What is Ubuntu JeOS (Just Enough Operating System) ?
Ubuntu JeOS (pronounced "Juice") is an efficient variant of the popular desktop and server operating system, configured specifically for virtual appliances.
"The efficiencies inherent in an operating system that is built for a virtualised world mean that ISVs looking to deploy their applications in this lucrative and growing market have an obvious deployment target in the Ubuntu JeOS Edition," said Stephen O'Grady, analyst at RedMonk. "As the delivery platforms and economics of licensing continue to change, the flexibility and reach of the Ubuntu operating system make it an increasingly popular choice for far sighted ISVs."
ISVs looking to develop virtual appliances will have a compelling platform in Ubuntu JeOS, an OS optimised for virtualisation that greatly reduces the complexity and maintenance overhead normally associated with general purpose operating systems. Ubuntu JeOS Edition has been tuned to take advantage of key performance technologies of the latest virtualisation products from VMware. This combination of reduced size and optimized performance ensures that Ubuntu JeOS Edition delivers a highly efficient use of server resources in large virtual deployments.
"Canonical has produced a robust virtualised OS core in the Ubuntu JeOS Edition that is optimized for virtual appliances," said Dan Chu, vice president of emerging products and markets at VMware. "Virtual Appliances are fundamentally changing how software is developed and deployed, with ISVs now including a thin and highly optimized OS along with their application in a ready-to-run virtual machine. We are excited that Canonical is providing Ubuntu JeOS for vendors interested in building VMware virtual appliances."
Business Objects today unveiled a virtual appliance based on Ubuntu JeOS that is being demonstrated at VMworld.
"Ubuntu fits naturally into the place where computing is happening today," said Mark Shuttleworth, founder of the Ubuntu Project. "Virtualisation is the key driver of data center restructuring at present, and Ubuntu's popularity with developers makes it an excellent choice for the next generation of virtualized environments. We have worked with VMware to deliver a version of Ubuntu that complements its exceptional virtualisation capabilities, providing a solution for the ISVs building virtual appliances and for the enterprises planning to deploy them."
Welcome to Hardy Heron Alpha-2, which will in time become Ubuntu 8.04.
Pre-releases of Hardy are *not* encouraged for anyone needing a stable system or anyone who is not comfortable running into occasional, even frequent breakage. They are, however, recommended for Ubuntu developers and those who want to help in testing, reporting, and fixing bugs. Alpha 2 is the second in a series of milestone CD images that will be released throughout the Hardy development cycle. The Alpha images are known to be reasonably free of showstopper CD build or installer bugs, while representing a very recent snapshot of Hardy. You can download it here:
This is quite an early set of images, so you should expect some bugs. For a list of known bugs (that you don't need to report if you encounter), please see: http://www.ubuntu.com/testing/hardy/alpha2
If you're interested in following the changes as we further develop Hardy, have a look at the hardy-changes mailing list:
We also suggest that you subscribe to the ubuntu-devel-announce list if you're interested in following Ubuntu development. This is a low-traffic list (a few posts a week) carrying announcements of approved specifications, policy changes, alpha releases, and other interesting events.
Geert Hendrickx announced the availability of the official release of NetBSD 4.0 Download ISO images for a variety of architectures are available from the NetBSD mirrors i386 CD image: i386cd-4.0.iso (242MB, MD5) x86_64 CD image amd64cd-4.0.iso (166MB, MD5) Torrent files are available here.
The NetBSD Project is pleased to announce that release 4.0 of the NetBSD operating system is now available. NetBSD is a free, secure,and highly portable Unix-like Open Source operating system available for many platforms, from 64-bit Opteron machines and desktop systems to handheld and embedded devices. Its clean design and advanced features make it excellent in both production and research environments, and it is user-supported with complete source. Many applications are easily available through pkgsrc, the NetBSD Packages Collection.
Major achievements in NetBSD 4.0 include support for version 3 of the Xen virtual machine monitor, Bluetooth, many new device drivers and embedded platforms based on ARM, PowerPC and MIPS CPUs. New network services include iSCSI target (server) code and an implementation of the Common Address Redundancy Protocol. Also, system security was further enhanced with restrictions of mprotect(2) to enforce W^X policies, the Kernel Authorization framework, and improvements of the Veriexec file integrity subsystem, which can be used to harden the system against trojan horses and virus attacks. Please read below for a list of changes in NetBSD 4.0.
NetBSD 4.0 runs on 54 different system architectures featuring 17 machine architectures across 17 distinct CPU families, and is being ported to more. The NetBSD 4.0 release contains complete binary releases for 51 different machine types, with the platforms amigappc, bebox and ews4800mips released in source form only. Complete source and binaries for NetBSD 4.0 are available for download at many sites around the world. A list of download sites providing FTP, AnonCVS, SUP, and other services is provided at the end of this announcement; the latest list of available download sites may also be found at NetBSD.org/mirrors/. We encourage users who wish to install via a CD-ROM ISO image to download via BitTorrent by using the torrent files supplied in the ISO image area. A list of hashes for the NetBSD 4.0 distribution has been signed with the well-connected PGP key for the NetBSD Security Officer: ftp://ftp.NetBSD.org/pub/NetBSD/security/hashes/NetBSD-4.0_hashes.asc NetBSD is free. All of the code is under non-restrictive licenses, and may be used without paying royalties to anyone. Free support services are available via our mailing lists and website. Commercial support is available from a variety of sources; some are listed at NetBSD.org/gallery/consultants.html. More extensive information on NetBSD is available from our website:
NetBSD 4.0 is dedicated to the memory of Jun-Ichiro "itojun" Hagino, who died in October 2007. Itojun was a member of the KAME project,which provided IPv6 and IPsec support; he was also a member of the NetBSD core team (the technical management for the project), and one of the Security Officers. Due to Itojun's efforts, NetBSD was the first open source operating system with a production ready IPv6 networking stack, which was included in the base system before many people knew what IPv6 was. We are grateful to have known and worked with Itojun, and we know that he will be missed. This release is therefore dedicated, with thanks, to his memory.
System families supported by NetBSD 4.0
The NetBSD 4.0 release provides supported binary distributions for the following systems:
NetBSD/acorn26 Acorn Archimedes, A-series and R-series systems NetBSD/acorn32 Acorn RiscPC/A7000, VLSI RC7500 NetBSD/algor Algorithmics, Ltd. MIPS evaluation boards NetBSD/alpha Digital/Compaq Alpha (64-bit) NetBSD/amd64 AMD family processors like Opteron, Athlon64, and Intel CPUs with EM64T extension NetBSD/amiga Commodore Amiga and MacroSystem DraCo NetBSD/arc MIPS-based machines following the Advanced RISC Computi=ng spec NetBSD/atari Atari TT030, Falcon, Hades NetBSD/cats Chalice Technology's CATS and Intel's EBSA-285 evaluati=on boards NetBSD/cesfic CES FIC8234 VME processor board NetBSD/cobalt Cobalt Networks' MIPS-based Microservers NetBSD/dreamcast Sega Dreamcast game console NetBSD/evbarm Various ARM-based evaluation boards and appliances NetBSD/evbmips Various MIPS-based evaluation boards and appliances NetBSD/evbppc Various PowerPC-based evaluation boards and appliances NetBSD/evbsh3 Various Hitachi Super-H SH3 and SH4-based evaluation boards and appliances NetBSD/hp300 Hewlett-Packard 9000/300 and 400 series NetBSD/hp700 Hewlett-Packard 9000 Series 700 workstations NetBSD/hpcarm StrongARM based Windows CE PDA machines NetBSD/hpcmips MIPS-based Windows CE PDA machines NetBSD/hpcsh Hitachi Super-H based Windows CE PDA machines NetBSD/i386 IBM PCs and PC clones with i386-family processors and up NetBSD/ibmnws IBM Network Station 1000 NetBSD/iyonix Castle Technology's Iyonix ARM based PCs NetBSD/landisk SH4 processor based NAS appliances NetBSD/luna68k OMRON Tateisi Electric's LUNA series NetBSD/mac68k Apple Macintosh with Motorola 68k CPU NetBSD/macppc Apple PowerPC-based Macintosh and clones NetBSD/mipsco MIPS Computer Systems Inc. family of workstations and servers NetBSD/mmeye Brains mmEye multimedia server NetBSD/mvme68k Motorola MVME 68k Single Board Computers NetBSD/mvmeppc Motorola PowerPC VME Single Board Computers NetBSD/netwinder StrongARM based NetWinder machines NetBSD/news68k Sony's 68k-based "NET WORK STATION" series NetBSD/newsmips Sony's MIPS-based "NET WORK STATION" series NetBSD/next68k NeXT 68k "black" hardware NetBSD/ofppc OpenFirmware PowerPC machines NetBSD/pmax Digital MIPS-based DECstations and DECsystems NetBSD/pmppc Artesyn's PM/PPC board NetBSD/prep PReP (PowerPC Reference Platform) and CHRP machines NetBSD/sandpoint Motorola Sandpoint reference platform NetBSD/sbmips Broadcom SiByte evaluation boards NetBSD/sgimips Silicon Graphics' MIPS-based workstations NetBSD/shark Digital DNARD ("shark") NetBSD/sparc Sun SPARC (32-bit) and UltraSPARC (in 32-bit mode) NetBSD/sparc64 Sun UltraSPARC (in native 64-bit mode) NetBSD/sun2 Sun Microsystems Sun 2 machines with Motorola 68010 CPU NetBSD/sun3 Motorola 68020 and 030 based Sun 3 and 3x machines NetBSD/vax Digital VAX NetBSD/x68k Sharp X680x0 series NetBSD/xen The Xen virtual machine monitor
Ports available in source form only for this release include the following:
The complete list of changes can be found in the CHANGES and CHANGES-4.0 files in the top level directory of the NetBSD 4.0 release tree. Some highlights include:
Networking
* agr(4): new pseudo-device driver for link level aggregation. * IPv6 support was extended with an RFC 3542-compliant API and added for gre(4) tunnels and the tun(4) device. * An NDIS-wrapper was added to use Windows binary drivers on the i386 platform, see ndiscvt(8). * The IPv4 source-address selection policy can be set from a number of algorithms. See "IPSRCSEL" in options(4) and in_getifa(9). * Imported wpa_supplicant(8) and wpa_cli(8). Utilities to connect and handle aspects of 802.11 WPA networks. * Imported hostapd(8). An authenticator for IEEE 802.11 networks. * carp(4): imported Common Address Redundancy Protocol to allow multiple hosts to share a set of IP addresses for high availability / redundancy, from OpenBSD. * ALTQ support for the PF packet filter. * etherip(4): new EtherIP tunneling device. It's able to tunnel Ethernet traffic over IPv4 and IPv6 using the EtherIP protocol specified in RFC 3378. * ftpd(8) can now run in standalone mode, instead of from inetd(8). * tftp(1) now has support for multicast TFTP operation in open-loop mode, server is in progress. * tcp(4): added support for RFC 3465 Appropriate Byte Counting (ABC) and Explicit Congestion Notification as defined in RFC 3168.
File systems
* scan_ffs(8), scan_lfs(8): utilities to find FFSv1/v2 and LFS partitions to recover lost disklabels on disks and image files. * tmpfs: added a new memory-based file system aimed at replacing mfs. Contrary to mfs, it is not based on a disk file system, so it is more efficient both in overall memory consumption and speed. See mount_tmpfs(8). * Added UDF support for optical media and block devices, see mount_udf(8). Read-only for now. * NFS export list handling was changed to be filesystem independent. * LFS: lots of stability improvements and new cleaner daemon. It is now also possible to use LFS as root filesystem. * vnd(4): the vnode disk driver can be used on filesystems such as smbfs and tmpfs. * Support for System V Boot File System was added, see newfs_sysvbfs(8) and mount_sysvbfs(8).
Drivers
* Audio: + Support for new models on drivers such as Intel ICH8/6300ESB, NVIDIA nForce 3/4, etc. + Added support for AC'97 modems. + auich(4): added support to handle the AC'97 modem as audio device, enabled with the kernel option "AUICH_ATTACH_MODEM". + azalia(4): added support for S/PDIF. * Hardware Monitors: + amdpm(4): added support for the i2c bus on the AMD-8111 used on many Opteron motherboards and for the Analog Devices ADT7464 hardware monitor chip. + adt7467c(4): new driver for Analog Devices ADT7467 and ADM1030 hardware monitor chips. + ipmi(4): new driver for motherboards implementing the Intelligent Platform Management Interface 1.5 or 2.0, from OpenBSD. + it(4): new driver for iTE 8705F/8712F and SiS 950 hardware monitors. + The lm(4) driver was rewritten and support for more chips was added, for example for Winbond W83627HF, W83627THF, W83627DHG and Asus AS99127F. + owtemp(4): new driver for the 1-Wire temperature sensors. + tmp121temp(4): new driver for the Texas Instruments TMP121 temperature sensor. + ug(4): new driver for Abit uGuru hardware monitor found on newer Abit motherboards. * Miscellaneous: + geodewdog(4): new AMD Geode SC1100 Watchdog Timer driver. + gscpcib(4): new AMD Geode SC1100 PCI-ISA bridge that provides support for the GPIO interface. * Networking: + ath(4): updated HALs with support for WiSOC (AR531x) and 32bit SPARC. + bge(4): added support for the following chips: BCM5753, BCM5753M, BCM5715, BCM5754, BCM5755 and BCM5787. Numerous improvements and bugfixes were made too. + kse(4): new driver for Micrel KSZ8842/8841 PCI network cards. + msk(4): new driver for Marvell Yukon 2 GigE PCI network cards, from OpenBSD. + nfe(4): new driver for NVIDIA nForce Ethernet network cards, from OpenBSD. + ral(4): new 802.11 driver for PCI/Cardbus Ralink RT2500, RT2501, RT2600, RT2661 and RT2500 USB chipsets, from OpenBSD. + rum(4): new 802.11 driver for USB Ralink RT2501 and RT2601 chipsets, from OpenBSD. + sip(4): now works on sparc64. + tlp(4): added support for ASIX AX88140A and AX88141. + vr(4): added support for the VIA Rhine III. + wm(4): added support for i8003, ICH8, ICH9 and others. Support for IPv6 Rx TCP/UDP Checksum Offloading and more. + wpi(4): new driver for Intel PRO/Wireless 3945ABG PCI 802.11 network cards, from OpenBSD. * Security: + glxsb(4): new driver for the AMD Geode LX AES Security Block that provides random numbers and AES acceleration, from OpenBSD. * Power Management: + Support for Intel Speedstep SMI on PIIX4 PCI-ISA for i386. + Support for AMD PowerNow and Cool'n'Quiet Technology on K7 and K8 CPUs (both in 32 and 64 bit mode), including Athlon Mobile, Athlon64, Opteron or X2. See options(4) for more information. + Support for more Enhanced Speedstep CPUs, including VIA C7/Eden and Intel Core Solo/Duo/Duo2. See options(4) for more information. + The Enhanced Speedstep and PowerNow drivers were modified to be able to be scaled in all CPUs available, saving power on SMP systems. * Storage: + ahcisata(4): new driver for AHCI 1.0 and 1.1 compliant SATA controllers. + ataraid(4): added support to handle Adaptec HostRAID and VIA V-Tech software RAID. + ciss(4): new driver for HP/Compaq 5th+ generation Smart ARRAY controllers, from OpenBSD. + fdc(4): added support for SBus based sparc64 machines and fixed formatting on sparc. + gcscide(4): new driver for the AMD Geode CS5535 Companion Device IDE controller. + jmide(4): new driver for JMicron Technology JMB36x PCIe to SATA II/PATA controllers. + mfi(4): new driver for LSI Logic and Dell MegaRAID SAS controllers, from OpenBSD. + mpt(4): added support for newer SAS and similar devices. + njata(4): new driver for Workbit NinjaATA-32 CardBus IDE controller. + pdcsata(4): added support for the Promise PDC20775, PDC20771, PDC40518, PDC40718 and some bugfixes. + piixide(4): added support for some ICH8/ICH8-M/ICH9 IDE and SATA controllers. + svwsata(4): new driver for Serverworks K2 SATA controllers,from OpenBSD. + viaide(4) added support for the VIA VT8237A SATA controller and AMD CS5536 Companion Device IDE Controller. * USB: + ucycom(4): new driver for Cypress microcontroller based serial devices. + uipaq(4): new driver for the iPAQ devices. + uslsa(4): new driver for Silicon Labs CP210x series serial adapters. + utoppy(4): new driver for the Topfield TF5000PVR range of digital video recorders.
Platforms
* i386: + Added support for the for Multiboot specification. This means much improved support for loading the kernel by GRUB, including passing in parameters to the kernel. + Added the unichromefb framebuffer driver that supports the VIA Unichrome Graphics adapter. + vesafb(4): added new framebuffer driver that supports VESA BIOS (VBE) 2.0 extensions and up. + Added ability to boot from the cd9660 file system to the BIOS bootloader. This adds the ability to load much bigger kernels and the option of selecting different kernels at boot time. * evbarm: new platform support for Arcom Viper PXA255-based single board, Atmark Techno Armadillo-9 and Armadillo-210, Certance CP-3100, Linksys NSLU2 (a.k.a. "Slug") and I-O DATA HDL-G Giga LANDISK NAS devices. * evbmips: added support for Alchemy Au1550 processors, DBAu1550 boards, Alchemy Au15XX PCI host, (OMS-AL400/128) and Atheros AR5312 SoC. * New port ews4800mips: NEC's MIPS based EWS4800 workstations. * cobalt: added support for booting off raidframe RAID1 mirrors. * hpcmips: added the teliosio(4) driver for the Sharp Telios LCD screen and Battery unit. * New port landisk: port to the SH4 processor based NAS appliances, supporting models by I-O DATA (USL-5P, HDL-U, HDL-AV, HDL-W and HDLM-U series, SuperTank LAN Tank, UHDL-160U and UHDL-300U) and Plextor PX-EH16L, PX-EH25L and PX-EH40L. * macppc: this port has gained support to use accelerated wsdisplay drivers by default (if possible), and uses the appropriate driver rather than the Generic Open Firmware Framebuffer. * prep: this port has been modernized, and support for five additional machines has been added, among them the IBM 7024-E20 and 7025-F30 models and Motorola Powerstack E1. Additionally, sysinst support was added, and the bootloader process was improved, allowing easy installation and upgrade to future releases. * sparc: added support for booting off raidframe RAID1 mirrors. * Xen: support for Xen3 domU and dom0 (Unprivileged domain and domain 0), including support for hardware virtualization on CPUs that support it.
Kernel subsystems
* Improved Firewire (IEEE1394) support imported from FreeBSD. * The midi(4) framework got a complete overhaul for better support of Active Sensing and improved handling of tempo and timebase changes. * Added a Bluetooth protocol stack including: + hardware drivers: ubt(4) for USB controllers, and bt3c(4) for the 3Com Bluetooth PC-Card. + socket based access to the HCI, L2CAP, RFCOMM and SCO protocols. + pseudo drivers for integrating services on remote Bluetooth devices such as Keyboards, Mice and SCO Audio into the NetBSD device framework. See bluetooth(4), bthset(1) and btpin(1). * Imported the bio(4) framework from OpenBSD, to query/control block hardware RAID device controllers. Currently supporting the mfi(4) driver. * Kernel uses stateful read-ahead algorithm. * dkctl(8) can be used to switch buffer queuing strategies on the fly on wd(4) disks, see also bufq(9). * fileassoc(9) is used by Veriexec, it adds in-kernel and file-system independent file meta-data association interface. * firmload(9): an API for loading firmware images used by various hardware devices. * gpio(4): imported General Purpose I/O framework from OpenBSD. * onewire(4): imported Dallas Semiconductor 1-wire bus framework from OpenBSD. * The proplib(3) protocol was added for sending property lists to/from the kernel using ioctls. * spi(4): new SPI (Serial Peripherial Interface) framework. * timecounter(9) adds a new time-keeping infrastructure along with NTP API 4 nanokernel implementation. Almost all platforms were changed to support this API. * Start of 32bit-Linux-emulation for amd64 (COMPAT_LINUX32). * wscons(4) console driver supports splash screens, scrolling, progress bar for kernel and boot messages.
Kernel interfaces have continued to be refined, and more subsystems and device drivers are shared among the different ports. You can look for this trend to continue.
Security
* The FAST_IPSEC IPsec implementation was extended to use hardware acceleration for IPv6, in addition to the hardware accelerated IPv4 that was available before. See fast_ipsec(4) for more information. * mprotect(2) got restrictions to enforce W^X policies, from PaX. See options(4), sysctl(3), and paxctl(1). * GCC 4's support for stack smashing protection (SSP) was enabled by adding libssp, see security(8). * The kernel authorization framework kauth(9) was added, replacing the traditional BSD credential management and privileged operation access control with an abstract layer, allowing the implementation of various security models either as part of the NetBSD distribution or as third-party LKMs. NetBSD's kernel authorization is a hybrid clean-room implementation of a similar interface developed by Apple,extending its capabilities and combining concepts of credential inheritance control.
Userland
* 3rd party software updates: + BIND 9.4.1-P1 + OpenSSL 0.9.8e + CVS 1.11.22 + OpenSSH 4.4 + gettext 0.14.4 + PF from OpenBSD 3.7 + (n)awk 20050424 + Postfix 2.4.5 + am-utils 6.1.3 + file 4.21 + zlib 1.2.3 + GNU binutils 2.16.1 + GNU groff 1.19.2 + IPFilter 4.1.23 + GNU gcc 4.1.2 prerelease + GNU gdb 6.5 (some architectures) + NTP 4.2.4p2 + pppd 2.4.4 * cdplay(1): added digital transfer mode support. * cksum(1) can now verify checksums. * csplit(1): new utility that splits a file into pieces. From FreeBSD/OpenBSD. * identd(1): added support for forwarding ident queries and receiving of proxied ident queries. * getent(1): added support for the ethers database. * gkermit(1): new program for transferring files using the Kermit protocol. * mail(1): added support for Mime and multi-character set handling, command line editing and completion. * utoppya(1): new utility to interface to the utoppy(4) driver. * init(8): added support for running multi-user in a chroot() environment. Allows / file system on e.g., cgd(4), vnd(4) or ccd(4) volumes. * gpt(8): new GUID partition table maintenance utility, from FreeBSD. * iSCSI target (server) code added, see iscsi-target(8); Initiator (client) code is underway. * lockstat(8): new command to display a summary of kernel locking events recorded over the lifetime of a called program. * ofctl(8): new command to display the OpenPROM or OpenFirmware device tree for the macppc, shark and sparc64. * Various utilities to support Bluetooth were added: + btconfig(8) for controller configuration. + btdevctl(8) to manage pseudo devices relating to remote services. + bthcid(8) and btpin(1) for authenticating radio connections. + sdpd(8) for providing service discovery to remote devices. + sdpquery(1) for querying services on remote devices. + rfcomm_sppd(1) to access remote services over RFCOMM via stdio or pty. + bthset(1) for making connections to Bluetooth headsets.
About the NetBSD Foundation
The NetBSD Foundation was chartered in 1995, with the task of overseeing core NetBSD project services, promoting the project within industry and the open source community, and holding intellectual property rights on much of the NetBSD code base. Day-to-day operations of the project are handled by volunteers.
As a non-profit organization with no commercial backing, The NetBSD Foundation depends on donations from its users, and we would like to ask you to consider making a donation to the NetBSD Foundation in support of continuing production of our fine operating system. Your generous donation would be particularly elcome assistance with ongoing upgrades and maintenance, as well as with operating expenses for The NetBSD Foundation.
Kaspersky Lab corrects false positive detection in threat signature database
Kaspersky Lab corrects false positive detection of a particular Windows explorer.exe file.
An incorrect threat signature was added to the company's antivirus databases on December 19, 2007, around 7PM GMT. It falsely detected a relatively uncommon version of explorer.exe as Worm.Win32.huhk.c and quarantined the file. The incorrect signature was removed from the database after two hours.
The version of explorer.exe which was falsely detected was released via Microsoft Windows Update service as an Update for Windows XP on 24.07.2007
Unfortunately, the incorrect signature caused a limited number of Kaspersky Lab product users to experience problems with system functionality.
Kaspersky Lab apologizes for any inconvenience caused to users by the error. The company's free 24-hour technical support service is available to assist any affected users in rectifying the problem.
Google AdSense is probably one of the most popular revenue generators in the Web. We hear the stories about bloggers-genies, who manage to turn their blogs into cash machines overnight. However, it's not that simple to find the actual tips, which stick to Google policies, might increase your revenues and don't try to trick out the readers of your weblog.
We've spent several hours, trying to find out, what might increase your Google AdSense income and which tools you can use to observe and track your revenues. We've selected the key-points of successful stories and useful tips as well as Google AdSense sites and services you can use on a daily basis. Let's take a look.
Things You Probably Don't Know About Google AdSense
"AdSense Earning = Impression-count x Click-though-rate x Cost-per-click x smart-pricing-factor. Viewing your on website will not get you banned. Just make sure you don't click on the ads.
However, repeatedly reload your page to jack up page impressions can get you banned. Click-through-rate (CTR) is ratio of clicks per impressions. It can range from 0.1% to 30%, but most commonly around 1% to 10%." [100 Google Adsense Tips]
"First impressions count: make sure the ad unit with the highest CTR is the first ad unit in the HTML code of your page. Keep in mind that the first ad unit in the source code is not always the first ad unit that your users will see when the page finishes loading in their browser." [Inside AdSense: First impressions count]
"Ads placed near rich content and navigational aids usually do well because users are focused on those areas of a page. on pages where users are typically focused on reading an article, ads placed directly below the end of the editorial content tend to perform very well." [Where should I place Google ads on my pages?]
"Format is important for multiple ad units, display your ad units where repeat users will notice them, place a leaderboard immediately after the last post." [Six AdSense optimization tips for forums]
"The middle, above the fold location performs the best. Best performing ad format is the large rectangle, 336×280. So the wider ad formats are doing better than the other ones and the reason is that they actually take up fewer lines. And so with every additional line, you have a chance of losing that interested user.
So the wider formats do best so specifically, the top three formats are the 336×280 that you see on the page; the 300×250 medium rectangle; and then the 160×600 wide skyscraper.
We have a feature in the AdSense account where you are able to multi-select different color palettes that blend with your site to add some variety and freshness to the ads. And that also will help decrease ad blindness." [Google AdSense Optimization Webinar]
"The second most active placement in terms of click-throughs tends to be the right-hand rail or margin". "Skyscrapers" and vertical banners do well when placed next to the content in the main body. Square and rectangle ads placed within the center column also do well, provided they are placed in context to the content. Ads placed below the fold tend to perform least well, although that isn't a hard-and-fast rule." [Yahoo! Publisher Network: Location, location, location…]
"I found the most success in placing the Google Adsense medium rectangle either right in the middle of the page or in a middle right column as long as it has content above and below the ad unit. Its is fine to use Adsense Ads on a forum however expect a very low CTR." [Google Adsense Tips for Webmasters]
"Post Adsense ads on text rich pages, avoid titles like the approved 'Sponsored Links' and 'Advertisements', place Ads above the fold, Match the colors of your ads with the colour scheme of your site, Blend ads with your page - remove the borders by having a similar color as your background." [How to Increase Google Adsense CTR]
"To remove Public Service Ads (PSA) in Google Adsense develop sufficient good content with keywords, Ensure that META tags like 'title' & 'description' and the headings tags like h1, h2 etc. have content which matches the rest of your site." [How to Remove Public Service Ads (PSA) in Google Adsense]
"Over the weekend, I decided to change the number of ads units on my blog based upon where the traffic is coming from. I have a small PHP function that checks to see if the referrer is a search engine, and if it is, I display and additional 2 ad units. My Adsense revenue increasing by 284% on Saturday, Sunday and Monday!" [Positive Adsense Experiment]
"Never click your own adsense ads or get them clicked for whatever reason. Never change the Adsense code. Do not run competitive contextual text ad (2006) or search services on the same site. Do not mask ad elements. Avoid excessive advertising and keyword stuffing." [ 15 Common Mistakes that Violate Google Adsense TOS ]
"Putting ads on your site won't hurt your traffic. There are 6 sorts of bloggers' income: Google Adsense, Donations (e.g. PayPal), Text Link Ads (sold for a fixed amount per month), Chitika eMiniMalls ads (pay per click), affiliate programs like Amazon, Advertising sold to individual advertisers (three-month campaigns or longer) [How to Make Money From Your Blog - a VERY extensive article]
"A number of factors come into play when AdSense tries to determine what the page is about: The URL of the page, the page title, the anchor text of links, the keywords that appear most frequently within the page, search engine queries that lead to the page or to another page that links to the page". [How to Get Relevant AdSense Ads (Especially For Bloggers)]
"Ask yourself if you are willing to compromise your blog's layout and over-all feel by adding ads in them. Look at your traffic and see if it's enough to draw the crowd. Make good use of the Ad Channels. Give it time." [Tips on Blog Adsensification]
"You can put upto 3 AdSense units on a page. For short articles, CTR is best when ads are placed just above the content. For long articles, CTR improves if ads are placed somewhere in middle of the content. Go Wide - the large rectangle 336×280 is the best paying adsense format." [Adsense Tips, Layout Optimization Tricks for HigherCTR]
Google AdSense Help Page provides a very detailed FAQ about Google AdSense. Learn optimization essentials, how to design successful ads, savvy ad placement and how to use features wisely.
Google AdSense Success Stories provided by Google itself. Many interesting insights in concrete decisions, which helped to increase Google AdSense revenues.
Google AdWords: Keyword-Tool The Keyword Tool generates potential keywords for your ad campaign and reports their Google statistics, including search performance and seasonal trends. Start your search by entering your own keyword phrases or a specific URL. You can then add new keywords to the green box at the right.
Google AdSense Tools, Services
Getting The Most Out Of Adsense: Top 10 Adsense Tools Contextual Ads Preview/Comparison Tool (for Google Adsense, Yahoo YPN, Chitika eMiniMalls), AdSense Calculator, AdSense SandBox, AdWords Bidding Tool/Traffic Estimator.
Google Adsense Tips and Tools Collection a compilation of common Google tips and tools to make more money from Google Adsense. Among them dozens of AdSense Tools.
AdLogger » Open-Source Click Fraud Prevention and Click Monitoring intends to prevent click-fraud on your websites by tracking visitors clicks and limiting the number of clicks one may make. AdLogger tracks AdSense clicks in real time and compiles the data for you to review.
AdsBlackList.com - Filter them and increase your revenue ! increase your adsense revenue up to 50%, increase the reputation of your website by NOT linking to Made for Adsense sites, save the quality of contextual advertising in global.
Adsense Notifier displays your Adsense earnings on the Firefox statusbar.
AdSense Tracking Software | The Cutting-Edge Ad Tracking Solution reveals the precise AdSense Ads that are being clicked most frequently on your site, the exact pages that your AdSense Ads are being clicked on, the actual Ad Formats that are bringing you the most clicks and more.
Free Charts Generated from your Google Adsense Reports Charts include: total earnings, clickthru-rate, earnings per click, number of clicks, earnings per impression, number of page impressions, earnings by day of week and earnings by day of month. Most of charts include 7-day moving averages which allow you to spot trends within your results.
Monetizing WordPress Plugins an overview of 8 AdSense-Plugins you can use with Wordpress blog engine. AdSense Widget Wordpress Sidebar, AdSense Paster, AdSense Injection and more.
AdSense Niches If you want to make money with Adsense, NicheGeek's free AdSense niches will show you exactly what niche you need to be in if you want to make 20, 30, 50, 70 cents per click or even more.
Kaspersky inadvertently quarantines Windows Explorer
Windows Explorer, one of the most crucial components of Microsoft's operating system, was quarantined earlier this week after being falsely identified as malicious code by an antivirus company.
Users of Kaspersky Lab's antivirus products noticed the issue, which Kaspersky claimed lasted two hours, on Wednesday night.
The security company's systems had decided that a virus called Huhk-C was present in the explorer.exe file, leading to its confinement or, in some cases, deletion. As Windows Explorer is the graphical user interface (GUI) for Windows' file system, this made it difficult to perform many common tasks within the operating system, such as finding files.
David Emm, a senior technology consultant at Kaspersky Lab, told ZDNet UK on Friday that the company was still examining its checklist to find out why the false positive "slipped through the net."
"This is classic false-alarm territory," Emm said. "We will check through our systems and see if we can tighten them up so we don't run into this problem in the future. No antivirus company, including ourselves, can say they have never had a false alarm, (but) on all fronts, we do what we can to minimize any potential risk for our customers."
Emm pointed out that Kaspersky adds about 3,000 records per week to its database, demonstrating the "scale of the issue, in terms of testing procedures."
The "offending signature" went out at around 7 p.m. on Wednesday, according to Emm, who claimed that it was pulled two hours later in a "makeshift" attempt to limit the damage while Kaspersky examined the signature.
"We proactively went out to our enterprise customers to make them aware there was this potential issue," Emm said. "Only one corporate customer (in the U.K.) encountered this problem, as well as a handful of home users." He added that users who have not changed their default settings would have found explorer.exe to be only quarantined, rather than deleted.
In March of this year, Kaspersky criticized Microsoft's consumer antivirus product, OneCare, for incorrectly quarantining and, in some cases, deleting Microsoft Outlook files.
source: David Meyer of ZDNet UK reported from London.
The market The currency trading (FOREX) market is the biggest and the fastest growing market on earth. Its daily turnover is more than 2.5 trillion dollars, which is 100 times greater than the NASDAQ daily turnover. (click here to read full market background by Easy-Forexâ„¢).
Markets are places to trade goods. The same goes with FOREX. The Forex goods (or merchandise) are the currencies of various countries. You buy Euro, paying with US dollars, or you sell Japanese Yens for Canadian dollars. That's all.
How does one profit in Forex?
Very simple and obvious: buy cheap and sell for more! The profit is generated from the fluctuations (changes) in the currency exchange market. The nice thing about the FOREX market, is that regular daily fluctuations, say - around 1%, are multiplied by 100! (in general, Easy-Forexâ„¢ offers trading ratios from 1:50 to 1:200). If, for example, the exchange rate of "your" pair of currencies increased by 0.6% in the last 4 hours, your profit will be 60% on your investment! Such can happen in one business day, or in a few hours, even minutes.
Moreover, you cannot lose more than your "margin"! You may profit unlimited amounts, but you never lose more than what you initially risked and invested.
You can implement your choice (the pair of currencies, the volume amount) under any direction to which the market is moving, and yet make profit. It does not matter whether the exchange rate is going up or down: you can always decide to buy Euro and sell dollar, or vice versa - buy dollar and sell Euro. You don't have to physically possess certain currencies in order to perform "buy" or "sell" with them.
How do I start?
Register (Easy-Forexâ„¢ offers the simplest and quickest registration process, no obligation); deposit your first trading "margin" amount (credit cards are welcome, only by Easy-Forexâ„¢); start trading.
It can't be simpler or easier than that. Need help? We'll provide you with 1-on-1 training and service, as much as necessary (Easy-Forexâ„¢ offers real people service, live, in your own language).
How do I trade Forex?
You select the pair of currencies with which you wish to make a Forex deal. You determine the volume (the amount of the deal). You deposit the "margin" (collateral needed to facilitate the deal. Usually - only a very small portion of the whole deal, say: 1% or 1:100).
Before you finally activate the deal, you can still "freeze" it for a few seconds. That enables you to either change the terms, or accept it as is, or altogether regret the whole idea. The "freeze" feature is a unique service by Easy-Forexâ„¢.
When your Forex deal is running (you hold an "open position"), you can monitor its status and check scenarios online, whenever you wish. You may change some terms in the deal, or close it (and cash the profit, if any, or minimize the loss, if any). Moreover, Easy-Forexâ„¢ lets you determine a "take-profit" rate, with which the deal will close automatically for you, when and if such rate occurs in the market. Meaning: you do not have to stay near your computer when you hold open positions.
Want to know more? Want to get on-line training? Register here (simple, quick, no obligation), we'll be glad to guide you, every step of the way.
Forex-Affiliate is a world leading and highly paying Forex affiliate program. The Forex (currency exchange trading) industry is the biggest market on earth today, with a daily turnover of 3 trillion dollars! Anyone today can trade Forex online. The participants in this market include central banks, organizations, commercial banks, institutional traders, andprivate individuals throughout the globe. This is a highly exciting market, though risky! Affiliating in the Forex market offers you a great earning potential, with online access to your traffic performance and your commission. The affiliates are provided with online support, marketing creatives and professional tools – free of charge.
Forex-Affiliate offers a win-win earning program – combination of CPA and evenue-Sharing,tailor made to suit you best! As our business partner, your commission is based on the revenue generated by your referrals, plus a flat fee for introducing referrals. In addition, you may well enhance your earning by running the 2nd-tier program (introducing Forex-Affiliates under you). Also the 2nd-tier program offers combined CPA and Comm-Share (flat fee, plus precentage of commission earned by your referred affiliates).
Divx Pro Free Download is Available for a Limited Time
For a limited time, Divx is offering a complimentary download of their Divx Pro software, which consists of both a converter and the Codec.
All you need is a valid email address and you’ll be set to go.Remember, this is the Pro version which includes DivX Converter and DivX Pro Codec. Here’s a quick overview of the benefits that each provide:
DivX Converter
Drag-and-drop nearly any video format to create a high-quality, highly compressed DivX video
Merge and convert multiple videos into a single DivX file with an automatically generated menu
DivX Pro Codec
Higher performance, including multi-threaded support for better performance on all HyperThreaded, dual core and dual CPU (SMP) systems
More encoding options, including six carefully optimized encoding modes that balance visual quality and performance for virtually any application
Here’s the link that you’ll need to download DivX for Windows. This link also explains how the free holiday download will work. Essentially you’ll download the file, and then enter in your email address during the installation. Then you’ll receive an email with your serial number for DivX Pro. There’s also a Mac version, and the link for that download is here.
the phpBB Team has announced the availability of the phpBB 3.0.0 package:
"Please note that we urge you to update. The versions we support here are phpBB 2.0.22 and phpBB 3.0.0.
3.0.0 has seen some some critical bugs fixed, including:
[Fix] Cleaned usernames contain only single spaces, so "a_name" and "a__name" are treated as the same name (Bug #15634)
[Fix] Check "able to disable word censor" option while applying word censor on text (Bug #15974)
[Fix] Rollback changes on failed transaction if returning on sql error, if set
[Fix] Call garbage_collection() within database updater to correctly close connections (affects Oracle for example)
Please refer to the changelog for a complete list of fixes since RC8.
A short explanation of how to do a conversion, installation or update is included within the provided INSTALL.html file, please be sure to read it.
Minimum Requirements phpBB3 has a few requirements which must be met before you are able to install and use it.
A webserver or web hosting account running on any major Operating System with support for PHP
A SQL database system, one of:
MySQL 3.23 or above (MySQLi supported)
PostgreSQL 7.3+
SQLite 2.8.2+
Firebird 2.0+
MS SQL Server 2000 or above (directly or via ODBC)
Oracle
PHP 4.3.3+ (>=4.3.3, >4.4.x, >5.x.x, >6.0-dev (compatible)) with support for the database you intend to use.
getimagesize() function need to be enabled
These optional presence of the following modules within PHP will provide access to additional features, but they are not required.
zlib Compression support
Remote FTP support
XML support
Imagemagick support
GD Support
The presence of each of these optional modules will be checked during the installation process.
Security Security issues found should be reported to our security tracker in the usual way.
Available packages If you experience problems with the automatic update (white screens, timeouts, etc.) we recommend using the "changed files only" or "patch" method for updating.
With this release, there are four packages available.
Full Package Contains entire phpBB3 source and english language files.
Changed Files Only Contains only those files changed from previous versions of phpBB3. Please note this archive contains changed files for each previous release.
Patch Files Contains patch compatible patches from previous versions of phpBB3.
Automatic Update Package Update package for the automatic updater, containing the changes from previous release to this release.
Select whichever package is most suitable for you.
Please ensure you read the INSTALL and README documents in docs/ before proceeding with installation, updates or conversions!.
Most Linux users are familiar with using GNU Wget to download single files by passing the URL as an argument to the wget command, but you can also use Wget with desktop applications. It requires a little preparation, but it's easy to integrate Wget with your favorite browser and other desktop applications. You can also use Wget in scripts to categorize batch downloads and make them fault-tolerant. Here's how to get Wget to sit up and beg for you. If you have a list of files you want to download, you can use Wget's -i option, which tells Wget to read a list of URLs from a file. Invoke wget -i filelist and wait until it finishes the job, and your files are downloaded!
Most download managers, when you pause downloading, you close the connection to the server and open it again when you choose to resume. When you download a file using Wget, you can pause by pressing Ctrl-Z, and the connection will not be lost if you resume quickly enough (the connection usually times out after 60 seconds). That means you don't lose time when reconnecting.
If you stop Wget before it has finished downloading the list of files, you may want to continue from the last file it was downloading. In that case, using wget -i filelist won't do the job anymore. What you need is a script that will delete a URL from the list after Wget finishes downloading the appropriate file. This short script will do the job:
#!/bin/sh # wget-list: manage the list of downloaded files
# invoke wget-list without arguments
while [ `find .wget-list -size +0` ] do url=`head -n1 .wget-list` wget -c $url sed -si 1d .wget-list done
With this technique, you store the list of URLs in a file called .wget-list, one URL per line. On each line you can not only write URLs but also additional options for Wget. For example, if you want to set the name of the output file, you can add a line like <URL> -O <filename> to .wget-list, where -O is a Wget command-line option and <filename> is the the name you want it to use. You can add the -c option to be sure that the download will be continued from the same place Wget (or another application) stopped at. Consult the wget manpage for other options.
When Wget is finished downloading the first file in the list, the first line of .wget-list is deleted, so on the next loop Wget starts downloading the next file in list. If you press Ctrl-C, the next time you run wget-list it will continue downloading the same file.
If you want to categorize the files you download, you could create several directories to place files in, such as src, movie-trailers, and docs. Create a file .wget-list in each directory, and use a master script like wget-all below to process the .wget-list files in each subdirectory:
#/bin/sh # wget-all: process .wget-list in every subdirectory # invoke wget-all without arguments
find -name .wget-list -execdir wget-list ';'
This script looks for files named .wget-list and executes the command wget-list in every directory where it found the file.
If you want to set priorities between the categories, to specify which will be processed first, you need to be able to specify the order to work on the directories, as in wget-dirs:
#!/bin/sh # wget-dirs: run wget-all in specified directories # invoking: wget-dirs <path-to-directory> ...
for dir in $* do pushd $dir wget-all popd done wget-all
This script should be executed with parameters: if you want to download files in the src directory, and then files in the docs directory, you should invoke wget-dirs src docs (don't forget to change the current directory to the one containing those directories, or else specify the full paths). In this script pushd changes the current directory and remembers the previous one in its stack, and popd changes the current directory to the last remembered one.
Desktop integration
Now you need an easy way of adding URLs to list. You can use this add-url script to add a URL to the .wget-list category:
#!/bin/sh # add-url: add URL to list
# invoking: add-url URL
echo $* >>~/download/.wget-list # assuming that ~/download is the directory for downloaded files
Add-url is a handy script if you're at the command line, but KDE users can take more advantage of it by using Klipper's ability to run commands on any string copied to the clipboard. Open the configuration dialog by right-clicking on the Klipper icon in the system tray or the Klipper applet, and choose Configure Klipper, and go to the Actions tab. You will notice that you can set different groups of actions for strings matching different regular expressions.
There should already be a group for HTTP links ("^https?://."). Right-click on this group and choose Add Command, then type "add-url %s" for the command and "Add URL to download queue" for the description. Then go to Global Shortcuts tab and select a shortcut to invoke the action. From then on, every time you use this shortcut, you will see a menu of actions available for the string currently in clipboard, which will now include the item for running the script you prepared to add URLs to the Wget queue.
Klipper helps you to automate adding URLs from any application, but most of the time you will grab URLs from the browser, so why not add an item to its context menu?
The FlashGot for Firefox extension helps you to integrate any download manager into Firefox. After downloading and installing FlashGot, select FlashGot -> Settings from Firefox's Tools menu. Enter the path of the add-url script, and leave the URL template as "[URL]". Now you can use FlashGot's context menu items, including "Download the link via FlashGot" and "Download everything via FlashGot," to download files with Wget.
Opera users can also use Wget as a download manager. In the main Opera menu select Tools -> Preferences. Go to the Advanced tab, select Toolbars in the list at the left side. Click on Opera Standard in Menu Setup and click on Duplicate. Don't close the dialog, just minimize the Opera main window. Now open the file ~/.opera/menu/standard_menu (1).ini and add this line to the Link Popup Menu and Image Link Popup Menu sections:
Item, "Add to download queue"="Execute program, "/home/user/bin/add-url","%l""
This assumes that /home/user/bin/add-url is the full path to add-url -- don't use ~ there.
Now restore the Opera window, select the Copy of Opera Standard menu setup, and click OK. You should notice the new items in the context menu when you right-click.
Those are several ways that an "old-style" command-line tool like Wget can be easily integrated into a GUI environment. If you are a fan of GUI tools, you can also use Wget front ends such as Gwget for GNOME and KGet for KDE.
Segmented downloading
Some download managers support segmented downloading, which means downloading several pieces of file simultaneously. Segmented downloading is supposed to help utilize bandwidth more efficiently, but this is not always true: if your connection speed is not high, you will create more traffic, but downloading files will not be faster. For that reason, some webmasters ban the use of segmented downloading (though this is rare). Single-threaded downloading has its benefits, especially when Wget is concerned. Other download managers have internal databases to help them keep track of which parts of files are already downloaded. Wget gets this information simply by scanning a file's size. This means that Wget is able to continue downloading a file which another application started to download; most other download managers lack this feature. Usually I start by downloading a file with my browser, and if it is too large, I stop downloading and finish it later with Wget. Still want to try the segmented downloading? The Aria2 console download utility supports it.
Microsoft developed CHM as a proprietary format for Windows 98, leaving behind the previous WinHelp (HLP) format. CHM is still alive and kicking in XP and Vista, though some applications use the newer Microsoft Help 2 format.
CHM files comprise a set of Web pages, plus a hyperlinked table of contents and an index, compressed with LZX. CHM offers small size (because of compression), full text searches, and the ability to join several CHM files into a single file with a common table of contents and index.
Even though CHM is a Microsoft format, several projects have written CHM file viewers for Linux.
KchmViewer KchmViewer is the standard KDE viewer for CHM files. The current production version 3.1 was released in June, though version 4.0 is now available in beta; I tested the former. It's released under the GNU General Public License (GPL), and it uses some code from another viewer, xCHM.
KchmViewer is available in most distribution repositories. You can also download it and install it (make sure you have the qt3-devel package) through the usual configure and make commands; check the specific instructions on the download page.
Under KDE, KchmViewer is associated with CHM files by default, so it runs automatically when you click on such a file. It can use either a Trolltech Qt widget or KDE's own KHTML widget to show the text (change widget from the Settings menu). I found one CHM file that wouldn't display correctly, and changing widgets solved the problem.
KchmViewer supports tabbed browsing, and it provides Contents, Index, and Search views. It correctly deals with foreign languages and multibyte character sets. You can generate bookmarks to mark your place in a document, and you can edit and delete bookmarks at will. You can view the original HTML code, and even specify which editor to use for this function via the Settings menu option.
Help Explorer Viewer Help Explorer Viewer, developed by Kama Software, is free but not open source. It comes in both Windows and Linux versions, which is an advantage if you work with dual booting systems or in an environment with both operating systems. You can use Help Explorer Viewer to view not only CHM files, but HLP (older) and HXS (newer) help file formats as well. According to the Web site, you can integrate Help Explorer Viewer into your application through its API.
Installation is simple. Go to its Downloads page and get the Linux version, which currently stands at 3.0. Go to the directory where you downloaded the file, and enter these commands as root:/p>
tar zxf HelpExplorer3.0_LINUX.tar.gz cd Setup/ ./setup.sh
After you view the end-user license agreement (EULA), Help Explorer Viewer is installed in /usr/local/HelpExplorer. If you want to uninstall it, you can run the uninstall.sh script in that directory. The installation asked if I wanted to install KDE/GNOME menu items, but even though I answered yes, the program didn't appear in the main menu, in the Konqueror menus, or even in the context menu when I right-clicked on a CHM file; I don't know where it's supposed to appear, but I couldn't find it.
Help Explorer Viewer includes all the usual search mechanisms: table of contents (organized hierarchically, as a tree), index (a list of keywords), and common searching. The help files showed up correctly in all tests I ran, but I wish I could have changed the font the program used, because it displayed pixelated. You can change views between Contents, Index, Search, and Favorites (called Bookmarks in other viewers).
ChmSee ChmSee is an open source Gtk2+ package for GNOME whose Web site is written mostly in Chinese; if it weren't for some parts in English, you'd be sorely tested to install or use ChmSee. It's free under the GPL, and version 1.0 was released in August.
Installing ChmSee could be a bother, but it appears in openSUSE standard repositories, which greatly simplifies things. If you want to build it from source, you'll need Gtk2+, libglade-2.0, gecko, chmlib, and OpenSSL. After getting the source package, you need to enter these commands:
tar xzf chmsee-1.0.0.tar.gz cd chmsee-1.0.0 ./configure make sudo make install
You might have to add a parameter to the configure command (--with-chmlib=/path/to/chmlib) if it cannot find chmlib. After installation, ChmSee was added to my openSUSE menus, but not my Konqueror or context menus.
You can configure the fonts used for display (something lacking in both KchmViewer and Help Explorer Viewer) by going to Edit -> Setup. Be careful with the Clear function, which deletes all ChmSee work files and causes the viewer to crash. If you opt for this, you'll have to reopen the CHM file. ChmSee doesn't offer Index or Search views; in fact, it has no search function at all. Also, in my testing, some CHM files displayed weird messages (and the text didn't get displayed), and some images didn't show at all.
ChmSee looks promising, but it still has a way to go before being at the same level as KchmViewer and Help Explorer Viewer.
Other candidates Firefox users can download the CHM Reader add-on, currently at version 0.2.1.1. Installation is simple. The utility adds a new Open CHM Files entry to the Firefox File menu. When you open a CHM file, the table of contents is hidden by default, but you can bring it up by pressing Ctrl-E. Viewing files works fine, but CHM Reader doesn't offer a global search function, and the Firefox search function works only within the current page.
I tried to look at GnoCHM, xCHM, and KCHM (seemingly abandoned; its latest version is from 2003), but I got into dependency hell problems. I couldn't find distribution-ready packages, and installation from source was troublesome.
Conclusion KchmViewer offers the easiest installation and greatest integration with the desktop environment. Help Explorer Viewer is useful for developers and users who work with both Linux and Windows. ChmSee has some bugs to be worked out, so I wouldn't recommend it for normal usage. CHM Reader is a good add-on, but its lack of searching power is a hindrance.
Article written By Federico Kereki, he is an Uruguayan systems engineer with more than 20 years' experience developing systems, doing consulting work, and teaching at universities.
iptables as a replacement for commercial enterprise firewalls
With IT budgets getting tighter, managers need to trim costs. Service contracts are expensive for any technology; firewalls are no exception. Netfilter, the project that provides the packet filtering program iptables, is a free firewall alternative. While it lacks the service contract of commercial solutions and a pretty interfaces to make firewall modification easy, it has solid performance, performs effectively at firewalling, and allows for add-on functionality to enhance its reporting and response functions.
As a case study to demonstrate the feasibility of iptables as an enterprise firewall, consider the network I manage at University of Illinois at Urbana-Champaign. The network supports 2,000 devices and has a 1-gigabit uplink with two firewall zones (DMZ and secure). Daily bandwidth outbound averages around 100 gigabytes. The network is protected by two dedicated firewall machines running iptables, each with three network cards (two for the bridging firewall, one for management access), and each running 1.5GHz single-core processors with 1GB RAM. Processing power is not critical in this case; you could save money by using a machine with a lower-end CPU.
We experience no latency attributed to the firewalls, and they do as good a job as can be expected of blocking bad traffic. Once the firewalls were properly tuned, we saw no downtime due to software issues.
There are, however, a couple of "gotchas" to keep in mind. The connection table can get filled on firewalls that are routinely being scanned or are on high-traffic networks. To solve this problem, increase the net.ipv4.ip_conntrack_max kernel parameter (mine is currently at 131071) and decrease net.ipv4.tcp_keepalive_time (3600 is a good choice). As long as the firewalls have plenty of memory to spare, these settings should not pose a problem, and the firewalls will happily run without needing any hand-holding. The result is a firewall with no packet loss and unnoticeable latency that's highly available (assuming good hardware).
Effectiveness at filtering traffic according to policy
A firewall is only as good as its ruleset, no matter which firewall you are using. The rules for iptables are generally easy to understand. Here is an example rule:
iptables -A INPUT -m state -p tcp --dport 80 -s 192.168.5.0/24 --state NEW,ESTABLISHED,RELATED -j ACCEPT
This command adds (-A) an input rule (traffic going to the machine the firewall is on) that checks state (-m) for any new, established, or related traffic from the 192.168.5.0 subnet on port 80 (Web traffic). If you want to log dropped packets (and you should) you also have to create both a DROP rule and a REJECT rule just to handle the logging.
You can block malformed packets (i.e. packets which may be part of a SYN scan) easily with rules checking just the TCP header flags. Other tools such as fwsnort allow for more detailed packet inspection to block clearly malicious traffic. fwsnort converts Snort rules into iptables rules that embed some IPS capability into the iptables. However, iptables allows for easy addition of IP address blacklists to stop all traffic from known hostile netspaces. Once you're familiar with the conventions for writing iptables rules and you have a basic knowledge of IP headers, you'll find it easy to write new rules.
Add-on functionality for reporting and active response
Several add-on tools can help you get more out of iptables log data. Most standard system log scanners can be configured to pull out interesting information, but they certainly aren't designed for that purpose. psad can be configured to provide email alerting on apparent attacks above a certain threshold, and to actively block hostile IP addresses once a defined threshold has been met.
You can perform additional management of the connection tables with the conntrack-tools from Netfilter. This software allows command-line access to the connection tables and allows for grabbing statistics on that information. Lastly, you can set up firewalling up to layer 7 (the application layer) with l7-filter. For instance, an academic environment could use l7-filter to limit peer-to-peer traffic bandwidth as a way to cut back on those fun MPAA/RIAA cease-and-desist letters.
On the downside, because iptables doesn't do the heavy lifting of making rules for you like commercial firewall appliances, it requires users have a more in-depth understanding of firewalling. While tools such as Firewall Builder and KMyFirewall making configuring iptables more user-friendly, a security admin will have to learn about firewalling and the applications in general. This means lots of time and up-front testing.
There is also the problem that when things break there is no one to call to fix it. This requires that knowledge be cultivated in house. However, information on open source solutions tends to be in the public domain, so training costs tend to be a factor of time and perhaps buying some books at Amazon.
At the end of the day, organizations can gain tremendous cost savings by using iptables for firewalls. An added bonus is the additional flexibility that an open source solution provides.