...making Linux just a little more fun!

next -->

The Mailbag


HELP WANTED : Article Ideas
Submit comments about articles, or articles themselves (after reading our guidelines) to The Editors of Linux Gazette, and technical answers and tips about Linux to The Answer Gang.


reminder software

Wed, 14 Sep 2005 18:00:35 +0530
J.Bakshi (hizibizi from spymac.com)
Answered By Thomas Adam

Hi all,

I like to add a reminder software with my system. I have tested calendar and am not satisfied with it. now I have very sophisticated reminder tool called remind . its tkremind front end adds special weight to remind by making configuration as easy as Kalarm of KDE. I am looking for a tool which can make the message (from remind) appear on my desktop. could any one give any idea ?

[Thomas] Assuming remind uses some transient form to store the reminder somewhere, then you can use 'osd_cat' or some other utility to have it "display" on the screen.

I have found another tool called xmessage - :)

[Thomas] That has been around since the 80s.

like

xmessage -file  <filename>

so you have to write your message in a file (ascii) first.

[Thomas] You don't even need to do that. xmessage can read from STDIN as well.


Security implications of root login over SSH

Mon, 12 Sep 2005 20:11:20 -0700 (PDT)
Riza Aziz (telefonixar from yahoo.com)
Answered By Kapil Hari Paranjape

Hi there,

I'm wondering if it's wise to allow a remote user within the LAN to log in as root, by adding that user's public key to root's "authorized_keys" for that machine.

[Kapil] There is an "sudo"-like mechanism within SSH for doing this. In the authorized_keys file you put a "command=...." entry which ensures that this key can only be used to run that specific command.
All the usual warnings a la "sudo" apply regarding what commands should be allowed. It is generally a good idea to also prevent the agent forwarding, X11 forwarding and pty allocation.
Here is an entry that I use for "rsync" access. (I have wrapped the line and AAAA.... is the ssh key which has been truncated).
from="172.16.1.28",command="rsync -aCz --server --sender . .",
no-port-forwarding,no-X11-forwarding,no-agent-forwarding,no-pty
ssh-dss AAAA..... rsyncuser

I'm writing some scripts to back up data on our small business network here. One option is to get each machine to periodically dump its data on a specific machine using NFS. The option I'm interested in is to get a designated machine to remotely login to each machine and transfer the files over a tar-ssh pipe.

The only reason to be using root access is because some directories (/root, some in /var/lib) can only be read by root. Would changing permissions (e.g. /var/lib/rpm) affect anything, if I chgrp the directories to a "backup" usergroup?

I'm concerned with one machine, a web server, that will be included in the backup scheme. All machines here use Class A private network addresses and are behind a NAT firewall, but the web server can be accessed from the Internet. Will allowing root login over ssh on that machine pose a huge security risk, even by allowing ssh traffic from only the local network?


GENERAL MAIL


/LDP/LGNET/114/misc/tag/mike.show-mtime.pl.txt

Sat, 27 Aug 2005 15:18:58 -0400
Tony Dodd (tony from wefixtech.co.uk)
[Rick] I just happened to be reading the main discussion list at the Linux Documentation Project, and saw this post that appears intended for the Gazette, instead.
It seems to be intended as a correction to http://linuxgazette.net/114/misc/tag/mike.show-mtime.pl.txt .
[Ben] Thanks, Rick - that's great. I'm going to CC Tony on this; perhaps he'll find it useful.

Hi All,

There's an issue with the above file - that just caused my syslog to jump from about 5mb to 150mb.

"Use of uninitialized value in numeric ne (!=) at mike.show-mtime.pl.txt line 7"

If someone could patch it, i'd be grateful

Diff:

--- mike.show-mtime.pl.txt.orig   2005-08-27 07:43:18.000000000 -0400
+++ mike.show-mtime.pl.txt        2005-08-27 07:43:25.000000000 -0400
@@ -3,7 +3,7 @@
 my( $a, $b ) = 0;
 {
 $b = ( stat "foo" )[ 9 ];
-if ( $a != $b ){
+if ( $a ne $b ){
 print scalar localtime, ": $b";
 $a = $b
 }
[Ben] Hi, Tony -
(Even though the script is credited to Mike Orr, I'm the author of it - it just got misattributed. I don't expect him to answer for my sins. :)
The problem with the above is that you don't have a file called "foo"; as a result, 'stat "foo"' comes out empty, and the rest of the problem follows from that. The above was never meant to be a complete script, simply an example of the algorithm for Suramya (I seem to recall that's who started the original discussion) to use.
I agree that changing "!=" to "ne" would "fix" the problem - but it would be the wrong problem. :) Pointing the script at an existing file - perhaps by changing 'stat "foo"' to 'stat $ARGV[0]' and specifying the filename on the commandline - would seem to me to be the "right" solution. Of course, the rest of the script should be rewritten to meet real-life conditions as well... but that's beyond the scope of what we were talking about.


Outlook replacements

Tue, 30 Aug 2005 19:57:30 +0100
Jimmy O'Regan (The LG Answer Gang)
Answered By Mike Orr, Heather Stern

http://www.linux-watch.com/news/NS8124627492.html

...............

Reason number one: Linux is too complicated

Even with the KDE and GNOME graphical windowing interfaces, it's possible -- not likely, but possible -- that you'll need to use a command line now and again, or edit a configuration file.

Compare that with Windows where, it's possible -- not likely, but possible -- that you'll need to use a command line now and again, or edit the Windows registry, where, as they like to tell you, one wrong move could destroy your system forever.

...............

[Sluggo] When people say "Linux doesn't have enough applications", that usually translates to, "Linux doesn't have certain specific applications, namely MS Office, Photoshop, Yahoo Messenger with webcam, etc."
[Heather] StarOffice, (ok photshop is a fair dig, we have lots of things like it, but none are trying hard to be it), yahoo with webcam == ayttm but most people don't know that.
In a particularly ahem lively discussion at the starport last week, it was agreed that the problem is that menu interface standardization isn't. Not even by Mr.Tanenbaum's broad definitions.
For example RH has been using Gnome for awhile, but has changed the menu layout in every major revision and some of the minor ones.
K and Gnome fans alike can't decide whether to keep their menus top or bottom. If they were hidden you'd have a flip a coin chance of even knowing where to look.
To most newbs "click the root menu" may as well be hidden entirely, because they won't really think that's useful if they have mswin experience (it pulls up display settings) and if they don't have even that they're just plain lost.
[Sluggo] Interestingly, I was going to mention Outlook and Outlook Express, but I haven't heard much about them recently. Has their popularity diminished?
[Heather] Yes, and thunderbird's and eudora's have increased.
My friend Colleen is looking to start an article series on people starting from zero* into Linux. I will of course be encouraging her :) and helping her out, too.
* yeah, absolute zero, Kelvin. The kind of people who think "my god, at least something says where to start" when they look at Windows(tm), then are stalled because they're afraid of the rest of the menu.
Much as I didn't find linspire groovy, not to my beat, daddy-O, it serves an important duty for some.

Outlook Express comes as default with Windows, and it's not a particularly good email client. Thunderbird is taking that market.

Outlook is another kettle of fish: it isn't about using Outlook, it's about accessing an Exchange server. The big news back when Novell bought Ximian was that they open sourced Ximian Connector, so Evolution could access Exchange servers. I had a look through the code, and... it's a hack, basically.

Outlook and Exchange communicate with an extremely complicated protocol. Ximian Connector just connects to the Exchange web interface, if it's available, and basically acts as a screen scraper (not exactly: it works using a modified version of WebDAV, but it also screen scrapes to get enough data to be useful).

People who run versions of Exchange that don't have a web interface still have to stick to Windows. People who don't have to pull to get the web interface set up are also out of luck.

On the server end, it's not too bad. There are several open source Exchange alternatives that have equivalent features. The Outlook Connector Project (http://openconnector.org) aims to provide an open source set of MAPI DLLs to be used by open source projects (such as Kolab (http://kolab.org) or Open-Xchange (http://www.openexchange.com)), so Outlook can connect to them. Once the server end has been migrated away from Exchange, it's possible to bring in Linux at the client end with little disruption.

There's also work being done towards implementing the actual protocols used between Exchange and Outlook. Luke Leighton, formerly a Samba developer, has reverse engineered most (if not all) of the protocol (http://www.winehq.org/hypermail/wine-devel/2005/01/1054.html), and has started work on both client and server software (http://cvs.sourceforge.net/viewcvs.py/oser/exchange5.5).

The OpenChange (http://openchange.org) project is also working (slowly) towards an Exchange replacement. They seem to be focusing more on reverse engineering the database format used by Exchange, so there isn't too much overlap (so far).


Jabberd Installation Guide Comments

Tue, 06 Sep 2005 13:41:27 -0700
Adam Pilorz (adam from pilorz.net)
Answered By Suramya Tomar
[Suramya] Tag,
Got the following feedback on my Jabber install guide. It has some good advice for improvements so...

I've just installed Jabberd 2 server following your Guide (http://linuxgazette.net/112/tomar.html), and I want to share some experiences which could improve this guide.

[Suramya] Thanks for taking the time to email me with your feedback. Would you mind if I share this with the Linux Gazette so that they can publish it in their next issue. That will help other people who are trying to install a Jabber server.

No, of course I don't mind :). You can share it with everyone, I've wrote it only to help others :).

1) Since Jabberd 2.0s3 or Jabberd 2.0s4 (the newest one is 2.0s9) the Libidn library isn't installed automatically with Jabberd, so you should write it in your guide, that it must be installed BEFORE running ./configure in jabberd directory. It'll save time of people trying to follow your Guide.

[Suramya] Ok. I didn't know that. Thats a good thing to keep in mind for future releases.

2) It would be easier if you wrote some information on installing MySQL libraries, because I had to use --disable-mysql option, as I couldn't find right libraries (according to some mailing list mysql-client and mysql-devel libraries) and/or write, that it isn't a must - user can replace mysql by barkeley in c2s.xml configuration file.

[Suramya] hmm. I didn't put instructions on how to install mysql because http://mysql.com had instructions on how to install the mysql libraries. But thats something to keep in mind for the next version I guess.
Yeah, you can replace MySQL by Berkley DB, but I havn't set it up using that so I don't know how...

About MySQL - well, I've asked for it, because I had a lot of trouble with MySQL. At last I've menaged to install Jabberd 2 with MySQL after writing last letter to you. I've configured it with options

./configure CPPFLAGS=-I/usr/include/mysql LDFLAGS=-L/usr/lib/mysql --enable-debug

It looks like Jabberd 2 can't find MySQL even if it's installed (I've installed RPM's from my Red Hat install CD). So I think it would be a good idea to write something about CPPFLAGS and LDFLAGS options for those, who would have same problems as I had. It would be also useful, if you put some info on how to create SSL certificate for server (I've followed those instructions: http://jabberd.jabberstudio.org/2/docs/app_sslkey.html to create SSL Certificate and those: http://jabberd.jabberstudio.org/2/docs/section05.html#5_2 to set up Jabberd2 to use them).

I think that's all I had to write for now. Thanks for your answer.

3) Also, it would be a useful suggestion to enable debugging (run ./configure --enable-debug), so everyone could see what's going on, when something goes wrong.

[Suramya] Good suggestion. I will definitely add that in the next version.

By the way I want to thank you for such a good installing guide :)

[Suramya] Thanks. Glad you liked it. :)


Localhost considered harmful

Sun, 11 Sep 2005 22:42:47 -0700
Rick Moen (LG Contributing Editor)

OK, guys, this is a bit wacky. Somebody's going to have to telephone T.R., to advise him of a troublesome error in the genetikayos.com DNS, which in turn is clobbering deliverability of e-mail to hostname "linuxgazette.net". As a reminder, our primary DNS is at T.R.'s machine, and my nameserver pulls down copies from there as our second of (only) two nameservers.

T.R. is at [snip]. I've been trying to call him, but his line's been busy.

First thing I noticed, a few minutes ago, was bunch of SMTP error messages like this:

----- Forwarded message from Mail Delivery System <[email protected]> -----

From: Mail Delivery System <[email protected]>
To: [email protected]
Subject: Mail delivery failed: returning message to sender
Date: Sun, 11 Sep 2005 21:42:52 -0700

This message was created automatically by mail delivery software.

A message that you sent could not be delivered to one or more of its
recipients. This is a permanent error. The following address(es) failed:

  ben@[snip]
    all relevant MX records point to non-existent hosts

------ This is a copy of the message, including all the headers. ------

[Snip a copy of Jimmy's post to tag@, as addressed by my mailing list software to Ben's subscription address of [snip] .]

OK, so next step was to remind myself of what are our MX records, because I couldn't remember:

[rick@linuxmafia]
~ $ dig -t mx linuxgazette.net

; <<>> DiG 9.2.4 <<>> -t mx linuxgazette.net
;; global options:  printcmd
;; Got answer:
;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 38278
;; flags: qr rd ra; QUERY: 1, ANSWER: 1, AUTHORITY: 2, ADDITIONAL: 3

;; QUESTION SECTION:
;linuxgazette.net.              IN      MX

;; ANSWER SECTION:
linuxgazette.net.       41736   IN      MX      10 genetikayos.com.

;; AUTHORITY SECTION:
linuxgazette.net.       41720   IN      NS      ns1.linuxmafia.com.
linuxgazette.net.       41720   IN      NS      ns1.genetikayos.com.

;; ADDITIONAL SECTION:
genetikayos.com.        1218    IN      A       127.0.0.1
ns1.linuxmafia.com.     139310  IN      A       198.144.195.186
ns1.genetikayos.com.    128120  IN      A       64.246.26.120

;; Query time: 53 msec
;; SERVER: 198.144.192.2#53(198.144.192.2)
;; WHEN: Sun Sep 11 22:02:21 2005
;; MSG SIZE  rcvd: 160

Some of you will be really sharp-eyed and immediately spot something eye-popping in the above (especially since I've called your attention to the possibility) -- but put yourself in my shoes, and imagine that all you saw, at first, is the single MX record, priority=10, pointing to genetikayos.com .

Ah, that makes sense: Mail to our domain other than mail to our mailing list subhost gets redirected to T.R.'s machine. So, I absent-mindedly carry out the standard next step in diagnosing SMTP problems, which is to attempt a manual SMTP session using /usr/bin/telnet -- and I got a heck of a big surprise:

[rick@linuxmafia]
~ $ telnet genetikayos.com smtp
Trying 127.0.0.1...
Connected to localhost.localdomain.
Escape character is '^]'.
220-linuxmafia.com ESMTP Exim 4.44 (EximConfig 2.0) Sun, 11 Sep 2005 22:02:53 -0700
220-.
220-WARNING:  Unsolicited commercial e-mail (UCE/SPAM), pornographic
220-material, viruses, and relaying are prohibited by this server and
220-any such messages will be rejected/filtered automatically,
220-depending on content.
220-.
220-By using this server, you agree not to send any messages of the
220-above nature.  Please disconnect immediately, if you do not agree
220-to these terms and conditions.
220-.
220-Please contact [email protected] if you have any
220-enquiries about or problems with this server.
220-.
220-Find out more about EximConfig for the Exim mailer by visiting
220-the following URL:  http://www.jcdigita.com/eximconfig
220 .

Er, what? That's my SMTP banner. Wait, didn't I just telnet into _T.R.'s_ SMTP port?

At this point, I gazed a bit higher up, re-read the "dig" output, and boggled:

; <<>> DiG 9.2.4 <<>> -t mx linuxgazette.net
[snip]

;; ANSWER SECTION:
linuxgazette.net.       41736   IN      MX      10 genetikayos.com.
[snip]

;; ADDITIONAL SECTION:
genetikayos.com.        1218    IN      A       127.0.0.1
                                                ^^^^^^^^^

Um, OK. That now gets appended to the Big Book of Things Not to Do with DNS.

Just to double-check:

[rick@linuxmafia]
~ $ host genetikayos.com
genetikayos.com has address 127.0.0.1

There are times when the loopback address is just not your friend. Writing SMTP-related DNS RRs is one of those times.

I'll probably keep trying to reach T.R. by telephone for a while: He's likely not very reachable by e-mail at the moment.

(!) [Jimmy] Eight hours later...

T.R. has fixed his DNS

[rick@linuxmafia]
~ $ host genetikayos.com
genetikayos.com has address 64.246.26.120


LG 105: RSS and Feed Readers Addendum

Thu, 22 Sep 2005 11:16:02 +0100
Jimmy O'Regan (The LG Answer Gang)

(This came up elsewhere. I remember grinding my teeth about it at the time, so I don't know why I didn't put it in the article.)

As well as having 10 different versions[1], RSS has two competing time formats: RSS 0.91/2.0 use RFC 822 (date -R) format, RSS 1.0 uses dc:date, which needs W3CDTF (a subset of ISO 8601: date --iso-8601, date --iso-8601='minutes', date --iso-8601='seconds')

Mark Pilgrim has a blog entry that explains a bit of the history behind this here: http://diveintomark.org/archives/2003/06/21/history_of_rss_date_formats

[1] I said 9 in the article, but RSS 3.0 came afterwards (and, IIRC, is nothing like the other 9 RSS formats)


GAZETTE MATTERS


Heather is in England...

Thu, 22 Sep 2005 21:16:10 +0100
Jimmy O'Regan (The LG Answer Gang)

...and so I have the keys to the mailbag this month (errors, etc., are my fault).

Heather has gotten hold of an English mobile phone, on loan from a friend, and is trying to get to grips with both SMS and being a tourist...

[Heather] OH BTW, ENGLAND IS NICE!
[Jimmy] Try to spend as much time as possible being a tourist!
[Heather] A POOR TOURIST, BUT STILL!
[Jimmy] Oh heck, all you have to do is photograph everything you see, and ask the most obvious questions that come to mind. It's fun, give it a whirl.
[Jimmy] Oh. Can't send you photos.
[Heather] :) CAPS ARE THE CLUE, THIS PHONE IS PRETTY OLD...
[Jimmy] Ah. Large and brick-shaped, prompting the question: do I drive this?
[Heather] IF YOU HAVE 2 ASK YOU CAN'T AFFORD IT :-P

Heather will be back in time for next month's issue.


Heather and Jim taking flight.

Sat, 17 Sep 2005 06:54:52 -0700
Heather Stern (The Answer Gang's Editor Gal)

We'll be heading off to the UK this weekend. Jim reports that we've been signed up for internet access at his hotel assignment, so I'll probably be able to send in a blurb, but hopefully I will have enough things to do that I won't be lurking in a hotel all that much.

[Ben] [smile] Enjoy yourselves and don't let your vacation time be spoiled by schedules. If you can get it in without stressing, cool; if not, there's always next month.
[Thomas] Indeed, although I am sure something can be arranged. :)

My poor mactop decided to have a fit when I tried to make it dual boot. One of the LUG locals is a truly guru macintosh fella though, so he's done his best to fix it up, and I'll have it back at the installfest. If it's not up to speed I'll end up taking terra with me instead... er, as soon as I seal her up. those lil bitty screws are kinda necessary after all if you don't want people gettin' weird because your laptop's falling apart. To its credit terra's hibernation works perfectly :)

Anyways there won't be cover art unless I'm taking the mac.

I've crosstrained Ben in using the g2 form of lgazmail to generate tips and the mailbag parts, by way of showing him the generation-phase on issue 118's data.

[Ben] FSVO "trained". :) You certainly gave it your best shot; the rest is up to that gadget I carry around between my ears. Don't worry, if it all falls down around my ears and everyone hates me and the government sends in the black helicopters, I promise to not blame you with my last dying breath.

Of course everyone won't hate you. We've got xteddy in the tag lounge.

In short, if ben would like to login to gemini he should be able to play virtual Heather this month. Hopefully that should serve in case I happen to be truly without 'net.

[Ben] Yeesh, options. I feel my brain melting already...

Bye now! See you next month!

[Ben] Enjoy the trip, both of you.

Oh yeah, someone tickle silentk; I think he got some more kudo letters :)

[Ben] Presumably, there's a "someone" here who knows how to do that. I hope.
[Thomas] You need a cattle-prod.
[Ben] [blink] I usually find that a nice cup of coffee does it for me, but I'll take your suggestion under advisement. (Now that I think about it, I've had a few mornings when it would probably have been just the thing...)


SVN

Thu, 08 Sep 2005 19:19:03 -0400
Benjamin A. Okopnik (ben from linuxgazette.net)

Kayos has just updated the SVN back-end to FSFS. Hopefully, this will result in fewer deadlocks - I guess we'll find out as time goes on. :)

(!) [Jimmy] Sure enough, there have been fewer problems (so far) this month. Hopefully the trend will continue.

This page edited and maintained by the Editors of Linux Gazette
HTML script maintained by Heather Stern of Starshine Technical Services, http://www.starshine.org/

 

Copyright © 2005, . Released under the Open Publication license unless otherwise noted in the body of the article. Linux Gazette is not produced, sponsored, or endorsed by its prior host, SSC, Inc.

Published in Issue 119 of Linux Gazette, October 2005

next -->
Tux