Hackepedia - User contributions [en]

Fsck

2005-11-20T22:21:48Z

Frankk:

The '''filesystem consistency check and interactive repair''' program is needed on several [[UBO]] [[filesystem]]s. When a [[filesystem]] is not properly unmounted before a reboot or halt the filesystem must be checked and any inconsistencies repaired. This can be a lengthy process and [[FreeBSD]] has a background fsck so that the system can start while it works away at making the filesystem consistent.

If you shut down improperly on Linux and know you will have to answer "yes" many times, you can simply add the -y flag which means say yes to the prompts:

# fsck -y

If you have a journalling filesystem you don't need to fsck.

Fsck

2005-11-20T22:21:32Z

Frankk:

Debugging

2005-11-13T02:56:58Z

Frankk:

If you have a program crash and create a .core file, like say Thunderbird crashes on you and you find the .core file:

$ gdb thunderbird thunderbird-bin.core

where thunderbird is the application and thunderbird-bin.core is the core file. In this case I got an error:

"/usr/X11R6/bin/thunderbird": not in executable format: File format not recognized

as when I looked at this file a little further I found out it is a shell script and not a binary. I did find a -g (debug) mode in this shell script which I used. Most cases it is a binary though, so the most common starting point is

(gdb) bt

backtrace. This won't usually too much good unless you have compiled the program with debugging symbols.

== FreeBSD ==

I had a case where Mozilla Thunderbird would core on me as soon as I started it.

$ ktrace [[variables|thunderbird]]

which created a file called "ktrace.out".

$ kdump -f ./ktrace.out

produced a lot of output, so much that I won't paste it here. These are the system calls that were made. You will most likely want to send that output to the appropriate helplist/bug report for that application.

Debugging

2005-11-13T02:47:28Z

Frankk:

== FreeBSD ==

I had a case where Mozilla Thunderbird would core on me as soon as I started it.

$ ktrace [[variables|thunderbird]]

which created a file called "ktrace.out".

$ kdump -f ./ktrace.out

produced a lot of output, so much that I won't paste it here. These are the system calls that were made. You will most likely want to send that output to the appropriate helplist/bug report for that application.

Linux

2005-11-13T02:39:14Z

Frankk:

Linux is a UNIX-clone.

It was [http://groups.google.com/group/comp.os.minix/browse_thread/thread/76536d1fb451ac60?hl=en&lr=&ie=UTF-8&safe=off&rnum=9 created by Linus Torvalds] in 1991 as an alternative to [[Minix]]. Since then, many programmers around the world shaped Linux into a modern operating system. Most commonly today found as [http://www.gnu.org/gnu/linux-and-gnu.html GNU/Linux].

If you want to try Linux without affecting your computer permanently, all you need is to obtain [http://www.knoppix.org/ Knoppix] on a cd. You can either download it from their site and burn it, get a friend to, or buy it. Then when you boot off this cd-rom it will load the image into RAM. It won't delete anything you have on your harddrive. At any time you can decide you want to just got back to the operating system on your hard drive by taking out the cd, or you might want drop knoppix from cd onto your harddrive so it is a lot faster and more customizable. Or you might want to move onto a common distribution.

If you have a spare computer, or are ready to move to linux, you can download and install any of the following for absolutely free.
[http://www.distrowatch.com Common Distributions] include the following:

[[Slackware]]
[[Debian]]
[[Suse]]
[[Redhat]]
[[Gentoo]]
[[Mandriva]]
[[Ubuntu]]

Handy Documentation can be found here:

[http://www.tldp.org tldp.org]

IRC:3

2005-11-08T00:32:58Z

Frankk:

Asking to ask a question, instead of just asking your question, is so silly we've decided you're only going to get this link instead of an answer.

[[Internet:Help Process]]

Power

2005-11-07T04:53:25Z

Frankk:

Ultra 10 with one 200G disk - Averaging ~111watts.

Dsp

2005-11-07T01:30:11Z

Frankk: /* Stop embedded audio in flash */

Sometimes you will have two applications trying to access your audio device. Here is an example screenshot of a user trying to run xmms, when something else is accessing the audio:

[[Image:dsp.jpg|error screenshot]]

The culprit can be discovered with lsof assuming your audio device is /dev/dsp like it is on BSD:

$ lsof | grep dsp
firefox-b 14905 frank 1w VCHR 30,3 0t0 38 /dev/dsp0.0
firefox-b 14905 frank 1w VCHR 30,3 0t0 38 /dev/dsp0.0
firefox-b 14905 frank 1w VCHR 30,3 0t0 38 /dev/dsp0.0
firefox-b 14905 frank 1w VCHR 30,3 0t0 38 /dev/dsp0.0

as you can see, one of the websites I am viewing with firefox has claimed access to my dsp first. I must now close that tab in firefox, and restart xmms, and all is well.

== Stop embedded audio in Firefox ==

vi ~/.mozilla/firefox/[[variables|0wt4rci4.default]]/chrome/userContent.css

and add these lines (creating the file if it doesn't already exist)

/* block embedded sounds */
embed[src*=.mid] { display: none !important }
embed[src*=.mp2] { display: none !important }
embed[src*=.mp3] { display: none !important }
embed[src*=.mp4] { display: none !important }
embed[src*=.wav] { display: none !important }
embed[src*=.wma] { display: none !important }

== Stop embedded audio in flash ==

Not a highly recommended hack, but I opened

vi ~/.mozilla/plugins/libflashplayer.so

and did a

/dsp

which found /dev/dsp which I replaced with /dev/xxx in order to stop flash from accessing my /dev/dsp, as it never released it properly.

Dsp

2005-11-07T01:29:47Z

Frankk: /* Stop embedded audio in flash */

Sometimes you will have two applications trying to access your audio device. Here is an example screenshot of a user trying to run xmms, when something else is accessing the audio:

[[Image:dsp.jpg|error screenshot]]

The culprit can be discovered with lsof assuming your audio device is /dev/dsp like it is on BSD:

$ lsof | grep dsp
firefox-b 14905 frank 1w VCHR 30,3 0t0 38 /dev/dsp0.0
firefox-b 14905 frank 1w VCHR 30,3 0t0 38 /dev/dsp0.0
firefox-b 14905 frank 1w VCHR 30,3 0t0 38 /dev/dsp0.0
firefox-b 14905 frank 1w VCHR 30,3 0t0 38 /dev/dsp0.0

as you can see, one of the websites I am viewing with firefox has claimed access to my dsp first. I must now close that tab in firefox, and restart xmms, and all is well.

== Stop embedded audio in Firefox ==

vi ~/.mozilla/firefox/[[variables|0wt4rci4.default]]/chrome/userContent.css

and add these lines (creating the file if it doesn't already exist)

/* block embedded sounds */
embed[src*=.mid] { display: none !important }
embed[src*=.mp2] { display: none !important }
embed[src*=.mp3] { display: none !important }
embed[src*=.mp4] { display: none !important }
embed[src*=.wav] { display: none !important }
embed[src*=.wma] { display: none !important }

== Stop embedded audio in flash ==

Not a highly recommended hack, but I opened

vi ~/.mozilla/plugins/libflashplayer.so

and did a

/dsp

replacing /dev/dsp with /dev/xxx in order to stop flash from accessing my /dev/dsp, as it never released it properly.

Dsp

2005-11-07T01:29:22Z

Frankk:

Sometimes you will have two applications trying to access your audio device. Here is an example screenshot of a user trying to run xmms, when something else is accessing the audio:

[[Image:dsp.jpg|error screenshot]]

The culprit can be discovered with lsof assuming your audio device is /dev/dsp like it is on BSD:

$ lsof | grep dsp
firefox-b 14905 frank 1w VCHR 30,3 0t0 38 /dev/dsp0.0
firefox-b 14905 frank 1w VCHR 30,3 0t0 38 /dev/dsp0.0
firefox-b 14905 frank 1w VCHR 30,3 0t0 38 /dev/dsp0.0
firefox-b 14905 frank 1w VCHR 30,3 0t0 38 /dev/dsp0.0

as you can see, one of the websites I am viewing with firefox has claimed access to my dsp first. I must now close that tab in firefox, and restart xmms, and all is well.

== Stop embedded audio in Firefox ==

vi ~/.mozilla/firefox/[[variables|0wt4rci4.default]]/chrome/userContent.css

and add these lines (creating the file if it doesn't already exist)

/* block embedded sounds */
embed[src*=.mid] { display: none !important }
embed[src*=.mp2] { display: none !important }
embed[src*=.mp3] { display: none !important }
embed[src*=.mp4] { display: none !important }
embed[src*=.wav] { display: none !important }
embed[src*=.wma] { display: none !important }

== Stop embedded audio in flash ==

Not a highly recommended hack, but I opened

vi ~/.mozilla/plugins/libflashplayer.so

and did a /dsp, replacing /dev/dsp with /dev/xxx in order to stop flash from accessing my /dev/dsp, as it never released it properly.

Manual

2005-11-07T01:13:34Z

Frankk: /* Creating windex */

Most UNIX systems have online manual pages.

MAN(1) OpenBSD Reference Manual MAN(1)
NAME
man - display the on-line manual pages
SYNOPSIS
man [-achw] [-C file] [-M path] [-m path] [-S subsection] [-s section]
[section] name [...]
man -f command
man -k keyword
DESCRIPTION

The types of manpages have sections which they are grouped in. Here is the manual page layout of [[BSD]]:

;Section 1 : General commands (tools and utilities)
; Section 2 : System calls and error numbers
; Section 3 : Library functions, especially for C and Tk
; Section 4 : Special files and hardware support
; Section 5 : File formats, especially configuration files
; Section 6 : Games
; Section 7 : Miscellaneous information pages
; Section 8 : System maintenance and operation commands
; Section 9 : Kernel internals

When someone tells you to run "man 6 tetris", that means that you should read the tetris manpage found in section 6 of the manpages. Sometimes the same manpage name exists, but in different sections. One example is the fstat manpage it exists in sections 1 and 2. The lower number sections take precedence over higher numbered sections. Thus, to see the manpage for fstat in section 2 you would type:
$ man 2 fstat

Similarely functions, [[syscall]]s or commands are sometimes mentioned with the section of manpages in brackets behind them like so: '''fstat(2)''', you'll see this mentioned a lot in this wiki.

=== Creating windex ===

If you're looking for a man page and get the following:
# man -k snoop
/usr/share/man/windex: No such file or directory

It means you have yet to create your Index:
# [[variables|/usr/bin/catman]] -w
#

=== Searching for Manual Pages ===

It is possible to do a keyword search in the manpage system.

$ man -k filesystem
OpenBSD::Vstat (3p) - virtual filesystem for pkg_add(1) simulations
dump (8) - filesystem backup
fstab (5) - static information about the filesystems
...

Another command synonymous to man -k is apropos:

$ apropos archiver
tar (1) - tape archiver

Do notice that the section of the manpage is displayed in the keyword search, this is to ease viewing the particular manpage.

<code>$MANPATH</code> is used, unless something else is explicitly specified.

=== Location of Manual Pages ===

In [[BSD]] the default manual pages are located in /usr/share/man. This can be changed with the MANPATH [[environment variable]]:

$ export MANPATH=/usr/local/man
$ man ls
man: no entry for ls in the manual.
$ unset MANPATH
$ man ls
LS(1) OpenBSD Reference Manual LS(1)
...

Another manpage section can be added on to the current MANPATH:

$ export MANPATH=/usr/share/man:/usr/local/man

== Searching in a man page ==

Often you will want to search a man page you are viewing for a particular keyword. You can preceed this search word with a "/". If I wanted to see what mediaopt(ions) my sis [[NIC]] has I could do

/mediaopt

while reading the sis(4) manpage I have on my system. If the first result is not what I want, I don't have to type the full search word after the first time, I can simply use

/

which is to "find another instance".

Solaris 10

2005-11-03T15:15:32Z

Frankk:

One major change I've noticed in [[Solaris]] 10 is that admintool is gone. They have replaced it with smc (Solaris Management Console) which is a bloated client-server tool.

You will want to install [http://www.blastwave.org/pkg-get.php pkg-get] and make sure you have gzip, and wget, in your [[path]].

Mount

2005-11-03T14:56:50Z

Frankk:

== Manually mount and unmount a cd with Solaris 10 on an Ultra 10 ==

Chances are you have a harddrive and a cd-rom, and for some reason [[vold]] isn't mounting your cd-rom.

$ ls /dev/dsk
c0t0d0s0 c0t0d0s2 c0t0d0s4 c0t0d0s6 c0t2d0s0 c0t2d0s2 c0t2d0s4 c0t2d0s6
c0t0d0s1 c0t0d0s3 c0t0d0s5 c0t0d0s7 c0t2d0s1 c0t2d0s3 c0t2d0s5 c0t2d0s7

and you should see both disks, each with 7 slices. In my case the difference is c0t0d0 and c0t2d0.

$ mount | awk '{print $3}' | grep c0
/dev/dsk/c0t0d0s0
/dev/dsk/c0t0d0s7

this shows me that my harddrive is c0t0d0, so now I can mount the cdrom. If /cdrom/cdrom0 doesn't exist:

# mkdir /cdrom/cdrom0

(if /cdrom doesn't exist, mkdir it first).

# mount -F hsfs /dev/dsk/c0t2d0s0 /cdrom/cdrom0

and now I have it mounted, I can

# cd /cdrom/cdrom0

to see the cd contents. When you're done:

# umount /cdrom/cdrom0
umount: /cdrom/cdrom0 busy

Just remember now when you're done that you have to

# cd /

You can not be sitting in /cdrom/cdrom0, or have any application using that directory when you want to

# umount /cdrom/cdrom0
#

Ports

2005-11-03T05:19:09Z

Frankk:

Ports are identifiers of protocols that work on the transport layer (layer 4) of the [[OSI]] model. [[TCP]] and [[UDP]] are transport layer protocols that have ports. In [[TCP]] and [[UDP]] a port is represented by a 16 bit short integer which is unsigned meaning that the possible port range is 0 through 65535. Port 0 is illegal and no service resides on it.

Say you want to know what is running on port 80 of your machine. The first hint would be to look in the file /etc/services as well as [http://www.iana.org/assignments/port-numbers IANAs list] to get an idea of what typically runs on that port.

http 80/tcp www www-http #World Wide Web HTTP
http 80/udp www www-http #World Wide Web HTTP

looks like it's the port typically used for the www. Now we can try netstat to actually see what is listening,
not just what should be there.

netstat -an | grep LISTEN

however I prefer the flexibility of lsof which I install on all of my machines.

lsof -i:80

will show you exactly what is listening on this port. If you want to see ports on your machine are open to the general public, which is often how computers are broken into, you can try Yashy's [http://crypto.yashy.com/nmap.php self port scan]. You don't want to see any ports open, or listening, unless you've intentionally started that process for the public to connect to.

Ideally if you see any ports open, you will close down the application that has that port open. Alternatively you can install and use a [[firewall]].

== Solaris 10 ==

# lsof -i

to see what you have running. All ports are now controlled out of:

# svcs

which will give you a long list of services running ("online") or not. You may want to [[pipe]] this output through [[less]].

When I did "lsof -i" I saw that rpcbind was running which I don't want, so I found the svcs name by running:

# svcs | grep rpc
online 23:43:56 svc:/network/rpc/bind:default
uninitialized 23:43:44 svc:/network/rpc/gss:default

and several more uninitialized services. I only want to stop the online one:

# svcadm disable svc:/network/rpc/bind:default

and back to a prompt I go. I run "lsof -i" once more to confirm it's stopped, and it is. Both the svcs and svcadm [[Manual]] are worth reading if you're using them for the first time.

Manual

2005-11-03T02:08:31Z

Frankk:

Most UNIX systems have online manual pages.

MAN(1) OpenBSD Reference Manual MAN(1)
NAME
man - display the on-line manual pages
SYNOPSIS
man [-achw] [-C file] [-M path] [-m path] [-S subsection] [-s section]
[section] name [...]
man -f command
man -k keyword
DESCRIPTION

The types of manpages have sections which they are grouped in. Here is the manual page layout of [[BSD]]:

;Section 1 : General commands (tools and utilities)
; Section 2 : System calls and error numbers
; Section 3 : Library functions, especially for C and Tk
; Section 4 : Special files and hardware support
; Section 5 : File formats, especially configuration files
; Section 6 : Games
; Section 7 : Miscellaneous information pages
; Section 8 : System maintenance and operation commands
; Section 9 : Kernel internals

When someone tells you to run "man 6 tetris", that means that you should read the tetris manpage found in section 6 of the manpages. Sometimes the same manpage name exists, but in different sections. One example is the fstat manpage it exists in sections 1 and 2. The lower number sections take precedence over higher numbered sections. Thus, to see the manpage for fstat in section 2 you would type:
$ man 2 fstat

Similarely functions, [[syscall]]s or commands are sometimes mentioned with the section of manpages in brackets behind them like so: '''fstat(2)''', you'll see this mentioned a lot in this wiki.

== Creating windex ==

If you're looking for a man page and get the following:
# man -k snoop
/usr/share/man/windex: No such file or directory

It means you have yet to create your Index:
# /usr/bin/catman -w
#

=== Searching for Manual Pages ===

It is possible to do a keyword search in the manpage system.

$ man -k filesystem
OpenBSD::Vstat (3p) - virtual filesystem for pkg_add(1) simulations
dump (8) - filesystem backup
fstab (5) - static information about the filesystems
...

Another command synonymous to man -k is apropos:

$ apropos archiver
tar (1) - tape archiver

Do notice that the section of the manpage is displayed in the keyword search, this is to ease viewing the particular manpage. Do note that when you are on Solaris you may have to build the manual page index in order to search for keywords. This is done with the catman command:

$ catman -w

<code>$MANPATH</code> is used, unless something else is explicitly specified.

=== Location of Manual Pages ===

In [[BSD]] the default manual pages are located in /usr/share/man. This can be changed with the MANPATH [[environment variable]]:

$ export MANPATH=/usr/local/man
$ man ls
man: no entry for ls in the manual.
$ unset MANPATH
$ man ls
LS(1) OpenBSD Reference Manual LS(1)
...

Another manpage section can be added on to the current MANPATH:

$ export MANPATH=/usr/share/man:/usr/local/man

== Searching in a man page ==

Often you will want to search a man page you are viewing for a particular keyword. You can preceed this search word with a "/". If I wanted to see what mediaopt(ions) my sis [[NIC]] has I could do

/mediaopt

while reading the sis(4) manpage I have on my system. If the first result is not what I want, I don't have to type the full search word after the first time, I can simply use

/

which is to "find another instance".

Fsck

2005-11-02T15:48:23Z

Frankk:

The '''filesystem consistency check and interactive repair''' program is needed on several [[UBO]] [[filesystem]]s. When a [[filesystem]] is not properly unmounted before a reboot or halt the filesystem must be checked and any inconsistencies repaired. This can be a lengthy process and [[FreeBSD]] has a background fsck so that the system can start while it works away at making the filesystem consistent.

If you show down improperly on Linux and know you will have to answer "yes" many times, you can simply add the -y flag which means say yes to the prompts

# fsck -y

Fsck

2005-11-02T04:31:53Z

Frankk:

The '''filesystem consistency check and interactive repair''' program. When a filesystem is not properly unmounted before a reboot or halt the filesystem must be checked and any inconsistencies repaired. This can be a lengthy process and [[FreeBSD]] has a background fsck so that the system can start while it works away at making the filesystem consistent.

If you show down improperly on Linux and know you will have to answer "yes" many times, you can simply add the -y flag which means say yes to the prompts

# fsck -y

Gdb

2005-11-01T15:51:25Z

Frankk:

You have a corefile, like xine.core. gdb $program $corefile:

gdb [[variables|/usr/X11R6/bin/xine]] [[variables|./xine.core]]

Ddos

2005-10-31T15:57:24Z

Frankk:

Distributed Denial of Service (see [[DoS]]).

A distributed denial of service is many computers on the [[Internet]] coordinating a [[DoS]] against a single host, network or network infrastructure. A DDoS doesn't need to fully exhaust your services, but keep a steady monetary burden on the current state of your service, forcing you to eventually give in and stop the service altogether.

A DDoS can be done by people who have hijacked a great number of hosts (known as zombie hosts) or done by members of organizations who have moral, political, religious or capitalistic motives.

*Stories posted to Slashdot can be seen as the control for a DDoS, and all the slashdotters clicking on the link of a site contribute to the load on that remote web server. When a web server is unable to handle the loads of HTTP demand it is said to have been "slashdotted". This drives home the point that freedom of speech on the [[Internet]] can be a costly affair. You can have a good idea but if you can't put money behind it, popularity like being featured on slashdot will put you to ruins. Looking at it another way slashdot may be an engine designed on forcing people to use advertising which pays the owner of a webpage enough to sustain slashdot hits on their content on the [[Internet]], but it also allows outside influence and unwanted advertisement on their site which may cost the owner of the site popularity or possible capitalistic gain from their idea.
*Google works the same way as slashdot,if they dislike you they can move you up in their search causing more hits, forcing you to possibly feature google ads on your site which they (google) control.
*Large organizations also have the power of "slashdotting" sites that they have a moral disagreement with. Sometimes they'll ask you to reload the site a few times to create the extra load on the remote servers.

Cracker

2005-10-31T15:48:03Z

Frankk:

Most commonly referred to by the media as a [[hacker]], a cracker is the person who malciously compromises hosts that are not his/her own.

There are several levels of cracker.

#The most notorious is the least skilled, known commonly as a "script kiddie". These are the people that will use a script or program written by someone else, and use it to compromise remote hosts. They often do not even know what is exactly happening, and don't care, they just like breaking into other machines for whatever purpose.
#There are government and corporate crackers, who are hired to crack into remote hosts usually for information, specifically IP (Intellectual property) of a remote government/competitor.
#There are a few "good crackers" who will break into a remote host, patch the hole that they used to get in so others can't do the same, and then leave undetected. (''As romantic as it sounds one should not forget that cracking another persons system is illegal. Even when your intentions are meant well, the law will have no mercy on you'').
#Then there are the crackers who discover remote holes/weaknesses, and/or write the exploits for these vulnerabilites. Some like to publish these exploits, either for the fame from other crackers, or to watch the script kiddies wreak havoc with them. (''It should be noted that providing an exploit to a security advisory hastens the patch effort and scenarios where a bug is misunderstood or even ignored rarely happen. Exploits are a ticket of guarantee that someone will address this security issue sooner rather than later'').

How much time one should wait between notifying the vendor of an issue and releasing an exploit is a hotly debated issues in the information security community. Some vendors are a lot faster and remediating issues then others.

Locate

2005-10-31T04:08:27Z

Frankk:

Trying to locate a file, if you're lucky you can try

$ locate [[variables|$file]]

Vi

2005-10-31T04:05:13Z

Frankk:

For some reason you have to edit a file on unix, and have never done so before, and the only editor around is "vi". We'll use httpd.conf and the example file to edit:

vi httpd.conf

this opens the file in command mode, assuming you're in the directory that contains httpd.conf. The other mode is insert mode, where we want to insert text. so we type

i

and now we're in insert mode. We can move throughout the text and edit as we please. If we make a typo we hit the ESCape key to go back to command mode and type

:u

which means undo last edit. If you've made a few mistakes and want to start over

:e

will do this. Remember to hit "i" to get back into Insert mode to edit again.

Once you're happy with your changes, hit ESCape to get back to command mode and then:

:wq!

will force the changes to be saved to disk. I would recommend trying it without the ! and just do

:wq

but watch for errors like file permission issues. The ! forces the changes to be made.

Vi

2005-10-31T04:04:36Z

Frankk:

For some reason you have to edit a file on unix, and have never done so before, and the only editor around is "vi". We'll use httpd.conf and the example file to edit:

vi httpd.conf

this opens the file in command mode. The other mode is insert mode, where we want to insert text. so we type

i

and now we're in insert mode. We can move throughout the text and edit as we please. If we make a typo we hit the ESCape key to go back to command mode and type

:u

which means undo last edit. If you've made a few mistakes and want to start over

:e

will do this. Remember to hit "i" to get back into Insert mode to edit again.

Once you're happy with your changes, hit ESCape to get back to command mode and then:

:wq!

will force the changes to be saved to disk. I would recommend trying it without the ! and just do

:wq

but watch for errors like file permission issues. The ! forces the changes to be made.

Vi

2005-10-31T04:03:59Z

Frankk:

For some reason you have to edit a file on unix, and have never done so before, and the only editor around is "vi". We'll use httpd.conf and the example file to edit:

vi httpd.conf

this opens the file in command mode. The other mode is insert mode, where we want to insert text. so we type

i

and now we're in insert mode. We can move throughout the text and edit as we please. If we make a typo we hit the ESCape key to go back to command mode and type

:u

which means undo last edit. If you've made a few mistakes and want to start over

:e

will do this. Remember to hit "i" to get back into Insert mode to edit again.

Once you're happy with your changes, hit ESCape to get back to command mode and then:

:wq!

will force the changes to be saved to disk. I would recommend trying it without the ! and just do

:wq

but watch for errors like file permission issues.

Vi

2005-10-31T04:03:50Z

Frankk:

For some reason you have to edit a file on unix, and have never done so before, and the only editor around is "vi". We'll use httpd.conf and the example file to edit:

vi httpd.conf

this opens the file in command mode. The other mode is insert mode, where we want to insert text. so we type

i

and now we're in insert mode. We can move throughout the text and edit as we please. If we make a typo we hit the ESCape key to go back to command mode and type

:u

which means undo last edit. If you've made a few mistakes and want to start over

:e

will do this. Remember to hit "i" to get back into Insert mode to edit again.

Once you're happy with your changes, hit ESCape to get back to command mode and then:

:wq!

will force the changes to be saved to disk. I would recommend trying it without the ! and just do

:wq

but watch for errors like file permission issues.

Vi

2005-10-31T04:02:37Z

Frankk:

For some reason you have to edit a file on unix, and have never done so before, and the only editor around is "vi". We'll use httpd.conf and the example file to edit:

vi httpd.conf

this opens the file in command mode. The other mode is insert mode, where we want to insert text. so we type

i

and now we're in insert mode. We can move throughout the text and edit as we please. If we make a typo we hit the ESCape key to go back to command mode and type

:u

which means undo last edit. If you've made a few mistakes and want to start over

:e

will do this. Once you're happy with your changes,

:wq!

will force the changes to be saved to disk. I would recommend trying it without the ! and just do

:wq

but watch for errors like file permission issues.

Searches

2005-10-30T23:35:12Z

Frankk:

Here are the most popular searches so far:

code+for+tapped+lines

connect

cracker

ddos

default

denial

depth

device

editors

file

ipsec

link

offsite

permissions

pipe

setuid

unix

virus

windows

Searches

2005-10-30T23:34:33Z

Frankk:

Here are the most popular searches so far:

code+for+tapped+lines
connect
cracker
ddos
default
denial
depth
device
editors
file
ipsec
link
offsite
permissions
pipe
setuid
unix
virus
windows

Message authentication check

2005-10-30T23:26:57Z

Frankk:

A message authentication check, or [[MAC]] is a cryptographic check that a
message is from a given origin.

Most MACs are constructed from keyed [[one way hash]] functions.
The method is for the sender and receiver to agree on a symmetric key,
and to then calculate:

C = hash(K_a | message)

[[ipsec]] uses the HMAC methods, which actually calculate:
C = hash('55555555', hash(K_a | message | 'uuuuuuuuu'))

this usage makes HMAC-MD5 and HMAC-SHA1 immune to recently discovered birthday
attacks on MD5 and SHA1.

HMAC is defined in [[RFC]] 2104.

Browser

2005-10-30T23:25:58Z

Frankk:

Have you ever wondered what happens when you are surfing the www? How does the text show up so pretty in your web browser?

$ telnet [[variables|yashy.com]] 80

and once you see

Trying 206.248.137.44...
Connected to yashy.com.
Escape character is '^]'.

then type

GET / HTTP/1.0

and watch the text scroll by, this is the information ([[HTML]]) that is sent to your web browser. You may also be interested in the extra information transfered when using [[SSL]]

SSL

2005-10-30T23:21:32Z

Frankk:

Originally created by the people at Netscape, the Secure Socket Layer (SSL) has been adopted as a standard for transfering data over the internet. If you've ever been to a website where the URL starts with <nowiki>https://</nowiki> instead of the typical <nowiki>http://</nowiki>, you are using SSL. This means there is an encrypted tunnel between you and the remote machine, so everything transferred not be done in the typical plain text which is fairly trivially [[packet sniffed]].

Only enter personal information or credit card information into a website that is using <nowiki>https://</nowiki> in the URL, this is covered in the [[User Registration|Registration:User]] process.

To get an idea of what happens behind the scenes when you surf the web using your browser to an SSL website:
$ openssl s_client -connect [[variables|http://www.example.com]]:443

SSL

2005-10-30T23:20:40Z

Frankk:

Originally created by the people at Netscape, the Secure Socket Layer (SSL) has been adopted as a standard for transfering data over the internet. If you've ever been to a website where the URL starts with https:// instead of the typical http://, you are using SSL. This means there is an encrypted tunnel between you and the remote machine, so everything transferred not be done in the typical plain text which is fairly trivially [[packet sniffed]].

Only enter personal information or credit card information into a website that is using https:// in the URL, this is covered in the [[User Registration|Registration:User]] process.

To get an idea of what happens behind the scenes when you surf the web using your browser to an SSL website:
$ openssl s_client -connect [[variables|http://www.example.com]]:443

AES

2005-10-30T22:57:23Z

Frankk:

Advanced Encryption Standard

In 1997 [[NIST]] requested proposals for a new advanced encryption standard. Three years later they officially announced that [http://rijndael.info/ Rijndael] was selected as the AES as can be seen in [http://csrc.nist.gov/publications/fips/fips197/fips-197.pdf FIPS-197].
It is expected to be the standard for approximately 20-30 years, unless an exploit is published before then.

AES

2005-10-30T22:54:46Z

Frankk:

Advanced Encryption Standard

In 1997 [[NIST]] requested proposals for a new advanced encryption standard. Three years later they officially announced that [[Rijndael]] was selected as the AES as can be seen in [http://csrc.nist.gov/publications/fips/fips197/fips-197.pdf FIPS-197].
It is expected to be the standard for approximately 20-30 years, unless an exploit is published before then.

Cracker

2005-10-30T22:42:55Z

Frankk:

Message authentication check

2005-10-30T18:02:58Z

Frankk:

Ethernet

2005-10-30T18:02:30Z

Frankk: /* Wireless LAN */

Ethernet is a method for communication also called CSMA/CD (carrier sense, media access / collision detect). It was developed at DEC first. It was cheaper than [[token ring]] for a Local Area Network ([[LAN]]) so it became the industrial standard. Ethernet has historically been used on copper cabling up to Gigabit speeds, but fibre-optic cabling is becoming very popular especially at Gigabit speeds. When ethernet is in a half-duplex setting (possibly connected to a [[hub]]) collisions can occur when two or more NICS broadcast at the same time. When a collission is detected a NIC will back off a random amount of time and try again, because the other cards also back off a random amount of time the odds are low that they will collide again. Today [[hub]]s are not used anymore but [[switch]]es which eliminate the need to put cards in [[half duplex]] mode.
If you only have one network card,
# /sbin/ifconfig -a | grep media
media: Ethernet autoselect (100baseTX <full-duplex>)
should show you what your network card is currently running at. If you have multiple cards, or are not getting the anticipated response, just try
# /sbin/ifconfig -a

On [[BSD]], once you've determined your network device you can see what options it has in section 4 of the [[Manual]]. In this case I'm using sis0:
man 4 sis

=== Thinnet & Thicknet ===
----
=== 10base2 ===

Called Thin-net or Cheapernet. Today this is not used anymore.

=== 10base5 ===

Uses coaxial cable for a range of 500 meters without repeaters. Today this is not used anymore.

=== Twisted Pair & Fibre optics ===
----

=== 10baseT Ethernet ===

Has a bandwidth of 10 Mbps (Mega bit per second). It can work in [[full duplex]] and [[half duplex]] mode. The maximum length of one copper ethernet cable between 2 NIC's is 100 meters, 200 meters if a ethernet repeater is used, which boosts the signal.

=== 100baseT Fast Ethernet ===

Has a bandwidth of 100 Mbps. It can work in [[full duplex]] and [[half duplex]] mode. The maximum length between 2 NICS is the same as 10 Mbps ethernet.

=== 1000baseT Gigabit Ethernet ===

Has a bandwidth of 1000 Mbps. It can work in [[full duplex]] and [[half duplex]] mode.

=== 10 Gigabit Ethernet ===

Has a bandwidth of 10 Gbps (Giga bit per second). It probably works in [[full duplex]] mode.

=== Twisted Pair Copper Cabling ===

Ethernet copper cabling also called Twisted Pair cabling is composed of 4 pairs of copper wire which are twisted between the pairs and also twisted around in their plastic protective coating. The twist is to ensure shielding which is questionable. The ends of ethernet cabling are connectors called RJ-45 bits. The individual wires are colour coded and are visible in the RJ-45 connector from the top. The most common sequence is 1. green-white 2. green 3. orange-white 4. blue 5. blue-white 6. orange 7. brown-white 8. brown. This is the setup on both ends for what is called a straight-thru cable. The only wires actually used are positions 1, 2, 3 and 6. When you want to connect 2 ethernet cards directly without use of a [[hub]] or [[switch]] you require a cable that is crossed-over or a cross-over cable. This is called so because positions 1 and 3 and 2 and 6 are crossed, so the end of the crossed end looks like this 1. orange-white 2. orange 3. green-white 4. blue 5. blue-white 6. green 7. brown-white 8. brown. The most common type of cabling for ethernet is category 5 cabling although there is category 5e now for gigabit. To attach the RJ-45 bits to the cabling a special tool called a RJ-45 crimper is used. Cheap version s are about $30 (CA) at cabling surplus stores.

=== Wireless LAN ===

WLAN also called Wifi was first developed at Lucent with their Wavelan product. It is a standard based around IEEE 802.11b and g. At first Wifi could speak only 11 Mbps maximum which was then upgraded to 54 Mbps with the 802.11g standard. Wifi came with built-in encryption at first called WEP but the implementation of this [[cryptography]] was breakable. It should be noted that all Wifi should be encrypted with [[ipsec]] to ensure additional security.

=== PPPoE ===

[[PPP]] over Ethernet is a hack of protocol spoken with most DSL home end-user connections. It is covered in [[RFC]] 2516 and involves packet encasulation, a packet within a packet. As a result a PPPoE user will often have to dumb down their [[MTU]] and/or [[MRU]] settings. Although the default is usually 1500, this author has the following in his ppp.conf:
set mru 1492
set mtu 1452
as the best setting for his PPPoE sDSL connection.

Full duplex

2005-10-29T16:51:51Z

Frankk: /* Forcing an interface into full duplex mode */

Full duplex means 2 channels where each channel goes in the opposite direction of the other. What this means is that at 100 Mbps full duplex you can send 100 Mbps of data and receive 100 Mbps of data for an aggregate of 200 Mbps. Collisions in full duplex cannot happen. [[Ethernet]] [[switch]]es are full-duplex most of the time.

=== Forcing an interface into full duplex mode ===

In [[OpenBSD]] you can see the media modes of an interface with the [[ifconfig]] command:

$ ifconfig -m [[variables|$xl0]]
xl0: flags=8843<UP,BROADCAST,RUNNING,SIMPLEX,MULTICAST> mtu 1500
lladdr 00:60:08:5a:86:82
media: Ethernet 100baseTX full-duplex
status: no carrier
supported media:
media none
media 10baseT
media 10baseT mediaopt full-duplex
media 100baseTX
media 100baseTX mediaopt full-duplex
media autoselect
inet 172.16.2.2 netmask 0xfffffe00 broadcast 172.16.3.255
inet6 fe80::260:8ff:fe5a:8682%xl0 prefixlen 64 scopeid 0x2

To set it to full duplex you would type:

$ ifconfig [[variables|$xl0]] media 100baseTX mediaopt full-duplex

In [[Linux]] you'd use [[mii-tool]] to see the duplex setting of an interface.

Mtime

2005-10-28T22:04:18Z

Frankk:

Time of last modification of a file, the information is taken from the [[inode]].

$ stat -s [[variables|$file]] | tr ' ' '\n' | grep mtime
st_mtime=1130490970
$ date -r 1130490970
Fri Oct 28 11:16:10 CEST 2005
$ ls -lT [[variables|$file]]
-rw-r--r-- 1 root wheel 33554432 Oct 28 11:16:10 2005 file

If a file has been modified the mtime will change to that date. The mtime can be changed in a file:

# date -r 0
Thu Jan 1 01:00:00 CET 1970
# touch -mt 197001010100.01 [[variables|$file]]
# ls -lT [[variables|$file]]
-rw-r--r-- 1 root wheel 33554432 Jan 1 01:00:01 1970 file

When a files mtime is changed the [[ctime]] will update naturally to the date when this happened.

Mtime

2005-10-28T22:04:06Z

Frankk:

Time of last modification of a file, the information is taken from the [[inode]].

$ stat -s [[variables|$file]] | tr ' ' '\n' | grep mtime
st_mtime=1130490970
$ date -r 1130490970
Fri Oct 28 11:16:10 CEST 2005
$ ls -lT [[variables|$file]]
-rw-r--r-- 1 root wheel 33554432 Oct 28 11:16:10 2005 file

If a file has been modified the mtime will change to that date. The mtime can be changed in a file:

# date -r 0
Thu Jan 1 01:00:00 CET 1970
# touch -mt 197001010100.01 $file
# ls -lT $file
-rw-r--r-- 1 root wheel 33554432 Jan 1 01:00:01 1970 file

When a files mtime is changed the [[ctime]] will update naturally to the date when this happened.

Atime

2005-10-28T19:43:55Z

Frankk:

Time of last access of a file, the information is taken from the [[inode]], only if the [[filesystem]] doesn't have the noatime option.

$ stat -s [[variables|$file_or_diskname]] | tr ' ' '\n' | grep atime
st_atime=1130490958
$ date -r 1130490958
Fri Oct 28 11:15:58 CEST 2005
$ ls -luT disk
-rw-r--r-- 1 root wheel 33554432 Oct 28 11:15:58 2005 disk

It can be helpful reading the atime of a script to see when it was last run. Perhaps an rc script to see when a service was started/stoppped/restarted.

Ctime

2005-10-28T19:43:38Z

Frankk:

Time of last change of the [[inode]]. This time is taken from the [[inode]] itself.

$ stat -s [[variables|$file_or_diskname]] | tr ' ' '\n' | grep ctime
st_ctime=1130490970
$ date -r 1130490970
Fri Oct 28 11:16:10 CEST 2005
$ ls -lcT disk
-rw-r--r-- 1 root wheel 33554432 Oct 28 11:16:10 2005 disk

Usually when the [[mtime]] gets updated the [[ctime]] will be updated as well for example when the file size changes this has to be reflected in the [[inode]].

The ctime is also a good place to check for new files written or updated in your system in the last few days (2 in this example)

$ find . -ctime -2 -print | wc -l
38

Mtime

2005-10-28T19:43:20Z

Frankk:

Time of last modification of a file, the information is taken from the [[inode]].

$ stat -s [[variables|$file_or_diskname]] | tr ' ' '\n' | grep mtime
st_mtime=1130490970
$ date -r 1130490970
Fri Oct 28 11:16:10 CEST 2005
$ ls -lT disk
-rw-r--r-- 1 root wheel 33554432 Oct 28 11:16:10 2005 disk

If a file has been modified the mtime will change to that date. The mtime can be changed in a file:

# date -r 0
Thu Jan 1 01:00:00 CET 1970
# touch -mt 197001010100.01 disk
# ls -lT disk
-rw-r--r-- 1 root wheel 33554432 Jan 1 01:00:01 1970 disk

When a files mtime is changed the [[ctime]] will update naturally to the date when this happened.

Mtime

2005-10-28T19:43:01Z

Frankk:

Time of last modification of a file, the information is taken from the [[inode]].

$ stat -s [[variables|$disk]] | tr ' ' '\n' | grep mtime
st_mtime=1130490970
$ date -r 1130490970
Fri Oct 28 11:16:10 CEST 2005
$ ls -lT disk
-rw-r--r-- 1 root wheel 33554432 Oct 28 11:16:10 2005 disk

If a file has been modified the mtime will change to that date. The mtime can be changed in a file:

# date -r 0
Thu Jan 1 01:00:00 CET 1970
# touch -mt 197001010100.01 disk
# ls -lT disk
-rw-r--r-- 1 root wheel 33554432 Jan 1 01:00:01 1970 disk

When a files mtime is changed the [[ctime]] will update naturally to the date when this happened.

Atime

2005-10-28T19:42:41Z

Frankk:

Time of last access of a file, the information is taken from the [[inode]], only if the [[filesystem]] doesn't have the noatime option.

$ stat -s [[variables|$disk]] | tr ' ' '\n' | grep atime
st_atime=1130490958
$ date -r 1130490958
Fri Oct 28 11:15:58 CEST 2005
$ ls -luT disk
-rw-r--r-- 1 root wheel 33554432 Oct 28 11:15:58 2005 disk

It can be helpful reading the atime of a script to see when it was last run. Perhaps an rc script to see when a service was started/stoppped/restarted.

Atime

2005-10-28T19:41:57Z

Frankk:

Time of last access of a file, the information is taken from the [[inode]], only if the [[filesystem]] doesn't have the noatime option.

$ stat -s [[variable|$disk]] | tr ' ' '\n' | grep atime
st_atime=1130490958
$ date -r 1130490958
Fri Oct 28 11:15:58 CEST 2005
$ ls -luT disk
-rw-r--r-- 1 root wheel 33554432 Oct 28 11:15:58 2005 disk

It can be helpful reading the atime of a script to see when it was last run. Perhaps an rc script to see when a service was started/stoppped/restarted.

Solaris

2005-10-28T19:31:57Z

Frankk:

Solaris is a UNIX operating system made at [[Sun Microsystems]]. Before version 2 it was BSD based, after version 2 it was based on [[SVR4]]. The current version is [[Solaris_10]]. It works on x86 (PC) hardware but is more commonly found on [http://www.sparc.com/ Sparc] hardware.

I'll never understand why they don't add a little more to the single "hostname" binary for example, so that when you run "hostname foo" it would update the +5 neccesary files that need touched to change ones hostname. You might want to try

sys-unconfig

Atime

2005-10-28T17:19:54Z

Frankk:

Time of last access of a file, the information is taken from the [[inode]], only if the [[filesystem]] doesn't have the noatime option. Please change the $disk [[variable]].

$ stat -s $disk | tr ' ' '\n' | grep atime
st_atime=1130490958
$ date -r 1130490958
Fri Oct 28 11:15:58 CEST 2005
$ ls -luT disk
-rw-r--r-- 1 root wheel 33554432 Oct 28 11:15:58 2005 disk

It can be helpful reading the atime of a script to see when it was last run. Perhaps an rc script to see when a service was started/stoppped/restarted.

Ethernet

2005-10-28T09:03:45Z

Frankk:

Ethernet is a method for communication also called CSMA/CD (carrier sense, media access / collision detect). It was developed at DEC first. It was cheaper than [[token ring]] for a Local Area Network ([[LAN]]) so it became the industrial standard. Ethernet has historically been used on copper cabling up to Gigabit speeds, but fibre-optic cabling is becoming very popular especially at Gigabit speeds. When ethernet is in a half-duplex setting (possibly connected to a [[hub]]) collisions can occur when two or more NICS broadcast at the same time. When a collission is detected a NIC will back off a random amount of time and try again, because the other cards also back off a random amount of time the odds are low that they will collide again. Today [[hub]]s are not used anymore but [[switch]]es which eliminate the need to put cards in [[half duplex]] mode.
If you only have one network card,
# /sbin/ifconfig -a | grep media
media: Ethernet autoselect (100baseTX <full-duplex>)
should show you what your network card is currently running at. If you have multiple cards, or are not getting the anticipated response, just try
# /sbin/ifconfig -a

On [[BSD]], once you've determined your network device you can see what options it has in section 4 of the [[Manual]]. In this case I'm using sis0:
man 4 sis

=== Thinnet & Thicknet ===
----
=== 10base2 ===

Called Thin-net or Cheapernet. Today this is not used anymore.

=== 10base5 ===

Uses coaxial cable for a range of 500 meters without repeaters. Today this is not used anymore.

=== Twisted Pair & Fibre optics ===
----

=== 10baseT Ethernet ===

Has a bandwidth of 10 Mbps (Mega bit per second). It can work in [[full duplex]] and [[half duplex]] mode. The maximum length of one copper ethernet cable between 2 NIC's is 100 meters, 200 meters if a ethernet repeater is used, which boosts the signal.

=== 100baseT Fast Ethernet ===

Has a bandwidth of 100 Mbps. It can work in [[full duplex]] and [[half duplex]] mode. The maximum length between 2 NICS is the same as 10 Mbps ethernet.

=== 1000baseT Gigabit Ethernet ===

Has a bandwidth of 1000 Mbps. It can work in [[full duplex]] and [[half duplex]] mode.

=== 10 Gigabit Ethernet ===

Has a bandwidth of 10 Gbps (Giga bit per second). It probably works in [[full duplex]] mode.

=== Twisted Pair Copper Cabling ===

Ethernet copper cabling also called Twisted Pair cabling is composed of 4 pairs of copper wire which are twisted between the pairs and also twisted around in their plastic protective coating. The twist is to ensure shielding which is questionable. The ends of ethernet cabling are connectors called RJ-45 bits. The individual wires are colour coded and are visible in the RJ-45 connector from the top. The most common sequence is 1. green-white 2. green 3. orange-white 4. blue 5. blue-white 6. orange 7. brown-white 8. brown. This is the setup on both ends for what is called a straight-thru cable. The only wires actually used are positions 1, 2, 3 and 6. When you want to connect 2 ethernet cards directly without use of a [[hub]] or [[switch]] you require a cable that is crossed-over or a cross-over cable. This is called so because positions 1 and 3 and 2 and 6 are crossed, so the end of the crossed end looks like this 1. orange-white 2. orange 3. green-white 4. blue 5. blue-white 6. green 7. brown-white 8. brown. The most common type of cabling for ethernet is category 5 cabling although there is category 5e now for gigabit. To attach the RJ-45 bits to the cabling a special tool called a RJ-45 crimper is used. Cheap version s are about $30 (CA) at cabling surplus stores.

=== Wireless LAN ===

WLAN also called Wifi was first developed at Lucent with their Wavelan product. It is a standard based around IEEE 802.11b and g. At first Wifi could speak only 11 Mbps maximum which was then upgraded to 54 Mbps with the 802.11g standard. Wifi came with built-in encryption at first called WEP but the implementation of this [[cryptography]] was breakable. It should be noted that all Wifi should be encrypted with [[IPsec]] to ensure additional security.

=== PPPoE ===

[[PPP]] over Ethernet is a hack of protocol spoken with most DSL home end-user connections. It is covered in [[RFC]] 2516 and involves packet encasulation, a packet within a packet. As a result a PPPoE user will often have to dumb down their [[MTU]] and/or [[MRU]] settings. Although the default is usually 1500, this author has the following in his ppp.conf:
set mru 1492
set mtu 1452
as the best setting for his PPPoE sDSL connection.

Firefox

2005-10-28T08:54:58Z

Frankk: /* Ad blocking */

== Ad blocking ==

Sick of seeing advertisements on webpages? It's very easy to combat this with the [http://adblock.mozdev.org adblock plugin]. If you attempt to download/install it and it fails, with a beige bar appearing across the top of your browser, and a tab on the far right of that bar that reads "Edit options", choose "Allow" and then "Okay" and then you should be able to install it okay.

If you don't want to wait while you build your own adblock rules, do a search for "adblock rules" online and download that list to your desktop. Once you've restarted firefox, hit SHIFT+CTRL+P (or go to Tools -> Adblock -> Preferences) and select "Adblock options" where you will see an option to "import filters". Use this on the adblock.txt you found from your "adblock rules" search and you should be set now. Go to your favourite ad loving website and see if you can see any banners.

Anytime you see a banner on a website now, you can simply right click on the banner and choose to adblock the image. You can also use [[wildcards]] in adblock rules which is very handy as you may have noticed in your adblock rules.

*adserver*

is one of my rules for example, which blocks any file with the word adserver in the URL.

== Remove lockfile ==

If you're forced to kill firefox, or it crashes, it will often leave a "hidden" lock file around. You will know this has happened when you open firefox and a window opens up asking if you want to to use "Default profile" or not.

find ~/.moz* -depth -name lock

This should find the lock file for you. If it has, then you can add | xargs rm to the end to remove it.

find ~/.moz* -depth -name lock | xargs rm

and now you can open firefox as per normal now.