Kontribusi Dari Wasi Tri Prasetya
Wednesday, 10 September 2008
Pemutakhiran Terakhir Wednesday, 10 September 2008
Alamat komputer tidak punya network ID yang sama karena berada pada subnet yang berbeda, sehingga untuk mengirimkan paket data tidak bisa menggunakan koneksi hub atau switch. Router dibutuhkan untuk meneruskan paket dari sub-net ke sub-net yang berbeda.
Karakteristik utama WAN
- Menghubungkan peralatan pada tempat yang berjauhan (area luas)
- Menggunakan layanan dengan menyewa, seperti: RBOCs (Perusahan opeasi regional Bell – Regional Bell Operating Company’s), Sprint, MCI, and VPM Internet Services Inc., untuk membangun koneksi antar situs
- Menggunakan koneksi serial dari berbagai jenis untuk mengakses pita lebar dalam lokasi yang berjauhan (luas).
- Bekerja pada layer fisik dan layer datalink dari OSI model
- Melakukan pertukaran paket data dan frames antara ruter dan switch dan LAN yang telah dibangun.
Komponen yang digunakan WAN
- Router dengan beberapa layanan, termasuk interkoneksi dan port-port perantara WAN.
- Modem termasuk perantara layanan voice-grade, unit layanan canel/unit layanan digital (CSU/DSUs), dengan layanan terminal 1/Ethernet 1 (T1/E1), Adapter terminal/terminasi jaringan 1 (TA/NT1s) dengan perantara layanan jaringan digital
terintegrasi (ISDN).
- Server komunikasi pusat dengan dial in and dial out komunikasi antar user
ROUTER
Router adalah jenis khusus dari komputer, yang secara dasar mempunyai komponen yang sama seperti: CPU, memory(ROM, RAM, NVRAM, FLASH), system bus, dan berbagai perantara input/output. Namun router didesain untuk fungsi khusus yang tidak ada di dalam PC, seperti ruter dapat menghubungkan dan menentukan jalur terbaik untuk pengiriman data dalam jaringan.
Seperti juga PC, Router memerlukan sistem operasi untuk menjalankan program aplikasi, router menggunakan Internetwork Operating System (IOS) untuk menjalankan file konfigurasi. File ini berisi instruksi dan parameter yang mengontrol alur lalu lintas data melalui router.
Router menggunakan table dan protokol routing untuk meneruskan paket. File konfigurasi menetapkan seluruh informasi untuk kepastian setup dan menggunakan routing dan routed protocols yang tersedia.
Komponen internal yang utama dari ruter adalah RAM, NVRAM, FLASH MEMORY, ROM dan INTERFACE.
RAM.
- Menyimpan konfigurasi yang sedang berjalan dan sistem ios yang aktif.
- Menyimpan ARP cache (Address Resolution Protocol)
- Menyimpan fast-switching cache
- Menyimpan buffer paket
- Memelihara antrian paket
- Menyimpan memori sementara untuk file konfigurasi ruter selama ruter hidup
- Akan terhapus bila ruter di matikan atau re-start
NVRAM
- Menyimpan file konfigurasi start-up (awal)
- Menyimpan file walau ruter dimatikan atau di re-start.
FLASH MEMORY
- Menyimpan IOS image
- Memungkinkan update software tanpa menghapus dan mengganti chips pada prosesor.
- Menyimpan file walau router dimatikan atau di re-start
- Menyimpan lebih dari satu versi software IOS
- Merupakan alat elektrik yang ROM yang bisa dihapus dan diprogram kembali (EEPROM)
ROM
- Melakukan diagnosa untuk power-on self test (POST)
- Menyimpan program boot dan software sistem operasi dasar
- Untuk upgrade software diperlukan mengganti chips pada motherboard
INTERFACE
- Menghubungkan router ke jaringan untuk meneruskan paket.
- Dapat terpasang pada motherboard ataupun modul terpisah.
Wednesday 31 December 2008
Wide Area Network (WAN) dan Router
Thursday 25 December 2008
Keamanan Sistem Internet
Untuk melihat keamanan sistem Internet perlu diketahui cara kerja sistem Internet. Antara lain, yang perlu diperhatikan adalah hubungan antara komputer di Internet, dan protokol yang digunakan. Internet merupakan jalan raya yang dapat digunakan oleh semua orang (public). Untuk mencapai server tujuan, paket informasi harus melalui beberapa sistem (router, gateway, hosts, atau perangkat-perangkat komunikasi lainnya) yang kemungkinan besar berada di luar kontrol dari kita. Setiap titik yang dilalui memiliki potensi untuk dibobol, disadap, dipalsukan [22].
Kelemahan sebuat sistem terletak kepada komponen yang paling lemah. Asal usul Internet kurang memperhatikan masalah keamanan. Ini mungkin dikarenakan unsur kental dari perguruan tinggi dan lembaga penelitian yang membangun Internet. Sebagai contoh, IP versi 4 yang digunakan di Internet banyak memiliki kelemahan. Hal ini dicoba diperbaiki dengan IP Secure dan IP versi 6.
Tuesday 23 December 2008
Cryptography
Cryptography comes from the Greek words for "secret writing". It has a long and colorful history going back thousands of years. In this section we will just sketch some of the highlights, as background information for what follows. For a complete history of cryptography, Kahn's (1995) book is recommended reading. For a comprehensive treatment of the current state-of-the-art in security and cryptographic algorithms, protocols, and applications, see (Kaufman et al., 2002). For a more mathematical approach, see (Stinson, 2002). For a less mathematical approach, see (Burnett and Paine, 2001).
Professionals make a distinction between ciphers and codes. A cipher is a character-for-character or bit-for-bit transformation, without regard to the linguistic structure of the message. In contrast, a code replaces one word with another word or symbol. Codes are not used any more, although they have a glorious history. The most successful code ever devised was used by the U.S. armed forces during World War II in the Pacific. They simply had Navajo Indians talking to each other using specific Navajo words for military terms, for example chay-dagahi-nailtsaidi (literally: tortoise killer) for antitank weapon. The Navajo language is highly tonal, exceedingly complex, and has no written form. And not a single person in Japan knew anything about it.
In September 1945, the San Diego Union described the code by saying "For three years, wherever the Marines landed, the Japanese got an earful of strange gurgling noises interspersed with other sounds resembling the call of a Tibetan monk and the sound of a hot water bottle being emptied." The Japanese never broke the code and many Navajo code talkers were awarded high military honors for extraordinary service and bravery. The fact that the U.S. broke the Japanese code but the Japanese never broke the Navajo code played a crucial role in the American victories in the Pacific.
corps, diarists, and lovers. Of these, the military has had the most important role and has shaped the field over the centuries. Within military organizations, the messages to be encrypted have traditionally been given to poorly-paid, low-level code clerks for encryption and transmission. The sheer volume of messages prevented this work from being done by a few elite specialists.
Until the advent of computers, one of the main constraints on cryptography had been the ability of the code clerk to perform the necessary transformations, often on a battlefield with little equipment. An additional constraint has been the difficulty in switching over quickly from one cryptographic method to another one, since this entails retraining a large number of people. However, the danger of a code clerk being captured by the enemy has made it essential to be able to change the cryptographic method instantly if need be.
The messages to be encrypted, known as the plaintext, are transformed by a function that is parameterized by a key. The output of the encryption process, known as the ciphertext, is then transmitted, often by messenger or radio. We assume that the enemy, or intruder, hears and accurately copies down the complete ciphertext.
However, unlike the intended recipient, he does not know what the decryption key is and so cannot decrypt the ciphertext easily. Sometimes the intruder can not only listen to the communication channel (passive intruder) but can also record messages and play them back later, inject his own messages, or modify legitimate messages before they get to the receiver (active intruder). The art of breaking ciphers, called cryptanalysis, and the art devising them (cryptography) is collectively known as cryptology.
It will often be useful to have a notation for relating plaintext, ciphertext, and keys. We will use C = EK(P) to mean that the encryption of the plaintext P using key K gives the ciphertext C. Similarly, P = DK(C) represents the decryption of C to get the plaintext again.
This notation suggests that E and D are just mathematical functions, which they are. The only tricky part is that both are functions of two parameters, and we have written one of the parameters (the key) as a subscript, rather than as an argument, to distinguish it from the message.
A fundamental rule of cryptography is that one must assume that the cryptanalyst knows the methods used for encryption and decryption. In other words, the cryptanalyst knows how the encryption method, E, and decryption, D,of Fig. 8-2 work in detail. The amount of effort necessary to invent, test, and install a new algorithm every time the old method is compromised (or thought to be compromised) has always made it impractical to keep the encryption algorithm secret. Thinking it is secret when it is not does more harm than good.
This is where the key enters. The key consists of a (relatively) short string that selects one of many potential encryptions. In contrast to the general method, which may only be changed every few years, the key can be changed as often as required. Thus, our basic model is a stable and publicly-known general method parameterized
by a secret and easily changed key. The idea that the cryptanalyst knows the algorithms and that the secrecy lies exclusively in the keys is called Kerckhoff's principle, named after the Flemish military cryptographer Auguste Kerckhoff who first stated it in 1883 (Kerckhoff, 1883). Thus, we have: Kerckhoff's principle: All algorithms must be public; only the keys are secret The nonsecrecy of the algorithm cannot be emphasized enough. Trying to keep the algorithm secret, known in the trade as security by obscurity, never works. Also, by publicizing the algorithm, the cryptographer gets free consulting from a large number of academic cryptologists eager to break the system so they can publish papers demonstrating how smart they are. If many experts have tried to break the algorithm for 5 years after itspublication and no one has succeeded, it is probably pretty solid.
Since the real secrecy is in the key, its length is a major design issue. Consider a simple combination lock. The general principle is that you enter digits in sequence. Everyone knows this, but the key is secret. A key length of two digits means that there are 100 possibilities. A key length of three digits means 1000 possibilities, and a key length of six digits means a million. The longer the key, the higher the work factor the cryptanalyst has to deal with. The work factor for breaking the system by exhaustive search of the key space is exponential in the key length. Secrecy comes from having a strong (but public) algorithm and a long key. To prevent your kid brother from reading your e-mail, 64-bit keys will do. For routine commercial use, at least 128 bits should be used. To keep major governments at bay, keys of at least 256 bits, preferably more, are needed.
From the cryptanalyst's point of view, the cryptanalysis problem has three principal variations. When he has a quantity of ciphertext and no plaintext, he is confronted with the ciphertext-only problem. The cryptograms that appear in the puzzle section of newspapers pose this kind of problem. When the cryptanalyst has some matched
ciphertext and plaintext, the problem is called the known plaintext problem. Finally, when the cryptanalyst has the ability to encrypt pieces of plaintext of his own choosing, we have the chosen plaintext problem. Newspaper cryptograms could be broken trivially if the cryptanalyst were allowed to ask such questions as: What is the encryption of ABCDEFGHIJKL?
Novices in the cryptography business often assume that if a cipher can withstand a ciphertext-only attack, it is secure. This assumption is very naive. In many cases the cryptanalyst can make a good guess at parts of the plaintext. For example, the first thing many computers say when you call them up is login: . Equipped with some
matched plaintext-ciphertext pairs, the cryptanalyst's job becomes much easier. To achieve security, the cryptographer should be conservative and make sure that the system is unbreakable even if his opponent can encrypt arbitrary amounts of chosen plaintext.
Encryption methods have historically been divided into two categories: substitution ciphers and transposition ciphers. We will now deal with each of these briefly as background information for modern cryptography.
Sunday 21 December 2008
Intrussion Detection System
Jaringan atau dalam bahasa inggrisnya network saat ini merupakan salah satu teknologi yang sanagt penting dalam perkembangan IT. Bill Gates dalam bukunya yang berjudul "Speed of Throught" membahas tentang dunia baru yang disebut dengan dunia web, yang menurutnya akan menjadi hal yang sangat penting dan menjadi saraf dalam perkembangan IT.
Jaringan memudahkan user untuk mampu berkomunikasi dalam jarak yang tak terbatas. Antara Indonesia dan Inggris dapat dicapai dengan hitungan detik tanpa kita harus naik pesawat dan berkunjung bertemu dengan Ratu Elisabeth untuk tahu seluk beluk negara Inggris.
perkembangan terknologi ini merupakan akibat dari perkembangan teknolog jaringan yang sudahsnagat pesat saat ini. Mulai dari LAN, MAN, dan WAN yang merupakan spesifikasi jaringan berdasar jarak jangkauan area. Seiring dengan hal ini juga, tingkat keamanan sebuah jaringan menjadi hal yang sangat penting. Keamanan jaringan menjadi hal yang perlu sangat diperhatikan.
Dalam jaringan ada banyak hal yang terkait baik itu dari segi hardware maupun software. pada kesempatan kali ini, saya akan sedikit berbagi tentang apa yang disebut IDS(Intrussion Detection System). IDS merupakan salah satu hal yang menjadi sangat penting mengingat apa yang disebut dengan firewall.
Firewall merupakan pengaman system jaringan dengan prinsip menjaga dan mengamankan jaringan dari kejahatan maupun kejahilan diluar jaringan. Firewall mampu melakukan filtrasi terhadap hal yang tidak dizinkan memasuki jaringan dengan ketentuan-ketentuan tertentu. Hal ini tentunya sungguha akan sangat membantu para ADmin jaringan untuk memantau dan maintenance jaringan.
Tetapi ternyata kejahatn terhadap jaringan bukan hnaya berasal dari luar jaringan saja, tapi juga ancaman dari dalam jaringan itu sendiri. Intrusion detection system (IDS) merupakan penghambat atas semua serangan yang akan menggangu sebuah jaringan. IDS memberi peringatan kepada administrator server saat terjadi sebuah aktivitas tertentu yang tidak diinginkan administrator sebagai penanggung jawab sebuah sistem. Selain memberikan peringatan, IDS juga mampu melacak jenis aktivitas yang merugikan sebuah sistem. Suatu IDS akan melakukan pengamatan (monitoring) terhadap paket-paket yang melewati jaringan dan berusaha menemukan apakah terdapat paket-paket yang berisi aktivitas yang mencurigakan sekaligus melakukan tindak lanjut pencegahan. Pada dasarnya terdapat dua macam IDS, yaitu Host – Based dan Network Based.
IDS host-based bekerja pada host yang akan dilindungi. IDS jenis itu dapat melakukan berbagai macam tugas untuk mendeteksi serangan-serangan yang dilakukan pada host tersebut. keunggulan IDS host-based adalah pada tugas-tugas yanga berhubungan dengan kemanan file, misalnya ada tidaknya file yang telah diubah atau ada tidaknya usaha untuk dapat akses ke file-file yang sensitive.
IDS network-based biasa berupa suatu mesin yang khusus dipergunakan untuk melakukan monitoring terhadap seluruh segmen dari jaringan.IDS network-based akan mengumpulkan paket-paket data yang terdapat pada jaringan dan kemudian menganalisisnya serta menentukan apakah paket-paket tersebut berupa suatu paket yang normal atau suatu serangan atau berupa aktivitas yanga mencurigakan.
Thursday 18 December 2008
Network Security part 2
Principles of CiphersEncryption transforms a message in such a way that it becomes unintelligible to any party that does not have the secret of how to reverse the transformation. The sender applies an encryption function to the original plaintext message, resulting in a ciphertext message that is sent over the network. The receiver applies a secret decryption function—the inverse of the encryption function—to recover the original plaintext. The ciphertext transmitted across the network is unintelligible to any eavesdropper, assuming she doesn’t know the decryption function. The transformation represented by an encryption function and its corresponding decryption function is called a cipher.
Cryptographers have been led to the principle, first stated in 1883, that encryption and decryption functions should be parameterized by a key, and furthermore that the functions should be considered public knowledge—only the key need be secret. Thus, the ciphertext produced for a given plaintext message depends on both the encryption function and the key. One reason for this principle is that if you depend on the cipher being kept secret, then you have to retire the cipher (not just the keys) when you believe it is no longer secret. This means potentially frequent changes of cipher, which is problematic since it takes a lot of work to develop a new cipher. Also, one of the best ways to know that a cipher is secure is to use it for a long time—if no one breaks it, it’s probably secure. (Fortunately, there are plenty of people who will try to break ciphers and who will let it be widely known when they have succeeded, so no news is generally good news.)
Thus, there is considerable cost and risk in deploying a new cipher. Finally, parameterizing a cipher with keys provides us with what is in effect a very large family of ciphers; by switching keys we essentially switch ciphers, thereby limiting
the amount of data that a cryptanalyst (code-breaker) can use to try to break our
key/cipher, and the amount she can read if she succeeds.
The basic requirement for an encryption algorithm is that it turns plaintext
into ciphertext in such a way that only the intended recipient—the holder of the
decryption key—can recover the plaintext. What this means is that encrypted
messages cannot be read by people who do not hold the key.
It is important to realize that when a potential attacker receives a piece of
ciphertext, he may have more information at his disposal than just the ciphertext
itself. For example, he may know that the plaintext was written in English, which
means that the letter e occurs more often in the plaintext that any other letter; the
frequency of many other letters and common letter combinations can also be predicted.
This information can greatly simplify the task of fi nding the key. Similarly,
he may know something about the likely contents of the message; for example,
the word “ login ” is likely to occur at the start of a remote login session. This may enable a known plaintext attack, which has a much higher chance of success
than a ciphertext only attack. Even better is a chosen plaintext attack, which may
be enabled by feeding some information to the sender that you know the sender
is likely to transmit—such things have happened in wartime, for example.
The best cryptographic algorithms, therefore, can prevent the attacker from
deducing the key even when the individual knows both the plaintext and the
ciphertext. This leaves the attacker with no choice but to try all the possible
keys—exhaustive, “ brute-force ” search. If keys have n bits, then there are 2 n possible values for a key (each of the n bits could be either a zero or a one). An attacker could be so lucky as to try the correct value immediately, or so unlucky as to try every incorrect value before fi nally trying the correct value of the key, therefore, she would have tried all 2 n possible values; the average number of guesses to discover the correct value is halfway between those extremes, 2 n /2. This can be made computationally impractical by choosing a suffi ciently large key space and by making the operation of checking a key reasonably costly. What makes this diffi cult is that computing speeds keep increasing, making formerly infeasible computations feasible. Furthermore, although we are concentrating on the security of data as it moves through the network—that is, the data is sometimes vulnerable for only a short period of time—in general, security people have to consider the vulnerability of data that needs to be stored in archives for tens of years. This argues for a generously large key size. On the other hand, larger keys make encryption and decryption slower Most ciphers are block ciphers : they are defi ned to take as input a plaintext block of a certain fi xed size, typically 64 to 128 bits. Using a block cipher to encrypt each block independently—known as electronic codebook (ECB) mode encryption—has the weakness that a given plaintext block value will always result in the same ciphertext block. Hence recurring block values in the plaintext are recognizable as such in the ciphertext, making it much easier for a cryptanalyst to break the cipher.
To prevent this, block ciphers are always augmented to make the ciphertext for a block vary depending on context. Ways in which a block cipher may be augmented are called modes of operation . A common mode of operation is cipher block chaining (CBC), in which each plaintext block is XORed with the previous block’s ciphertext before being encrypted. The result is that each block’s ciphertext depends in part on the preceding blocks (i.e., on its context). Since the first plaintext block has no preceding block, it is XORed with a random number. That random number, called an initialization vector (IV) , is included with the series of ciphertext blocks so that the fi rst ciphertext block can be decrypted. This mode is illustrated in Figure 1.2 . Another mode of operation is counter mode , in which successive values of a counter (e.g., 1, 2, 3, . . .) are incorporated into the encryption of successive blocks of plaintext.
Reference to : Network Security, Know it All.
Network Security
Computer networks are typically a shared resource used by many applications representing different interests. The Internet is particularly widely shared, being used by competing businesses, mutually antagonistic governments, and opportunistic criminals. Unless security measures are taken, a network conversation or a distributed application may be compromised by an adversary.Consider some threats to secure use of, for example, the World Wide Web. Suppose you are a customer using a credit card to order an item from a website. An obvious threat is that an adversary would eavesdrop on your network communication, reading your messages to obtain your credit card information. How might that eavesdropping be accomplished? It is trivial on a broadcast network such as an Ethernet, where any node can be confi gured to receive all the message traffic on that network. Wireless communication can be monitored without any physical connection. More elaborate approaches include wiretapping and planting spy software on any of the chain of nodes involved. Only in the most extreme cases, such as national security, are serious measures taken to prevent such monitoring, and the Internet is not one of those cases. It is possible and practical, however, to encrypt messages so as to prevent an adversary from understanding the message contents. A protocol that does so is said to provide confi dentiality . Taking the concept a step further, concealing the quantity or destination of communication is called traffi c confi dentiality —because merely knowing how much communication is going where can be useful to an adversary in some situations.Even with confi dentiality there still remain threats for the website customer. An adversary who can’t read the contents of your encrypted message might still be able to change a few bits in it, resulting in a valid order for, say, a completely different item or perhaps 1,000 units of the item. There are techniques to detect, if not prevent, such tampering. A protocol that detects such message tampering provides data integrity . The adversary could alternatively transmit an extra copy of your message in a replay attack . To the website, it would appear as though you had simply ordered another of the same item you ordered the fi rst time. A protocol that detects replays provides originality . Originality would not, however, preclude the adversary intercepting your order, waiting a while, then transmitting it—in effect, delaying your order. The adversary could thereby arrange for the item to arrive on your doorstep while you are away on vacation, when it can be easily snatched. A protocol that detects such delaying tactics is said to provide timeliness . Data integrity, originality, and timeliness are considered aspects of the more general property of integrity .
Another threat to the customer is unknowingly being directed to a false website. This can result from a DNS attack, in which false information is entered in a domain name server or the name service cache of the customer’s computer.
This leads to translating a correct URL into an incorrect IP address—the address of a false website. A protocol that ensures that you really are talking to whom you think you’re talking is said to provide authentication . Authentication entails integrity since it is meaningless to say that a message came from a certain participant if it is no longer the same message.
The owner of the website can be attacked as well. Some websites have been defaced; the fi les that make up the website content have been remotely accessed and modifi ed without authorization. That is an issue of access control : enforcing the rules regarding who is allowed to do what. Websites have also been subject to denial of service (DoS) attacks, during which would-be customers are unable to access the website because it is being overwhelmed by bogus requests. Ensuring a degree of access is called availability .
Finally, the customer and website face threats from each other. Each could unilaterally deny that a transaction occurred, or invent a nonexistent transaction. Nonrepudiation means that a bogus denial (repudiation) of a transaction can be disproved, and nonforgeability means that claims of a bogus (forged) transaction can be disproved.
Although these examples have been based on Web transactions, there are comparable security threats in almost every network context. Although the Internet was designed with the redundancy to survive physical attacks such as bombing, it was not originally designed to provide the kind of security we have been discussing. Internet security mechanisms have essentially been patches. If a comprehensive redesign of the Internet were to take place, integrating security would likely be the foremost driving factor. That possibility makes this chapter all the more pertinent.
The main tools for securing networked systems are cryptography and firewalls. The bulk of this chapter concerns cryptography-based security.
Reference to : Network Security, Know it All.
Wednesday 17 December 2008
Pemrograman Web
Biasanya untuk web statis yang ditonjolkan adalah sisi tampilan yang banyak mengandung grafis sehingga untuk merancang web statis tidak diperlukan kemampuan pemrograman yang handal. Yang dibutuhkan hanya kemampuan design grafis/web dan cita rasa seni belaka. Sedangkan untuk web dinamis yang banyak ditonjolkan adalah pengolahan data sehingga dibutuhkan kemampuan dalam pemrograman web.
Ada dua jenis pemrograman web, yaitu Server Side Programming dan Client Side Programming. Pada Server Side Programming, semua sintaks dan perintah program yang diberikan akan dijalankan/diproses di Web Server, kemudian hasilnya dikirimkan ke browser pengguna dalam bentuk HTML biasa. Sehingga pengguna tidak dapat melihat kode asli yang ditulis dalam bentuk server side programming tersebut. Yang tergolong dalam server side programming seperti: CGI/Perl, Active Server Pages, Java Server Page, PHP, ColdFussion dan lain-lain.
Sebaliknya, pada Client Side Programming semua sintaks dan perintah program dijalankan di web browser, sehingga ketika client meminta dokumen yang mengandung script, script tersebut akan diambil dari web server kemudian dijalankan di web browser yang bersangkutan. Contoh dari client side programming seperti: JavaScript, VbScript, HTML.
Pengenalan PHP
PHP merupakan singkatan dari "PHP: Hypertext Preprocessor", bahasa scripting yang menyatu dengan HTML dan dijalankan pada serverside. Artinya semua sintaks yang kita berikan akan sepenuhnya dijalankan pada server sedangkan yang dikirimkan ke browser hanya hasilnya saja. Ketika seorang pengguna internet membuka suatu situs yang menggunakan fasilitas server side scripting PHP, maka terlebih dahulu server yang bersangkutan akan memproses semua perintah PHP di server lalu mengirimkan hasilnya dalam format HTML ke web server pengguna internet tadi. Sehingga kode asli yang ditulis dengan PHP tidak terlihat di browser pengguna.
PHP merupakan software yang open source bebas. Jadi anda dapat merubah source code dan mendistribusikan secara bebas dan gratis. PHP juga dapat berjalan lintas platform, yaitu dapat digunakan dengan sistem operasi (Windows dan Linux) dan web server apapun (misalnya: PWS, IIS, Apache dll).
Hubungan PHP dengan HTML
Halaman web biasanya disusun dari kode-kode html yang disimpan dalam sebuah file berekstensi .html. File html ini dikirimkan oleh server (atau file) ke browser, kemudian browser menerjemahkan kode-kode tersebut sehingga menghasilkan suatu tampilan yang indah. Lain halnya dengan program php, program ini harus diterjemahkan oleh web-server sehingga menghasilkan kode html yang dikirim ke browser agar dapat ditampilkan. Program ini dapat berdiri sendiri ataupun disisipkan di antara kode-kode html sehingga dapat langsung ditampilkan bersama dengan kode-kode html tersebut. Program php dapat ditambahkan dengan mengapit program tersebut di antara tanda . Tanda-tanda tersebut biasanya disebut tanda untuk escaping (kabur) dari kode html. File html yang telah dibubuhi program php harus diganti ekstensi-nya menjadi .php atau .php3.
PHP merupakan bahasa pemograman web yang bersifat server-side HTML=embedded scripting, di mana script-nya menyatu dengan HTML dan berada si server. Artinya adalah sintaks dan perintah-perintah yang kita berikan akan sepenuhnya dijalankan di server tetapi disertakan HTML biasa. PHP dikenal sebgai bahasa scripting yang menyatu dengan tag HTML, dieksekusi di server dan digunakan untuk membuat halaman web yang dinamis seperti ASP (active Server Pages) dan JSP (Java Server Pages).
Sejarah PHP
PHP pertama kali dibuat oleh Rasmus Lerdroft, seorang programmer C. Semula PHP digunakannya untuk menghitung jumlah pengunjung di dalam webnya. Kemudian ia mengeluarkan Personal Home Page Tools versi 1.0 secara gratis. Versi ini pertama kali keluar pada tahun 1995. Isinya adalah sekumpulan script PERL yang dibuatnya untuk membuat halaman webnya menjadi dinamis. Kemudian pada tahun1996 ia mengeluarkan PHP versi 2.0 yang kemampuannya telah mampu mengakses database dan dapat terintegrasi dengan HTML.
Pada tahun 1998 tepatnya pada tanggal 6 Juni 1998 keluarlah PHP versi 3.0 yang dikeluarkan oleh Rasmus sendiri bersama kelompok pengembang softwarenya..
Versi teranyar yaitu PHP 4.0 keluar pada tanggal 22 Mei 2000 merupakan versi yang lebih lengkap lagi dibandingkan dengan versi sebelumnya. Perubahan yang paling mendasar pada PHP 4.0 adalah terintegrasinya Zend Engine yang dibuat oleh Zend Suraski dan Andi Gutmans yang merupakan penyempurnaan dari PHP3 scripting engine. Yang lainnya adalah build in HTTP session, tidak lagi menggunakan library tambahan seperti pada PHP3. Tujuan dari bahasa scripting ini adalah untuk membuat aplikasi-aplikasi yang dijalankan di atas teknologi web. Dalam hal ini, aplikasi pada umumnya akan memberikan hasil pada web browser, tetapi prosesnya secara keseluruhan dijalankan web server.
Kelebihan PHP
Ketika e-commerce semakin berkembang, situs-situs yang statispun semakin ditinggalkan Karena dianggap sudah tidak memenuhi keinginan pasar karena situs tersebut harus tetap dinamis selama setiap hari. Pada saat ini bahasa PERL dan CGI sudah jauh ketinggalan jaman sehingga sebagian besar designer web banyak beralih ke bahasa server-side scripting yang lebih dinamis seperti PHP.
Seluruh aplikasi berbasis web dapat dibuat dengan PHP. Namun kekuatan yang paling utama PHP adalah pada konektivitasnya dengan system database di dalam web. Sistem database yang dapat didukung oleh PHP adalah :
1. Oracle
2. MySQL
3. Sybase
4. PostgreSQL
5. dan lainnya
PHP dapat berjalan di berbagai system operasi seperti windows 98/NT, UNIX/LINUX, solaris maupun macintosh.
PHP merupakan software yang open source yang dapat anda download secara gratis dari situs resminya yaitu http://www.php.net, ataupun dari situs-situs yang menyediakan software tersebut seperti di ftp://gerbang.che.itb.ac.id.
Software ini juga dapat berjalan pada web server seperti PWS (Personal Web Server), Apache, IIS, AOLServer, fhttpd, phttpd dan sebagainya. PHP juga merupakan bahasa pemograman yang dapat kita kembangkan sendiri seperti menambah fungsi-fungsi baru.
Keunggulan lainnya dari PHP adalah PHP juga mendukung komunikasi dengan layanan seperti protocol IMAP, SNMP, NNTP, POP3 bahkan HTTP.
PHP dapat diinstal sebagai bagian atau modul dari apache web server atau sebagai CGI script yang mandiri. Banyak keuntungan yang dapat diperoleh jika menggunakan PHP sebagai modul dari apache di antaranya adalah :
1. Tingkat keamanan yang cukup tinggi
2. waktu eksekusi yang lebih cepat dibandingkan dengan bahasa pemograman web lainnya yang berorientasi pada server-side scripting.
3. Akses ke system database yang lebih fleksibel. seperti MySQL.
Adapun kelebihan-kelebihan dari PHP yaitu:
Mudah dibuat dan berkecepatan tinggi
PHP dapat berjalan lintas platform, yaitu dapat berjalan dalam sistem operasi dan web server apapun.
Dapat digunakan secara gratis.
Termasuk bahasa yang embedded, yakni dapat diletakkan dalam tag HTML.
Termasuk server side programming, sehingga kode asli/source code PHP tidak dapat dlihat di browser pengguna, yang terlihat hanya kode dalam format HTML.
Dapat memanfaatkan sumber-sumber aplikasi yang dimiliki oleh server, seperti misalnya untuk keperluan database connection. PHP dapat melakukan koneksi dengan berbagai database seperti MySQL, Oracle, Sybase, mSQL, Solid, Generic ODBC, Postgres SQL, dBase, Direct MS-SQL, Velocis, IBM DB2, Interbase, Frontbase, Empress, dan semua database yang mempunyai profider ODBC seperti misalnya MS Access dan lain-lain.
PHP dapat melakukan semua aplikasi program CGI, seperti mengambil nilai form, menghasilkan halaman web yang dinamis, mengirimkan dan menerima cookies.
PHP juga mendukung komunikasi dengan layanan lain melalui protokol IMAP, SNMP, NNTP, POP3 dan HTTP dan lainnya.
FreeBSD Directory Structures
Of significant importance is the root of all directories, the / directory. This directory is the first directory mounted at boot time and it contains the base system necessary at boot time. The root directory also contains mount points for every other file system that you want to mount.
A mount point is a directory where additional file systems can be grafted onto the root file system.
Standard mount points include /usr,/var, /mnt, and /cdrom. These directories are usually referenced to entries in the file /etc/fstab. /etc/fstab is a table of various file systems and mount points for reference by the system. Most of the file systems in /etc/fstab are mounted automatically at boot time
from the script rc(8) unless they contain the noauto option. Consult the fstab(5) manual page for more information on the format of the /etc/fstab file and the options it contains.
Tuesday 16 December 2008
Choosing an Audio CD Player
However, a variety of CD players come with Linux distributions or may be downloaded and installed. Here is a cross-section of your other choices for playing CDs with Linux:
• Rhythmbox (rhythmbox)—Import and manage your CD collection with Rhythmbox music management and playback software for GNOME. It uses GStreamer on the audio back end and compresses music using Ogg Vorbis audio format. In addition to enabling you to create playlists of your music library, Rhythmbox also has features for playing Internet radio stations. Free music stores were added to Rhythmbox in recent releases, allowing you to play free music from Jamendo (www.jamendo.com/en/) and Magnatune (www.magnatune.com), and possibly purchase CDs or license use of that music for commercial projects.
• KsCD player (kscd)—The KsCD player comes with the KDE desktop. To use it, the kdemultimedia package must be installed. From the main menu on the KDE desktop, select Multimedia➪KsCD (or type kscd in a Terminal window). Like gnome-cd, this player lets you get title, track, and artist information from the CD database. KsCD, however, also lets you submit information to a CD database (if your CD isn’t found there).
• Grip (grip)—While Grip is primarily used as a CD ripper, it can also play CDs. Select Multimedia➪Grip (or type grip in a Terminal window). It includes tools for gathering data from and submitting data to CD databases. It also includes tools for copying (ripping) CD tracks and converting them to different formats (encoding). Naturally, the grip package must be installed to use this command.
• Amarok (amarok)—With Amarok, you get a nice graphical interface where you can manage music by moving elements around with your mouse. Amarok uses SQLite (or other databases) to store your music. It also supports playlists and streaming audio playback from online radio stations.
• X Multimedia System (xmms)—The XMMS player plays a variety of audio formats but can also play directly from a CD.
Playing Music and Video
Some Linux distributions are more multimedia-friendly right after the install than others. An example of this is Freespire, which comes pre-loaded and able to support Flash, Java, MP3, Real, QuickTime, and Windows Media files the minute the installation completes. This can save you a great deal of time trying to track down licensing issues and resolve problems. You can find features that are not included with the installation, such as DVD playback support,, at the Linspire Click-N-Run service (www.cnr.com). Ubuntu users can also use Click-N-Run to get both free and commercial software.
Exploring Codecs
If you want to play a video or audio file, you need the appropriate codec installed and ready for use by your media player. A codec is a software-based encoder-decoder used to take existing digital audio/video data and decode the content. Often, codecs use compression technology to reduce the size of the data files while retaining the quality of the output.
If you encounter a media file that you know is a working, playable file and you cannot play the file, you might need to identify and install the proper codec. This often involves installing the proper playback application, such as DivX 5.0.5 for Linux, which installs the MPEG4 codec for video and audio playback.
Many codecs are available, so getting the ones you need is usually not an issue. Advances in codec technology have continued to increase the quality of the encoded content, while reducing file size. Fortunately, most widely distributed videos and audio files (from news sites, for example) are created using a few commonly used codecs. While there are some commonly used encoding standards, there are also a slew of proprietary codecs in use today as well. This is really a battleground of sorts with each vendor/developer trying to produce the superior standard and obtain the spoils of market share that can follow. For the end user,this means you might have to spend time chasing a variety of playback utilities to handle multiple video and audio formats. Another debate: Can digital media match the quality of analog formats? This hardly seems much of a question anymore because DVD has shown the potential for high-quality digital video, and MPEG codecs have made huge strides in digital audio fidelity. The quality of digital media files is very high and getting better all the time. Some of the key technologies that reflect improvements in how audio and video codecs have improved include:
• Ogg Vorbis - This audio codec has been developed as a freely available tool—no patents or licensing needed. Ogg is the “data container” portion of the codec, and Vorbis is the audio compression scheme. There are other compression schemes that can be used with Ogg such as Ogg FLAC, which is used for archiving audio in a lossless format, and Ogg Speex, which is used specifically to handle encoding speech.
• Real Networks - Real has developed a set of audio and video codecs that have an amazing ability to serve up streaming content. This protocol is not widely supported by anyone but Real. The Helix project produces a player for Linux that enables playback of Real media encoded files.
• WMA - Windows Media Audio is used to create high-quality digital audio. WMA is
considered a lossless codec, which means the audio doesn’t lose quality or data as a result of repeated compression-decompression cycles. Among its other benefits is that it’s one of the first widely used codecs to support digital surround sound.
• WMV - Windows Media Video is used, not surprisingly, to encode and decode video.
This is also a very high-quality encoder and is billed to produce a video that is half the size of an MPEG-4 encoded video at a comparable quality level.
• DivX - This video codec has revolutionized digital video. Extremely high-quality video can be stored with amazingly small file sizes when using this codec. DivX (Digital Video Express) is based on the MPEG-4 video standard and can produce 640 × 480 video that is about 15 percent of the size of the source DVD material.
Some of these codecs are integral parts of Digital Rights Management (DRM) scenarios. For example, WMA, WMV, and DivX have elements that support DRM. DRM is basically proprietary copy protection.
The term “DRM” applies to a wide range of technologies that use server-based activation, encryption, and other elements to control who can access content and what they can then do with the content once it has been accessed. While it is very attractive to distributors of audio and video, who are trying to prevent unchecked digital piracy of their content, it can be a real stumbling block for the consumer.
Many DRM solutions require proprietary software and even hardware to work with the protected content. A prime example is the recent production of some DRM-protected audio CDs, particularly in Europe. Some of these disks will not play in older standalone CD players, some will play only on a computer that supports the DRM application on the CD itself, and (especially frustrating) some will not play on a computer at all. In almost all cases, such DRM solutions do not support Linux. Most support only Windows, and a few support Windows and Mac OS X.
Just to make things clear, while the codecs just discussed do not include built-in DRM features, some codecs are specifically designed to integrate with DRM solutions. In other words, all of these codecs can theoretically be used to play encoded content on a Linux system. If the content is protected by a DRM solution, the likelihood that the content is playable on a Linux system is fairly remote. Despite this fact, or perhaps because of it, Linus Torvalds has not excluded the possibility of including support for DRM in Linux. Likewise, several open source projects are working on Linux DRM solutions.
Configuring Networking
Netmask—The netmask is used to determine what part of an IP address represents the
network and what part represents a particular host computer. An example of a netmask
for a Class C network is 255.255.255.0. If you apply this netmask to an IP address of
192.168.0.1, for example, the network address would be 192.168.0 and the host address
1. Because 0 and 255 can’t be assigned to a particular host, that leaves valid host numbers
between 1 and 254 available for this local network.
Activate on boot—Some Linux install procedures ask you to indicate if you want the
network to start at boot time (you probably do if you have a LAN).
Set the host name—This is the name identifying your computer within your domain.
For example, if your computer were named “baskets” in the handsonhistory.com
domain, your full host name may be baskets.handsonhistory.com. You can either
280
Part III Choosing and Installing a Linux Distribution
set the domain name yourself (manually) or have it assigned automatically, if that information
is being assigned by a DHCP server (automatically via DHCP).
Gateway—This is the IP number of the computer that acts as a gateway to networks
outside your LAN. This typically represents a host computer or router that routes packets
between your LAN and the Internet.
Primary DNS—This is the IP address of the host that translates computer names you
request into IP addresses. It is referred to as a Domain Name System (DNS) server. You
may also have Secondary and Tertiary name servers in case the first one can’t be reached.
(Most ISPs will give you two DNS server addresses.)
Using LILO or GRUB Boot Loaders part 2
You can change the options that take effect each time you boot your computer by changing the
GRUB configuration file. In Fedora and other Linux systems, GRUB configuration centers on the
/boot/grub/grub.conf file.
The /boot/grub/grub.conf file is created when you install Linux. Here’s an example of that file
for Fedora:
# grub.conf generated by anaconda
#
# Note that you do not have to rerun grub after making# changes to this file
# NOTICE: You have a /boot partition. This means that
# all kernel and initrd paths are relative to /boot/, eg.
# root (hd0,6)
# kernel /vmlinuz-version ro root=/dev/sda7
# initrd /initrd-version.img
#boot=/dev/sda
default=0
timeout=10
splashimage=(hd0,6)/grub/splash.xpm.gz
title Fedora (2.6.20-1.3104.fc7)
root (hd0,6)
kernel /vmlinuz-2.6.20-1.3104.fc7 ro root=LABEL=/123 rhgb quiet
initrd /initrd-2.6.20-1.3104.fc7.img
title Windows XP
rootnoverify (hd0,0)
chainloader +1
The default=0 line indicates that the first partition in this list (in this case Fedora) will be the
one that is booted by default. The line timeout=10 causes GRUB to pause for 10 seconds before
booting the default partition. (That’s how much time you have to press e if you want to edit the
boot line, or to press arrow keys to select a different operating system to boot.)
The splashimage line looks in the seventh partition on the first disk (hd0,6) for the boot partition
(in this case /dev/sda7, which is the /boot partition). GRUB loads splash.xpm.gz as the
image on the splash screen (/boot/grub/splash.xpm.gz). The splash screen appears as the
background of the boot screen.
The two bootable partitions in this example are Fedora and Windows XP. The title lines for each
of those partitions are followed by the name that appears on the boot screen to represent each
partition.
For the Fedora Linux system, the root line indicates the location of the boot partition as the second
partition on the first disk. So, to find the bootable kernel (vmlinuz-2.20-1.3104.fc7) and the
initrd initial RAM disk boot image that is loaded (initrd-2.6.20-1.3104.fc7.img), GRUB
looks in the root of hd0,6 (which is represented by /dev/sda7 and is eventually mounted as
/boot). Other options on the kernel line set the partition as read-only initially (ro) and set the
root file system to LABEL=/123.
For the Windows XP partition, the rootnoverify line indicates that GRUB should not try to mount
the partition. In this case, Windows XP is on the first partition of the first hard disk (hd0,0) or
/dev/sda1. Instead of mounting the partition and passing options to the new operating system,
the chainloader +1 indicates to hand control the booting of the operating system to another
boot loader. The +1 indicates that the first sector of the partition is used as the boot loader.
If you make any changes to the /boot/grub/grub.conf file, you do not need to load those
changes. GRUB automatically picks up those changes when you reboot your computer. If you are
accustomed to using the LILO boot loader, this may confuse you at first, as LILO requires you to
rerun the lilo command for the changes to take effect.
Adding a New GRUB Boot Image
You may have different boot images for kernels that include different features. Here is the procedure
for modifying the grub.conf file:
1. Copy the new image from the directory in which it was created (such as /usr/src/
kernels/linux-2.6.20-1/arch/i386/boot) to the /boot directory. Name the file
something that reflects its contents, such as bz-2.6.20-1. For example:
# cp /usr/src/linux-2.6.20-1/arch/i386/boot/bzImage/boot/bz-2.6.20-1
2. Add several lines to the /boot/grub/grub.conf file so that the image can be started at
boot time if it is selected. For example:
title Fedora (My own IPV6 build)
root (hd0,1)
kernel /bz-2.6.20-1 ro root=/dev/sda7
initrd /initrd-2.6.20-1.img
3. Reboot your computer.
4. When the GRUB boot screen appears, move your cursor to the title representing the new
kernel and press Enter.
The advantage to this approach, as opposed to copying the new boot image over the old one, is
that if the kernel fails to boot, you can always go back and restart the old kernel. When you feel
confident that the new kernel is working properly, you can use it to replace the old kernel or perhaps
just make the new kernel the default boot definition.
Booting Your Computer with LILO
LILO stands for LInux LOader. Like other boot loaders, LILO is a program that can stand outside
the operating systems installed on the computer so you can choose which system to boot. It alsolets you give special options that modify how the operating system is booted. On Slackware and
some other Linux systems, LILO is used instead of GRUB as the default boot loader.
If LILO is being used on your computer, it is installed in either the master boot record or the first
sector of the root partition. The master boot record is read directly by the computer’s BIOS. In general,
if LILO is the only loader on your computer, install it in the master boot record. If there is
another boot loader already in the master boot record, put LILO in the root partition.
Using LILO
When your computer boots with the Fedora version of LILO installed in the master boot record, a
graphical Fedora screen appears, displaying the bootable partitions on the computer. Use the up
and down arrow keys on your keyboard to select the one you want and press Enter. Otherwise, the
default partition that you set at installation will boot after a few seconds.
If you want to add any special options when you boot, press Ctrl+X. You will see a text-based boot
prompt that appears as follows:
boot:
LILO pauses for a few seconds and then automatically boots the first image from the default bootable
partition. To see the bootable partitions again, quickly press Tab. You may see something similar to
the following:
LILO boot:
linux linux-up dos
boot:
This example shows that three bootable partitions are on your computer, called linux, linux-up,
and dos. The first two names refer to two different boot images that can boot the Linux partition.
The third refers to a bootable DOS partition (presumably containing a Windows operating system).
The first bootable partition is loaded if you don’t type anything after a few seconds. Or you can use
the name of the other partition to have that boot instead.
If you have multiple boot images, press Shift, and LILO asks you which image you want to boot.
Available boot images and other options are defined in the /etc/lilo.conf file.
Setting Up the /etc/lilo.conf File
The /etc/lilo.conf file is where LILO gets the information it needs to find and start bootable partitions
and images. By adding options to the /etc/lilo.conf file, you can change the behavior of
the boot process. The following is an example of some of the contents of the /etc/lilo.conf file:
prompt
timeout=50
default=linux
boot=/dev/hda
map=/boot/map
install=/boot/boot.b
message=/boot/message
linear
image=/boot/vmlinuz-18-1.2798.fc6
label=linux
initrd=/boot/initrd-2.6.18-1.2798.fc6.img
read-only
root=/dev/hda6
append=”root=LABEL=/“
other=/dev/hda1
optional
label=dos
With prompt on, the boot prompt appears when the system is booted without requiring you to
press any keys. The timeout value, in this case 50 tenths of a second (5 seconds), defines how long
to wait for keyboard input before booting the default boot image. The boot line indicates that the
bootable partition is on the hard disk represented by /dev/hda (the first IDE hard disk).
Using LILO or GRUB Boot Loaders
* Support for multiple executable formats.
* Support for multi-boot operating systems (such as Fedora, FreeBSD, NetBSD, OpenBSD, and other Linux systems).
* Support for non–multi-boot operating systems (such as Windows 95, Windows 98, Windows NT, Windows ME, Windows XP, and OS/2) via a chain-loading function. Chain-loading is the act of loading another boot loader (presumably one that is specific to the proprietary operating system) from GRUB to start the selected operating system.
* Support for multiple file system types.
* Support for automatic decompression of boot images.
* Support for downloading boot images from a network.
For more information on how GRUB works, type man grub or info grub. The info command contains more details about GRUB.
Booting with GRUB
When you install Linux, you are typically given the option to configure the information needed to boot your computer (with one or more operating systems) into the default boot loader. With GRUB configured, when you boot your computer, the first thing you see after the BIOS loads is the GRUB boot screen (it says GRUB at the top and lists bootable partitions below it). Do one of the following:
* Default—If you do nothing, the default operating system will boot automatically after a few seconds. (The timeout is set by the timeout value, in seconds, in the grub.conf file.)Select an operating system—Use the up and down arrow keys to select any of the titles, representing operating systems you can boot, that are shown on the screen. Then press Enter to boot that operating system.
* Edit the boot process—If you want to change any of the options used during the boot process, use the arrow keys to highlight the operating system you want and type e to select it. Follow the next procedure to change your boot options temporarily.
If you want to change your boot options so that they take effect every time you boot your computer, see the section on permanently changing boot options. Changing those options involves editing the /boot/grub/grub.conf file.
Temporarily Changing Boot Options
From the GRUB boot screen, you can select to change or add boot options for the current boot session. First, select the operating system you want (using the arrow keys) and type e (as described earlier). You will see a graphical screen that looks like the one shown in Figure 7-2.
There are three lines in the example of the GRUB editing screen that identify the boot process for the operating system you chose. The first line (beginning with root) shows that the entry for the GRUB boot loader is on the seventh partition of the first hard disk (hd0,6). GRUB represents the hard disk as hd, regardless of whether it is a SCSI, IDE, or other type of disk. You just count the drive number and partition number, starting from zero (0).
The second line of the example (beginning with kernel) identifies the boot image (/boot/vmlinuz-
2.6.20-1.3104.fc7) and several options. The options identify the partition as initially being loaded ro (read-only) and the location of the root file system on a partition with the label root=LABEL=/123. The third line (starting with initrd) identifies the location of the initial RAM disk, which contains the minimum files and directories needed during the boot process.
If you are going to change any of the lines related to the boot process, you would probably change only the second line to add or remove boot options. Here is how you do that:
1. Position the cursor on the kernel line and type e.
2. Either add or remove options after the name of the boot image. You can use a minimal set of bash shell command-line editing features to edit the line. You can even use command completion (type part of a filename and press Tab to complete it).
3. Press Enter to return to the editing screen.
4. Type b to boot the computer with the new options. The next time you boot your computer,
the new options will not be saved. To add options so they are saved permanently,
see the next section.
Dual Booting with Windows or Just Linux?
If the computer you are using already has a Windows system on it, it’s quite possible that that the entire hard disk is devoted to Windows. While you can run a bootable Linux, such as KNOPPIX or Damn Small Linux, without touching the hard disk, to do a more permanent installation you’ll want to find disk space outside of the Windows installation. There are a few ways to do this:
* Add a hard disk—Instead of messing with your Windows partition, you can simply add a hard disk and devote it to Linux.
* Resize your Windows partition—If you have available space on your Windows partition, you can shrink that partition so there is available free space on the disk to devote to Linux. Commercial tools such as Partition Magic from Symantec (www.symantec.com) or Acronis Disk Director (www.acronis.com) are available to resize your disk partitions and set up a workable boot manager. Some Linux distributions (particularly bootable Linuxes used as rescue CDs) include a tool called QTParted that is an open source clone of Partition Magic (which includes software from the Linux-NTFS project for resizing Windows NTFS partitions).
Before you try to resize your Windows partition, you might need to defragment it. To defragment your disk on some Windows systems, so that all of your used space is put in order on the disk, open My Computer, right-click your hard disk icon (typically C:), select Properties, click Tools, and select Defragment Now.
Defragmenting your disk can be a fairly long process. The result of defragmentation is that all the
data on your disk are contiguous, creating a lot of contiguous free space at the end of the partition. There are cases where you will have to do the following special tasks to make this true:
* If the Windows swap file is not moved during defragmentation, you must remove it. Then, after you defragment your disk again and resize it, you will need to restore the swap file. To remove the swap file, open the Control Panel, open the System icon, and then click the Performance tab and select Virtual Memory. To disable the swap file, click Disable Virtual Memory.
* If your DOS partition has hidden files that are on the space you are trying to free up, you need to find them. In some cases, you won’t be able to delete them. In other cases, such as swap files created by a program, you can safely delete those files. This is a bit tricky because some files should not be deleted, such as DOS system files. You can use the attrib -s -h command from the root directory to deal with hidden files.
Once your disk is defragmented, you can use one of the commercial tools described earlier (Partition Magic or Acronis Disk Director) to repartition your hard disk to make space for Linux. An open source alternative to those tools is QTParted.
Boot KNOPPIX or any of several other bootable Linux distributions (particularly rescue CDs) and run QTParted by selecting System Tools➪QTParted from the desktop main menu. From the QTParted window, select the hard disk you want to resize. Then choose Options➪Configuration to open a window where you can select the ntfsresize tool to resize your NTFS partition.
After you have cleared enough disk space to install Linux (see the disk space requirements in the
chapter covering the Linux distribution you’re installing), you can choose your Linux distribution
and install it. As you set up your boot loader during installation, you will be able to identify the Windows, Linux, and any other bootable partitions so that you can select which one to boot when
your start your computer.
Choosing a Linux Distribution
Linux at Work
Because I know a lot of people who use Linux, both informally and at work, I want to share my general impressions of how different Linux distributions are being used in the United States. Most consultants I know who set up small office servers used to use Red Hat Linux, but now have mostly moved to Fedora, CentOS (built from Red Hat Enterprise Linux software), Ubuntu, or Debian GNU/Linux. Mandriva Linux (formerly Mandrakelinux) has been popular with people wanting a friendly Linux desktop, but Fedora is also well-liked. The more technically inclined like to play with Gentoo (highly tunable) or Slackware (Linux in a more basic form).
The agreement between Novell and Microsoft at the end of 2006 prompted some open source proponents to abandon SUSE. Whether this will result in a migration from SUSE in the enterprise space, however, has yet to play out. However, right now, Red Hat Enterprise Linux offers the best choice in the enterprise realm for those who object to the alliance.
For people transitioning to Linux with Macintosh hardware, Yellow Dog Linux lets you install on a PowerPC and learn skills that are useful to expand later to Red Hat systems. (Yellow Dog was originally based on Red Hat Linux.) As for the bootable Linuxes, everyone I know thinks they are great fun to try out and a good way to learn about Linux. For a bootable Linux containing desktop software that fits on a full CD (or DVD), KNOPPIX is a good choice, as is Ubuntu; for a bootable mini–CD size Linux, Damn Small Linux works well. However, you can also try out these live CDs from the media that come with this book: INSERT, Puppy Linux, SLAX Popcorn, System Rescue CD, or BackTrack.
You can also try to connect in to the growing Linux user communities because strong community
support results in a more solid software distribution and help when you need it (from such things
as forums and online chats).
Installing Linux
If someone hasn’t already installed and configured a Linux system for you, this chapter is going to help you get started so you can try out the Linux features described in the rest of the book. With recent improvements to Linux live CDs and installers, getting your hands on a working Linux system is quicker and more solid than ever before. If you are a first-time Linux user, I recommend that you:* Try a bootable Linux—This book’s CD and DVD include several bootable Linux systems. The advantage of a bootable Linux is that you can try out Linux without touching the contents of your computer’s hard drive. In particular, KNOPPIX is a full-featured Linux system that can give you a good feel for how Linux works. Using the DVD or CD, you can try out several different live CDs, as described in Appendix A. Some of these live CDs also include features for installing Linux to your hard disk. Although live CDs tend to run slower than installed systems and don’t keep your changes once you reboot, they are good tools for starting out with Linux.
* Install a desktop Linux system—Choose one of the Linux distributions and install it on your computer’s hard disk. Permanently installing Linux to your hard disk gives you more flexibility for adding and removing software, accessing and saving data to hard disk, and more permanently customizing your system. Installing Linux as a desktop system lets you try out some useful applications and get the feel for Linux before dealing with more complex server issues.
This chapter provides you with an overview of how to choose a Linux distribution, and then describes issues and topics that are common to installing most Linux distributions. Appendix A describes which Linux distributionsare included on this book’s DVD and CD and how to run them live or use them to install Linux permanently. Each of the other chapters in this part of the book is dedicated to understanding and installing a particular Linux distribution.
After you’ve installed Linux, you’ll want to understand how to get and manage software for your Linux system. These are important topics that are covered throughout the book, but this chapter describes the major packaging formats and tools to get you going.