OpenID I Skype I Gizmo I Mobile IPv6 I AVSynthesis I Live CDs
AVSYNTHESIS
Blend Sound and Images
VoIP Programs
Compared
Skype
for Beginners
Interview with
Bob Frankston
Set up a Quick-and-Dirty
Secondary Mail Server
www. li nuxjou rna l.com
$ 5.99U S S5.99CAN
REVIEWED: Teak 3018 Network Appliance
o 09281 03102 4
0 5>
AMDZ1
Opterorr
THE QUIET
REVOLUTION
32 processor performance in your desktop
HiPerSTATION 8000
System Highlights:
• Optimal multi-threaded application performance
utilizing (8) eight native Quad-Core AMD Opteron™
processors
• Up to 256GB of DDR2-667 memory
• Next generation dual xl 6 PCIe technology offers scalable
graphic bandwidth
• 2TB of storage
• Designed to be quiet enough to utilize in an office
environment; 'h the noise of server version
• Ideal for usage in Computer Aided Designs,
Visualization, and Digital Content Creation
www.hpcsystems.com 888-725-3472
GS-35F-C596R
Contract Holder
SBA
WA>
ciinnir
It's a small world after all
Your organization is global and so is your IT infrastructure. Some days that
means you need to operate and solve problems in 12 time zones. With Avocent,
you can solve most any crisis that the network gremlins can throw at you with¬
out leaving your desk or using your passport.
Avocent infrastructure solutions put complete manageability at your fingertips. We’ve combined our innovative
and powerful hardware and easy-to-use software to enable remote access and control of literally any system on
the planet. At anytime. From anywhere.
Download our white paper today and find out how you can manage your physical and virtual world
from one common interface. Visit www.avocent.com/ljournal.
Avocent, the Avocent logo and The Power of Being There are registered trademarks
of Avocent Corporation in the U.S. and other countries. Copyright © 2008 Avocent
Corporation. All rights reserved.
CONTENTS
MAY 2008
Issue 169
2 | may 2008 www.IinuxjournaI
Turn Your Computer into
a Phone with Skype
A beginner's guide to installing and
using Skype on Linux.
Federico Kereki
FEATURES
Beyond Telecom:
Bob Frankston on
the Future We Make
for Ourselves
What if the "last mile" was
the end of the road for telecom
as we know it? We interview
tech pioneer Bob Frankston, who
sees the Internet as a "demo",
and a future where networking is
something we do for ourselves.
Doc Searls
Telephony Shoot-Out
A little detective work uncovers
theright VoIP solution for
Podcast recording in Linux.
Dan Sawyer
ON THE COVER
• AVSynthesis—Blend |
• Cooking \a Mi C hurrfbffi M
• VoIP Proqr^ MLC ompared, p w m
• Skype for Beainners, p. 54
• Interview with Bob Frankston, p. 42
• Set up a Quick-and-Dirty Secondary Mail Server, p. 34
• Reviewed: Teak 31^— tworl r Aaanlian cp- p. 38™
EmperorLinux
...where Linux & laptops converge
Portab
Since 1999, EmperorLinux has provided pre-installed Linux
laptops to universities, corporations, government labs, and
individual Linux enthusiasts. Our laptops range from full-
featured ultra-portables to desktop replacements. All
systems come with one year of Linux technical support by
phone and e-mail, and full manufacturers' warranties apply.
Toucan T61/T61p
ThinkPad T61/T61p by Lenovo
• Up to 15.4" WUXGA w/ X@1920xl200
• NVidia Quadro FX 570M graphics
• 1.8-2.6 GHz Core 2 Duo
• 512 MB-4GB RAM
• 80-250 GB hard drive
• CDRW/DVD or DVD±RW 4
• 5.2-6.0 pounds
• 10/100/1000 Mbps ethernet
• 802.11a/b/g (54Mbps) WiFi
•Starts at $1530
Po we rf
EmperorLinux specializes in the installation of Linux on a
wide range of the finest laptops made by IBM, Lenovo, Dell,
Sony, and Panasonic. We customize your choice of Linux
distribution to your laptop and provide support for:
ethernet, wireless, X-server, ACPI power management, USB,
EVDO, PCMCIA, FireWire, CD/DVD/CDRW, sound, and more.
Rhino D830/M6300
Dell Latitude D830/Precision M6300
• Up to 17" WUXGA w/ X@1920xl200
• NVidia Quadro FX 3600M graphics
• 1.8-2.8 GHz Core 2 Duo/Extreme
• 512 MB-4GB RAM
• 60-200 GB hard drive
• DVD±RW or Blu-ray
• 6.3-8.6 pounds
• 802.11a/b/g (54Mbps) WiFi
• ExpressCard/EVDO
•Starts at $1350
EmperorLinux offers Linux laptops with unique features.
Ruggedized Panasonic laptops are designed for harsh
environments: drops, vibrations, sand, rain, and other
extremes. ThinkPad tablet PCs are like other laptops, with
an LCD digitizer for pen-based input both as a mouse and
with pressure sensitivity for writing and drawing on-screen.
Raven X61 Tablet
ThinkPad X61 Tablet by Lenovo
• 12.1" SXGA+ w/ X@1400xl05
• 1.6 GHz Core 2 Duo
• 1-4 GB RAM
• 80-200 GB hard drive
• 3.8 pounds
• Pen/stylus input to screen
• Dynamic screen rotation
• Handwriting recognition
• X61s laptops available
•Starts at $2150
www.EmperorLinux.com
Model prices, specifications, and availability may vary. All trademarks are the property of their respective owners.
CONTENTS IKS
COLUMNS _
18 REUVEN M. LERNER'S
AT THE FORGE
OpenID
22 MARCEL GAGNE'S
COOKING WITH LINUX
Jumbled Words
26
DAVE TAYLOR'S
WORK THE SHELL
Handling Errors and Making
Scripts Bulletproof
28
MICK BAUER'S
PARANOID PENGUIN
Customizing Linux Live CDs, Fj
KYLE RANKIN'S
HACK AND /
Last-Minute Secondary Mail Se
96
DOC SEARLS'
EOF
The Multiple Play
REVIEW
38
AN IDEAL APPLIANCE?
Dan Sawyer and D.N. Crowe
IN EVERY ISSUE
LETTERS
UPFRONT
NEW PRODUCTS
ADVERTISERS INDEX
INDEPTH _
60 ADVENTURES WITH CHL MBY
In the kitchen with the Chum ay
_ device. _
Daniel Bartholomew
68 AVSYNTHESIS: BLENDING
LIGHT AND SOUND WITH
OPENGL AND CS0UND5
Make your own abstract experimental
films with the combined powers of
two of the finest audio and video
environments for Linux.
Dave Phillips
76 FRESH FROM THE LAB
New software—Zero Install System,
deco and orDrumbox.
John Knight
80 RUNNING UBUNTU AS A
VIRTUAL OS IN MAC OS X
How difficult is it to download,
install and run Ubuntu Linux within
the two popular virtualization
environments for Mac OS X,
VMware Fusion and Parallels
Desktop, and is it a usable alternative
to dual booting?
Dave Taylor
84 MOBILE IPV6 WITH LINUX
An MIPv6 primer.
Salah M. S. Al-Buraiky
Next Month
READERS’ CHOICE AWARDS
We recently surveyed you about
your favorite Linux tools, and
next month, well show you the
results. How do your preferences
compare with those of the
larger reader community? Get
ready for some surprises!
And, that's not all. Dan Sawyer
will help you narrow down the
plethora of Firefox extensions
and add-on applications, so
you can get the ones that will
extend functionality, enhance
privacy and more. Kyle Rankin
will present a series of handy
"lightning" hacks in his Hack
and / column, and in another
article, will walk you through
remastering Knoppix—without
remastering it. We'll also review
CeltX, an open-source project
that's stealing the script-writing
scene, we'll examine the sound
capabilities of the OLPC's XO
laptop, and much, much more.
USPS LINUX JOURNAL (ISSN 1075-3583) (USPS 12854) is published monthly by Belltown Media, Inc., 2211 Norfolk, Ste 514, Houston,
TX 77098 USA. Periodicals postage paid at Houston, Texas and at additional mailing offices. Cover price is $5.99 US. Subscription rate
is $29.50/year in the United States, $39.50 in Canada and Mexico, $69.50 elsewhere. POSTMASTER: Please send address changes to
Linux Journal, PO Box 980985, Houston, TX 77098. Subscriptions start with the next issue. Canada Post: Publications Mail Agreement
#41549519. Canada Returns to be sent to Bleuchip International, PO. Box 25542, London, ON N6C 6B2
4 | may 2008 www.linuxjournal.com
RouterBOARD
The High Performance Wireless Platform
It has four miniPCI slots, three gigabit ethernet
ports, and it is the fastest wireless board that
MikroTik has ever made.
The heart of this device is a new state of the art
PowerPC networking processor. It makes the
RB600 faster than any other MikroTik wireless
router, introducing a whole new class
to the RouterBOARD brand.
Two Compactflash slots for webproxy cache
and configuration backups of the User Manager
database or The Dude server.
RB600 includes RouterOS - the operating system
which makes this the most sophisticated
wireless router, firewall, bandwidth manager, or
hotspot.
And all this power at a very affordable price
CPU
MPC8343E 266/400MHz network processor
Memory
64MB DDR SDRAM onboard memory
Boot loader
RouterBOOT, 1Mbit Flash chip
Data storage
64MB onboard NAND memory chip
Ethernet
Three 10/100/1000 Mbit/s Gigabit Ethernet with Auto-MDI/X
miniPCI
Four MiniPCI Type IIIA/IIIB slots
Expansion
Daughterboard support, including RB500 daughterboards
Compact Flash
Two independent CF slots (incl.TruelDE Microdrive)
Serial port
One DB9 RS232C asynchronous serial port
Speaker
Mini PC-Speaker
Power options
IEEE802.3af PoE: 38..56V DC including over datalines.
Power jack: 10..56V DC
Fan control
Two 5V DC fan power output headers with rotation sensor and auto¬
matic fan switching (maximum output current - 300mA total)
Dimensions
14 cm x 20 cm (5.51 in x 7.87 in), 227 g (8 oz)
Power consumption
~9W without extension cards, maximum - 35+ W
Operating System
MikroTik RouterOS v3, Level4 license
Since 1994: The Original Magazine of the Linux Community
Digital Edition
Now Available!
Read it first
Get the latest issue before it
hits the newsstand
Keyword searchable
Find a topic or name
in seconds
Paperless archives
Download to your computer for
convenient offline reading
Same great magazine
Read each issue in
high-quality PDF
Try a Sample Issue!
www.linuxjournal.com/digital
LINUX
JOURNAL
JOURNAL
Executive Editor
Jill Franklin
jill@linuxjournal.com
Senior Editor
Doc Searls
doc@linuxjournal.com
Art Director
Garrick Antikajian
garrick@linuxjournal.com
Products Editor
James Gray
newproducts@linuxjournal.com
Editor Emeritus
Don Marti
dmarti@linuxjournal.com
Technical Editor
Michael Baxter
mab@cruzio.com
Senior Columnist
Reuven Lerner
reuven@lerner.co.il
Chef Fran^ais
Marcel Gagne
mggagne@salmar.com
Security Editor
Mick Bauer
mick@visi.com
Contributing Editors
David A. Bandel • Ibrahim Haddad • Robert Love • Zack Brown • Dave Phillips • Marco Fioretti
Ludovic Marcotte • Paul Barry • Paul McKenney • Dave Taylor • Dirk Elmendorf
Proofreader Geri Gale
Publisher
General Manager
Director of Sales
Regional Sales Manager
Regional Sales Manager
Circulation Director
System Administrator
Webmaster
Accountant
Carlie Fairchild
publisher@linuxjournal.com
Rebecca Cassity
rebecca@linuxjournal.com
Laura Whiteman
laura@linuxjournal.com
Joseph Krack
joseph@linuxjournal.com
Bruce Stevens
bruce@linuxjournal.com
Mark Irgang
mark@linuxjournal.com
Mitch Frazier
sysadm@linuxjournal.com
Katherine Druckman
webmaster@linuxjournal.com
Candy Beauchamp
acct@linuxjournal.com
Linux Journal is published by, and is a registered trade name of, Belltown Media, Inc.
PO Box 980985, Houston, TX 77098 USA
Reader Advisory Panel
Brad Abram Baillio • Nick Baronian • Hari Boukis • Caleb S. Cullen • Steve Case
Kalyana Krishna Chadalavada • Keir Davis • Adam M. Dutko • Michael Eager • Nick Faltys • Ken Firestone
Dennis Franklin Frey • Victor Gregorio • Kristian Erik • Hermansen • Philip Jacob • Jay Kruizenga
David A. Lane • Steve Marquez • Dave McAllister • Craig Oda • Rob Orsini • Jeffrey D. Parent
Wayne D. Powel • Shawn Powers • Mike Roberts • Draciron Smith • Chris D. Stark • Patrick Swartz
Editorial Advisory Board
Daniel Frye, Director, IBM Linux Technology Center
Jon "maddog" Hall, President, Linux International
Lawrence Lessig, Professor of Law, Stanford University
Ransom Love, Director of Strategic Relationships, Family and Church History Department,
Church of Jesus Christ of Latter-day Saints
Sam Ockman
Bruce Perens
Bdale Garbee, Linux CTO, HP
Danese Cooper, Open Source Diva, Intel Corporation
Advertising
E-MAIL: ads@linuxjournal.com
URL: www.linuxjournal.com/advertising
PHONE: +1 713-344-1956 ext. 2
Subscriptions
E-MAIL: subs@linuxjournal.com
URL: www.linuxjournal.com/subscribe
PHONE: +1 713-589-3503
FAX: +1 713-589-2677
TOLL-FREE: 1-888-66-LINUX
MAIL: PO Box 980985, Houston, TX 77098 USA
Please allow 4-6 weeks for processing address changes and orders
PRINTED IN USA
LINUX is a registered trademark of Linus Torvalds.
The StMkPeppk \
SINCE 199
ABERDEEN
"ONE POWERFUL BEAST...
THIS IS A COMPANY TO WATCH"
PC Magazine — February 2008
Featuring:
• Intel® 5400 “Seaburg” Chipset with PCI-E Gen 2.0 Support
- Provides support for faster processor, bus, and I/O speeds to
enhance performance in demanding computing environments
• Up to two Quad-Core or Dual-Core Intel® Xeon® processors with
up to 1600FSB (Harpertown/C I overtown/Wo If dal e/Wood crest)
• Dual Independent Bus provides independent point-to-point inter¬
connects between each of the processors and the chipset.
• 800 / 667 / 533 ECC Fully Buffered FBDIMM Memory
- Allows use of new lower power 1,5V FBDIMM
• Supports both SAS and SATA drives
• Intelligent Platform Management Interface 2.0
• 5-Year Warranty
"Companies like Aberdeen not only give better hardware-
to-dollar value but ship servers in very
specific configurations."
"The Aberdeen Stirling 229 2U is a
hardware Clydesdale with excellent
benchmark test numbers, a five-year
warranty, and a 30-day money-back
guarantee."
"Loads of hardware options. Highly flexible
configuration. Good price. Thirty-day money-
back guarantee."
"The company offers the only five-year server
warranty (strictly mail-in, though) I've ever
heard of. It also has a program called Aberdeen
CARES, which allows customers to purchase a
custom-built server, try it out for 30 days, and
return it for a full refund if not completely satisfied."
"And, make no mistake about it, the Aberdeen Stirling 229
I tested is one powerful beast."
"Aberdeen has added its own KVM-over-LAN feature—a
nice convenience."
"On Geekbench, the Stirling returned a whopping overall
score... screaming... terrific price and a solid product."
"This is a company to watch!"
PC Magazine — February 2008
1U 4TB High Performance Server
• Dual Quad-Core Intel Xeon Processors E5462 (2.8GHz
1600FSB 12MB)
• 2GB ECC DDR2 800MHz FBDIMM (2 x 1GB) up to 64GB
• 4TB Storage (4 x Hitachi A7K1000 1TB SATA Hard Drives)
• Areca ARC-1210 PCI Express SATA RAID Controller
• Supports 2 x Full-Height and 1 x Low Profile Expansion Cards
• 650W High-Efficiency Redundant Power Supply
• 5-Year Warranty
$ 5,399
2U Extreme Performance Workhorse
As reviewed in PC Magazine-.
• Dual Quad-Core Intel Xeon Processor X5482 (3.2GHz
1600FSB 12MB)
• 4GB ECC DDR2 800MHz FBDIMM (4 x 1GB) up to 128GB
• 8 x SATA/SAS Hot Swap Hard Drive Bays
• 584GB Storage (4 x Seagate Cheetah 146GB 15K SAS Drives)
• LSI MegaRAID 8888ELP SAS RAID Controller
• Supports 7 x Low Profile Expansion Cards
• 700W High-Efficiency Redundant Power Supply
• 5-Year Warranty
*7,399
4U Heavy Duty Server w/Flexible Design
• Dual Quad-Core Intel Xeon Processor E5472 (3.0GHz
1600FSB 12MB)
• 8GB ECC DDR2 800MHz FBDIMM (4 x 2GB) up to 128GB
• 8TB Storage (8 x Hitachi A7K1000 1TB SATA Hard Drives)
• Areca ARC-1220 PCI Express SATA RAID Controller
• 2 x 5.25" Peripheral Drive Bays, 1 Floppy Drive Bay
• May be used as either 4U Rackmount or Tower
• Supports 7 x Full-Height Expansion Cards
• 800W High-Efficiency Redundant Power Supply
• 5-Year Warranty
*8,399
Intel, Intel Logo, Intel Inside, Intel Inside Logo, Pentium, Xeon, and Xeon Inside are trademarks or registered trademarks of Intel Corporation or its subsidiaries in the United
States and other countries. PC Magazine is copyrighted by Ziff Davis Publishing. For terms and conditions, please see www.aberdeeninc.com/abpoly/abterms.htm. Ij025
888-297-7409
www.aberdeeninc.com/lj025
letters
A
OPENS0CIAI KDE4 ORCA ACCERCISIR VIDEO EDITORS
MUST-HAVE
DESKTOP
SOFTWARE
INTERVIEW WTTH
DAVID LIU
of gOS
ORCA
Symphony
£Oo>o0«
gPCmi
Is Hardware Catching Up to Java?
In the past month, the development team
I lead and I went though the same search
for the appropriate language or SDK
with which to write software destined
to run on multicore systems (in my case,
8-core/32-thread processors from Raza
Microelectronics as well as future Intel
8-core CPUs) as well as single-core systems.
So Nicholas Petreley's article "Is Hardware
Catching Up to Java?" in the November
2007 issue was of great interest,
though in the end we came to differ¬
ent conclusions.
Nicholas picked Java because it has
some multithreading support built in,
though he admits that is far from
being a slam dunk for issues related
to garbage collection.
I don't think GC's implementation is
what is most important. I think what is
most important is being able to write
multithreaded software with as few
bugs as single-threaded software. In my
experience, once you get past the sim¬
ple, large-scale pieces of the software
that can be run on separate threads,
you hit a wall. For example, it is usually
easy in server software to run each
client's requests in a different thread.
That is easy because the number of
places where two client threads interact,
and the amount of data they share, is
limited and well defined. (Well, if it
isn't, it's going to crash.)
But, how do you get beyond that and
do things like running a for loop (in C or
Java) in parallel and knowing the imple¬
mentation is right, and will remain right,
over the next five years as new software
developers alter the rest of the software?
Java cannot help you there, not more than
C, C++ or Python, because they all share
something: shared state. In all these lan¬
guages, the default is that data is shared.
Any thread can write to anything to which
it has a pointer. There is no guarantee
beyond documentation and code reviews
and the good intentions of future develop¬
ers that the data your threads use isn't
changing in ways that will crash them.
My conclusion of my search was that the
proper language for multicore software
was a single-assignment language: Erlang
or Haskell. In these languages, the default
is that software cannot alter a value after
it is assigned. Thus, data structures can be
shared between threads without laying
down rules about how it can be used or
not used (locks, lock-free algorithms and
so on). In these languages, the variables
that act like normal Java or C variables
are the exception, and are defined differ¬
ently from the rest. In fact, in Haskell,
they are extremely well marked—-to the
point that any function that accesses
them (even to read) is marked as well.
In the end, we decided to develop in
Haskell, using its C interface to connect
it with our existing C code. I've previous¬
ly worked with developers who swore by
Erlang (and thought at the time that we
were nuts to code in C++).
PS. You mentioned Python. Python
(more precisely, the CPython interpreter,
the one everyone uses and for which
we have all the nice plugins and tools
support) has an Achilles' heel: the
global interpreter lock (GIL). It may be
multithreaded, and stackless Python is
perfect for multithreaded server software.
But, the GIL means the Python code
cannot run on more than one core.
Nicolas Dade
The Number 77
I have known Dave Taylor for many, many
years, having interacted with him at vari¬
ous USENIX conferences. His discussions
of shell programming in his Work the
Shell column are useful to all of us.
Unfortunately, he should have chosen
another application area instead of
numerology for his recent article in the
2008 January issue of Linux Journal. By
writing such articles, even more people
are led to believe that there is validity in
traditional numerology. There isn't.
Systematics (www.systematics.org) on
the other hand, a discipline developed
by John Bennett and others, asserts that
numbers do, in fact, have "qualitative
significance". Instead of "associating
numbers with letters", Dave could have
presented a shell script to, for example,
enumerate the various "inner connec¬
tions" within each of Systematics' primary
"systems" (monad, dyad, triad, tetrad,
pentad and so forth).
Let's not encourage useless, unreal "dis¬
ciplines" by publishing articles involving
them. Rather, Linux Journal should focus
on what is true and of value.
Kenneth Hood Jacker
Dave Taylor replies: Interesting... there
are 17 letters in your name, and the
letters sum up to 77. When I started
programming, one of the languages I
learned was Fortran 77. Coincidence?
Maybe not. In any case, thanks for your
note, Kenneth.
X Server Suckage
I have an update on this [see Letters,
LJ April 2008], I finally got tired of
the old notebook running out of
memory and migrated to the new
Lenovo. I'm getting by using mostly
one workspace, with all the windows
overlapping, which I hate apparently
about as much as my wife hated the
pannable virtual desktop. Having
recently re-installed Linux on my
home desktop (going from Red Hat 9
to Ubuntu 7.10), I got a taste of
Compiz and all its fancy features.
That made me wonder why on the
8 | may 2008 www.linuxjournal.com
Lenovo, Compiz wouldn't let me
enable any visual effects.
It turns out this is yet another case of
the Intel X server sucking. It seems
under this X server, you can either
have Xv accelerated video playback or
Compiz. Ubuntu "solved" this problem
by blacklisting the Intel X server. I
found I could get around this blacklist¬
ing by adding SKIP_CHECKS=yes to
/etc/xdg/compiz/compiz-manager, but
the next time I tried to play a video
file, I found I could not. There are
workarounds, configuring the various
video player apps to use something
other than the default (Xv) for video
output, but those result in slower or
buggier (video always on top) behavior.
Some have suggested running the i810 X
server rather than the newer Intel one, but
when I tried that, X wouldn't run at all.
Had I known how bad the X server
support is for this video chipset, I would
have blacklisted machines using it while
shopping for a new notebook.
I'm still waiting for Xi to get the neces¬
sary programming info from Intel so
they can produce an Intel X server that
hopefully doesn't suck.
As a side note, the ASUS Eee PC also
uses a similar Intel video chipset and
suffers all these same problems. I recently
got an Eee at work, and that tiny screen
just begs for a virtual/pannable desktop.
Too bad it uses the Intel X server.
Frequently, windows pop up that have
to be moved (Alt-click-drag) partially
off the screen to get to the buttons on
them. These things aren't as big of a
deal for me on the Eee, as I wanted it
primarily as a router config terminal
and "go anywhere" portable Internet
terminal, and I knew before we ordered
it that I wouldn't be happy with the
screen. The Eee would be great if it was
just a bit bigger (making the keyboard
less cramped), had a bit more screen
resolution and size and, of course, a
non-Intel video chipset with an X server
that doesn't suck.
Jon Lewis
More Business?
In regard to the letter from Nick
Couchman in the March 2008 U, "More
Business Content, Please", I agree with
Nick to a point but must express that he
may have missed the business side of
some articles. Like he says, articles about
LTSP for schools and such are great, but
has he ever considered using it as a FREE
(beer) connection broker for VDI? With XP
licenses as the only pay-for product, I use
LTSP to boot old machines with Etherboot
or PXE into an rdesktop screen pointed
at that person's XP virtual machine on
VMware server. Linux all the way to the
VM. I'd also like to call attention to Dave
Richards' blog (davelargo.blogspot.com).
He has more than 500 thin clients
deployed in the city of Largo, Florida. The
whole city operation runs Linux, Evolution,
OpenOffice.org—beautiful.
I would like to see more business-relat¬
ed articles, such as using Coraid's AoE
product in a VMware server or ESX envi¬
ronment. But, part of the fun is being
able to read an U article and think
"Hey! I can adapt that to my business."
Chris Turner
Help Him
I am writing regarding the article in the
March 2008 issue of LJ titled "Desktop
Must-Haves" by Dan Sawyer.
First off, I want to say that the article
was great and well written and quite
lucid. I have no problems with anything
that Mr Sawyer said in the article, and
agree with many of his choices for good
Linux desktop applications.
What I, personally, have had issues with
in moving from my Mac OS X platform
to Linux as a desktop is the Pro Audio
realm. I have yet to see any program that
replaces three or four of my "must have"
applications. I am learning that there
may be replacements out there, and if I
Elegant by Design.
Strong by Nature.
VersaLogic’s Cobra single board computer (SBC) brings an elegant
combination of size and functionality to embedded computing applications.
• EBX Form Factor
PC/104 -Plus expansion site
• 1.8 GHz Pentium® M or
1.3 GHz Celeron® M processing options
• Intel® Extreme Graphics 2 Video
• Analog and Digital I/O
• CompactFlash™ Socket
• RoHS-Compliant
• Extended Temperature versions availab
Contact us and discover how, for more than 30 years, we’ve been
perfecting the fine art of extra-ordinary support and on-time delivery:
One customer at a time.
1.800.824.3163
1.541.485.8575
www.versalogic.com/cob
www.linuxjournal.com may 2008 | 9
[LETTERS]
can find one that suits my needs, I
would replace my Mac with a nice
Core Duo Intel box, most likely running
Debian. The applications that I need to
replace are Logic Express or another
audio package like Adobe Audition 2
(Cool Edit) for multitrack recording and
MegaSeg (which is a DJ software,
www.megaseg.com). These are my
biggest hold outs. I haven't been too
keen on the iTunes replacement offer¬
ings, but admittedly have not looked at
any of the projects since 2006.
My profession is Web development,
and I do use *AMP. On Linux, I have
found that the Bluefish Editor is my
editor of choice and does most of
what I need for the Web. I am also
very open to using The GIMP or
Krita, as Mr Sawyer pointed out, but
the main reason I haven't switched
is the lack of third-party plugin
support for GIMP from the plugins
I use all the time, namely Alien
Skin Software. If they would write
Xenofex for GIMP, I would be using
it in a heartbeat. Yes, going from
Photoshop to GIMP is a bit of a
curve only because you have to
learn what the authors of GIMP call
your favorite tools. Once you are
past that, you should be able to do
everything in GIMP that you do in
Photoshop (in my opinion) except
for the aforementioned plugins,
which to date I have not figured out
how you could produce these effects
without them. Also, the Layer Styles
in Photoshop seem to be missing
from open-source counterparts.
It would be nice to sell my Mac and
go totally Linux (Debian for me), but
I remain unconvinced that everything
I do is covered, as of 2006 anyhow.
J. Mike Needham
Don't Slam Ada
Dave Taylor, in his March 2008
article "Understanding Shell Script
Shorthand", says that Ada makes it
easy for programmers to abbreviate
their code ("abbreviate their code to
make it shorter"! Well, yes, Dave, so
it would!) to the point of obfuscation.
I've never (in 25 years) met an Ada
programmer who thought it was
clever, funny or macho to write code
that's hard to understand. Indeed, the
designers of the language rejected
"neat" constructs that might make
code easier to write if it was felt that
they would make code harder to read.
Simon Wright
LINUX
JOURNAL
Fit Your Service
MAGAZINE
PRINT SUBSCRIPTIONS: Renewing your
subscription, changing your address, paying your
invoice, viewing your account details or other
subscription inquiries can instantly be done on-line,
www.linuxjournal.com/subs. Alternatively,
within the U.S. and Canada, you may call
us toll-free 1-888-66-LINUX (54689), or
internationally +1-713-589-3503. E-mail us at
subs@linuxjournal.com or reach us via postal mail,
Linux Journal, PO Box 980985, Houston, TX
77098-0985 USA. Please remember to include your
complete name and address when contacting us.
DIGITAL SUBSCRIPTIONS: Digital subscriptions
of Linux Journal are now available and delivered as
PDFs anywhere in the world for one low cost.
Visit www.linuxjournal.com/digital for more
information or use the contact information above
for any digital magazine customer service inquiries.
LETTERS TO THE EDITOR: We welcome
your letters and encourage you to submit them
to ljeditor@linuxjournal.com or mail them to
Linux Journal, 1752 NW Market Street, #200,
Seattle, WA 98107 USA. Letters may be edited
for space and clarity.
WRITING FOR US: We always are looking
for contributed articles, tutorials and real-
world stories for the magazine. An author's
guide, a list of topics and due dates can be
found on-line, www.linuxjournal.com/author,
ADVERTISING: Linux Journal is a great
resource for readers and advertisers alike.
Request a media kit, view our current
editorial calendar and advertising due
dates, or learn more about other advertising
and marketing opportunities by visiting us
on-line, www.linuxjournal.com/advertising.
Contact us directly for further information,
ads@linuxjournal.com or +1 713-344-1956 ext. 2.
ON-LINE
WEB SITE: Read exclusive on-line-only content on
Linux Journal's Web site, www.linuxjournal.com.
Also, select articles from the print magazine
are available on-line. Magazine subscribers,
digital or print, receive full access to issue
archives; please contact Customer Service for
further information, subs@linuxjournal.com.
FREE e-NEWSLETTERS: Each week, Linux
Journal editors will tell you what's hot in the world
of Linux. Receive late-breaking news, technical tips
and tricks, and links to in-depth stories featured
on www.linuxjournal.com. Subscribe for free
today, www.linuxjournal.com/enewsletters.
V
Photo of the Month
Have a photo you'd like to share with LJ readers? Send your submission
to publisher@linuxjournal.com. If we run it in the magazine, we'll send
you a free T-shirt.
Cory Wright of Natuba.com
10 | may 2008 www.linuxjournal.com
Improve
and Ava
Performa
liability
nee
ALTERNATIVE THINKING ABOUT DATABASE SOLUTIONS
Optimize business outcomes. Choose HP Software
Support services to help you improve the performance
and availability of all of your open source middleware.
You'll benefit with a single contract, a single invoice, a single phone
number, and single-source access to technical expertise. Plus, benefit from
the cost-savings and easier support of running MySQL database solutions
on HP industry-standard servers.
• Choose HP installation and startup services to free up staff, provide a
smooth implementation, and cut your time-to-results.
• Select from convenient HP Care Pack fixed-price service options: onsite
installation, configuration, and startup.
Technology for better business outcomes
Download the HP MySQL Sizing Guide:
» www.hp.com/go/MySQLsizingguide
1FR0NT
NEWS + FUN
WHAT'S NEW
IN KERNEL
DEVELOPMENT
Linux 0.01 is alive
| "U and well. Abdel
Benamrouche
recently ported the
original Linux code
from 1991 to GCC
version 4. This is the
sort of project people do because it's fun
and unusual—not because they expect
there to be any practical application for it
at all. Yet, as often as not, there is. When
Cong Wang heard about Abdel's work,
his first thought was how useful it might
be to university Computer Science depart¬
ments teaching operating systems. With
that thought, he immediately sent Abdel's
work to Cong's own CS department.
Where they go with it is anyone's guess.
The original Linux 0.01 required GCC
1.40 or thereabouts, according to a linux-
kernel post by Linus Torvalds in August
2001, when Tristan Sloughter tried to
get 0.01 running on his 386. A little later,
in September 2001, Mikulas Patocka
actually fixed a bug in the disk request
sorting code of Linux 0.01. At the time,
Linus offered Mikulas maintainership of
the 0.01.xx kernel series, but Mikulas
turned it down. Maybe Abdel will
decide to take up the banner and
maintain 0.01 himself.
The kernel sources include a variety
of shell scripts that each try to rely only
on the default /bin/sh UNIX shell.
Andreas Mohr recently discovered that
one of these scripts actually relied on the
bash shell, though it claimed to work
on whatever the user used by default—
that is, on /bin/sh. He ran into this prob¬
lem when he tried to use the script on
a system that used the bash shell by
default. So, after doing some cleanup,
he submitted a shell to remove all the
bashisms from the script. It was not
easy—there were a number of obscure
bash features represented in the code.
But, after some testing, comments from
other kernel folks and revised patches,
it did seem as though he'd managed
to eliminate all the bashisms from the
script. Adrian Bunk's suggestion that it
might be quicker simply to make the
script rely on bash explicitly was ignored
in favor of the much more fun project of
delving into shell arcana.
Apparently, too many people have
started using the new ext4 filesystem.
This code is not yet ready for widespread
consumption, but it's been in the main
kernel source tree for a while already to
encourage experimentation. And, folks
have been experimenting! Unfortunately,
not everyone who's been using it has been
aware that it was not fully ready. Adrian
Bunk recently reported seeing users trying
it out without considering the conse¬
quences, just because it was there in the
kernel already. To deal with this, he pro¬
posed a patch, making ext4 dependent
on the BROKEN configuration option. To
compile the filesystem, users would have
to edit the config files by hand to remove
that dependency.
There have been various objections to
this, including from folks like Alan Cox,
who accused Adrian of meddling too
deeply in kernel configuration culture.
There is a lot of resistance to making ext4
harder to use, precisely because the ext4
developers very strongly want lots of peo¬
ple to test it. And, as they tend to be ker¬
nel "insiders" like Alan, they can get an
experimental filesystem into the main
kernel tree while other filesystems, who
also want lots of testers, have to wait
outside the tree and undergo a lot of
additional scrutiny before being included.
This is not to begrudge ext4 its place
of privilege. The ext4 developers are
insiders because they've earned it, and
they have a deep understanding of how
kernel development should be done.
Linus tends to trust their judgment, not
because they are insiders, but because
they have earned that trust. But, the fact
remains that ext4 is in the main kernel
tree, and it is not yet ready for regular
use. Folks interested in it certainly should
test it out if they want to, but with
caution (and backups).
Michal Simek may become the
official maintainer of the Microblaze
kernel port, included in the main
kernel source along with the other
architectures. He coded up the
Microblaze support himself, but he
was not very familiar with what
would be involved in being a main¬
tainer and what sort of support he
could expect from the kernel.org
people (such as git repository hosting
and so forth). A lot of folks had a lot
of advice, and the whole discussion
served to summarize current best
practices regarding patch submissions
and review, and the best way to host
a full kernel tree (it turns out that
hosting on kernel.org itself has the
advantage of sharing git objects with
Linus' tree, and this would make for
a much smaller repository on disk). It
seems likely that Michal will become
the official maintainer. There certainly
has been enough enthusiasm for him
to do so.
A bunch of people have been trans¬
lating kernel documentation into
Chinese, under guidance from Greg
Kroah-Hartman, who seems to be
leading the effort. Recently, several
translations were integrated into the
kernel, including some by Li Yang,
Zhang Le and Bryan Wu, among oth¬
ers. This push toward greater accessibili¬
ty has been ongoing for years, but it
appears to be picking up speed at the
moment. These translations are dramat¬
ically increasing the available kernel
developers who can participate in Linux
development, and they pave the way
for a deeper integration with the means
of development.
— ZACK BROWN
USER FRJENOLY by J.D. HI Mad" FUUf
UNHKMtlMllfTlIN
REALLY?
HOW COME?
DO YOU MEAN A6fDE
FROM THE FACT THAT IT
50UMI>$ LIKE I'M TALKWG
TO A GROWN-UP IN A
CHARLIE &ROWW FEATURE?
WAHWAH
WAHWAHWAH
WAHWAH
12 | may 2008 www.linuxjournal.com
LJ Index,
May 2008
1. Billions of transistors exceeded by Intel's
newTukwila chip: 2
2. Years ago that Intel released a chip with
more than 1 million transistors: 2
3. Years ago that Intel released a chip around
a half-million transistors: 4
4. Years since Gordon Moore thought up his
eponymous law: 33
5. Width in nanometers (nm) of Tukwila's
circuitry: 65
6. Maximum read/transfer speed in MB/sec of
Intel and Micron's new NAND memory
technology: 200
7. Maximum write/transfer speed in MB/sec of
Intel and Micron's new NAND memory
technology: 100
8. Transfer ceiling of the USB 3.0 spec, in
GB/sec: 4.8
9. Position of Russia among all countries
searching for "linux" on Google: 1
10. Position of India among all countries
searching for "linux" on Google: 2
11. Number of Asian countries in the top ten
searching for "linux" on Google: 3
12. Number of European countries in the top
ten searching for "linux" on Google: 7
13. Number of North American countries in the
top ten searching for "linux" on Google: 0
14. Position of Russian among all languages
searching for "linux" on Google: 1
15. Position of English among all languages
searching for "linux" on Google: 9
16. Position of Ubuntu among all searches for
Linux distros at trends.google.com: 1
17. Position of "Make Ubuntu laptops cheaper
than Windows laptops (in all countries)"
among popular ideas at Dell's IdeaStorm
site: 1
18. Number of entries in Dell IdeaStorm's most
popular ideas: 20
19. Number of popular IdeaStorm requests
having to do with Linux, a distro or open
source: 12
20. Number of device models counted running
Linux in Intel's Mobility booth at CES 2008: 5
Sources:
1-5: ZDNet
6-8:Intel
9-15: www.google.com/trends
16-19: ideastorm.com
20: /photos/linuxjournalat Flickr (models
were Clarion, Aigo, Lenovo, Samsung and
Digifriends)
[UPFRONT]
Apache's Share Goes
Back above 50%
For more than a decade—from
October 1995 to November
2005—Apache's growth in Web
server market share went mostly
up. In November 2005, the free
and open Web server peaked at
70.98% among Top Developers
on the Netcraft.com survey for
that month.
Since then, the share most¬
ly has gone down. In October
2007, Apache's share declined
by 2.8% from the previous
month, dropping to 47.73%,
while Microsoft IIS gained
2.08% to hold at 37.13%.
That was Apache's lowest
share advantage since IIS
appeared in 1996.
But since then, the
trend has reversed
again. The latest
(February 2008)
survey from Netcraft,
with January 2008
numbers, had Apache
at 50.61% on a 1.04%
share increase.
Apache isn't only competing
with IIS, of course. Google
appeared on Netcraft's survey in
2007 and had a 5.33% share
in January 2008.
And, the market isn't a
pie. Its size overall con¬
stantly grows. The total
number of servers,
Apaches included, has
been sloping upward nearly
every month since 1995.
One exception is the cur¬
rent (January 2008) report,
where Netcraft notes
"much slower growth".
One new open-source
server to watch is nginx, or
engine x. It's an open-
source server developed in
Russia. In the Google Online
Security Blog in June 2007,
nginx had a 4% share (to
Apache's 66% and IIS's 23%).
The nginx site currently says
about 20% of Russian virtual
hosts run on its server. On
Netcraft, it cruised past 0.5%
in January 2008.
— DOC SEARLS
LinuxJournal.com
We've had a pretty good couple of
months over at LinuxJournal.com.
James Gray has interviewed inter¬
esting folks from organizations
such as Lesswatts.org, OSGeo and
Mandriva. We appreciate these rep¬
resentatives taking the time to talk
with us and share their insights.
Our videos have been quite
fun lately, thanks to Shawn
Powers. In addition to his usual
"gadget" reviews, he has broad¬
ened his focus to include reviews
such as the open-source game,
Battle for Wes noth. He gave us
a quick look at the game and
tossed in some bonus footage
of himself getting clobbered on
screen, so it's definitely worth
checking out. If you missed his
review of the X-Arcade, that is
also worth a look. It will take you
back to all those hours spent in
arcades in the 1980s. You were
there, weren't you? I was! All
of our videos can be found at
www.linuxjournal.com/video.
As United States politics heat
up, we invite you to take a break
from the mainstream and join us in
supporting an alternative approach
this year over at tuxparty.com.
There, our favorite mascot will
throw out some issues that may not
be addressed in conventional poli¬
tics. We support Tux for president,
and hope you will too.
— KATHERINE DRUCKMAN
www.linuxjournal.com may 2008 | 13
[UPFRONT]
He Said It
Instead of the usual They Said It, this month we decided to compile quotations from Linus Torvalds alone,
because they show a kind of historic turn as we head into an increasingly mobile Linux-based world.
»To the Linux-Kernel Mailing
List (LKML), May 25, 2007:
It's Friday evening, and the US is
preparing for a long three-day
weekend, often considered the
official start of summer here.
So what's a pasty white nerd to
do? You can't go out on the
beach, because the good-look¬
ing people will laugh at you and
kick sand in your face.
I'm not bitter.
But now you can do something:
you can download the latest
-rc kernel, and smile smugly to
yourself, knowing that you are
running the latest and greatest
on your machine. And suddenly
it doesn't even matter that sum¬
mer is coming, because you can
just sit in the basement, and close
the blinds, and bask in the warm
light from your LCD, rather than
the harsh glare of the daystar.
The geeks with embedded hard¬
ware can consider themselves
doubly special (and not just
because your mothers told you
you are), because we've got
updates to ARM, SH and Blackfin.
What more could you possibly
want?
Source: lkml.org/lkml/2007/5/25/439
»To various IDG publications
in Australia in January 2008:
Technology doesn't worry me.
Stupid external issues, especially
patents and stuff like that—those
are the ones that worry technical
people. Probably because they
feel they can't (including me) do
a lot about them. When you
don't feel you're in control, you
start worrying.
Source: www.zdnet.com.au/news/software/soa/
Torvalds-worries-about-patents-and-slow-storage/
0,130061733,339285687,00.htm.
The embedded people actually
solved a lot of the power prob¬
lems, but they tended to solve it
for their particular platform....You
had ten solutions for ten different
uses, then none were interchange¬
able because they were very spe¬
cialized....Now...we have a good
over-arching model that works
hopefully for everybody....We're
just now at the stage where we
can solve them for everybody.
Source: www.zdnet.com.au/news/software/soa/
Linux-is-ready-to-go-green-Linus-Torvalds/
0,130061733,339285555,00. htm.
I don't even have a mobile
phone! I hate phones in general,
because I'm the kind of person
that when I work I want to
concentrate on my work, and if
somebody calls me that com¬
pletely destroys my concentra¬
tion. I hate phones because they
just disturb you, and mobile
phones are even worse because
you have them with you all the
time, so I don't do mobile
phones at all. I have one of the
early Linux mobile phones in my
workroom because I got it for
free, but it's not turned on.
Source: www.computerworld.com.au/index.php/
id;444282619.
»To the Sydney Morning
Herald at the same event:
An OS should never have been
something that people (in
general) really care about: it
should be completely invisible
and nobody should give a
flying f*** about it except the
technical people.
It's stupid—when you make a
big deal about something like
Vista or Leopard, a lot of it is
about things I don't consider to
be the operating system. It's
about the visual shell around it.
The fact that Microsoft tied the
two together so much actually
caused them problems, not just
the legal problems. If you man¬
age a thousand clients, or a
hundred thousand clients, which
is not at all unheard of, you sure
as hell don't want to point and
click at them. In many ways,
Microsoft has had to fix the
design mistakes they made
when they thought the graphi¬
cal approach should be a very
intimate part of (Windows).
To Microsoft and Apple, the
OS is important as a way to
control the whole environ¬
ment, from a marketing and
money-making standpoint, to
force people to upgrade their
applications and hardware.
I don't think they're equally
flawed. I think Leopard is a
much better system. On the
other hand, (I've found) OS X in
some ways is actually worse
than Windows to program for.
That filesystem is complete and
utter crap, which is scary. I think
OS X is nicer than Windows in
many ways, but neither can hold
a candle to my own (Linux). It's
a race to second place!
Source: www.smh.com.au/news/technology/
q-and-a-with-linus-torvalds/2008/02/05/
1202090403120. html?page=2.
— DOC SEARLS
14 | may 2008 www.linuxjournal.com
[UPFRONT]
OpenID's Open-Source SSO Gains Momentum
The decision by the Identity Gang (now
formalized as Identity Commons) to get
behind OpenID was an easy one: it was
simple single sign-on 7 or SSO, and
already in use at LiveJournal, the popu¬
lar blogging system created by Brad
Fitzpatrick, famous as well for
memcached and other fine
hacks. Brad also made OpenID
open source, making it easy
for developers to work with
and contribute to it.
One remarkable fact about
that Gang meeting (the first Internet
Identity Workshop, in 2005) was that
leading figures working on other identi¬
ty systems—people from Microsoft,
Sxip, Cordance (i-names) and Higgins—
all jumped in to find ways of working
with OpenID.
Since then, there have been many
workshops, many meetings, much
hacking and an acceleration of
I acceptance toward critical mass.
You know that's been
I*
achieved when Google, IBM,
Microsoft, VeriSign and Yahoo join an
organization's board all at once. That
happened for the OpenID Foundation
in February 2008.
OpenID
When I asked David Recordon,
Vice Chair of the foundation board
and OpenID's highest-profile advocate
for his take on things, he said, "In
2007 OpenID saw incredible momen¬
tum as it grew from a grass-roots
technology to a common tool in a
developer's arsenal. Already
in 2008, it has grown to
include support by Google
in Blogger and Yahoo by
enabling hundreds of millions
of their accounts as OpenIDs."
To find out more, or to get your
own OpenID, visit openid.net. See
also Reuven M. Lerner's column in this
issue on page 18.
— DOC SEARLS
Spreadsheeting for Kids and Geeks
The XO is a laptop for children. A prod¬
uct of the noncommercial OLPC (One
Laptop Per Child) Project, and run by
veterans of MIT's Media Lab, its brain-
parent is Nicholas Negroponte, who
says, "It's an education project, not a
laptop project", and its goal is "to
provide children around the world with
new opportunities to explore, experi¬
ment and express themselves".
But, I've yet to see an XO in the
hands of a child. Nearly all the OLPCs
I've seen have belonged to geeks, or
have been in use by them. As an exam¬
ple of the latter, see the shot taken at
the latest Apachecon.
As it's turning out, XO isn't just a
fun toy for geeks and kids, but a target
for development as well—for example,
the Sweet SocialCalc Project. Writes
Dan Brickin:
I purchased an OLPC XO com¬
puter during the Give One Get
One campaign, which arrived
around New Year's. I love my XO
and see its great potential.
When I tried my new code on it,
the code actually ran quite well.
...when we are done I hope we
will have native OLPC code
driving this (written in Python),
so the JavaScript integrates with
the OLPC user interface environ¬
ment (which is called Sugar,
hence the word sweet)....
Feedback is welcome, as are
volunteers to help us make
this project a reality.
In the future, we will also be
integrating this code into more
traditional platforms for more
traditional wiki-like collaboration.
Before that, though, I need to
complete the implementation of
these libraries, adding more
commands, functions, etc.
Dan, by the way, is the other half of
the pair that created VisiCalc, the first
electronic spreadsheet. The other half
was Bob Frankston, subject of a feature
article this month (see page 42).
For more, visit the Software Garden
OLPC page: www.peapodcast.com/
sgi/olpc.
— DOC SEARLS
www.linuxjournal.com may 2008 | 15
[UPFRONT]
What They're Using
Michael Anti and His Eee PC
Michael Anti is an engineer and journalist
whose work has appeared in the New
York Times, Huaxia Times, 21st Century
World Herald, Washington Post, Southern
Metropolis Daily and Far and Wide
Journal. He has been a researcher, a
columnist, a reporter, a war correspondent
in Baghdad (in 2003) and more—and
achieved notoriety in 2005 when
Microsoft deleted his blog. Today, he is
best known for his landmark work on
press freedom in China—efforts that have
earned him a Wolfson press fellowship at
Cambridge University and Nieman
Fellowship at Harvard University.
It was at a Harvard meeting where I
noticed that Michael was using an ASUS
Eee PC, with exceptional ease and enthu¬
siasm. Turns out, it's one he bought from
Amazon. It came new with Knoppix, but
then he "cracked" it to do more than
ASUS expects of ordinary users (for exam¬
ple, expanding windows to a full screen).
I was impressed by how rapidly he typed
on the keyboard. Later I found that he
was actually typing in Chinese. I hadn't
realized, until he explained it, that it's
actually possible to type Chinese at the
speed of speech on a qwerty keyboard.
"I type in Chinese about five times faster
than I write", he says. The word Harvard,
for example, is four keystrokes rather
than seven. So, if you know Chinese,
you can use it as a kind of shorthand—
impressive. (As you see from the photo,
he was using Smart Pinyin.)
In sum, Michael said he has found
the Eee PC ideal for three things: 1)
hacking, 2) doing journalistic work and
3) watching TV. (In fact, he believes it is
"the future of the TV".)
Ethan Zuckerman, who was at the
same meeting, added, "I've seen these
all over the place. I ran into (some)
Asian businessmen in Amsterdam last
week. And they were all carrying them.
It's caught on really, really fast."
His one caution is adaptation. It
took him a week to get used to the
smaller-size keyboard. Plus, he adds,
"You should have some five minutes to
get used to it" when you're coming
from a normal-size keyboard. Seems like
time he's willing to invest.
— DOC SEARLS
Mike Anti and His Eee PC
16 | may 2008 www.linuxjournal.com
Continuous Data Protection
The Future of Data Centers
Can your backup
software do this?
RISoft
CDP Server
Acronis®
True Image
EMC
Retrospect ®
Daily Backups
1/
1/
Hourly Backups
Not Supported
Not Supported
Open File Backups
Not Supported
Bare-Metal Restore
Not Supported
Continuous Data Protection
Not Supported
Not Supported
Restore Linux LVM
Not Supported
Not Supported
Restore Linux Software RAID
Not Supported
Not Supported
Easy To Use Web Interface
Not Supported
Not Supported
Manage Thousands of Servers
Not Supported
Not Supported
Control Panel Integration
Not Supported
Not Supported
$99/server*
$699/server
You Can't Afford It
(NEW) - CDP for MySQL add-on Now available | True-Granular Restore™ | Store over 50 recovery points per-day
Bare-Metal Restore for MySQL Servers | Restore tables or databases to original or alternate locations and more..
Data Centers serious ab out uptime and performance use RISoft.
For more information visit
www.r1soft.com or call us at 800-956-6198
tPrice includes $600 Data Protection Server cost. Assumes minimum ratio of 25 protected servers per Data Protection Server
Copyright 2007 Righteous Software Inc All Rights Reserved.
R1 Soft is a trademark of Righteous Software Inc. Other names may be trademarks of their respective owners.
COLUMNS
AT THE FORGE
REUVEN M. LERNER
OpenID
An introduction to OpenID. an open-source, distributed, single
sign-on solution for Internet applications.
Thank goodness for Firefox. Yes, it's a great
browser. Yes, it has all sorts of wonderful plugins
that let me do everything from debugging my
Web applications to checking the weather forecast.
And, the fact that it works across multiple platforms
makes it even better.
But, as Web-based applications become an
increasingly integral part of my life, I've grown
dependent on Firefox's ability to remember my pass¬
words. It might be silly, or even a bit pathetic, but
there is no way I can remember all the different
passwords I've created over the years. This is espe¬
cially true for sites where I've changed my password
on occasion, either because my current password
expired or because I decided to change it.
This also means that when I use a different
browser, or even a different computer, I'm often
at a total loss. Sure, I remember some of my pass¬
words, but there is no easy way for me to keep
track of all of them without writing them down
somewhere. So, I do the digital equivalent—storing
them in my browser—and make sure I have my
laptop with me wherever I go.
Juggling multiple passwords isn't new, of course.
Even before the growth of Web applications, people
were logging in to different computers, networks,
e-mail accounts, database systems and so on. A
number of companies made quite a bit of money
from "single sign-on", offering back-end solutions
that allowed people to log in to a single computer,
providing them with access to many different ones.
But, although the problem might not be new, its
scale is unprecedented. We no longer are worried
about several hundreds or thousands of individuals
keeping track of a dozen passwords, with access to
an IT support department. Rather, we now have to
worry about many millions of people, each of
whom has dozens of passwords and little or no
technical support for any of them.
Moreover, each Web site has its own particu¬
lar needs, not to mention its own unique user
interface. And, to top it off, the world is quite
different from a corporation; you can't impose a
standard solution from above. Rather, there must
be a way to introduce competition into the
equation, such that individuals can choose their
own single sign-on provider.
Over the years, a number of companies have
tried to enter this space for Internet applications.
Perhaps the most famous (or infamous) was
Microsoft's .NET Passport (now known as Windows
Live ID), which was launched with great fanfare—
and quickly attracted a great deal of negative atten¬
tion related to privacy concerns. Even if Microsoft's
product was technically excellent (and I'm not
knowledgeable enough to judge it), people did
not want to be told with whom they must entrust
private and sensitive data.
An increasingly popular solution to this problem
is OpenID. OpenID is not necessarily a new technol¬
ogy; it has existed in some form or another for sev¬
eral years already. Flowever, it rapidly is picking up
steam—so much that right before I wrote these
words in February 2008, we saw Microsoft, Google,
IBM, VeriSign and Yahoo embrace OpenID.
Now, it's true that the number of sites support¬
ing OpenID is currently small—numbering about
8,000 at the time of this writing. However, the
number is growing rapidly, and I expect the pace
will pick up as the aforementioned Internet giants
begin to get involved.
What if you're smaller than Google or Microsoft?
Is OpenID worth adding to your site? Is it relatively
easy? The answer to both questions, I'm happy to
say, is yes.
This month, I discuss the user side of OpenID—
how you register for an OpenID and how you man¬
age it. I also explain how the OpenID specification
takes into account the fact that you might eventually
need to change providers.
The Basics of OpenID
The term OpenID refers both to a person's unique
identifier and to the standard describing all the
technology around that identifier. To create an
OpenID, you must register with an OpenID
provider. Once you have registered your OpenID,
it is the provider that authenticates you for every
OpenID-enabled application you use. In other
words, the OpenID provider is responsible for
checking your identity, which normally means
confirming that the user name and password you
enter are acceptable.
Thus, logging in to a site with OpenID means
the following happens:
■ You tell the Web application you want to log in
with the OpenID protocol.
18 | may 2008 www.linuxjournal.com
■ You enter your OpenID (more detail on this shortly)
into the application's login screen.
■ The application sends you to the login screen for
your OpenID provider.
■ If the provider accepts your credentials (normally,
your user name and password), it asks you to
confirm that your identity may be exported to
the Web application, and if it may do so in the
future as well. Obviously, if you indicate you
are willing to share your identity with this Web
application in the future, you will skip this step
in the future.
■ Once allowed to export your identity to the Web
application, you are returned to the original
application you wanted to use, logged in and
ready to use it.
Notice there are a few important differences
here between OpenID and a "standard" login sys¬
tem. First, users authenticate against a different site
from the one they are trying to use. This is similar to
making a purchase via Google Checkout or PayPal,
both of which require that users authenticate them¬
selves and authorize the purchase amount on their
own sites, rather than on the site belonging to the
on-line store.
Some critics of OpenID say that users may be
surprised or confused by the switch from one site to
another, but I think Google Checkout and PayPal
have demonstrated that a reasonable number of
people are not put off by switching back and forth.
Moreover, I have read that Firefox 3 will include
some integrated OpenID support, which might
remove some of the need to switch sites—or at
least make it appear more integrated. Flowever, I've
been using the beta of Firefox 3 for several months
and have yet to experience such integration.
And, although I use the term Web application,
there is no requirement that OpenID be used only
for Web-based applications. I expect that as OpenID
takes hold, a large number of Internet-based appli¬
cations, obviously including those that run on the
Web, will use OpenID. Flowever, there's no reason
COLUMNS
AT THE FORGE
why non-Web applications and services couldn't use
OpenID as well. I even can imagine a day when you
might use OpenID to enter your house or confirm
your identity to your burglar-alarm company. In the
world of OpenID, end-user applications are known
as consumers, just as the OpenID authentication
systems are known as providers.
Most OpenID providers authenticate users with a
user name and password. Over time, we can expect
them to go in other directions as well—for example,
using biometric authentication systems. And, although
OpenID providers currently offer their services for
free, it's not hard to imagine a time in which some
companies will charge for OpenID services, while
others will support themselves via advertising.
Because users can switch OpenID providers at any
time, and because users have a choice as to which
one they will use, we can expect both competition
and ingenuity to be the rule.
One company, Vidoop, has a particularly inter¬
esting authentication mechanism, in which users
select a pattern of images as their "password".
Each time a user wants to authenticate, a set
of images—including those that the user has
I even can imagine a day when you might
use OpenID to enter your house or confirm
your identity to your burglar-alarm company.
selected—appears on a 3x3 grid, with each image
in a randomly selected location and a random letter
placed next to it. This effectively creates a one-time
password, which users enter by typing the letters
associated with the ordered set of images they
originally chose.
Finally, I should note that you can create and
use as many OpenIDs as you like, just as you would
normally create as many user names as you like on
a Web site. Some people do this to separate their
work ID from their personal ID, or just because they
prefer not to put all of their eggs in one authentica¬
tion basket. Regardless, OpenID allows you to do
this—although it is ironic that a single sign-on solu¬
tion would spur people to create multiple identities.
Creating and Using an OpenID
With all the background information out of the
way, let's create and use an OpenID. An OpenID
is nothing more than a URL, typically written as
http://USERNAME.PROVIDER.com. For example, my
OpenID is http://reuvenmlerner.myopenid.com.
Notice that I can share this URL publicly; there is
no reason for me to keep it secret. MyOpenlD.com
is just one of several OpenID providers. Indeed,
many people already have an OpenID, even if they
don't realize it. For example, if you have a blog at
LiveJournal, that URL can be used as your OpenID.
To sign up for an OpenID, simply go to the
home page of your provider. For example, go to
the MyOpenlD.com home page and click on
"sign up for an OpenID". That takes you to
https://www.myopenid.com/signup, which
asks you to enter a user name (it must be unique)
and a password. You also can provide an e-mail
address, which is optional, but doing so allows
you to recover your password if you ever forget it.
Finally, MyOpenlD.com uses a captcha to ensure
that a person, rather than a program, is signing
up for the account.
Once you have signed up for an OpenID, you
can use it to log in to a Web site that supports it.
Typically, logging in to a Web site requires that you
enter both a user name and password. But, if you
use OpenID, you enter in neither of these to the
Web application's login screen. Instead, you enter
only the URL of your OpenID, including the http
prefix that we so often ignore nowadays.
For example, I can go to www.wikihow.com, a
site that lets anyone create a how-to manual. I click on
"create an account or log in" at the top of the page,
which brings me to a login screen. The resulting screen
tells me I can log in using OpenID, if I want, by going
to www.wikihow.eom/Special:OpenlDLogin
(In other words, wikiHow has two separate
login pages: one for regular users with a user
name/password combination and another for
OpenID users, who enter only their OpenID URL.)
Finally, I enter http://reuvenmlerner.myopenid.com
into the text field.
Because I had logged in to OpenID earlier, I was¬
n't asked to provide my password. However, this is
the first time I've tried to log in to wikiHow with
OpenID. Thus, MyOpenlD.com must verify that I am
willing to share information with wikiHow. I click on
the allow forever button, which means whenever I'm
logged in to MyOpenlD.com, it should share infor¬
mation with wikiHow. After clicking this button, I am
redirected back to www.wikihow.com, where I
am logged in and identified by my first name.
Switching Providers
This system works quite well in my experience, and
you quickly become used to the back and forth
authentication process. However, major problems
remain. What happens if MyOpenlD.com goes out
of business? What if its database is compromised?
What if it turns out to be highly unethical and is
using people's IDs? What if I find a provider whose
Web site is more attractive to me?
I always can switch to a different provider, of
course. But, that effectively means having a new
and different user name on a site. On a social-
20 | may 2008 www.linuxjournal.com
networking site, this obviously would be disastrous,
as I would need to reconnect from my new account
to each of the people in my old account.
The solution to this is quite clever. Instead of giv¬
ing people the OpenID I mentioned above, I instead
give them an OpenID on a Web site that I control,
whose URL is unlikely ever to change. For example,
I can give an OpenID of http://reuven.lerner.co.il.
I know that the lerner.co.il domain will remain
mine forever. Thus, I can be reasonably sure that
this URL also will be in my possession for a long
time. Moreover, I control the contents of the home
page. That page may contain any HTML content I
want. But, it also should contain the following two
tags in the
section:
<1ink rel-'openid.server" href-'http://www.myopenid.com/server" />
clink rel="openid.delegate" href="http://reuvenmlerner.myopenid.com/" />
We already saw how I can log in to wikiHow
by giving my OpenID at MyOpenlD.com. But,
with the above lines in place, I also can log in to
wikiHow by entering http://reuven.lerner.co.il.
This tells wikiHow to retrieve the home page from
my personal Web site. It uses the first tag to
know which server to use and the second tag
to know which user name and ID to authenticate.
Everything then continues as usual. I authenticate
myself as necessary against MyOpenlD.com, which
then redirects me back to wikiHow.
The beauty of this redirection system is that if
I decide against using MyOpenID for any reason
in the future, I simply change the <1 ink> tags
in index.html. wikiHow and all other sites will
follow whatever reuven.lerner.co.il points to,
whether it's MyOpenlD.com, Vidoop.com or
something else. In this way, I ensure that my
OpenID always is associated with the provider
who offers me the best combination of security
and usability for my purposes.
Unfortunately, things don't always go smoothly.
For example, when I registered with wikiHow, it
got my nickname (Reuven) from MyOpenlD.com.
When I try to log in with my new, redirected
OpenID, wikiHow thinks it's dealing with a new
user—one whose requested nickname clashes
with that of an existing user. So, the key is to set
up and use the redirecting URL early on, and not
switch to it after you already have used OpenID
for some time.
There are other problems as well. For example, I
currently juggle two different sets of identities on¬
line, as some companies want to deal only with US
citizens living in the United States. And, although
I'm currently back home in Modi'in, Israel, I contin¬
ue to have a US phone number (through Skype), a
mailing address (at my parents' house), and a US
bank account and credit card. So, I need two sepa¬
rate identities: one with my Israeli information and
another with my US information.
Fortunately, OpenID 2.0 supports both the
export of information to the consumer application
and also the use of multiple personas. Each persona
can have a separate name, nickname, image and
location, and I can choose which persona is associ¬
ated with each consumer, under the umbrella of the
same OpenID.
Conclusion
OpenID is an increasingly important standard that
seems poised to have a central role in future Web
and Internet-connected applications. Using OpenID
is not terribly complicated for end users, and it
supposedly is going to be integrated into Firefox
in the near future.
Next month, we will look at OpenID from the
perspective of a Web site that requires users to
register. How can you, as a Web developer, support
OpenID on your site? We will see that with a bit of
work, and some support from open-source libraries,
we can support OpenID in our Web applications. ■
Reuven M. Lerner, a longtime Web/database developer and consultant, is a PhD
candidate in learning sciences at Northwestern University, studying on-line
learning communities. He recently returned (with his wife and three children) to
their home in Modi’in. Israel, after four years in the Chicago area.
Resources
The main site for OpenID information is
openid.net. That site has documentation,
mailing lists, links to software and lists of
OpenID providers and consumers.
A screencast that demonstrates many of the
same ideas from this column is available at
simonwillison.net/2006/openid-screencast.
A discussion of the pros and cons of OpenID
is at radar.oreilly.com/archives/2007/02/
pros_and_cons_o.html.
Finally, a list of sites using OpenID, as well as
providers you can use, is at openiddirectory.com.
LJ pays $100 for tech tips we publish. Send your tip and
contact information to techtips@linuxjournal.com.
www.linuxjournal.com may 2008 | 21
COLUMNS
COOKING WITH LINUX
Jumbled Words
If the medium is the message, what happens if your understanding
of the message rates only a medium?
MARCEL GAGNE
What on earth are you doing, Frangois? Our
guests will be here any moment. What are all
these yellow sticky notes doing everywhere? Quoi?
You're preparing for the telephony-themed issue?
Although I admire your desire to help, I confess that
this time, I really have no idea what you are doing.
The telephone game? Of course I know what the
telephone game is. You tell one person a phrase, he
or she whispers it to another, who tells yet another,
until you run out of players. The last player repeats
what he or she thinks the message is, and it invari¬
ably turns out to be something totally different from
what was originally selected. I still don't see what all
these notes are for.
Ah, I see. They are anagrams, mostly of your
first and last name, it would appear. You've got it all
mixed up, mon ami. Anagrams, or word scrambles,
have nothing to do with the telephone game other
than that the message gets scrambled in some way.
How many of these notes have you got scattered
around the restaurant anyway? Never mind. I don't
want to know. Our guests are approaching as we
speak. We'll discuss this later.
Welcome, everyone, to Chez Marcell Please take
your seats and make yourselves comfortable. You
may want to forgive the yellow notes all over the
walls. My faithful waiter has gone anagram-crazy,
and what you see is the result. Frangois, if you
would be so kind, please head down to the wine
cellar. Over in the west wing, there are a few cases
of 2002 Bolgheri Rosso Piastraia from Tuscany.
Please, fetch some for our guests.
While we await Frangois' return with the wine,
let me show you a great little program for generat¬
ing anagrams. Written by Richard Jones (now main¬
tained by Paul Martin), an is a command-line pro¬
gram designed to generate anagrams. The program
is extremely easy to use, but let me offer a quick
word of caution. You'll want to use one or more of
an's command-line options as it is extremely liberal
with the anagrams it returns, and you'll quickly
drown in results. My own name, Marcel Gagne,
generates 837,989 results if I type an "Marcel
Gagne". Notice that when using two words, I put
them in quotation marks. If you use the -w option,
an generates a list of unique words instead of myriad
phrases. Using my name as the example, I get 318
words. Compare that to a return of cam an ger g 1 e
followed by cam an erg g 1 e and so on.
Increasingly interesting results turn up if you
specify words of a particular length. For instance,
if you have ten letters to work with, and you'd like
to see words of six letters or more, use the -m 6
option, which stands for minimum word length of
six. If you know that the word mossy can be gener¬
ated by the words you are using and you want to
see all the combinations of "lost mysteries" that
include mossy and contain a minimum of four let¬
ters per word, you might try typing the following:
an -m 4 -c mossy "lost mysteries"
A similar program is Evans A Criswell's Wordplay.
Wordplay is also a command-line program for gen¬
erating anagrams. Unlike an, Wordplay generates
less words by default, but it also is more likely to
generate meaningful results. There are command¬
line options to limit the number of words or charac¬
ters each word can have and so on. Simply type
wordplay at the command line for a list of options.
You can waste an amazing amount of time
using these simple command-line anagram-genera¬
tors and discover some fascinating things. For
instance, did you know that "red pestilence iota nil"
is an anagram for "presidential election"? That's
just silly, of course. After all, "lulu jar nixon" is an
anagram for "Linux Journal". Then again, so is
"lunar join lux". Frangois! Thank goodness you have
returned. Please, pour a rather large glass for each
of our guests.
So, what's the point of all this? Well, anagrams
can be a great mental exercise, one that is a lot
of fun. To that end, there are a number of great
games based on anagrams and word scrambles.
One of these is Joshua Keel's Kanagram (Figure 1).
Kanagram is not only a great game, it's also a great
place to start our exploration of word scramble
games. You shouldn't have any trouble getting your
hands on this one, as it is very likely in your distribu¬
tion's software repository. Kanagram presents you
with a scrambled word and asks you to decipher
the word. There's no ticking clock on this one, and
you don't get dinged for getting the word wrong.
To make the choice of words interesting, the game
comes with a number of vocabularies. These are
word categories, such as Computers, Inventions,
Sports, Professions and so on. There also are generic
vocabularies based on whether the words are easy,
22 | may 2008 www.linuxjournal.com
Figure 1. Kanagram turns anagram generation into a
stylish game.
medium or hard.
On the left-hand side of Kanagram 's window,
there's a large blackboard with the scrambled letters
in the center. On the top right of the blackboard,
the category is highlighted. You always can switch
Figure 2. If you’re not ready to give up, but you need a hint,
Kanagram understands.
to another category with a click of the mouse. If
you know the word, type it in the white input box
below the blackboard. At any time, you can ask for
a little help by clicking the word hint on the bottom
left of the blackboard (Figure 2).
Expert included.
Rob is one of the Silicon Mechanics experts who make the interactive online tools at
www.siliconmechanics.com a workable reality.
If you use our interactive configuration tools to create the specifications for cost-effective
compute nodes—the 1 Us pictured here—he's an important part of making sure your order
is filled in a timely fashion. If you rely on the dynamic power calculator to optimize the
energy efficiency of your new head node—the 2U pictured here— he's part of the team
we rely on to deliver it to your specification. If you use the industry's first online cluster
configuration tool for aggregating a rack of servers and individually configuring the
components—like the one Rob is on top of—well, Rob really is on top of it. Rob is not
an engineer, or a quality control professional, or a production manager. He's in charge
of purchasing here at Silicon Mechanics, and he's the expert committed to stocking the
high-quality, energy-efficient, state-of-the-art components your IT infrastructure requires.
When you partner with Silicon Mechanics, you get more than cutting-edge
AMD Quad-Core Opteron™ processors—you get an expert like Rob.
SILICDn
MECHANICS
visit us at www.siliconmechanics.com
or call us toll free at 866-352-1173
Silicon Mechanics and the Silicon
Mechanics logo are registered trademarks
of Silicon Mechanics, Inc. AMD, the
AMD Arrow logo, AMD Opteron, and
combinations thereof, are trademarks of
Advanced Micro Devices, Inc.
For more information about the
_ RackScale Clusters Configuration tool
visit www.siliconmechanics.com/clusters.
lAMD^T
Opteron "
COLUMNS
COOKING WITH LINUX
There’s a ticking clock, fun sound effects
and multiple levels that can be reached
only by making it past a certain percentage
of the words successfully.
That brings us to Kanagram's right-hand side
menu, cleverly designed to resemble a filing cabinet.
If you do succumb to the pressure and need a hint,
it appears in a pop-up near the bottom of the cabi¬
net. Scroll your mouse pointer over the cabinet's
drawers, and a tooltip describes what you'll find
inside. You can jump to the next anagram, config¬
ure some of the program's functions, read the
handbook or exit.
As I mentioned in the introduction to the game,
Kanagram comes with a handful of vocabularies,
but there are more available for download in a
number of different languages. Simply click the
second file drawer to open Kanagram's configuration
dialog. You can look at existing vocabularies and
create your own by clicking Vocabularies in the
sidebar. To download new vocabularies, click
New Stuff instead (Figure 3).
G*n*i
Nrw fttuM
/
Vocabularies
Kanagram aJtaws you to download
npw cUTj front Thu Interner.
If pou are conneeled to the Internet. press
UiL' button bn girt nwir vocabulary fllev
*
Download |£rw vbcabutalns
| Htilp lliffakdri w O V. Apply [ srifrt
Figure 3. List, create or download new vocabularies.
When you click the Download New Vocabularies
button, a new window appears showing what's
available. You then can select and download
vocabularies that appeal to you.
If you could turn anagrams into an arcade game,
it might look something like Tom Bradley's Scramble
(Figure 4). There's a ticking clock, fun sound effects
and multiple levels that can be reached only by
making it past a certain percentage of the words
successfully. On the surface, it doesn't seem all that
complicated. After all, each scramble consists of a
measly six letters ("six letters" = "telex stirs"). When
the letters appear on the placards at the bottom of
the screen, click on the letters to form a word, then
Figure 4. Scramble jumbles a mere six letters. Think you
can master it?
click Submit (or if you prefer, type the word and
press Enter). If the word exists, it will load up one of
the empty word boxes, after which you can move
on to the next word.
Strangely enough, getting from one level to the
next isn't always as easy as it looks. Sometimes, if
you get really stuck, re-scrambling the letters can
help—for that reason, you'll find clicking Shuffle
every once in a while a handy thing. Did you, in a
flash of brilliance, figure out the six-letter word? If
you can guess the six-letter word right off the bat,
you automatically move to the next level. Eventually,
when you have exhausted all possibilities and the
timer runs out, Scramble may deliver a classic
arcade pat on the back. Yes, Scramble keeps track
of high scores, and lets you enter your name in the
high-scorers' list.
For the truly anagram-crazy, there's Colm
Gallagher's Anagramarama (Figure 5). It doesn't
quite maintain the arcade-like feel of Scramble, but
it also doesn't limit itself to six letters. In that
Figure 5. Anagramarama —more letters mean more words
and more challenge.
24 | may 2008 www.linuxjournal.com
respect, it can be much more of a challenge, partic¬
ularly if you live for the thrill of building words from
random collections of letters.
Resources
Source for an: ftp.debian.org/pool/main/a/an
Anagramarama : www.coralquest.com/
anagramarama
Marcel's Web Site: www.marcelgagne.com
Scramble : www.shiftygames.com/web2/
index.php?module=game&name=Scramble
Wordplay: hsvmovies.com/static_subpages/
personal/wordplay
The WFTL-LUG, Marcel's Online Linux User Group:
www.marcelgagne.com/wftllugform.html
When you click a letter from the top list of avail¬
able letters, it drops into the Guess box below. After
you've assembled your word, or something you think
might qualify as a word, simply click the green check
mark. Keyboard racers may prefer to type the letters,
entering an anagrammatic stream of consciousness.
"I'm upset" is an anagram for "Time's up", and
sadly, closing time approaches. Don't be too upset
though. I'm sure we can convince Frangois to refill
our glasses a final time. And, while we sip our wine
("mute sip" also is an anagram for "time's up"), we
may uncover some interesting anagrams by putting
in the names of friends, family members and, of
course, coworkers.
Raise your glasses, mes amis, and let us all drink to
one another's health. A votre sante! Bon appetitlm
Marcel Gagne is an award-winning writer living in Waterloo. Ontario. He is the
author of the Moving to Linux series of books from Addison-Wesley. He also makes
regular television appearances as Call for Help's Linux guy and every month on
radio’s Computer America show. Marcel is also a pilot, a past Top-40 disc jockey,
writes science fiction and fantasy, and folds a mean Origami T-Rex. He can be
reached via e-mail at mggagne@salmar.com. You can discover lots of other things
(including great Wine links) from his Web site atwww.marcelgagne.com.
2 3 4 5 6
Reliable Performance
PGI compilers generate floating-point intensive executables
that average 39% faster than GNU compilers*- it’s like getting
a lot of free cluster nodes. PGI CDK compilers and tools
are available directly from most cluster suppliers.
Take a free test drive today at www.pgroup.com/reasons
PGI CDK Cluster Development Kit
The Portland Group, Inc. is an STMicroelectronics company. CDK is a trademark or registered trademark of STMicroelectronics. PGI and Cluster Development Kit are trademarks or registered trademarks ofThe Portland Group, Incorporated.
Other brands and names are the property of their respective owners. *www.pgroup.com/benchmark
COLUMNS
WORK THE SHELL
DAVE TAYLOR
Handling Errors
and Making Scripts
Bulletproof
Shell scripts may be quick, easy and lightweight, but proper scripting
includes the ability to anticipate and respond to error situations
gracefully and without anything breaking. Dave explores some of
the basic shell script error-handling options.
I realize l # ve been playing a bit fast and loose with
my shell scripts over the last few months, because
I haven't talked about how to ensure that error
conditions don't break things. If you read the Letters
section in Linux Journal, you know I haven't covered
this topic because, well, you have covered it for me!
This topic ranges from the simple to the sophis¬
ticated, so let's start with a basic test: the return
status after an application or utility is invoked.
The Magical $? Sequence
Different shells have different return status indica¬
tors (the C shell, for example, uses Sstatus), but the
most basic is Bash/the Bourne shell, which is what
we've focused on since I started writing Work the
Shell, and it uses $?.
Here's a quick example:
#!/bin/sh
mkdir /
echo "return status is $?"
mkdir /tmp/foobar
echo "return status is $?"
rmdir /tmp/foobar
echo "return status is $?"
rmdir /tmp
echo "return status is $?"
exit 0
Run this, and you can see the difference
between commands that succeed and those
that fail:
mkdir: /: Is a directory
return status is 1
return status is 0
return status is 0
rmdir: /tmp: Not a directory
return status is 1
You can see that when invoking mkdi r or rmdi r
with an error condition, they output an error and—
the important part—the $? return status is nonzero.
In fact, check out the man page for a typical
command like mkdir, and you'll see: "DIAGNOSTICS:
The mkdir utility exits 0 on success, and >0 if an
error occurs."
In a perfect world, the >0 return code would
actually tell you what happened, but although that's
true with the functions accessible via software, it's
not true for the shell.
On the other hand, it's still helpful to explore
how to make a shell function that does error
handling too. Here's a basic example function:
makedirectory()
{
mkdir $1
statuses?
echo "return status is Sstatus"
}
This just makes a simple function that calls
mkdir, and it should be no surprise that it works
as follows if I invoke it three times—twice in error
situations and once without an error:
mkdir: /: Is a directory
return status is 1
mkdir: /tmp/foobar: File exists
return status is 1
It's a drag to have mkdi r generate an error mes¬
sage when you can produce your own simply by
26 | may 2008 www.linuxjournal.com
testing the $? status variable.
Here's how you can do just that:
makedirectory()
{
mkdir $1 2>&1 > /dev/null
status=$?
echo "makedirectory failed trying to make $1
terror Sstatus)"
}
This is a bit tricky to understand, because you
have to suppress the error message from mkdi r
so you can generate your own. That's done by
redirecting standard error to standard out (the 2>&l
sequence) and then redirect standard output to
/dev/null (the > /dev/null sequence).
Tip: there's a shorthand you could use here
too, if you wanted to be a bit more cryptic:
&>/dev/null.
Now when running this, however, the output is
far more sophisticated:
makedirectory failed trying to make / (error 1)
makedirectory failed trying to make /tmp/foobar
^Terror 1)
That's a nice way to deal with errors, and of
course, the function can also return the error code,
with return $status as the last line.
Using test to Avoid Error Conditions
The best way to handle errors is to capture error
conditions beforehand. This is best done with the
wonderful and powerful test command. For exam¬
ple, the two typical error conditions that you'd
encounter with the makedirectoryO function are the
directory already existing or the script not having
permission to create the directory.
The first is pretty easy to test:
if [ -d "$1" ] ; then
echo "Error: directory $1 already exists."
exit 0
fi
The second is a bit trickier because you need to
grab the parent directory portion of the requested
directory then test it to see whether you have write
and execute permission to create the subdirectory.
This can be done with the dirname function
(which returns . if there's no explicit directory
given), followed by a test for -w for writeable
and -x for executable.
It all combines like this:
parentdir="$(dirname $1)"
if [ ! -x $parentdir -o ! -w $parentdir ]
then
echo "Uh oh, can't create requested directory $1"
exit 0
fi
This is a sophisticated use of the test command,
but read "!" as "not" and "-o" as "or", and you
can see the test is "if not executable Sparentdir or
not writeable Sparentdir then...", and that should
make sense!
Avoiding Output Problems
with noclobber
Finally, another thing to be aware of with the shell
is that it's all too easy to zap important files with a
redirect. For example, this shouldn't work:
$ who > who.output
$ Is > who.output
The second command should generate an error
because the output file already exists, right? But it
doesn't, and it simply trashes the who output with-
In a perfect world, the >0 return
code would actually tell you what
happened, but although that’s true
with the functions accessible via
software, it’s not true for the shell.
out a warning or error—not good.
To avoid that problem, you'll want to set -o
noclobber in scripts or, better, for your login shell,
and let it be inherited by subshells, including those
that run your shell scripts. A good place to put it
could be in your .profile or .bashrc.
With noclobber set, the two commands behave
differently:
$ Is > who.output
-bash: who.output: cannot overwrite existing file
That's useful for everyone, and doubly so for us
shell script hackers, right?*
Dave Taylor is a 26-year veteran of UNIX, creator of The Elm Mail System, and
most recently author of both the best-selling Wicked Cool Shell Scripts and
Teach Yourself Unix in 24 Hours, among his 16 technical books. His main Web
site is at www.intuitive.com, and he also offers up tech support at
AskDaveTaylor.com. Follow him on Twitter if you’d like: twitter.com/DaveTaylor.
www.linuxjournal.com may 2008 | 27
COLUMNS
PARANOID PENGUIN
H Customizing Linux
Live CDs, Part I
mick bauer Make your desktop completely portable with a custom live CD.
In my recent column "Security Features in
Ubuntu" ( LJ , March 2008), I mentioned that the
live CD method of running Linux from a CD-ROM
or DVD rather than directly from a hard drive has
important and useful security ramifications. I went
on to promise that this would be the topic of a
future column.
Never one to renege on a promise, this month
I bring you the first of a multipart series about Linux
live CDs. In this month's column, I describe some
security usages for bootable Linux CDs and
demonstrate a quick-and-easy way to customize
the standard Ubuntu Desktop CD that allows you
to change its included bundle of software.
Uses of Bootable Linux CDs
At this point, you may be wondering, "What's the
big deal about bootable Linux CDs? Aren't all Linux
installation CDs bootable?"
On the one hand, yes. Linux installation CDs
always have been bootable. But, not all Linux instal¬
lation CDs offer you the option of simply running
Linux from the CD without installing it right away.
This is the difference between a live Linux CD and
an installer CD.
Live CDs are especially handy for trying out a
distribution before committing it to your hard disk.
Usually, they include an installer applet that makes it
easy to make that commitment, if you so choose.
But, these are very general live CD uses.
For the security-conscious user, or for the consci¬
entious-security user (but not for the unconscious
user), live CDs also are useful, among other things,
for the following:
■ Using untrusted hardware, such as public-use
PCs at coffee shops.
■ Analyzing computers that may have been
compromised.
■ Recovering data from systems that no longer
boot for some reason.
■ Running software you'd prefer not to install on
your hard disk.
Depending on your needs, you might be perfectly
happy using an existing Linux live CD distribution,
such as Knoppix, BackTrack or Ubuntu Desktop. But,
what if you want to apply the very latest security
patches to the live CD's installed applications?
What if your favorite live CD lacks an application
you really need? Or, what if you don't want to
have to configure things manually, such as network
settings, after every single time you boot?
These are some of the many reasons you
might want to customize your Linux live CD. For
the remainder of this month's column, I walk
through the process of patching and adding
security software to Ubuntu Desktop 7.10. Much
of what follows applies directly to other squashfs-
based distributions, such as Linux Mint, SLAX
and BackTrack, and indirectly to most other live
CD distributions.
Prerequisites
Before you can customize your Ubuntu Desktop live
CD, you need several things:
1. An ISO file for the current version of Ubuntu
Desktop (or Linux Mint).
2. The squashfs-tools package installed on your
system.
3. The mkisofs package installed on your system.
You can get the ISO file in one of two ways:
download it from www.ubuntu.com, or create it
from an actual Ubuntu CD via the dd command,
like this:
bash-$ dd if=/dev/cdrom of=./ubuntu-7.10-desktop-i386. iso
For the remainder of this article, I assume your
ISO image resides in your home directory. I also
assume you're running Ubuntu, but if you aren't,
for commands that begin with sudo, you instead
should do whatever else you usually do to become
root temporarily (for example, su or su -c).
The squashfs-tools package provides utilities
for creating and mounting squashfs filesystems.
Most of an Ubuntu live CD is taken up by one
28 | may 2008 www.linuxjournal.com
enormous squashfs image that is uncompressed
and mounted as / when you boot the CD. To
remaster the CD, you need to mount a copy of
its squashfs image, change various files and
directories in it, and save the edited directory
structure as a new squashfs image.
Finally, you'll use the mkisofs command to
convert the various files and directories you've
just edited into a single ISO image file.
In describing how these three prerequisites relate
to each other, I also discuss the three stages of the
live CD remastering process: mounting the squashfs
image, changing it in various ways and incorporat¬
ing it into a new ISO image.
The Procedure
The procedure I'm about to step through is
based on the one at www.debuntu.org (see
Resources). Much of what follows won't be very
security-focused; in subsequent columns. I'll go into
greater depth in applying this stuff to security appli¬
cations. Right now, my immediate goal is to tell you
02-$ sudo mount -o loop ./ubuntu-7.10-desktop-i386.iso ./isomount/
03-$ rsync --exclude=/casper/filesystem.squashfs -a ./isomount/
^./i sonew/cd
Line 03 uses rsync rather than cp, so you don't
need to repopulate the isonew/cd directory every
time you make a new ISO image. Whenever rsync
encounters identical files, it copies only the differ¬
ences in the new file to the old one, rather than
copying the entire file (if there are no differences, it
leaves the "target" version alone).
Note: if you're working within some directory
other than your home directory, and if that directory
is on a Windows partition rather than a native Linux
partition (such as ext2, ext3 or ReiserFS), you'll get
many errors when copying files around—some of
which may cause this procedure to fail. You don't
need to do all of this within your home directory,
but you should do it on a Linux partition.
You've copied the skeleton of the original CD into
isonew/cd, so now you can get busy with the squashed
What if your favorite live CD lacks an application you really need? Or
what if you don’t want to have to configure things manually, such as
network settings, after every single time you boot?
what you need to know to begin experimenting
with your own customized live CDs right away, and
I'm sure you'll think of cool things to do between
now and my next column.
In demonstrating these commands, I'm going to
try a new convention that bends reality a little bit
and will number each bash-prompt: 01-$, 02-$, and
so on. This way, I'll be able to refer to each com¬
mand by line number. We'll see whether this helps,
or whether I'm just getting nostalgic for my BASIC
programming days—send me an e-mail if you have
an opinion either way.
First, log on as a nonprivileged user, open a
command window (none of what we do here will
require the X Window System), and navigate to
your home directory. Type this command to create
mountpoints for the old ISO image and its
squashfs image, a top-level directory for creating
the new CD file hierarchy and a directory for
rebuilding the root filesystem that will become
the new squashfs image:
01-$ mkdir -p ./isomount ./isonew/squashfs ./isonew/cd ./isonew/custom
Next, mount the original ISO image, and copy
everything in it, except the squashfs image itself,
into the ./isonew/cd directory:
root filesystem by enabling squashfs support in your
running kernel and mounting the squashfs image:
04-$ sudo modprobe squashfs
05-$ sudo mount -t squashfs -o loop
**./ isomount/casper/filesystem.squashfs ./isonew/squashfs/
Next, copy the original root filesystem into the
rebuild directory:
06-$ sudo rsync -a ./isonew/squashfs/ ./isonew/custom
Before you enter the Matrix by chrooting into
this root filesystem and customizing it, you should
make sure networking and the apt system will work
once you do, by copying some configuration files
from your running system:
07-$ sudo cp /etc/resolv.conf /etc/hosts ./isonew/custom/etc/
08-$ sudo cp /etc/apt/sources.list ./isonew/custom/etc/apt/
This assumes, of course, that your running system
is communicating with the network properly and that
its sources.list file includes entries for the universe,
multiverse and partner repositories (or anywhere else
from whence you intend to obtain packages). If you
www.linuxjournal.com may 2008 | 29
COLUMNS
PARANOID PENGUIN
have anything else you'd like to include in your cus¬
tom live CD, such as other configuration files, docu¬
ments, images and so on, now is a good time to copy
those over too. Just remember that space is precious.
Now you're ready to enter your new root filesys¬
tem. I've written extensively about using chroot
jails to contain server daemons, so that if they're
hijacked, the attacker gains access to only a small
subset of your filesystem. Well, right now, you're
about to chroot yourself, so that all changes you
make—adding and removing packages, download¬
ing updates, editing configuration files and so on—
are applied to your custom ISO's root filesystem, not
your underlying system's root filesystem.
Here's how to swallow the Blue Pill:
09-$ sudo chroot ./isonew/custom
From this point on, until you type the command
exit (step 22, below), you'll be in an environment
in which / is no longer your underlying filesystem's
root, but actually /ho me/you/iso new/custom (where
/home/you is your local home directory, or wherever
else you created the isonew hierarchy).
Now that you're jacked in, you need to bring
the proc and sysfs filesystems on-line, so that
your "real" system's kernel can interact properly
with the "fake" system represented by your
soon-to-be-customized root filesystem. Now, set
your home directory to /root (actually /home/you/
i so n e w/c u st o m/root):
10- # mount -t proc none /proc/
11- # mount -t sysfs none /sys/
12- # export H0ME=/root
aptitude vs. apt-get
Note that I'm using apt-get here, rather than the more-sophisticated
aptitude. This is because one of aptitude's key features, the ability to
delete packages that are no longer necessary automatically, can be
dangerous when used on any system on which packages have been
installed by any tool other than aptitude.
Because aptitude maintains its own database of installation histories,
it can miss key dependencies in this context and remove packages
that you do, in fact, need. Therefore, you should use aptitude only to
remove programs that you installed with aptitude. If you later need to
undo an installation that included automatically installed dependen¬
cies, you can use apt-get autoremove to achieve
the same thing.
Note that the prompts in my examples have
switched to # from $, indicating that you're now
running in a root shell. This is necessary, because
you'll need to be root in order to exit the chroot jail
you've voluntarily entered.
Now you're ready to customize. This is the part
when you don't necessarily need my help; you can
be creative. For example purposes though, let's
make some space for new packages and update the
ones that are left.
What are you going to use your new live CD for?
Secure Web browsing using untrusted hardware isn't
a bad start. You shouldn't need OpenOffice.org for
that, and it takes up something like 85MB of your
compressed squashfs image (remember, a standard
CD ISO can't be larger than 650MB).
You can remove OpenOffice.org, plus a couple
of things upon which only OpenOffice.org depends,
like this:
13-# apt-get remove --purge 'dpkg-query -W --showformat='${Package}\n'
^|grep openoffice'
Did you notice the embedded
dpkg-query. . . |grep. . . command? It queries
the root filesystem's deb-package database for a
complete list of installed packages. The output of
this is piped through a grep search for the string
"openoffice". You can use the command in line
13 to find and purge other groups of packages by
simply changing the grep query.
Suppose you also want to get rid of The GIMP,
which takes up more than 6.5MB (after compres¬
sion) on your live CD image. So, swap out the string
"openoffice" in the previous command with
"gimp", like this:
14-# apt-get remove --purge 'dpkg-query -W --showformat='${Package}\n'
^1 grep gimp'
Other good candidates for removal include non-
English language packs (which take up anywhere
from 0.5-1.5MB compressed), and multimedia
applications such as Rhythmbox, totem and sound-
juicer, which take up a few megabytes each, even
after compression, and are unlikely to be useful for
security purposes.
Decide for yourself. Browse through the list of
installed packages with a quick aptitude search
~i | less. If you mistakenly purge something you
decide you actually need, you always can exit the
chroot jail and re-execute the rsync command on
line 06.
So, now you've made room for your custom
toolkit. If you want to use your live CD for anony¬
mous Web surfing, you may want to install Tor and
Privoxy. First, you need to update your custom root
30 | may 2008 www.linuxjournal.com
filesystem's package database to synchronize it with
the sources.list file you copied over in line 08:
15- # apt-get update
Now, you can use apt-get install just as you
would on any other live system to install your cus¬
tom packages:
16- # apt-get install tor privoxy
As a professional paranoiac, I'd be remiss if I
didn't point out that both of these packages are
from Ubuntu's universe repository, and as such,
they aren't provided with the same level of sup¬
port as packages in the main and restricted reposi¬
tories, although the Ubuntu MOTO Security Team
does its best to keep up with security patches. This
is a trade-off you'll probably find yourself making
frequently, however. As I pointed out in my col¬
umn in the March 2008 issue, many of Ubuntu's
most useful security utilities are available only in
the universe and metaverse repositories.
After you've installed your custom applications,
make sure your entire system is fully patched. As
with any other Ubuntu (or other Debian-based)
system, you can use apt-get dist-upgrade.
Because this will result in quite a bit of updates
being downloaded and installed, and because
space is at a premium on our ISO image, immedi¬
ately follow the upgrade with a clean:
17- # apt-get dist-upgrade
18- # apt-get clean
Come to think of it, this one step—upgrading
the live CD's packages—may be the only security-
related reason you need to customize your live CD.
Applying security patches is that important!
There's just one more thing to do before packing
up your new ISO: custom configuration. You may
want to edit the hosts or resolv.conf files you copied
over before (or, after exiting the chroot jail, you simply
may want to copy over them with the originals from
./isonew/squashfs/etc). You may want to preconfigure
Expert included.
As a Sales Engineer for Silicon Mechanics, Scott's job is to consult with customers, understand your processing and
storage needs, and then configure the systems that will work for you. So what's the latest addition to Scott's toolbox?
The flexible, efficient, and manageable Bladeform 5100 Series from Silicon Mechanics.
You begin with the 611 Bladeform 5100 enclosure, and you add the modules you need. The enclosure supports
up to 6 of our 5110 Compute Modules, each with 2 Intel® Xeon® 5000 Series CPUs with available Quad-Core
or Dual-Core options. You can add up to 2 Storage Control Modules with RAID 6 support, 2 Gigabit
Ethernet switches, and 4 1000-Watt power supplies. Scott will be happy to help you figure out the
optimal combination for your deployment.
When you partner with Silicon Mechanics, you get more than flexible Intel solutions for
small business—you get an expert like Scott.
Silicon Mechanics and the Silicon Mechanics logo are registered
trademarks of Silicon Mechanics, Inc. Intel, the Intel logo, Xeon,
and Xeon Inside, are trademarks or registered trademarks of Intel
Corporation in the US and other countries.
Xeon
inside
Powerful.
Efficient.
m
lucnn
MECHANICS
visit us at www.siliconmechanics.com
or call us toll free at 866-352-1173
See the Silicon Mechanics
Bladeform 5100 Series at
I
www.siliconmechanics.com/5100
COLUMNS
PARANOID PENGUIN
Appendix
Here's the complete procedure, in the form of a raw list of all
commands described in this article. The $ prompt indicates
commands executed as an unprivileged user, and the #
prompt shows commands that are executed by root.
00-$ dd if=/dev/cdrom of=./ubuntu-7.10-desktop-i386.iso
01-$ mkdir -p ./isomount ./isonew/squashfs ./isonew/cd
/isonew/custom
02-$ sudo mount -o loop ./ubuntu-7.10-desktop-i386.iso ./isomount/
03-$ rsync --exclude=/casper/filesystem.squashfs -a ./isomount/
/isonew/cd
04-$ sudo modprobe squashfs
05-$ sudo mount -t squashfs -o loop
^./isomount/casper/filesystem. squashfs ./isonew/squashfs/
06-$ sudo rsync -a ./isonew/squashfs/ ./isonew/custom
07-$ sudo cp /etc/resolv.conf /etc/hosts ./isonew/custom/etc/
08-$ sudo cp /etc/apt/sources.list ./isonew/custom/etc/apt/
09-$ sudo chroot ./isonew/custom
10- # mount -t proc none /proc/
11- # mount -t sysfs none /sys/
12- # export H0ME=/root
13- # apt-get remove --purge 'dpkg-query -W --showformat='${Package}\n'
^Igrep openoffice'
14- # apt-get remove --purge 'dpkg-query -W --showformat='${Package}\n'
^Igrep gimp'
15- # apt-get update
16- # apt-get install tor privoxy
17- # apt-get dist-upgrade
18- # apt-get clean
19- # rm -rf /tmp/*
20- # umount /proc/
21- # umount /sys/
22- # exit
23- $ chmod +w ./isonew/cd/casper/filesystem.manifest
24- $ sudo chroot ./isonew/custom dpkg-query -W --showformat='${Package}
^${Version}\n' > ./isonew/cd/casper/filesystem.manifest
25- $ sudo cp ./isonew/cd/casper/filesystem.manifest
/isonew/cd/casper/filesystem.manifest-desktop
26- $ sudo mksquashfs ./isonew/custom
^./isonew/cd/casper/filesystem. squashfs
27- $ sudo rm ./isonew/cd/md5sum.txt
28- $ sudo -s
29- # cd ./isonew/cd
30- # find . -type f -print© | xargs -0 md5sum > md5sum.txt
31- # exit
32- $ cd ./isonew/cd
33- $ sudo mkisofs -r -V "Ubuntu-Live-PrivateSurf" -b
solinux/isolinux.bin -c isolinux/boot.cat -cache-inodes -J -1
^-no-emul-boot -boot-load-size 4 -boot-info-table -o
^-/Ubuntu-Live-7.10-PrivateSurf.iso .
Tor by editing /etc/tor/torrc and /etc/tor/tor-socks.conf,
and Privoxy via the files in /etc/privoxy.
As with removing and installing packages, this
process is the same as on any other system: fire up
your (non-GUI) text editor of choice (nano, vi and
ed are all present in the standard Ubuntu ISO), and
edit anything that needs editing.
Are you done customizing? If so, you can
take your Red Pill and exit the Matrix—I mean,
the chroot jail. On your way out, empty the /tmp
directory, and unmount the chrooted /proc and
/sys filesystems:
19- # rm -rf /tmp/*
20- # umount /proc/
21- # umount /sys/
22- # exit
32 | may 2008 www.linuxjournal.com
You're back in reality (at least, back in your
previous working directory on the underlying
system). Before you pack up your ISO, you'll have
to build a new manifest file (a list of all packages
in the new live CD root filesystem), recompress
the customized root filesystem into a squashfs
file and regenerate the md5sum of your live
CD files.
33-$ sudo mkisofs -r -V "Ubuntu-Live-PrivateSurf" -b
solinux/isolinux.bin -c isolinux/boot.cat -cache-inodes -J -1
^-no-emul-boot -boot-load-size 4 -boot-info-table -o
**~/Ubimtu-Live-7. 10-PrivateSurf. iso .
Your home directory now contains a new
customized live CD ISO file, named Ubuntu-Live-
7.10-PrivateSurf.iso. You can boot it directly from
Right now. my immediate goal is to tell you what you need to know to begin
experimenting with your own customized live CDs right away, and I’m
sure you’ll think of cool things to do between now and my next column.
First, to rebuild your manifest file:
23- $ chmod +w ./isonew/cd/casper/filesystem.manifest
24- $ sudo chroot ./isonew/custom dpkg-query -W --showformat =, ${Package}
^${Version}\n’ > ./isonew/cd/casper/filesystem.manifest
25- $ sudo cp ./isonew/cd/casper/filesystem.manifest
^./i sonew/cd/casper/f ilesystem. manifest-desktop
In line 23, you made the old manifest file
writeable, so you could copy over it. In line 24,
you temporarily popped back into the root
filesystem chroot jail to generate the package
list with dpkg-query. And in line 25, you copied
the new manifest into an identical file called
filesystem, manifest-desktop.
Now you can resquash your root filesystem:
26- $ sudo mksquashfs ./isonew/custom
/isonew/cd/casper/filesystem.squashfs
If you like, you can edit the DISKNAME parameter
in the file ./isonew/README.diskdefines. Regardless,
next you should regenerate your live CD's md5sum,
so you can detect tampering later on:
27- $ sudo rm ./isonew/cd/md5sum.txt
28- $ sudo -s
29- # cd ./isonew/cd
30- # find . -type f -print© | xargs -0 md5sum > md5sum.txt
31- # exit
And, you've reached the final step. Now you can
write your finished ISO image file:
32- $ cd ./isonew/cd
hard disk using VMware, QEMU or some other
virtualization engine to test it. Or, of course,
simply burn it to CD using your CD-writing utility
of choice.
Conclusion
You've now got the basic technique for customizing
an Ubuntu live CD. Although I didn't go into
much depth showing actual customizations
beyond removing and adding packages, I'll continue
this series next time with detailed guidance on
bundling and preconfiguring specific security
tools into your live CD.
Until then, have fun experimenting with live
CDs, and of course, be safe!*
Mick Bauer (darth.elmo@wiremonkeys.org) is Network Security Architect for one
of the US’s largest banks. He is the author of the O’Reilly book Linux Server
Security, 2nd edition (formerly called Building Secure Servers With Linu x), an
occasional presenter at information security conferences and composer of the
“Network Engineering Polka”.
Resources
Debuntu.org's "Customize Your Ubuntu Live
CD" Tutorial: www.debuntu.org/
how-to-customize-your-ubuntu-live-cd
Jeffery Douglas Waddel's "Secure Boot CDs for
VPN HOWTO": www.linux.org/docs/ldp/
howto/Secure-BootCD-VPN-HOWTO.html
Daniel Barlow's "Building Your Own Live CD":
www.linuxjournal.com/article/7246
Did you know Linux Journal maintains a mailing list
where list members discuss all things Linux? Join LJ’s
linux-list today: http://lists2.linuxjournal.com/mailman/
listinfo/linux-list.
www.linuxjournal.com may 2008 | 33
COLUMNS
HACK AND /
KYLE RANKIN
Last-Minute Secondary
Mail Server
Is your primary mail server down with no spare set up? Find out
how to set up a quick-and-dirty secondary mail server to tide you
over until the primary is back.
It's easy to build redundant systems when time
and money are limitless. When you have neither,
or you are designing a personal system, often
backups and redundancy are parts of the project
you plan to get to on a rainy day. Of course
inevitably, you put those tasks off until the main
system fails, and then you scramble to pick up
the pieces. Setting up RAID and doing backups,
in fact, are probably the most common examples
of these do-it-on-a-rainy-day tasks (and if you
haven't heard yet, they are not the same thing).
We all know we should back up important data,
and we should set up a RAID on that important
file server, and by now, enough of us have been
bitten by that mistake that I'm not going to talk
about either today. Instead, I'm going to talk
about one of those services that gets less atten¬
tion: your mail server.
It is important to have a backup mail
server, but whether you work for a small
company, or you administer your own
personal mail server, you might not have
gotten around to a secondary mail relay.
It is important to have a backup mail server,
but whether you work for a small company, or
you administer your own personal mail server, you
might not have gotten around to a secondary mail
relay. Then, disaster strikes. It could be that the
primary mail server's hardware failed, or maybe
it was hacked. In either case, it is going to be
down for a few days. In the meantime, you still
would like to be able to send and receive e-mail.
In this column, I cover a few easy, and more
important, quick steps to create a secondary mail
relay to tide you over until the primary can come
back on-line.
Now, my preferred method for an emergency
mail server uses a Knoppix disc. I always have
one around somewhere, and because I can install
just about any software I need on the live CD, it
is ideal when I need a basic Linux system fast. I
can just locate a spare machine, boot Knoppix
on it, and set up my server. When the emergency
is over, I can shut it off with no commitment.
Then again, you might want to make this sec¬
ondary mail server a bit more permanent. These
same steps will work just fine on any ordinary Linux
system that has postfix available.
Before you perform any steps, be sure to
choose a server that has enough storage to store
your mail. This number varies based on your
e-mail traffic and the number of clients on the
server, but the machine will need to store all
incoming mail locally until the primary server
comes back up. So, if you get 50MB of mail each
day and plan for the primary to be down for three
days, you should have at least 150MB of spare
storage for the mail spool in /var/spool/postfix
plus extra, just in case. If you don't have enough
spare storage or you use Knoppix for this, mount
an extra partition, create a postfix directory on it
and symlink /var/spool/postfix to it.
Now that you have chosen a server, the first step
is to install postfix. Postfix is a common package
and should be available for any major Linux distribu¬
tion you use. On Debian-based systems, the installa¬
tion process automatically runs a configuration
script to set up a reasonable default config. If you
do run into this script, choose the "Internet Site"
configuration type and accept the rest of the
defaults in the script. Alternatively, you can copy a
default configuration that ships with your postfix
package or run it through a configuration script
your distribution includes.
Once postfix is installed, you need to tweak
the default configuration so that it can act as your
mail relay. Postfix makes this pretty simple, and
you need to worry about only a few configuration
options. Edit the /etc/postfix/main.cf file, and
locate a line called mynetworks. This option tells
postfix for which networks to relay mail. Ideally,
you should set this only for internal networks or
specific external hosts you trust will not relay
34 | may 2008 www.linuxjournal.com
spam through your system. If you allow all net¬
works, you have just turned your system into an
open relay and will likely find yourself on a spam
black-hole list in no time. If your local network is
192.168.1.x, for instance, you would add an entry
for that and for localhost:
mynetworks = 127.0.0.0/8, 192.168.1.0/24
Next, you need to tell postfix for which incoming
domains it will accept mail for relay. This variable
will be set to any domains for which you accept
incoming mail. So, if you own example.com and
example.org, for instance, you would add:
relay_domains = example.com, example.org
You even can act as a secondary mail server for
friends. Simply add their domains here as well, and
your mail server will accept incoming mail to those
domains and then forward it to the appropriate
primary mail server. How does it know which server
to use? It relies on DNS, which I discuss shortly.
The final postfix options to change tell postfix
how long to spool and attempt to deliver mail
before it bounces it. By default, postfix queues mail
for three days, and during that time, it continuously
attempts delivery. After three days, postfix bounces
the mail and sends an e-mail notification to the
sender that the e-mail could not be delivered. If
your primary server is going to be down for a few
days, you probably will want to extend this default.
Locate the following values (or add them if they
aren't defined) in /etc/postfix/main.cf, and edit them
so they look like the following:
server for your domain. Your DNS server should
have at least one MX record defined that looks
something like this:
example.com. IN MX 100 maill.example.com.
If I created a new mail server and added its IP to
DNS so that mail2.example.com pointed to it, I then
would add the following line to my DNS zone:
example.com. IN MX 200 mail2.example.com.
Because I assigned mail2 a higher value (200)
than maill (100), other mail servers know that
maill is my primary and that mail ultimately will
land there. However, if maill is unavailable, they
know that they can attempt delivery on mail2
(and some mail servers attempt mail delivery on
secondary servers first anyway). Once my DNS
zone is reloaded, mail that has been queued up
on remote servers ever since maill went down
should start being delivered to mail2. Be sure to
add this DNS entry for any domains you added in
the relay_domains option. It also may go without
saying, but be sure that mail2.example.com
points to an external IP address that lands on
your mail server.
As this server runs, monitor its storage to
Once your primary server comes back up,
postfix will start delivering its queued
messages automatically (it actually will
have been attempting it the entire time).
bounce_queue_lifetime = 14d
maximal_queue_lifetime = 14d
Here I increased the maximum time to 14 days,
but you can change it to a value that makes sense
for you. Generally, you don't want to hold on to
e-mail for too long, as senders likely will want
to know eventually if their e-mail could not be
delivered. Once these options are changed, type
/etc/ini t.d/postf ix start to start the service,
or type /etc/init.d/postf ix reload, if postfix
already is running.
Next, test the server. Either configure your mail
client to use this server as its SMTP gateway and
then send an e-mail to your domain, or if you
feel fancy, connect to port 25 on the server using
Telnet, and type the raw SMTP commands. Check
/var/log/mail.log or/var/log/maillog to confirm that
postfix accepted and spooled your mail.
The last step is to configure your DNS server so
that it lists your new machine as a secondary mail
make sure you have plenty for new incoming
mail. You also can run the mailq command to
see all the queued messages. Once your primary
server comes back up, postfix will start delivering
its queued messages automatically (it actually
will have been attempting it the entire time). By
default, postfix will throttle this delivery so it
doesn't flood the primary mail server, but if you
want all of the queued e-mail delivered immedi¬
ately, type postqueue -f.
With the primary machine back up, you might
want to take down this temporary machine or at
least work on a more permanent solution. If you do
take it down, be sure to remove its MX record from
all your DNS servers. You do have redundant DNS
servers, right?«
Kyle Rankin is a Senior Systems Administrator in the San Francisco Bay Area and
the author of a number of books, including Knoppix Hacks and Ubuntu Hacks for
O’Reilly Media. He is currently the president of the North Bay Linux Users’ Group.
www.linuxjournal.com may 2008 | 35
NEW PRODUCTS
r
Norman Matloff and PJ. Salzman's
Debugging with GDB/DDD (No Starch Press)
The new book Debugging with GDB/DDD by Norman Matloff and P.J. Salzman, published by No Starch
Press, highlights the importance of debugging to successful software development. Focusing on GDB, a
popular open-source debugger, the book shows developers how to reduce the time they spend finding and
fixing programming errors. Debugging's approach is to apply a range of real-world coding errors, from
simple typos to major logical blunders, to illustrate how to manage memory, understand core dumps and
trace programming errors to their root causes. The book also covers topics missing from other debugging
books, such as threaded, server/client, GUI and parallel programming.
www.nostarch.com
DEBUGGING WITH
GDB/DDD
mi ra iru is ih« n h fr *« w ■« rmimtm
Ruby on Rails
C*» iriiB hr»i it -fat -ftijj
p- n ari. mxxlh jjm.
taMlm
Cohesive Flexible Technologies'
Elastic Server On-Demand
Community Edition
Fresh out of beta is Cohesive Flexible Technologies' Elastic Server On-Demand
(ESOD) Community Edition virtualization platform. The product is a free Internet
platform for independent developers and individual enterprise developers to take
advantage of virtualization and cloud computing utilities like Amazon's Elastic
Compute Cloud. Users can "take their application stack 'recipes', capture them,
and reproduce them as virtual servers rapidly and automatically", says CohesiveFT's
CTO. The firm claims to be the "first service to offer developers and operations
complete control of their server assembly, independent of which virtualization or
cloud technology they require." The ESOD Community Edition is free to use and is
intended for individual developers and noncommercial, nonproduction use.
www.cohesiveft.com
TotalView Technologies' Workbench Manager
Adding to its rich portfolio of debugging tools, TotalView Technologies has released
Workbench Manager, an application that allows developers to create an integrated,
cohesive view of the development and debugging work-flow process. One can
manage any version of TotalView Debugger, MemoryScape memory debugger and
any third-party application used for development and debugging, all from a single
dashboard-like GUI. As a result, you easily can integrate both commercial and
open-source tools in your toolchain. TotalView Technologies' products can be used
to debug Linux, Mac OS X and UNIX applications running on development
machines with single, dual-core, multicore or multiple processors.
www.totalviewtech.com
TdtalVi ew
Desktop GtS
Majifii i*ii H if imtrl
wlii i ijiris c TvHtb
Gary E. Sherman's Desktop GIS
(Pragmatic Bookshelf)
A book on a specific Linux topic typically means it's on the cusp of breaking out. Such is
the case with Geographic Information Systems (GIS), the focus of the new book Desktop
GIS: Mapping the Planet with Open Source Tools by Gary E. Sherman and the Pragmatic
Bookshelf. The book's purpose is to help you deal with the issues involved in assembling
your GIS toolkit, such as choosing the right platform and tools, dealing with integration
issues and getting support. Sherman introduces the main open-source applications, such
as GRASS, Quantum GIS, uDig and others, and also delves into scripting with various
languages. The author is the founder of the Quantum GIS Project.
www.pragprog.com
36 | may 2008 www.linuxjournal.com
1
NEW PRODUCTS
Softlntegration's Ch and Embedded Ch
New on the development scene are Softlntegration's Ch 6.0 and Embedded Ch 6.0, interpreters for
cross-platform scripting, 2-D/3-D plotting, numerical computing, shell programming and embedded
scripting. New features in v6.0 include debugging capability, a user-friendly IDE for teaching/learning
programming (in the Professional Edition) and new plotting features, including multiple coordinates
and new plotting types. Ch and Embedded Ch are available for Linux x86, Linux PPC, Windows,
Mac OS X, Solaris, HP-UX, FreeBSD and QNX Neutrino RTOS.
www.softi nteg ration .com
ADLINK Technology's ALS-3206 Rackmount
Network Security Platform
ADLINK Technology has just beefed up your options for network security,
adding the ALS-3206 Rackmount Network Security Platform to its solutions
palette. The ALS-3206 series is billed as a flexible, mid-range, cost-effective
solution for IDS, IPS, UTM, firewall, VPN gateway, load balancing and traffic¬
mining applications. The line further supports several Intel processors and
chipsets and provides six gigabit Ethernet ports, one PCI extension slot and two configurable PCI-X slots. One of the PCI-X extension slots
can be configured to extend a four-port gigabit Ethernet card and the other to extend a network security accelerator. This combination
of features is suited, says ADLINK, for antivirus software security, content security and PKI software applications.
www.adlinktech.com
Open-Xchange Community Edition
You can feel the trembling emanating from Redmond after Open-Xchange's
announcement of its newly GPL'd Open-Xchange Community Edition (OXCE).
Open-Xchange calls OXCE "the only remaining independent open-source
alternative to Microsoft Exchange" and offers the necessary tools to facilitate
communication and teamwork: e=mail, calendaring, contacts, tasks and docu¬
ment sharing. The company further cites its intuitive tools and intelligent fea¬
tures, such as smart links between calendar appointments, task lists, contacts,
documents, bookmarks, knowledge articles and Ajax-based mashup capabili¬
ties by Netvibes' Universal Widget API (UWA). Initially, OXCE is available for
Debian and Ubuntu, with additional Linux distribution support coming later.
www.open-xchange.com
Sybase's Adaptive Server Enterprise Cluster Edition
If downtime ain't an option for your database, Sybase hopes you'll deploy its
new Adaptive Server Enterprise (ASE) Cluster Edition. The technology enables
enterprises to deploy database environments across shared servers in a clus¬
ter, which offers the added benefit of optimal service through events such as
system failures, peak loads and planned maintenance. In addition, Sybase's
product allows for savings in hardware and power costs through optimal
resource utilization. Another technology, Virtualized Resource Management,
supplies application workloads with a virtual view of the physical cluster that
can be changed dynamically on demand. ASE Cluster Edition is available for Red Hat and SUSE Linux, as well as 64-bit Solaris.
www.sybase.com/clusters
Please send information about releases of Linux-related products to James Gray at newproducts@linuxjournal.com or New Products
c/o Linux Journal 1752 NW Market Street, #200, Seattle, WA 98107. Submissions are edited for length and content.
www.linuxjournal.com may 2008 | 37
REVIEW
V
HARDWARE
An Ideal Appliance?
Inside the Teak 3018 dan sawyer and d.n. lynx crowe
AR Infotek's new entry into the net¬
work security appliance market is the
Teak 3018, which the AR Infotek Web
site bills as having "...reliable high per¬
formance that meets trusted wireless
network security appliance requirements
in ROBO (Remote Office, Branch Office),
SOHO (Small Office, Home Office), SMB
(Small/Medium Business) environments."
That was part of the announcement
that ran in all the Linux hardware rags
in December '07 and January '08. A
small, low-profile, hackable fanless
box, the Teak 3018 looked to be a
great entry into the realm of appliance
hardware. It promoted itself as a solid
platform with excellent capabilities,
good security and an all-around solu¬
tion for SOHO network security woes.
We laid our grubby little paws on a
pair of them and dug deep inside
to answer some important questions
about them:
1. Are they, as the press releases imply,
consumer appliances, or are they
something else?
2. Do they perform as advertised?
3. What other nefarious ends might
they be put to by the intrepid
hardware hacker?
After a lot of delving, digging, hack¬
ing and cataloging, I bring you the
good, the bad, and the ugly of this
unassuming-looking little brown box.
The Good
The Teak 3018 is compact, unobtrusive
and looks pretty spiffy sitting on fash¬
ionable bookshelves—mostly because,
unlike the rather gaudy Linksys firewalls,
it stays out of the way, visually speak¬
ing. The whole thing, both in its design
and implementation, is (as designed)
fairly hospitable to Linux hackers. The
CPU chipset and peripheral components
are all well supported by the kernel, but
just in case you're installing a distro
that doesn't have the right drivers, it
includes the source for the kernel
modules and device drivers on the
included SDK CD-ROM.
Under the hood, the Teak is a low-
power x86 system. Specifically, it's a
500MHz AMD Geode LX-800 processor
with the CS5536 companion device,
equipped with 128-512MB of DDR
RAM (128MB standard) soldered onto
the motherboard. It sports a Compact-
Flash socket and a 2.5" hard drive bay
with an Ultra DMA 66/100 IDE con¬
troller for your internal storage needs,
as well as two OHCl-compliant USB 2.0
ports. A serial COM port gives auxiliary
access for those wishing to hook up
extra peripherals, such as a Linux con¬
sole or a home automation device,
while four 10/100Mbps auto-switching
Ethernet ports—two of which have a
hardware bridge that keeps your net¬
work signals traveling through the box
in case of power failure—and a pair of
Wi-Fi aerials hooked up to an Atheros
5004X SuperAG 802.1 la/b/g chipset-
based Wi-Fi module round out the
feature set. Further icing on the cake is
a watchdog timer, which can cause the
system to reboot automatically if the
software crashes.
The box the Teak sits in is sturdily
built. Everything is securely bolted
down. The top slides off easily after
you remove just four screws, and the
quality of the external design is a cut
above—not only is it unobtrusive as
previously mentioned, it also has a
reset switch on the front, rather than
Table 1. Uses for the Teak
Purpose
Suitable?
Comments
Router
Possibly as
a subnet
router
Too few ports to be really useful
as a general-purpose router.
Gateway
Yes
Access pointers
Uncertain
It's hard to tell from the
documentation what is meant
by "access pointers".
VPN endpoint
Yes
Hardware AES encryption is a plus.
Firewall
Yes
Antivirus filter
Yes
Antispam filter
Yes
Intrusion detection system
Yes
Content filtering
Yes
Bandwidth management device
Yes
38 | may 2008 www.linuxjournal.com
\
REVIEW
hidden around back as is common on
most SOHO network appliances. A
front panel mounted set of four sys¬
tem status lights, and a pair of status
lights located by each Ethernet port,
let you verify the operation of your
system as well. The power supply—
external, to help maintain the fanless-
ness and keep the case quiet—has all
the proper international safety certifi¬
cations and provides very clean power
from a wide range of power sources.
Of course, with a setup like that in
an easily accessible box, you can build
pretty much anything you like. AR
Infotek's marketing and press releases
for the 3018 pitch it as a network secu¬
rity appliance, but with that kind of
open hardware sitting under the hood,
you can make it sit up and do tricks
with a little bit of work. Still, what
review would be complete without a
good look at whether the machine
can do what it says it's supposed to
be able to do?
The manual suggests a number of
uses for the box, most of which are
actually doable.
The hardware itself meets all the
trusted wireless network security
appliance requirements for ROBO,
SOHO and SMB environments, with
the AES encryption standard supported
in hardware.
There are a few other interesting lit¬
tle tricks up the Teak's sleeve. The sys¬
tem is built on a commodity mother¬
board, which means it not only runs a
standard Phoenix BIOS, but it also has a
sound chip and, because it's an AMD
chipset with an ATI graphics package,
a video capture chip. Although the
pinouts for the video capture hardware
and the sound hardware aren't docu¬
mented in the manual, they may be
among the undocumented functions of
J12. This isn't the kind of board that
can easily be hacked up by a hardware
hacker with a soldering iron—multilayer
boards with flat packs aren't really
designed for that sort of thing. If the
interface pins were brought out onto
pads or connectors, that'd be another
thing entirely, but as it stands, some of
the more interesting functions of the
Geode chipset are inaccessible.
So, is the Teak a "network security
appliance" suitable for small-/medium-sized
business, small office/home office and
remote office/branch office applications?
Unfortunately, that brings us to the
bad part of the review.
The Bad
To put it bluntly, the Teak 3018 isn't
as advertised. The BIOS is its only
firmware. No operating system,
firewall, routing software or anything
else that would qualify it as a "Network
Security Appliance" comes with the
box. The real story is that the 3018
is simply a general-purpose platform
that can be made into pretty much
anything your geeky heart desires.
Be that as it may, it isn't anything
out of the package but a bare-bones
system. It's not a network security
"appliance" as delivered. It's a system
designed for OEMs to build into net¬
work security appliances.
As an OEM system, the Teak pro¬
vides a good solid hardware platform,
but it's not without a few serious flaws.
There are two basic classes of beefs
I have with the thing: hardware problems
and documentation issues.
Hardware Problems
Although the selection of the hard¬
ware that goes into the Teak is delib¬
erately Linux-friendly, the way the
hardware is put together isn't particu¬
larly impressive. To begin with, in both
of the systems we received, the wire¬
less antenna wires were routed
through the cooling fins on the CPU
heat sink—not an auspicious way to
string a thin-gauge coax, to say the
least. Sharp bends over sharp edges
not only abrade the insulation, they
also mess with the impedance of the
cable, which can cause RF signal loss
and other nasty problems.
The internal layout problems don't
stop there. The wireless chipset isn't
on the motherboard, but is instead
plugged in via a MiniPCI wireless
card, which sits on a riser card float¬
ing above the motherboard. This
would be a fine arrangement if the
card didn't sit directly above the
CompactFlash card slot and cover it
so completely that it's not possible
to load or unload a CF card without
pulling out the wireless apparatus. If
you're wanting to use a hard drive
instead of a CF card, you're still going
to run into some trouble. The system
includes a handy drive-mounting cage
that will hold your 2.5" IDE drive
almost exactly the right distance from
the controller port for the included
hard drive cable to reach. "Almost" is
the keyword here. The supplied flat
cable had been crimped into a rough
cylinder by a pair of tie-wraps, leav¬
ing no slack in the cable and putting
excess stress on both connectors. This
isn't a good idea, as it introduces
unnecessary failure points in the cable
and connectors.
The unit also includes an XVGA
port that isn't routed to the outside
of the box, which is itself a fairly
defensible decision in something
intended to be a network appliance.
However, there is no pre-scored
punch-out for those who wish to add
a video connection permanently to
their product, perhaps as a real-time
network status display. Note that
only one XVGA cable and one SDK
CD-ROM were supplied for the two
units. This is most likely because this
is an OEM product, and an OEM will
usually need only one of each as
samples and then duplicate them
as needed for production.
Documentation Problems
Particularly vital to a piece of OEM hard¬
ware is good documentation. Here
again, the Teak falls down. There is no
hard-copy documentation, only a CD-
ROM full of text files and PDFs (with no
PDF reader included).
The CD-ROM contains a slew of
documentation for a wide range of
models and is not particularly well orga¬
nized. What's worse, it doesn't actually
include some of the most important
pieces of documentation on, for exam¬
ple, the motherboard, which you're left
to find yourself on-line. Worse yet is
that the documentation supplied for
the Geode chipset is the preliminary
set. The current documentation on
the AMD Web site is at revision 2,
and there are some significant changes
from the preliminary docs. The CD-ROM
itself doesn't have a README file, and
www.linuxjournal.com may 2008 | 39
REVIEW
7
the package the Teak comes in doesn't
have a packing list, so there's no way to
be sure that you've gotten everything
you're supposed to unless, for example,
you bought two or more of them. As an
OEM company, that's not a problem,
because it's something that's generally
covered in the purchase order when the
contract is negotiated, but if you're
ordering a single box to hack for your
own personal project, you're going to
have a hard time figuring out whether
you got everything you were supposed
to. See the sidebar for a packing list I
built based on the two boxes I got for
this review.
Unfortunately, the documentation's
troubles don't end there.
The block diagram—essential for
proper software and embedded system
design—is scanned at a very low reso¬
lution. Hard to read on the included
PDF, it becomes marginally legible
when printed out. The block diagram
itself is incomplete—the Wi-Fi module
isn't included on the generic block dia¬
gram, not to mention there's no indica¬
tion that it's plugged in to the MiniPCI
slot. Neither the block diagram, nor
the other documentation, indicates
the type of Wi-Fi card—we identified it
by looking at the labels on the chipset
and finding the manufacturer details
on the FCC Web site.
There's also the curious matter of
J12, a set of pin connectors on the
motherboard that do something—
what, you may ask? We haven't the
foggiest idea. It may be for the video
capture hardware, or it may be for the
sound chip, or something else. There's
no way to tell—it's not in the docu¬
mentation, and it's not silk screened
on the motherboard.
Information on the BIOS—includ¬
ing any place to download updates—
is also curiously absent from the doc¬
umentation. Meanwhile, on the CD-
ROM, they do supply an audio driver
compatible with the onboard audio
chipset, while the location of the pins
for accessing and wiring up the
speaker/microphone/line-in ports to the
audio hardware is curiously absent from
all documentation. This is understand¬
able, as this is a network security appli¬
ance, not a general-purpose box.
The specs for the box mention a
BIOS ROM upgrade utility, but there's
no sign of it on the SDK CD-ROM.
Teak Packing List
■ SDK CD-ROM full of documentation and drivers.
■ IDE cable.
■ Six feet of Ethernet cable.
■ Power cable and power supply (with proper international safety certs).
■ Two Wi-Fi antennae.
■ 9-pin-to-9-pin RS-232 male-to-male serial interface cable.
■ XVGA monitor cable to plug straight in to the motherboard.
■ Four screws, Phillips, presumably for mounting a hard drive.
And then, there's the GeodeROM
documentation. AMD doesn't make
the GeodeROM available, so why's it
there? Checking the AMD Web site,
we found out that the GeodeROM
documentation is supplied because it
contains useful hints on how to make
the best use of the chipset.
The two boxes we got had an
external label problem as well. The
first box was labeled NSM-3018-1,
while the second box had a label
showing NSM-3018-7. We suspect
this is a printer's error on the second
label, but there's no way to be sure
with what we were provided.
The Ugly Verdict
The ugly truth of the matter is that the
AR Infotek Teak 3018 doesn't know
very well what it's trying to be. The mar¬
keting literature makes it look like it's
designed to compete with the sort of
firewall/switch appliances that you get
at your local computer shop, when in
fact it's an OEM device that is incom¬
plete without a lot of tinkering.
Presumably, it was designed to sell in
large quantities to OEMs and VARs who
will then install the appropriate add-ons
to make it sing right out of the retail
packaging, but if this is the case, the
folks over at AR Infotek need to do a lot
more work on improving their docu¬
mentation and organizing it in a way
that's intelligible. It also could use some
basic niceties like a packing list, a price
guide, environmental specs and a read¬
able block diagram.
On the other hand, it's a hardware
platform that's well suited to hack¬
ers—particularly hackers willing to do
their own legwork and not rely on
their hardware vendor to tell them
what it is they're actually buying. The
possibility of teasing audio and video
capture functionality out of a network
appliance is interesting as well, raising
the prospect of constructing low-end
PVR for capturing content destined
for one's iPod rather than one's TV.
The careful selection of Linux-friendly
hardware throughout and the inclu¬
sion of driver sources on the CD is
another point in its favor for the hob¬
byist. We'd give it a B+ as an OEM
product for network security, mostly
for its inadequate documentation. ■
Dan Sawyer is the founder of ArtisticWhispers Productions
(www.artisticwhispers.com), a small audio/video studio in the
San Francisco Bay Area. He has been an enthusiastic advocate
for free and open-source software since the late 1990s, when
he founded the Blenderwars filmmaking community
(www.blenderwars.com). He currently is the host of “The
Polyschizmatic Reprobates Hour”, a cultural commentary pod¬
cast, and “Sculpting God”, a science-fiction anthology podcast.
Author contact information is available at www.jdsawyer.net.
D.N. Lynx Crowe has been writing software and designing
computer hardware for more than 42 years, mostly in the area
of hard real-time embedded systems. He is cofounder and
CTO of Missing Lynx Systems, Inc., a technology solutions
company specializing in business consulting, system and
product evaluations, and bleeding-edge research and devel¬
opment. He currently resides in the San Francisco Bay Area
with two friends and six formerly feral cats.
40 | may 2008 www.linuxjournal.com
T1 / El PRI
Analog
B R I
Fax
S S 7
Choose Telephony Solutions
Empowered by Sangoma
Because it; must; work
Be empowered by Sangoma. Have your voice and data connectivity solution empowered by Sangoma premium telephony hardware
and become an empowered by Sangoma™ reseller. Please visit partners.sangoma.com/apply. Please enter priority code: LJ0508.
Premium Voice and Data Connectivity Hardware
H SANGOMA
For a list of e m powered by Sangoma Resellers and Solution Partners, visit www.sangoma.com. Sangoma® and e m powered by Sangoma™ are trademarks of Sangoma Technologies.
Bob Frankston _ .
We Ma& n for e C&r$eEv
Tech
pioneer Bob
Frankston
makes the
case for
liberating
networking
from
telephone
and cable
companies.
DOC SEARLS
TELECOM AND THE INTERNET have always been strange bedfellows.
On the one hand, we have an industry that's been around for 171 years
or more (dating from the first commercial telegraph), and on the other,
we have something new with an "end-to-end" model that doesn't
require telecom at all to do what it does.
Yet to most of us, Internet access is gravy on top of telephone and
television service—part of a bundle that telcos and cablecos call a triple
play. Never mind that telephony and video are all made up of the same
bits. The carriers want us to think only in terms of familiar and expensive
services such as television.
In fact, these models are so highly familiar to our minds that we can hardly
think of a world without them. Bob Frankston, however, insists that we should.
Best known as the co-inventor (with Dan Bricklin) of the first electronic
spreadsheet (VisiCalc) and as a prime mover behind home networking during
his employ at Microsoft in the 1990s, Bob is presently putting his energies
into urging us to see past telecom completely—and to start communicating
for ourselves, in our own ways, free of telecom's proprietary confines.
In a way, Bob is playing the same role for connectivity that Richard M.
Stallman started playing for software when he insisted that it be free. Like RMS,
Bob comes from free-as-in-freedom rather than free-as-in-beer. Fie wants us to
be free from forced dependency on big companies and big governments that
put us in silos and tell us how to connect and communicate with one another.
And, he wants us to be free from the thinking that has us accepting telecom as
a way to frame the Internet and everything we do with it.
Unlike RMS, however, Bob has no dogma, no manifesto, no canon.
His thinking is too protean and broad for that. Instead, he writes and
talks with energy as boundless as the possibilities he wishes to liberate
by leaving telecom behind.
Which is why we're here. I think what Bob says about telecom is of
founding importance to the future of the Net.
The interview that follows was conducted in January and February
2008, and is a tiny fraction of the total words exchanged. Here's
hoping our severe editing will not fail to keep Bob from opening your
minds to the possibilities of Life Beyond Telecom.
42 | may 2008 www.linuxjournal.com
FEATURE Beyond Telecom
DS: You like to talk about connectivity
rather than communications. Why is that?
BF: Connectivity is about relationships,
while communications is what we do
with those relationships. The power of
today's Internet comes from letting us
focus on the relations and our ability to
communicate rather than the twisting
passages through telecom's maze of
copper, fiber and radios.
The networks in our homes are a good
example. You "just" print without worry
about negotiating for the printing provider.
DS: So the Internet should be a big
home network?
BF: Yes, but we need to be careful since
the network emerges out of our net¬
working. Copper and radios are just a
means we use. It's like the difference
between driving and buying a ride from a
railroad. We should have infrastructure
rather than a choice of whose services we
must purchase. DIY must be an option!
DS: Why the railroad analogy?
BF: Because we're still thinking in
railroad terms. The FCC (Federal
Communications Commission) was partly
an outgrowth of the ICC (Interstate
Commerce Commission), which regulat¬
ed railroads. Given the opportunity—
which they were—railroad owners
became infamous robber barons. Flow
different is that from today when phone
companies charge you for the contents
of your freight cars, rather than just for
using the track? Take SMS, for example.
It's just data—a small number of bits
using idle capacity. Yet an SMS bit costs
millions of times more than a video bit.
They can charge that because, like
the railroad barons, they use their control
of the infrastructure to force us to buy
vintage services at arbitrary prices. These
are phone and cable companies with rail¬
road legacies. Not Internet companies.
The importance of the Internet lies in
the dynamic process by which a very sim¬
ple design decision made in the 1970s
has become the defining infrastructure
for the world. It's what happens when
you give billions of people the opportunity
to create their own solutions and share
them. The infrastructure of telecom is not
the infrastructure of networking. We
must not confuse the two. The infrastruc¬
ture of telecom is about billing for scarcity.
The infrastructure of networking is DIY
and connecting anything to anything.
DS: JP Rangaswami of British Telecom
(disclosure: I consult BT on open-source
strategy) says the core competence of
telcos is billing.
BF: That's true. And it's their core cost
as well. When the infrastructure was
expensive, it made sense to account for
each use of wires and switches. Today,
those costs have vanished. Remember
that the reason we pay for redundant
broadband paths is to keep the bits in
billable channels. Even on "TV" we still
divide the "dial" into "channels" or
dedicated frequency bands—a legacy of
analog signaling.
DS: And, why even bother with push¬
ing dozens to hundreds of streams
down a "pipe"—because that's what
we call it now—when the user is watch¬
ing only one at a time, and in most
cases, it's not even a live program?
BF: Yes! In fact, none of this analog
baggage is necessary with digital signal¬
ing. Even the distinction between wired
and wireless bits no longer makes
sense. Why do we need megawatts to
shout a signal over a distance from the
tops of towers and mountains, when a
few milliwatts in your living room or a
street lamp can connect you to the
whole Internet?
Signaling on single frequencies is a
legacy from the early days of radio. You
had to be careful to avoid stepping on
others' signals. 802.11 puts the respon¬
sibility on the receiver and thus encourages
innovation rather than caution. Why do
we still use a system that requires a
license to transmit? It's as if we weren't
allowed to own anything blue because
that color was taken.
DS: So, what do we really need, if we
don't need telecom?
BF: We need surprisingly little—just the
means to do our own networking using
our community's copper, fiber and
radios. We first connect with our
neighborhood and interconnect neigh¬
borhoods. We don't "access" a far-off
Internet. We internetwork.
DS: I think the shift you're looking for
has a good model with construction.
That industry was born in 1833, when
Augustine Taylor built St. Mary's Church
in Chicago. Taylor was the first to use
what we now call 2x4s, 2x6s, studs and
joists. He did it cheap and with amateur
volunteer carpenters. It caught on.
Suddenly just about anybody could frame
and build anything. Old-time builders
called it balloon construction, because
they thought it would blow away. But it
didn't. Instead it revolutionized construc¬
tion by letting anybody build anything
cheap. If you want to build Tudor, or
Prairie, or an office or a cabin, you frame
it up. As a result, construction is perhaps
the largest industry in the world today.
And, nobody "owns" it. So, what are the
equivalents of 2x4s here?
BF: In telecom, we already have it—bits
(or packets). We can run bits over any
physical (or virtual) transport and inter¬
pret them as we wish. So we can take
copper, fiber and radios (CFR) and just
treat them as interchangeable bit paths.
Accountants have a term for this—
fungible. You don't have to maintain
the identity of each kernel of corn—you
just count them. Bits are bits. Telecom is
about monetizing the path, but if bits
are fungible, the paths are no longer
special—it's like rangeland versus small
plots of land.
DS: It's hard to give up the idea of
a network.
BF: We've already done that. Back in
the 1980s, UUCP (Unix-to-Unix Copy)
was a good example of networking
without a network—just cooperating
computers calling each other. As with
the Internet, it was a learning experi¬
ence. Today we can do a far better job
of networking if we aren't confined to
broadband pipes. But the telcos are
hooked on that confinement—and pro¬
viding it as a set of "services". But, it's a
losing proposition. By holding on to that
model, they'll fail. They're like a monkey
with its hand in a jar, unable to let go,
even though that's the only way they'll
become free.
DS: Haven't they made some progress?
BF: Not enough to save them. Or us.
Today they know that abundance creat¬
ed by fungible bits is their enemy, and
it's only a matter of time before they
lose control. Too bad we focus on fixing
the symptoms—for example, by trying
to bolt neutrality onto the artificial FCC
Regulatorium. Instead, we should recog¬
nize the problem is one created by reg¬
ulations themselves—a product of the
1930s depression era. The technology
and fears of those times make no sense
44 | may 2008 www.linuxjournal.com
these days. Yet we still accept that static
solution instead of what I call the
opportunity dynamic.
DS: What is the opportunity dynamic?
BF: We get Moore's Law-type hyper¬
growth by taking advantage of opportuni¬
ties rather than allowing only narrow solu¬
tions. The dynamic has worked so well
that today, even the carriers can't afford
their own network. They too are using
IP but insist on billing us as if they had
special gear for everything. It's as if we
had to put a 41-cent stamp on e-mail.
If we are dependent upon the
phone company meeting performance
requirements, we pay a high price for
our dependency. With the Internet, we
discover what we can do with what is
available. Even better, thanks to soft¬
ware, we can easily share the results
with others. At first, you couldn't make
phone calls over the Internet, but you
could send e-mail. Finding value in what
we had drove a dynamic till today we
have an ocean of bits, and voice "just
works" thanks to statistics. It's not
magic but a simple dynamic with
demand actually creating supply,
because we are taking advantage of
available opportunities.
DS: Is this, then, "Frankston's Law"?
BF: Yes, "Marketplaces that provide
opportunity rather than just solutions
allow demand to create supply." It's a
generalization of Moore's Law. The bot¬
tom-line question is, "Why must everyone
have to justify new ideas to a telephone
company or, for that matter, to any inter¬
mediary?" The power of the end-to-end
argument is that we can create solutions
without depending on intermediaries.
DS: What other ideas must we purge
from our minds?
BF: One is that infrastructure has to
be expensive and owned by service
providers. That's why we can never
finish paying for it. The actual cost of
copper, fiber and radios is far less than
something as mundane as sidewalks.
Imagine if sidewalks were a service.
There are so many ways to redefine
problems and come up with solutions
that are far more valuable—even if we
never solve the original problem. Who
needs to make sure video signals arrive
within a few milliseconds when we can
buffer them and provide far higher quality
than would be permitted by streaming?
"Phone wire" carries just one phone
call, but if you look at the physics of
sending signals over copper, you'll realize
that we've barely tapped the potential
capacity. For example, we don't need to
think of them as isolated "pairs".
DS: We've seen this proven by the
Internet, which was not created by
telecom, even though we took advan¬
tage of telecom's copper and circuits.
BF: Yes, but we're still being timid,
because we're still using the prototype
Internet, which still has legacy limitations. I
think of it as a class project done by friends
and colleagues. For me, it was exactly that.
It's a nice demo, but still only a demo.
www.linuxjournal.com may 2008 | 45
FEATURE Beyond Telecom
DS: If it's a demo, what's it demonstrating?
BF: The power of the end-to-end con¬
straint, of not depending on favors from
a service provider. Of course, this breaks
the fundamental presumption of the
Regulatorium: that everything must be
a billable service.
Where we are now is like the con¬
tainer shipping business, back when it
was starting to happen. The old ship¬
ping companies opposed it, but they
didn't own the ocean. Now look at how
much less shipping costs today.
In The Box: How the Shipping
Container Made the World Smaller
and the World Economy Bigger, Marc
Levinson notes that the incumbent
shipping companies were unable to
control the ocean and prevent container
shipping from happening.
Yet, the telcos have managed the
amazing feat of controlling the ocean of
bits. The problems with single frequency
signals that I spoke about earlier provide
a reason to take the limitless potential
of wireless communication and lock it
into fictional channels! Amazing!
This is perhaps the central issue: each
of these bad decisions creates stakeholders
who want to hold on to their own no
matter what the harm done to society.
few million to fund connectivity in Silicon
Valley. That would drive the dynamic.
The idea of owning the transport
reminds me of the days when roads
were privately owned and you had men
with pikes collecting tolls. We've long
since recognized that value in the roads,
as with networks, is in what we do with
them and not in the roads (or networks)
themselves. But the legacy lives on in
the word turnpike.
DS: What about municipal Wi-Fi?
BF: The idea is laudable, but all too
often muni Wi-Fi is in the mold of
another telco system. If we opened up
access points, it would be a non-issue,
and then we could discover what to do
with what we already have!
DS: Let's talk about history. You've
been around since the early days of
both Multics and UNIX.
BF: Yes. In fact, UNIX came out of the
Multics Project. Although Multics
defined much of what we think of as
computing today, it was captive to
Honeywell's business model, which kept
it far more expensive than it should
have been. UNIX was inexpensive and,
thus, gave users a chance to experiment
hack—it was adequate for a prototype
even though it created a dependency.
Housekeeping was a problem, so the DNS
was created to provide stable identifiers,
only to fail because you don't even own
your name—your Iname. You lease it.
Too bad we continue to try to shore
up the scaffolding. IPv6, for example,
focuses on the network, not on our
ability to do networking ourselves.
The 32-bit IP address was shim in
the days when computers seemed
immobile. The DNS was created to
provide stable identifiers but failed. You
can only lease your "identity"!
We deliver physical mail to addresses.
Even the Post Office is smarter than that.
They know the address is a hint, but the
destination is a person.
The Internet ain't bad for a demo
but far from what is possible if we take
full control from the end.
DS: You've been accused of trying to
destroy all of telecom—or at least of
disrupting it severely. Isn't that where
you're headed here?
BF: Disruption is a consequence and
not a goal. For the most part, you want
to get the benefit of community.
Modems are an interesting example,
“IF WE FOCUS ON CONNECTIVITY FIRST,
SPEED WILL COME.”
DS: Seems to me that Google gets the
abundance side of the Net, today, no?
BF: Not entirely true. It does benefit
from being the largest ship on a rising
sea (perhaps an uncomfortable metaphor
these days). Its advertising revenue model
decouples it from the particulars of tech¬
nology and the network. But, it seems to
want to tether users to its service plat¬
forms. After all, an advertiser depends on
delivering customers to buyers.
Decoupling is important. This is why at
Microsoft I made sure that home network¬
ing was available as a technology rather
than being treated as a profit center. It's
valuable because of what it enables.
DS: What should Google do then?
BF: Why not give away 100,000,000
open access points instead of spending
billions on the 700MHz spectrum auction?
It would cost less and benefit us all. Or,
simply announce it is going to spend a
with owning their own systems.
PCs took this a step further. I even
dispensed with operating systems when
they got in the way. For a while, even
UNIX was too much like an old-style
mainframe. Things are different today—
there is far more computing power, so
we can afford to have operating systems.
The demos have driven the dynamic.
That's what happened with early UNIX
and the Internet. Imagine if we didn't
hobble ourselves with the presumption
of scarcity. And, if we focused less on
patching up today's demo and more on
taking advantage of connectivity.
DS: Explain.
BF: In order to build something that
worked using 1970s and 1980s technolo¬
gy, we put in some scaffolding—today's
Internet backbone. Today, we've confused
this scaffolding with essential infrastruc¬
ture. The 32-bit IP address was a clever
because they were accused at the time
of destroying the phone network by
tying up all that gear. But the bad
behavior drove a dynamic. It turns out
the problem was not in trying to send
the data, but in a network that tied up
resources even if you were sending only
a few bits. If it weren't for the common
carriage laws (inherited from railroads),
they could've banned modems—we'd
have never known about the Internet.
The carriers actually had a digital
alternative, ISDN, but it was too tied to
their business model—meaning they
charged too much for it. They used it to
bring back per-minute charging—you
paid even when idle! Analog telephony
was "worse", but due to an accident of
history, analog phone service didn't
have the meter running, which meant
we could stay on-line using dial-up! This
shows how it is not about technology
but how we think about opportunities.
46 | may 2008 www.linuxjournal.com
Today, we are enamored with broad¬
band—the new ISDN. And, like ISDN, it
is technically better. But, like ISDN, it's
fatally tied to a business model that is in
inherent conflict with providing abun¬
dance. It allowed us to innovate past
the telcos, and for that reason, it was
far better. Today, broadband plays the
same role that ISDN did.
The irony is that here too the copper
wires provide a very cost-effective alterna¬
tive. If we focus on connectivity first,
speed will come. DSL (the technology, not
the service) is just a faster modem and
can drive the dynamic. And, if we don't
care about controlling the path, we can
use 802.11 to provide essentially 100%
coverage with existing access points!
Why not repeat history and first light
up existing copper at modest speeds
and modest cost and complement it
with open access points? That will drive
the dynamic while broadband is a dead
fish trying to swim.
DS: So here's the pushback. For most
people, the entire frame of reference is
the devil we know. The Internet is bun¬
dled by the carriers with phone and
television, as just another service. And
this is seen as a Good Thing. Why are
you looking to solve a problem most
people don't think they have?
BF: I'm reminded of when Ben Franklin
was visiting the Court of King George
and realized there was no middle
ground between American indepen¬
dence and British rule.
We're not bargaining. We're refram¬
ing the problem. Bear in mind what
Henry Ford said. If he'd asked customers
what they wanted, they'd say, "faster
horses". VisiCalc happened because we
took advantage of an opportunity. It was¬
n't that we set out to change the world.
That was an accident. Who could have
guessed? And no one even asked for it.
DS: Speaking of opportunity, most of our
readers are exactly the kind of people
who aren't happy being slaves, and who
might not want just faster horses. These
are the folks who should want to take
advantage of your opportunity dynamic.
BF: That's good. Now you need to
remember that it takes many people try¬
ing many ideas to get something that
changes everything. What can you do
with the bits you have? I'm sure a lot of
readers are already reprogramming their
Resources
( 3
1 Techno
Technologies
309.34.CUBED
shoprcubedcom
access points, which are typically open-
source Linux boxes.
DS: Count on it.
BF: Then it's clear how the value is in
how we use the network and not the net¬
work in itself. The network itself is a cost
center. Why would carriers want that bur¬
den if they can't use it to force us to buy
services? They are in a trap. If they give us
capacity, we won't need to pay for ser¬
vices. If the bits are fungible, they can't bill
us for them. They need to escape the
Regulatorium rather than hope they can
retire before it all comes to a head.
So, rather than thinking of networks,
we must think of common infrastructure
paid for as such—it will cost less than
nothing because we already have so
much and haven't even taken advantage
of what is already there. Why do cities
even have phone bills or separate sys¬
tems for each service?
Think of the savings if cities used
this common infrastructure instead of
separate ones for each purpose.
Ultimately, I see replay of divestiture.
But if the issue is forced, they can
change. It would be fair for them to cut
a deal with the FCC to get some money
for their shareholders. After all, the FCC
put them in an untenable situation.
DS: Who, then, should own the
physical infrastructure?
BF: The physical infrastructure needs to
be owned and operated locally, like
roads and sidewalks. The longer we
wait, the more jarring the correction.■
Doc Searls is Senior Editor of Linux Journal. He is also a
Visiting Scholar at the University of California at Santa
Barbara and a Fellow with the Berkman Center for Internet
and Society at Harvard University.
VON Railroads: www.frankston.com/
?name=VONRailroads
Sidewalks: Paying by the stroll:
www.frankston.com/public/
?name=sidewalks
Writings Archive:
frankston.com/public/?
SATN.org Blog (with David Reed):
www.satn.org
DON'T BE SQUARE!
GET CUBED!
Starting at $899
Linux Laptops
Starting at $799
Linux Servers
Linux Desktops
Starting at $375
PODCAST
RECORDING
SHOOTOUT
So many VoIP programs, so little
time. What’s a podcaster to do?
DAN
SAWYER
48 | may 2008 www.linuxjournal.com
IMAGES: © CRNLARAPIN (GLOBE/HEADPHONES) & © NADEJDA TEBENKOVA (MICROPHONE) | AGENCY: DREAMSTIME.COM
D o you have a podcast? Okay, dumb
question. Of course you do—podcasting
is the blogging of tomorrow. It's quick,
it's easy, it's not tied to a computer
screen, and your audience members can take you
with them anywhere on their iPod-ish devices.
Best of all, you don't have to worry about actually
learning to spell in order to inflict your opinions
on others. So long as you can speak clearly and
have fun doing it, you too can have a podcast.
So who wouldn't want to do it?
I mean, you have an opinion you want to express, right?
Or you have a story you want to tell. Or you simply have a
desire to see what will happen if you gradually fade the vol¬
ume out on your podcast until it's near zero, encouraging your
listeners to turn their headphones up, before you blast them
with a channel-saturating guitar riff to wake them up. The
point is, you have a podcast, or you want one.
One thing you begin to notice when you get into podcast¬
ing is that listening to your own voice is boring—really boring.
It's cathartic to rant into a microphone for half an hour and
then put it on iTunes for the world to hear, but after a while,
it's really nice to have listeners call in, or have guests, or pick
up a cohost in another state.
How can you do it? Telephony, naturally.
Now, I must emphasize that not just any telephony client
will work. Ekiga and Skype are not created equal. Neither are
Gizmo and Twinkie. That doesn't mean they aren't all good for
something, but good for something isn't the issue here. We
need good for podcasting, which is a whole other spool of
fiber-optic cable.
In my podcasting and production career, I've run into a lot of
remote conferencing, and I've found that pretty much any remote
conferencing is done for one reason: you can't get the talent into
your recording studio (humble as it may be).
Why this can happen is a bit of another matter. For one of
my podcasts. The Polyschizmatic Reprobates Hour (don't ask),
my sometime-cohost lives halfway across the country, and to
have any kind of intelligible real-time conversation, we needed
a good telephony setup. This went double for when we
-\
A NOTE ON PRODUCTION
Your podcast will sound only as good as the production
technique. Good equipment is important, and good
doesn't always mean most expensive. More important is
good engineering—proper EQ and compressor settings,
a low noise floor and proper mic technique will make or
break your production sound. The software you use is a
small component in the podcasting battle. Production
and publicity are the other two parts of the holy trinity.
If you want to survive in the new media world, get to
know them all.
needed to bring in guests for interviews. The basic require¬
ments list is as follows:
1. Good sound quality: this show is already going to be
compressed to MP3; we don't want to start off with
crappy sound in the first place.
2. Ease of installation: most people still are fairly technophobic
or tech-ignorant, and most people still run Windows. That
means whatever telephony software you're using for your
podcast conferencing, it has to be one that you can get
guests up on in a few minutes. Longer or more trouble¬
some than that, and you're going to hear the words of
death: "Maybe we should do this another time."
3. Ease of dial-out/dial-in: sometimes, your guests just aren't
going to be able to get on your VoIP network, and when that
happens, you have to call them on a phone. In that case, you
want the experience to go quickly and smoothly—there's
nothing worse for your street cred than making a guest, who
has carved out an hour for you, wait by the phone. Chances
are you'll need to do this at some point. When you do, will it
be quick and painless? Will the price be right?
4. Ease of recording: of course, the best-sounding protocols
System on Module
Internet Appliance Engine
So M -9260
* A too cl AIMSZBflMhi C PI jIf I
“ 6 Serial p f | L
* Up !o6fi Digital GPIOs
* 10 1 m Basel Ethernet | . 1
* SDDIMM Bus Expansion - | J | | “
* 55C/I2S Audio Interface "
* Linux wilti Eclipse IDE J
* Real Time Cluck Calendar __
* SD. MMC Flash Card Interface
* Up to £4 MB Flash A 120 MS 0AM All
* 2 USB 2.0 Host Ports A 1 Device Port
* 4 1 0-Bit A/Ds A 6 IG-Bit Trmer-Xounters ■
* Small, 144 pin SDDIMM form factor (2.61*11,5") 2.E Kernel
4 Optional Carrier.Socket Board A Power Supply Available
T he SoM-9260 uses the same small SGDIMM farm-factor utilized by other
EMAC SoM modules, and is tie ideal processor engine for your mx t design.
Ail of the ARMS processor core is included on this tiny board including: Flash,
Memory, Serial Ports, Ethernet, !2SAudio interface. PWMs.Tmer/Counters.A/D,
digital I/O lines. Clock/Calendar, and more. Like other modules in EM AC's SoM
product line, ihe SoM-9260 is designed to plug info a custom or off-the-shelf
Carrier board containing all the connectors and any additional I/O components
that may be required. The SoM approach provides the flexibility of a fully
customized product atag«a% reduced cost. Single unit pricing starts at Si 50.
20 MS RAM
1 1 Device Perl
Bit Timer/Cfiuitteirafl
M term lacier 12.61*11.5-)
Since t9H5
■» clil inc.
YEARS OF
Equipment Monitor And Control
Phone: ( 616) 5294625 * Fax: (51&) 457-0110 > Web: www.emacinc.com
www.linuxjournal.com may 2008 | 49
FEATURE Podcast Recording Shootout
on the slickest software in the world aren't going to get
you anywhere if you can't record your conversations,
and on this score, VoIP software is justly infamous.
Because of the way most conference calls grab your
sound ins and outs, it often kills the hardware duplexing
your otherwise bright-and-shiny ALSA drivers usually
support. But, a lot of people podcast over telephony,
so there has to be a way.
5. Carts: this is something from the old days when those
of us who took broadcasting training at college radio
stations actually had to juggle tapes. A cart was a tape
cartridge on a continuous loop that contained station
ID, sound effects, music beds or anything else we wanted
to punch in to the broadcast. Nowadays with podcast¬
ing, most people just lay this stuff down in the final mix,
but sometimes it's nice to be able to play things while
the show is being recorded—sound effects, quotes from
sources upon which you're commenting and so on. This
is one of those nice-to-have-but-not-essential features,
which does make life a lot easier.
Now, looking back over that list, the vast field of SIP
clients narrows substantially. Instead of a couple dozen
to pick from, there are only two that will fit the bill, and
neither of them are open source.
SUBSCRIBE TODAY!
-\
WHITHER 64?
Neither Skype nor Gizmo offers anything in the way of
64-bit versions for Linux, even though there are user com¬
plaints and pleadings about this dating back to May 2005
on both companies' support forums on exactly this topic.
Skype recently has introduced a 64-bit Vista client, but Mac
and Linux 64-bit clients are, as yet, nothing more than a
pleasant adolescent fantasy for the lonely off-platform user.
Gizmo, meanwhile, is 32-bits all through.
Both install and run on 64-bit distros, with a little bit of
a headache making sure they've got the right 32-bit libs
to call in and with setting up the chroot environment.
It's a stopgap that works okay, but it ain't pretty, and in
a time when 32-bit desktop and laptop processors are
being end-of-lifed by hardware manufacturers, this
situation really is irritating.
Skype vs. Gizmo
The two main contenders that are suitable for workhorse pod¬
cast use are Skype and Gizmo. Both are very easy to download
and install. Both offer comparable rates on calls coming in
from the phone network and going out again, both nationally
and internationally (though Gizmo has a slight edge in this
respect). Both are user-friendly and easy to get potential guests
set up on so they can be on your show.
They both are usable. They both are workable. They
both run quite well on Linux, Windows and Mac OS. Their
feature sets are comparable in many respects. But, they are
not the same.
The Technical Lowdown
Skype, now the prized stepchild of the eBay corporation,
runs on a proprietary peer-to-peer networking back end
that co-opts the user's system resources to route calls, up
to the maximum of what it can grab that's not being used
by other systems. This is comparable to how BitTorrent
works, though unlike with BitTorrent, users have no control
over how much in the way of bandwidth or system
resources they want to allocate to the task. The practical
upshot for this where performance is concerned is curiously
double-edged. At the beginning of a Skype call, the con¬
nection typically is loud and clear, the mix is well propor¬
tioned, and the compression artifacts are very difficult to
hear (and, if you're good with EQs, you can pretty much
notch out the most obvious ones). However, as a call pro¬
gresses, more of your personal bandwidth gets allocated to
other network calls, and the quality of the audio gradually
degrades. At low traffic times, this effect is barely notice¬
able, but at high traffic times, you may find yourself hav¬
ing to restart the call every 10-1 5 minutes as the quality
falls below what you find acceptable (or intelligible).
Its networking setup isn't the only thing that's proprietary—
it's also a closed system. Skype's network can't be dialed
in to directly from any other voice-conferencing network.
50 | may 2008 www.linuxjournal.com
The standards are closed, and they're black-boxed.
Although this isn't a problem that's directly relevant to
podcasting, if you're looking for a general first-line VoIP
package, it's something you'll want to keep in mind. Skype
is like Vegas: what happens there, stays there—well,
assuming its encryption algorithms are robust.
Gizmo, a service and application owned by SIPphone, Inc.,
has a somewhat different approach. Although the software
itself is proprietary, it uses the open SIP protocol for its trans¬
port across the Net, and calls are routed directly over the
SIPphone network between the individual call participants,
rather than being routed through a peer-to-peer network.
Because it uses SIP and Jabber, it can hook up with any soft¬
ware using either of these protocols fairly transparently.
Gizmo uses TLS and SSL encryption to discourage eaves¬
dropping—open technologies whose strengths and limitations
are well known. The corporate culture is deliberately geared
toward transparency rather than toward opacity, which is an
operating philosophy that warms the cockles of this Linux
geek's heart. However, when it comes to encryption, Gizmo
also loses a point, as it does not encrypt between Gizmo and
non-Gizmo SIP clients.
The sound quality on Gizmo follows a different curve
from Skype. Because Gizmo routes over the SIP network
instead of through a peer-to-peer setup, it is more subject to
the fickle winds of fate. When Net traffic is up, Gizmo calls
tend to decay. When it's down, they do better. However,
Gizmo does not progressively degrade performance over the
course of a call or take your bandwidth for allocating to
other calls on the network.
In terms of actual performance, the sound quality is usually
a wash, but Gizmo consistently sounded better the times I've
used it for multiparty conferences than has Skype, particularly
on extra long calls.
Recording the Podcast
So, you've got your guest on the line, your cohost on the
other line, and all three of you are happily chatting it up in
the conference. The podcast is off to a great start—if you
can manage to record it correctly. Sometimes, this isn't as
easy as it looks.
Skype is notoriously difficult in this area. Although the latest
version works on ALSA instead of OSS, on many distros it still
doesn't always play nice. It doesn't work well with the Windows
or Mac sound systems, either. With full duplex sound hardware,
this should be a no-brainer, right? Simply dump the DSP to
a file in parallel with running the conference. Alas, some
programs want to be front and center, end of story. Skype
is one of them. In order to record a Skype call, you have to
do one of two things:
1. Hijack the DSP with a middleware layer. There are a number of
SMALL, EFFICIENT COMPUTERS WITH PRE-INSTALLED UBUNTU.
GS-L08 Fanless Pico-ITX System
Ultra-Compact, Full-Featured Computer
Excellent for Industrial Applications
3677 Intel Core 2 Duo Mobile System
Range of Intel-Based Mainboards Available
Excellent for Mobile & Desktop Computing
DISCOVERTHE ADVANTAGE OF MINI-ITX,
Selecting a complete, dedicated platform from us is simple: Pre¬
configured systems perfect for both business &c desktop use, Linux
development services, and a wealth of online resources.
m
ubuntu
provider
LOGIC
SUPPLY
www.logicsupply.com
FEATURE Podcast Recording Shootout
packages that'll do this—for a fee—on Windows and Mac. On
Linux, I've only ever found one solution that works, and it's a
kludge. Twisted Little GNOME has cleverly cobbled together
LAME, OggEnc, SoX, Vsound and Skype in an elaborate (though
very dependable) script, available at sourceforge.net/project/
showfiles.php?groupjd=146056&package_id=160795&releas
e_id=358917. Unfortunately, this script is not well maintained
and tends to break when Skype upgrades. Worse still, this is
the only hijacking option that I've been able to find for Linux.
The other method of recording Skype calls is suitable only
for audio engineers and people that like playing around
with too many cables.
2. The two-computer mixdown: there are a few permuta¬
tions of this, but basically, you'll need two computers—
one to conduct the call (Box A) and the other to record it
(Box B). To do the recording, you either split your mic
into two channels before it hits Box A, and split the
speaker out after it leaves Box A, and run them both to
Box B as left and right channels. The other option works
only if you're running a mixing board: route your mic
input to both Mains and Subs, and plug the Box A out¬
put in to the board as a Subs-only source, then send the
Subs to Box B for recording (if you're not following this,
don't worry—just be glad you're not an audio engineer).
Either way, if you intend to record a Skype call, be prepared
to put up with a bit of misery.
Gizmo, by contrast, has a recording tap built in to the pro¬
gram, and when you press Record, it announces to all parties
on the call that the call is being recorded. Thus, not only is
recording the call painless, it also covers your backside legally
(see the Legal Issues sidebar).
Carts and Extras
When it comes to live carts, on Skype, you're out of luck. Without
third-party plugins, there isn't a thing you can do with Skype to
make it play nice with other sound apps on the computer, and not
a lot of those plugins are available for Linux.
With Gizmo, on the other hand, you have options. Gizmo
comes with a cart interface where you can preload ten sound
FX for playing at the touch of a button. You also can route
XMMS through Gizmo and play your carts from there, if you
need a longer playlist.
Skype and Gizmo also offer varying sets of extras to entice
customers. Both have integrated text chat—a very useful
/-\
LEGAL ISSUES
It is a felony in many states to record a phone conversa¬
tion without the other party's knowledge or permission.
If you're dialing out to a phone network, or your guests
are dialing in from the phone network, always be sure
you get your guests on record acknowledging that they
know they're being recorded, and keep those records.
It's a good idea to get these records for straight VoIP
calls too, as the law will doubtlessly be extended to VoIP
networks at some point in the future.
feature for prepping your guests for their next question or
conspiring with your cohost behind your guests' backs. Both
have integrated file transfer—handy for sending outlines or
PowerPoint slides to discuss.
Skype's two big standout extras are one-click video confer¬
encing (even under Linux), which can double as a whiteboard¬
ing system and extremely easy-to-set-up conference calls.
Gizmo's conference call system, by contrast, can be a
bit twitchy, particularly when trying to bring in someone
from an external phone network. On the other hand, with
Gizmo, you get free voice mail, which is lovely for handling
show feedback. On Skype, voice mail comes only with a
subscription to Skype Pro.
Conclusion
Of the two, on technical merits, Gizmo is the clear victor
over most of the field. Happily, it's also the winner on
cultural merits. However, Skype is used more widely, and
potential guests are more likely to be familiar with it. The
different network architectures of the two services gives an
odd kind of redundancy—often, when one's sound quality
stinks, the other's works gloriously. My advice: keep them
both around. But, when it comes time to buy call-out
credits or to get a call-in number, stick with Gizmo.■
Dan Sawyer is the founder of ArtisticWhispers Productions (www.artisticwhispers.com), a small
audio/video studio in the San Francisco Bay Area. He has been an enthusiastic advocate for free
and open-source software since the late 1990s, when he founded the Blenderwars filmmaking
community (www.blenderwars.com). He currently is the host of “The Polyschizmatic Reprobates
Hour”, a cultural commentary podcast, and “Sculpting God”, a science-fiction anthology podcast.
Author contact information is available at www.jdsawyer.net.
Check to See If Your ssh Key Is Loaded
TECH TIP
If you use ssh-agent and have scripts that use commands,
such as ssh or scp, that need your ssh key, you may have
had the experience of running your script only to discover
that you never ran ssh-add to add your key to ssh-agent.
So, you type the passphrase once to run the script, and
then you have to run ssh-add afterward and type it again
to add it to ssh-agent.
To avoid this, add a check to the top of your script to
see whether your key is loaded. If not, load it, and avoid
having to run ssh-add afterward:
if ! ssh-add -L | grep --silent 1 A,ssh/id_.sa'; then
ssh-add
fi
The -L option of ssh-add shows what keys are added, its out¬
put is piped to grep to check to see whether your key is loaded.
If it's not, ssh-add is invoked to add your key. —much frazier
52 | may 2008 www.linuxjournal.com
Cost Effective 1U Servers
designed for Data Centers
with Customized Programs
from ZT Systems
zt
Systems
i«
Your data center hardware
requirements are growing every day.
With ZT Systems, you get validated, high-quality servers featuring
the Quad-Core Intel® Xeon® processor 5400 Series for maximum
performance and efficiency - but that’s only part of the solution, ZT
Systems now offers customizable programs designed to enable the
ultimate in value and ease of implementation for organizations
operating infrastructurescaie data centers.
ZT Systems llOIRi
1U Rack Server
Affordable Single-Socket Solution
Starting at Only
$ 999
mioiR^ea-cooooi
■ {^ipd-Core Intel® Xeon® Processor X3220
<2.4M3.eM,lJDeSM'Hz)
■ 2G0 DDR? fK)0 Unbuffered 50RAM
* Inle* 1 3200 Server Chipset
* [2) 320GB WAU 32MB
Hotewap Herd Drtves
- -Supports RAID 0,1J&,10 IO0D
■ fl) Intel* Gigabrt Ethernet CkJAnoctlon
* 400W hugh-eff lciency power supply
* Red Hat® Enterprise Unux# 5
■ Supports anter* System
Manetgsmerc Scriiware 2.0
■ 3 Yfear Limited warranty and
24x7 Telephone support
ZT Systems 1202RI
1U Rack Server
Duai-socfcet Data Center Server
Starting at Only
$ 1499
TT11202\&^C00OQ2
* Quadf-OofefolelftXflon® Prac^sof R5335
U.86G.BM.IQ66MH2)
* 4GB DDR2 FB^DIMM ECC SDRAM
* Intel* 5000 Server Chipset
* (4) 5DQGB SATAH 32MB
Hatswnp Hard Drives
* Supports up to 4 SATA Drives
& BAUD 0.1.5.10 mO
* (2] Intel® S2553EBGi#ibrt Ethernet Parte
* 4MW high-fftficpancy power supply
* Fted Hal® Enterprise Linux® 5
* Supports Intel* System
Management Software 2,0
- 3 HfeBf Limited Warranty and
24x7 Telephone support
ZT Systems 1203Ri
1U Rack Server
Dua/-soctet server with 6 hard drives
Starting at Only
$ 1799
ZT1203Ri-84'O00G0i3
- (2] Quad Core Intel® teem® Processor X54QS
12 QG.12M.1333MHz)
* 2GB DDR2 B57MHj -ECC/Regislened SDRAM
- Intel 4 5100 Server Chipset
* (4) 120GB 2.5" SATA M&tewaq Hard Ckiras
* Support up tc6 (2,5") SATA
Drives & RAID 0.1,5.10 JDBD
* (21 fotel* B2573 Gigabit Ethernet Port
* 5O0Wh^effic*ency power supply
* Rad Hal® Enterprise Linux® 5
* Supports Inlat* System
Management Software 2.0
* 3’ifesr Limited Warranty
arid 24x7 Telephone support
ZT Systems 1201T1
1U Twin Node Server
Hjgfi ctenstfy wth two server nodes in IV
Starting at Only
$ 2299
ZT12CHTi-34^00004
■ Single Qj0dCrafotie*»»eoi^
(2G. 12M, 1333MHz) per rode
* 2GB DCR2 6G7MHz ECC/REG. SDRAM per node
- Intel* 5100 server Chip&et
* Sriigte 320GB SATfiJI 32MB Hotswao
Hate Dm* per node
■ Supports-upto 2 Hate Drives
per node RAID 0,1,5.10
* HffltHB2571EBDual-P0FiG@ll«
Oorttroieis |2 Porte per node)
* Shared 600W higJuefficiency power gjuppiy
* Red Hat® Enterprise Linux® 5
- IPMI 2.0 supported
■ 3 Year Limited Warranty
and 24x7 Telephone support
Contact Us Today to Learn About ZT Server
Solutions and Data Center Programs
Customized to Fit Your Needs
ZT Systems ^
(866) 888-6669
DataCenterSales@2TSystems.com
www.ztsystems.com/datacenter »
K f^KW A fc -MM « llnftlT "*■< l>V MM, ■"* K-nn nfc Jin rp r ^ji. i i tf trafrmvM l"(*i GonWlrtlS*' ifm US MV) SH» Sfcntm^ l'h* "^rti ’Th* Ij^n lirifl' nn.i frm <>*»# T*
Xeon
inside"
Powerful.
Efficient.
w mm-tM T>%i>w' i>*3 *swwr1ir»'‘
Turn Your Computer
into a Phone with
[ GETTING STARTED WITH SKYPE. FEDERICO KEREKI ]
Want to use your computer as a full-fledged telephone, and be
able to make free phone calls over the Internet or paid calls to
any normal number? How about adding more features, such as
instant messaging, file transfers and video conferences? How
about being able to use it on Linux, Windows or Mac OS X? If
these things interest you, you should install Skype.
Skype is a free, VoIP (Voice over Internet Protocol) program,
created in 2003 by Niklas Zennstrom and Janus Friis. Two years
later, eBay acquired it for more than 2.5 billion dollars (plus an
unspecified extra amount depending on performance).
As of the beginning of 2008, it has more than 250 million
users, both for its free and paid services, in practically every
country on earth. When you connect to Skype, in the bottom-
right corner, you will see how many other users are on-line at
the same time. In my experience, it's usually around ten mil¬
lion, which is a hefty number indeed. Skype derives its income
from paid services (including calling or receiving calls from
landline or mobile phones, voice mail, call forwarding and so
on), but you can use it without paying a cent if you call only
other on-line users over the Web.
54 | may 2008 www.linuxjournal.com
From Music to TV
Skype wasn't the first collaboration by Zennstrom and
Friis, and it isn't their last. In 2000, they created Kazaa,
a well-known peer-to-peer file-sharing program.
Obviously, they were able to apply the P2P expertise
gained there to Skype's own development. Kazaa had
plenty of legal problems (similar to those of Napster)
because of sharing copyrighted material, mainly music.
In 2001, Kazaa was sold to Sharman Networks, which
had to face several copyright-related suits. In July 2006,
there was an out-of-court settlement, when its Web site
seemingly was updated for the last time.
After selling Skype to eBay, Zennstrom and Friis turned to
TV and created Joost: a system for distributing video
(mainly TV shows) over the Web, once again using the same
peer-to-peer technology used on Skype. Joost's develop¬
ment started in 2006, and currently (February 2008), it's at
beta. If you want to test-drive this software, however, you
are out of luck. For the time being, there are only Windows
and OS X versions available. According to some reports.
Wine isn't a solution either, though that might change.
Joost will be a free system, supported by advertising,
just like traditional TV, aiming for full-screen, high-
quality viewing. Though its technology isn't yet mature
or fully reliable, it's an interesting concept and free of
the legal problems that troubled the original Kazaa.
There are some licensing aspects that still need work
(most of the available content can be seen only in the
US right now), but there's much promise ahead.
Getting Skype
The program itself is free, but it's not
open source. And, if you like running
the best and latest versions of pro¬
grams, prepare yourself for a disap¬
pointment. The current Windows ver¬
sion is 3.6, the current OS X version is
2.6, but Linux is trailing far behind with
only a beta, called 2.0. Thus, plenty of
features are missing from the Linux
version (see the What's Missing in the
Linux Version of Skype? sidebar), but
Skype still is quite usable as is.
Skype's hardware requirements are
pretty modest. You need a 400MHz
processor or faster, 256MB of RAM and
about 20MB of free disk space. If you
want to talk (don't sneer; you can use
Skype just for instant messaging), you
need a microphone and either ear¬
phones or speakers. And, if you want to
make video calls, you need a Webcam.
Finally, you need to open an account,
but you have to install the program first.
Installation should be quite easy. As
far as I've seen, it's available for pretty
much all distributions, so you should
have no problem finding it in your
repositories. Because I use Smart, get¬
ting Skype simply meant typing smart
install skype. In any case, you should
check that the version you get is not
earlier than 2.0. (To do so, start Skype,
click the S on the lower left, select
About, and you'll see a window with
the version information.) Because Linux
lags behind Windows as far as versions,
you just might have version 1.4, which
would require an upgrade.
If your version is an older one (or if
you just want to make sure to have the
latest one), visit Skype's download site,
Figure 1. You need an account to use Skype.
On Linux, checking Sign me in when Skype
starts is safe to use.
and get whatever is correct for your
machine. There are distribution-specific
versions for Debian, Fedora, Mandriva,
MEPIS, OpenSUSE, Ubuntu and
Xandros. There also are some generic
versions—the "static" one might be
best for you.
After the download is ready, open a
Figure 2. Creating an account is simple, but
you must do it with Skype.
console, cd to the directory where you
downloaded the software, and do sudo
rpm -Uvh skype-2-XXX.rpm, and you
should be ready.
When you open Skype, if you
already have an account and a password,
simply enter them to connect (Figure 1).
However, if this is your first time ever, or
if you just want to create a second or dif¬
ferent account, click Don't have a Skype
name yet?, and a window will open
where you can create an account. Follow
the instructions on the screen, and you'll
be set (Figure 2). Skype won't allow pass¬
words that are too short, but play it safe,
and use a long one, preferably with
numbers and special characters.
Configuring Skype
The first time you run Skype, check its
configuration. Click the S on the bottom
left, and you'll see the Options window.
Here are some of the possibilities:
General allows you to specify what
happens when you double-click on a
contact (either start a call or a chat),
www.linuxjournal.com may 2008 | 55
FEATURE Turn Your Computer into a Phone with Skype
the timeouts (after how much time
you will be shown as Away or Not
Available) and the program language.
Although Skype's Web site advertises
almost 30 languages, it came with only
13. Spanish was noticeably missing.
Privacy lets you decide whether you
will accept calls or chat invitations
from anybody or only from people
you specifically allow, whether you will
answer incoming calls automatically
(I wouldn't check that), and how long
you want to keep the chat history.
Notifications allows you to assign
sound bits to different events, such
as an incoming call or an answered
call, and whether you will be shown
a pop-up notification. If you click
Advanced View, you can specify
scripts that should be executed on
specific events, or a message that
should be sent to the other party.
Chat permits you to define what will
happen if somebody starts a chat with
you, such as whether to use emoti¬
cons and whether other parties should
be informed when you are typing.
Call Forwarding is a paid feature.
When someone calls you, and you
are not at your computer, you can
have Skype call your mobile or land¬
line phone, paying per minute at the
regular call rates. (If you call people
who forward their calls, you pay
nothing.) You even can forward calls
to more than one phone, answer
whichever you want, and you will be
billed accordingly.
Voice mail is another paid feature,
available only with a Skype Pro
subscription. Basically, it works as an
answering machine, and you can listen
to the calls you received whenever
you are signed in.
Sound Devices lets you choose which
devices should be used for sound. I'd
suggest keeping the default devices,
unless you know what you're doing.
Click on Make a test sound to verify
whether Skype can produce sound,
and then click Make a test call to check
whether your microphone is working.
Then, follow the spoken instructions to
see if everything's working.
■ Web Devices can be used to specify
whether Skype Video will be used,
whether video should start automati¬
cally, and whether you want to
receive other people's video and let
them know you have video capabili¬
ties. After you have set up your
Webcam, use the Test button to
verify that you can see yourself.
What's Missing in the
Linux Version of Skype?
Skype for Linux is several versions behind the current Windows program and is
still in beta. In later versions (keep your fingers crossed, but be prepared for a
long wait), it could add:
■ Enhanced file transfer speed.
■ More stable video calls among users with Internet connections of different speeds.
■ Improved video and audio quality on low-speed Internet connections.
■ Call quality feedback and bandwidth indicators.
■ Safety and privacy improvements.
■ Support for MySpace.
■ High-quality video calls.
■ Video snapshots.
■ Auto redial.
■ Call transfer.
■ Private telephone numbers.
■ Import contacts from MSN, Yahoo and Gmail.
■ Skype Prime (calling lines that charge per minute).
■ Skype Find (a community-generated directory).
■ Sending SMS.
■ Ten-way conference calls.
■ Public chat rooms.
■ Predictive dialer.
■ Contact grouping.
■ Shared groups.
This is a (shortened) version of all new features in the release notes since
January 2006, when version 2.0 for Windows came out, so there should be
plenty forthcoming for Linux users.
56 | may 2008 www.linuxjournal.com
Advanced lets you select whether you
want to check for updates when start¬
ing Skype (I'd suggest doing so), which
port to use (leave it as suggested), and
if you are using a proxy, its details.
Blocked People lets you manage your
blacklist. If you don't want to receive
calls from particular users, you can
block them from Skype's main win¬
dow. Right-click on users' names, and
you will have the option to block
them. If you want to restore (unblock)
someone, you can do so here.
Play around with all options, but be
sure to check, at the very least, the
Sound Devices screen and do a test call.
Otherwise, you might find that people
call you, but you can't hear them, or
that you speak, but nobody hears you.
Using Skype
After installing Skype, your first goal
should be setting up your contacts list.
The green plus sign icon in the lower-left
corner lets you look for other Skype users
(Figure 3). In the text box at the top,
enter either the Skype name, part of the
full name, or the e-mail address to search
for someone. You can restrict the search
further (probably necessary if the person
you are seeking has a common name) to
a specific country, state, city, language
and sex. Click Search, and Skype runs
through all users, looking for those who
match and shows a window with the list.
If the person you are seeking is on the
list, click on the name to select it, and
then click Add Contact. The contact will
appear on your personal list.
If you have purchased some credit,
you also can call landlines. (In order to buy
credit, visit Skype's Web site, and you'll
find the link in the top-right corner.) You
can pay with PayPal, Visa, MasterCard and
a few other options. (Remember to use
some of the credit; if you don't spend any
of it in 180 days, your credit expires and
you will lose whatever you had still
remaining in your account.)
If you want to add a standard phone,
in the Add a Skype contact box, click the
bottom link, Add an ordinary phone, and
you will be able to enter the name and
phone number. These numbers will show
Add a Skype Contact
Add a Skype Contact
G
Search the Skype cl ire dory for old and new friends. If you know their Skype
name, full name or e-mail address, enter it into the box below.
CnuntryJReginn
Age Range
All Countries/Regions
T
Alleges £
State.'Province
Ge nde r
* Do not specify
City
Male
Fern ale
Language
‘Skype Me 1 mode
All Languages
-
Show only Skype Me contacts
Or add an ordinary phone number as a Skype Out contact
search
Reset
Close
Figure 3. Use the search form to look for people and add them to your contact list.
TS-7800 High-End Performance
with Embedded Ruggedness
New unbrickable design- 3x faster
Backward compatible w/TS-72xx
Low power - 4W at 5V
128MB DDR RAM
512MB high-speed onboard Flash
12K LUT user-programmable FPGA
Internal PCI Bus, PC/104 connector
2 USB 2.0 480 Mbps
Gigabit ethernet a 2 SD sockets
10 serial ports a 110GPIO
5 10-bit ADC a 2 SATA ports
Sleep mode uses 200 microamps
Boots Linux in < 2 seconds
Linux 2.6 and Debian by default
Over 20 years in business
Never discontinued a product
Engineers on Tech Support
Open Source Vision
Custom configurations and designs w/
excellent pricing and turn-around time
Most products stocked and available
for next day shipping
a
a
a
a
a
a
See our website for options
peripherals and x86 SBCs
Technologic
SYSTEMS ^
We use our stuff.
v i s i t ourTS - 7200 pow e r e d w e bs i t e at
www.embeddedAT A .com
Design your solution with
one of our engineers
$269« $229 qty 100
II 500 MHz ARM9
FEATURE Turn Your Computer into a Phone with Skype
Figure 4. In your contacts list, green icons
correspond to Skype users who are on-line,
grayed-out icons indicate off-line users, and
blue icons represent standard phones.
up in your contact list with a blue
(instead of green) icon, so you can recog¬
nize them at a glance (Figure 4).
If you click on a user, you can see his
or her picture (if you want to upload
yours, click on your own name, and then
click Edit Profile), and you will see three
icons: a sky-blue Start Chat icon, a
green Start Phone Call icon, and a
down-pointing arrow that adds several
more options, such as Send File, View
Resources
Skype: www.skype.com
Download Skype:
www.skype.com/intl/en/
download/skype/linux/choose
Joost: www.joost.com
Kazaa: www.kazaa.com
TIME article on "The Skype Guys":
www.time.com/time/magazine/
article/0,9171,1187489,00.html
Libland Webcam Drivers:
mxhaard.free.fr
List of Supported Webcams:
mxhaard.free.fr/spca5xx.html
Getting Your Webcam to Work
The biggest enhancement in Skype 2.0 is the video capabilities, so I
certainly needed a Webcam in order to write this article. I went to a nearby
computer shop, and knowing there could be driver problems (most
Webcams, if not all, come only with Windows drivers, and not even a
peep regarding Linux), I applied my common sense, studied the options
thoroughly and opted for the cheapest model—if it wouldn't work, at
least it wouldn't cost much!
Even with the lack of support, there's a good source of drivers at the
Libland Web site. Its owner, Michel Xhaard, is doing a great job in
providing a free driver that works with more than 200 different Webcam
models. Thus, as the model I bought wasn't exactly cutting-edge, I
thought there would be a good chance it would work out of the box
with this driver.
I installed the Webcam, and did isusb, which produced a line reading Bus 001
Device 002: ID 0ac8:307b Z-Star Microelectronics Corp .. The first four
characters (actually, hexadecimal numbers) after ID identify the manufacturer,
and the last four characters specify the model. I then checked the list of
supported Webcams, looking for these values, and didn't find them; however,
I did find several other models from the same manufacturer, so I decided
to give the driver a whirl. Because I'm running kernel 2.6.23, I needed the
gspcavl driver; for kernels below 2.6.11, scpa5xx is needed. I downloaded
the package, and then as root, did the following:
tar zxf gspcavl-20071224.tar.gz
cd gspcavl-20071224
./gspca_buiId
The process ran seamlessly, so I tried the Webcam with Skype, and it
worked. You might not be so lucky, but I recommend starting your
search for a driver at Xhaard's site.
J
Profile, Rename Contact (if you want to
change the way the user appears on
your list), and for unwanted users, Delete
Account and Block Account. Another
option is to click on Call Ordinary Phones,
which shows a touchtone-type display,
allowing you to key in any number from
any country; remember this has a cost,
and you must have enough credit for this.
During a phone call, you can right-
click on the call window at any time
and get similar options as described in
the above paragraph. You even can
start a chat, simultaneously with the call
(you might want to do this should your
connection prove a bit flaky). Another
option is adding video, so you can send
your image to the other party. You can
do this automatically (depending on
how you configured the video options,
as described previously) or on demand
(simply click the button). Click the red
button at the lower right to hang up
and finish the call.
The chat window is quite similar to all
other IRC channels. You can add more
people to the chat if you like; simply click
the Add People button. To end a chat,
click on Leave Chat or close the window.
Conclusion
Skype lets you turn your computer into a
phone, capable of calling both Skype
users and common phone numbers all
over the world. Let's hope that the Skype
developers speed up a bit, and let Linux
users have more of the functionality
available in other operating systems.■
Federico Kereki is an Uruguayan Systems Engineer, with more
than 20 years’ experience teaching at universities, doing devel¬
opment and consulting work, and writing articles and course
material. He has been using Linux for many years, having
installed it at several different companies. He is particularly
interested in the better security and performance of Linux boxes.
58 | may 2008 www.linuxjournal.com
SR2461
HORRIFIES
about the cost
Fibre Channil
or iSCSI Storage
Coraid Offers a Complete Line
of Clustered Modular Storage Products:
Coraid's EtherDrive® Storage with AoE is fast,
reliable disk storage that's easy to use. And it's
much more affordable than iSCSI or Fibre Channel!
•V
Winner
tmiMoRLD.
itiranni i « i ar»
Best Storage
_ Solution ^
To learn more about this and Coraid's other products, go online or call
+1.706.548.7200 (toil free 877.548.7200)
EtherDrive® Storage has a
field-proven track record and
is 1000+ large data storage
customers strong.
jCORAID
The Linux Storage People
High Performance EtherDrive® SATA+RAID Storage
Appliances with 1 GigE or 10 GigE Connections
Clustered VirtualStorage™ Appliances
(a Revolutionary Logical Volume Manager)
Scalable NAS Gateways
(File Sharing with EtherDrive® Storage)
Coraid products use open AoE (ATA-over-Ethernet) block storage
protocol, for high performance without the TCP/IP overhead
With AoE, your shared storage capacity is infinitely scalable -
at a fraction of the cost of iSCSI or Fibre Channel storage
We provide a 3-year warranty and free firmware upgrades on
all our products, as well as support from first-rate engineers
trained in our technology
www.coraid.com
INDEPTH
Adventures with Chumby
Turn the Chumby device into a useful kitchen assistant, daniel Bartholomew
I am now the happy owner of one of the coolest gadgets
I have ever experienced, the Chumby. At first glance, this
diminutive computer appears to be nothing more than a
Web-connected alarm clock. This, in and of itself, is a neat
idea, and worth the price of admission for me. However,
the Chumby is much more than a simple alarm clock, Web-
connected or not. To that end, I made a conscious decision
when the Chumby was on its way to me from the factory
in China not to have the Chumby in the bedroom. Such a
useful device should be in a room where people can take
advantage of it while they're awake.
Figure 1. What Comes with the Chumby
The Chumby, at its heart, is a small embedded computer
wrapped in a soft, squeezable shell made of plastic and
leather. If you want to get technical, the Chumby is powered
by a 350MHz ARM processor and contains 64MB of SDRAM
and 64MB of NAND Flash ROM. For output, it has a 3.5" LCD
color touchscreen, 2W stereo speakers, two USB 2.0 full-speed
ports and a headphone jack. For input, it has the aforemen¬
tioned touchscreen, a squeeze button on the top, and an
accelerometer for motion and tilt sensing. It connects to the
Internet via 802.11 b/g, which means you need to have
a wireless network of some sort. Power is supplied by an
external AC adapter, and there also is a connector for
a nine-volt battery for emergency power.
The Chumby displays small Flash movie "widgets". These
Flash movies can do anything that Flash movies can do within
the limits of the Flash-Lite-3 embedded Flash player that the
Chumby runs. In practical terms, this means it can play most
Flash movies that run in version 8 or lower of the Flash
browser plugin. Some features were added in version 9 of
the browser plugin that are not supported in Flash-Lite-3.
Figure 2. Back of the Chumby
A lot of thought and care has gone into the design of the
Chumby, and every effort appears to have been made to make
the Chumby as easy to use as possible. Even the packaging
contains some nice touches, such as the linen bags the
Chumby arrives in instead of yet another box. The bags are
useful and mean less waste—always a good thing in my book.
The user interface also is well designed. My very nontechnical
wife was able to find her way around the Chumby easily.
There even is a nice movie that plays when you turn the
Chumby on for the first time that gives you a quick tour of
the interface and main features.
Once I had the Chumby unpacked and connected to my
Figure 3. The Chumby Guided Tour
60 | may 2008 www.linuxjournal.com
network (and had given the little charms that I found in one of
the bags to my kids), it was down to business. My original
thoughts on what I wanted to do with the Chumby were to
turn it into a kitchen assistant with a favorite recipes database
that it served up from either a built-in or in-house Web server,
a recipe search widget (to search the recipes in the database,
or find new ones on-line), a music player, a shopping list cre¬
ator, a meal planner, a calendar, a photo album, an egg timer,
a calculator and a plain-old alarm clock. Ten things shouldn't
be too hard, right? Well, my success was mixed. Some things
worked out great, and others, not so much. I haven't given up
on getting all of the above working eventually, but not all of
them work at this time.
Figure 4. The Chumby in the Kitchen
My first order of business was to try to create some Flash
widgets, and I quickly found there are some major downsides
to having Flash be the preferred method of application devel¬
opment on the Chumby. The good part is that the Flash soft¬
ware from Adobe is easy to use and can create all sorts of
things. The bad part is that said software—apart from it being
proprietary, closed-source and available only for Windows and
Macintosh—costs twice as much as the Chumby, and there are
no easy-to-use open-source alternatives to the Flash program¬
ming environment that run on Linux.
There has been some progress in this area, mostly along
the lines of simple environments for writing and compiling
Adobe's Action Script language into Flash movies, but the best
of these, FlashDevelop, is Windows-only. I'm also not too keen
on learning yet another programming language. There are
some Linux GUI tools that are in the proof-of-concept stage
(meaning they look nice but don't work).
Another option for me would have been to hack the
underlying embedded Linux operating system on the Chumby
and add something like embedded GTK or KDE, but I quickly
put that out of my mind, as I don't think I have the chops to
avoid turning the Chumby into a paperweight in the process.
So, I went with what I had, and what I could find. The
upside to this approach is that new widgets are being released
ASA
COMPUTERS
Want your business to be mere productive?
Th$ ASA SetVWS ppwerBd by the Mai X^gri PrcKa^sgr prWKte lha
quality unci dependability to keen up with youi growing business
Hardware Systems tor the Open Source
Community - Since 1989.
i Linux, FreeBSD, NetGSD, Open BSD. Sola is. MS, etc
1U Server-ASA1401i
- TIB Steraga Installed. Max - 3?S.
Intel Dual coroSCtfO CPU(Qty- 1 ), Max-? CPU*
1G0 GC/MG7 M-RnMM* iruflAlled,
^Hiipcrik 1&i,n FFtniMM.
4X250GB bf»wap SATA. II Drives Installed.
4 part &A1A-II RAID controller.
2*l0;iWM
Breads
Various bread recipes.
l.0
Cookies
Various cookie recipes.
l.0
and if you marked it as public, it will be viewable by all
Chumby users (once the Chumby folks have determined
that it isn't a malicious widget).
The only real downside to the browser method is that
Chumby.com will let you upload only widgets that are less
than 100K in size. If you create a widget larger than that—
and I expect that once I've added all my recipes and pho¬
tos, each recipe book has the possibility to be larger than
that—the other way to get a widget onto your Chumby is
with a USB thumbdrive.
For the thumbdrive method, apart from the icon and
Flash files, you need a text file named profile.xml. The
There is also a neat
service called Dailio
where you can send
photos to a special
e-mail address, and
they will show up on
your Chumby without
any further effort.
Chumby looks for this file when it
boots and will add any widgets
described in it to all of your widget
channels. This file is self-explanatory,
and the Chumby Wiki provides full
instructions.
The Chumby as a Recipe
Search Engine, Shopping List
Creator and Meal Planner
I haven't been able to get all the
things I wanted to get onto the
Chumby onto it. Flowever, after actu¬
ally using the Chumby for a couple
weeks, I'm not so sure they were good
ideas to begin with.
The main reason for this is that my
intended recipe search, shopping list
creator and meal planning widgets all
would require extensive text input, and
that is where the Chumby is not ideal.
The Chumby is mainly an output
device, suited to displaying various bits
of information. Input is best limited to
simple interactions, such as tapping on
buttons and sliding your finger around
the screen.
The Chumby can handle text input,
and some widgets require it. The con¬
trol panel, for example, has a simple
on-screen keyboard where you enter in your wireless set¬
tings during the Chumby's initial setup. Also, in the music
interface, there is another on-screen keyboard where you
enter in the location of the music stream to which you
want to connect. But, supporting text input where required
and doing a lot of text input are two very different things.
After entering text in just those two above-mentioned
places, I could see it was not something I would want to
do on a regular basis with the Chumby, because although
it works, it's slow. The problem is that when using the
Chumby, the natural thing to do is to use your fingers, and
most widgets—if they have buttons at all—keep them
www.linuxjournal.com may 2008 | 65
INDEPTH
1
Taste of Home - Meal* of
Tup IJF«* JJHR
Mushroom Rib Eyes
In n ifiptu tc ■' ^rr« tni n i*
Q ©
:«image
AvaHabte
©
Figure 11. Some RSS feeds don’t work.
large and few in number. For effective text input, you need
a lot of small buttons, and on the Chumby's screen, lots of
small buttons practically requires you to use a stylus—not
something I want to have to use with the Chumby.
I toyed around with using an RSS widget to display recipe
data from sites that offer it, such as Taste-of-Home's Recipe of
the Day, but as you can see from the screenshot, my testing
did not go so well.
Final Thoughts
The Chumby is an amazing device. It can be adapted to fit
in with almost any room in the house and can display any
sort of data that can be displayed within the confines of
the Flash file format.
New widgets come out all the time, and the basic software
is under constant improvement. Check out chumby.com and
browse the available widgets; there's something for everyone.
The Chumby is also very hackable. The underlying oper¬
ating system is embedded Linux, and all the source code
(apart from a few licensed bits that they aren't allowed to
disclose) and complete hardware schematics are available
on the Chumby Web site. The developers really seem to
get the idea of making a device hackable, with their only
warning being a gentle reminder that if you take your
Chumby apart, it will void the warranty. Beyond that, they
actively encourage you to turn the Chumby into anything
you please and are eager to help you in any way they can
through their Web site, forums and wiki.
In these days of locked-down, don't-you-dare-look-
behind-the-curtain-or-we'll-sue gadgets, having one that
you can mod to your heart's content, with full schematics
and source code—and the original developers—to guide
you, is a nice feeling. ■
Daniel Bartholomew lives with his wife and children in North Carolina.
SSH and HTTP on
the Chumby
Being based on Linux, the Chumby has a lot of functionality
that isn't exposed right off the bat. An example of this is the
built-in Web server and the ability to SSH into the Chumby.
The Web server, by default, has only a link to some statis¬
tics on how good the wireless connection is, but it can be
extended easily.
Yes, you can SSH into the Chumby.
When you SSH into the Chumby, you'll find a nice,
embedded command-line environment waiting for you,
courtesy of BusyBox. You even can set up cron jobs
and run shell scripts.
Resources
The Source for All Things Chumby: chumby.com
The Friendly and Helpful Chumby Forums: forum.chumby.com
The Chumby Wiki: wiki.chumby.com
Nitty-Gritty Chumby Details: www.chumby.com/developers
FlashDevelop: www.flashdevelop.org
66 | may 2008 www.linuxjournal.com
ahead
MULTIPLY ENERGY EFFICIENCY
AND MAXIMIZE COOLING.
m THE WORLD'S FIRST QUAD-CORE PROCESSOR FOR MAINSTREAM SERVERS.
THE NEW QUAD-CORE INTEL® XEON® PROCESSOR 5300 SERIES DELIVERS UP TO 50%^
MORE PERFORMANCE 1 THAN PREVIOUS INTEL XEON PROCESSORS IN THE SAME
POWER ENVELOPE. BASED ON THE ULTRA-EFFICIENT INTEL® CORE™ MICROARCHITECTURE,
i IT'S THE ULTIMATE SOLUTION FOR MANAGING RUNAWAY COOLING EXPENSES. LEARN
WHY GREAT BUSINESS COMPUTING STARTS WITH INTEL INSIDE. VISIT INTEL.COM/XEON.
r
RELION 2612
Quad-Core Intel® Xeon®
processor
2U server with up to 12TB
Ideal for cost-effective File/DB
applications
RAS—Reliability, Availability,
Serviceability
STARTING AT $2429.00
RELION 1670
• Quad-Core Intel® Xeon®
processor
• Intel 5400 (‘Seaburg’) chipset
with 1600MHz front side bus
• Up to 128GB RAM in 1U—class
leading memory capacity
• Management features to support
large cluster deployments
STARTING AT $1969.00
( Penguin
Computing
www.PenguinComputing.com
501 2nd Street, Ste. 310
San Francisco Ca 94107
1-888-PENGUIN (736-4846)
Penguin Computing provides turnkey x86/Linux clusters for high
performance technical computing applications. Penguin's Relion line of rackmount
servers is based on the latest Intel chipsets and processors. Relion 2612 and
1670 are just a few examples of our complete product line. We offer a full range of
rackmount servers, interconnect fabrics, storage solutions, Scyld cluster management
software, and integration services. Please visit our Web site or contact our sales team
for further details.
Intel is not responsible for and has not verified any statements
or computer system product specific claims contained herein.
Xeon
inside ™
Powerful.
Efficient.
1 .Performance measured using SPECjbb2005*, SPECjbb2005*/SysWatt, comparing a Quad-Core Intel® Xeon® processor E5345-based platform to a Dual-Core Intel® Xeon® processor 5160-based platform.
© 2008 Intel Corporation. All rights reserved. Intel, the Intel logo, Intel. Leap ahead., the Intel. Leap ahead, logo, Intel Core, Xeon, and Xeon Inside are trademarks of Intel Corporation in the U.S. and other countries.
*Other names and brands may be claimed as the property of others. © 2008 Penguin Computing and Relion are registered trademarks of Penguin Computing, Inc. Linux is a registered trademark of Linus Torvalds.
INDEPTH
7
AVSynthesis: Blending
Light and Sound with
OpenGL and Csound5
Introducing a unique and powerful program for mixing son et lumiere into
fascinating experimental videos, dave Phillips
The artistic combination of sound and image is a common
enough phenomenon. Movies, television and various Internet
channels demonstrate the happy results from the blend of
recorded sight and sound. However, these examples typically
utilize sound in the role of an accompanist, perhaps greatly
significant but still primarily an accompanist.
There is another way to consider the role of music and
sound in video production—a way in which the sound itself
informs the flow of images and their transformations.
Although not a novel concept (see the Wikipedia entry on
John Whitney), the practice has taken on a new richness of
possibilities with the use of computers in the recording and
editing of digital son et lumiere.
Jean-Pierre Lemoine has been exploring these new riches
at least since the late 1990s. I profiled his HPKComposer
(coauthored with Didiel Debril) in my Book of Linux Music
& Sound, which was written in 1999, and even then the
HPKComposer Web page stated that the program was "... a 3D
art composition tool for Csound". At that time, the authors
chose to use the Virtual Reality Modeling Language (VRML) for
its graphics engine. I could meet the program's Java require¬
ments and work with its Csound side, but I was unable to
Figure 1. AVSynthesis in Play
work with VRML under Linux then. Nevertheless, the Web
site's screenshots made quite an impression, and I hoped that
someday such a program would become useful under Linux.
Cut to the work of Csound developer Gabriel Maldonado:
his CsoundAV for Windows is a true fork from the canonical
Csound source tree, but Gabe is a genial fellow who freely
offers all his code extensions to the community. Recent devel¬
opments in canonical Csound have facilitated the adoption of
some CsoundAV opcodes, though we await the inclusion of
the CsoundAV opcodes for OpenGL, and this situation brings
us to the latest work of Jean-Pierre Lemoine, titled simply
AVSynthesis (Figure 1).
AVSynthesis embraces and extends many of the design
concepts behind HPKComposer. The program blends sound
and images to produce abstract non-representational works
of art. It's written in Java, and Csound is still the audio engine
of choice, but the VRML interface has been replaced by a
set of image controls based on the OpenGL shading language
(GLSL). The program creates radical associations and corre¬
spondences between image and sound, leveraging the powers
of Csound and OpenGL for the arbitrary manipulation of
digital audio and digital images.
Requirements and Installations
Like many experimental applications, AVSynthesis is not a per¬
fectly packaged program, and it is not ready for use right out
of the box. It is a unique program, and as such, it has some
unique requirements that may not be met by your distribu¬
tion's package repositories. Building the required dependencies
is not especially difficult, as long as you have a typical Linux
development environment installed and properly configured
for your system. I include here the particular instructions for
compiling Csound and configuring AVSynthesis, with some
notes on the requirements for building the application on a
64-bit system.
AVSynthesis demands a specific set of dependencies:
■ Java (1.5 or higher)
■ LWJGL (the Light Weight Java Game Library)
■ Csound (5.07 or higher)
68 | may 2008 www.linuxjournal.com
■ OpenGL
Where they are noted, the versions are critical, and each
component is subject to its own build prerequisites. As men¬
tioned, Csound needs some special attention in order to use it
with AVSynthesis.
Csound has its own set of necessary dependencies, but
space restrictions here forbid a complete description of the
program and its requirements. Fortunately, thorough and
excellent documentation is available from www.csounds.com,
so I focus here only on the configuration needed to compile
the program for use with AVSynthesis.
The following options configure and compile the csound
binary for double-precision floating-point numerics and create
libjcsound.so, a Java "wrapper" library for Csound's audio
synthesis and processing services:
scons useDouble=l instal1=1 buildPythonOpcodes=l buiIdlnterfaces=l
^buildJavaWrapper=l dynamicCsoundLibrary=l
The Python opcodes are not required by AVSynthesis,
but I include the option for use with Steven Yi's blue, a superb
environment for working with Csound. All other options in
this build configuration must be included for work with
AVSynthesis. If the build is successful, the libjcsound.so library
will be at the top level of the Csound source tree. Install
Csound (scons install), then copy libjcsound.so to the
AVSynthesis native directory. That's it; you're finished with
setting up the audio side of AVSynthesis.
The OpenGL and LWJGL libraries provide the interface's
visual components and style. The various parameter control
screens resemble the control panels seen in many OpenGL-
based games, with visual effects, such as animated icons and
mobile transparencies—niceties that liven the appearance of
the program and improve its work flow.
The LWJGL libraries present a minor difficulty. The AVSynthesis
package includes the LWJGL libraries as Windows-format
DLLs but not the required native Linux libraries (that is, in
.so format). The package includes these DLLs:
■ DevlL.dll
■ ILU.dll
■ ILUT.dll
■ Jcsound.dll
■ lwjgl-devil.dll
■ lwjgl.dll
Those files must be replaced by the following native
Linux equivalents:
■ liblL.so
■ libILU.so
■ libILUT.so
■ libjcsound.so
■ liblwjgl-devil.so
■ liblwjgl.so
The libjcsound.so library comes from the Csound build
described above; the others come from the LWJGL binary
package (downloaded from lwjgl.org). Alas, 64-bit users will
need to build and install the LWJGL and the IL libraries them¬
selves. As far as I could tell, packages for these libraries are not
readily available in 64-bit format, but building them is trivial
and requires no special instructions beyond adding --with-pic
to the configuration step (./config --with-pic). After build¬
ing or downloading the libraries, they must be copied to the
AVSynthesis native directory. You then can move or delete the
DLL versions.
Neither Java nor OpenGL requires any rebuilding or special
runtime options. These are common packages now, so if you
don't have them installed already, summon your package
manager and install the latest versions (Java must be 1.5 or
higher). AVSynthesis itself is launched from a .jar file that
works equally well in a 32-bit or 64-bit environment.
In addition to these software requirements, your computer
should have a fast CPU and a video system capable of acceler¬
ated 3-D graphics. I tested AVSynthesis on two machines: a
32-bit box with an AMD64 3800+ CPU (a 2.4GHz chip) and
a 64-bit machine powered by an AMD64 3200+ CPU (2GHz).
Both systems include NVIDIA graphics boards (GeForce
7300GS and GeForce 7600GS, respectively), with xorg.conf
configured for NVIDIA's proprietary nvidia driver (that is, not
the open-source nv module). The 32-bit iron runs the JAD
distribution, based on OpenSUSE 10.2, and my 64-bit box runs
64 Studio, a Debian-based distro. Both systems are optimized
for multimedia and include kernels optimized for real-time
performance. However, programs such as AVSynthesis want
resources, lots of them, and I consider my machines as rather
low-end for AVSynthesis. Your mileage may vary, of course,
but for the best results from this program, I recommend a
3GHz CPU, at least 2GB of RAM, a fast 3-D graphics card and
a large, fast hard disk.
I also recommend a high-quality audio system. Cheaper
desktop speaker arrays may be suitable for watching DVDs,
but Csound is capable of audiophile-quality output, so
you'll want a sound system as powerful as your graphics
system. Here at Studio Dave, I have my JAD box connected
to a relatively low-end 5.1 sound system (a combination
of Creative Labs and Peavey hardware), while the 64 Studio
machine is hooked up to a conventional small studio
audio system with a Yamaha digital mixer, a standalone
100-watt power amplifier and a pair of high-quality
monitor speakers.
www.linuxjournal.com may 2008 | 69
INDEPTH
1
Getting Started with AVSynthesis
Now we can get started with AVSynthesis. First, edit the
data/config.xml file for the runtime options for Csound and
OpenGL. I added these options to set up Csound for running
with the JACK audio server and to configure OpenGL for my
screen dimensions and video frame rate:
Other options must be used if Csound is not compiled with
JACK or PortMIDI support. See the Csound documentation for
information about other startup and runtime options.
Next, I prepared the Csound and Java environments with
these commands:
export 0PC0DEDIR64=/usr/local/lib/csound/plugins64/
export PATH=$PATH:/home/d1 phi Ip/jdkl6/:/home/d1 phi Ip/jdk16/bin/
These commands can be added to your home directory's
.bashre file to automate this step.
Next, I used QJackCtl to configure and start the JACK
audio server. This step is unnecessary if you're not using JACK,
but I advise doing so for best latency.
Finally, I could start the program:
cd $HOME/AVSynthesis
java -Xmx768m -Djava.library.path=./native -cp
^•AVSynthesi s.jar:./lib/* org.hpk.av.AVSynthesi s
This command calls Java, sets a memory amount for it,
points the Java library path to the AVSynthesis/native directory,
declares the classpath (-cp), loads the needed .jar files from
the top directory and the lib directory, and launches the appli¬
cation. By the way, the cryptic string at the end is in the
AVSynthesis jar file. It's a weird way to start an app, I know,
but Java can be like that.
How It Works
AVSynthesis takes two or more PNG or JPG images, blends
them together in an animated sequence and treats that
sequence with various transformations made possible by the
OpenGL shading language. At the same time, the program
creates a soundtrack that follows the same timeline as the
video sequence. The soundtrack itself may be heavily treated
by the synthesis, processing and composition algorithms
provided by Csound. In AVSynthesis-speak, this combination
of sound and image is called a layer. By the way, you can
add your own PNG and JPG images to the AVSynthesis
data/textures directory, and your own soundfiles can be
added to the data/loops directory (for processing by the
Csound loop instrument generator).
Given the space limitations for this article, it's impossible
to describe the variety of controls over the image and
sound processors fully. Consider this possible scenario for
the audio section alone: up to three sound sources are
available per layer, each sound source is one of five genera¬
tor types, and each generator's sound can be modified fur¬
ther by up to three audio signal processors. Each processor
is one of 13 types. Almost every parameter in the synthesiz¬
ers and the processors can be modulated by one of eight
envelope curves, and each curve is also subject to a modifi¬
cation of its time span. As you can see, it's complexity within
complexity, and I haven't even considered the possibilities
added by the sequencer and the mixer.
Let me describe an uncomplicated project—an exercise to
demonstrate AVSynthesis basics. Note that my description only
scratches the surface of this program, and that its full power
can be seen and heard only in vivo. I've provided links in the
Resources section to some demonstration files, but they merely
hint at the possibilities. Worse, the necessary video compres¬
sion codecs are unkind to the vivid clarity of an AVSynthesis
real-time performance. With these facts in mind, let's proceed
to the project.
The Composition Editor, Part 1
AVSynthesis opens to the composition editor, the program's
highest level. This screen is similar to a track display in a digital
audio multitrack recorder, but a track here performs only one
task. Each track is a timeline divided into 30 ten-second sec¬
tions, and each section contains one stage of a simple three-
stage line-segment envelope that controls the visibility and the
corresponding audio volume of the track's layer. As we shall
see, this envelope itself may be modified by factors working
elsewhere within the program.
No text labels or tooltips describe the Composition screen's
various functions, so the user must memorize their significance
and purposes. Fortunately, there are relatively few functions on
this screen. Figure 2 defines the other screen elements, most
of which deal with performance controls and save/load func¬
tions. Later, we'll consider some of them more closely, but first,
let's make a movie, with sound.
Figure 2. The Composition Screen Layout
70 | may 2008 www.linuxjournal.com
The Layer Editor
Figure 3 shows a default empty layer. When the mouse pointer
stays on the layer image, a transparent overlay appears with
various controls for managing the layer. Click on the icon in
the lower-left corner of the overlay to invoke the Layer Editor
shown in Figure 4. The icons across the top of the screenshot
represent, from left to right, the transformed image, the base
image selector, the modulating image selector, the GL shader
effect editor, the envelope curve editor and the audio system
editor. Let's start our movie-making by selecting our base and
modulator images to create an image for treatment by the GL
shaders. Next, click on that image (it's the largest of the top
three) to invoke the GLSL shader selector, then set the light
source, contrast and effect processor for your blended image.
Each shader has its own set of performance controls, some of
which are shared by all the shaders, while others are unique to
the particular effects you've chosen. Figure 4 displays the
results of such a process after adding the Wobble shader.
Figure 3. A Blank Layer
At this point, you can call the GL shader editor for further
finessing of the transformation. Note that the transparency
that appears over the blended image includes a play control
for testing your later transforms at any point in the process, so
feel free to bend, fold, staple and mutilate to whatever degree
necessary. Set constraint ranges, apply envelope curves and
specify single values. Experiment, experiment, experiment. Be
aware, however, that AVSynthesis is short on safeguards, so
save your work frequently. There's also no undo/redo, and you
receive no warnings about anything except when you decide
to quit the program.
Figure 5 shows the control panel for the Wobble effect. The
shader's unique controls are at the bottom of the panel and
0GEN TOR
Linux - FreeBSD - x86 Solaris - MS etc.
Linux Server
FreeBSD Server
Microsoft Server
Solaris Server
GENSTOR STORAGE SOLUTIONS:
- Storage options - FC to SATA/SAS, FC to FC
SAS to SAS/SATA, SCSI to SATA, SCSI to SCSI
Exceptional Performance with Proven Reliability
- 24 TB in 4U with easy upgrade path
- Host Servers and Storage comes Pre-Configured
with heterogeneous OS- Linux, * BSD, Solaris
Microsoft etc.
- Fully redundant Storage solutions
Proven technology. Proven reliability
When you can’t afford to take chances with your business
data or productivity, rely on a GS-1245 Server powered by
the Intel® Xeon® Processors.
Quad Core Woodcrest
Genstor Systems, Inc.
780 Montague Express. #604
San Jose, CA 95131
www.genstor.com
Email: sales@genstor.com
Phone: 1-877-25 SERVER
1-408-383-0120
Intel®, Intel® Xeon® Inside are trademarks or registered trademarks of
Intel Corporation or its subsidiaries in the United States and other countries
INDEPTH
1
consist of a start slider and two sliders apiece for controlling the
frequency and amplitude parameters of the effect. The remain¬
ing controls are, as mentioned, common to all the shaders. They
include texture managers, a transparency slider, color controls,
and eye and light positioners. These common controls can be
augmented by extensions required by a particular shader.
Figure 5. GL Shader Controls
A parameter value can be set explicitly with its slider, or
you can define a range of values with the constraint mask
(the black and gray bars shown in Figure 5) to limit the
possible values only to the range covered by the mask. This
range can be modified further by one of the envelopes
defined in the Curves screen.
The Audio System
The icon at the top-right corner of Figure 4 invokes the
AVSynthesis audio system editors. When the icon is selected,
a column of new icons appears at the screen's left (Figure 6).
From top to bottom, these icons represent the audio sequencer,
three synthesizers, three processing modules and the audio
mixer. They are all external representations of the Csound
engine within AVSynthesis. We'll consider each of these
components in turn, but only briefly.
Figure 6. The AVSynthesis Sequencer
The sequencer manages the flow of time for the evolution
of both the sound and the video transformations. Lower values
represent slower speeds, and higher values make things hap¬
pen faster. However, time distortion possibilities are rampant in
AVSynthesis, and it is not always a simple matter to predict
exactly how long a composition will last.
The controls in the synthesis, processing and mixing
screens behave exactly like their video counterparts (Figure 7).
Values are defined with sliders and masks, envelopes can be
placed over ranges and so forth.
Figure 7. A Csound Synthesizer
Incidentally, Csound's deployment is completely concealed to
the normal user, and no prior knowledge of Csound or any other
programming language is necessary in order to use AVSynthesis.
The test play function is available here too. When you are
satisfied with the sound, save the layer, then click the mini¬
image of the composition editor (at the top-left corner of the
Layer Editor) to return to that screen.
The Composition Editor, Part 2
Before doing anything else, save your performance and all its
parts with the Save Part/Performance button (Figure 2). Up to
ten performances can be saved, each with ten parts, with up
to 13 layers per part. For now, just save your work to its
starting location (for example, Performance 0, Part 3).
Your track is represented now by its layer's blended image.
Next, we need to add a performance curve in the track time¬
line. Left-click near the top of track section to set a peak for
the curve, near the bottom for a zero value. The envelope
curve offers only fixed-length attack and decay segments, but
you can click and drag to set arbitrary lengths for peak and
zero-value segments (Figure 1). Okay, we've defined our visual
and audio elements and their transformations, we've set a
performance curve in the composition timeline, so we're
ready to put AVSynthesis into one of its performance modes.
The square buttons at the bottom right of the Composition
screen represent the program's three performance modes. The
right-most button turns on the rendering mode, the center
square puts AVSynthesis into a MIDI-controlled mode, and the
left button toggles the real-time performance mode.
The real-time mode plays the arrangement of layers and
their associated curves on the composition screen timeline.
Click the button, and your composition plays in real time. Click
anywhere in the composition screen to stop playback. If an
72 | may 2008 www.linuxjournal.com
error occurs, AVSynthesis may print some relevant information
to your terminal window, or it may run with no display or
sound until you click to stop playback. Or, it may freak out
entirely and freeze your system. As I said, it's experimental
software, so these things happen.
When the MIDI performance mode is selected, the MIDI
continuous controller #85 can be used as a layer fader during
real-time performance from the composition screen. The input
port is designated by the Csound options specified in the
AVSynthesis config.xml file. In my example above, the -MO
option sets the input port to the ALSA MIDI Thru port.
I tested MIDI control by hooking a sequencer to the MIDI
Thru port in QJackCtl's MIDI Connections panel. I used loops
of sequential and random values for controller #85, and every¬
thing worked perfectly. The implementation is limited, but it
points the way toward more interesting real-time performance
controls, such as layer blackouts and sudden appearances. This
MIDI control extends only to the video part of a layer; it does
not affect the audio portion.
The rendering mode runs the arrangement in the
Composition screen in slower than real time to produce one
TGA image file per video frame. The frame rate is set in the
data/config.xml file (see above), and the author advises leaving
it at its default of 30 frames per second. Thus, at the default
frame rate, 30 image files will be created for each second of
your composition. These files can be compiled into an anima¬
tion (see below). At the same time, Csound's output is cap¬
tured to a soundfile (render.wav in the data directory) that can
be added to the animation.
For some reason, the render mode works only once per
session. If you want to record another take, save your work
and re-open the program. Hopefully, this limitation will be
removed in a future version.
Incidentally, the Fullscreen, Save Perf/Part, Realtime
Performance and MIDI Mode buttons are available from all
screens within AVSynthesis.
Making a Movie
AVSynthesis does not create a movie directly. When you click
on the Render button, the program creates a series of uniformly
sized image files (approximately 4MB each), and the number
of files can be massive. You will need a video encoding pro¬
gram to turn these static images into a flowing animation.
The following instructions use MEncoder from the MPlayer
Project, but any other video encoder should work, as long as
it's capable of converting static TGA images into a movie.
TAKE THE NEXT STEP IN PHP
June 2-4, 2008 * Washington, DC
- 4 Keynotes
* 2 Tracks of Breakout Sessions
- 4 Tutorials
- Exhibit Hall
* Endless Networking Opportunities
www.dcphpconference.com
DCOlCTCD TAHAVil
i vuvjitj i uiv i wni tj
Whether you are a developer, manager, recruiter,
non-profit organisation, or a company that uses PHP in
its daily operations the DC PHP Conference as for you
Join PHP experts and community members at the third annual
DC PHP Conference & Expo. Share with your peers the experiences,
expertise and best practices in a wide variety of sessions.
Attendees will also have the opportunity to partake in tutorials,
case studies, round tables, and to view an exhibit hall featuring leading
companies demonstrating their cutting-edge solutions.
www.dcphpconference.com
Juno K MM • Washington. DC
INDEPTH
1
The first step sorts the TGA files into a numbered list. This
step is necessary if your encoder reads the TGA files in this
order: l.tga, lO.tga, 100.tga, lOOO.tga, 1001 .tga...101 ,tga 7
101O.tga, 1011 .tga and so on.
Encoding the files in that order results in images rendered
out of their original sequence. We need to encode them in
this order: l.tga, 2.tga, 3.tga, 4.tga and so on.
I asked the mavens on the Linux Audio Users mailing list
how they would resolve this irritating dilemma. Various
solutions were proposed, and the most appealing of which
was this elegant fix from Wolfgang Woehl:
cd data/render
find *tga | sort -n > list
The list file can then be processed by MEncoder.
As I mentioned, the Csound audio output is saved in a
separate audio file named render.wav in the AVSynthesis data
directory. By default, this file is a 16-bit stereo WAV file with a
sampling rate of 44.1kHz—that is, a CD-quality soundfile. It
needs no special attention unless you want to rename it.
Now, we're ready to encode our images and soundfiles.
Given the potentially large number of TGA images, the encoder
is likely to produce a very large video file, and even a relatively
short animation can devour dozens of gigabytes of storage. We
need to consider a compression scheme to reduce the file size.
I discovered two ways of using MEncoder to create a com¬
pressed AVI from my audio and video data. The first way uses
a multipass method:
mencoder -ovc lave -lavcopts vcodec=huffyuv:pred=2:format
^=422P:vstrict=-l -noskip -mf fps=30 -o master.avi mf://@list
mencoder -ovc lave -lavcopts vcodec=mpeg4:vme=l:keyint
^=25:vbitrate=1000:vpass=l -noskip -o foo.avi master.avi
mencoder -oac copy -audiofile ../render.wav -ovc lave -lavcopts
h *vcodec=mpeg4 :vme=l:keyint=25:vbitrate=1000:vpass=2
^-noskip -o foo.avi master.avi
The first step creates a huge master file, which is then
treated to a two-pass reduction scheme that adds the audio
data in the second pass.
This single-pass method also creates a large file, but it has
the advantage of faster production:
mencoder -oac copy -audiofile ../render.wav -ovc lave
^-lavcopts vcodec=mpeg4:vme=l:keyint=30:vbitrate=1000
**-vf scale=800:600 -noskip -mf type=tga:fps=30 -o
**avs-001 .avi mf://@list
As presented, this method sets the movie display size to
800x600. The scale parameter also can be included in either
the second or third steps in the multipass example, and may in
fact be necessary if your system complains about creating a
large-sized movie.
I've placed three example AVIs on-line at linux-sound.org/
avs-examples. Each animation demonstrates some of
the effects possible with a single GL shader (for example,
wobble.avi), the simplest Csound audio setup (one synth, one
signal processor), and the (mostly) default values for the
sequencer. Alas, the compressed videos can only hint at the
visual beauty of AVSynthesis performing in real time, and they
are offered merely as glimpses of the program's artistic potential.
Known Problems
The AVSynthesis config.xml file includes entries for changing
the program window size. AVSynthesis defaults to the current
screen settings, and it will fail to launch if it can't validate the
dimensions given in the config file. Alas, I was unable to
launch the program in any screen mode other than my default
dimensions (1280x1024).
The Csound phase vocoder opcodes are very CPU-intensive.
AVSynthesis has crashed randomly when I use the effects based
on those opcodes, though it works fine with them at other times.
The render.wav file and the data/render directory
must be cleared by the user; AVSynthesis will overwrite
the current contents.
Sound may become distorted when using the Analog
Synth 2 and the Wild Grain processor. Use the mixer to
balance audio output from the synths.
The Wrap
AVSynthesis is well worth the effort required to make it hap¬
pen. The further I get into AVSynthesis, the more possibilities I
discover that warrant yet deeper exploration, and I can see
(and hear) myself staying involved with the program for quite
a while. The program's author has stated that he intends to
squash remaining bugs and add some new features, but he
wants to keep AVSynthesis as uncomplicated as possible. You
can check out the latest version yourself, and with this guide's
assistance, you should be running AVSynthesis quickly and
smoothly under Linux. Have fun, be creative, and be sure to let
Jean-Pierre know how you're using his software. ■
Dave Phillips is a professional musician and writer living in Findlay, Ohio. He’s been using Linux
since the mid-1990s and was one of the original founders of the Linux Audio Developers group.
He is the author of The Book of Linux Music & Sound (Ho Starch Press, 2000) and has written
many articles on Linux music and sound issues for various journals and on-line news sites.
When he isn’t playing with light and sound, he enjoys reading Latin literature, practicing t’ai chi,
chasing shar-pei puppies and spending time with his beloved Ivy.
Resources
AVSynthesis: avsynthesis.blogspot.com
My AVSynthesis Examples: linux-sound.org/avs-examples
Csound: www.csounds.com
OpenGL: www.opengl.org
CsoundAV: www.csounds.com/csoundav
MPlayer: www.mplayerhq.hu
74 | may 2008 www.linuxjournal.com
PITCH CAMP ON FREE AND
OPEN GROUND
A
microsystems
CommunityOne
A big tent for the free and open source community
Register Today for the 2008 CommunityOne Conference
May 5, 2008 | The Moscone Center | San Francisco, CA
Be our guest for CommunityOne, a free and open developer conference. In one
jam-packed day, you'll find everything you need to advance your skills and create
stable and secure high-performance, next-generation infrastructures.
LEARN from experts representing a wide range of free and open source operating
systems, including: OpenSolaris, OpenSUSE, and others.
FOCUS on performance, virtualization, and security features.
HEAR from community leaders from various FOSS projects.
DRILLDOWN on infrastructure needs for utility computing and HPC.
You'll also have access to cutting-edge open source product and solution demos, the
option to lead a "mini-talk" on the subject of your choice in speed geeking sessions,
and access to Startup Camp (May 4-5), aimed to help you jump start your startup.
Plan to stick around, because you'll also have complimentary access to the
2008 javaOne SM conference general sessions and Pavilion on Tuesday, May 6.
ATTENDANCE IS FREE BUT SPACE I S LIMITED,
Save your seat at: developers.sun.com/events/communityone
Please use priority codte-CARS-
“CommunityOne is
a must attend event.
It’s not just dialed
into the future,
but also knows just
how we want to get
our information
and tools.”
-2007
CommunityOne Attendee
COME EARLY.
STAY LATE.
GENERAL SESSION
9:30 am -10:45 am
TECHNICAL SESSIONS
11:00 am - 6:00 pm
COMMUNITY RECEPTION
6:00 pm -730 pm
Copyright (C) 2008 Sun Microsystems, Inc. All rights reserved. Sun, Sun Microsystems, the Sun logo, ]ava, JavaOne, OpenSolaris, and all Java-based marks and logos are
trademarks or registered trademarks of Sun Microsystems, Inc. in the United States and other countries.
CommunityOne, 999 Skyway Road, Suite 300, San Carlos, CA 94070
INDEPTH
7
Fresh from the Lab
A look at promising software in development, john knight
Zero Install System (Oinstall.net)
You may have heard of this project before—another attempted
solution to a software installation problem with Linux. What is
the problem, you ask?
How do you install new software on Linux easily, in a uni¬
form manner that won't scare off a shy Windows user? This
area often needs attention, and we turn a blind eye because
we're used to using apt or something similar. Are systems like
apt really sufficient though? What if the program I want to
install isn't within a distributions's archive? What if it's too old?
What if I want a newer version than my distribution's archive
provides, without upgrading a gig's worth of my whole system
to satisfy all the other niggling dependencies? What if my
distro dies off and its archives disappear? What if I simply want
to do the same thing on each system?
Zero Install is the next in line for tackling this issue where
projects like Autopackage failed, but will it tickle the fancy of
the larger Linux audience?
Installation Thankfully, a large number of binaries are
available, and they will probably cover your system's needs.
I grabbed the Etch .deb, and it worked without any has¬
sles. If your system isn't covered though, the site includes
a source tarball that contains a Python script, plus instruc¬
tions on how to use it. There aren't any real obscure
dependencies, so chances are the base package will install
without any issues.
Usage Initial usage is more of a command-line affair,
which puts the Zero Install System in a different league from
Autopackage immediately. Once the Zero Install Injector has
been installed, you can install packages simply by typing
©launch and pasting the URL of the package into the shell
after it. However, finding the page of available packages took
me a minute—it's available at Oinstall.net/injector-feeds.html.
Once you've found a package that interests you, copy the URL
of the package and do as follows:
$ ©launch http: / /insertyourllRLhere
An installer window will pop up, displaying the package
name and any dependencies you may require. In a few
seconds, a window may appear, presenting you with a
trust key (a GPG signed key), asking you whether to allow
this key to run, which is similar to when your browser asks
whether to accept a site's Authentication Certificate. As
there aren't a great deal of packages available yet, trusting
these keys is fine for now, but should they become popu¬
lar, you will want to examine closely the key presented.
Once the key business is out of the way, press Run, and
the download of the new package will start along with any
other dependencies. Once the download has finished, the
Figure 1. Zero Install chases down dependencies along with the new
program.
C. hp-r k mg: litlp: ppo L i nuxCNC Oimrtal l Iv^iii m jp
Ple
Unreliable hints database says
Hwnkjs foimdld is experimenting with ptKkcKjinq
pujguims fur t)burnth. I his key was announced on 11
Sep 2005 uii the Jeio-insLali mailing list.
Trust th is key
fillip M Cancel | +
Figure 2. Zero Install presents an interesting trust key.
new program should launch right away. If not, any error
messages will appear in the shell.
This is all okay for the first time, but any other attempts to
run the new program will require the same arduous steps each
time. Thankfully, with some clever scripting, a local link is
made that puts a filename into your path without the need for
root privileges. It will require you to enter the URL once more
though, coupled with the command ©alias and your chosen
alias name, as follows:
$ ©alias alias http: //insertyourllRLhereagain
As a real-world example, I had success with a game called
Barrage, and the shell input looked like this:
$ ©alias barrage
http://people.freenet.de/LinuxCNC/0install/bar rage
76 | may 2008 www.linuxjournal.com
deco—Archive File Extractor
(hartlich.com/deco)
deco is great for people sick of typing
tar -zxvf, -jxvf and so on.
According to the project's Web site,
"deco is a generic archive file extractor
that has a consistent command-line
interface (deco l.tar.bz2 2.zip
3.flac 4.rar 5 . deb will just work)
and consistent behavior (it never
deletes archives after extraction, it
extracts relative to the current working
directory, and it extracts just verbosely
enough, all unless explicitly requested
otherwise). It provides automatic han¬
dling of extractor gotchas by creating
an extraction directory if there is more
than one file or directory at the archive
top level and by being able to fix
strange permissions. Dozens of archive
file extensions are supported out of the
box, and adding support for others
requires very little work."
Installation At the time of this
writing, deco is available only as a
source tarball; however, installation is
easy and unlikely to cause any hassles.
XfrfliV
XfiOfl
Now I can run the program in the future simply by entering
barrage at the command line. Included on the package page
is a selection of tools for simplifying some of these tasks, but
the above steps are still required for installing them.
Zero Install definitely has an interesting interface with
its own unique take on distro-independent packaging. I'm
guessing many people will be turned off by the command¬
line nature of this beast, especially with the copying and
pasting from a Web browser (command lines and GUIs
have never made the best of comrades). Also, many of the
tools seem to be based on the Rox file manager—a great
lightweight system but still relatively obscure to the larger
Linux audience.
Personally, I mourn the demise of Autopackage, an
outspoken project that received a great deal of hostility
from the traditional distro packagers, such as Debian,
that ultimately sparked its demise. Other similar projects
take a more pragmatic approach—some with a more
"Windowsy" installer (not necessarily a bad thing), others
as unique as this one. Zero Installer may gain popularity
simply by not being Autopackage and subsequently not
angering the apt-get overlords. However you see it, I hope
all these distro-independent packaging projects are send¬
ing a message to the developer com¬
munity that not everyone is happy
with the idea of being reliant on
repositories, and a major change is
required soon in software installation
methods. This issue won't go away.
After extracting the archive and entering the new directory,
doing a standard:
$ ./configure
$ make
(if not root) $ su
# make install
worked with no issues, and probably will do the same for you,
as it doesn't have a large amount of dependencies.
Usage The general usage is simply:
$ deco filename.tar.gz
That's about all there is for most people—short and sweet.
But, what tricks lie under the hood? There are all sorts of neat
optimizations.
For instance, usually Linux projects are placed in a
directory within an archive to keep source directories from
becoming cluttered. Unfortunately, archives sometimes
have files placed straight in them, without being placed in
a directory. This fills up your source directory with all sorts
of unwanted files that also may be overwritten, deco
your seatbelts!
Feel the speed of
True @66® Pom
I Quad Core Quad Core 2x Quad Co re
Kentsfield Clcvertowr Clover town
fan mO XeOn UOO Jfcm S300
5100 5140_5180
1 GB RAM
500/250 GB SATA 2
1300 GB/mo Included
100 Mbps Dedicated Port
"> 20 MPH
10 150 c
V V
k 206505
carmei
CARI.NET/LJ
??? Kom
www.linuxjournal.com may 2008 | 77
INDEPTH
1
Figure 3. deco is probably the easiest archive extractor I’ve used.
places an archive's extracted contents within a directory
to keep things clean. Cleverly, if an archive already has its
contents contained within a directory, deco extracts the
archive as is. If not, deco places them within a directory
named after the filename, minus its extension.
For example, if I had a file called tuesday-jam-session.tar.gz,
deco would place the contents under the directory tuesday-
jam-session.
If you want further control, such as deleting the archive
after extraction and so on, this also is possible with a
series of command-line switches, available on the project's
Web site. Even if you're happy with the way it works
already, it's worth reading the site to see some of the other
options available, and also what neat tricks and shortcuts
lie under the hood.
Something to keep in mind is that the deco project
doesn't try to re-invent the wheel—it isn't monolithic. It's
reliant on having the necessary external extraction tools
available, such as unrar for .rar files and so on. However,
this is the approach taken by most archive tools, so most
people expect that anyway. Nevertheless, it wouldn't take
a great deal of work to include all these external programs
in one big package, so any enthusiasts of the project may
want to do just that. Although it's currently available only
via source, hopefully it will make it into most distro
archives soon.
Overall, deco is a lovely little program that is likely to save
many a tired, caffeine-fueled coder some midnight grief and
make computing just that little bit nicer.
orDrumbox (www.ordrumbox.com)
orDrumbox is a small, Java-based drum-machine applet
that runs on Linux, Windows and Mac OS X. Designed less
for the drummer and more for the desktop DJ, orDrumbox
quickly makes funky mid-tempo electronic tunes with beats
and inserted samples. Developed using Java, this drum
machine is highly portable and lightweight, which is ideal
for DJ enthusiasts jumping between machines and showing
their friends.
Installation As far as packages go, the only Linux
binary available is an .rpm (not handy as I have a Debian-
based system). Source code is available, but it is zipped
and for Java, and not everyone will have a compatible
compiler. I downloaded the .rpm and converted it to a
Figure 4. Surprisingly, just clicking randomly probably will make a
halfway decent beat.
TECH TIP
Check to See If a Script Was Run as root
If you have scripts that need to be run as root, you can check
for this at the start of the script with:
if [[ $UID -ne 0 ]]; then
echo "Must be run as root"
exit 1
fi-
lf you use sudo, you even could restart the script with sudo
if it was not run as root:
if [[ $UID -ne 0 ]]; then
sudo -p "Restarting with sudo. Password: " sh $0 $*
states?
exit $stat
fi
The sudo command runs the script as sh $0 $*. The
sh is included in case the script does not have the execute
bit set.
— MITCH FRAZIER
78 | may 2008 www.linuxjournal.com
Designed less for the drummer and more for the desktop DJ, orDrumbox quickly
makes funky mid-tempo electronic tunes with beats and inserted samples.
.deb using alien, which is not difficult; check the alien man
page for more info. Thankfully, it converted and installed
with no major issues. When I started the program though,
it required a particular version of Java, jpackage-utils (see
www.jpackage.org, also available on rpmfind.net). This
had no Debian file either, so I had to use alien on this
package too. Luckily, there were no complaints here either,
and after these two steps, the program simply worked.
Usage To start the program, enter orDrumbox. sh into
your shell. If all goes well, the program now should be
working. If you look in the top half of the orDrumbox
screen, there should be a window called Pattern 0 (Edit)—
this is where most of your work will happen. If you look to
the right of the box containing a 4 at the top of the win¬
dow, you'll see a gray and yellow box. Hover your mouse
over it, and it will say, "create new track". Press this a
large number of times (14 and up for the default drum
kit), as each line creates a new instrument with which to
play. On the left of each line are the _
controls for each instrument, including
volume and so forth. On the right is
the Note Editor area.
With the Note Editor, double-click
any of the boxes, and they will change
from white or gray to green and red.
The green tells you what note will be
played, and you'll see there are two
red sliding bars: one going from
bottom to top, the other from left to
right. The bottom-to-top slider controls
the note velocity, and the left-to-right
slider determines the note and octave
played (or the pitch). It defaults to C2,
but it can be tuned up or down
accordingly. Click randomly in any of
the boxes, then click the large play
icon in the bottom center of the
screen. A beat will start playing—prob¬
ably a strange one. Try changing the
pitch and velocity randomly, as well as
adding new notes and removing old
ones to see how it affects the beat. To
remove any notes, simply right-click in
the note's box and choose delete note.
This should be enough to get you
started on beats, but you'll need the
user manual to get more involved and
create whole songs. Check the manual
available on the Web site, and try out
some of the custom drum kits avail¬
able too. There are some limitations
with the scalability of the program,
and the biggest limitation is that it's limited to 120BPM.
This is enough for most electronic and dance music, but
it's unsuitable for genres like punk, speed metal and so on.
The sounds that are provided with these kits really are
geared for more electronic genres anyway and will sound
strange with anything rock-based, so those into fast rock
genres will want to stick with something like Hydrogen.
Overall, this is a fun little utility that will find its way into
the hearts of many a home DJ.a
John Knight is a 23-year-old, drumming- and climbing-obsessed maniac from the world’s most
isolated city—Perth, Western Australia. He can usually be found either buried in an Audacity
screen or thrashing a kick-drum beyond recognition.
Do you have an interesting project, something useful, handy or
even mind-bending? Send e-mail to knight.john.a@gmail.com.
Redefining the User Experience
PEG® GUI Development Tools
A family of portable graphics
software for designing a high
performance GUI for any
embedded device.
Completely customizable
Multi-lingual support
High color depth support
Small footprint
Fast execution speed
Designed for cross platform
application development
(tfi)
GRAPHICS SOFTWARE FOR EMBEDDED SYSTEMS
WWW.SWELLSOFTWARE.COM
810-385-2893
www.linuxjournal.com may 2008 | 79
INDEPTH
7
Running Ubuntu as a Virtual
OS in Mac OS X
Our intrepid writer installs and tests Ubuntu Linux within both VMware Fusion
and Parallels Desktop on Mac OS X. Can you really run both Linux and Mac OS X
simultaneously and achieve nirvana? davetaylor
Let's start right off by tackling the most pertinent question
for this article: why the heck would someone want to run
Linux on a Mac system that already has a very nice Linux distro
hidden beneath Mac OS X? Built atop NetBSD, there's quite a
bit of Linux sitting there waiting to be utilized in the system,
including niceties like crontab, robust account management
and much more.
Go to Applications^Utilities, and you'll even find X11, a
tightly integrated version of the popular Linux windowing sys¬
tem that plays nicely with the graphical interface that defines
the so-called Mac experience. What more could a geek want?
The best answer is simply to quote Sir Edmund Hillary, or
perhaps misquote him slightly. Why run Linux on a Mac?
"Because you can." If it just feels too wacked to you, take a
deep breath and proceed to the next article in the magazine—
no harm done.
Still with me? Great. So let's look at the two ways you can
run Linux. You can set up a Mac to dual boot, using Apple's
Boot Camp system, which is included with Leopard 10.5 and
available for download if you're still running Panther (10.4)
from Apple's Web site, but somehow that seems clunky at
best given the great virtualization capabilities on modern
Apple hardware. As a result, I'm going to focus on getting
Linux up and running simultaneously with running Mac OS X.
Two robust applications let you run another operating
system within a virtual environment on your Mac: Parallels
Desktop and VMware Fusion. The former is a Mac-only
company, but the latter might well be familiar to those of
you who have run Windows within Linux or Linux within
Windows, and so on. I've personally used both products
for many years.
I settled on Ubuntu, a Linux distro that has been gaining
market share during the past few years and is one of the
most popular available. It's also preconfigured for both
Parallels and VMware Fusion, so that makes it even better.
Free operating systems (that is, anything but Microsoft
Windows) can be downloaded easily from vendor sites as a
preconfigured data image, alleviating the need to install
anything at all—simply download.
Both companies refer to these operating system data
images as virtual appliances, and I do so throughout the rest
of this article too. You can find Parallels' virtual appliances at
ptn.parallels.com, and VMware Fusion's virtual appliances are
at www.vmware.com/appliances.
VMware Fusion Download
Each repository is impressively broad. For example, the
VMware Fusion catalog offers you the ability to download
Ubuntu 8.04 alpha 1 or 2, Gentoo 2007.0, PCLinux S,
GEubuntu 7.10, OpenSUSE AlphaO, Ubuntu 7.10 Jeos with
VMware tools already installed, Linux Mint 4.0 Daryna, and
many more Linux distributions, all configured and ready to go.
Perhaps even more interesting, you also can download gOS
1,0.1-bagvapp, described as "Google-Wal-Mart's Ubuntu
Gutsy-based OS for 'Green PC'". What Wal-Mart's doing
with its own Linux distro, I will leave for another article.
I downloaded Ubuntu 7.10 (Gutsy Gibbon) Desktop—
English for VMware Fusion (657MB). Interesting to note,
the description states, "perfect to test drive Ubuntu or as
a secondary operating system running within Windows."
Windows? We'll see how portable these operating system
virtual appliances are I guess. At least it includes a useful
set of apps: OpenOffice.org 2.3, Firefox 2, Evolution 2.12,
GIMP 2.4, GCC 4.2.1, GNOME 2.20 and X.Org 7.2, all
atop Linux kernel 2.6.2.
Downloading files of this size takes us into the world of
file sharing: you either can download a single monolithic file
in RAR format (RAR stands for Roshal Archive, named after
inventor Eugene Roshal) or grab the same file through
BitTorrent, which requires a BitTorrent client. I strongly recom¬
mend the latter, and I recommend Transmission as the client to
use (transmission.mOk.org), It took me a little less than two
hours to download this file.
Parallels Desktop Download
While the Fusion Virtual Appliance was slowly chugging down
the pipe and I was waiting for the black helicopters of the
MPAA or RIAA to show up and kick in my door (just kidding,
mostly, on that last one), I popped over to the Parallels virtual
appliance directory. Although better organized, it had consid¬
erably fewer appliances available, and there was, in fact, only
one reference Ubuntu option, described simply as Ubuntu
Desktop. Digging a bit further revealed that it was version
7.04 and was helpfully described as "The virtual appliance
is the default Ubuntu Desktop Linux installation. There are
various GNOME-based applications."
That's what I wanted, nonetheless, and at 727MB it was
broken into either four 199MB RAR files (yeah, that doesn't
add up to 800MB, but you know what I mean) served
80 | may 2008 www.linuxjournal.com
Advertiser Index
up by hyperfileshare.com or eight files of 100MB from
rapidshare.com. I have to say that this is a significant mistake
on the part of Parallels, as these file repositories are confusing,
and not having the file accessible through the BitTorrent
network is a massive drag. The download is more of a has¬
sle, although it downloaded faster: less than an hour when
I, uh, borrowed the network connection at the local cafe.
The biggest problem is that downloads cannot be resumed,
while BitTorrent is designed to handle frequent outages,
which effectively means you never need to download the
same byte twice.
An important thing to note when you do download these
virtual appliances is the default user account and password
for the OS. For the Parallels virtual appliance, it's ubuntu
and the password is 123, and for the VMware Fusion virtual
appliance, it's jars, with the password jars. Forget those and
you'll be digging through your Web browser history to find
the pesky information.
Unpacking Virtual Appliances
While everything was downloading, I made sure I had down¬
loaded and installed both apps properly, VMware Fusion 1.1
and Parallels Desktop 3.0 Build 5582.0. Both offer fully
functional 30-day demo licenses, so you can try Ubuntu
in both environments without paying a dime. I used fully
licensed commercial versions of the two programs, but
they're functionally identical.
Once the virtual appliance files were downloaded, as
shown in Figure 1, it was time to unpack them and double¬
click to see what would happen. Remember, Macs are the
computers for the rest of us, so it really should be this easy if
the vendors have done their work correctly.
i n n
Downleads
iZLj
= m
IJtLi
I ▼ DEVICES
rm
~i ^achtoi i HD
1 * SHARED
E9
Ubuntu_7 wire_EM.rar
▼ MLACII
ubunt.j-704.tir parti rar
jrj Desktop
E9
imm
^ tJY‘Or
jA Apipl citrons
a
u bu nt j - 7 , 04 . tar. rar
£3 cool stuff
B3
mm
DGC_.nrer*ts
FI ^ovpes
CM
ubun£d-7.Q4,tar parti.rar
1 ► SEARCH FOR
□
11* NIB
CM
ubuntu- 7, 04 .tar pair4 rar
129
» H
!* I*
5 liens, 55.44 GB avail able ^
Figure 1. Both the VMware Fusion and Parallels Desktop virtual
appliances download as RAR archives, easily handled with Mac OS X.
For advertising information, please contact our sales
department at 1-713-344-1956 ext. 2 or ads@liningournal.com.
www.linuxjournal.com/advertising
Advertiser Pi
age#
Advertiser
Page#
Aberdeen, LLC j
www.aberdeeninc.com
□
Logic Supply, Inc.
www.logicsupply.com
□
ASA Computers
www.asacomputers.com
ED
Microway, Inc.
www.microway.com
1 95 \ A |
Avocent Corporation J
www.avocent.com
□
Mikro Tik
www.routerboard.com
□
Cari.net
www.cari.net
E
O'Reilly GSP
conferences.oreilly.com/gspeast
ED
Community One |
3
PHP Tek
E
developers.sun.com/events/communityone
www.phparch.com
Coraid, Inc. j
www.coraid.com
ED
The Portland Group
www.pgroup.com
E
Emac, Inc. j
www.emacinc.com
1 49 1
Rackspace Managed Hosting
www.rackspace.com
E
EmperorLinux
www.emperorlinux.com
3
R Cubed Technologies
www.rcubedtech.com
ED
Genstor Systems Inc.
www.genstor.com
ED
RISoft, Inc.
www.rlsoft.com
E
HP i
www.hp.com
3
Sangoma Technologies
www.sangoma.com
ED
HPC Systems, Inc.
www.hpcsystems.com
□
Silicon Mechanics jj
www.siliconmechanics.com
33
Hurricane Electric J
www.he.net
ED
Sun Java One Conf.
java.sun.com/javaone
ED
IDG World Expo |
www.idgworldexpo.com
3
Swell Software, Inc.
www.swellsoftware.com
ED
Intel j
www.intel.com
ED
Technologic Systems
www.embeddedx86.com
E
Interop j
www.interop.com
3
VersaLogic Corporation
www.versalogic.com
E
LPI |
www.lpi.org
ED
ZT Group International
www.ztgroup.com
□
www.linuxjournal.com may 2008 | 81
INDEPTH
1
O The Usiarchiver
rVfoNd Mf Ift* Hhjfitm 7 ID FhflJfcMVH vindl'" Thp
aftliivcd r nc pi ij jipLtt
O smp ( cefiiifw#e_
Figure 2. The first Ubuntu virtual appliance download for Fusion was
corrupted, which is darn frustrating after waiting fora 657MB download
to complete.
Figure 3. It’s always exciting to watch a progress bar. This one shows
Parallels Desktop virtual appliance Ubuntu 7.04 unpacking from the
RAR archive into a .tar.gz file.
Figure 4. Parallels Desktop running Ubuntu—we re ready to log in.
To unpack the RAR archives, I installed and used an
application called The Unarchiver, which you can grab from
www.versiontracker.com, among other places. I encoun¬
tered a glitch while unpacking VMware, as shown in Figure
2. I optimistically clicked on Continue, but it didn't work.
None of the files extracted were larger than a few dozen
KB. Plan B was to download a different Ubuntu virtual
appliance, Ubuntu Gutsy Gibbon 7.10 Desktop. And this
time, it didn't use BitTorrent, so I watched it slowly down¬
load a 468MB image, just to find an archive file ending
with ,7z, which I'd never seen before. The Unarchiver
claimed to deal with 7z archives, but rejected this as cor¬
rupted too. Before I gave up though, I downloaded yet
another app, 7zX, and after almost 20 minutes, it
unpacked successfully.
Although the Parallels download comes in four parts,
with cheery names like ubuntu-7.04.tar.part1 .rar, RAR-
friendly apps like Unarchiver automatically concatenate
the files. The end result is ubuntu-7.04.tar.gz, which can
again be double-clicked on and unpacked to ubuntu-
7.04.tar, which again unpacks (why am I reminded of
Russian nesting doll puzzles), finally, into the files we seek.
The end result is a folder called ubuntu that contains all
Why run Linux on a Mac?
“Because you can.”
the necessary files. You can see the files unpacking properly
in Figure 3.
Now it's time to double-click on the virtual appliance
images and see what happens. In the case of Parallels, I
clicked on ubuntu.pvs, and about a minute later, I was
presented with the login window shown in Figure 4.
I logged in, and it all looked great, but there was no
Figure 5. Parallels Desktop running Ubuntu within the Mac OS X world,
logged in. on the network and quite usable.
network connection, which was solved by changing the
network option in Parallels Desktop itself from bridged to
shared networking (NAT), then clicking network connection
on the Ubuntu menu bar. A few seconds later, and you can
see the results in Figure 5.
With the VMware Fusion archive, it wasn't as obvious
what needed to be double-clicked to get started, but
Ubuntu-7.10.vmx seemed like a good choice. It worked, as
shown in Figure 6, but notice that the window was far big¬
ger than the Fusion parent window. Additionally, VMware
Fusion complained that the VMtools hadn't been installed,
which was a surprise given that it's a download I found at
the VMware site. Also, the account and password pair did¬
n't work, because it was a different VA image from what I
originally had planned. I guessed and lucked out: ubuntu
82 | may 2008 www.linuxjournal.com
Figure 6. VMware Fusion running Ubuntu. By default, the Ubuntu
virtual appliance had a ridiculously high resolution set, far bigger
than the Fusion window itself. You can see that by how the login
prompt isn’t centered.
Figure 7. VMware Fusion running Ubuntu within Mac OS X. Once
tweaked, it worked perfectly in the virtualization environment.
and ubuntu worked, and after fussing with screen resolu¬
tion settings—but not having to tweak the network set¬
tings—I had Ubuntu working within VMware Fusion too,
as shown in Figure 7.
Did It Work and Was It Worth It?
In the end, I did have a fully functional Ubuntu Linux
running within each of the two virtualization environ¬
ments—one was sufficiently fast that when I put it into
full-screen mode on my 2.3GHz MacBook Pro running
Mac OS X Leopard 10.5.1, I really could use it for editing
documents, surfing the Net and experimenting with
Ubuntu and Linux graphical apps. In fact, I was rather
Remember, Macs are the computers
for the rest of us, so it really
should be this easy if the vendors
have done their work correctly.
surprised by how snappy the operating system was within
these environments, as I'd run Microsoft Windows XP
and Windows Vista within the virtualization world and
had found it functional, but not comparable to a real PC.
Linux within the virtualization world, however, was quite
pleasantly snappy and very usable.
This leaves us the fundamental question with which
we started, why? If you have a logical reason to run a
full Linux distro on your Mac for testing or experimenta¬
tion, or to gain access to applications not otherwise
available within the Mac OS X world, this is a satisfying
path to travel. ■
Dave Taylor has been involved with UNIX and Linux since 1980 and was a contributor to BSD
4.4, among other distributions. He runs a popular tech blog at www.AskDaveTaylor.com and
also writes the shell scripting column Work the Shell for Linux Journal. You can reach him
on-line at www.intuitive.com.
TECH TIP
Extract Images from PDF Files
If you want to extract images from a PDF file, you
can use the pdfimages program from the poppler
package. To extract the images from an entire file,
run the command:
pdfimages input.pdf image-root
If you want to extract images from a range of pages,
you can use the -f and -I options to specify the first and
last pages in the range. To extract the images from pages
two to four, use the command:
pdfimages -f 2 -1 4 input.pdf image-root
Images are written to files named image-root-nnn.xxx,
where nnn is an image number and xxx is the image type
(for example, jpg).
— MATTHEW MARTIN
www.linuxjournal.com may 2008 | 83
INDEPTH
7
Mobile IPv6 with Linux
Augmenting IP with movement awareness.
Free software is freedom, and so is mobility. In an age of
embedded devices, nomadic users and omnipresent wireless
connectivity, augmenting the venerable Internet Protocol (IP)
with movement awareness and adaptability is due. IP's founding
architects designed it with the assumption that the Internet
node is static. This simplified the design by enabling a single
field, the IP address, to signify both location and identity. A
sending machine refers to a receiving one by the IP address
(the identification role), and routers in the network use the IP
address to direct traffic to the right path (the topological role).
In this age of portability and nomadicity, this conflation of
functions introduces a contradiction. For routing to do its job,
the address needs to change according to the location; for the
address to be used as an identifier, it must remain fixed.
Mobile IP (MIP), an extension of IP, provides a solution for
that problem. The Internet Engineering Task Force (IETF) has
been actively developing MIP for both IPv4 and IPv6 since the
1990s. The Mobile IPv6 (MIPv6) standard advanced from draft
status to Proposed Standard (PS) status in 2004. Since then,
optimizing and securing MIPv6 has become an active standard¬
ization and development area. A cost-effective, flexible and
insightful vehicle for getting hands-on experience with MIPv6
is to experiment with the Mobile IPv6 for Linux (MIPL) package
that the Helsinki University of Technology (HUT) has been
developing since 1999.
The purpose of this article is to get you, the brave roamer,
primed in MIPv6 by experimenting with MIPL. It assumes basic
understanding of IPv6 and wireless LAN networking, and it
consists of two parts: the first introduces MIPv6, and the
second introduces MIPL.
MIPv6
IP mobility means the ability to handle movement gracefully.
Movement, in the context of MIP, is an event or an operation
that causes a machine to change its IP address. It is a move¬
ment from one IP subnet to another. Physical movement could
cause it, but that isn't the only way a machine could "move"
in the context of MIP. At the same time, physical movement
doesn't necessarily translate to a network layer movement.
Movement within a single wireless cell, for example, doesn't
cause a subnet change and, thus, isn't movement from MIP's
perspective. Movement is problematic for traditional IP. It
forces a machine to change its IP address so as to belong
to the new subnet to which it has just moved. Movement
changes the machine's identification. It tears down TCP
connections, such as Web-browsing sessions, because the IP
address is one of the parameters that identifies a TCP connec¬
tion. This makes for a rough roaming experience, as sessions
have to be re-established each time a handover happens.
MIP deals with movement by decoupling identity from
location. MIP provides each Mobile Node (MN) with two
SALAH M. S. AL-BURAIKY
addresses: a permanent (long-term) address that embodies
identity, called the Home Address (HoA), and a temporary
(short-term) address that embodies location, called the Care-of
Address (CoA). The HoA remains fixed, while the CoA freely
changes according to the location of the node. MIP provides a
mechanism to map between the two addresses dynamically. A
moving machine (Mobile Node) changes its CoA each time it
moves from one subnet to another, but it maintains its HoA
and uses it to provide any node communicating with it, called
a Correspondent Node (CN), with a stable destination address.
The mapping between the HoA and the CoA is called bind¬
ing and is the central concept underlying MIP. The message
that establishes the binding is called a Binding Update (BU).
A table that tracks bindings is called a Binding Cache (BC).
Sending Binding Updates and maintaining Binding Caches is
the essence of MIP. All other aspects of the MIP protocol are
to scale, secure, optimize and generally enhance the way
bindings are established and used.
To provide a concrete description of MIP, let's look at the
interactions between the participants in MIP in its most basic
mode of operation (without Route Optimization). At its home
network (home link), the MN uses its address (the HoA) in the
standard fashion. MIPv6 kicks in upon movement detection.
When the MN notices that its current default router has disap¬
peared (it can no longer hear the router's advertisements) and
that a new router is now chirping, it concludes that it has
"moved" and uses the new prefix (subnet ID) to configure a
new address (a new CoA) that belongs to the new subnet. It
then sends a BU to a special router on the home link, called
the Home Agent (HA), telling it that the HoA it "owns" is
now bound to that new CoA. The HA records the mapping
between the HoA and the CoA in its BC. Adding an entry to
the BC is called registration. Traffic destined to the HoA, from
any CN on the Internet, is routed to the home network
because the HoA topologically belongs to it. There, the HA
intercepts it and tunnels it to the MN's CoA address registered
in the BC. Return traffic is reverse tunneled from the MN back
to the HA and then sent from the HA to the CN. This way, the
MN becomes always addressable by its HoA.
MIPL
MIPL consists of two components: a kernel-space component,
in the form of a kernel patch, and a user-space component, in
the form of a Mobility Daemon (mip6d). The daemon imple¬
ments most of the functionality. It discovers location, detects
movement, sends and processes BUs and maintains the BC.
The MIPL patch provides the kernel support required for the
daemon to perform those functions. The MIPL patch adds, for
example, support for the Mobility Header protocol (MH),
which is the IPv6 extension header that transports BUs and
Binding Acknowledgments (BAs) and other binding-related
84 | may 2008 www.linuxjournal.com
Today’s open source solutions drive growth, productivity, and competitive advantage from the data
center to the desktop and in mission-critical apps of all kinds. Are they doing everything they could
for your organization?
There’s only one event that brings you the high-level strategic guidance, unmatched product
exhibition, and nuts-and-bolts training to put it all to work. Come to LinuxWorld and discover what
Linux and open source can do for your most pressing business needs—and your entire enterprise.
RF G ISTFR TO DAY A T_
www.linuxworldexpo.com
August 4-7, 2008
The Moscone Center
AN *IDG WORLD EXPO EVENT San Francisco, CA
LinuxWorld is open to business professionals only. No one under 18 years of age will be admitted.
INDEPTH
1
messages. In addition to the MIPL package, we'll need to
install the Router Advertisement Daemon (radvd), as MIPv6
relies on the auto-configuration provided by router advertise¬
ments to detect movement and configure CoA addresses
among other mobility-related tasks.
To explore the basic operation of MIPv6, let's use MIPL to
create a simple MIP network consisting of two MIPL-patched
Linux machines: a router, called denali, and a laptop, called
raven. The laptop is a typical x86 machine that has a single
802.11 b wireless interface and will be our MN. The router is a
fanless, headless, single-board computer (Soekris Net4521)
that has two 802.11b wireless interfaces, each hosting a
different wireless network (ESS/Extended Service Set) and a
different subnet. One router interface will be acting as the
HA, and the other will be acting as a visited (foreign) network.
Figure 1 shows the two machines used, and Figure 2 shows
the logical setup.
Figure 1. Mobile Node Laptop and Its Flome Agent on Top of It
For simplicity, let's leave out advanced configurations, such
as IP Security (IPsec) and Route Optimization (RO), and establish
only the most basic MIP setup. We'll not use a standalone CN.
Installation—Kernel-Space
Installing the kernel part of MIPL for both the HA and the MN
is exactly the same. First, download the kernel source tree
against which the latest MIPL patch was taken (2.6.16, in my
case), and patch it with the MIPL patch (version 2.0.2, in my
case). Configure the kernel with the features needed for each
machine, ensuring that the following configuration features
are included (the script chkconf_kernel.sh, included in the
MIPL user space tarball, can do the checking for you):
■ NET_KEY, NET_KEY_MIGRATE, XFRM and XFRMJJSER
XFRM_ENHANCEMENT: those add Internet Key Exchange
(IKE) support that is needed for dynamically configuring
IPsec. IPsec can be used optionally to secure MIPv6.
■ IPV6JVIIP6: this adds support for the Mobility Header (MH)
protocol and the other IPv6 protocol extension headers
MIPv6 demands.
■ IPV6_ADVANCED_ROUTER: this enables the selection of
advanced routing capabilities, such as policy routing.
■ IPV6_MULTIPLE_TABLES: this adds support for policy routing,
an advanced routing feature that enables routing based on
fields other than the destination address.
■ IPV6_SUBTREES: this adds source routing support, which is
needed for sending traffic directly to the Mobile Node
(without passing through the Home Network) when MIP is
operating the Route Optimization (RO) mode.
IPV6_TUNNEL: IPv6 in IPv6 tunnel, which is needed for the
HA to MN communication.
Figure 2. The MN on the Flome Link (before Moving)
Build, install and reboot into the new kernel:
[raven]# wget
http://www.kernel.org/pub/linux/kernel/v2.6/linux-2.6.16.tar.bz2 &&
tar -jxf linux-2.6.16.tar.bz2 &&
gzip -d mipv6-2.0.2-linux-2.6.16.patch.gz &&
cd linux-2.6.16 && patch -pi < . ./mipv6-2.0.2-linux-2.6.16.patch &&
make menuconfig
[raven]# make && make install
Installation—User-Space
To build the Mobility Daemon, follow the steps you would do
for any autotools built package: unzip, untar, cd to the directory
of the package, ./configure, make and then make install
(read the included INSTALL document for the details). Follow
the same procedure for building and installing the Router
Advertisement Daemon, radvd. With that finished, you should
have both MIPL components (kernel and user-space) and radvd
installed, and you now are ready to start configuring.
86 | may 2008 www.linuxjournal.com
LAS VEGAS | APRIL 27-MAY 2, 2008
DON'T MISS THE LEADING
BUSINESS TECHNOLOGY EVENT
• VIRTUALIZATION
• DATA CENTER
• IT SERVICE MANAGEMENT
• GREEN IT
• IT SECURITY
• PHYSICAL SECURITY
• SAAS
• NETWORKING AND SERVICES
• APPLICATION DELIVERY
• STORAGE
• UNIFIED COMMUNICATIONS
• VOIP
• WIRELESS AND MOBILITY
• ENTERPRISE 2.0
• 20,000 ATTENDEES
• 500+ EXHIBITORS
• 200+ SESSIONS
Interop is your only opportunity to see all the latest technologies in
one place and get the information you need to be an IT leader.
Register today to reserve your Free Expo Pass.
Enter priority code CMADNL07
at www.interop.com.
: Event is open to trade participants only. A business card demonstrating industry involvement will be required for entry.
INDEPTH
1
Configuration
To start off simply, let's begin without Route Optimization (RO),
without IPsec and with a manually configured HA address in
the MN. Once we have the basic setup working, we can
enhance and expand it incrementally. Keep in mind that in the
real world, like on the Internet or in enterprise networks, RO
and IPsec are essential. In production networks, you also might
desire other extensions, such as Fast Mobile IPv6 (FMIPv6) or
Hierarchical Mobile IPv6 (HMIPv6), although those aren't
implemented by MIPL.
Let's configure local parameters first, then Layer 2 parameters
and finally Layer 3 parameters.
First, let's do the Home Agent configuration (denali), Host
State (sysctl). At the outset, we need to put the HA in the right
state of mind and configure the HA machine to operate as a
router, so we need to turn on packet forwarding. We'll do this
by setting the variable /proc/sys/net/ipv6/conf/all/forwarding,
using one of the following two commands:
[denali]# echo "1" > /proc/sys/net/ipv6/conf/all/forwarding
[denali]# sysctl -w net.ipv6.conf.all.forwarding=l
You could make those settings permanent across reboots
by editing /etc/sysctl.conf.
Now, let's configure Layer 2 (the Data Link Layer) parameters
(Listing 1). We'll assign each wireless interface a different wire¬
less network ID (ESSID) and sufficiently space their frequency
Listing 1. Configuring the Data Link Layer—Flome Agent
[denali]# iwconfig wlanG essid "home" channel 3
[denali]# iwconfig wlanG essid "remote" channel 8
[denali]# iwconfig wlan0 ; iwconfig wlanl
channels apart to avoid inter-cell interference.
Our next step is to configure the Layer 3 (Network
Layer) parameters. This includes addressing, configuring
the Router Advertisement Daemon and configuring the
Mobility Daemon. To configure addressing, use the commands
shown in Listing 2.
To configure router advertisements, edit the /etc/radvd.conf
file, as shown here:
interface wlan0
{
AdvSendAdvert on;
AdvIntervalOpt on;
MaxRtrAdvInterval 10;
MinRtrAdvInterval 1;
MinDelayBetweenRAs 1;
AdvHomeAgentFlag on;
prefix 2001:db8::/64
{
AdvOnLink on;
AdvAutonomous on;
AdvRouterAddr on;
};
};
interface wlanl
{
AdvSendAdvert on;
AdvIntervalOpt on;
MaxRtrAdvInterval 10;
MinRtrAdvInterval 1;
MinDelayBetweenRAs 1;
AdvHomeAgentFlag off;
wlanO IEEE 802.11b ESSID:"home"
Mode:Master Frequency:2.422 GHz Access Point: 00:02:6F:06:0B:CF
Bit Rate:11 Mb/s Sensitivity=l/3
Retry min 1imit:8 RTS thr:off Fragment thr:off
Encryption key:off
Power Management:off
Link Quality:© Signal level:© Noise level:©
Rx invalid nwid:0 Rx invalid crypt:© Rx invalid frag:0
Tx excessive retries:97 Invalid misc:342 Missed beacon:©
wlanl IEEE 802.11b ESSID:"remote"
Mode:Master Frequency:2.447 GHz Access Point: 00:02:6F:06:46:10
Bit Rate:11 Mb/s Sensitivity=l/3
Retry min 1imit:8 RTS thr:off Fragment thr:off
Encryption key:off
Power Management:off
Link Quality:© Signal level:© Noise level:©
Rx invalid nwid:0 Rx invalid crypt:0 Rx invalid frag:0
Tx excessive retries:!© Invalid misc:6767 Missed beacon:©
prefix 2001:db8:1::/64
{
AdvOnLink on;
AdvAutonomous on;
AdvRouterAddr on;
};
In the stanza pertaining to wlanO, you
can see that we have enabled router
advertisements on the interface by setting
AdvSendAdvert. We also have configured
the interface to operate as an HA by
setting AdvHomeAgentFlag. The other
wireless interface, wlanl, is configured
similarly, except that AdvHomeAgentFlag
isn't set. Note that the more frequent
router advertisements are, the faster
movement can be detected, but they
generate more overhead.
88 | may 2008 www.linuxjournal.com
d
EVERYTHING
ABOUT JAVA™ TECHNOLOGY. AND SO MUCH MORE.
You won’t want to miss the |avaOne conference, the premier
technology conference for the developer community. This year’s
Conference presents the latest and most important topics and
innovations today to help developers access even more
richness and functionality for creating powerful new
applications and services.
MORE
OF WHAT YOU NEED
200 + technical sessions
More than 100
Birds-of-a-Feather sessions
15 Hands-on Labs
LEARN MORE ABOUT
• Web 2.0
• Rich Internet applications
• Compatibility and
interoperability
• Open source
• E-commerce collaboration
• Scripting languages
|ava Platform, Standard
Edition ()ava SE)
)ava Platform, Enterprise
Edition (|ava EE)
)ava Platform, Micro Edition
()ava ME)
Save $200
on Conference registration!
-Reg- \ -
java.sun.com/javaone
Please use priority code: J8PA5LJ
Java
JavaOne™ Conference | May 6-9, 2008
JavaOne SM Pavilion: May 6-8, 2008 , The Moscone Center, San Francisco, CA
A
Platinum Cosponsors
Cosponsors
AMDCI
(jntel)
bea
Think liquid."
lifm INTERSYSTEMS
Q MOTOROLA
ORACLE
**JBoss
(Q ^ a division of Red Hat
Microsoft NAVTEO PSS,
Copyright © 2008 Sun Microsystems, Inc. All rights reserved. Sun, Sun Microsystems, the Sun logo, Java, the Java Coffee Cup logo, JavaOne, JavaOne Conference, the JavaOne logo, Java Developer Conference, Java EE, Java ME,
Java SE and all Java-based marks and logos are trademarks or registered trademarks of Sun Microsystems, Inc. in the United States and other countries.
INDEPTH
1
Now launch the router advertisement daemon,
radvd:
[denali]# radvd -C /etc/radvd.conf
To configure the Mobility Daemon, we need to
edit the /etc/mip6d.conf file, as follows:
NodeConfig HA;
## If set to > 0, will not detach from tty
DebugLevel 0;
## List of interfaces where we serve as Home Agent
Interface "wlan0";
UseMnHalPsec disabled;
Notice that we merely indicated that the machine
is an HA and specified the interface that will be oper¬
ating as an HA. By launching the Mobility Daemon,
the router is set to fulfill its duty as a faithful HA:
[denali]# mip6d -c /etc/mip6d -d 7
Now, let's move on to the Mobile Node
Configuration (raven), Host State (sysctl). Just as
with the HA, we'll start by establishing the mindset
of the MN. First, we must configure the MN to
accept Router Advertisements (RAs) to be able to
Configure a CoA and discover and track default routers [raven]# ifconfig wlan0 inet6 add 2001:db8: :beef/64
on the link automatically: [raven]# ifconfig wlan© ; ifconfig ip61n 11
Listing 2. Configuring the Network Layer Parameters—Home Agent
[denali]# ifconfig wlan0 inet6 add 2001:db8::/64
[denali]# ifconfig wlanl inet6 add 2001:db8:1::/64
[denali]# ifconfig wlan0 ; ifconfig wlanl
wlan0 Link encap:Ethernet HWaddr 00:02:6F:06:0B:CF
inet6 addr: 2001:db8::/64 Scope:Global
inet6 addr: fe80::202:6fff:fe06:bcf/64 Scope:Link
UP BROADCAST RUNNING MULTICAST MTU:1500 Metric:1
RX packets:© errors:© dropped:205 overruns:© frame:0
TX packets:204 errors:© dropped:© overruns:© carrier:©
collisions:© txqueuelen:0
RX bytes:0 (0.0 b) TX bytes:27604 (26.9 Kb)
Interrupt:ll Base address:0xl00
wlanl Link encap:Ethernet HWaddr 00:02:6F:06:46:10
inet6 addr: 2001:db8:1::/64 Scope:Global
inet6 addr: fe80::202:6fff:fe06:4610/64 Scope:Link
UP BROADCAST RUNNING MULTICAST MTU:1500 Metric:1
RX packets:© errors:© dropped:64 overruns:© frame:0
TX packets:207 errors:© dropped:© overruns:© carrier:©
collisions:© txqueuelen:0
RX bytes:0 (0.0 b) TX bytes:28068 (27.4 Kb)
Interrupt:!! Base address:0xl40
[raven]# echo "1" > /proc/sys/net/ipv6/conf/all/accept_ra
[raven]# sysctl -w net.ipv6.conf.all.accept_ra=l
To make the changes permanent across reboots, edit
/etc/sysctl.conf.
Next, let's configure Layer 2 parameters. We'll configure
the MN as a wireless client (a managed wireless node) of the
Home network:
[raven]# iwconfig wlanO mode managed essid "home"
[raven]# iwconfig wlanO
wlanO IEEE 802.11b ESSID:"home"
Mode:Managed Frequency:2.422 GHz Access Point:
00:02:6F:06:0B:CF
Bit Rate:ll Mb/s Sensitivity=l/3
Retry min 1imit:8 RTS thr:off Fragment thr:off
Encryption key:off
Power Management:off
Link Quality=48/92 Signal level=-63 dBm Noise level=-100 dBm
Rx invalid nwid:0 Rx invalid crypt:0 Rx invalid frag:0
Tx excessive retries:© Invalid mi sc:175 Missed beacon:©
And, finally, let's configure Layer 3 parameters. We'll start
by assigning the HoA to the wireless interface:
wlanO Link encap:Ethernet HWaddr 00:05:5D:F2:DB:2B
inet6 addr: 2001:db8::beef/64 Scope:Global
inet6 addr: fe80::205:5dff:fef2:db2b/64 Scope:Link
inet6 addr: 2001:db8::205:5dff:fef2:db2b/64 Scope:Global
UP BROADCAST RUNNING MULTICAST MTU:1500 Metric:1
RX packets:141 errors:© dropped:© overruns:© frame:©
TX packets:51 errors:© dropped:© overruns:© carrier:©
collisions:© txqueuelen:0
RX bytes: 16094 (15.7 Kb) TX bytes:5592 (5.4 Kb)
Interrupt:17 Base address:0x2100
ip61n11 Link encap:UNSPEC
^HWaddr 20-01-0D-B8-00-00-00-00-00-00-00-00-00-00-00-00
inet6 addr: fe80::205:5dff:fef2:db2b/64 Scope:Link
UP POINTOPOINT RUNNING NOARP MTU:1460 Metric:l
RX packets:© errors:© dropped:© overruns:© frame:©
TX packets:© errors:© dropped:© overruns:© carrier:©
collisions:© txqueuelen:©
RX bytes:© (0.0 b) TX bytes:© (0.0 b)
On the MN, an automatically created tunnel interface,
called ip6tnl1 (IPv6 Tunnel 1), represents the tunneling process
described above. This interface claims no global addresses
when the MN is in the Home network and assumes the
HoA when the MN is away.
90 | may 2008 www.linuxjournal.com
O'REILLT
GRAPHING
SOCIAL
PATTERNS
THE BUSINESS & TECHNOLOGY
OF SOCIAL PLATFORMS
□ Washington, DC
June 9-11, 2008
I
i 1
fl
I
I
i
V
Save 15%
when you register using
discount code gspe08ljr
GSP East is the premier
conference for developers
and marketers building and
distributing apps for MySpace,
Facebook, OpenSocial, and
other social networking
platforms.
What You'll Learn at GSP East
• How can your application gain traction?
• What's the best method of getting your message out?
• What's next on the horizon for Facebook and similar sites?
• What do the demographics tell us about the next wave of users?
• What are the best tools in this space?
• How are individuals and companies making money?
• How can privacy and security concerns be addressed while
keeping "open"?
Who Should Attend GSP East
Marketers, advertisers, developers and programmers,
business strategists, open source advocates, analysts
and media, entrepreneurs and VCs
Join the conversation.
conferences.oreilly.com/gspeast
©2008 O'Reilly Media, Inc. O'Reilly logo is a registered trademark of O'Reilly Media, Inc.
All other trademarks are the property of their respective owners.
INDEPTH
1
Listing 3. Moving
... Before Moving (At the Home Network) ...
[raven]# iwconfig wlanG | grep ESSID
wlanG IEEE 8Q2.lib ESSID:"home"
[raven]# ifconfig wlanG | grep inet6
inet6 addr: 2QQ1:db8::beef/64 Scope:Global
inet6 addr: fe8Q::2Q5:5dff:fef2:db2b/64 Scope:Link
inet6 addr: 2QQl:db8::2Q5:5dff:fef2:db2b/64 Scope:Global
[raven]# ifconfig ip6tnll | grep inet6
inet6 addr: fe8Q::2Q5:5dff:fef2:db2b/64 Scope:Link
[raven]# route -A inet6 | grep ::/Q
: :/Q fe8Q::2Q2:6fff:feQ6:bcf
UGDA 1Q24 Q Q wlanG
... Triggering Movement ...
[raven]# iwconfig wlanG essid remote
... After Moving (At the Foreign Network) ...
[raven]# iwconfig wlanG | grep ESSID
wlanG IEEE 8Q2.11b ESSID:"remote"
[raven]# ifconfig wlanG | grep inet6
inet6 addr: 2QQ1:db8:1:Q:2Q5:5dff:fef2:db2b/64 Scope:Global
inet6 addr: fe8Q::2Q5:5dff:fef2:db2b/64 Scope:Link
[raven]# ifconfig ip6tnll | grep inet6
inet6 addr: 2QQ1:db8::beef/128 Scope:Global
inet6 addr: fe8Q::2Q5:5dff:fef2:db2b/64 Scope:Link
[raven]# route -A inet6 | grep ::/Q
: :/Q
U 128 Q
Q ip6tnll
: :/Q
fe8Q::2Q2:6fff:feQ6:461Q
UGDA 1Q24 4
2 wlanG
[raven]#
The primary mobility configuration
parameters are the Home Address (HoA) and
the Home Agent (HA) address. To configure
them, we need to edit the /etc/mip6d.conf
file as follows:
NodeConfig MN;
DebugLevel 7;
UseMnHalPsec disabled;
DoRouteOptimizationMN disabled;
DoRouteOptimizationCN disabled;
Interface "wlanG";
MnHomeLink "wlanG" {
HomeAddress 2QQ1:db8::beef/64;
HomeAgentAddress 2QQl:db8::;
Operation
Now the scene is complete, and we can start
experimenting with mobility. Before we start,
remember the following about MIP: movement
detection is the trigger; binding updating (regis¬
tration) is the action. We'll start by letting the
MN move, then check whether movement was
detected. Upon witnessing movement detec¬
tion, we'll check whether a BU was established
successfully. Figure 2 shows the network's state
before moving. To simulate movement, we use
iwconfig to switch the MN's wireless interface
from one ESS (wireless cell) to another:
[raven]# iwconfig wlanG essid "remote"
Upon moving, the wireless interface should
acquire a new address, and a new default gateway should
appear (Listing 3).
Using a packet capturing tool (sniffer), such as tcpdump,
we should see a different router appearing on the link. The
Mobility Daemon log messages should indicate movement
detection (md in the logs stands for movement detection).
Now that the MN has detected movement and acquired a new
CoA address, it should send a BU to its HA. A sniffer should
be able to display the BU message as:
IP6 2QQl:db8:l:Q:2Q5:5dff:fef2:db2b > 2QQl:db8:::
^DSTOPT mobility: BU seq#=54814 AH lifetime=26214Q
IP6 2QQ1:db8:: > 2QQ1:db8:1:Q:2Q5:5dff:fef2:db2b: srcrt
**(len=2, type=2, segleft=l, [Q]2QQ1:db8::beef)
^mobility: BA status=Q seq#=54814 lifetime=26214Q
In addition, the Mobility Daemon should have a BU List
Entry (BULE) that shows the HoA, CoA and HA addresses:
[raven]# telnet localhost 7777
Trying 127.Q.Q.1...
Connected to localhost.
Escape character is ’ A ]’.
mip6d> bul
mip6d> bul
== BUL_ENTRY ==
Home address 2QQ1:db8:Q:Q:Q:Q:Q:beef
Care-of address 2QQ1:db8:1:Q:2Q5:5dff:fef2:db2b
CN address 2QQ1:db8:Q:Q:Q:Q:Q:Q
lifetime = 26214Q, delay = 249Q33QQQ
flags: IP6_MH_BU_H0ME IP6_MH_BU_ACK
ack ready
dev wlanG last_coa 2QQ1:db8:1:Q:2Q5:5dff:fef2:db2b
lifetime 262136 / 26214Q seq 19428 resend G delay
249Q33(after 249Q3Qs) expires 262136
mps 2/3
mip6d>
We can see whether the BU was received and accepted
by looking at the HA's Mobility Daemon log messages and by
displaying the HA's BC:
92 | may 2008 www.linuxjournal.com
WHY LPI CERTIFICATION?
RELEVANCE
CREDIBILITY
VALUE
• #1 Linux certification
worldwide and growing
• Program framework created
from industry needs and
input
• Professional "Job Task
Analysis"
• Designed by professionals for
professionals
• Internationalization through
regional involvement
• Endorsed by global leaders in
Open Source
• Recognized and accredited
psychometric processes
• A global standard in Linux
professionalism
• Proven demonstration of
knowledge and skills for
customers and employers
• Provides benchmarks for HR
recruitment and promotion
• Access to global network of
professionals
OSPREv
Linux
Professional
Institute
www.lpi.org
INDEPTH
1
[denali]# telnet localhost 7777
mi p6d> be
mip6d> be
hoa 2001:db8:0:0:0:0:0:beef status registered
coa 2001:db8:l:0:205:5dff:fef2:db2b flags AH--
local 2001:db8:0:0:0:0:0:0
lifetime 262068 / 262140 seq 19429 unreach 0
*-mpa 13133 / 13221 retry 0
mip6d>
As shown above, the Mobility Daemon provides a virtual
terminal interface to its internal data structures that you can
access by a establishing a Telnet session to port 7777. Figure 3
shows the network's state after moving.
Testing
We can't conclude a networking experiment without some
action from our old crony ping. From the MN, we'll start by
sending ping requests to the FIA interface, while the MN is on
the home link. We'll then move and see what happens. This
exercise is shown as follows:
[raven]# ping6 2001:db8::
64 bytes from 2001:db8::: icmp_seq=7 ttl=64 time=3.72 ms
64 bytes from 2001:db8::: icmp_seq=8 ttl=64 time=3.70 ms
ping: sendmsg: Invalid argument
ping: sendmsg: Invalid argument
ping: sendmsg: Invalid argument
ping: sendmsg: Operation not permitted
64 bytes from 2001:db8::: icmp_seq=13 tt1=63 time=142 ms
64 bytes from 2001:db8::: icmp_seq=14 tt1=63 time=122 ms
Note that in responding to ping requests, the FIA interface
is actually acting as a CN. Note how, upon the handover, the
MN loses connectivity for some time, called the handover
latency, and then re-establishes it. Note also how the delay
increases tremendously as the MN moves.
A more interesting test is to use a program that sends
video like VLC or GnomeMeeting and visually assess how
smooth the handover is. Although the ultimate goal of
MIPv6 is to achieve smooth and lossless handover, in reality,
there is a blackout period during which packets are lost
or delayed. Much of the effort put into developing and
standardizing MIPv6 is to enhance the smoothness of the
handover and ultimately achieve seamless handover. As
with any other technology, realizing the limitations is as
crucial as recognizing the value.
Conclusion
The Internet Protocol, merged nets into the global metanet
we called the Internet. IP provided connectivity that is
independent on the underlying hardware and the served
applications. The homogeneous addressing of IP and its
simplicity enabled it to scale. MIP's goal is to bring to
mobility the merits IP brought to connectivity. This means
mobility that can scale to the size of the Internet, is appli¬
cation-independent and is available across heterogeneous
wired and wireless access technologies. MIPL provides a
free and flexible platform for you to participate in pursuing
that vision. Flappy and seamless roaminglH
Salah M. S. Al-Buraiky is a communication engineer working for the Data Network Engineering
Division (DNED) of Saudi Aramco. His interests include UNIX systems and datagram networks. He
is particularly interested in “beyond connectivity services”, such as multicast, mobility, quality of
service and IP security. He welcomes your comments at salah.buraiky.1@aramco.com.
Resources
RFC 3775, Mobility Support in IPv6 (the Base MIPv6
Sta n d a rd): w w w. ietf.org/rfc/ rfc377 5.txt
RFC 3849, IPv6 Address Prefix Reserved for Documentation:
www.ietf.org/rfc/rfc3849.txt
MIPL Home Page: www.mobile-ipv6.org
Linux MIPv6 HOWTO:
tldp.org/HOWTO/Mobile-IPv6-HOWTO
Peter Bieringer's Linux IPv6 HOWTO:
ldp.linux.no/HOWTO/Linux_IPv6-HOWTO
Linux IPv6 Router Advertisement Daemon (radvd):
www.litech.org/radvd
Updated, but Not Finalized, Linux MIPv6 HOWTO:
gnist.org/~lars/doc/Mobile-IPv6-HOWTO/
Mobile-IPv6-HOWTO.html
Linux Kernel Archives: www.kernel.org
Sysctl Documentation: /usr/src/linux-2.6.16/Documentation/
networking/ip-sysctl.txt in the kernel source tree
94 | may 2008 www.linuxjournal.com
For 64-bit HPC, Gaming and Graphic Design Applications
Originally designed for a group of power hungry, demanding engineers in the automotive industry,
WhisperStation™ incorporates two dual core AMD Opteron™ or Intel® EM64T™ processors, ultra-quiet
fans and power supplies, plus internal sound-proofing that produce a powerful, but silent, computational
platform. The WhisperStation™ comes standard with 2 GB high speed memory, an NVIDIA e-GeForce
or Quadra PCI Express graphics adapter, and 20" LCD display. It can be configured to your exact
hardware specification with any Linux distribution. RAID is also available. WhisperStation™ will also
make a system administrator very happy, when used as a master node for a Microway cluster!
Visit www.microway.com for more technical information.
Experience the “Sound of Silence”.
Call our technical sales team at 508-746-7341 and design your personalized WhisperStation ™ today.
" Microway
Technology you can count on " m
EOF
A
The Multiple Play
Why "triple play” is an obsolete telecom offering, doc searls
Telephony, our theme this month, used to
be a standalone utility. You got it from the
phone company. The same went for cable
TV. You got that from the cable company.
Both were service monopolies—utilities,
essentially. If you wanted something fixed,
you called your sole provider, just like you
called the water, gas or electric company.
But, the Internet was different. The first
ISPs piggybacked their Net connections
over phone lines. They'd install banks of
modems to call or rent a T1 or a T3 line
from a telco or somebody with a "back¬
bone" connection and sell hunks of band¬
width on those. Now much of that old
intermediation is gone, and most of us see
the Net as something we get from the
phone or cable company.
As hot as the Internet is, and as impor¬
tant as it has become to nearly every activity
you can name (business, medicine, educa¬
tion, science, culture and so on), the telcos
and cablecos treat it as a third-banana ser¬
vice behind telephony and television. When
they bundle all three together, they call it
triple play. And the Internet comes third.
In one of our features this month (see
page 42), Bob Frankston talks about
moving entirely past games like these.
But, what to do in the meantime if we
do want to play? Here near Boston, I have
my own triple play of carrier choices:
Comcast, RCN and Verizon. Out on the
poles, Comcast wiring is coax. RCN and
Verizon both deploy fiber-optic cabling.
Sounds like an ideal competitive environ¬
ment, right? Well, not quite.
At my elbow is the latest mailer from
Comcast, a cable company. It pitches
"Digital Cable + Phone + Internet".
For the third item, it offers "Comcast
High-Speed Internet with PowerBoost".
Bandwidth is "up to 12Mbps!" No mention
of upstream speed.
The next two mailers are from RCN.
The first came just before the Super Bowl.
RCN, which brags that it has been "all
fiber optic for over a decade", just pitches
cable TV with this one—$35 for 12
months. There's nothing about Internet at
all. The second mailer pitches "10Mbps
Blazing-Fast High-Speed Internet" and
"100% Digital Cable TV". Again, no
upstream speed.
I don't use either one of them, though I
checked both out when we started renting
here last September. The main thing I care
about is Internet connectivity, and for that,
neither Comcast nor RCN competed with
Verizon's fiber-optic FiOS. So Verizon got my
business. From FiOS, I'm getting 20Mbps
down and 5Mbps up. The best RCN could
do on the upstream side (which mattered
most to me) was 2Mbps. Comcast didn't
even say what its upstream speed was. (I just
checked again on-line, and it still doesn't.)
What's amazing to me is that Greater
Boston—specifically in the areas served by
Verizon with FiOS and RCN with its fiber
cabling—is thick with people like Bob and
myself, who care far more about Internet
connectivity than about TV or landline
telephone. We have lots of tech and cre¬
ative folks around here, in addition to the
thickest concentration of educational
institutions in the country, if not the
world. Couldn't these carriers bother to
customize better Internet offerings for a
Net-savvy (and -hungry) local population?
I guess they don't have to. Even with
three competitors, there seems to be enough
business to go around. They aren't ready to
abandon the scaled efficiencies of offering
the same thing to everybody, across the
whole country. And, as Bob points out, the
flywheels of Business As Usual at telcos still
spin on momentum imparted by railroads in
the Victorian Age.
But, unlike Bob, I have some hope for
them. The time will come when the
workarounds that Bob's talking about—
especially from folks such as Linux Journal
readers—will have the carriers looking for
ways to make money other than by tiered
pricing for usage alone.
Is low-latency to servers an advantage?
One can imagine applications where it
would be. Well, these incumbent carriers
not only have home connections, but also
local real-estate holdings. They could provide
Akamai-like low-latency Web services—or
partner with the likes of Akamai to provide
them. They could partner with Amazon's
S3 and EC2 (both Linux-based) to offer
local storage and compute back end.
Offsite backup is going to be a huge
necessity and, therefore, a cause for
business offerings. Think about what will
happen as soon as ordinary folks start
demanding, shooting and cooperatively
editing truly high-definition video.
Storage, mirroring and the rest of it will
all be helpful, if not required.
Of course, the amount of business to be
had here will increase with the openness of
the Net itself. Today's crippled and asym¬
metrical throughput, based on the one-way
model of television viewing, is a bug that
needs to be squashed. So does the practice
of blocking port 80 and otherwise prevent¬
ing or discouraging Web servers at homes
and businesses. When that happens, every
customer, every user, becomes a potential
partner. By necessity.
There is no limit to how many multi¬
ples of the current triple play will be made
possible by a wide-open and free Internet.
Here's hoping the carriers see that before
they die under the rubble of their own
fallen silos. ■
Doc Searls is Senior Editor of Linux Journal. He is also a
Visiting Scholar at the University of California at Santa Barbara
and a Fellow with the Berkman Center for Internet and Society
at Harvard University.
96 | may 2008 www.linuxjournal.com
NEW LOOK More IT HOSTING
All the FANATICAL SUPPORT®
You'll Ever Need.
rackspace
experience
fanatical
support
WWW.RACKSPACE.COM
Microway® Quad Opteron™ Cluster with
36 Opteron 880s, redundant power,
45 hard drives and Myrinet™ in our
CoolRak™ cabinet.
to the Rescue!
A single slow node or intermittent link can cut the speed of MPI applications by half. Whether you use
GigE, Myrinet, Quadrics, InfiniBand or InfiniPath HTX, there is only one choice for monitoring and
debugging your cluster of SMP nodes: Microway's MPI Link-Checker™.
This unique diagnostic tool uses an end-to-end stress test to find problems with cables, processors,
BIOS's, PCI buses, NIC's, switches, and even MPI itself! It provides instant details on how latency and
bandwidth vary with packet size. It also provides ancillary data on inter-process and intra-CPU latency,
and includes FastCheck!, which runs in CLI mode and checks up to 100 nodes per second.
A complimentary one year license for MPI Link-Checker™ is installed on every Opteron based
Microway cluster purchased in 2006.
Wondering what's wrong with your cluster’s performance, or need help designing your next one?
Microway designs award-winning single and dual core AMD Opteron based clusters. Dual core enables
users to increase computing capacity without increasing power requirements, thereby providing the best
performance per watt. Configurations include 1U, 2U, and our 4U QuadPuter™ RuggedRack™-available
with four or eight dual core Opterons, offering the perfect balance between performance and density.
Microway has been an innovator in HPC since 1982. We have thousands of
happy customers in HPC, Energy, Enterprise and Life Science markets.
Isn't it time you became one?
Call us first at 508-746-7341 for quotes and benchmarking
services. Find technical information, testimonials, and
newsletter at www.microway.com.
MPMictoway HJ
23 Years of Expertise Built In