I've used xzoom, but if xzoom worked like they tell it in the
movies, you might see something like this in our little plushy's photo
collection.
Xteddy - a Gund
"Tender Teddy" - was born in 1983, fell in love with Stegu's monitor in the
90's sometime, and since 1998 or so has been faithfully using Unix, though
he has been seen on
a Windows system now and then and even with a
Macintosh once in a while. Lately he has been hanging out a lot in
#fvwm on freenode, baking cookies, memorizing people's screenshots so as
to be helpful, and indulging in a mocha now and then. The regulars there
call him a little hug daemon - a ready source of hugs for all processes.
Our Weekend Mechanic is one of his biggest fans.
Our regular readers may recall that Xteddy featured in our second cover
art picture over a year ago (back in issue
111), but his good pal bear stood in for him.
This image was inspired by some chance comments from some real off-the-wall
people on freenode - while it's pouring rain and snowing in my hills here
in "sunny" California, they're enjoying a summer heat wave. Xteddy had this
great idea for a summer vacation, and Tux brought his surfboard...
Tux has been Linux's mascot since shortly after the release of the
2.0 kernel. He's been known to be quite the fellow for the lady penguins,
and
A Brief History Of Tux - So
Far will surely tell you more than you needed to know about this
dashing fellow. All too often, it's a working vacation for him, but he's
considering a hiking
trip - hmmm, looks like some of the LBW folk are getting together for
Easter, better join their mailing list - or a
cruise sometime this Summer.
The beautiful beach shown in this image is Australia's Bells Beach.
This image is from
Owen Cliffe's summer vacation photos
(I hope he doesn't mind) and a delightful little surfing image I found over
at YoLinux.
Whether Summer's just a short way ahead for you, or you're catching a few
more waves before heading into autumn, here's to
making Linux just a little more fun. Surf's up!
Heather is Linux Gazette's Technical Editor and The Answer Gang's Editor
Gal.
Heather got started in computing before she quite got started learning
English. By 8 she was a happy programmer, by 15 the system administrator
for the home... Dad had finally broken down and gotten one of those personal
computers, only to find it needed regular care and feeding like any other
pet. Except it wasn't a Pet: it was one of those brands we find most
everywhere today...
Heather is a hardware agnostic, but has spent more hours as a tech in
Windows related tech support than most people have spent with their computers.
(Got the pin, got the Jacket, got about a zillion T-shirts.) When she
discovered Linux in 1993, it wasn't long before the home systems ran Linux
regardless of what was in use at work.
By 1995 she was training others in using Linux - and in charge of all the
"strange systems" at a (then) 90 million dollar company. Moving onwards, it's
safe to say, Linux has been an excellent companion and breadwinner... She
took over the HTML editing for "The Answer Guy" in issue 28, and has been
slowly improving the preprocessing scripts she uses ever since.
Please submit your News Bytes items in
plain text; other formats may be rejected without reading.
[You have been warned!] A one- or two-paragraph summary plus a URL has a
much higher chance of being published than an entire press release. Submit
items to bytes@linuxgazette.net.
News in General
New Fedora Core 5 is OUT!
And worth the wait with loads of new features including: new desktop
applications, advances in security, better localization tools, improved software
installation and management facilities, and strong Java integration help.
"Bordeaux" boasts GNOME 2.14 [the latest], KDE 3.5.1, OpenOffice 2.0.2,
Mozilla Firefox 1.5.0.1, and Xen Virtualization. GCC improvements offer
increased stack protection.
By the way, only CD1 and CD2 are required for the default installation, so
just download those if your connection to a mirror is running slow.
Fedora Core 5 contains a preview of forthcoming Red Hat Enterprise Linux
virtualization technology. In the summer of 2006, Red Hat plans to make
Virtualization Migration and Assessment Services available along with an
Enterprise Virtualization beta. Red Hat Enterprise Linux v.5, scheduled for
general availability by the end of 2006, will feature fully-integrated
virtualization. These plans were announced in a March presentation which included
participation by XenSource, AMD, Intel, and Network Appliances.
Enterprise Grid Solutions Showcase at LinuxWorld, Boston
If you are going to the expanded LinuxWorld in Boston during the first week
of April, you might want to include a visit to the first-ever Enterprise Grid
Solutions Showcase, sponsored by the Enterprise Grid Alliance (EGA) and the
Global Grid Forum (GGF) in conjunction with Intel Corporation and other
companies. The EGA/GGF organizations champion architectures, specifications, and
best practices supporting adoption of grid services for business, engineering,
and science worldwide. The new showcase will offer LinuxWorld attendees a
first-hand look at the business value of Grid technology. The Enterprise Grid
Solutions Showcase will be at LinuxWorld Expo, April 3-6, 2006.
SpikeSource and Novell Certify Open Source Solutions on SUSE
SpikeSource, a provider of certified and business-ready Open Source software,
announced that as part of its participation in the Novell Market Start Program,
it is 'YES'-certifying its infrastructure stacks and will provide Spike™
Certification for Open Source solutions running on the Spike Stack and SuSE
Linux. Spike Certification includes interoperability testing of Open Source
infrastructure and applications running on SUSE Linux through its automated test
harness. Through this combined certification program, customers will be able to
safely bring a wide variety of Open Source solutions into their production
environments.
"SpikeSource is an important part of the Novell strategy to deliver safe,
smart Open Source and Linux solutions to customers of all sizes," said John
Beuchert, Global Director of Open Source Marketing Programs at Novell. "They
have automated a critical area of Open Source software management - the testing
of many combinations of software to ensure they work together as promised and
deliver significant value."
SpikeSource will partner with Novell to ensure that recommended applications
have been rigorously tested and are ready to be deployed into production
environments. EnterpriseDB has also recently joined in the Novell Market Start
Program.
The Novell 'YES' certification program ensures compatibility with SUSE Linux.
SpikeSource is extending that by incorporating Novell's stringent 'YES'
certification requirements into the SpikeSource testing and certification
process. Novell-compatible applications will be tested for compatibility on an
ongoing basis, and SUSE interoperability issues will be identified and resolved
before they create issues for customers. This will be done under the umbrella of
the Spike Certified Solution program (more information at
http://www.spikesource.com/partner/spikecertif.html).
BEA to Open Source KODO
BEA is preparing to Open Source most of the technology it acquired in its
purchase of SolarMetric in late 2005.
As part of its larger effort to 'blend' OSSw and its own technologies
in a 2-way process, BEA will donate much of Kodo's source code to start an
Open Source project named Open JPA [Java Persistance API]. The goal is to
provide an Open Source persistance framework.
Open JPA will include a significant portion of the Kodo code base,
specifically the Kodo kernel and the technical preview of the EJB 3 Persistence
specification. Once the EJB 3 specification is approved [by the Java Community
Process], Open JPA will be an Open Source implementation of the EJB 3
Persistence standard available under an Apache software license. Java developers
will have a free, Apache-licensed implementation of the EJB 3 Persistence
specification.
BEA has been barnstorming around the US in its recent Dev2Dev developer
workshops, explaining its support of OSSw frameworks like Spring, Hibernate and,
eventually, JDO [and these sessions are worth taking in]. Although company
representatives say the amount of SolarMetric code to be released supporting
Open JPA is still to be decided, this link to an interview with SolarMetric
co-founder Neelan Choksi in February suggests significant parts of JDO code will
remain proprietary.
[http://dev2dev.bea.com/pub/a/2006/02/interview-kodo-opensource.html]
At the Santa Clara, Calif., Multi-Core Expo in March, Sun Microsystems
released both the hardware design point and the Solaris 10 Operating System (OS)
porting specifications for the new multi-core UltraSPARC T1 processor, formerly
called Niagara. With this release, developers gain access to the chip
multi-threading (CMT) technology unique to the UltraSPARC T1 processor under the
GNU GPL. This new Open Source version of the UltraSPARC T1 design will be called
"OpenSPARC T1" and is a 64 bit, 32 threaded processor design - available at no
charge.
Sun released the Verilog source code, a verification suite and simulation
models, the Sparc architecture spec, and Solaris 10 OS simulation images.
This follows Sun's recent move to release its Hypervisor API specifications
-- which allow companies to port Linux, BSD and other operating systems to the
UltraSPARC T1 platform [should they wish] -- and allows developers to create
hardware, software, tools and applications for the Sparc multi-threading
eco-system. This is a first in that such a complex hardware design has been
released under the GNU GPL.
Back in early March, Anand Tech published an early evaluation of the
unreleased Intel Conroe dual-CPU chip. They took equal systems, one with a stock
Athlon 64 FX-60 overclocked at 2.8 GHz, and compared it to similar hardware
using a sample Intel dual-core Conroe E6700 2.66 GHz processor, The gaming and
media benchmarks show a 20-30% perf edge going to Intel. [My, how the tables
have turned!]
This type of performance may go a long way toward explaining why Apple
chose to roll out its new line on Intel Dual Cores rather than AMD.
Although there have been performance
complaints from the Apple faithful on the new iMacs and MacBooks, the
numbers coming from AnandTech provide evidence that Intel will match and
surpass the AMD architecture. Of course, Intel did have a few years to plan
its comeback and sort out a new CPU and memory architecture. And its older
Pentium Netburst microarchitecture had been heating computer desks and the
knees of laptop owners for several years now, so its promises to provide a
real alternative to high wattage have been finally fulfilled.
Following AMD's example, Intel has put data throughput on the performance
throne, not clockrate. And it seems there will be real competition for the CPU
and chip set crown. And that's good for all of us.
Both AMD and Intel have announced that they would have quad-core processors
in 2007 [That's doubling the doubling....]
The Linux / Grid Relationship
Thats the title of the current on-line issue of the Globus Consortium Journal,
and it features insights from Grid and Virtualization professionals from IBM,
Novell, OSDL, and others. Find out why Linux is well-suited for clustering, Grids
and virtualization; also, if the delay in the Xen patch for Linux kernel support
has left the door open for VMWare.
The upcoming InterOp conference and expo will offer Free Sessions to Expo
attendees, including:
Running Scared: Intrusion Protection Vendors and Performance Testing
Network World is benchmarking the performance of as many as 10 high-end IPS
devices. However, that represents only a third of applicable products on the
market, so what happened to the others? This session will cover the ins and outs
of public IPS performance testing, and why it has some vendors running scared.
Speaker - David Newman, President, Network Test
Web Ops Summit
Look in any modern data center or a mission-critial NOC and you'll find a new
breed of operations specialist that's both web-savvy and network-fluent. Someone
who's as at home with URLs and applications as they are with packets and
throughput. They're part of a vital new IT discipline -- web operations --
and you may already be one of them. WebOps deals with the performance,
availability, scalability, and security of web-based applications. It spans both
big, public Internet sites and the internal, web-based intranet. And it looks at
the application lifecycle, from design and deployment to monitoring, repairing,
and reporting. The WebOps Summit brings together technology leaders and hands-on
web experts for a half-day of updates and thought-provoking discussion. It's
free to web operations personnel. If you're responsible for running
production-grade web applications in B2B, B2C, or enterprise environments, you
can't afford to miss this.
We were told by MEPIS founder Warren Woodford that a test release of
SimplyMEPIS 6.0, incorporating software from the Ubuntu Dapper package pools, is
now available. This marks a break from the Debian Core group which was announced
at LinuxWorld - SF last summer.
Ubuntu has a 6 month stable release cycle that will enable MEPIS to offer its
customers a dependable release schedule. Woodford stated "The switch to the
Ubuntu pools was made to provide our users with a more stable underlying
system."
"This release is a sneak peek, if you will. There are integration issues and
new features that have not yet been addressed for SimplyMEPIS 6.0 and the Dapper
pools are still being improved. However, we want to make it available to our
subscribers now, so we can get their feedback before proceeding any
further."
Woodford also said, "MEPIS is no longer involved with the DCC due to
'creative differences.' We wish Progeny, Xandros, and Linspire the best of luck
in their mutual endeavors."
The DCC Alliance had been controversial within the Debian community.
LINUX DISTRIBUTION COMPARISON MATRIX from DEV-X
Dev-X's Joshua D. Drake has authored a matrix of the leading distros, which
emphasizes installation and ease-of-use criteria.
....in English; check with the Native Language projects for other languages.
This release contains new features, fixes many small bugs and resolves numerous
issues. For instance, spellcheck dictionaries are now directly integrated into
OpenOffice.org and are immediately available after installation without need for
extra downloads. Also added are:
import filters for Quattro Pro 6 and Microsoft Word 2 [for history buffs??].
OpenOffice appearance has also been enhanced, and there are new icon sets for
KDE and GNOME.
The Ruby on Rails community has released both Rails 1.1 and 'RJS', which
enables JavaScript calls in Ruby code and simplifies AJAX (asynchronous
JavaScript and XML)-style programming. Tasks that previously required more
extensive coding and server calls can now be handled more concisely with
RJS.
Rails has had a long test history and a conservative release history (it
finally moved to 1.0 in December, after a year of widespread use), and this 1.1
encompasses fixes and initiatives previously released.
Scribus layout OSSw updated
The Scribus Team is pleased to announce the release of Scribus 1.3.3 -
"Printemps" - with new features:
* The EPS importer has better text import with improved pair kerning.
* The PDF exporter has enhanced PDF presentation effects and controls.
* A new barcode plugin allows easy creation of barcodes within Scribus.
* A new MS Word doc importer allows Scribus to import MS Word doc files.
* Scribus now has a Palm PDB importer.
* On systems with CUPS installed, Scribus can detect printer margins with
the currently selected printer. Similar functionality for Windows has also
been added.
Scribus is a cross-platform, Open Source page layout application providing
commercial grade PDF and PostScript export. Scribus supports professional
publishing features, such as CMYK color, separations, ICC color management, and
versatile PDF creation. Scribus was the first page layout application to
directly support the ISO PDF/X-3 output standard.
Originally developed on Linux, Scribus also runs on Windows 2K+ and
MacOSX.
At the CEBIT show in Hannover, Germany, Xandros released their Desktop OS 3.1
which includes built-in support and drivers for universal mobile
telecommunications system (UMTS) and 3G network hardware. This version includes
software for authenticating to Windows-based networks with Active Directory,
allowing better integration with enterprise resources.
Also included are a Windows emulation environment to run Microsoft Office and
document management programs such as Acrobat and Photoshop. The platform
supports the OpenDoc format for StarOffice and Microsoft Office document
sharing. DVD burning and file-sharing tools are included as well.
Xandros 3.1 is only available in Europe so far, but should be released in
North America before summer. CompUSA, incidentally, is now selling the Xandros Desktop
3.0 product in all of its stores, offering home and business users a stable and
secure alternative to Windows. It's essentially free, after instant savings and
rebates.
WalMart has been carrying Xandros since the end of 2005.
The upcoming Xandros Server will also be demonstrated at Xandros' booth #932
during the upcoming LinuxWorld Expo, April 4-6, in Boston. This product is a
current LinuxWorld Product Excellence Award Finalist.
Software and Product News
JBOSS extends support for SOA
JBoss strengthened its Enterprise Middleware Suite (JEMS™) for
service-oriented architecture (SOA) with two new offerings: JBoss Messaging and
JBoss Web Server (JBoss Web).
JBoss Messaging 1.0 implements a high-performance messaging core designed
for SOAs, enterprise service buses (ESB), and other integration needs. Key
features of JBoss Messaging include:
-- Java Message Service (JMS) 1.1 and 1.0.2b standards compatibility. For
users of JBossMQ, the JMS technology embedded within JBoss Application Server,
JBoss Messaging supports JMS applications currently running on JBossMQ without
any changes.
-- JMS Facade, the JMS personality of JBoss Messaging, enabling a JMS
client to connect to a JBoss Messaging server, send and receive messages, and
interact with queues, topics and other key elements of a messaging platform.
-- JBoss Messaging Core, a transactional and reliable distributed
messaging foundation, supporting transactional ACID semantics and other
messaging protocol facades.
JBoss Messaging is currently available as a standalone product and will be
the default JMS technology in JBoss Application Server 5.0, as well as the
foundation for JBoss ESB 1.0--both targeted for release later in 2006. For
additional information about JBoss Messaging, visit
http://www.jboss.com/products/messaging.
JBoss Web Server 1.0 Community Release is an enterprise-class deployment platform for Java Server Pages (JSP)
and Java Servlet technologies, Microsoft ASP.NET, PHP, and CGI. It uses a hybrid
design incorporating Open Source technologies for processing high volumes of
data.
JBoss Web is built on Apache Tomcat--the de facto OSSw standard
JSP/Servlet container--and incorporates the Apache Portable Runtime (APR) and
a Tomcat native layer. Additional JBoss Web Server features include:
-- Support for the HTTP, HTTPS, and AJP (Apache JServ Protocol) protocols;
-- OpenSSL for Secure Sockets Layer (SSL) support;
-- On-the-fly URL rewriting with a flexible URL manipulation engine
supporting an unlimited number of rules and conditions;
-- Support for both in- and out-of-process execution of CGI and PHP
scripts, as well as ASP.NET applications; and
-- An advanced application load balancer for both high-availability and
application segmentation of remote process.
JBoss Web 1.0 is currently in a community release, with a final production
release targeted for June 2006. Licensed under the Lesser GNU Public License
(LGPL), JBoss Messaging and JBoss Web are free to download and use. For more
information about JBoss Web, go to http://www.jboss.com/products/jbossweb.
Predict your security future with beSTORM
Beyond Security has announced the launch of a new automated security analysis
solution, beSTORM. The result of three years of R&D, beSTORM changes the way
security assessment is conducted by uncovering unknown vulnerabilities in
network-enabled software applications during the development cycle.
Automatically testing billions of attack combinations, beSTORM ensures the
security of products before they are deployed, saving companies the huge costs
associated with fixing security holes after products are shipped.
Aviram Jenik, Beyond Security CEO. says, "Security certifications are
becoming a requirement of vendors by many companies. This is because too many
products have been deployed that are vulnerable to attacks and too much money
has been spent on fixing the problem after the fact."
beSTORM arms developers, quality assurance teams and security professionals
with a tool to test for security holes while still in the development phase.
Unlike the current assessment tools, beSTORM doesnt look for specific attack
signatures or attempt to locate known vulnerabilities and it does not require
the source code (like source-code audit tools). Rather, beSTORM focuses on
network-enabled applications and models the protocols used to communicate with
them. beSTORM exercises the protocol with technically legal but functionally
erroneous cases. beSTORM then performs exhaustive protocol analysis in order to
uncover new and unknown vulnerabilities in network products. As an example,
beSTORM automatically tries every protocol combination possible until a buffer
overflow is triggered. It can generate over 2,000 different attack combinations
per second on a single CPU server.
"Fuzzing tools are probably the closest in comparison to beSTORM. Fuzzing
tools take an existing network protocol and 'fuzz' it, which means it sends
malformed requests and analyzes the results," said Jenik. "Fuzzers are usually
limited in bandwidth trying hundreds or millions of different attack
combinations where beSTORM can try billions."
beSTORM runs on Windows, UNIX and Linux.
Beyond Security provides network security solutions including their Automated
Scanning product for penetration testing. Beyond Security is also the founder
and operator of www.securiteam.com, an independent security portal.
Magical Realism... (non-Linux news of general interest)
U.S. Navy Awards iRobot Additional $26 Million for Robots
iRobot will deliver an additional 213 iRobot PackBot(R) Man Transportable
Robotic Systems (MTRS), plus spare parts to repair robots in the field. The new
award of $26 million marks the third round of funding by the Naval Sea Systems
Command (NAVSEA), bringing the total value of the orders placed to date to more
than $43 million.
The PackBot MTRS robots are customized for NAVSEA and are based on iRobot's
combat-proven PackBot Explosive Ordnance Disposal (EOD) robots. PackBot MTRS
robots are equipped with advanced tools and sensors that enable EOD technicians
to identify and disrupt bombs from a safe distance. The U.S. military's
dual-sourced MTRS program has requirements for up to 1200 robots through
2012.
These PackBot MTRS robots will be deployed in Iraq and elsewhere. Currently
more than 300 PackBot robots are deployed worldwide where they are used
extensively to disarm IEDs.
And from ComputerWorld's Marc L. Songini:
An Army of Cyborg Bugs?
The U.S. Department of Defense is considering fielding an army of
remote-controlled insect-cyborg scouts.
The Hybrid Insect Micro-Electro-Mechanical Systems (HI-MEMS) program is the
responsibility of the Defense Advanced Research Projects Agency (DARPA), which
is soliciting research proposals on the technology.
The insects would be outfitted with sensors and a wireless transmitter
designed to enable them to send data on conditions in places inaccessible to
human troops. The goal of the program is to produce a sensor-enabled insect with
a 100-yard range that could be placed within five meters of a target using
electronic remote control and, potentially, Global Positioning System (GPS)
technologies.
from Tom Sanders in California, vnunet.com 20 Mar 2006
Ingres Corporation has hired Bill Maimone as its chief architect. A 20-year
veteran of the database industry, Maimone previously worked for Oracle as part
of a small team steering the development of the vendor's technology stack.
Ingres was created last year when Computer Associates spun off its Ingres
database. The company currently has about 180 employees.
In a game of corporate tease, the announcement was timed to coincide with
Oracle's earnings release.
While Ingres is not positioned to compete head-on with Oracle, the company
expects to gain business from disgruntled customers and partners, Ingres' chief
technology officer Dave Dargo told vnunet.com in an interview.
Hard Disk Drive Organization goes to new lengths... and standards
IDEMA, the International Disk Drive, Equipment, and Materials Association, has released a
new and longer sector standard for future magnetic hard disk drives (HDDs). An IDEMA committee recommended
replacing the 30 year-standard of 512 bytes with 4096 byte sectors.
"Increasing areal density of newer magnetic hard disk drives requires a more
robust error correction code (ECC), and this can be more efficiently applied to
4096 byte sector lengths," explained Dr. Martin Hassner from Hitachi GST and
IDEMA Committee member. It will also help lower storage costs.
The IDEMA Long Data Block Committee was composed of members representing the
major hard drive developers, as well as electronics and software companies.
Microsoft participated in this Committee and plans to include a 4K-byte sector
capability in their upcoming Windows Vista operating system.
IDEMA foresees the first hard drive products becoming available later this year
or in 2007.
They interviewed the former CIO of the great state of Massachusetts,
Peter Quinn, regarding his stand on the OpenDocument debacle. He states
that the "sandal and ponytail set" may be inhibiting the adaption of Linux.
He also notes the pressure to conform in goverment agency IT departments
and the significant marketing efforts of the enemies of Open Source. "Open
source has an unprofessional appearance, and the community needs to be more
business-savvy in order to start to make inroads..."
Google Lego cabinetry
Would you build a storage cabinet out of Legos? Google founders Larry Page
and Sergey Brin did just that and used it when they started their search
services.
Speaking of Legos... robotics enthusiasts can place advance orders for
the new Lego MINDSTORMS NXT sets due for release this August. A limited
quantity of Lego MINDSTORMS NXT robotics toolsets will be available for
pre-order through participating online toy, discount merchandise, and
consumer electronics retailers, while supplies last, at the suggested
retail price of USD$249.99.
Confirmed online retailers participating in the pre-sell program include:
Lego MINDSTORMS NXT is a robotics toolset for armchair inventors and Lego
builders ages 10 and up. Building upon the success of the original MINDSTORMS
Robotics Invention System, the next generation of Lego MINDSTORMS makes it
quicker and easier for robot creators to build and program a working robot -- in
as little as 30 minutes.
Brain Cells Fused with Computer Chip
No, not a hoax. Researchers at University of Padua in Italy have commingled
neurons with a 1 mm square silicon chip. They are reading the activity of the
nerve cells and experimenting with stimulating them. Special proteins found in
the brain were used to glue brain cells to the silicon.
Howard Dyckoff is a long term IT professional with primary experience at
Fortune 100 and 200 firms. Before his IT career, he worked for Aviation
Week and Space Technology magazine and before that used to edit SkyCom, a
newsletter for astronomers and rocketeers. He hails from the Republic of
Brooklyn [and Polytechnic Institute] and now, after several trips to
Himalayan mountain tops, resides in the SF Bay Area with a large book
collection and several pet rocks.
Quite some time ago, a friend mentioned IP Cop to me. At the time,
it sounded interesting, but other things kept getting in the way.
Now that I have had a chance to play with it a bit, it has become
extremely interesting and will likely be a permanent
player in my computing environment.
What is IP Cop?
Whoops! IP Cop?
What is that?
Well, it's a gateway, and a router, and a firewall, and does DHCP...
Actually, in essence, just about everything the small LAN needs
to connect safely to the untamed Internet.
Yep, set up IP Cop and you can forget /etc/hosts.
Who cares about IP-addresses, anyhow?
Firewall? Why?
IP Cop is your interface to the outside world and
has almost no services running - thus, little or almost nothing to attack.
Seriously, it is no substitute for caution and can't protect
you from damage from within, trojans, viruses and the like.
So let's look more closely at IP Cop and its installation
and configuration and what it can do.
Essentially, as the name implies, IP Cop directs traffic at
an intersection without traffic lights - in this case, IP traffic.
It is a special-purpose Linux distribution that functions as
an interface between you, your internal network(s),
and the outside world - the Internet.
To the Internet, it has a very small profile, offering almost no services.
It also discriminates between your LAN (IP Cop terminology: green),
a possible WLAN (blue), and a DMZ (orange).
Oh, yeah, the Internet itself is - surprise! - red.
But it goes far beyond this.
Once you have IP Cop in your network, you can forget assigning
IP-addresses. Just tell it the address range to use and it will take over
that task dynamically. Well, if the PCs you attach to your network are
well-behaved enough to participate in DHCP (dynamic host configuration
protocol). Or you can easily do it by hand.
Installation
The IP Cop Installation Manual says that it can be done in about
15 minutes after you gather the required information.
This is correct... but by now, I can probably get a SuSE distribution
installed in not a whole lot more than that - blind-folded.
Unfortunately, never having done IP Cop before, it took me a little longer.
So please bear with me if in the following I go into a bit more detail than
you might want. I certainly would have appreciated it and the guy next to
you might.
IP Cop was designed to make use of modest resources to provide security.
According to the installation manual it has been tested with a 386, 32 MB
of RAM and 300 MB hard drive. In operation it requires neither keyboard
nor monitor. And installation - as opposed to configuration - is equally
minimalistic. Both keyboard and monitor are required but in text mode,
probably only familiar to old DOS users.
Another consideration in your planning to install IP Cop is the fact that
it takes over the entire hard drive. You will be warned and can cancel.
IP Cop wants to be sole occupant and owner of the drive it lives on.
But this is neat: a 4 GB drive is far more than it really requires and
half that likely would be enough for a small LAN.
So here is what I went through during installation:
Current config: GREEN
Done
DHCP server configuration
<space> (to enable)
Start address:
192.168.1.1
End address:
192.168.1.30
<OK>
root password
root
admin password
admin
setup is complete
<OK>
This was enough to put IP Cop on the hard drive but
it still requires a bit more information using text mode.
So we log on as root and enter: setup.
(In the following '[' and ']' indicate options on the
screen that I ignored.)
[Keyboard mapping]
[Timezone]
[Hostname]
[Domain name]
ISDN configuration
Protocol/Country
Euro (EDSS1)
[Set additional module parameters]
ISDN card
*AUTODETECT*
AVM PCI/PNP (EXPERIMENTAL)
Local phone number
02206608913
Enable ISDN
Networking
Network configuration Type
GREEN (RED is modem/IDSN)
[Drivers and card assignments]
[Address settings]
[DNS and Gateway settings]
At this point IP Cop was functional on the PC and
could be pinged from other PCs on the network.
Configuration
Besides offering almost no services outside, IP Cop strictly limits what
root and admin can do. As root, one can log on to the PC on which IP Cop
is running, but can only adjust a few things originally set up during the
installation, as in ISDN vs modem and the like.
Administration takes place over the - now secure -
network from another machine.
So let's attach a notebook with SuSE 10 - as yet unused - and
see what has to be done.
Since we haven't done anything about networking on this machine just yet,
let's manually contact the DHCP server on IP Cop to get an IP-address
and then check things out:
That looks really good, IP Cop even set itself up as the
default gateway! Now we can tell Mozilla to access IP Cop at
https://ipcop:445 so we can configure things:
Since we are sitting right next to the IP Cop machine, we know that
the identity is correct and it's safe to permanently accept the certificate.
OK, no problem.
No problem there either.
The above is IP Cop's "home administrative window". Merely placing the
cursor over any of the boxes in the second of the two lines beginning with
"SYSTEM" produces a pop-down with relevant activities. To do anything
other than connect (dial) and disconnect (hang up) you will have to enter
the name and password of the administrator. My first order of business was
System|Backup to save onto diskette what has been done so far.
Here's a little bit of what IP Cop put on the diskette.
At this point I went to Services|Proxy and checked "Enabled on green" and
"Transparent on green". Remember that "green" is IP Cop terminology for
our LAN, which it is to protect from the rest of the world. Then on to
Services|Time Server where I replaced "pool.ntp.org" with something more
reasonable:
Then under Network|Dialup it was necessary to establish a
dialing profile and specify ISDN as the interface.
Under Reconnection I checked "manual" and "Dial on Demand for
DNS", and under Authentication I entered the user name and the
password for the provider.
At this point establishing a connection to the Internet
was very easy: on the home administrative window click on "connect":
And now from another window on the notebook it was possible to
"ping -c 3 www.google.com"! All without touching /etc/hosts
or doing anything to set up a network other than executing dhcpcd.
Random Remarks
Some of IP Cop's windows are too large to fit on the screen and require
scrolling. This makes it easy to miss the "Save" and "Refresh" buttons
at the bottom. Be sure to click on them when they are present or your
changes will be quietly forgotten.
While you may want to select a different range of IP addresses for IP Cop
to manage, it is otherwise a bad idea to change settings that deal with
communication over the LAN.
It is also a very bad idea to do that after initial configuration, since
all administration takes place over a web interface on the network.
If communication gets messed up, it may be impossible to repair.
It isn't possible to do administration on the machine running IP Cop.
There is far more to IP Cop than what we have looked at here.
It includes intrusion detection, numerous logs, traffic shaping and more.
At the moment I still have little experience with IP Cop but
will be using it in the future. For the small office/home office (SOHO) it
provides many benefits. My problem, as usual, was the documentation.
Not that it was lacking or meager. Essentially everything one needs to
know was there. But it wasn't where I needed it!
I was reminded of a trip to a local bureaucracy a number of
years ago. I looked at the signs, got in what I thought was the
appropriate line, and when my turn came was told that I should be somewhere
else. Yeah, the sign could mean that as well... but only to those used to that
particular situation.
Bottom line: this software is really impressive, and the documentation
includes the information you will need to install and configure and operate
it. But - once again - navigating the documentation can be difficult.
Nonetheless, in the long run, for anyone with more than a two-machine
installation, IP Cop should be well worth the effort.
Edgar is a consultant in the Cologne/Bonn area in Germany.
His day job involves helping a customer with payroll, maintaining
ancient IBM Assembler programs, some occasional COBOL, and
otherwise using QMF, PL/1 and DB/2 under MVS.
(Note: mail that does not contain "linuxgazette" in the subject will be
rejected.)
For the purpose of this article, let's consider a device to be a
virtual represention, within Linux, of hardware that one would like to
drive by using a piece of software. In the Linux world, devices are
implemented in the form of modules. By using modules, we can
provide device functionality that can be accessed from userspace.
A userspace entry point to a device is provided by a file node in the
/dev directory. As we know, most of the things in Linux
world are represented in the form of files. We can do [ls
-l] on any device file, which will report the device type -
character or block device, as well as its major number and minor number.
The type of device indicates the way data is written to a device. For
a character device, it's done serially, byte by byte, and for a block
device (e.g., hard disk) in the form of chunks of bytes - just as the name
suggests.
The major number is assigned at the time of registering the device
(using some module) and the kernel uses it to differentiate between various
devices. The minor number is used by the device driver programmer
to access different functions in the same device.
Looking at the number of files in the /dev
directory, one might think that a very large number of devices are up and
running in the system, but only few might be actually present and running.
This can be seen by executing [cat /proc/devices]. (One can
then see the major numbers and names of devices that are passed at the time of
registering.)
Modules
Every device requires a module. Information about the currently loaded
modules can be extracted from the kernel through [cat
/proc/modules]. A module is nothing more than an object file that
can be linked into a running kernel; to accomplish this, Linux provides the
[insmod] utility. As an example, let's say that my
module's object file is called my_dev.o; we can link it to
the kernel using [insmod my_dev.o]. If
insmod is successful we can see our module's entry using
[cat /proc/modules], or [lsmod]. We can
remove the module using the rmmod utility, which takes the
object file name as an argument.
Writing a Module to register a Char device
First of all, we should know the basics of generating a module object file.
The module uses kernel space functions and since the whole kernel code is
written inside the __KERNEL__ directive we need to define
it at time of compiling, or in our source code. We need to define the
MODULE directive before anything else because Module
functions are defined inside it. In order to link our module with the
kernel, the version of the running kernel should match the version which
the module is compiled with, or [insmod] will reject the
request. This means that we must include the [include] directory present in
the Linux source code of the appropriate version. Again, if my module file
is called my_dev.c, a sample compiler instruction could be [gcc
-D__KERNEL__ -I/usr/src/linux.2.6.7/linux/include -c my_dev.c]. A
-D is used to define any directive symbol. Here we need to
define __KERNEL__, since without this kernel-specific content won't be
available to us.
The two basic functions for module operations are
module_init and module_exit. The insmod
utility loads the module and calls the function passed to module_init, and rmmod
removes the module and calls function passed to module_exit. So inside
module_init, we can do whatever we wish using our kernel API. For
registering the char device, the kernel provides
register_chrdev which takes three arguments, namely: the
major number, the char string (which gives a tag name to the device), and
the file operations struct address which defines all the stuff we would
like to do with our char device. struct file_operations is
defined in $(KERNELDIR)/linux/include/fs.h which declares
the function pointers for basic operations like open, read, write, release,
etc. One needs to implement whatever functions are necessary for the
device. Finally, inside the function passed to module_exit, we should free
the resources using unregister_chrdev which will be called
when we do rmmod.
Below is the code listing where the device is nothing but an 80
byte chunk of memory.
Load the device using [insmod my_dev.o]. Look for the
entry through /proc/modules and /proc/devices. Create a file node in /dev
directory using [mknod /dev/my_device c 222 0]. Look
inside the code, we have given the major number as 222. You might think
that this number may clash with some other device - well, that's correct,
but I have checked whether this number is already occupied by some other
device. One could use dynamic allocation of the major number; for that we
have to pass 0 as the argument.
Now we can read the data in the device using [cat
/dev/my_device] and can write to our device using [echo
"something" > /dev/my_device]. We can also write full-fledged
userspace code to access our device using standard system calls of open,
read, write, close, etc. Sample code is presented below.
-------------------------------------------
/* Sample code to access our char device */
#include<stdio.h>
#include<unistd.h>
#include<sys/types.h>
#include<sys/stat.h>
#include<fcntl.h>
int main()
{
int fd=0,ret=0;
char buff[80]="";
fd=open("/dev/my_device",O_RDONLY);
printf("fd :%d\n",fd);
ret=read(fd,buff,10);
buff[ret]='\0';
printf("buff: %s ;length: %d bytes\n",buff,ret);
close(fd);
}
-------------------------------------------
Output
fd: 3
buff: hi from kernel ;length: 14 bytes
-------------------------------------------
Conclusion
[ Note: a tarball containing all the code in this article can be downloaded here. ]
In this article I have tried to show how to use the kernel functions to
register a character device, and how to invoke it from userspace. There are
many issues that have not been touched upon here, such as the concurrency
problem where we need to provide a semaphore for the device to do mutual
exclusion as more than one process may try to access it. I will try to
cover these issues in my future articles.
I am from New Delhi, India and am a great Linux fan and love the way
Linux gives freedom to control the hardware gizmos. I am using Linux
since the start of the new millennium but started digging into kernel
sources recently after completing the B-Tech from IIT-Guwahati.
It all began with a desire to create modules to control the peripheral
devices and since then there is no turning back.
I would like to share my experiences and any interesting thing that
comes across me during this Linux journey through Linux Gazette
Articles.
The Internet was born using plain text and no encryption. For a long time the TCP/IP protocol
suite had no mechanism for cryptographically protecting transported data. Encryption was
added at the application layer — Netscape's Secure Socket Layer (SSL) being a famous example.
The design process of IPv6 incorporated encryption into the protocol itself, and the IPsec
(IP security) framework came into existence. IPsec provides encryption and authentication at the
packet level. While IPsec is obligatory for IPv6, you can optionally use it with IPv4. The Linux
2.6.x kernel series added full IPsec functionality to the main source tree. In this article we will
explore how we can use IPsec to build encrypted data paths between networked machines.
The Parts of IPsec
IPsec consists of a number of protocols. Encryption was not the only design criteria.
Protection against replay attacks, detection of unauthorised packet modification and
correctly authenticating the communication partners are also included in the design requirements.
IPSec also offers methods to manage keys used for encrypted communication. The
protocols by name have the following task.
Authentication Header (AH)
This protocol protects against replay attacks and makes
sure that the communication partners are "correct" (it verifies authentication).
Encapsulating Security Payload (ESP)
This protocol provides encryption. It also
protects against replay attacks and in addition ensures authentication.
Internet Key Exchange (IKE)
This is a hybrid protocol that establishes the security
policies between two IPsec endpoints and provides the authentication keys for
services such as IPsec. If you provide the keys manually, you don't need to use
IKE.
AH and ESP packets transport data. Both are new protocols whose protocol numbers can
be found in /etc/protocols. AH and ESP are
managed by the kernel, while IKE is managed by a userspace program.
Preparing Kernel and System
In order to use IPsec your kernel needs to have some code options enabled. Most modern GNU/Linux
distributions have IPsec-capable kernels. If you want to compile your own, make sure that
you have the following options set:
IPsec user configuration interface
PF_KEY sockets
IP: AH transformation
IP: ESP transformation
IP: IPComp transformation
IP: tunnel transformation
These options can be found in the section Networking --> Networking options.
You also have to enable some or all cryptographic ciphers in the Cryptographic
options submenu. You will need at least MD5, SHA1, HMAC, DES, Triple DES EDE and AES.
Remember, the encryption is handled by the kernel. If the kernel doesn't know about a
cipher, it cannot use it. This is important in case you want to speak to other IPsec
devices or hosts (such as MS Windows or Cisco machines).
If you want to
use IPsec with IPv6, then you have to make sure the IP transformations are set for IPv6 as
well. I have two screenshots for you where you can see the make menuconfig menu:
screenshot 1 and
screenshot 2. If your machine acts as a
router, you might wish to consider activating the IP: advanced router option, too.
The kernel treats packet queues differently if you use the advanced routing option.
Now our kernel can handle IPsec. We now need some tools to make it work. We will need at least
the ipsec-tools package. This is the name of the project and the Debian
package. If we want to deal with key management and IKE, we need another program.
The Linux IPsec stack can work together with pluto from the Openswan project,
OpenBSD's isakmpd or racoon from the KAME project. The use of IKE is
optional though. We will use racoon in our examples.
Manual Keying, Policies, Tunnel and Transport Mode
IPsec can be used to link networks via tunnels by using the so-called tunnel mode. In its
simplest form it can also be used to encrypt network traffic between two or more hosts by using the
transport mode. The only things you need for that are the keys and a way to tell the kernel
which packets need to be sent via IPsec. The 2.6.x kernels have no special device for handling IPsec
packets. Everything is sent over the already existing network interfaces. The Security Policy Database (SPD)
decides which packets are to be handled by IPsec. In order to manipulate this database you need the
setkey command from the ipsec-tools package. Usually you prepare a file with all the
settings and activate it by using setkey -f /etc/setkey.conf. As an
example, let's say we want to enable IPsec between the machines 10.0.0.23
and 10.0.0.42. The policy for telling the kernel looks like this:
#!/usr/sbin/setkey -f
#
# SPD for 10.0.0.23
#
spdadd 10.0.0.23 10.0.0.42 any -P out ipsec
esp/transport//require
ah/transport//require;
spdadd 10.0.0.42 10.0.0.23 any -P in ipsec
esp/transport//require
ah/transport//require;
The first policy states that any packet coming from 10.0.0.23 and leaving for 10.0.0.42 has to be
encapsulated in IPsec packets. Transport mode has to be used. The policy is valid for ESP and AH
packets alike (that's why we have to use spdadd twice). IPsec is mandatory as indicated by the keyword
"require". If one of the hosts lacks the right key or hasn't initialised its SPD, there won't be any
traffic because it can't be encrypted. The second policy is the first one reversed.
The IP addresses are swapped and the direction is changed from out to in.
So the kernel knows when to use IPsec. There are still no keys. Apart from that I told you about
authentication checks that the IPsec protocols can do for us. Our setkey.conf needs to be
extended to include this information as well. setkey also defines the Security Association
Database (SAD). The SAD tells the kernel who our neigbours are and how we can make sure that we are not
talking to an impostor. Extending our setkey.conf by the following lines enables
authentication and encryption. In addition to that we supply the keys for every host.
# AH SAD entries with 160 bit keys
add 10.0.0.23 10.0.0.42 ah 0x200 -A hmac-sha1 0x46915c30ed7e2465b42861b6ab19f2772813020c;
add 10.0.0.42 10.0.0.23 ah 0x300 -A hmac-sha1 0xc4dac594f8228e0b94a54758f7fbf2fdf4e37f3e;
# ESP SAD entries with 192 bit keys
add 10.0.0.23 10.0.0.42 esp 0x201 -E rijndael-cbc 0xa3993b3dfc41ef0a1aa8d168a8bf2c27e48249ac17b61e09;
add 10.0.0.42 10.0.0.23 esp 0x301 -E rijndael-cbc 0x8f6498928ba354bd45cfad147f54c67b3b742896b3bafc02;
Again we have a line for every direction. The IP addresses are reversed, but we use a different key
for every IP and protocol. The bit length of the key corresponds to the authentication or encryption
algorithm used. The switches -A and -E indicate the algorithm to use for AH and ESP
respectively. hmac-sha1 requires a key length of 160 bits or 20 bytes. rijndael-cbc can be used with
128, 192 or 256 bits. The example uses 192 bits or 24 bytes. The man page of setkey has a
table with all possible values for every supported algorithm. Bear in mind that the kernel must also
have a module for the algorithm in its cryptographic options or else you cannot use this particular
algorithm. The hexadecimal value behind the protocol name is called Security Parameters Index (SPI).
The SPI identifies a set of parameters used for the IPsec connection in combination with the IP
addresses involved. When doing manual keying, make sure that the SPIs are unique. Speaking of
unique, make sure that your keys are unique and random. Never use any keys that have
been published! I used Ralf's method from the IPsec HOWTO to extract the sample keys from the Linux
random device.
# dd if=/dev/random count=24 bs=1 | xxd -ps
24+0 records in
24+0 records out
8f6498928ba354bd45cfad147f54c67b3b742896b3bafc02
24 bytes transferred in 0.000180 seconds (133298 bytes/sec)
Set count to the desired byte amount. The command xxd used to convert the binary output
from the device is part of the vim package.
Testing Transport Mode
We are now ready to test our configuration. In order to do this you will need the
full setkey.conf. I only added two lines that
clear the SAD and SPD before loading new rules, just to be sure.
flush;
spdflush;
Copy it to your hosts. Be careful, we've only created the setkey.conf for 10.0.0.23. If you use
this file on 10.0.0.42 you have to swap the policy for the direction of the packet flow (the
in and out keywords for the SPD). Now use a root shell on 10.0.0.23 and enter the
command:
setkey -f /path/to/setkey.conf
Check if you can ping 10.0.0.42. This should not be possible, because we told 10.0.0.23 to
communicate with 10.0.0.42 over IPsec only. If you run the setkey command on 10.0.0.42 as
well, you should be able to ping 10.0.0.42 from 10.0.0.23. Take a look with your favourite sniffer
in order to make sure the kernel isn't playing unencrypted tricks on you. If you use an ICMP ping,
the sniffer should only show you encrypted AH or ESP packets. The same goes for TCP and UDP
transmissions.
Next time we will configure an IPsec tunnel to connect two different networks and we will take a
look at automatic keying with X.509 certificates.
René was born in the year of Atari's founding and the release of the game Pong.
Since his early youth he started taking things apart to see how they work. He
couldn't even pass construction sites without looking for electrical wires that
might seem interesting. The interest in computing began when his grandfather
bought him a 4-bit microcontroller with 256 byte RAM and a 4096 byte operating
system, forcing him to learn assembler before any other language.
After finishing school he went to university in order to study physics. He then
collected experiences with a C64, a C128, two Amigas, DEC's Ultrix, OpenVMS and
finally GNU/Linux on a PC in 1997. He is using Linux since this day and still
likes to take things apart und put them together again. Freedom of tinkering
brought him close to the Free Software movement, where he puts some effort into
the right to understand how things work. He is also involved with civil liberty
groups focusing on digital rights.
Since 1999 he is offering his skills as a freelancer. His main activities
include system/network administration, scripting and consulting. In 2001 he
started to give lectures on computer security at the Technikum Wien. Apart from
staring into computer monitors, inspecting hardware and talking to network
equipment he is fond of scuba diving, writing, or photographing with his digital
camera. He would like to have a go at storytelling and roleplaying again as soon
as he finds some more spare time on his backup devices.
uClinux on Blackfin BF533 Stamp - A DSP Linux Port (Part 2)
In Part 1 of
this series, we had examined how to connect a BF533 Stamp board to our
GNU/Linux machine and run a simple `hello, world' program. In
this article, we shall look at writing simple device drivers to access
the LED's and buttons on the board as well as manipulating
the on-chip watchdog timer.
Before you start compiling the kernel, make sure that you have set up
the GNU toolchain for the Blackfin processor as described in
Part 1; the Blackfin uClinux documentation project offers
more information.
The kernel compilation process is documented in detail here
- it's fairly standard procedure (make menuconfig; make).
You can simply use the default settings most of the time; the
only change I made was enabling loadable module support.
The kernel binary (in ELF format) will be present under the folder
uClinux-dist/images; it will be a file named `linux'. Don't be
surprised by the size of the file (around 5.6Mb in my case) - the
file contains not only kernel code but also an elementary root file
system which gets loaded onto a ramdisk when the board is powered up!
It seems that this file system is built from the directory tree rooted
at uClinux-dist/romfs/.
Downloading the kernel onto the board
Connect the Stamp board to the serial port of the PC and fire up
`minicom'. As soon as you feed power to the board, a boot loader program
called `uboot' starts running looking for keystrokes out of the
serial port - if you hit `enter' in 5 seconds, `uboot' will suspend
the booting process and display a prompt where you can enter some
simple commands. The `print' command should show you several lines
of the form `name=value'. We are interested in two such `names'; they
are `serverip' and `ipaddr'. We shall assign values to them by
typing:
set ipaddr 192.168.1.1
set serverip 192.168.1.2
The name `ipaddr' refers to the IP address assigned to the Ethernet
controller on the stamp board and `serverip' refers to the IP
address of the Ethernet card on the PC to which the board is
connected. You should now check whether `uboot' is able to
communicate with the PC via the Ethernet link by running:
ping 192.168.1.2
We have to set up a TFTP server on the PC and verify that it is
working properly. As I am using Ubuntu, I had to `apt-get' three
packages - tftp, tftpd and xinetd. (Note: the `apt-get' command is
used to download and install packages on Debian GNU/Linux
systems). The `xinetd' program should be instructed to start the
TFTP daemon by creating a file called /etc/xinetd.d/tftp which
contains entries of the form:
service tftp
{
socket_type = dgram
protocol = udp
wait = yes
user = root
server = /usr/sbin/in.tftpd
server_args = -s /boot
wait = yes
disable = no
}
The `server_args' line specifies that files to be download via
TFTP should be placed under /boot.
Once this file is created, we should verify whether everything is
working fine by starting `xinetd', copying the Blackfin uClinux
kernel image to /boot and running tftp (on the PC):
$ cd /tmp
$ tftp localhost
tftp> get linux
Received 5676668 bytes in 0.9 seconds
Once we have verified that the Ethernet link between our GNU/Linux
machine and the Stamp board is working OK (by pinging from uboot)
and that the TFTP server on the PC also has been configured
properly, we can reboot the board, hit `enter', get into the `uboot'
prompt and type:
tftpboot 0x1000000 linux
This will download the newly created kernel image (called `linux')
from /boot of our PC to the memory of the stamp board. Once this
is over, we should type:
bootelf 0x1000000
and the board will boot with the downloaded kernel. Once we log onto
the board, we should again configure the Ethernet controller with
the proper ip address using the `ifconfig' command.
More info regarding `uboot' can be obtained from
here.
Our first kernel module
Here is a simple `hello, world' loadable kernel module:
It can be ftp'd onto the board or can be made part of the file
system by copying to uClinux-dist/romfs/bin and building the
kernel once again.
Blinking LED's
The BF533 Stamp board comes with 3 LED's and 3 buttons attached to
a few General Purpose I/O pins (or `programmable flags' PF0 to PF15
as per the Blackfin manual) - the LED's are on PF2, PF3 and PF4.
The GPIO pins can be programmed via certain memory mapped registers.
The pin direction (input or output) can be set by writing to a
`direction register' at location 0xFFC00730 - if a bit of this
register is `set', the corresponding pin acts as output and if it
is clear, the pin acts as an input pin; for example, writing:
*((unsigned short*)0xFFC00730) = 0x1;
will result in PF0 being configured as output and all others as
input.
The uClinux kernel for the Blackfin processor comes with macros
using which we can access all these registers - the above expression
can be rewritten as:
*pFIO_DIR = 0x1;
There are two other registers which we can use to set or clear the
GPIO pins - writing a 1 to a bit of the FIO_FLAG_S register results
in the corresponding GPIO pin going high and writing a 1 to a bit of
the FIO_FLAG_C register results in the pin going low. All these
registers can be accessed only from kernel space. Listing 4
is a simple character driver which sets or clears PF2
depending on a value it receives from user space. The file
drivers/char/pflags.c in the Blackfin uClinux kernel source
is a more complete implementation.
Programming the watchdog
A watchdog timer is a critical part of many applications which
depend on the reliable operation of computer software - it's basically
a timer which counts down to zero and resets the microprocessor
when the count reaches zero - follow this link for more information.
The Blackfin CPU has a 32 bit watchdog timer. The registers
associated with this timer are the watchdog count, status and
control registers. The status register holds the current watchdog
count value which gets decremented by one every clock cycle (the
system clock is 100MHz on my board). Writing any value to this register
when the watchdog is enabled results in the register being loaded
with the value of the count register. Writing a value to the count
register when the watchdog is disabled results in that value being
copied to the status register. When the status register value becomes
zero, the watchdog triggers an event which was previously selected
by writing to a few bits of the control register (usually a system
reset). The watchdog is enabled by writing any value other than
0xAD to bits D4 to D11 of the control register. Bits D1 and D2 of
the control register decide the event to be triggered on timeout -
setting the value to 00 chooses `system reset' as the event.
The working of the watchdog can be tested by writing a simple module
whose init_module function contains the following lines:
*pWDOG_CNT = 500000000 // timeout in 5 seconds
*pWDOG_CTL = 0; // choose `reset' event and
// enable watchdog.
The system will reboot five seconds after inserting the module!
Conclusion
We have seen how to do simple kernel programming on the BF533 Stamp board.
Myself and Jesslyn
(my student and author of the first part)
would love to share with LG readers many more experiments using
the Stamp board in later parts of this series!
As a student, I am constantly on the lookout for fun
and exciting things to do with my GNU/Linux machine. As
a teacher, I try to convey the joy of experimentation,
exploration, and discovery to my students. You can read about
my adventures with teaching and learning here.
As a community, we would like to see large computer manufacturers sell
PCs with Linux already on them. Is this the only option worth
considering?
I work as a sales representative for one of the large PC manufacturers, at
many different technology retail stores. Three years ago, I heard about
Open Source and Linux. My first exposure came in the form of the Firefox
browser. When I speak with customers, I talk about my experiences using
Linux. I ask them if their computer is running slow, and the answer is
always "Yes". They tell me how it is running really slow no matter what
they do, or how they can't seem to create any free room on their hard
drive.
People often ask me if MS-Office comes with the computer, and I say "No,
but have you ever heard of OpenOffice.org?" I tell them how it can
read and save the MS formats, and how I have been using it at college even
though MS-Office dominates on campus. I tell them what it can do and that
it doesn't cost a dime. That usually gets their attention.
I also will often hear the customer say, "As soon as I get home I am going
to throw the old computer away". What I say at that point - and what I think we
should all be saying - is "You know that old computer that can't run
Windows the way you need it to anymore? Give it to me, and I'll fix
it up and give it to someone or some family that does not have a
computer."
I have had several conversations with customers that have led to them
giving me their old computers when buying a new one. I fixed one up and
gave it to a friend of mine who lives on a ranch in Colorado, and because
of it he has been able to stay in contact with friends and family here in
Phoenix. What if we all did that? All of us? What if everyone who used
Linux fixed up an old computer, configured it for common uses, and gave it
to someone or some family who did not have one? Think about it.
We would not only double the number of people who use Linux, but have
a very positive effect on society. We all know that having a computer
in the home makes everyone who uses it read better. It is my belief
that that the ability to read well does as much or more for that person
as going to school. Someone who knows how to read can find what they
need to learn the skills and teach themselves anything they want. If a
child can be positively affected by having a computer, so can an
entire family.
I am not trying to proclaim some kind of "call to arms" to join me in some
crusade - not at all. I just want to share some of the things I say, and
some of the questions I ask, that have introduced Open Source Software to
new people in a positive way. As the saying goes, "You never get a second
chance to make a first impression". I hope that what I say in this article
will help you make that first impression a good one. Over the last two
years, I have gone from not knowing how to pronounce "Linux" correctly
to... well, still not knowing how to pronounce SuSE correctly.
You gotta admit, though - fixing up and giving away computers is at least good
karma (I hope).
Part 2 - Changing Opinions
If someone has already made up their mind not to give something new a
try, then there is no sense in wasting your time trying make them
re-think their decision. However, there are plenty of other people around -
and some of them are only held back by excuses.
Among those who give such excuses, there are those who are just
repeating what they have heard or read and really do not have any of
their own information or experience to draw from. They are easy to
pick out - once you have heard hundreds of different people say almost
the exact same thing like I have. It's not that hard; all you have to
do is ask a few questions and you can easily determine if they are just
repeating what they have heard or actually have their own reasons for
not wanting to give Linux a try.
Here is what I do:
Ask them if they use IE, WMP (Windows Media Player), Quicktime, iTunes,
Word, Excel, PowerPoint, Access... and always ask them how many types of
Anti-Virus programs they are using. Make sure that you always end with the
Anti-Viruses - trust me, I'll tell you why in a moment.
You will find that roughly 99% of the people you talk to do not even
use all of those programs I listed - and very, very few use any programs
that are not on that list. Most people only use IE, Word, WMP, and maybe
Quicktime a little - and whatever Anti-Virus software they have installed.
Ask them how many types of Anti-Virus programs they use.
After you ask, most people will repeat it back to you saying, "How many
types of Anti-Virus programs do I use?" "Do you have more than one
Anti-Virus program on your computer?" Some people do not - but many do use
more than one. This is where I tell them,
"When I ran Windows, I used Ad-Aware, Zone Alarm, AVG, McAfee
(the free version), Spybot, Spywareblaster, Spyware-Doctor, Webroot, and
Registry Mechanic."
Which is true: I had all of them on my computer at the same time and
between them I could keep my system fairly safe. Fairly.
Ask them if they have ever heard of Firefox.
Some will ask, "What is Firefox?" - "Firefox is a browser."
"What is a browser?" - "It is a program that you use to surf the Internet."
"You mean like IE?" - "Exactly, only it is a lot safer than IE." This is
where I go into the features, how it imports favorites and why it is safer
than IE. Something like:
"Because it is not a part of the operating system, it is a lot harder
for spyware to damage your system when using Firefox."
"OpenOffice allows you to view, modify, save, and send the changed
document in MS format and it does not cost $500... actually, it does not
cost a dime."
I will tell you that a lot of people are not happy when they buy a new
computer and then are told by the store employee that it does not come
with Word or Office - and that if they want it, it will cost hundreds of
dollars. If you can get people to listen to you about OpenOffice's
compatibility features and price, of lack thereof, many will not leave
until they get the web address from you.
If I can get most of the way through these steps, then I know I can
re-visit the Linux question and stand a chance of success. I can show
them that it just might be something that could work for them. When I
explain the Root and User separation built into Linux - how it makes
the computer safer and that they will not need multiple Anti-Virus programs
or have to re-format their hard drive every six months because Windows
does not actually delete anything - they start to actually look at the
retail Linux box I have already handed them.
Is this system perfect? No. You may talk about one thing before
another or skip over something or do it in reverse - every conversation
is unique. I want to inform them of choices they may not have known of,
open them up to new ways of doing something and not make them feel
like they were wrong or stupid. If I do it right, they do not even
feel their own shift in opinion or preference.
I could expand on this some more, and I will, but I thought that giving you
the basics of what I do might help others in getting past the FUD without
alienating the person you are talking to. Changing someone's opinion or
stance without making them feel stupid takes practice - and I get a lot of
practice.
Scott Ruecker a.k.a. "sharkscott" lives in Phoenix, Arizona; he is a Special
Education Major at Arizona State University and claims to have taken way too
many History Classes. He works as a sales rep for a large OEM, tries
to pronounce "Linux" correctly and plays Drums in a rock-n-roll band
every Saturday night.
First exposed to OSS when he heard about "This Linux Thing" in 2002.
Got his start on the Fedora Cores, Ku-Ubuntu and then to SuSE. Has
used SuSE since 9.1 and thinks he likes it.
Part computer programmer, part cartoonist, part Mars Bar. At night, he runs
around in his brightly-coloured underwear fighting criminals. During the
day... well, he just runs around in his brightly-coloured underwear. He
eats when he's hungry and sleeps when he's sleepy.
The Ecol comic strip is written for escomposlinux.org (ECOL), the web site that
supports es.comp.os.linux, the Spanish USENET newsgroup for Linux. The
strips are drawn in Spanish and then translated to English by the author.
These images are scaled down to minimize horizontal scrolling.
These cartoons are copyright Javier Malonda. They may be copied,
linked or distributed by any means. However, you may not distribute
modifications. If you link to a cartoon, please notify Javier, who would appreciate
hearing from you.
![[BIO]](misc/cover/xteddy-sitting-48.jpg)
![[BIO]](../gx/2003/sit3-shine.7-2.gif)
Tux has been Linux's mascot since shortly after the release of the
2.0 kernel. He's been known to be quite the fellow for the lady penguins,
and
A Brief History Of Tux - So
Far will surely tell you more than you needed to know about this
dashing fellow. All too often, it's a working vacation for him, but he's
considering a hiking
trip - hmmm, looks like some of the LBW folk are getting together for
Easter, better join their mailing list - or a
cruise sometime this Summer.
![[BIO]](../gx/2002/note.png)
Heather got started in computing before she quite got started learning
English. By 8 she was a happy programmer, by 15 the system administrator
for the home... Dad had finally broken down and gotten one of those personal
computers, only to find it needed regular care and feeding like any other
pet. Except it wasn't a Pet: it was one of those brands we find most
everywhere today...
New Fedora Core 5 is OUT!![[BIO]](../gx/authors/dyckoff.jpg)
Howard Dyckoff is a long term IT professional with primary experience at
Fortune 100 and 200 firms. Before his IT career, he worked for Aviation
Week and Space Technology magazine and before that used to edit SkyCom, a
newsletter for astronomers and rocketeers. He hails from the Republic of
Brooklyn [and Polytechnic Institute] and now, after several trips to
Himalayan mountain tops, resides in the SF Bay Area with a large book
collection and several pet rocks.
![[BIO]](../gx/authors/pfeiffer.jpg)
![[cartoon]](misc/ecol/ecol-227-e.png)
![[cartoon]](misc/ecol/ecol-230-e.png)
