HYIP-Man: December 2007
Monday, December 31, 2007
Happy New Year!
Wednesday, December 26, 2007
What is Ubuntu JeOS (Just Enough Operating System) ?
Ubuntu JeOS (pronounced "Juice") is an efficient variant of the popular desktop and server operating system, configured specifically for virtual appliances.

"The efficiencies inherent in an operating system that is built for a virtualised world mean that ISVs looking to deploy their applications in this lucrative and growing market have an obvious deployment target in the Ubuntu JeOS Edition," said Stephen O'Grady, analyst at RedMonk. "As the delivery platforms and economics of licensing continue to change, the flexibility and reach of the Ubuntu operating system make it an increasingly popular choice for far sighted ISVs."

ISVs looking to develop virtual appliances will have a compelling platform in Ubuntu JeOS, an OS optimised for virtualisation that greatly reduces the complexity and maintenance overhead normally associated with general purpose operating systems. Ubuntu JeOS Edition has been tuned to take advantage of key performance technologies of the latest virtualisation products from VMware. This combination of reduced size and optimized performance ensures that Ubuntu JeOS Edition delivers a highly efficient use of server resources in large virtual deployments.

"Canonical has produced a robust virtualised OS core in the Ubuntu JeOS Edition that is optimized for virtual appliances," said Dan Chu, vice president of emerging products and markets at VMware. "Virtual Appliances are fundamentally changing how software is developed and deployed, with ISVs now including a thin and highly optimized OS along with their application in a ready-to-run virtual machine. We are excited that Canonical is providing Ubuntu JeOS for vendors interested in building VMware virtual appliances."

Business Objects today unveiled a virtual appliance based on Ubuntu JeOS that is being demonstrated at VMworld.

"Ubuntu fits naturally into the place where computing is happening today," said Mark Shuttleworth, founder of the Ubuntu Project. "Virtualisation is the key driver of data center restructuring at present, and Ubuntu's popularity with developers makes it an excellent choice for the next generation of virtualized environments. We have worked with VMware to deliver a version of Ubuntu that complements its exceptional virtualisation capabilities, providing a solution for the ISVs building virtual appliances and for the enterprises planning to deploy them."

download:
Ubuntu-JeOS 8.04 (Hardy Heron) Alpha 2

source: ubuntu.com/news/ubuntu-jeos

Labels: ,

Ubuntu Hardy Heron Alpha 2 released
ubuntu 8.04 photo
Steve Langasek announced the second alpha release of Ubuntu 8.04 LTS (Hardy Heron)

Download:
Ubuntu  Kubuntu Edubuntu Xubuntu Gobuntu UbuntuStudio Ubuntu JeOS



Hello Ubuntu developers,

Welcome to Hardy Heron Alpha-2, which will in time become Ubuntu 8.04.

Pre-releases of Hardy are *not* encouraged for anyone needing a stable system or anyone who is not comfortable running into occasional, even frequent breakage.  They are, however, recommended for Ubuntu developers and those who want to help in testing, reporting, and fixing bugs.
Alpha 2 is the second in a series of milestone CD images that will be released throughout the Hardy development cycle. The Alpha images are known to be reasonably free of showstopper CD build or installer bugs, while representing a very recent snapshot of Hardy. You can download it here:

http://cdimage.ubuntu.com/releases/hardy/alpha-2/ (Ubuntu)
http://cdimage.ubuntu.com/kubuntu/releases/hardy/alpha-2/ (Kubuntu)
http://cdimage.ubuntu.com/edubuntu/releases/hardy/alpha-2/ (Edubuntu)
http://cdimage.ubuntu.com/jeos/releases/hardy/alpha-2/ (Ubuntu JeOS)
http://cdimage.ubuntu.com/xubuntu/releases/hardy/alpha-2/ (Xubuntu)
http://cdimage.ubuntu.com/gobuntu/releases/hardy/alpha-2/ (Gobuntu)
http://cdimage.ubuntu.com/ubuntustudio/releases/hardy/alpha-2/ (UbuntuStudio)

See http://wiki.ubuntu.com/Mirrors for a list of mirrors.

Alpha 2 includes several new features that are ready for large-scale testing.  Please refer to http://www.ubuntu.com/testing/hardy/alpha2 for information on changes in Ubuntu and https://wiki.kubuntu.org/HardyHeron/Alpha2/Kubuntu for changes in Kubuntu.

This is quite an early set of images, so you should expect some bugs.  For a list of known bugs (that you don't need to report if you encounter), please see: http://www.ubuntu.com/testing/hardy/alpha2

If you're interested in following the changes as we further develop Hardy, have a look at the hardy-changes mailing list:

http://lists.ubuntu.com/mailman/listinfo/hardy-changes

We also suggest that you subscribe to the ubuntu-devel-announce list if you're interested in following Ubuntu development. This is a low-traffic list (a few posts a week) carrying announcements of approved specifications, policy changes, alpha releases, and other interesting events.

http://lists.ubuntu.com/mailman/listinfo/ubuntu-devel-announce

Bug reports should go to the Ubuntu bug tracker:

https://bugs.launchpad.net/ubuntu



Related Posts:
Ubuntu Hardy Heron Alpha 1 released
Ubuntu 7.10 Released

Labels: ,

NetBSD 4.0 released
netbsd 4 photo
Geert Hendrickx announced the availability of the official release of NetBSD 4.0
Download
ISO images for a variety of architectures are available from the NetBSD mirrors
i386 CD image: i386cd-4.0.iso (242MB, MD5)
x86_64 CD image amd64cd-4.0.iso (166MB, MD5)
Torrent files are available here.


   The  NetBSD  Project  is  pleased  to announce that release 4.0 of the NetBSD  operating  system  is now available. NetBSD is a free, secure,and  highly  portable Unix-like Open Source operating system available for  many  platforms, from 64-bit Opteron machines and desktop systems to  handheld  and  embedded  devices.  Its  clean  design and advanced features   make   it   excellent   in  both  production  and  research environments,  and  it  is  user-supported  with complete source. Many   applications  are easily available through pkgsrc, the NetBSD Packages Collection.

   Major  achievements in NetBSD 4.0 include support for version 3 of the Xen  virtual  machine  monitor, Bluetooth, many new device drivers and embedded  platforms based  on ARM, PowerPC and MIPS CPUs. New network services  include  iSCSI target (server) code and an implementation of the  Common  Address  Redundancy  Protocol.  Also, system security was further  enhanced  with  restrictions  of  mprotect(2)  to enforce W^X policies,  the Kernel Authorization framework, and improvements of the Veriexec  file  integrity  subsystem,  which can be used to harden the system  against trojan horses and virus attacks. Please read below for a list of changes in NetBSD 4.0.

   NetBSD  4.0  runs  on  54  different system architectures featuring 17 machine  architectures  across  17 distinct CPU families, and is being ported  to  more.  The NetBSD  4.0  release  contains complete binary releases  for 51 different machine types, with the platforms amigappc, bebox  and  ews4800mips  released in source form only. Complete source and  binaries  for NetBSD 4.0 are available for download at many sites around  the  world.  A  list of download sites providing FTP, AnonCVS,   SUP,  and  other services is provided at the end of this announcement; the  latest  list  of  available  download  sites may also be found at NetBSD.org/mirrors/. We encourage users who wish to install via a CD-ROM ISO image to download via BitTorrent by using the torrent files  supplied in the ISO image area. A list of hashes for the NetBSD 4.0  distribution  has been signed with the well-connected PGP key for the NetBSD Security Officer:
ftp://ftp.NetBSD.org/pub/NetBSD/security/hashes/NetBSD-4.0_hashes.asc
   NetBSD is free. All of the code is under non-restrictive licenses, and may  be used without paying royalties to anyone. Free support services  are available via our mailing lists and website. Commercial support is available   from   a   variety   of   sources;   some  are  listed  at NetBSD.org/gallery/consultants.html.     More     extensive
information on NetBSD is available from our website:

http://www.NetBSD.org/
Dedication

NetBSD  4.0  is dedicated to the memory of Jun-Ichiro "itojun" Hagino, who  died  in  October  2007. Itojun was a member of the KAME project,which  provided  IPv6  and IPsec support; he was also a member of the NetBSD  core  team (the technical management for the project), and one of  the  Security  Officers.  Due  to Itojun's efforts, NetBSD was the first  open  source  operating  system  with  a  production ready IPv6 networking  stack,  which  was included in the base system before many people  knew  what  IPv6 was. We are grateful to have known and worked with  Itojun,  and  we  know  that  he will be missed. This release is therefore dedicated, with thanks, to his memory.


System families supported by NetBSD 4.0

   The NetBSD 4.0 release provides supported binary distributions for the following systems:

NetBSD/acorn26 Acorn Archimedes, A-series and R-series systems
NetBSD/acorn32 Acorn RiscPC/A7000, VLSI RC7500
NetBSD/algor Algorithmics, Ltd. MIPS evaluation boards
NetBSD/alpha Digital/Compaq Alpha (64-bit)
   NetBSD/amd64     AMD family processors like Opteron, Athlon64, and Intel CPUs with EM64T extension
NetBSD/amiga Commodore Amiga and MacroSystem DraCo
   NetBSD/arc       MIPS-based machines following the Advanced RISC Computi=ng
                    spec
NetBSD/atari Atari TT030, Falcon, Hades
   NetBSD/cats      Chalice Technology's CATS and Intel's EBSA-285 evaluati=on
boards
NetBSD/cesfic CES FIC8234 VME processor board
NetBSD/cobalt Cobalt Networks' MIPS-based Microservers
NetBSD/dreamcast Sega Dreamcast game console
NetBSD/evbarm Various ARM-based evaluation boards and appliances
NetBSD/evbmips Various MIPS-based evaluation boards and appliances
NetBSD/evbppc Various PowerPC-based evaluation boards and appliances
NetBSD/evbsh3 Various Hitachi Super-H SH3 and SH4-based evaluation
boards and appliances
NetBSD/hp300 Hewlett-Packard 9000/300 and 400 series
NetBSD/hp700 Hewlett-Packard 9000 Series 700 workstations
NetBSD/hpcarm StrongARM based Windows CE PDA machines
NetBSD/hpcmips MIPS-based Windows CE PDA machines
NetBSD/hpcsh Hitachi Super-H based Windows CE PDA machines
NetBSD/i386 IBM PCs and PC clones with i386-family processors and up
NetBSD/ibmnws IBM Network Station 1000
NetBSD/iyonix Castle Technology's Iyonix ARM based PCs
NetBSD/landisk SH4 processor based NAS appliances
NetBSD/luna68k OMRON Tateisi Electric's LUNA series
NetBSD/mac68k Apple Macintosh with Motorola 68k CPU
NetBSD/macppc Apple PowerPC-based Macintosh and clones
NetBSD/mipsco MIPS Computer Systems Inc. family of workstations and
servers
NetBSD/mmeye Brains mmEye multimedia server
NetBSD/mvme68k Motorola MVME 68k Single Board Computers
NetBSD/mvmeppc Motorola PowerPC VME Single Board Computers
NetBSD/netwinder StrongARM based NetWinder machines
NetBSD/news68k Sony's 68k-based "NET WORK STATION" series
NetBSD/newsmips Sony's MIPS-based "NET WORK STATION" series
NetBSD/next68k NeXT 68k "black" hardware
NetBSD/ofppc OpenFirmware PowerPC machines
NetBSD/pmax Digital MIPS-based DECstations and DECsystems
NetBSD/pmppc Artesyn's PM/PPC board
NetBSD/prep PReP (PowerPC Reference Platform) and CHRP machines
NetBSD/sandpoint Motorola Sandpoint reference platform
NetBSD/sbmips Broadcom SiByte evaluation boards
NetBSD/sgimips Silicon Graphics' MIPS-based workstations
NetBSD/shark Digital DNARD ("shark")
NetBSD/sparc Sun SPARC (32-bit) and UltraSPARC (in 32-bit mode)
NetBSD/sparc64 Sun UltraSPARC (in native 64-bit mode)
NetBSD/sun2 Sun Microsystems Sun 2 machines with Motorola 68010 CPU
NetBSD/sun3 Motorola 68020 and 030 based Sun 3 and 3x machines
NetBSD/vax Digital VAX
NetBSD/x68k Sharp X680x0 series
NetBSD/xen The Xen virtual machine monitor

   Ports  available  in  source  form  only  for this release include the following:

NetBSD/amigappc PowerPC-based Amiga boards
NetBSD/bebox Be Inc's BeBox
NetBSD/ews4800mips NEC's MIPS-based EWS4800 workstation

Major Changes Between 3.0 and 4.0

   The  complete  list  of  changes  can  be  found  in  the  CHANGES and CHANGES-4.0 files in the top level directory of the NetBSD 4.0 release tree. Some highlights include:

Networking

* agr(4): new pseudo-device driver for link level aggregation.
     * IPv6 support was extended with an RFC 3542-compliant API and added for gre(4) tunnels and the tun(4) device.
     * An  NDIS-wrapper  was  added  to use Windows binary drivers on the i386 platform, see ndiscvt(8).
     * The  IPv4 source-address selection policy can be set from a number of algorithms. See "IPSRCSEL" in options(4) and in_getifa(9).
     * Imported  wpa_supplicant(8)  and  wpa_cli(8). Utilities to connect and handle aspects of 802.11 WPA networks.
* Imported hostapd(8). An authenticator for IEEE 802.11 networks.
     * carp(4):  imported  Common  Address  Redundancy  Protocol to allow multiple   hosts   to  share  a  set  of  IP  addresses  for  high availability / redundancy, from OpenBSD.
* ALTQ support for the PF packet filter.
     * etherip(4):  new  EtherIP  tunneling  device.  It's able to tunnel Ethernet  traffic  over  IPv4  and IPv6 using the EtherIP protocol specified in RFC 3378.
* ftpd(8) can now run in standalone mode, instead of from inetd(8).
     * tftp(1)  now has support for multicast TFTP operation in open-loop mode, server is in progress.
     * tcp(4): added support for RFC 3465 Appropriate Byte Counting (ABC) and Explicit Congestion Notification as defined in RFC 3168.

File systems

     * scan_ffs(8),  scan_lfs(8):  utilities  to  find  FFSv1/v2  and LFS partitions to recover lost disklabels on disks and image files.
     * tmpfs:  added  a  new  memory-based file system aimed at replacing mfs. Contrary to mfs, it is not based on a disk file system, so it is  more  efficient  both in overall memory consumption and speed. See mount_tmpfs(8).
     * Added  UDF  support  for  optical  media  and  block  devices, see mount_udf(8). Read-only for now.
* NFS export list handling was changed to be filesystem independent.
     * LFS:  lots of stability improvements and new cleaner daemon. It is now also possible to use LFS as root filesystem.
     * vnd(4):  the  vnode disk driver can be used on filesystems such as  smbfs and tmpfs.
     * Support   for   System   V   Boot   File  System  was  added,  see newfs_sysvbfs(8) and mount_sysvbfs(8).

Drivers

* Audio:
          + Support for new models on drivers such as Intel ICH8/6300ESB, NVIDIA nForce 3/4, etc.
+ Added support for AC'97 modems.
          + auich(4):  added  support  to handle the AC'97 modem as audio device, enabled with the kernel option "AUICH_ATTACH_MODEM".
+ azalia(4): added support for S/PDIF.
* Hardware Monitors:
          + amdpm(4):  added support for the i2c bus on the AMD-8111 used on  many  Opteron  motherboards  and  for  the Analog Devices  ADT7464 hardware monitor chip.
          + adt7467c(4):  new  driver  for  Analog  Devices  ADT7467  and ADM1030 hardware monitor chips.
          + ipmi(4):   new   driver  for  motherboards  implementing  the Intelligent  Platform  Management  Interface 1.5 or 2.0, from OpenBSD.
          + it(4):  new  driver  for iTE 8705F/8712F and SiS 950 hardware  monitors.
          + The lm(4) driver was rewritten and support for more chips was added, for example for Winbond W83627HF, W83627THF, W83627DHG and Asus AS99127F.
+ owtemp(4): new driver for the 1-Wire temperature sensors.
          + tmp121temp(4):  new  driver  for the Texas Instruments TMP121 temperature sensor.
          + ug(4):  new  driver  for Abit uGuru hardware monitor found on newer Abit motherboards.
* Miscellaneous:
+ geodewdog(4): new AMD Geode SC1100 Watchdog Timer driver.
          + gscpcib(4): new AMD Geode SC1100 PCI-ISA bridge that provides support for the GPIO interface.
* Networking:
          + ath(4):  updated  HALs  with  support  for WiSOC (AR531x) and 32bit SPARC.
          + bge(4):  added  support  for  the  following  chips: BCM5753, BCM5753M,  BCM5715,  BCM5754,  BCM5755  and BCM5787. Numerous improvements and bugfixes were made too.
+ kse(4): new driver for Micrel KSZ8842/8841 PCI network cards.
          + msk(4):  new  driver  for  Marvell  Yukon  2 GigE PCI network cards, from OpenBSD.
          + nfe(4):  new driver for NVIDIA nForce Ethernet network cards, from OpenBSD.
          + ral(4):  new  802.11  driver  for  PCI/Cardbus Ralink RT2500, RT2501, RT2600, RT2661 and RT2500 USB chipsets, from OpenBSD.
          + rum(4):  new  802.11  driver for USB Ralink RT2501 and RT2601 chipsets, from OpenBSD.
+ sip(4): now works on sparc64.
+ tlp(4): added support for ASIX AX88140A and AX88141.
+ vr(4): added support for the VIA Rhine III.
          + wm(4):  added  support  for  i8003,  ICH8,  ICH9  and others. Support for IPv6 Rx TCP/UDP Checksum Offloading and more.
          + wpi(4):  new driver for Intel PRO/Wireless 3945ABG PCI 802.11 network cards, from OpenBSD.
* Security:
          + glxsb(4):  new driver for the AMD Geode LX AES Security Block that  provides  random  numbers  and  AES  acceleration, from OpenBSD.
* Power Management:
+ Support for Intel Speedstep SMI on PIIX4 PCI-ISA for i386.
          + Support  for  AMD  PowerNow and Cool'n'Quiet Technology on K7  and  K8  CPUs  (both in 32 and 64 bit mode), including Athlon Mobile,  Athlon64,  Opteron  or  X2.  See options(4) for more information.
          + Support  for  more  Enhanced  Speedstep  CPUs,  including VIA C7/Eden and Intel Core Solo/Duo/Duo2. See options(4) for more information.
          + The  Enhanced Speedstep and PowerNow drivers were modified to be  able  to be scaled in all CPUs available, saving power on SMP systems.
* Storage:
          + ahcisata(4):  new  driver for AHCI 1.0 and 1.1 compliant SATA controllers.
          + ataraid(4):  added support to handle Adaptec HostRAID and VIA V-Tech software RAID.
          + ciss(4): new driver for HP/Compaq 5th+ generation Smart ARRAY controllers, from OpenBSD.
          + fdc(4):  added  support  for  SBus based sparc64 machines and fixed formatting on sparc.
          + gcscide(4):  new  driver  for  the AMD Geode CS5535 Companion Device IDE controller.
          + jmide(4):  new  driver  for JMicron Technology JMB36x PCIe to SATA II/PATA controllers.
          + mfi(4):  new  driver  for  LSI  Logic  and  Dell MegaRAID SAS controllers, from OpenBSD.
+ mpt(4): added support for newer SAS and similar devices.
          + njata(4):  new  driver  for  Workbit  NinjaATA-32 CardBus IDE controller.
          + pdcsata(4): added support for the Promise PDC20775, PDC20771, PDC40518, PDC40718 and some bugfixes.
          + piixide(4):  added  support for some ICH8/ICH8-M/ICH9 IDE and SATA controllers.
          + svwsata(4):  new  driver for Serverworks K2 SATA controllers,from OpenBSD.
          + viaide(4)  added  support for the VIA VT8237A SATA controller and AMD CS5536 Companion Device IDE Controller.
* USB:
          + ucycom(4):  new  driver  for  Cypress  microcontroller  based serial devices.
+ uipaq(4): new driver for the iPAQ devices.
          + uslsa(4):  new  driver  for Silicon Labs CP210x series serial adapters.
          + utoppy(4):  new  driver  for  the Topfield TF5000PVR range of digital video recorders.

Platforms

* i386:
          + Added support for the for Multiboot specification. This means much  improved  support  for  loading  the  kernel  by  GRUB, including passing in parameters to the kernel.
          + Added  the  unichromefb  framebuffer driver that supports the VIA Unichrome Graphics adapter.
          + vesafb(4):  added  new  framebuffer driver that supports VESA BIOS (VBE) 2.0 extensions and up.
          + Added ability to boot from the cd9660 file system to the BIOS bootloader. This adds the ability to load much bigger kernels and the option of selecting different kernels at boot time.
     * evbarm:  new  platform support for Arcom Viper PXA255-based single board,  Atmark  Techno  Armadillo-9  and  Armadillo-210,  Certance CP-3100,  Linksys  NSLU2  (a.k.a.  "Slug") and I-O DATA HDL-G Giga LANDISK NAS devices.
     * evbmips:  added  support  for  Alchemy Au1550 processors, DBAu1550 boards,  Alchemy  Au15XX  PCI  host,  (OMS-AL400/128)  and Atheros AR5312 SoC.
* New port ews4800mips: NEC's MIPS based EWS4800 workstations.
* cobalt: added support for booting off raidframe RAID1 mirrors.
     * hpcmips:  added  the  teliosio(4)  driver for the Sharp Telios LCD screen and Battery unit.
     * New  port landisk: port to the SH4 processor based NAS appliances, supporting  models  by  I-O DATA (USL-5P, HDL-U, HDL-AV, HDL-W and HDLM-U  series, SuperTank  LAN Tank, UHDL-160U and UHDL-300U) and Plextor PX-EH16L, PX-EH25L and PX-EH40L.
     * macppc:  this port has gained support to use accelerated wsdisplay drivers  by default (if possible), and uses the appropriate driver rather than the Generic Open Firmware Framebuffer.
     * prep:  this  port  has  been  modernized,  and  support  for  five additional  machines  has  been added, among them the IBM 7024-E20 and  7025-F30  models  and  Motorola  Powerstack E1. Additionally, sysinst   support  was  added,  and  the  bootloader  process  was improved,   allowing  easy  installation  and  upgrade  to  future
releases.
* sparc: added support for booting off raidframe RAID1 mirrors.
     * Xen:  support  for  Xen3  domU  and  dom0 (Unprivileged domain and domain  0),  including support for hardware virtualization on CPUs that support it.

Kernel subsystems

     * Improved Firewire (IEEE1394) support imported from FreeBSD.
     * The  midi(4)  framework got a complete overhaul for better support of  Active  Sensing  and  improved  handling of tempo and timebase changes.
* Added a Bluetooth protocol stack including:
          + hardware drivers: ubt(4) for USB controllers, and bt3c(4) for the 3Com Bluetooth PC-Card.
          + socket  based  access  to  the  HCI,  L2CAP,  RFCOMM  and SCO protocols.
          + pseudo  drivers  for integrating services on remote Bluetooth devices such as Keyboards, Mice and SCO Audio into the NetBSD device framework. See bluetooth(4), bthset(1) and btpin(1).
     * Imported the bio(4) framework from OpenBSD, to query/control block hardware  RAID device controllers. Currently supporting the mfi(4) driver.
* Kernel uses stateful read-ahead algorithm.
     * dkctl(8)  can  be  used to switch buffer queuing strategies on the fly on wd(4) disks, see also bufq(9).
     * fileassoc(9)   is   used   by  Veriexec,  it  adds  in-kernel  and file-system independent file meta-data association interface.
     * firmload(9):  an  API  for loading firmware images used by various hardware devices.
* gpio(4): imported General Purpose I/O framework from OpenBSD.
     * onewire(4):  imported  Dallas  Semiconductor  1-wire bus framework from OpenBSD.
     * The  proplib(3)  protocol  was  added  for  sending property lists to/from the kernel using ioctls.
* spi(4): new SPI (Serial Peripherial Interface) framework.
     * timecounter(9)  adds  a new time-keeping infrastructure along with NTP  API  4  nanokernel  implementation. Almost all platforms were  changed to support this API.
* Start of 32bit-Linux-emulation for amd64 (COMPAT_LINUX32).
     * wscons(4)  console  driver  supports  splash  screens,  scrolling, progress bar for kernel and boot messages.

   Kernel  interfaces  have  continued to be refined, and more subsystems and  device drivers are shared among the different ports. You can look for this trend to continue.

Security

     * The  FAST_IPSEC  IPsec implementation was extended to use hardware acceleration  for  IPv6,  in  addition to the hardware accelerated IPv4  that  was  available  before.  See  fast_ipsec(4)  for  more information.
     * mprotect(2)  got  restrictions  to enforce W^X policies, from PaX. See options(4), sysctl(3), and paxctl(1).
     * GCC 4's support for stack smashing protection (SSP) was enabled by adding libssp, see security(8).
     * The  kernel  authorization framework kauth(9) was added, replacing the traditional BSD credential management and privileged operation access control with an abstract layer, allowing the implementation of   various   security  models  either  as  part  of  the  NetBSD distribution or as third-party LKMs. NetBSD's    kernel  authorization   is   a   hybrid   clean-room implementation   of   a  similar  interface  developed  by  Apple,extending  its  capabilities  and combining concepts of credential
inheritance control.

Userland

* 3rd party software updates:
+ BIND 9.4.1-P1
+ OpenSSL 0.9.8e
+ CVS 1.11.22
+ OpenSSH 4.4
+ gettext 0.14.4
+ PF from OpenBSD 3.7
+ (n)awk 20050424
+ Postfix 2.4.5
+ am-utils 6.1.3
+ file 4.21
+ zlib 1.2.3
+ GNU binutils 2.16.1
+ GNU groff 1.19.2
+ IPFilter 4.1.23
+ GNU gcc 4.1.2 prerelease
+ GNU gdb 6.5 (some architectures)
+ NTP 4.2.4p2
+ pppd 2.4.4
* cdplay(1): added digital transfer mode support.
* cksum(1) can now verify checksums.
     * csplit(1):  new  utility  that  splits  a  file  into pieces. From FreeBSD/OpenBSD.
     * identd(1):   added   support  for  forwarding  ident  queries  and receiving of proxied ident queries.
* getent(1): added support for the ethers database.
     * gkermit(1):  new  program  for transferring files using the Kermit protocol.
     * mail(1):  added support for Mime and multi-character set handling, command line editing and completion.
* utoppya(1): new utility to interface to the utoppy(4) driver.
     * init(8):  added  support  for  running  multi-user  in  a chroot() environment.  Allows  /  file  system  on  e.g., cgd(4), vnd(4) or ccd(4) volumes.
     * gpt(8):   new  GUID  partition  table  maintenance  utility,  from FreeBSD.
     * iSCSI  target  (server) code added, see iscsi-target(8); Initiator (client) code is underway.
     * lockstat(8):  new  command  to display a summary of kernel locking events recorded over the lifetime of a called program.
     * ofctl(8):  new  command  to  display  the OpenPROM or OpenFirmware device tree for the macppc, shark and sparc64.
* Various utilities to support Bluetooth were added:
+ btconfig(8) for controller configuration.
          + btdevctl(8)  to  manage  pseudo  devices  relating  to remote services.
+ bthcid(8) and btpin(1) for authenticating radio connections.
+ sdpd(8) for providing service discovery to remote devices.
+ sdpquery(1) for querying services on remote devices.
          + rfcomm_sppd(1)  to  access  remote  services  over RFCOMM via stdio or pty.
+ bthset(1) for making connections to Bluetooth headsets.

  

About the NetBSD Foundation

   The  NetBSD  Foundation  was  chartered  in  1995,  with  the  task of overseeing  core NetBSD project services, promoting the project within industry  and  the  open  source  community,  and holding intellectual property rights on much of the NetBSD code base. Day-to-day operations of the project are handled by volunteers.

   As  a  non-profit  organization with no commercial backing, The NetBSD Foundation  depends  on donations from its users, and we would like to ask  you  to  consider  making  a donation to the NetBSD Foundation in  support  of  continuing  production of our fine operating system. Your generous  donation  would  be  particularly elcome  assistance  with ongoing  upgrades  and maintenance, as well as with operating expenses for The NetBSD Foundation.

NetBSD mirror sites

Please use a mirror site close to you.
* FTP - http://www.NetBSD.org/mirrors/#ftp
* ISO images - http://www.NetBSD.org/mirrors/#iso
* Anonymous CVS - http://www.NetBSD.org/mirrors/#anoncvs
* BitTorrent - http://www.NetBSD.org/mirrors/#bittorrent
* SUP - http://www.NetBSD.org/mirrors/#sup
* CVSup - http://www.NetBSD.org/mirrors/#cvsup
* rsync - http://www.NetBSD.org/mirrors/#rsync
* AFS - http://www.NetBSD.org/mirrors/#afs

more :
Netbsd-announce/2007/12/19/0000.html
NetBSD-4.0CHANGES-4.0

Labels:

Damn Small Linux 4.2 released
dam small linux dsl 4.2
Robert Shingledecker has announced the final release of Damn Small Linux 4.2

Download:
dsl-4.2.iso (48.2MB, MD5).



Change log for v4.2

  • New mtpaint replaces xpaint.
  • New black/blue theme with "Fractal Movements" background.
  • New folder for better support of Visual Styles for JWM .jwmrc-theme and downloadable themes.
  • New setTheme.lua, drag-n-drop or double click application style.
  • New folder for better support of backgrounds, downloadable "DSL Classics"
  • New generic folder.xpm link for easier themeing of folders.
  • Updated wallpaper.lua, drag-n-drop or double click application style.
  • Improved support for JWM keybindings with .jwmrc-keys
  • Improved support for battey names in torsmo, fetched from /proc
  • Improved handling of multline menu items as MyDSL folder application shortcut icons.
  • Improved cleanup of shortcuts upon normal shutdown.
  • Fized bug so that /cdrom/mydsl is not processed twice.
  • Fixed "?" icon to open "Getting Started"
  • Updated iconViwer for mtpaint change.
  • Many icons have been changed, updated, or replaced.
  • Updated /opt/.dfmext with more associations.
  • Cleanup of xmms when started from dfm icon.
  • Cleanup of usused files, modules, and directories (pnp,xfs, hfs,hfsplus,bfs,befs,adfs,ujs,minix,efs)

Files that have changed and likely in your backup (since v4.1).

  • .bash_profile
  • .dfmdesk/
  • .dfminfo
  • .fluxbox/menu
  • .jwmrc
  • .jwmrc-tray
  • .xinitrc
  • /opt/.dfmext

File that have changed since 4.2RC1

  • .dfminfo
  • .jwmrc
  • /opt/.backgrounds
  • /opt/jwmThemes
  • /opt/.dfmext

Related Posts:
Damn Small Linux 4.1 Released
Damn Small Linux v4.0 Released

Labels: ,

Saturday, December 22, 2007
Kaspersky Lab corrects false positive detection in threat signature database

Kaspersky Lab corrects false positive detection of a particular Windows explorer.exe file.

An incorrect threat signature was added to the company's antivirus databases on December 19, 2007, around 7PM GMT. It falsely detected a relatively uncommon version of explorer.exe as Worm.Win32.huhk.c and quarantined the file. The incorrect signature was removed from the database after two hours.

The version of explorer.exe which was falsely detected was released via Microsoft Windows Update service as an Update for Windows XP on 24.07.2007

Unfortunately, the incorrect signature caused a limited number of Kaspersky Lab product users to experience problems with system functionality.

Kaspersky Lab apologizes for any inconvenience caused to users by the error. The company's free 24-hour technical support service is available to assist any affected users in rectifying the problem.

A solution for the issue has also been added to the Kaspersky Lab Technical Support Site. It can be found at http://www.kaspersky.com/support/viruses/computers?qid=208279581 .

Related Posts:
Kaspersky inadvertently quarantines Windows Explorer

Labels: , ,

Friday, December 21, 2007
Google AdSense: Facts, FAQs and Tools

Google AdSense is probably one of the most popular revenue generators in the Web. We hear the stories about bloggers-genies, who manage to turn their blogs into cash machines overnight. However, it's not that simple to find the actual tips, which stick to Google policies, might increase your revenues and don't try to trick out the readers of your weblog.

We've spent several hours, trying to find out, what might increase your Google AdSense income and which tools you can use to observe and track your revenues. We've selected the key-points of successful stories and useful tips as well as Google AdSense sites and services you can use on a daily basis. Let's take a look.

Things You Probably Don't Know About Google AdSense

  • "AdSense Earning = Impression-count x Click-though-rate x Cost-per-click x smart-pricing-factor. Viewing your on website will not get you banned. Just make sure you don't click on the ads.
  • However, repeatedly reload your page to jack up page impressions can get you banned. Click-through-rate (CTR) is ratio of clicks per impressions. It can range from 0.1% to 30%, but most commonly around 1% to 10%."
    [100 Google Adsense Tips]
  • "First impressions count: make sure the ad unit with the highest CTR is the first ad unit in the HTML code of your page. Keep in mind that the first ad unit in the source code is not always the first ad unit that your users will see when the page finishes loading in their browser."
    [Inside AdSense: First impressions count]
  • "Ads placed near rich content and navigational aids usually do well because users are focused on those areas of a page. on pages where users are typically focused on reading an article, ads placed directly below the end of the editorial content tend to perform very well."
    [Where should I place Google ads on my pages?]
  • "Format is important for multiple ad units, display your ad units where repeat users will notice them, place a leaderboard immediately after the last post."
    [Six AdSense optimization tips for forums]
  • "The middle, above the fold location performs the best. Best performing ad format is the large rectangle, 336×280. So the wider ad formats are doing better than the other ones and the reason is that they actually take up fewer lines. And so with every additional line, you have a chance of losing that interested user.
  • So the wider formats do best so specifically, the top three formats are the 336×280 that you see on the page; the 300×250 medium rectangle; and then the 160×600 wide skyscraper.
  • We have a feature in the AdSense account where you are able to multi-select different color palettes that blend with your site to add some variety and freshness to the ads. And that also will help decrease ad blindness."
    [Google AdSense Optimization Webinar]
  • "The second most active placement in terms of click-throughs tends to be the right-hand rail or margin". "Skyscrapers" and vertical banners do well when placed next to the content in the main body. Square and rectangle ads placed within the center column also do well, provided they are placed in context to the content. Ads placed below the fold tend to perform least well, although that isn't a hard-and-fast rule."
    [Yahoo! Publisher Network: Location, location, location…]
  • "I found the most success in placing the Google Adsense medium rectangle either right in the middle of the page or in a middle right column as long as it has content above and below the ad unit. Its is fine to use Adsense Ads on a forum however expect a very low CTR."
    [Google Adsense Tips for Webmasters]
  • "Post Adsense ads on text rich pages, avoid titles like the approved 'Sponsored Links' and 'Advertisements', place Ads above the fold, Match the colors of your ads with the colour scheme of your site, Blend ads with your page - remove the borders by having a similar color as your background."
    [How to Increase Google Adsense CTR]
  • "To remove Public Service Ads (PSA) in Google Adsense develop sufficient good content with keywords, Ensure that META tags like 'title' & 'description' and the headings tags like h1, h2 etc. have content which matches the rest of your site."
    [How to Remove Public Service Ads (PSA) in Google Adsense]
  • "You can now run AdSense on the same page as other contextual ad programs ." (January 2007)
    [It's official! You can now run AdSense on the same page as other contextual ad programs]
  • "Google AdSense Policy: We ask that publishers not line up images and ads in a way that suggests a relationship between the images and the ads."
    [Inside AdSense: Ad and image placement: a policy clarification]
  • "Section targeting uses certain html tweaks to force the google adsense bot to focus on specific content. Section targeting is the latest and most effective addition to AdSense".
    [Display Relevant Adsense Ads Using Section Targeting]
  • "Over the weekend, I decided to change the number of ads units on my blog based upon where the traffic is coming from. I have a small PHP function that checks to see if the referrer is a search engine, and if it is, I display and additional 2 ad units. My Adsense revenue increasing by 284% on Saturday, Sunday and Monday!"
    [Positive Adsense Experiment]
  • "Never click your own adsense ads or get them clicked for whatever reason. Never change the Adsense code. Do not run competitive contextual text ad (2006) or search services on the same site. Do not mask ad elements. Avoid excessive advertising and keyword stuffing."
    [ 15 Common Mistakes that Violate Google Adsense TOS ]
  • "Putting ads on your site won't hurt your traffic. There are 6 sorts of bloggers' income: Google Adsense, Donations (e.g. PayPal), Text Link Ads (sold for a fixed amount per month), Chitika eMiniMalls ads (pay per click), affiliate programs like Amazon, Advertising sold to individual advertisers (three-month campaigns or longer)
    [How to Make Money From Your Blog - a VERY extensive article]
  • "A number of factors come into play when AdSense tries to determine what the page is about: The URL of the page, the page title, the anchor text of links, the keywords that appear most frequently within the page, search engine queries that lead to the page or to another page that links to the page".
    [How to Get Relevant AdSense Ads (Especially For Bloggers)]
  • "Ask yourself if you are willing to compromise your blog's layout and over-all feel by adding ads in them. Look at your traffic and see if it's enough to draw the crowd. Make good use of the Ad Channels. Give it time."
    [Tips on Blog Adsensification]
  • "You can put upto 3 AdSense units on a page. For short articles, CTR is best when ads are placed just above the content. For long articles, CTR improves if ads are placed somewhere in middle of the content. Go Wide - the large rectangle 336×280 is the best paying adsense format."
    [Adsense Tips, Layout Optimization Tricks for HigherCTR]
  • "Google AdSense folks have unveiled another useful feature for Adsense publishers - Section Targeting. The concept is simple but the advantages and possibilities are endless."
    [Display relevant Ads in Blogs: Just suggest Google]

Google AdSense: Google's Information and Tools

  • Google AdSense FAQ
    the Adsense support for official guidelines.
  • Google AdSense Help Page provides a very detailed FAQ about Google AdSense. Learn optimization essentials, how to design successful ads, savvy ad placement and how to use features wisely.
  • Google Adsense Program Policies.
  • Google AdSense Ad Formats
    an overview.
  • Google AdSense Success Stories provided by Google itself. Many interesting insights in concrete decisions, which helped to increase Google AdSense revenues.
  • Google AdWords: Keyword-Tool
    The Keyword Tool generates potential keywords for your ad campaign and reports their Google statistics, including search performance and seasonal trends. Start your search by entering your own keyword phrases or a specific URL. You can then add new keywords to the green box at the right.

Google AdSense Tools, Services

Google AdSense Tips, Resources

source: smashingmagazine.com

Labels:

Kaspersky inadvertently quarantines Windows Explorer
Windows Explorer, one of the most crucial components of Microsoft's operating system, was quarantined earlier this week after being falsely identified as malicious code by an antivirus company.

Users of Kaspersky Lab's antivirus products noticed the issue, which Kaspersky claimed lasted two hours, on Wednesday night.

The security company's systems had decided that a virus called Huhk-C was present in the explorer.exe file, leading to its confinement or, in some cases, deletion. As Windows Explorer is the graphical user interface (GUI) for Windows' file system, this made it difficult to perform many common tasks within the operating system, such as finding files.

David Emm, a senior technology consultant at Kaspersky Lab, told ZDNet UK on Friday that the company was still examining its checklist to find out why the false positive "slipped through the net."

"This is classic false-alarm territory," Emm said. "We will check through our systems and see if we can tighten them up so we don't run into this problem in the future. No antivirus company, including ourselves, can say they have never had a false alarm, (but) on all fronts, we do what we can to minimize any potential risk for our customers."

Emm pointed out that Kaspersky adds about 3,000 records per week to its database, demonstrating the "scale of the issue, in terms of testing procedures."

The "offending signature" went out at around 7 p.m. on Wednesday, according to Emm, who claimed that it was pulled two hours later in a "makeshift" attempt to limit the damage while Kaspersky examined the signature.

"We proactively went out to our enterprise customers to make them aware there was this potential issue," Emm said. "Only one corporate customer (in the U.K.) encountered this problem, as well as a handful of home users." He added that users who have not changed their default settings would have found explorer.exe to be only quarantined, rather than deleted.

In March of this year, Kaspersky criticized Microsoft's consumer antivirus product, OneCare, for incorrectly quarantining and, in some cases, deleting Microsoft Outlook files.

source:
David Meyer of ZDNet UK reported from London.

Labels: , ,

Wednesday, December 19, 2007
What is forex ?


The market
The currency trading (FOREX) market is the biggest and the fastest growing market on earth. Its daily turnover is more than 2.5 trillion dollars, which is 100 times greater than the NASDAQ daily turnover. (click here to read full market background by Easy-Forexâ„¢).

Markets are places to trade goods. The same goes with FOREX. The Forex goods (or merchandise) are the currencies of various countries. You buy Euro, paying with US dollars, or you sell Japanese Yens for Canadian dollars. That's all.

How does one profit in Forex?

Very simple and obvious: buy cheap and sell for more! The profit is generated from the fluctuations (changes) in the currency exchange market.
The nice thing about the FOREX market, is that regular daily fluctuations, say - around 1%, are multiplied by 100! (in general, Easy-Forexâ„¢ offers trading ratios from 1:50 to 1:200). If, for example, the exchange rate of "your" pair of currencies increased by 0.6% in the last 4 hours, your profit will be 60% on your investment! Such can happen in one business day, or in a few hours, even minutes.

Moreover, you cannot lose more than your "margin"! You may profit unlimited amounts, but you never lose more than what you initially risked and invested.

You can implement your choice (the pair of currencies, the volume amount) under any direction to which the market is moving, and yet make profit. It does not matter whether the exchange rate is going up or down: you can always decide to buy Euro and sell dollar, or vice versa - buy dollar and sell Euro. You don't have to physically possess certain currencies in order to perform "buy" or "sell" with them.

How do I start?

Register (Easy-Forexâ„¢ offers the simplest and quickest registration process, no obligation); deposit your first trading "margin" amount (credit cards are welcome, only by Easy-Forexâ„¢); start trading.

It can't be simpler or easier than that. Need help? We'll provide you with 1-on-1 training and service, as much as necessary (Easy-Forexâ„¢ offers real people service, live, in your own language).

How do I trade Forex?

You select the pair of currencies with which you wish to make a Forex deal. You determine the volume (the amount of the deal). You deposit the "margin" (collateral needed to facilitate the deal. Usually - only a very small portion of the whole deal, say: 1% or 1:100).

Before you finally activate the deal, you can still "freeze" it for a few seconds. That enables you to either change the terms, or accept it as is, or altogether regret the whole idea. The "freeze" feature is a unique service by Easy-Forexâ„¢.

When your Forex deal is running (you hold an "open position"), you can monitor its status and check scenarios online, whenever you wish. You may change some terms in the deal, or close it (and cash the profit, if any, or minimize the loss, if any). Moreover, Easy-Forexâ„¢ lets you determine a "take-profit" rate, with which the deal will close automatically for you, when and if such rate occurs in the market. Meaning: you do not have to stay near your computer when you hold open positions.

Want to know more? Want to get on-line training? Register here (simple, quick, no obligation), we'll be glad to guide you, every step of the way.


Good luck!

Related Articles:

Earn up to $10,000 USD

Labels: ,

Earn up to $10,000 USD

Forex-Affiliate is a world leading and highly paying Forex affiliate program. The Forex (currency exchange trading) industry is the biggest market on earth today, with a daily turnover of 3 trillion dollars! Anyone today can trade Forex online. The participants in this market include central banks, organizations, commercial banks, institutional traders, and private individuals throughout the globe. This is a highly exciting market, though risky! Affiliating in the Forex market offers you a great earning potential, with online access to your traffic performance and your commission. The affiliates are provided with online support, marketing creatives and professional tools – free of charge.


The Forex-Affiliate earning programs

Forex-Affiliate offers a win-win earning program – combination of CPA and evenue-Sharing,tailor made to suit you best! As our business partner, your commission is based on the revenue generated by your referrals, plus a flat fee for introducing referrals. In addition, you may well enhance your earning by running the 2nd-tier program (introducing Forex-Affiliates under you). Also the 2nd-tier program offers combined CPA and Comm-Share (flat fee, plus precentage of commission earned by your referred affiliates).

Two Reasons to join Forex-Affiliate

  1. Earn up to $10,000 USD Per Referred Trader

  2. Hybrid Solution : Earn both CPA + Revenue Share

Read more details

Labels:

Monday, December 17, 2007
Divx Pro Free Download is Available for a Limited Time
For a limited time, Divx is offering a complimentary download of their Divx Pro software, which consists of both a converter and the Codec.

All you need is a valid email address and you’ll be set to go.Remember, this is the Pro version which includes DivX Converter and DivX Pro Codec. Here’s a quick overview of the benefits that each provide:
  • DivX Converter
    • Drag-and-drop nearly any video format to create a high-quality, highly compressed DivX video
    • Merge and convert multiple videos into a single DivX file with an automatically generated menu
  • DivX Pro Codec
    • Higher performance, including multi-threaded support for better performance on all HyperThreaded, dual core and dual CPU (SMP) systems
    • More encoding options, including six carefully optimized encoding modes that balance visual quality and performance for virtually any application

Here’s the link that you’ll need to download DivX for Windows. This link also explains how the free holiday download will work. Essentially you’ll download the file, and then enter in your email address during the installation. Then you’ll receive an email with your serial number for DivX Pro. There’s also a Mac version, and the link for that download is here.

source:cybernetnews.com

Labels:

phpBB3 Gold Released
the phpBB Team has announced the availability of  the phpBB 3.0.0 package:

"Please note that we urge you to update. The versions we support here are phpBB 2.0.22 and phpBB 3.0.0.

3.0.0 has seen some some critical bugs fixed, including:
  • [Fix] Cleaned usernames contain only single spaces, so "a_name" and "a__name" are treated as the same name (Bug #15634)
  • [Fix] Check "able to disable word censor" option while applying word censor on text (Bug #15974)
  • [Fix] Rollback changes on failed transaction if returning on sql error, if set
  • [Fix] Call garbage_collection() within database updater to correctly close connections (affects Oracle for example)
Please refer to the changelog for a complete list of fixes since RC8.

A short explanation of how to do a conversion, installation or update is included within the provided INSTALL.html file, please be sure to read it.

Minimum Requirements
phpBB3 has a few requirements which must be met before you are able to install and use it.

  • A webserver or web hosting account running on any major Operating System with support for PHP
  • A SQL database system, one of:
    • MySQL 3.23 or above (MySQLi supported)
    • PostgreSQL 7.3+
    • SQLite 2.8.2+
    • Firebird 2.0+
    • MS SQL Server 2000 or above (directly or via ODBC)
    • Oracle
  • PHP 4.3.3+ (>=4.3.3, >4.4.x, >5.x.x, >6.0-dev (compatible)) with support for the database you intend to use.
  • getimagesize() function need to be enabled
  • These optional presence of the following modules within PHP will provide access to additional features, but they are not required.
    • zlib Compression support
    • Remote FTP support
    • XML support
    • Imagemagick support
    • GD Support

The presence of each of these optional modules will be checked during the installation process.

Security
Security issues found should be reported to our security tracker in the usual way.

Available packages
If you experience problems with the automatic update (white screens, timeouts, etc.) we recommend using the "changed files only" or "patch" method for updating.

With this release, there are four packages available.
  • Full Package
    Contains entire phpBB3 source and english language files.
  • Changed Files Only
    Contains only those files changed from previous versions of phpBB3. Please note this archive contains changed files for each previous release.
  • Patch Files
    Contains patch compatible patches from previous versions of phpBB3.
  • Automatic Update Package
    Update package for the automatic updater, containing the changes from previous release to this release.
Select whichever package is most suitable for you.

Please ensure you read the INSTALL and README documents in docs/ before proceeding with installation, updates or conversions!.

Download/Documentation
Have fun with the release,"

Labels:

Make Wget cater to your needs
Most Linux users are familiar with using GNU Wget to download single files by passing the URL as an argument to the wget command, but you can also use Wget with desktop applications. It requires a little preparation, but it's easy to integrate Wget with your favorite browser and other desktop applications. You can also use Wget in scripts to categorize batch downloads and make them fault-tolerant. Here's how to get Wget to sit up and beg for you. If you have a list of files you want to download, you can use Wget's -i option, which tells Wget to read a list of URLs from a file.
Invoke wget -i filelist and wait until it finishes the job, and your files are downloaded!

Most download managers, when you pause downloading, you close the connection to the server and open it again when you choose to resume. When you download a file using Wget, you can pause by pressing Ctrl-Z, and the connection will not be lost if you resume quickly enough (the connection usually times out after 60 seconds). That means you don't lose time when reconnecting.

If you stop Wget before it has finished downloading the list of files, you may want to continue from the last file it was downloading. In that case, using wget -i filelist won't do the job anymore. What you need is a script that will delete a URL from the list after Wget finishes downloading the appropriate file. This short script will do the job:

 #!/bin/sh
# wget-list: manage the list of downloaded files

# invoke wget-list without arguments

while [ `find .wget-list -size +0` ]
do
url=`head -n1 .wget-list`
wget -c $url sed -si 1d .wget-list
done


With this technique, you store the list of URLs in a file called .wget-list, one URL per line. On each line you can not only write URLs but also additional options for Wget. For example, if you want to set the name of the output file, you can add a line like <URL> -O <filename> to .wget-list, where -O is a Wget command-line option and <filename> is the the name you want it to use. You can add the -c option to be sure that the download will be continued from the same place Wget (or another application) stopped at. Consult the wget manpage for other options.

When Wget is finished downloading the first file in the list, the first line of .wget-list is deleted, so on the next loop Wget starts downloading the next file in list. If you press Ctrl-C, the next time you run wget-list it will continue downloading the same file.

If you want to categorize the files you download, you could create several directories to place files in, such as src, movie-trailers, and docs. Create a file .wget-list in each directory, and use a master script like wget-all below to process the .wget-list files in each subdirectory:

 #/bin/sh # wget-all: process .wget-list in every subdirectory
# invoke wget-all without arguments

find -name .wget-list -execdir wget-list ';'

This script looks for files named .wget-list and executes the command wget-list in every directory where it found the file.

If you want to set priorities between the categories, to specify which will be processed first, you need to be able to specify the order to work on the directories, as in wget-dirs:

 #!/bin/sh
# wget-dirs: run wget-all in specified directories
# invoking: wget-dirs <path-to-directory> ...

for dir in $*
do
pushd $dir
wget-all
popd
done
wget-all

This script should be executed with parameters: if you want to download files in the src directory, and then files in the docs directory, you should invoke wget-dirs src docs (don't forget to change the current directory to the one containing those directories, or else specify the full paths). In this script pushd changes the current directory and remembers the previous one in its stack, and popd changes the current directory to the last remembered one.

Desktop integration

Now you need an easy way of adding URLs to list. You can use this add-url script to add a URL to the .wget-list category:

 #!/bin/sh
# add-url: add URL to list

# invoking: add-url URL

echo $* >>~/download/.wget-list
# assuming that ~/download is the directory for downloaded files

Add-url is a handy script if you're at the command line, but KDE users can take more advantage of it by using Klipper's ability to run commands on any string copied to the clipboard. Open the configuration dialog by right-clicking on the Klipper icon in the system tray or the Klipper applet, and choose Configure Klipper, and go to the Actions tab. You will notice that you can set different groups of actions for strings matching different regular expressions.

There should already be a group for HTTP links ("^https?://."). Right-click on this group and choose Add Command, then type "add-url %s" for the command and "Add URL to download queue" for the description. Then go to Global Shortcuts tab and select a shortcut to invoke the action. From then on, every time you use this shortcut, you will see a menu of actions available for the string currently in clipboard, which will now include the item for running the script you prepared to add URLs to the Wget queue.

Klipper helps you to automate adding URLs from any application, but most of the time you will grab URLs from the browser, so why not add an item to its context menu?

The FlashGot for Firefox extension helps you to integrate any download manager into Firefox. After downloading and installing FlashGot, select FlashGot -> Settings from Firefox's Tools menu. Enter the path of the add-url script, and leave the URL template as "[URL]". Now you can use FlashGot's context menu items, including "Download the link via FlashGot" and "Download everything via FlashGot," to download files with Wget.

Opera users can also use Wget as a download manager. In the main Opera menu select Tools -> Preferences. Go to the Advanced tab, select Toolbars in the list at the left side. Click on Opera Standard in Menu Setup and click on Duplicate. Don't close the dialog, just minimize the Opera main window. Now open the file ~/.opera/menu/standard_menu (1).ini and add this line to the Link Popup Menu and Image Link Popup Menu sections:

Item, "Add to download queue"="Execute program, "/home/user/bin/add-url","%l""

This assumes that /home/user/bin/add-url is the full path to add-url -- don't use ~ there.

Now restore the Opera window, select the Copy of Opera Standard menu setup, and click OK. You should notice the new items in the context menu when you right-click.

Those are several ways that an "old-style" command-line tool like Wget can be easily integrated into a GUI environment. If you are a fan of GUI tools, you can also use Wget front ends such as Gwget for GNOME and KGet for KDE.


Segmented downloading

Some download managers support segmented downloading, which means downloading several pieces of file simultaneously. Segmented downloading is supposed to help utilize bandwidth more efficiently, but this is not always true: if your connection speed is not high, you will create more traffic, but downloading files will not be faster. For that reason, some webmasters ban the use of segmented downloading (though this is rare).
Single-threaded downloading has its benefits, especially when Wget is concerned. Other download managers have internal databases to help them keep track of which parts of files are already downloaded. Wget gets this information simply by scanning a file's size. This means that Wget is able to continue downloading a file which another application started to download; most other download managers lack this feature. Usually I start by downloading a file with my browser, and if it is too large, I stop downloading and finish it later with Wget.
Still want to try the segmented downloading? The Aria2 console download utility supports it.


Article written By Aleksey 'LXj' Alekseyev .

Labels:

CHM viewers for Linux
Even if you work only in Linux, you'll likely have to use Microsoft Compiled HTML Help (CHM) files at one time or another. Several open source projects use this common format, including Apache, MySQL, PostgreSQL, Python, and PHP.

Microsoft developed CHM as a proprietary format for Windows 98, leaving behind the previous WinHelp (HLP) format. CHM is still alive and kicking in XP and Vista, though some applications use the newer Microsoft Help 2 format.

CHM files comprise a set of Web pages, plus a hyperlinked table of contents and an index, compressed with LZX. CHM offers small size (because of compression), full text searches, and the ability to join several CHM files into a single file with a common table of contents and index.

Even though CHM is a Microsoft format, several projects have written CHM file viewers for Linux.


KchmViewer
KchmViewer is the standard KDE viewer for CHM files. The current production version 3.1 was released in June, though version 4.0 is now available in beta; I tested the former. It's released under the GNU General Public License (GPL), and it uses some code from another viewer, xCHM.

KchmViewer is available in most distribution repositories. You can also download it and install it (make sure you have the qt3-devel package) through the usual configure and make commands; check the specific instructions on the download page.

Under KDE, KchmViewer is associated with CHM files by default, so it runs automatically when you click on such a file. It can use either a Trolltech Qt widget or KDE's own KHTML widget to show the text (change widget from the Settings menu). I found one CHM file that wouldn't display correctly, and changing widgets solved the problem.

KchmViewer supports tabbed browsing, and it provides Contents, Index, and Search views. It correctly deals with foreign languages and multibyte character sets. You can generate bookmarks to mark your place in a document, and you can edit and delete bookmarks at will. You can view the original HTML code, and even specify which editor to use for this function via the Settings menu option.


Help Explorer Viewer
Help Explorer Viewer, developed by Kama Software, is free but not open source. It comes in both Windows and Linux versions, which is an advantage if you work with dual booting systems or in an environment with both operating systems. You can use Help Explorer Viewer to view not only CHM files, but HLP (older) and HXS (newer) help file formats as well. According to the Web site, you can integrate Help Explorer Viewer into your application through its API.

Installation is simple. Go to its Downloads page and get the Linux version, which currently stands at 3.0. Go to the directory where you downloaded the file, and enter these commands as root:/p>

tar zxf HelpExplorer3.0_LINUX.tar.gz cd Setup/ ./setup.sh

After you view the end-user license agreement (EULA), Help Explorer Viewer is installed in /usr/local/HelpExplorer. If you want to uninstall it, you can run the uninstall.sh script in that directory. The installation asked if I wanted to install KDE/GNOME menu items, but even though I answered yes, the program didn't appear in the main menu, in the Konqueror menus, or even in the context menu when I right-clicked on a CHM file; I don't know where it's supposed to appear, but I couldn't find it.

Help Explorer Viewer includes all the usual search mechanisms: table of contents (organized hierarchically, as a tree), index (a list of keywords), and common searching. The help files showed up correctly in all tests I ran, but I wish I could have changed the font the program used, because it displayed pixelated. You can change views between Contents, Index, Search, and Favorites (called Bookmarks in other viewers).


ChmSee
ChmSee is an open source Gtk2+ package for GNOME whose Web site is written mostly in Chinese; if it weren't for some parts in English, you'd be sorely tested to install or use ChmSee. It's free under the GPL, and version 1.0 was released in August.

Installing ChmSee could be a bother, but it appears in openSUSE standard repositories, which greatly simplifies things. If you want to build it from source, you'll need Gtk2+, libglade-2.0, gecko, chmlib, and OpenSSL. After getting the source package, you need to enter these commands:

tar xzf chmsee-1.0.0.tar.gz cd chmsee-1.0.0 ./configure make sudo make install

You might have to add a parameter to the configure command (--with-chmlib=/path/to/chmlib) if it cannot find chmlib. After installation, ChmSee was added to my openSUSE menus, but not my Konqueror or context menus.

You can configure the fonts used for display (something lacking in both KchmViewer and Help Explorer Viewer) by going to Edit -> Setup. Be careful with the Clear function, which deletes all ChmSee work files and causes the viewer to crash. If you opt for this, you'll have to reopen the CHM file. ChmSee doesn't offer Index or Search views; in fact, it has no search function at all. Also, in my testing, some CHM files displayed weird messages (and the text didn't get displayed), and some images didn't show at all.

ChmSee looks promising, but it still has a way to go before being at the same level as KchmViewer and Help Explorer Viewer.


Other candidates
Firefox users can download the CHM Reader add-on, currently at version 0.2.1.1. Installation is simple. The utility adds a new Open CHM Files entry to the Firefox File menu. When you open a CHM file, the table of contents is hidden by default, but you can bring it up by pressing Ctrl-E. Viewing files works fine, but CHM Reader doesn't offer a global search function, and the Firefox search function works only within the current page.

I tried to look at GnoCHM, xCHM, and KCHM (seemingly abandoned; its latest version is from 2003), but I got into dependency hell problems. I couldn't find distribution-ready packages, and installation from source was troublesome.


Conclusion
KchmViewer offers the easiest installation and greatest integration with the desktop environment. Help Explorer Viewer is useful for developers and users who work with both Linux and Windows. ChmSee has some bugs to be worked out, so I wouldn't recommend it for normal usage. CHM Reader is a good add-on, but its lack of searching power is a hindrance.

Article written By Federico Kereki, he is an Uruguayan systems engineer with more than 20 years' experience developing systems, doing consulting work, and teaching at universities.

Labels: ,

iptables as a replacement for commercial enterprise firewalls
With IT budgets getting tighter, managers need to trim costs. Service contracts are expensive for any technology; firewalls are no exception. Netfilter, the project that provides the packet filtering program iptables, is a free firewall alternative. While it lacks the service contract of commercial solutions and a pretty interfaces to make firewall modification easy, it has solid performance, performs effectively at firewalling, and allows for add-on functionality to enhance its reporting and response functions.


As a case study to demonstrate the feasibility of iptables as an enterprise firewall, consider the network I manage at University of Illinois at Urbana-Champaign. The network supports 2,000 devices and has a 1-gigabit uplink with two firewall zones (DMZ and secure). Daily bandwidth outbound averages around 100 gigabytes. The network is protected by two dedicated firewall machines running iptables, each with three network cards (two for the bridging firewall, one for management access), and each running 1.5GHz single-core processors with 1GB RAM. Processing power is not critical in this case; you could save money by using a machine with a lower-end CPU.

We experience no latency attributed to the firewalls, and they do as good a job as can be expected of blocking bad traffic. Once the firewalls were properly tuned, we saw no downtime due to software issues.

There are, however, a couple of "gotchas" to keep in mind. The connection table can get filled on firewalls that are routinely being scanned or are on high-traffic networks. To solve this problem, increase the net.ipv4.ip_conntrack_max kernel parameter (mine is currently at 131071) and decrease net.ipv4.tcp_keepalive_time (3600 is a good choice). As long as the firewalls have plenty of memory to spare, these settings should not pose a problem, and the firewalls will happily run without needing any hand-holding. The result is a firewall with no packet loss and unnoticeable latency that's highly available (assuming good hardware).


Effectiveness at filtering traffic according to policy

A firewall is only as good as its ruleset, no matter which firewall you are using. The rules for iptables are generally easy to understand. Here is an example rule:

iptables -A INPUT -m state -p tcp --dport 80 -s 192.168.5.0/24 --state NEW,ESTABLISHED,RELATED -j ACCEPT

This command adds (-A) an input rule (traffic going to the machine the firewall is on) that checks state (-m) for any new, established, or related traffic from the 192.168.5.0 subnet on port 80 (Web traffic). If you want to log dropped packets (and you should) you also have to create both a DROP rule and a REJECT rule just to handle the logging.

You can block malformed packets (i.e. packets which may be part of a SYN scan) easily with rules checking just the TCP header flags. Other tools such as fwsnort allow for more detailed packet inspection to block clearly malicious traffic. fwsnort converts Snort rules into iptables rules that embed some IPS capability into the iptables. However, iptables allows for easy addition of IP address blacklists to stop all traffic from known hostile netspaces. Once you're familiar with the conventions for writing iptables rules and you have a basic knowledge of IP headers, you'll find it easy to write new rules.


Add-on functionality for reporting and active response

Several add-on tools can help you get more out of iptables log data. Most standard system log scanners can be configured to pull out interesting information, but they certainly aren't designed for that purpose. psad can be configured to provide email alerting on apparent attacks above a certain threshold, and to actively block hostile IP addresses once a defined threshold has been met.

You can perform additional management of the connection tables with the conntrack-tools from Netfilter. This software allows command-line access to the connection tables and allows for grabbing statistics on that information. Lastly, you can set up firewalling up to layer 7 (the application layer) with l7-filter. For instance, an academic environment could use l7-filter to limit peer-to-peer traffic bandwidth as a way to cut back on those fun MPAA/RIAA cease-and-desist letters.

On the downside, because iptables doesn't do the heavy lifting of making rules for you like commercial firewall appliances, it requires users have a more in-depth understanding of firewalling. While tools such as Firewall Builder and KMyFirewall making configuring iptables more user-friendly, a security admin will have to learn about firewalling and the applications in general. This means lots of time and up-front testing.

There is also the problem that when things break there is no one to call to fix it. This requires that knowledge be cultivated in house. However, information on open source solutions tends to be in the public domain, so training costs tend to be a factor of time and perhaps buying some books at Amazon.

At the end of the day, organizations can gain tremendous cost savings by using iptables for firewalls. An added bonus is the additional flexibility that an open source solution provides.

Article written By John C. A. Bambenek, he is a handler at the Internet Storm Center and a security administrator at the University of Illinois at Urbana-Champaign. He has written numerous articles on security, contributed to several computer security courses, and recently contributed the chapter out "Botnets: Proactive System Defense" to the book Botnets: Countering the Largest Security Threat.

Labels: ,