and if you do,
Linux and cutting-edge audio.
The before and after effects of mastering. you know where you can send the results! LXF

www.linuxformat.co.uk LXF66 MAY 2005 97

LXF66.tut_audio 97 14/3/05 9:09:19 am

 TUTORIAL PHP

LOGGING IN SITE USERS SECURELY

Practical PHP programming

Mischief-makers want to crash your site; hackers want to steal your visitors’ data. If you’re feeling under
siege, follow Paul Hudson‘s three steps to logging in users securely while keeping out internet riff-raff.

Websites that require visitors to log in first – perhaps sites (known as PageRank). Second, most blogs use
before posting to a forum, accessing content or off-the-shelf software. As a result, spammers have written
placing an order – need to take the process seriously. scripts that look for the Post Comment fields in a blog and fill
That means getting the login data to the server securely, them full of links to their sites. Google then thinks these sites
ensuring it’s legitimate, verifying the visitor’s credentials and are popular, and indexes them highly.
then issuing them with access rights. The first of these tasks is This technique – an automated form of Googlebombing –
handled transparently by SSL, so we needn’t concern ourselves has been plaguing blogs for a long time. Websites can now
with it. But as this tutorial will show, we can use PHP to manage place a No Follow option on unwanted links to make Google
the other three steps, which we can summarise as: and other search engines ignore them – perfect. However, this
■ Validate Ensure that the inputted data is what you expected, doesn’t actually stop comment spam, it merely makes it less
of the correct length and correctly formatted. desirable for the baddies. It’s still possible that the person
■ Authenticate Check what the user provided against what posting a comment to your site isn’t a person at all.
you have in your database. Another thing we should be looking at is bad input in online
■ Allocate When you have established that the user should forms – either people trying to type extraordinarily long
have permissions, issue them with an access token that gives usernames or people trying to enter bad input specifically for
them access rights to their account. malicious purposes. We also need to ensure it comes from a
Follow the advice over the next four pages and you can’t fail real person and that they haven’t tried to spoof the referer
to put in place a secure system for logging in users. Relatives of (nb this is not a typo: our elite troupe of editing monkeys know
African dictators, ambitious database hackers and fraudsters that this word is spelled with a double ‘r’, but the official W3C
with a talent for spending other people’s credit cards will all be standard is ‘referer’ – hurrah for official incompetence!).
politely shown the door, leaving your validated, access-wielding So, first up: how can we prove the person who submitted our
users to party online in peace. form is a real person? What we want to put in place is what
Alan Turing called an imitation game, now called a Turing test:
Step one: validate! we interrogate the entity submitting the form, and – because
Web logs have swept through the internet in recent years, to computers are not (yet) able to masquerade sufficiently well as
the point that every self-respecting geek must have one. But humans – we should know for sure whether it’s a machine or a
they’ve brought with them the scourge of comment spam – person at the end of the wire.
unwanted or downright malicious messages being posted. A popular method right now is the Turing test image, where
Two things make comment spam possible. First, Google you show the user some text in a picture and ask them to type
ranks highly websites that have a high number of links to other it in. This works fairly well, but has its downsides: as an image, it

98 LXF66 MAY 2005 www.linuxformat.co.uk

LXF66.tut_php 98 15/3/05 6:17:05 pm

 TUTORIAL PHP

cannot be scaled up for people who have sight problems (and should then be $add_one + $add_two + $time. When the
their screen reader cannot read out the image contents – it’s form gets submitted, we check that the answer is correct, but
designed to be unreadable by computers, remember!), and it’s also that the post was submitted within 30 minutes of the user
invisible to people who browse the web with images turned off. being shown the form – we essentially make the hash answer
Instead, we’re going to do something text-based. Our valid for only half an hour.
solution is to ask the visitor to type in the answer to a simple Once we know that our input is from a real person, we can
sum, such as nine plus three. We don’t want to discourage eliminate potentially bad data – this is the easy part. Our goals
people from submitting comments or ordering from our store here are to:
by asking them things that will make their brains hurt, so we’ll ■ Trim all data to the size we’re expecting.
only be using the numbers one to ten and will be sticking to ■ Substitute reserved characters with their HTML equivalent.
simple addition. ■ Escape quotes.
In PHP, we’re looking at something like this: We can do all that with just one line of code, like this:
<?php $mytext = add_slashes(substr(trim($mytext), 0, 50));
$numbers[0] = “zero”; The ‘50’ part is arbitrary: you will want to change that to the
$numbers[1] = “one”; length you’re looking for.
$numbers[2] = “two”;
The final task is checking the referer, which again is quite
$numbers[3] = “three”;
simple. PHP provides it as a string in $_SERVER[‘HTTP_
$numbers[4] = “four”;
REFERER’]. As mentioned, this is easy to spoof, and in addition
$numbers[5] = “five”;
$numbers[6] = “six”; to this some firewalls are configured to strip referer information
$numbers[7] = “seven”; out of requests being sent.
$numbers[8] = “eight”;
$numbers[9] = “nine”; Step two: authenticate!
$numbers[10] = “ten”; Once we have our login information, we can run it against our
$add_one = array_rand($numbers); database to see whether the user is authorised. Of course, our
$add_two = array_rand($numbers); database passwords aren’t stored in plain text (right?). Instead,
?>
we hash them with SHA1 so that even if our Gringotts-like
<form method=”POST” action=”first.php”>
database gets broken into, the passwords will still be safe.
Some text: <input name=”Comment” type=”TEXT” /><br /><br />
This can be the easiest part of the entire process. When users
Please answer this simple question: what is <?php echo
$numbers[$add_one]; ?> plus <?php echo $numbers[$add_two]; set their password, SHA1 it and store it away. Then, when the
?>?<br /> user logs in next time, SHA1 their input and compare it with the
The answer is <input type=”TEXT” name=”CommentSumAnswer” stored copy.
/> (please write in numbers, eg 19)<br /><br /> So, yes, that’s easy – but is it the most secure option? No. Is
<input type=”SUBMIT” value=”Add comment” /> it even the most user-friendly option? Again, no. However, it is
<input type=”HIDDEN” name=”CommentSum” value=”<?php echo the easiest option if you’re lazy: it puts password stealing out of
md5(sha1($add_one + $add_two)); ?>” /> reach of nearly everyone in the world, and only has two
</form> downsides, namely: users are required to enter their full
In that code, we have an array of 11 numbers: zero to ten. password; and users cannot be given a reminder if they forget I’m glad I
validated this glass
We pick two randomly with array_rand() and add them their password.
– it’s filthy!
together. The form gets submitted with the user’s answer to the The first of these drawbacks sounds like it is entirely negated
question, plus a coded version of the correct answer. SHA1 and by SSL, because it sends the password encrypted over the wire.
MD5 are both hashing algorithms that generate a fixed-length However, if you’ve ever wanted to check your email while at a >>
string that can be used to validate another string. That is, setting conference or while sitting in an internet café abroad, you will
a HTML field, ‘CommentSum’, to the value of md5(sha1($add_
one + $add_two) will add the two numbers together (say they
were seven and six, giving 13), then hash them with the SHA1
algorithm, then hash the SHA1 algorithm with MD5.
We then transmit that to the server, and hash the user’s
answer in the same way – our two answers should match.
Yes, this is security through obscurity, but it’s a surprisingly
common trick. Often a magic number is rolled into the mix,
eg $add_one + $add_two + 0xBEEFEEBABE or 0xC0FFEE.
And that’s the least of our problems: have you spotted the
fatal flaw in the current plan? Well, consider this scenario: a
spammer visits our site personally to find out why his weapon of
mass spamming hasn’t managed to fill our site with spam.
There he sees the question, ‘what is five plus six?’ and also
sees the hash value that tells the server what the answer
should be (‘c8180c19e5a1278cddf5248331ef7fa5’).
What’s to stop him submitting the form by hand, sending ‘11’
and ‘c8180c19e5a1278cddf5248331ef7fa5’ each time? Well…
nothing – the server can’t tell that the spammer is forcing the
question and providing the set answer, so this makes our code
easy to break.
The solution is quite simple: along with the question and
answer, we provide a field marked ‘Time’ that records the time
at which the form was shown to the user. Our answer hash

www.linuxformat.co.uk LXF66 MAY 2005 99

LXF66.tut_php 99 15/3/05 6:17:08 pm

 TUTORIAL PHP

>> know that SSL only secures half the equation – it stops people It’s a little harder to read in code, but if you’re still with me
from reading the password when it’s going over the web, but it at this point then I imagine nothing will scare you off.
doesn’t stop people from reading the password if they have <?php
installed a local key logger. Paranoia rocks – just ask Ozzy. $plaintext = “This is very important data”;
The second drawback springs from the fact that SHA1 is a $plainkey = “There’s nowt as queer as folk”;
$td = mcrypt_module_open(MCRYPT_RIJNDAEL_256, ‘’,
hash algorithm that performs one-way encryption. That is, you
MCRYPT_MODE_CFB, ‘’);
can’t get the plain text input from the SHA1 output. As a result,
$iv = mcrypt_create_iv(mcrypt_enc_get_iv_size($td), MCRYPT_
if a user forgets their password you cannot simply ‘decrypt’ the
RAND);
SHA1 key and send it to them. $ks = mcrypt_enc_get_key_size($td);
Is there a solution here? Absolutely, but it takes that “easiest $key = substr(sha1($plainkey), 0, $ks);
part of the entire process” we wrote about and turns it into mcrypt_generic_init($td, $key, $iv);
something that requires some mathematical analysis. The $ciphertext = mcrypt_generic($td, $plaintext);
process is called symmetric encryption, but before you drop mcrypt_generic_deinit($td);
your copy of LXF and run, hang on – despite appearances to mcrypt_generic_init($td, $key, $iv);
the contrary symmetric encryption is nothing to be afraid of, $decrypted = mdecrypt_generic($td, $ciphertext);
mcrypt_generic_deinit($td);
though there are a few terms you need to know:
mcrypt_module_close($td);
■ Block cipher Your source text gets split up into chunks
echo <<<EOT
when it’s encrypted, and a block cipher decides how each
Input was “$plaintext”
chunk is handled. Key text was “$plainkey”
■ Ciphertext This is the encrypted version of your source text. IV was $iv
■ Initialisation Vector (IV) A value (preferably kept secret) Key was $key
that’s used to make your input look less conspicuous. Ciphertext was $ciphertext
■ Key This is the secret value that, combined with your IV, Decrypted was “$decrypted”
encrypts your data. EOT;
On top of that, we also have a choice of encryption ?>
algorithms and key sizes – we’ll be using 256-bit Rijndael Do run this script before trying to understand it – if only for the
(commonly known as the Advanced Encryption Standard, or fact that it’s reassuring to see it print working data out before
AES) but there are others to choose from. committing its mechanism to memory!
The complete encryption and decryption process follows First up, we create $plaintext and $plainkey to hold the
these steps: data we want to encrypt and the secret encryption string,
1/ Select an algorithm and block cipher. respectively. What you choose as your key is important, but
“No, I don’t
2/ Create an IV. don’t worry about getting it to a particular length – as you can
think authentication
will be necessary. If you 3/Create a key. see in the script, it gets passed into sha1() so that it uses more
say you have $20 million 4/ Initialise the algorithm with the IV and key. characters, then trimmed to the length of the key that the
stuck in Nigeria I believe 5/ Encrypt. algorithm accepts.
you, buddy.” 6/ Unload the algorithm, IV and key. The call to mcrypt_module_open() takes an algorithm as
7/ Reload the algorithm, IV and key. the first parameter and the block type as the third parameter –
8/ Decrypt. leave parameters two and four blank. As you can see in the
9/ Unload the algorithm, IV and key. code, the first parameter is where you select the algorithm you
want – as mentioned above, 256-bit Rijndael is used here, but
you can use others such as MCRYPT_SERPENT_256 or
MCRYPT_TWOFISH_256.
That said, you should keep in mind that no one ever got
fired for using AES, as it is the recommended encryption
standard. While the other two algorithms are very strong pieces
of work – Twofish was Bruce Schneier’s attempt to compete
with AES; Serpent is the strongest of the three (and the
slowest!) – you should only need them if for some reason AES
doesn’t meet your needs.
Next up, we create our IV using mcrypt_create_iv(). This
takes the size of the IV to create (provided through the return
value of mcrypt_enc_get_iv_size()) and the random number
generator it should use – MCRYPT_RAND uses
/dev/random. The IV gets applied to your data before it’s
encrypted, to make it look more like white noise – a process
known as whitening (it’s essentially pre-encryption). After
generating the key, we place it and the IV into the algorithm
using mcrypt_generic_init(), then use mcrypt_generic() to
finally perform the encryption.
In between encryption and decryption, you can see that we
use mcrypt_generic_deinit() to free up the resources –
without this, decryption simply will not work (you’re welcome to
try it). At the end of the script, mcrypt_module_close() is
called to free all the resources up before the script terminates.
At the end, all the variables are printed out so you can see
exactly what has gone on – I would print the output here, but

100 LXF66 MAY 2005 www.linuxformat.co.uk

LXF66.tut_php 100 15/3/05 6:17:11 pm

 TUTORIAL PHP

Now I’ve been

allocated access
the encrypted text uses some pretty wacky characters that rights the world is
simply won’t make it through the print process. my oyster!
Now that we have working encryption we can store
complete passwords in our database without losing the ability to
decrypt them for checking. However, that is only a stepping
stone towards our goal. In order to fully secure our users we
should ask them to type in only part of their password. For
example, it would be a smart move to ask users to enter letters
2, 5, and 3 from their password one time, 1, 4, and 5 the next
time, and so on. You’d then decrypt the password and check
individual characters.
This method doesn’t make your system foolproof (the
universe is always giving us better fools), but it does make it a
great deal stronger. That’s because to be able to piece together
the full password a hacker must monitor several login attempts
and store both the request (in order to know which letters the
user is providing) and the keys being typed.

Step three: allocate!

We’re at the last phase now, so you can get ready to put the
kettle on and give your mind a well-earned rest. Don’t let
yourself switch off yet, though – this is the most important part
of the whole operation.
You see, it’s at this point that we grant site access to our
users – the point at which we hand them the keys to our
Ferrari, as it were. This is dangerous, because if a malicious user
gets an authenticated user to relinquish their access privileges
(either through social engineering or some technical wizardry)
it can cause havoc on your system and result in a very irate
bona fide user.
So what we’re looking at here is the question of how to 4/ User logs into their account.
allocate security privileges to a user in a way that it becomes 5/ Villain goes to site with same session.
incredibly hard to subvert those privileges. The most common 6/ Site notes that villain browses with Firefox and cuts him off.
tactic around right now is called session fixation, and is actually 7/ User carries on browsing innocently.
quite cunning. If you’ve looked into how PHP’s sessions work, Of course, more than 80% of the world uses Internet
you’ll know that it sets a field called PHPSESSID with a random Explorer right now – but this doesn’t make our solution any less
value like this one: 5p6oail4fcjie309su6dkoc6o4. That value valid. For example, we tried IE out on a Windows XP box, and its
gets stored in a cookie on the user’s local machine and gets user agent was ‘Mozilla/4.0 (compatible; MSIE 6.0; Windows NT
sent to the server with each request so that PHP knows which 5.1; SV1; .NET CLR 1.1.4322’ – that’s pretty distinguishable! If
session to load. Anyone able to guess the session ID of a valid our hacker doesn’t have exactly the same versions of Windows,
user will be able to get their access rights. IE and .NET, then he’ll have a different user agent – simple.
Being both long and random makes the session ID very Regenerating the session ID is just as easy to do, thanks to
difficult to predict. However, it turns out that you don’t actually the function regenerate_session_id(). By ‘privilege elevation’ I
need to guess the ID at all – you can just pass a pre-generated mean ‘whenever your user acquires access rights’. When they
value and PHP will use that. For example, <A HREF=”http:// click on the Evilhaxxor link through to your site, they will be
www.somesite.com/foobar.php”> would link to foobar.php guests by default – they won’t be able to post messages, buy
and allow PHP to generate a random session ID. But things, and so on. To do that, they’ll have to log in, which usually
<A HREF=”http://www.somesite.com/foobar.php?PHPSES entails the entry of a username and password. When we
SID=evilhaxxor”> would link to the site and use the session authenticate them, they’ll have their privileges elevated – they
ID ‘evilhaxxor’. A dastardly villain need simply wait for someone can do all the things they would expect to do with their account.
to click on their link and Mitnick’s their uncle. It’s at that precise moment that we should regenerate the
As usual, there is a solution waiting in the wings. To foil our session ID, because if they are the victims of session fixation
attacker, we can do one of two things: tie the session to a then the villain will be left with the old, guest session, and our
particular characteristic of the user that created it; or new user will get a fresh, clean and safe session.
regenerate the session ID on privilege elevation. Of course, for Using regenerate_session_id() is simple: just call it (with
maximum security we can do both – and that’s what we’re no parameters) and ignore the return value. It automatically

NEXT
going to be looking at right now. copies the data across from the old session to the new, and
Tying the session to a user can be done in a number of ways. sends out a cookie to the user with the new session ID. The one
Surprisingly, the easiest way is probably the best: we take the
user agent of the visitor and store it in the session. This then
thing that might catch you out is that last part: it sends out a
new cookie, which means that you must call it before you send
MONTH
gets referred to each time the page loads, to ensure it’s the any HTML content, otherwise it won’t work. Calling this function We’ll be diving into the world
same person on the session. Step by step, we get this: is very fast – if you were particularly paranoid you could change of natural language: can we
1/ Villain sets link with known session ID. the session ID each page! spellcheck users’ input?
If not, can we at least
2/ User clicks on link, gets known session ID. But then paranoia is no bad thing on the internet right now
phonetically guess what
3/ Site notes that user browses with Internet Explorer, stores this – so setting up a secure login process like the one we’ve talked
they mean?
in session. you through here is a darned sensible step to take. LXF

www.linuxformat.co.uk LXF66 MAY 2005 101

LXF66.tut_php 101 15/3/05 6:17:12 pm

 ANSWERS

Answers
If you are really stuck and the HOWTOs yield no good result, why not write in?
Our resident experts will answer even your most complicated problems.

OUR EXPERTS Acer in a hole out of the wired Ethernet interface.

Q
A while ago I took the Without information on specific
Whatever your question, we can plunge and installed configuration options, and the current
find an expert to answer it. From SUSE 8.2 with a Centrino state of the system, it’s difficult to put
installation and modem woes to wireless card on my Acer my finger on an individual cause of
network administrations, we can laptop. I’ve since upgraded to 9.2 your network problems.
get the answer for you – just fire
and have 9.1 Professional installed Samba on each host will need to
off a letter or email and it'll all be
taken care of. on my desktop. be configured via the etc/smb.conf
I expected all sorts of problems file, so they’ll both belong to the same
with the laptop, but they didn’t workgroup. Even without this change,
LXF Answers guy materialise, except for one major you’ll be able to access shares
David Coulson is
issue – I can’t get it to talk to permitted in etc/smb.conf by
a networking and
security guru with anything. That’s not quite true – it specifying the IP address of the host
plenty of sysadmin will connect to the internet if I cable in the Samba client.
experience to boot. it into my Linksys router, but... Rather than using Samba, file
■ Neither of my Linux boxes can sharing on Linux is better done using
see one another (I set the Samba NFS, which can be configured using
server up on the desktop using the SUSE system configuration tools,
Nick Veitch is the YaST, and the laptop up as a or by editing etc/exports.
editor of the Configuring laptops can be tricky.
Samba client). With all laptops, it’s a good idea to
magazine, and We’d suggest you use NFS for
answers your easy ■ The wireless card won’t connect filesharing with your desktop. start over at www.linux-laptops.net,
questions! Or to the internet or see the other and see what success others have had
indeed anything to computer. Otherwise, I guess it’ll be back with Linux and specific configuration
do with Grub, LILO, netatalk, Vi... ■ I can’t get a connection via to Windows but using as much options used. Laptops are,
bluetooth to my T610 phone. open source as I can. Your unfortunately, rather strange beasts,
■ Infrared works according to magazine is excellent – I’ll probably and it can be difficult for developers
Hans Huberland
YaST’s Test button, but won’t do still read it even if I have to say bye to get their hands on every single
is Rackspace anything beyond this. bye to Linux. variant out there.
Managed Hosting’s ■ The inbuilt modem is recognised Richard Moore You may want to give a distribution
Linux expert and a and dials telephone numbers, but The simplest way to solve such as Mandrake or Fedora Core a
real-life system
administrator on
call for your questions.

Send your questions for our experts to:

Linux Format, Future Publishing,
beyond that PPPd crashes - no
connection again.
I’m on the verge of stripping
SUSE off the laptop because it’s
using up so much of my work time
A this problem is to begin at
a low level and try to ping
hosts on the network. If you
can ping the other system by its IP
address, then the chances are that the
try and see if you have anymore
success. Often, different Linux
distributions have kernel patches
installed, which resolves any problems
interacting with various hardware
30 Monmouth Street, Bath BA1 2BW
just trying to get connected to basic network is OK. devices. DC
or email [email protected].
deliver work to clients. Why does There are situations where pinging
Got a sysadmin query? Send it to Hans
at [email protected]. it have to be so difficult? I’m not works and file transfers do not, but Linux for business

Q
a techie but I’m a very competent these are few and far between, and I’ve got a good one for
Windows user. are generally limited to complex you. I’m not sure that
If I could find someone to talk network configurations. this can be categorised
me through this, I’d feel different, I You can verify the IP configuration as a technical question
expect. As it is, I only have limited and routing on the laptop using but the only other places I can find
time to trawl the internet and then ifconfig –a and route –n. Your answers are bound to be biased.
start tailoring dangerous-looking on-board Ethernet will be eth0, and I’m a Linux business user. Most
configuration files. your wireless will be eth1 or wlan0, of our back-end servers and
I like Linux and I support depending on how the distribution services are Linux-based. Our users
open source software and make handles wireless access. don’t care whether we use Red Hat,
donations but it’s just getting to be If you can access the wireless SUSE, Microsoft Windows or Baron
too much. If you can help me get router, but can’t get out onto the Samedi-style voodoo – they all
wireless and bluetooth operating Internet, then the fault is likely to be a have Windows desktops and
on my laptop and make my two routing issue on the device; either essentially just want to browse the
Linux boxes ‘see’ one another, I’d be because a default route is missing, or net and get their mail and files.
mighty pleased. the system is trying to send all traffic We’re upgrading our server

102 LXF66 MAY 2005 www.linuxformat.co.uk

LXF66.answr 102 14/3/05 10:48:00 am

 ANSWERS

hardware, which is extremely dated IBM etc. These guys make

and is about to fall out of warranty phenomenal hardware – it’s their ALL ABOUT RACKSPACE
(it’s already been End of Life for business to, but many of them only
some time). support Linux as an afterthought. LXF Sysadmin
Answers – in
If fortune favours us we’ll be From my own experience Dell have it association
able to do this upgrade one server covered on their rack-dense servers. with Rackspace
at a time, so we’re not under They can offer you Red Hat Enterprise Managed
immense pressure to get the entire with SUSE preinstalled at the factory, Hosting
network done in one go. We have a which means you can be confident of
decent budget but can’t go on a having good driver support.
complete shopping spree. Another big company taking bold
Now for the questions: what’s strides is IBM. IBM has always been a
the best server hardware to go for favourite of mine, and with the
if we’re looking for Linux millions of dollars they’re pumping
compatibility? We’d like the vendor into open source they’d be a safe bet. When it comes to managed hosting the outset and will remain on your
Rackspace is unique. We are the only account. All Rackspace employees are
to have official Linux support – not At the other end of the spectrum
hosting company to guarantee 100% committed to ensuring customer
just some guy on the net who’s got you get the true grass roots Linux
network uptime and we will even satisfaction, and they will not rest until
some source for BSD we can try to companies that make their own pledge to replace faulty hardware (let’s a client problem is resolved.
cross-compile with mixed results. servers mostly out of commodity face it, it does happen) within an hour. Since Rackspace was established in
Secondly, is it really worth going clone hardware. As you would expect from Red Hat’s 1998, it has specialised in managed
for one of the paid-for Linux There are loads of such companies only Advanced Hosting partner you will hosting – nothing else. We’re not an ISP,
distros? All our current servers use around, and most of them are small receive Fanatical SupportTM and instant we don’t sell domain names, and we
Red Hat 8, which works pretty well. and so give a more personalised emergency response from won’t offer website design – all we do
A Red Hat-based distro would seem service than the big hitters. These fully-qualified level three technicians, is managed hosting. As a result, we do it
an obvious choice but is Red Hat’s companies are built on Linux so available 24 hours a day, 365 days a very well and 97% of our customers
year. No answering machines, no would happily recommend us.
Enterprise Linux the best option, or providing a product built with Linux in
diversions, no silly on-hold messages. For information on how we can
would we be better off with mind is what makes them tick.
All our customer platforms are improve your web hosting, please
Fedora? Having said that, if we’re When it comes to picking a vendor housed in state-of-the-art, secure data contact us at www.rackspace.co.uk
going to be paying money for this, for your software it gets more blurred. centres and can be fully customised to and ask any questions you have about
would SUSE would be better? Here are the main reasons I would be meet any requirement. A dedicated the ultimate managed hosting service.
Thanks for your help. willing to pay for a Linux distribution: account manager is allocated to you at See page 107 for Rackspace’s star letter.
RJ ■ Updates If a company provides a
Wow, an IT department with Linux package they’re obliged to keep

A a budget, fantastic start!

Before I give you my view
and trigger an onslaught
of hate mail please remember that
this is only the opinion of one simple
it running securely.
■ Support There’s someone to call;
even if it may cost a little money.
Different levels of support are available
for different budgets.
Red Hat will give you the actual
operating system license as well as a
subscription to their up2date service
for patches. Also, if they release a
newer version (such as the upcoming
software for my motherboard from
the Intel site. I’m running
Fedora Core 3 on my machine and
have an external USB 2.0 hard disk.
Using it on USB 1.1 ports is
man trying to make his way in the ■ Accountability Often the people RHEL4) you’ll be able to download extremely frustrating. Can you tell
universe, based on my own paying the cheques like to know that and install that too. For the me how I can I enable Hi-Speed
experience with server hardware and there is somebody they can hold approximately £500 standard USB 2.0 speeds?
Linux distributions. accountable for a failure in service, package they’ll answer an unlimited Andrew M
Most of the hardware vendors out either of the product or any of the number of queries within four hours USB 2.0 under Linux
there are really very good. I’d say
there are two main categories to
choose from here. The top tier
hardware vendors like Dell, HP, and
ancillary services.
I’ll focus on Red Hat in particular
as I have no real experience with
Novell/SUSE’s commercial offering.
during business hours.
This level of service can be
upgraded all the way to one-hour
response times, 24/7. SUSE’s free
product support will also work very
A requires a supported USB
2.0 controller and the use
of the EHCI module to
access the USB subsystem. You can
verify which USB modules your system
well for you but don’t expect anything is loading by using dmesg, which
more than Google for help; you really displays kernel information from system
do get what you pay for when you’re boot time. However, what you describe
talking support. may be related to a problem with the
Having said that, if you’ve been EHCI module itself. The kernel 2.6.10
using the free Red Hat product for source included EHCI driver software
some time, you can probably support which seems to confuse some controller
yourself quite adequately whatever cards (To be fair, the EHCI drivers are still
distro you go for. HH rather experimental).
This can cause quite a few
Hi tension problems. The easiest way to fix

Q
I have a D845WN Intel your woes is to change your
motherboard, which kernel. It is possible to go back to
(according to the Intel an earlier version, but before you try
website) has Hi-Speed that, check out http://download.
USB 2.0 ports. Unfortunately I’ve fedora.redhat.com/pub/fedora/
USB 2.0 is provided using the EHCI capability in the Linux kernel, not been able to attain high speeds, linux/core/updates/3/ for updates to >>
allowing for high-speed data transfers. even after installing all the relevant the Fedora kernel. NV

www.linuxformat.co.uk LXF66 MAY 2005 103

LXF66.answr 103 14/3/05 10:48:01 am

 ANSWERS

FREQUENTLY ASKED QUESTIONS MOZILLA

FAQ WHAT IS MOZILLA? grab the binary tarballs – not to mention FAQ I HEARD THERE WAS A exposing these projects to a much
IT’S SORT OF LIKE the fact that it can take a matter of LOT OF COOL STUFF IN wider audience.
NETSCAPE, ISN’T IT? hours to build Mozilla on a reasonably MOZILLA? WHAT DOES IT DO So hop on over to
Mozilla was developed with the powerful system, so it’s not something THAT NETSCAPE DOESN’T? www.mozdev.org and take a look at
source code originally used to build you want to rebuild a few times every Generally, Mozilla is significantly more the top 50 projects to see if there are
Netscape 4. However, it has practically day on a PII500. stable than Netscape 4, and its any that interest you. Some are quite
all been rewritten, so apart from the rendering engine (Gecko) is completely silly and don’t do anything particularly
general look and feel, it’s a completely FAQ IS IT STABLE, OR IS IT compliant with the HTML, XHTML and useful, but others will be new-found
new internet browser (technically it’s a LIABLE TO FALL OVER CSS standards, as well as being much essentials that you’ll wonder how you
web suite of applications). AND BURST INTO FLAMES? faster than the HTML rendering system ever did without.
Netscape (which is now owned by The Mozilla Foundation released its that was used with Netscape 4.
AOL) has in turn taken the Mozilla 1.0 build quite a while ago, and the A number of HTML and CSS tests FAQ OOPS! MOZILLA DIED
code and modified it slightly to current stable release is 1.6. There are are available with Mozilla to show off its ON ME. HOW DO I
produce Netscape 7. However, Mozilla also development releases and nightly swanky rendering capabilities and all REPORT THIS?
is still in development, so you should builds from the code residing in the the fancy stuff it can do with CSS. The Mozilla guys have developed a
consider it over Netscape 7 when CVS tree, so you can select the level bug tracking system known as Bugzilla
looking for a browser. of bleeding edge you prefer. FAQ ARE THERE ANY which holds a record of all the Mozilla
THIRD-PARTY bugs. Anyone can submit bugs to
FAQ WHERE CAN I FAQ WHAT CAN I GET DONE ADDITIONS FOR MOZILLA? Bugzilla, at http://bugzilla.mozilla.
GET MOZILLA? WITH MOZILLA? Yes, there are a multitude of org/enter_bug.cgi?format=guided;
Mozilla can be downloaded from Mozilla supports everything that third-party projects for Mozilla, many or you can search for existing bugs
www.mozilla.org and is also packaged Netscape 4 does, including a web of which can be found over at and find out their status with a
by many distributions for easy installation. browser, mail client, address book and www.mozdev.org. Many of these particular Mozilla build.
Debian users need only do apt-get HTML composer to create websites. add extra capabilities to Mozilla, or In order to submit problems to
install mozilla and it installs everything There is also an IRC client. Due to the extend upon those which are currently Bugzilla, you’ll need to register with
for you. You can download either binary nature of its development, Mozilla available. Indeed, a number of the bugzilla.mozilla.org site, and
or source releases of Mozilla, and as the includes various debugging tools for mozdev.org projects have been then you’ll be able to post bugs to the
Mozilla team generate optimised JavaScript, HTML and CSS. merged into the main Mozilla tree, system. As always, it’s a good idea to
binaries, it’s often a good idea to just include as much detail as you can so
that your bug can be reproduced by
those who do the fixing.

FAQ IS MOZILLA
COMPARABLE TO
EVOLUTION?
Not at all. Evolution is a PIM, whereas
Mozilla is a web browser. Evolution is
more like Microsoft Outlook than
Mozilla. Of course, one can use both
Mozilla and Evolution, effectively
Mozilla is a great web browser and mail client for Linux systems, while replacing the need to have Internet
Firefox and Thunderbird provide individual components of the Mozilla suite. Explorer and Outlook available.

>> Zipped off Cannot open: No such file or

directory’. Replacing 1.0.1 with 2.1.0 Samba on SUSE listen to MP3s and use the software
(like Scribus and KMyMoney) that

Q Q
I am a subscriber to LXF in the filename produces the same I’m having trouble getting comes with SUSE. Any help would
and a newcomer to Linux message. What am I doing wrong? Samba to work on my be appreciated.
generally. I’m having Howard Yates SUSE 9.2 box. I use a Jamie
problems trying to copy There doesn’t seem to be Belkin 10/100 Ethernet You’ll need to verify that
the Gambas application from this
month’s CD [LXF 64].
Using find /mnt/cdrom2
gambas-1.0.1.tar.bz2 -print
results in mnt/cdrom2/Magazine/
A
- try this:
anything wrong with the
steps you are trying, but the
error message suggests
your command isn’t formated properly
card on my Linux box; a Via Rinefire
onboard 10/100 Ethernet card on
my Windows box; and a five-port
Belkin Ethernet switch.
The Belkin NIC is detected and
A Samba is running and that
the firewall is turned off –
use YaST for this. If the
firewall is enabled, remote systems will
be unable to access the Samba
Gambas/gambas-1.0.1.tar.bz2; tar xvf --bzip2 /mnt/cdrom2/ configured by SUSE, but I can’t service. As an alternative, you can
but adding this pathname to the Magazine/Gambas/gambas-1.0.1.tar.bz2 figure out how to get Samba to open up specific ports on the firewall
command tar xvf --bzip2 given You can also use the slightly work. It worked under my old to permit access to Samba:
in Essential Disc Info generates the shorter “tar xvfj [filename]” with system (Fedora Core 3) but I don’t TCP: 137, 138, 139, 445
error message ‘btar: --bzip2: most versions of tar. NV want to go back to this, as I want to UDP: 137, 138

104 LXF66 MAY 2005 www.linuxformat.co.uk

LXF66.answr 104 14/3/05 10:48:03 am

 ANSWERS

Put the following lines in the

etc/sysconfig/SUSEfirewall2
configuration file:
FW_SERVICES_EXT_TCP=”microsoft-
ds netbios-dgm netbios-ns netbios-
ssn”
FW_SERVICES_EXT_UDP=”netbios-
dgm netbios-ns”
You will also need to enable broadcast
packets on the firewall:
FW_ALLOW_FW_BROADCAST=”yes”
Et voila! Hope this works. DC

Missing modem

Q
I have just installed SUSE
9.2 from the March 2005
issue [LXF64] as a dual
boot alongside Windows
XP Home, which I still use. I am
completely new to Linux, and the
installation couldn’t have been
easier. There are, however, some
questions I can’t easily find answers
for on the net.
YaST has recognised most of my
hardware, graphics, sound etc,
including the fact that I have a USB The popular Alcatel SpeedTouch DSL modem has extensive documentation, making it easy to run with Linux.
ADSL modem. But it doesn’t
recognise the modem itself – just can find it at http://lea-linux.org/ tried Mandrake, SUSE, Fedora and package available. I can see that
the fact that I have one. When I hardware/sagem.html?v=t. You’ll Red Hat, all to no avail. a package is available from the
click on the modem entry in the be able to use the DSL modem from Can you please help me, or (if I MySQL site but I’m worried that it
hardware list, the Configure button both Windows and SUSE as you need to purchase a different will break my server.
stays greyed out. dual-boot, although your ISP probably modem) recommend one that SUSE Can you give me any advice on
The modem is a Sagem Fast won’t support the connection for Linux – will recognise? I would be forever in this job? I know how to do the
800/840, which I have connected if it doesn’t work, don’t expect them your debt – as would be my barber actual install of the RPM – I just
via USB rather than Ethernet card. to help you. once I stop tearing my hair out. don’t know what the consequences
There are instructions for Linux on Configuration for internet Brian W will be.
the modem’s install disc, but I’m connectivity via supported devices in Lots of information on the From the Rackspace Forums
afraid it’s all a bit over my head. Is
there an easy way to install this
modem on SUSE? Are there simple
instructions in newbie terms?
More importantly, if I configure
SUSE is performed through YaST, so if
you have any internal Ethernet
connections, or a dial-up modem, you
can set them up this way.
You have quite a choice of mail
A Alcatel SpeedTouch USB
modem (otherwise known
as ‘the frog’), can be found
at http://linux-usb.sourceforge.net/
SpeedTouch/. This includes open
A
The upgrade itself should
pose no problems. However,
please bear in mind that
the RPM from MySQL will
probably have a different username to
the modem for SUSE, will it still clients – we would recommend source versions of the drivers, as well those used by the Red Hat version, as
work when I switch to Windows to Thunderbird from www.mozilla.org, as setup documentation to get you well as some different paths. Any
go online from there? Can it be which is a great client with an easy to onto the internet using the modem. third-party programs you have that go
used on both OSs without problems? use interface. DC As you are running SUSE 9.2, you into the MySQL 3.23 libraries may also
My ISP is Tiscali, and I connect can follow the instructions at need to be updated.
on a 512k broadband connection. More SUSE stuff http://linux-usb.sourceforge.net/ The table structure between 3.23

Q
Are there any problems from I’ve just installed SpeedTouch/suse/index.html to get and 4.x is totally compatible, but the
Tiscali’s side if I connect with both SUSE 9.2 from your it up and running. Wanadoo gives you MySQL table has a few extra columns
Linux and Windows? latest DVD. I religiously the option of using either PPP over that will need to be added. There is a
Also, where do I find the options installed each of the Ethernet, or PPP over ATM (PPPoA); script included in MySQL called
for setting up an internet main distros as you published them, but the SpeedTouch USB mysql_fix_privilege_tables which
connection in SUSE? (ie is it as hoping against hope that I would documentation suggests that using should resolve any issues with this.
simple as it is in Windows?) And is eventually have a Linux platform PPPoA is a better option. In either One thing to think about before
email set-up similarly pain-free? which would allow me to connect case, you’ll need to follow the specific you go through with the upgrade is
With anticipation of some help to the internet. I have a broadband instructions for the PPP method used that Red Hat does not officially
for a helpless Linux new boy, thanks connection via Wanadoo using an to connect to your ISP. DC support MySQL 4 – so you’ll lose all
very much. Alcatel SpeedTouch USB modem, support for this aspect of your
Rick Mark which looks rather like a green, Unsupported operating system. I’ve seen this

Q
We were able to find some limbless crab. I would like to upgrade combination work many times, but if

A documentation on the
configuration of this modem
with Linux, although it is
fairly complex – and in French. You
I was able to connect with this
modem back in the days of
Mandrake 8, but have been unable
to connect since upgrading. I’ve
from MySQL 3.23 to
MySQL 4, but my Red
Hat Enterprise Linux ES
server does not have the relevant
you decide to go ahead don’t forget
to add MySQL to the up2date ignore
list, or you will automatically downgrade
to 3.23 next time up2date runs. HH
>>

www.linuxformat.co.uk LXF66 MAY 2005 105

LXF66.answr 105 14/3/05 10:48:06 am

 ANSWERS

ASRock K7VT2 motherboard

with onboard sound, LAN, Lost in firmware

Q
USB 2.0, etc. I finally have a
Maxtor broadband connection
40GB HDD. thanks to a USB
Bearpaw SpeedTouch 330 modem,
1200Cu scanner. which, according to a multitude of
Epson 810 Colour pages on the internet, can be used
Stylus photo printer. with Linux.
Compaq Presario 1425 monitor. Here is the problem: they all
Stuart Lonnen mention that I need to download
The ASRock K7VT2 firmware and perform several steps

The VIA chipsets are all fairly similar, and support for sound and network
capabilities are ready to go in the Linux kernel.
A motherboard uses a VIA
chipset, which has onboard
AC97 compatible audio. If
you are running a 2.6 version of Linux
you can add the following to your
with the firmware in order to get
the modem working.
My understanding of the
meaning of firmware is that it is the
software that sits on the modem
/etc/modules.conf file: itself; so if I carry out the

>> Wi-Fi gear #--- START ALSA ---#

#--- ALSA ---#
instructions as spelled out on
http://linux-usb.sourceforge.net/

Q
I’ve been running alias char-major-116* snd SpeedTouch/fedora/index.html for
Mandrake Linux 8.2 with alias snd-card-0 snd-via82xx Fedora Core 3 I should end up with
Windows 98 SE on my # (sound-card-0 is probably not a working modem for my Fedora
PC. After five months of needed, but just in case) Core 3 system.
running both, I’ve decided to get rid alias sound-card-0 snd-card-0 If I have to update the software
of Windows and the partitions, and #--- OSS ---# on the modem to get it to work with
use Linux full-time. I have just alias char-major-14* soundcore Linux, will it stop the modem from
bought your Complete Linux alias sound-slot-0 snd-card-0 working with my existing Windows
Handbook 2, and intend to install #--- ALSA - CARD ---# XP installation?
Mandrake 9.2 from the DVD. options snd cards_limit=1 I really don’t want to proceed
I’ve ordered 2MB broadband #--- ALSA - OSS ---# any further until I find this out as
(without tech support) from alias sound-service-0-0 snd-mixer- flashing things like BIOS/firmware
Madasafish, who cater for Linux, oss scare the living daylights out of me!
and I want to use a wireless alias sound-service-0-1 snd-seq-oss Kan Yuen
connection to my PC as it will not provides wired Ethernet access to your alias sound-service-0-3 snd-pcm- As the firmware is distributed
be staying where it is. Can you
advise me on a wireless modem/
router? Would I be better off with
two separate units, and will I need
some sort of a card in my PC? I’m
device, or a PCI card which has a
wireless adaptor built in. Many
manufacturers (including D-Link and
Netgear) make DSL and wireless
devices, so you have quite a selection
oss
alias sound-service-0-8 snd-seq-
oss
alias sound-service-0-12 snd-pcm-
oss
A by SpeedTouch, you
shouldn’t encounter any
problems when you use the
modem under Windows XP.
As always when doing any firmware
not having any luck finding to pick from. #--- ALSA - /dev (OSS) ---# or BIOS upgrades, you should ensure
something suitable on my own (not There are also a number of alias /dev/sequencer* snd-seq-oss that you have a backup of the existing
knowing what I’m looking at low-cost vendors – we recommend alias /dev/dsp* snd-pcm-oss image – in fact, this should be at the
doesn’t help). The products need to that you avoid these, otherwise trying alias /dev/mixer* snd-mixer-oss top of your to-do list. Most likely, if
be reasonably simple for someone to find support from a LUG or on the alias /dev/midi* snd-seq-oss something goes wrong when you try
as ignorant as me to set up. Any internet is going to be quite a trial. DC #--- END ALSA ---# to update, you’ll have to send the
help you can give me would be Once the audio device is accessed,
gratefully appreciated. Say what? it will automatically load the modules Athlon chip on an ASUS

Q
Sean I’m a newbie with regards for you. DC motherboard: ready for SUSE.
LXF would recommend you to Linux, but with the

A start out by installing a

recent distribution of Linux,
such as Mandrake 10.1 or
Fedora Core 3, rather than trying to
fight with something a year or two old.
offer on your cover of
SUSE 9.2 I thought I’d
give it a try, and set my machine
up to dual-boot both Windows 98
SE and SUSE 9.2.
You can find a list of wireless I must say I’m very impressed.
devices that work with Linux from The install was a lot easier than
www.prism54.org, and you should Windows’ and I’m thinking of doing
probably pick a DSL router from the away with Windows altogether.
vendor that you’re purchasing your The only thing stopping me is the
wireless adaptor from. As you have a inability to get my onboard
LUG nearby [Malvern], you may want sound working.
to join their mailing lists and find out My PC specifications are:
what success others have had with AMD Duron processor
specific devices. You can either running at 1,600MHz.
purchase a wireless bridge, which 512MB DDR RAM.

106 LXF66 MAY 2005 www.linuxformat.co.uk

LXF66.answr 106 14/3/05 10:48:08 am

 ANSWERS

WIN A NEUROS DIGITAL AUDIOCOMPUTER

with Rackspace Managed Hosting

WIN!
www.rackspace.co.uk

Every month, the best question NeuroCast automatically scans the

related to systems administration FM radio dial for an available
that a LXF reader sends in wins a frequency and broadcasts using all-
prize. This month you have the digital stereo encoding, just like
chance to win the life-enhancing broadcast towers used by
Neuros MP3 digital audio computer. professional radio stations.
With a Neuros, you can manage The Neuros has many recording
all the music stored on your PC. capabilities that make it a robust tool you can play your
Create play lists. Delete songs. Get for the recording hobbyist. The favourite stations
new files, thanks to the Neuros device includes an on-board with one click,
Synchronisation Manager. No more microphone, perfect for the quick just like on your
getting stuck in front of the PC to memo or recorded lecture. It has car stereo.
make changes – do it all on the line-in recording capabilities and you Tempting, isn’t it?
Neuros, and get on with it. can record to MP3 or WAV, with a You know what to
Then use its NeuroCast feature to choice of seven recording qualities. do: email
broadcast the music on your Neuros Neuros also features a built-in sysadminqa@
device through any FM radio. FM radio with five preset buttons so rackspace.co.uk.

★ STAR QUESTION WINNER!

This issue's lucky winner is Paddy Tillman – your new Neuros digital audiocomputer will be with you shortly!

What a mate VNC server service.” refused (10061)’. Even stranger is launched by redirecting the output

Q
I have been trying to echo –n “Do you want to the fact that when I try to kill the to dev/nul using I/O redirection. The
set up a Linux box continue…(Y/N)” VNC session by using the mistake is in the syntax of the
running Fedora Core 3 read Decision vncserver –kill:1 command, I get command – instead of >/dev/null
for my friends to play if [ “$Decision” = “Y” ]; then the following error: ‘Killing Xvnc 2&>1, you should have typed
with. They’re mostly Windows guys echo “Starting your process ID 4790, Kill 4790: No >/dev/null 2>&1.
and don’t have a lot of VNC Session.” such process’. The strange thing is The 2>&1 is actually a neat piece
command-line experience, so I’m echo “Please wait…” that when I run the VNC server of code which is used to send
trying to help them into the vncserver :1 –name service manually, I manage to standard error to the same place as
wonderful world of open source by $USER >/dev/null 2&>1 connect. the standard output. You’ve sent your
setting up VNC on the Linux box so echo “VNC Session Loaded!” Please help me make this work. standard output (1) to /dev/null, and
they can log in and play around on else Paddy Tillman so standard error (2) also goes to
separate X session. echo “Then why did you You seem to have a nice /dev/null. The & in 2>&1 is simply to
I have created a script called
vnclogon to start a VNC server
session but am having a lot of
trouble making it work. The script
is as follows:
run the script?”
fi
The strange thing is that the
script seems to execute correctly
but when someone tries to
A script going and I admit that
I was a bit puzzled by the
error you got when you
tried to kill the VNC session generated
by the script.
put the job in the background so that
you get your shell prompt back.
All in all the script seems quite
good and I believe that this correction
should help solve your problem and
#!/bin/bash connect using a VNC viewer they It appears that you’ve tried to allow your friends to make better
echo “Hello There “$USER get the following error: ‘Unable to suppress the output generated by acquaintance with Fedora Core’s
echo “You are about to run the connect to host: Connection VNC when a VNC server session is X front-end. HH

whole thing back to SpeedTouch for

them to fix it for you. RAID distress motherboard with the intention of
installing my favourite distribution,
having made space on the hard
drive using Partition Magic from the

Q
We’ve rarely had problems I have been SUSE Professional 9.2, in dual boot Windows XP OS, the installation
ourselves with flashing devices, other experimenting with Linux mode with the pre-installed procedure advised me to disable
than if there is a hardware issue on for the past two years Windows XP. the hardware RAID 1+0 array and
the device which corrupts the image. and would consider This is where the problems to create a software RAID 1+0
We think it would be fine to flash the myself to be an enthusiast – if only started. The motherboard has an array within SUSE using YaST. I was
modem, although you may wish to at quite a basic level. I recently on-board Promise FastTrak 378 concerned that if I did this I would
check with the nice people in purchased a new computer from controller, which the 200GB SATA not be able to use the Windows XP
SpeedTouch’s technical support MESH and decided to opt for an hard drive was configured to use in OS installed and therefore have not
department first to verify that the AMD 3200 Athlon 64-bit processor a RAID 1+0 array. When I tried to been able to install the SUSE >>
image will work. DC on an ASUS K8VSE Deluxe install SUSE Professional 9.2, distribution. The ironic thing is that

www.linuxformat.co.uk LXF66 MAY 2005 107

LXF66.answr 107 14/3/05 10:48:10 am

 ANSWERS

>> I do not need to have the computer Submission advice

configured to use the RAID 1+0
array as I only have one hard drive
installed.
I would like to know whether it
is possible to install SUSE
Professional 9.2 in dual boot mode
with the pre-installed Windows XP Our SUSE coverdisc has thrown up
o/s or whether I have to re-build plenty of install issues.
the computer from scratch not
using the Promise drivers during Many boards that provide SATA I liked everything else about 9.2
the installation and not configuring only recognise certain ATA controller and so am disappointed not to be
a RAID 1+0 array? ports. If you can’t install SUSE onto an able to use it, but my Zip disks are
We are happy to answer all sorts of
I have also installed a separate ATA disk, there is probably a my main archive at the moment,
Linux-related questions. If we don’t
40GB ATA hard drive connected to misconfiguration within the BIOS. You and contain a lot of data.
know the answer, we’ll find out for
one of the motherboard’s IDE can try to turn off ‘Legacy Mode’, to Thanks for your time and you! But in order for us to give you the
connector’s to see whether I could allow both SATA and ATA to work on attention! I do hope you can help. best service, it helps a lot if you read
install SuSE on to this drive but was their own: Legacy Mode is designed Phil Coleman the following submission advice.
not successful. for older Operating Systems that get You should start by verifying

A
● Please be sure to include any relevant
I would be grateful for any confused when SATA is available. DC that the Zip drive actually details of your system. “I can't get X to
advice you could give me. exists by running dmesg. work” doesn't really mean anything to us if
Michael Zip it This will output a whole slew we don’t know things like what version of
X you are trying to run or what hardware

Q
We’re rather confused as to Thank you for SUSE 9.2 of information, which should hopefully

A
you are running on.
why the Promise FastTrack on the LXF64 DVD. include IDE devices located during the
controller would let you However, I’ve had to boot process Assuming the device ● Be specific about your problem. Things like
create a RAID device with a revert to 9.1 as I couldn’t really exists on /dev/hdb, you need to ‘it doesn't work’ or ‘I get an error’ aren’t all
that helpful. In what way does something
single disk, much less a RAID 1+0 get my Zip drive to run on 9.2 – the mount /dev/hdb4, which can be done not work? What were you expecting to
array, which requires at least four disks. Iomega Zip drive wasn’t even manually with the following: happen? What does the error message
You can try to disable any RAID identified. I give below the entries mount –t vfat /dev/hdb4 /media/zip actually say?
capabilities in the FastTrack BIOS, and I made in /etc/fstab: If this fails to mount the Zip drive, ● Please remember that the people who
as you’ve only got a single disk, the /dev/hdb the error output should indicate what write this magazine are NOT the authors
BIOS should boot from it quite happily. hdb4 /media/zip subfs causes the problem fairly quickly. or developers of Linux, any particular
SUSE will detect the RAID array as a auto auto Should it work, you can add it to package or distro. Sometimes the people
responsible for software have more
device, and allow you to partition and noauto,fs=floppyfss fstab with the following:
information available on websites etc. Try
write information to it. {nothing},procuid,exec, user /dev/hbd4 /media/zip auto reading the documentation!
As a test, you can boot using a nouser,dev\nodev,rw defaults 0 0
We will try to answer all questions. If we don't
Knoppix 3.7 CD, or attempt to install I think you’ll agree I tried all You can then manually mount the
answer yours specifically, you'll probably find
Mandrake 10.1 or Fedora Core 3 which reasonable combinations. Some of device with the command: we've answered one just like it. We can't
may have better support for the SATA them merely echoed SUSE’s entries mount /media/zip really reply to all your questions.
controller on your board. for /dev/fd0 (floppy disk). Good luck! DC

A QUICK REFERENCE TO: INSTANT MESSAGING everybuddy and Gaim, it’s

There are many instant messaging which contains protocol code for the On the server side, it’s somewhat
protocols out there for those of us who most popular IM systems. difficult to supply your own MSN, Yahoo practical to produce a server, though
consider email to be slow, from those Two of the most popular IM clients or AIM services because there is no ublic no one seems to have taken the time to
provided by corporations (such as MSN, on Linux are Gaim and everybuddy. The code for the service. Since individuals do this. IRC and Jabber have open
Yahoo and AIM) to open protocols like former originally only supported AIM, have managed to reverse source servers available, so one can
IRC and Jabber. but it now has plugins for everything engineer the protocol to easily set up a private
While many provide closed-source from MSN to IRC, and plenty in write clients such as network. LXF
clients for Linux, it’s not exactly useful between. Both support almost all
for those running non-i386 systems. You protocols known to man, along with a
also need one for each protocol – so if few others no one ever uses. Since those
we’re connected to the most common running the servers can modify the
services we might have five or six little protocols as a whim, it’s worth keeping For instant
windows cluttering our desktop. up with the updates to both clients. It’s messaging,
Somewhere down the line, there not uncommon for AOL to suddenly not nothing beats
came the bright idea that having one like other clients and block them. Gaim. It will
even work on
client handle more than one protocol IRC is a little different, as it’s a
Windows, so
would be a smart idea. Jabber does this group-based chat system rather than an
the familiar
in some respects, since you can connect IM service. There are hundreds of clients look and feel
to another protocol via the Jabber for IRC on the internet – both X- and is available
server. However, this can cause problems console-based – and http://freshmeat. whatever
if the Jabber server is unavailable. net contains a comprehensive list of the
Instead, most choose to use a client what is available. platform.

108 LXF66 MAY 2005 www.linuxformat.co.uk

LXF66.answr 108 14/3/05 10:48:12 am