Cool Linux
John Swinbank
Compsoc
15 May 2001
(page 1)
Introduction 2
In this talk, I'm going to suggest some "cool" things you can do with Linux.
They are:
- Mostly simple (like me! :-) ).
- Not necessarily cool by most standards.
But I like them. And it's my talk.
Please feel free to ask questions -- I won't know the answers, but somebody else might. Oh, and suggest your own "cool" ideas.
(page 2)
MagicPoint 3
An X based presentation tool. Think PowerPoint.
"Designed to make simple presentations easy and to make complicated presentations possible".
What's cool about it:
- Small and light (at least compared to PowerPoint).
- Presentation files are written as plain text in your favourite editor.
(page 3)
MagicPoint (continued) 4
What's less cool about it:
- Simplistic page layout system.
- No size checking (quite happy for your presentation to flow off the end of the page).
- Very limited transition effects & other whizzy graphics (a good thing?!).
(page 4)
GRUB 5
The GRand Unified Bootloader. That is, like LILO. But better(?)
"GRUB is intended to provide important features that are missing from typical personal computer BIOSes".
- Command line and graphical interfaces.
- Recognises fdisk partitions and BSD disklabels.
- Can read ext2, ReiserFS, ufs, FAT16, FAT32 and Minix fs filesystems.
- Can boot Multiboot-compliant kernels (eg GNU Mach).
- But it seems relatively complicated to configure (because I'm used to LILO?)
(page 5)
SSH 6
Everybody knows(!) that you should be using ssh for remote logins instead of telnet, as it's (more) secure. And it's just as easy to use:
$ ssh jds@ox.compsoc.net
jds@ox.compsoc.net's password:
Last login:.....
No problem. But that's not really cool & I hope you're all using it anyway...
(page 6)
SSH (continued) 7
The cool bit about SSH is port forwarding. This sets up a secure channel from a port on the local machine to a port on a remote machine. This is useful for...
1) Secure e-mail collection.
Forward a local port over SSH to the appropriate port and machine to collect mail from. Then tell fetchmail (or whatever) to poll that port on localhost to collect mail. Your mail is then transferred over the SSH encrypted tunnel.
Fetchmail helps in this, by providing the "preconnect" directive in your .fetchmailrc, which makes a great place to turn on forwarding.
See the Secure POP via SSH mini-HOWTO for more.
(page 7)
SSH (continued) 8
2) Read Ox.Net from home.
news.ox.ac.uk doesn't allow connections from non-Oxford IP addresses. Which makes it difficult if you want to keep up with the exciting (?) goings on in ox.talk during the vacations. But SSH comes to the rescue again!
Simply use SSH port forwarding to bounce your connection off Compsoc. news.ox sees the connection coming from within the university, so it all works. For example:
$ ssh -f jds@ox.compsoc.net -L 12321:news.ox.ac.uk:119 sleep 20
jds@ox.compsoc.net's password:
$ telnet localhost 12321
...
200 news.ox.ac.uk InterNetNews NNRP server INN 2.3.2 ready (posting ok).
Now just tell your newsreader to connect to port 12321 (in this example) on localhost.
(page 8)
Netcat 9
We've already decided not to use telnet for remote logins; now let's avoid using it for other purposes. Netcat is a "TCP/IP swiss army knife":
- Reads and writes data across network connections using TCP or UDP.
- A reliable "back-end" tool that can be used directly or easily driven by scripts.
- Create any kind of connection you need.
Replace telnet:
$ nc host port
Instead of:
$ telnet host port
(page 9)
Netcat (continued) 10
Netcat:
- Can create a TCP connection to a given host & port.
- Standard input is sent to that host
- Anything received from the host appears on standard output
- Can listen for inound connections on arbitrary local ports.
- Then behave in the same way as above.
- Can cope with UDP as well.
- The "udp telnet-like" application you always wanted...
- Has lots of other features, eg
- Built in port-scanning capabilities
- Slow-send mode (one line every N seconds)
- Hex dump of transmitted and received data
- Can let another program service established connections
- And so on...
(page 10)
Scanlogd 11
We just saw that Netcat can be used to do port-scanning. But that's antisocial, so don't do it.
Maybe you don't trust the rest of Compsoc, and you think they're all going to rush home, download netcat, and start portscanning your machine. What can you do? Install scanlogd.
- Detects TCP port scans (and logs them).
- By default, it defines a scan as access to 7 different priviledged or 21 non-privileged ports (or a weighted combination thereof) with no longer than 3 seconds between each access.
(page 11)
Netfilter/iptables 12
So you installed scanlogd, and you see crazed, Netcat wielding Compsoc members trying to break into your machine every few minutes. What can you do? Look at firewalling.
I'm not going to talk about firewalls properly, because there was a talk on those last term. But since I didn't go to that, I'm going to mention stuff that was probably covered there. Sue me. :-)
As of kernel 2.4, Linux can do stateful packet filtering. That is, it can determine whether or not to allow a packet through the firewall based on the state of the firewall.
(page 12)
Netfilter/iptables (continued) 13
Why is that useful? Well, you can have a good default deny policy:
iptables -P INPUT DROP
But this drops absolutely everything coming into your machine, whatever it's purpose. Which is a bit useless. If, for example, you request a web page, then it gets sent to your machine, which sees incoming packets and drops them. Oops. So...
insmod ip_conntrack
insmod ip_conntrack_ftp
iptables -A INPUT -m state --state ESTABLISHED,RELATED -j ACCEPT
And then connections started locally should work, but other incoming data will be dropped.
(page 13)
Netfilter/iptables (continued) 14
The other cool think that you can do with iptables is NAT (Network Address Translation). This is helpful if you have only one IP address, but want to connect multiple machines to the network.
For example, set up IP Masquerading (a form of NAT) to enable multiple machines on your home network to use one dialup. On the machine with the modem simply run:
iptables -t nat -A POSTROUTING -o ppp0 -j MASQUERADE
Obviously, iptables and netfilter can do a lot more than just that...
(page 14)
Lout 15
The standard advice for producing professional looking documents is "use LaTeX". I tried LaTeX for a while, but found it a bit awkward, so I looked around and came up with Lout instead.
Lout includes lots of standard, LaTeX-y type stuff:
- Optimal paragraph breaking
- Automatic hyphenation
- Equations
- Tables
- Diagrams
- Sorted indices
- Bibliographic databases
- Automatic cross references
- Postscript, PDF or plain text output
- And so on...
(page 15)
Lout (continued) 16
One of the best things about Lout is the great documentation and support:
- Three substantial books
- User's Guide, 297 pages
- Expert's Guide, 103 pages
- Design & Implementation, 40 pages
- High signal to noise mailing list
- The author often answers sensible questions
- And is receptive to suggestions for new features
I'm no TeX expert, but I suspect it's more flexible than Lout. On the other hand, Lout offers more than enough for producing every type of document I can think of off hand. Oh, and it's (relatively) tiny: Debian's package is 1100.8 kb. Compare that to an average TeX distrubution...
Oh, you want an example document? Look at your termcard. :-)
(page 16)
maildrop 17
Another alternative to the standard tool for a given job; this one's a Procmail replacement.
A while ago, I wanted to filter mail into qmail style maildirs. At the time, Procmail wasn't able to do this (it is now, I believe), whereas maildrop was (and still is).
Maildrop reads a mail message from standard input and delivers it to a mailbox, optionally filtering it according to given instructions along the way.
(page 17)
maildrop (continued) 18
Maildrop:
- Can deliver to maildirs and mbox style mailboxes.
- Is larger than Procmail, but more efficient with memory.
- Instead of reading big messages into memory, it can filter them from a temporary file.
- Checks the syntax of the filter file before delivery.
- It will not deliver if the file contains errors.
- Unlike Procmail, the user can fix the tyop without losing mail.
- Has a (relatively) sane filtering language (which looks vaguely like C). :-)
(page 18)
Other mail filters 19
There are a couple of other mail filtering systems that are worth a look if you don't like Procmail. I've not used them, but they might be good! :-)
- The Exim MTA has a built in filtering language.
- Mail::Audit, a Perl module.
(page 19)
LBX 20
Low-Bandwidth X (LBX) is a compression and caching scheme designed to minimize the amount of X traffic generated between two systems. It's not new & shiny (it was a full extension to the X protocol as of X11R6.3 in December 96), but I only just discovered it.
Not much use here in Oxford where fast connections are easy to come by -- but does it make X usable on a modem? The HOWTO seems to think so, but I've not tried it...
Should be really easy to use, just run lbxproxy on the remote machine and point your display at it:
$ lbxproxy -display LOCAL:0 :1 &
$ export DISPLAY=:1
Has anybody used it over a low bandwidth connection? How much better is it than (say) SSH compression?
(page 20)
Debian 21
A cool distribution. But then, I've got to say that because there are Debian developers about...
Unusual in being a community driven distribution, rather than pushed by a company like RedHat, SuSE, Mandrake. Anybody can become a Debian developer.
(One of) the best thing(s) about Debian is the package management system.
- Uses .deb packages -- look a little like RPMs
- Can install RedHat, Stampede and Slackware packages using alien.
- Lots of package management tools....
- aptitude
- deity
- dpkg
- dselect
- and...
(page 21)
Debian (continued) 22
APT.
APT is the "Advanced Package Tool". It actually provides the back end for many of the other tools mentioned above. Alternatively, you can interface with it directly, using apt-get, apt-cache and friends.
Update your package database:
# apt-get update
Install any updates to currently installed packages:
# apt-get upgrade
Upgrade your distribution:
# apt-get dist-upgrade
(page 22)
Debian (continued) 23
Install a new package:
# apt-get install [package]
Remove a package:
# apt-get remove [package]
Get the source for a package and compile it locally:
# apt-get --build source [package]
(page 23)
Debian (continued) 24
Loads of neat utilities to help apt on it's way:
- apt-spy
- Choose which mirror to use based on bandwidth tests.
- apt-zip
- Makes it easy to update a non-networked computer using apt and removable media.
- apt-proxy
- Build up a Debian mirror based on requests to the proxy -- great for multiple Debian users behind a slow link.
- apt-listchanges
- Display and ask for approval of changelogs before apt-get installs new .deb archives.
- My favourite! :-)
Deity is the next generation frontend for apt which is still under development. It has multiple user interfaces, eg deity-gtk and deity-curses. Has anybody used it? Is it good?
(page 24)
Ruby 25
"Take a true object-oriented language, such as Smalltalk. Drop the unfamiliar syntax and move to more conventional, file-based source code. Now add in a good measure of the flexibility of languages such as Python and Perl. You end up with Ruby."
Dave Thomas and And Hunt,
Programming Ruby
Ruby is already more popular than Python in Japan, although relatively unknown in the rest of the world. I came across it when I wanted to learn a scripting language but didn't feel comfortable with Perl or Python.
(page 25)
Ruby (continued) 26
Ruby is a pure-OO language; *everything* is an object. For example, we can call methods on:
- Integers
- -1942.abs # -> 1942
- Compare Java Math.abs(-1942)
- Strings
- "ABCD".downcase # -> "abcd"
- Ranges
- ('a'..'c').to_a # -> ['a', 'b', 'c']
Even regular expressions are objects, of class Regexp:
r1 = Regexp.new('^\D\d'); r1.type # -> Regexp
(page 26)
Ruby (continued) 27
Other languades have functions, procedures, methods, routines and so on, but in Ruby there is only the method. You can define things that look like functions in a traditional language like C, but in fact you just defined a method in the "program" object.
def foo
puts "Bar"
end
And then call it by simply putting:
foo
(page 27)
Ruby (continued) 28
Iterators are a cornerstone of Ruby; things like for loops are just a wrapper around an interator. Quick iterator example:
$ ruby -e'(1..10).each { |i| puts i }'
Ruby features single inheritance only, on purpose. However, you can use modules, which are simply collections of methods that any class can import, which is (supposedly) a much clearer system than multiple inheritance.
Ruby has a mark-and-sweep garbage collector, which works with all Ruby objects.
Ruby features OS independent threading. Thus, on all platforms on which Ruby runs you can have multithreading -- even MS DOS!
Ruby is highly portable -- developed on Linux, but works on many types of Unix, DOS, Windows, Mac, BeOS, OS/2....
Ruby doesn't really have a CPAN equivalent yet. However, the Ruby Application Archive is making a start in this direction. See http://www.ruby-lang.org/en/raa.html.
(page 28)
Ruby (continued) 29
There's a small but growing amount of Ruby documentation available in English.
- The 'Pickaxe Book'
- Actually "Programming Ruby: The Pragmatic Programmer's Guide".
- By Dave Thomas & Andy Hunt.
- The first Ruby book in English.
- Available online at http://www.rubycentral.com/ (or in Blackwell's!).
- "Ruby Essentials"
- To come from O'Reilly later this year.
- "The Ruby Programming Language"
- By Matz (Yukihiro Matsumoto), creator of Ruby.
- To be published September 14.
- Several documents (including a brief tutorial) on the Ruby web page...
(page 29)
LVM 30
Not something that I've ever been in a position to use, but it looks like a fun toy.
LVM adds virtual disks and virtual partitions to give the administrator the ability to change disk capacity at runtime.
Adds an additional layer between the physical peripherals and the I/O interface in the kernel.
Can then combine several paritions or disks (to form a physical volume or PV) and multiple PVs to form a volume group (VG). Think of a VG as a virtual disk.
(page 30)
LVM (continued) 31
Some of the allocation units in the VG can be allocated to logical volumes, which are "virtual partitions".
At runtime, it is possible to extend or reduce both VGs and LVs. So, if the capacity of a LV gets too small, and the VG containing it is full, you can simply increase the size of the VG by adding PVs.
You can resize filesystems without losing data using resize2fs or ext2resize.
Which I think is kinda cool. But has far too many 'V's in it, so that's enough of that... :-)
(page 31)
xine 32
A video player. Supports mpeg-2 and mpeg-1 (audio & video multiplexed) strams, mpg audio files and AVI files (using Win32 codec DLLS).
Yay! Play DivX ;-) files under Linux now! And it does better (ie, it screws up less) than Windows media player.
Can also play Video CDs, SVCDs and DVDs -- although, they don't provide a DVD decrypter as part of the install.
(page 32)
xine (continued) 33
Shows off some of the cool new features in XFree86 4. Such as the XVideo extension. This provides really fast, full screen playback -- as long as your video card is supported. Supported cards include:
- 3DFX Voodoo 3
- nVidia GeForce
- With nasty closed source drivers
- nVidia TNT2 and TNT1
- ATI Rage 128 and Mach64 based cards
- Matrox G200/G400
- All(?) XFree86 versions since 4.
- Intel i810 and i815
- All(?) XFree86 versions since 4.
(page 33)
xine (continued) 34
Also, if you're using a Matrox G200/G400, it supports the syncfb driver, which:
- Synchronizes the image stream with the monitor frequency
- Reduces 'tearing' artefacts.
- Scales the video in hardware.
(page 34)
The End 35
THE END
Questions, suggestions, pub...
(page 35)
