Pages

Thursday, 18 December 2008

Network Security part 2

Principles of Ciphers

Encryption transforms a message in such a way that it becomes unintelligible to any party that does not have the secret of how to reverse the transformation. The sender applies an encryption function to the original plaintext message, resulting in a ciphertext message that is sent over the network. The receiver applies a secret decryption function—the inverse of the encryption function—to recover the original plaintext. The ciphertext transmitted across the network is unintelligible to any eavesdropper, assuming she doesn’t know the decryption function. The transformation represented by an encryption function and its corresponding decryption function is called a cipher.
Cryptographers have been led to the principle, first stated in 1883, that encryption and decryption functions should be parameterized by a key, and furthermore that the functions should be considered public knowledge—only the key need be secret. Thus, the ciphertext produced for a given plaintext message depends on both the encryption function and the key. One reason for this principle is that if you depend on the cipher being kept secret, then you have to retire the cipher (not just the keys) when you believe it is no longer secret. This means potentially frequent changes of cipher, which is problematic since it takes a lot of work to develop a new cipher. Also, one of the best ways to know that a cipher is secure is to use it for a long time—if no one breaks it, it’s probably secure. (Fortunately, there are plenty of people who will try to break ciphers and who will let it be widely known when they have succeeded, so no news is generally good news.)
Thus, there is considerable cost and risk in deploying a new cipher. Finally, parameterizing a cipher with keys provides us with what is in effect a very large family of ciphers; by switching keys we essentially switch ciphers, thereby limiting
the amount of data that a cryptanalyst (code-breaker) can use to try to break our
key/cipher, and the amount she can read if she succeeds.
The basic requirement for an encryption algorithm is that it turns plaintext
into ciphertext in such a way that only the intended recipient—the holder of the
decryption key—can recover the plaintext. What this means is that encrypted
messages cannot be read by people who do not hold the key.
It is important to realize that when a potential attacker receives a piece of
ciphertext, he may have more information at his disposal than just the ciphertext
itself. For example, he may know that the plaintext was written in English, which
means that the letter e occurs more often in the plaintext that any other letter; the
frequency of many other letters and common letter combinations can also be predicted.
This information can greatly simplify the task of fi nding the key. Similarly,
he may know something about the likely contents of the message; for example,
the word “ login ” is likely to occur at the start of a remote login session. This may enable a known plaintext attack, which has a much higher chance of success
than a ciphertext only attack. Even better is a chosen plaintext attack, which may
be enabled by feeding some information to the sender that you know the sender
is likely to transmit—such things have happened in wartime, for example.
The best cryptographic algorithms, therefore, can prevent the attacker from
deducing the key even when the individual knows both the plaintext and the
ciphertext. This leaves the attacker with no choice but to try all the possible
keys—exhaustive, “ brute-force ” search. If keys have n bits, then there are 2 n possible values for a key (each of the n bits could be either a zero or a one). An attacker could be so lucky as to try the correct value immediately, or so unlucky as to try every incorrect value before fi nally trying the correct value of the key, therefore, she would have tried all 2 n possible values; the average number of guesses to discover the correct value is halfway between those extremes, 2 n /2. This can be made computationally impractical by choosing a suffi ciently large key space and by making the operation of checking a key reasonably costly. What makes this diffi cult is that computing speeds keep increasing, making formerly infeasible computations feasible. Furthermore, although we are concentrating on the security of data as it moves through the network—that is, the data is sometimes vulnerable for only a short period of time—in general, security people have to consider the vulnerability of data that needs to be stored in archives for tens of years. This argues for a generously large key size. On the other hand, larger keys make encryption and decryption slower Most ciphers are block ciphers : they are defi ned to take as input a plaintext block of a certain fi xed size, typically 64 to 128 bits. Using a block cipher to encrypt each block independently—known as electronic codebook (ECB) mode encryption—has the weakness that a given plaintext block value will always result in the same ciphertext block. Hence recurring block values in the plaintext are recognizable as such in the ciphertext, making it much easier for a cryptanalyst to break the cipher.
To prevent this, block ciphers are always augmented to make the ciphertext for a block vary depending on context. Ways in which a block cipher may be augmented are called modes of operation . A common mode of operation is cipher block chaining (CBC), in which each plaintext block is XORed with the previous block’s ciphertext before being encrypted. The result is that each block’s ciphertext depends in part on the preceding blocks (i.e., on its context). Since the first plaintext block has no preceding block, it is XORed with a random number. That random number, called an initialization vector (IV) , is included with the series of ciphertext blocks so that the fi rst ciphertext block can be decrypted. This mode is illustrated in Figure 1.2 . Another mode of operation is counter mode , in which successive values of a counter (e.g., 1, 2, 3, . . .) are incorporated into the encryption of successive blocks of plaintext.
Reference to : Network Security, Know it All.
Read more ...

Network Security

Computer networks are typically a shared resource used by many applications representing different interests. The Internet is particularly widely shared, being used by competing businesses, mutually antagonistic governments, and opportunistic criminals. Unless security measures are taken, a network conversation or a distributed application may be compromised by an adversary.Consider some threats to secure use of, for example, the World Wide Web. Suppose you are a customer using a credit card to order an item from a website. An obvious threat is that an adversary would eavesdrop on your network communication, reading your messages to obtain your credit card information. How might that eavesdropping be accomplished? It is trivial on a broadcast network such as an Ethernet, where any node can be confi gured to receive all the message traffic on that network. Wireless communication can be monitored without any physical connection. More elaborate approaches include wiretapping and planting spy software on any of the chain of nodes involved. Only in the most extreme cases, such as national security, are serious measures taken to prevent such monitoring, and the Internet is not one of those cases. It is possible and practical, however, to encrypt messages so as to prevent an adversary from understanding the message contents. A protocol that does so is said to provide confi dentiality . Taking the concept a step further, concealing the quantity or destination of communication is called traffi c confi dentiality —because merely knowing how much communication is going where can be useful to an adversary in some situations.
Even with confi dentiality there still remain threats for the website customer. An adversary who can’t read the contents of your encrypted message might still be able to change a few bits in it, resulting in a valid order for, say, a completely different item or perhaps 1,000 units of the item. There are techniques to detect, if not prevent, such tampering. A protocol that detects such message tampering provides data integrity . The adversary could alternatively transmit an extra copy of your message in a replay attack . To the website, it would appear as though you had simply ordered another of the same item you ordered the fi rst time. A protocol that detects replays provides originality . Originality would not, however, preclude the adversary intercepting your order, waiting a while, then transmitting it—in effect, delaying your order. The adversary could thereby arrange for the item to arrive on your doorstep while you are away on vacation, when it can be easily snatched. A protocol that detects such delaying tactics is said to provide timeliness . Data integrity, originality, and timeliness are considered aspects of the more general property of integrity .
Another threat to the customer is unknowingly being directed to a false website. This can result from a DNS attack, in which false information is entered in a domain name server or the name service cache of the customer’s computer.
This leads to translating a correct URL into an incorrect IP address—the address of a false website. A protocol that ensures that you really are talking to whom you think you’re talking is said to provide authentication . Authentication entails integrity since it is meaningless to say that a message came from a certain participant if it is no longer the same message.
The owner of the website can be attacked as well. Some websites have been defaced; the fi les that make up the website content have been remotely accessed and modifi ed without authorization. That is an issue of access control : enforcing the rules regarding who is allowed to do what. Websites have also been subject to denial of service (DoS) attacks, during which would-be customers are unable to access the website because it is being overwhelmed by bogus requests. Ensuring a degree of access is called availability .
Finally, the customer and website face threats from each other. Each could unilaterally deny that a transaction occurred, or invent a nonexistent transaction. Nonrepudiation means that a bogus denial (repudiation) of a transaction can be disproved, and nonforgeability means that claims of a bogus (forged) transaction can be disproved.
Although these examples have been based on Web transactions, there are comparable security threats in almost every network context. Although the Internet was designed with the redundancy to survive physical attacks such as bombing, it was not originally designed to provide the kind of security we have been discussing. Internet security mechanisms have essentially been patches. If a comprehensive redesign of the Internet were to take place, integrating security would likely be the foremost driving factor. That possibility makes this chapter all the more pertinent.
The main tools for securing networked systems are cryptography and firewalls. The bulk of this chapter concerns cryptography-based security.
Reference to : Network Security, Know it All.
Read more ...

Wednesday, 17 December 2008

Pemrograman Web

Website dapat dibedakan menjadi dua yaitu Web Statis dan Web Dinamis. Web Statis adalah web yang berisi informasi-informasi yang bersifat statis (tetap), sedangkan Web Dinamis adalah web yang menampilkan informasi yang bersifat dinamis (berubah-ubah) dan dapat saling berinteraksi dengan user.
Biasanya untuk web statis yang ditonjolkan adalah sisi tampilan yang banyak mengandung grafis sehingga untuk merancang web statis tidak diperlukan kemampuan pemrograman yang handal. Yang dibutuhkan hanya kemampuan design grafis/web dan cita rasa seni belaka. Sedangkan untuk web dinamis yang banyak ditonjolkan adalah pengolahan data sehingga dibutuhkan kemampuan dalam pemrograman web.
Ada dua jenis pemrograman web, yaitu Server Side Programming dan Client Side Programming. Pada Server Side Programming, semua sintaks dan perintah program yang diberikan akan dijalankan/diproses di Web Server, kemudian hasilnya dikirimkan ke browser pengguna dalam bentuk HTML biasa. Sehingga pengguna tidak dapat melihat kode asli yang ditulis dalam bentuk server side programming tersebut. Yang tergolong dalam server side programming seperti: CGI/Perl, Active Server Pages, Java Server Page, PHP, ColdFussion dan lain-lain.
Sebaliknya, pada Client Side Programming semua sintaks dan perintah program dijalankan di web browser, sehingga ketika client meminta dokumen yang mengandung script, script tersebut akan diambil dari web server kemudian dijalankan di web browser yang bersangkutan. Contoh dari client side programming seperti: JavaScript, VbScript, HTML.
Pengenalan PHP
PHP merupakan singkatan dari "PHP: Hypertext Preprocessor", bahasa scripting yang menyatu dengan HTML dan dijalankan pada serverside. Artinya semua sintaks yang kita berikan akan sepenuhnya dijalankan pada server sedangkan yang dikirimkan ke browser hanya hasilnya saja. Ketika seorang pengguna internet membuka suatu situs yang menggunakan fasilitas server side scripting PHP, maka terlebih dahulu server yang bersangkutan akan memproses semua perintah PHP di server lalu mengirimkan hasilnya dalam format HTML ke web server pengguna internet tadi. Sehingga kode asli yang ditulis dengan PHP tidak terlihat di browser pengguna.
PHP merupakan software yang open source bebas. Jadi anda dapat merubah source code dan mendistribusikan secara bebas dan gratis. PHP juga dapat berjalan lintas platform, yaitu dapat digunakan dengan sistem operasi (Windows dan Linux) dan web server apapun (misalnya: PWS, IIS, Apache dll).

Hubungan PHP dengan HTML
Halaman web biasanya disusun dari kode-kode html yang disimpan dalam sebuah file berekstensi .html. File html ini dikirimkan oleh server (atau file) ke browser, kemudian browser menerjemahkan kode-kode tersebut sehingga menghasilkan suatu tampilan yang indah. Lain halnya dengan program php, program ini harus diterjemahkan oleh web-server sehingga menghasilkan kode html yang dikirim ke browser agar dapat ditampilkan. Program ini dapat berdiri sendiri ataupun disisipkan di antara kode-kode html sehingga dapat langsung ditampilkan bersama dengan kode-kode html tersebut. Program php dapat ditambahkan dengan mengapit program tersebut di antara tanda . Tanda-tanda tersebut biasanya disebut tanda untuk escaping (kabur) dari kode html. File html yang telah dibubuhi program php harus diganti ekstensi-nya menjadi .php atau .php3.
PHP merupakan bahasa pemograman web yang bersifat server-side HTML=embedded scripting, di mana script-nya menyatu dengan HTML dan berada si server. Artinya adalah sintaks dan perintah-perintah yang kita berikan akan sepenuhnya dijalankan di server tetapi disertakan HTML biasa. PHP dikenal sebgai bahasa scripting yang menyatu dengan tag HTML, dieksekusi di server dan digunakan untuk membuat halaman web yang dinamis seperti ASP (active Server Pages) dan JSP (Java Server Pages).
Sejarah PHP
PHP pertama kali dibuat oleh Rasmus Lerdroft, seorang programmer C. Semula PHP digunakannya untuk menghitung jumlah pengunjung di dalam webnya. Kemudian ia mengeluarkan Personal Home Page Tools versi 1.0 secara gratis. Versi ini pertama kali keluar pada tahun 1995. Isinya adalah sekumpulan script PERL yang dibuatnya untuk membuat halaman webnya menjadi dinamis. Kemudian pada tahun1996 ia mengeluarkan PHP versi 2.0 yang kemampuannya telah mampu mengakses database dan dapat terintegrasi dengan HTML.
Pada tahun 1998 tepatnya pada tanggal 6 Juni 1998 keluarlah PHP versi 3.0 yang dikeluarkan oleh Rasmus sendiri bersama kelompok pengembang softwarenya..
Versi teranyar yaitu PHP 4.0 keluar pada tanggal 22 Mei 2000 merupakan versi yang lebih lengkap lagi dibandingkan dengan versi sebelumnya. Perubahan yang paling mendasar pada PHP 4.0 adalah terintegrasinya Zend Engine yang dibuat oleh Zend Suraski dan Andi Gutmans yang merupakan penyempurnaan dari PHP3 scripting engine. Yang lainnya adalah build in HTTP session, tidak lagi menggunakan library tambahan seperti pada PHP3. Tujuan dari bahasa scripting ini adalah untuk membuat aplikasi-aplikasi yang dijalankan di atas teknologi web. Dalam hal ini, aplikasi pada umumnya akan memberikan hasil pada web browser, tetapi prosesnya secara keseluruhan dijalankan web server.


Kelebihan PHP
Ketika e-commerce semakin berkembang, situs-situs yang statispun semakin ditinggalkan Karena dianggap sudah tidak memenuhi keinginan pasar karena situs tersebut harus tetap dinamis selama setiap hari. Pada saat ini bahasa PERL dan CGI sudah jauh ketinggalan jaman sehingga sebagian besar designer web banyak beralih ke bahasa server-side scripting yang lebih dinamis seperti PHP.
Seluruh aplikasi berbasis web dapat dibuat dengan PHP. Namun kekuatan yang paling utama PHP adalah pada konektivitasnya dengan system database di dalam web. Sistem database yang dapat didukung oleh PHP adalah :
1. Oracle
2. MySQL
3. Sybase
4. PostgreSQL
5. dan lainnya
PHP dapat berjalan di berbagai system operasi seperti windows 98/NT, UNIX/LINUX, solaris maupun macintosh.
PHP merupakan software yang open source yang dapat anda download secara gratis dari situs resminya yaitu http://www.php.net, ataupun dari situs-situs yang menyediakan software tersebut seperti di ftp://gerbang.che.itb.ac.id.
Software ini juga dapat berjalan pada web server seperti PWS (Personal Web Server), Apache, IIS, AOLServer, fhttpd, phttpd dan sebagainya. PHP juga merupakan bahasa pemograman yang dapat kita kembangkan sendiri seperti menambah fungsi-fungsi baru.
Keunggulan lainnya dari PHP adalah PHP juga mendukung komunikasi dengan layanan seperti protocol IMAP, SNMP, NNTP, POP3 bahkan HTTP.
PHP dapat diinstal sebagai bagian atau modul dari apache web server atau sebagai CGI script yang mandiri. Banyak keuntungan yang dapat diperoleh jika menggunakan PHP sebagai modul dari apache di antaranya adalah :
1. Tingkat keamanan yang cukup tinggi
2. waktu eksekusi yang lebih cepat dibandingkan dengan bahasa pemograman web lainnya yang berorientasi pada server-side scripting.
3. Akses ke system database yang lebih fleksibel. seperti MySQL.
Adapun kelebihan-kelebihan dari PHP yaitu:
 Mudah dibuat dan berkecepatan tinggi
 PHP dapat berjalan lintas platform, yaitu dapat berjalan dalam sistem operasi dan web server apapun.
 Dapat digunakan secara gratis.
 Termasuk bahasa yang embedded, yakni dapat diletakkan dalam tag HTML.
 Termasuk server side programming, sehingga kode asli/source code PHP tidak dapat dlihat di browser pengguna, yang terlihat hanya kode dalam format HTML.
 Dapat memanfaatkan sumber-sumber aplikasi yang dimiliki oleh server, seperti misalnya untuk keperluan database connection. PHP dapat melakukan koneksi dengan berbagai database seperti MySQL, Oracle, Sybase, mSQL, Solid, Generic ODBC, Postgres SQL, dBase, Direct MS-SQL, Velocis, IBM DB2, Interbase, Frontbase, Empress, dan semua database yang mempunyai profider ODBC seperti misalnya MS Access dan lain-lain.
 PHP dapat melakukan semua aplikasi program CGI, seperti mengambil nilai form, menghasilkan halaman web yang dinamis, mengirimkan dan menerima cookies.
 PHP juga mendukung komunikasi dengan layanan lain melalui protokol IMAP, SNMP, NNTP, POP3 dan HTTP dan lainnya.
Read more ...

FreeBSD Directory Structures

Since FreeBSD uses its file systems to determine many fundamental system operations, the hierarchy of the file system is extremely important. Due to the fact that the hier(7) man page provides a complete description of the directory structure, it will not be duplicated here. Please read hier(7) for more information.
Of significant importance is the root of all directories, the / directory. This directory is the first directory mounted at boot time and it contains the base system necessary at boot time. The root directory also contains mount points for every other file system that you want to mount.
A mount point is a directory where additional file systems can be grafted onto the root file system.
Standard mount points include /usr,/var, /mnt, and /cdrom. These directories are usually referenced to entries in the file /etc/fstab. /etc/fstab is a table of various file systems and mount points for reference by the system. Most of the file systems in /etc/fstab are mounted automatically at boot time
from the script rc(8) unless they contain the noauto option. Consult the fstab(5) manual page for more information on the format of the /etc/fstab file and the options it contains.
Read more ...

Tuesday, 16 December 2008

Choosing an Audio CD Player

The GNOME CD player (gnome-cd) is the default CD player for many GNOME desktop systems. It has standard play buttons and lets you get track information automatically from a CD database, such as freedb.org. (If your CD isn’t listed in the database, you can enter your own track information manually.)
However, a variety of CD players come with Linux distributions or may be downloaded and installed. Here is a cross-section of your other choices for playing CDs with Linux:

• Rhythmbox (rhythmbox)—Import and manage your CD collection with Rhythmbox music management and playback software for GNOME. It uses GStreamer on the audio back end and compresses music using Ogg Vorbis audio format. In addition to enabling you to create playlists of your music library, Rhythmbox also has features for playing Internet radio stations. Free music stores were added to Rhythmbox in recent releases, allowing you to play free music from Jamendo (www.jamendo.com/en/) and Magnatune (www.magnatune.com), and possibly purchase CDs or license use of that music for commercial projects.
• KsCD player (kscd)—The KsCD player comes with the KDE desktop. To use it, the kdemultimedia package must be installed. From the main menu on the KDE desktop, select Multimedia➪KsCD (or type kscd in a Terminal window). Like gnome-cd, this player lets you get title, track, and artist information from the CD database. KsCD, however, also lets you submit information to a CD database (if your CD isn’t found there).
• Grip (grip)—While Grip is primarily used as a CD ripper, it can also play CDs. Select Multimedia➪Grip (or type grip in a Terminal window). It includes tools for gathering data from and submitting data to CD databases. It also includes tools for copying (ripping) CD tracks and converting them to different formats (encoding). Naturally, the grip package must be installed to use this command.
• Amarok (amarok)—With Amarok, you get a nice graphical interface where you can manage music by moving elements around with your mouse. Amarok uses SQLite (or other databases) to store your music. It also supports playlists and streaming audio playback from online radio stations.
• X Multimedia System (xmms)—The XMMS player plays a variety of audio formats but can also play directly from a CD.
Read more ...

Playing Music and Video

One of the most popular and enjoyable activities on a computer is playing audio and video. With improved multimedia players and tools for storing and managing content, Linux has become a great platform for storing, playing, and managing your music and video files.

Some Linux distributions are more multimedia-friendly right after the install than others. An example of this is Freespire, which comes pre-loaded and able to support Flash, Java, MP3, Real, QuickTime, and Windows Media files the minute the installation completes. This can save you a great deal of time trying to track down licensing issues and resolve problems. You can find features that are not included with the installation, such as DVD playback support,, at the Linspire Click-N-Run service (www.cnr.com). Ubuntu users can also use Click-N-Run to get both free and commercial software.

Exploring Codecs
If you want to play a video or audio file, you need the appropriate codec installed and ready for use by your media player. A codec is a software-based encoder-decoder used to take existing digital audio/video data and decode the content. Often, codecs use compression technology to reduce the size of the data files while retaining the quality of the output.
If you encounter a media file that you know is a working, playable file and you cannot play the file, you might need to identify and install the proper codec. This often involves installing the proper playback application, such as DivX 5.0.5 for Linux, which installs the MPEG4 codec for video and audio playback.
Many codecs are available, so getting the ones you need is usually not an issue. Advances in codec technology have continued to increase the quality of the encoded content, while reducing file size. Fortunately, most widely distributed videos and audio files (from news sites, for example) are created using a few commonly used codecs. While there are some commonly used encoding standards, there are also a slew of proprietary codecs in use today as well. This is really a battleground of sorts with each vendor/developer trying to produce the superior standard and obtain the spoils of market share that can follow. For the end user,this means you might have to spend time chasing a variety of playback utilities to handle multiple video and audio formats. Another debate: Can digital media match the quality of analog formats? This hardly seems much of a question anymore because DVD has shown the potential for high-quality digital video, and MPEG codecs have made huge strides in digital audio fidelity. The quality of digital media files is very high and getting better all the time. Some of the key technologies that reflect improvements in how audio and video codecs have improved include:
• Ogg Vorbis - This audio codec has been developed as a freely available tool—no patents or licensing needed. Ogg is the “data container” portion of the codec, and Vorbis is the audio compression scheme. There are other compression schemes that can be used with Ogg such as Ogg FLAC, which is used for archiving audio in a lossless format, and Ogg Speex, which is used specifically to handle encoding speech.
• Real Networks - Real has developed a set of audio and video codecs that have an amazing ability to serve up streaming content. This protocol is not widely supported by anyone but Real. The Helix project produces a player for Linux that enables playback of Real media encoded files.
• WMA - Windows Media Audio is used to create high-quality digital audio. WMA is
considered a lossless codec, which means the audio doesn’t lose quality or data as a result of repeated compression-decompression cycles. Among its other benefits is that it’s one of the first widely used codecs to support digital surround sound.
• WMV - Windows Media Video is used, not surprisingly, to encode and decode video.
This is also a very high-quality encoder and is billed to produce a video that is half the size of an MPEG-4 encoded video at a comparable quality level.
• DivX - This video codec has revolutionized digital video. Extremely high-quality video can be stored with amazingly small file sizes when using this codec. DivX (Digital Video Express) is based on the MPEG-4 video standard and can produce 640 × 480 video that is about 15 percent of the size of the source DVD material.
Some of these codecs are integral parts of Digital Rights Management (DRM) scenarios. For example, WMA, WMV, and DivX have elements that support DRM. DRM is basically proprietary copy protection.
The term “DRM” applies to a wide range of technologies that use server-based activation, encryption, and other elements to control who can access content and what they can then do with the content once it has been accessed. While it is very attractive to distributors of audio and video, who are trying to prevent unchecked digital piracy of their content, it can be a real stumbling block for the consumer.
Many DRM solutions require proprietary software and even hardware to work with the protected content. A prime example is the recent production of some DRM-protected audio CDs, particularly in Europe. Some of these disks will not play in older standalone CD players, some will play only on a computer that supports the DRM application on the CD itself, and (especially frustrating) some will not play on a computer at all. In almost all cases, such DRM solutions do not support Linux. Most support only Windows, and a few support Windows and Mac OS X.
Just to make things clear, while the codecs just discussed do not include built-in DRM features, some codecs are specifically designed to integrate with DRM solutions. In other words, all of these codecs can theoretically be used to play encoded content on a Linux system. If the content is protected by a DRM solution, the likelihood that the content is playable on a Linux system is fairly remote. Despite this fact, or perhaps because of it, Linus Torvalds has not excluded the possibility of including support for DRM in Linux. Likewise, several open source projects are working on Linux DRM solutions.

Read more ...

Configuring Networking

If you are connecting your computer to an Ethernet LAN that has a DHCP server available, you probably don’t need to do anything to start up automatically on your LAN and even be connected to the Internet. However, if there is no DHCP server on your LAN and you have to configure your TCP/IP connection manually, here is the information you will probably be prompted for during Linux installation: IP address—If you set your own IP address, this is the our-part, dot-separated number that represents your computer to the network. It would take more than a few sentences to explain how IP addresses are formed and how you choose them (see Chapter 5 for a more complete description). An example of a private IP address is 192.168.0.1.

Netmask—The netmask is used to determine what part of an IP address represents the
network and what part represents a particular host computer. An example of a netmask
for a Class C network is 255.255.255.0. If you apply this netmask to an IP address of
192.168.0.1, for example, the network address would be 192.168.0 and the host address
1. Because 0 and 255 can’t be assigned to a particular host, that leaves valid host numbers
between 1 and 254 available for this local network.
Activate on boot—Some Linux install procedures ask you to indicate if you want the
network to start at boot time (you probably do if you have a LAN).
Set the host name—This is the name identifying your computer within your domain.
For example, if your computer were named “baskets” in the handsonhistory.com
domain, your full host name may be baskets.handsonhistory.com. You can either
280
Part III Choosing and Installing a Linux Distribution
set the domain name yourself (manually) or have it assigned automatically, if that information
is being assigned by a DHCP server (automatically via DHCP).
Gateway—This is the IP number of the computer that acts as a gateway to networks
outside your LAN. This typically represents a host computer or router that routes packets
between your LAN and the Internet.
Primary DNS—This is the IP address of the host that translates computer names you
request into IP addresses. It is referred to as a Domain Name System (DNS) server. You
may also have Secondary and Tertiary name servers in case the first one can’t be reached.
(Most ISPs will give you two DNS server addresses.)
Read more ...

Using LILO or GRUB Boot Loaders part 2

Permanently Changing Boot Options
You can change the options that take effect each time you boot your computer by changing the
GRUB configuration file. In Fedora and other Linux systems, GRUB configuration centers on the
/boot/grub/grub.conf file.
The /boot/grub/grub.conf file is created when you install Linux. Here’s an example of that file
for Fedora:
# grub.conf generated by anaconda
#
# Note that you do not have to rerun grub after making# changes to this file
# NOTICE: You have a /boot partition. This means that
# all kernel and initrd paths are relative to /boot/, eg.
# root (hd0,6)
# kernel /vmlinuz-version ro root=/dev/sda7
# initrd /initrd-version.img
#boot=/dev/sda
default=0
timeout=10
splashimage=(hd0,6)/grub/splash.xpm.gz
title Fedora (2.6.20-1.3104.fc7)
root (hd0,6)
kernel /vmlinuz-2.6.20-1.3104.fc7 ro root=LABEL=/123 rhgb quiet
initrd /initrd-2.6.20-1.3104.fc7.img
title Windows XP
rootnoverify (hd0,0)
chainloader +1
The default=0 line indicates that the first partition in this list (in this case Fedora) will be the
one that is booted by default. The line timeout=10 causes GRUB to pause for 10 seconds before
booting the default partition. (That’s how much time you have to press e if you want to edit the
boot line, or to press arrow keys to select a different operating system to boot.)
The splashimage line looks in the seventh partition on the first disk (hd0,6) for the boot partition
(in this case /dev/sda7, which is the /boot partition). GRUB loads splash.xpm.gz as the
image on the splash screen (/boot/grub/splash.xpm.gz). The splash screen appears as the
background of the boot screen.
The two bootable partitions in this example are Fedora and Windows XP. The title lines for each
of those partitions are followed by the name that appears on the boot screen to represent each
partition.
For the Fedora Linux system, the root line indicates the location of the boot partition as the second
partition on the first disk. So, to find the bootable kernel (vmlinuz-2.20-1.3104.fc7) and the
initrd initial RAM disk boot image that is loaded (initrd-2.6.20-1.3104.fc7.img), GRUB
looks in the root of hd0,6 (which is represented by /dev/sda7 and is eventually mounted as
/boot). Other options on the kernel line set the partition as read-only initially (ro) and set the
root file system to LABEL=/123.
For the Windows XP partition, the rootnoverify line indicates that GRUB should not try to mount
the partition. In this case, Windows XP is on the first partition of the first hard disk (hd0,0) or
/dev/sda1. Instead of mounting the partition and passing options to the new operating system,
the chainloader +1 indicates to hand control the booting of the operating system to another
boot loader. The +1 indicates that the first sector of the partition is used as the boot loader.
If you make any changes to the /boot/grub/grub.conf file, you do not need to load those
changes. GRUB automatically picks up those changes when you reboot your computer. If you are
accustomed to using the LILO boot loader, this may confuse you at first, as LILO requires you to
rerun the lilo command for the changes to take effect.
Adding a New GRUB Boot Image
You may have different boot images for kernels that include different features. Here is the procedure
for modifying the grub.conf file:
1. Copy the new image from the directory in which it was created (such as /usr/src/
kernels/linux-2.6.20-1/arch/i386/boot) to the /boot directory. Name the file
something that reflects its contents, such as bz-2.6.20-1. For example:
# cp /usr/src/linux-2.6.20-1/arch/i386/boot/bzImage/boot/bz-2.6.20-1
2. Add several lines to the /boot/grub/grub.conf file so that the image can be started at
boot time if it is selected. For example:
title Fedora (My own IPV6 build)
root (hd0,1)
kernel /bz-2.6.20-1 ro root=/dev/sda7
initrd /initrd-2.6.20-1.img
3. Reboot your computer.
4. When the GRUB boot screen appears, move your cursor to the title representing the new
kernel and press Enter.
The advantage to this approach, as opposed to copying the new boot image over the old one, is
that if the kernel fails to boot, you can always go back and restart the old kernel. When you feel
confident that the new kernel is working properly, you can use it to replace the old kernel or perhaps
just make the new kernel the default boot definition.
Booting Your Computer with LILO
LILO stands for LInux LOader. Like other boot loaders, LILO is a program that can stand outside
the operating systems installed on the computer so you can choose which system to boot. It alsolets you give special options that modify how the operating system is booted. On Slackware and
some other Linux systems, LILO is used instead of GRUB as the default boot loader.
If LILO is being used on your computer, it is installed in either the master boot record or the first
sector of the root partition. The master boot record is read directly by the computer’s BIOS. In general,
if LILO is the only loader on your computer, install it in the master boot record. If there is
another boot loader already in the master boot record, put LILO in the root partition.
Using LILO
When your computer boots with the Fedora version of LILO installed in the master boot record, a
graphical Fedora screen appears, displaying the bootable partitions on the computer. Use the up
and down arrow keys on your keyboard to select the one you want and press Enter. Otherwise, the
default partition that you set at installation will boot after a few seconds.
If you want to add any special options when you boot, press Ctrl+X. You will see a text-based boot
prompt that appears as follows:
boot:
LILO pauses for a few seconds and then automatically boots the first image from the default bootable
partition. To see the bootable partitions again, quickly press Tab. You may see something similar to
the following:
LILO boot:
linux linux-up dos
boot:
This example shows that three bootable partitions are on your computer, called linux, linux-up,
and dos. The first two names refer to two different boot images that can boot the Linux partition.
The third refers to a bootable DOS partition (presumably containing a Windows operating system).
The first bootable partition is loaded if you don’t type anything after a few seconds. Or you can use
the name of the other partition to have that boot instead.
If you have multiple boot images, press Shift, and LILO asks you which image you want to boot.
Available boot images and other options are defined in the /etc/lilo.conf file.
Setting Up the /etc/lilo.conf File
The /etc/lilo.conf file is where LILO gets the information it needs to find and start bootable partitions
and images. By adding options to the /etc/lilo.conf file, you can change the behavior of
the boot process. The following is an example of some of the contents of the /etc/lilo.conf file:
prompt
timeout=50
default=linux
boot=/dev/hda
map=/boot/map
install=/boot/boot.b
message=/boot/message
linear
image=/boot/vmlinuz-18-1.2798.fc6
label=linux
initrd=/boot/initrd-2.6.18-1.2798.fc6.img
read-only
root=/dev/hda6
append=”root=LABEL=/“
other=/dev/hda1
optional
label=dos
With prompt on, the boot prompt appears when the system is booted without requiring you to
press any keys. The timeout value, in this case 50 tenths of a second (5 seconds), defines how long
to wait for keyboard input before booting the default boot image. The boot line indicates that the
bootable partition is on the hard disk represented by /dev/hda (the first IDE hard disk).
Read more ...

Using LILO or GRUB Boot Loaders

A boot loader lets you choose when and how to boot the bootable operating systems installed on your computer’s hard disks. Most Linux systems give you the opportunity to use GRUB or LILO boot loaders. The following sections describe both GRUB and LILO boot loaders. Booting Your Computer with GRUB With multiple operating systems installed and several partitions set up, how does your computer know which operating system to start? To select and manage which partition is booted and how it is booted, you need a boot loader. The boot loader that is installed by default with Fedora and other Linux systems is the GRand Unified Boot loader (GRUB).
GRUB is a GNU bootloader (www.gnu.org/software/grub) that replaced LILO as the default boot loader in many Linux systems, including Fedora and Ubuntu. GRUB offers the following features:
* Support for multiple executable formats.
* Support for multi-boot operating systems (such as Fedora, FreeBSD, NetBSD, OpenBSD, and other Linux systems).
* Support for non–multi-boot operating systems (such as Windows 95, Windows 98, Windows NT, Windows ME, Windows XP, and OS/2) via a chain-loading function. Chain-loading is the act of loading another boot loader (presumably one that is specific to the proprietary operating system) from GRUB to start the selected operating system.
* Support for multiple file system types.
* Support for automatic decompression of boot images.
* Support for downloading boot images from a network.

For more information on how GRUB works, type man grub or info grub. The info command contains more details about GRUB.

Booting with GRUB
When you install Linux, you are typically given the option to configure the information needed to boot your computer (with one or more operating systems) into the default boot loader. With GRUB configured, when you boot your computer, the first thing you see after the BIOS loads is the GRUB boot screen (it says GRUB at the top and lists bootable partitions below it). Do one of the following:

* Default—If you do nothing, the default operating system will boot automatically after a few seconds. (The timeout is set by the timeout value, in seconds, in the grub.conf file.)Select an operating system—Use the up and down arrow keys to select any of the titles, representing operating systems you can boot, that are shown on the screen. Then press Enter to boot that operating system.
* Edit the boot process—If you want to change any of the options used during the boot process, use the arrow keys to highlight the operating system you want and type e to select it. Follow the next procedure to change your boot options temporarily.

If you want to change your boot options so that they take effect every time you boot your computer, see the section on permanently changing boot options. Changing those options involves editing the /boot/grub/grub.conf file.

Temporarily Changing Boot Options
From the GRUB boot screen, you can select to change or add boot options for the current boot session. First, select the operating system you want (using the arrow keys) and type e (as described earlier). You will see a graphical screen that looks like the one shown in Figure 7-2.
There are three lines in the example of the GRUB editing screen that identify the boot process for the operating system you chose. The first line (beginning with root) shows that the entry for the GRUB boot loader is on the seventh partition of the first hard disk (hd0,6). GRUB represents the hard disk as hd, regardless of whether it is a SCSI, IDE, or other type of disk. You just count the drive number and partition number, starting from zero (0).
The second line of the example (beginning with kernel) identifies the boot image (/boot/vmlinuz-
2.6.20-1.3104.fc7) and several options. The options identify the partition as initially being loaded ro (read-only) and the location of the root file system on a partition with the label root=LABEL=/123. The third line (starting with initrd) identifies the location of the initial RAM disk, which contains the minimum files and directories needed during the boot process.
If you are going to change any of the lines related to the boot process, you would probably change only the second line to add or remove boot options. Here is how you do that:

1. Position the cursor on the kernel line and type e.
2. Either add or remove options after the name of the boot image. You can use a minimal set of bash shell command-line editing features to edit the line. You can even use command completion (type part of a filename and press Tab to complete it).
3. Press Enter to return to the editing screen.
4. Type b to boot the computer with the new options. The next time you boot your computer,
the new options will not be saved. To add options so they are saved permanently,
see the next section.
Read more ...

Dual Booting with Windows or Just Linux?

It is possible to have multiple, bootable operating systems on the same computer (using multiple partitions on a hard disk and/or multiple hard disks). Setting up to boot more than one operating system, however, requires some thought. It also assumes some risks. While tools for resizing Windows partitions and setting up multi-boot systems have improved in recent years, there is still considerable risk of losing data on Windows/Linux dual-boot systems. Different operating systems often have different views of partition tables and master boot records that can cause your machine to become unbootable (at least temporarily) or lose data permanently. Always back up your data before you try to resize a Windows (NTFS or FAT) file system to make space for Linux. If you have a choice, install Linux on a machine of its own or at least on a separate hard disk.
If the computer you are using already has a Windows system on it, it’s quite possible that that the entire hard disk is devoted to Windows. While you can run a bootable Linux, such as KNOPPIX or Damn Small Linux, without touching the hard disk, to do a more permanent installation you’ll want to find disk space outside of the Windows installation. There are a few ways to do this:

* Add a hard disk—Instead of messing with your Windows partition, you can simply add a hard disk and devote it to Linux.
* Resize your Windows partition—If you have available space on your Windows partition, you can shrink that partition so there is available free space on the disk to devote to Linux. Commercial tools such as Partition Magic from Symantec (www.symantec.com) or Acronis Disk Director (www.acronis.com) are available to resize your disk partitions and set up a workable boot manager. Some Linux distributions (particularly bootable Linuxes used as rescue CDs) include a tool called QTParted that is an open source clone of Partition Magic (which includes software from the Linux-NTFS project for resizing Windows NTFS partitions).

Before you try to resize your Windows partition, you might need to defragment it. To defragment your disk on some Windows systems, so that all of your used space is put in order on the disk, open My Computer, right-click your hard disk icon (typically C:), select Properties, click Tools, and select Defragment Now.
Defragmenting your disk can be a fairly long process. The result of defragmentation is that all the
data on your disk are contiguous, creating a lot of contiguous free space at the end of the partition. There are cases where you will have to do the following special tasks to make this true:

* If the Windows swap file is not moved during defragmentation, you must remove it. Then, after you defragment your disk again and resize it, you will need to restore the swap file. To remove the swap file, open the Control Panel, open the System icon, and then click the Performance tab and select Virtual Memory. To disable the swap file, click Disable Virtual Memory.
* If your DOS partition has hidden files that are on the space you are trying to free up, you need to find them. In some cases, you won’t be able to delete them. In other cases, such as swap files created by a program, you can safely delete those files. This is a bit tricky because some files should not be deleted, such as DOS system files. You can use the attrib -s -h command from the root directory to deal with hidden files.

Once your disk is defragmented, you can use one of the commercial tools described earlier (Partition Magic or Acronis Disk Director) to repartition your hard disk to make space for Linux. An open source alternative to those tools is QTParted.
Boot KNOPPIX or any of several other bootable Linux distributions (particularly rescue CDs) and run QTParted by selecting System Tools➪QTParted from the desktop main menu. From the QTParted window, select the hard disk you want to resize. Then choose Options➪Configuration to open a window where you can select the ntfsresize tool to resize your NTFS partition.
After you have cleared enough disk space to install Linux (see the disk space requirements in the
chapter covering the Linux distribution you’re installing), you can choose your Linux distribution
and install it. As you set up your boot loader during installation, you will be able to identify the Windows, Linux, and any other bootable partitions so that you can select which one to boot when
your start your computer.
Read more ...

Choosing a Linux Distribution

Dozens of popular Linux distributions are available today. Some are generalized distributions that you can use as a desktop, server, or workstation system; others are specialized for business or computer enthusiasts.
Linux at Work
Because I know a lot of people who use Linux, both informally and at work, I want to share my general impressions of how different Linux distributions are being used in the United States. Most consultants I know who set up small office servers used to use Red Hat Linux, but now have mostly moved to Fedora, CentOS (built from Red Hat Enterprise Linux software), Ubuntu, or Debian GNU/Linux. Mandriva Linux (formerly Mandrakelinux) has been popular with people wanting a friendly Linux desktop, but Fedora is also well-liked. The more technically inclined like to play with Gentoo (highly tunable) or Slackware (Linux in a more basic form).
The agreement between Novell and Microsoft at the end of 2006 prompted some open source proponents to abandon SUSE. Whether this will result in a migration from SUSE in the enterprise space, however, has yet to play out. However, right now, Red Hat Enterprise Linux offers the best choice in the enterprise realm for those who object to the alliance.
For people transitioning to Linux with Macintosh hardware, Yellow Dog Linux lets you install on a PowerPC and learn skills that are useful to expand later to Red Hat systems. (Yellow Dog was originally based on Red Hat Linux.) As for the bootable Linuxes, everyone I know thinks they are great fun to try out and a good way to learn about Linux. For a bootable Linux containing desktop software that fits on a full CD (or DVD), KNOPPIX is a good choice, as is Ubuntu; for a bootable mini–CD size Linux, Damn Small Linux works well. However, you can also try out these live CDs from the media that come with this book: INSERT, Puppy Linux, SLAX Popcorn, System Rescue CD, or BackTrack.
You can also try to connect in to the growing Linux user communities because strong community
support results in a more solid software distribution and help when you need it (from such things
as forums and online chats).
Read more ...

Installing Linux

If someone hasn’t already installed and configured a Linux system for you, this chapter is going to help you get started so you can try out the Linux features described in the rest of the book. With recent improvements to Linux live CDs and installers, getting your hands on a working Linux system is quicker and more solid than ever before. If you are a first-time Linux user, I recommend that you:* Try a bootable Linux—This book’s CD and DVD include several bootable Linux systems. The advantage of a bootable Linux is that you can try out Linux without touching the contents of your computer’s hard drive. In particular, KNOPPIX is a full-featured Linux system that can give you a good feel for how Linux works. Using the DVD or CD, you can try out several different live CDs, as described in Appendix A. Some of these live CDs also include features for installing Linux to your hard disk. Although live CDs tend to run slower than installed systems and don’t keep your changes once you reboot, they are good tools for starting out with Linux.

* Install a desktop Linux system—Choose one of the Linux distributions and install it on your computer’s hard disk. Permanently installing Linux to your hard disk gives you more flexibility for adding and removing software, accessing and saving data to hard disk, and more permanently customizing your system. Installing Linux as a desktop system lets you try out some useful applications and get the feel for Linux before dealing with more complex server issues.

This chapter provides you with an overview of how to choose a Linux distribution, and then describes issues and topics that are common to installing most Linux distributions. Appendix A describes which Linux distributionsare included on this book’s DVD and CD and how to run them live or use them to install Linux permanently. Each of the other chapters in this part of the book is dedicated to understanding and installing a particular Linux distribution.
After you’ve installed Linux, you’ll want to understand how to get and manage software for your Linux system. These are important topics that are covered throughout the book, but this chapter describes the major packaging formats and tools to get you going.

Read more ...