Increase security by Locking Admin screen/console

in Categories News last updated January 31, 2006

This is especially useful for Linux/BSD/Unixish system which have multiple users with access to the console. One user may lock his or her session while still allowing other users to use the system on other virtual consoles. If desired, the entire console may be locked and virtual console switching disabled. This is really a good idea to lock your workstation which is use to control other servers in your network environment. Both FreeBSD and Linux support locking the screen option. Generally, KDE and Gnome include a locking feature. The idea is very simple secure your terminal from unwanted people.

Shell variables to auto-logout
Almost all-modern shell support some sort of auto logout option. Under BASH you need to use TMOUT variable. You can setup TMOUT in seconds, bash terminates after waiting for that number of seconds if input does not arrive. For example if you setup TMOUT 60 seconds:

$ export TMOUT=60

So, if no input (command typed) arrived it will terminate shell with following message:
timed out waiting for input: auto-logout

You can add TMOUT to your shell configuration file ~/.bash_profile file.

However, I liked tcsh shell (the default shell under FreeBSD) autologout variable. Genral syntax is as follows:
$ set autologout = (VAL1 VAL2)

VAL1 : The number of minutes of inactivity before automatic logout
VAL2 : The number of minutes of inactivity before automatic locking will take place this is optional.
For example, you can set autologout as follows.

$ set autologout = (5 10)

You can add autologout to your shell configuration file ~/.cshrc OR ~/.tcshrc.

Using vlock under Linux to lock screen
vlock is a program to lock one or more sessions on the Linux consol. Install it using apt-get or yum:

# apt-get install vlock

OR if you are a Fedora user

# yum install vlock

Now to lock your console or screen just type vlock command at shell prompt:

$ vlock

This TTY is now locked.
Please enter the password to unlock.
jadmins's Password:

Using lock command under FreeBSD/OpenBSD
The lock command requests a password from the user, reads it again for verification and then will normally not relinquish the terminal until the password is repeated.

$ lock

lock: /dev/ttyp0 on timeout in 15 minutes.
time now is Tue Jan 31 20:46:14 IST 2006

See also:

O'Reilly UG Program books news

in Categories News last updated January 31, 2006

New Releases
***Podcasting Pocket Guide
Publisher: O’Reilly
ISBN: 0596102305
Whether you’re a listener or an aspiring podcaster, “Podcasting Pocket
Guide” is a non-technical guide for the non-geek who wants in on this
revolutionary new medium. This handy guide shows you how to tune into
unique and interesting podcasts and download them to your favorite
portable device and contains an introduction to creating, recording,
publishing, and finding an audience for your own, professional-quality

***Learn to Program
Publisher: Pragmatic Bookshelf
ISBN: 0976694042
It’s now easier to learn to write your own computer software than it
ever been before. Now everyone can learn to write programs for
themselves–no previous experience is necessary. Chris Pine takes a
thorough, but light-hearted approach that teaches you how to program
with a minimum of fuss or bother. Starting with small, simple one-line
programs to calculate your age in seconds, you’ll see how to have your
web page send you email, to shuffle your music more intelligently, to
rename your photos from your digital camera, and more. You’ll learn the
same technology used to drive modern dynamic websites and large,
professional applications.>

***Dreamweaver 8 Design and Construction
Publisher: O’Reilly
ISBN: 0596101635
Whether you’re an absolute beginner or you’re switching web design
programs, “Dreamweaver 8 Design and Construction” gets you up to speed
quickly and efficiently. With speed as its watchword, Marc Campbell’s
practical hands-on guide focuses on rapid prototyping techniques for
constructing both interactive and static web sites. Clear and thorough,
it emphasizes learning by doing with short, task-oriented chapters that
use screen shots, illustrations, and sample layouts to demonstrate
theory through design solutions.>

***C# Cookbook, Second Edition
ISBN: 0596100639
Completely revised for C# 2.0, this updated bestseller offers more than
100 new code solutions to common problems that you’re sure to face as a
C# programmer. Nearly every solution or “recipe” contains a complete,
documented code sample showing you how to solve the specific problem.
Covers .NET Framework Class Libraries, interoperability, design
patterns, and much more.>

***Baseball Hacks
Publisher: O’Reilly
ISBN: 0596009429
Whether you’re a fantasy baseball fanatic, casual fan, or just a
statistically inclined mathematician, “Baseball Hacks” has something
you. This comprehensive guide walks readers through the sport’s core
statistical categories, and then demonstrates how to use this data to
truly understand baseball. Statistical analysis, data mining,
probability, forecasting, and other valuable tools are examined.>

***Essential Microsoft Operations Manager
Publisher: O’Reilly
ISBN: 0596009534
This comprehensive tutorial gives system administrators a solid
foundation for planning, implementing, and administering Microsoft
Operations Manager (MOM) 2005. Learn how to program MOM so it automates
burdensome and lengthy diagnostic tasks, making your life as a
troubleshooter easier than ever. Features practical, real-world advice
from MOM expert Chris Fox.>

***Learning Windows Server 2003, Second Edition
Publisher: O’Reilly
ISBN: 0596101236
This compact guide provides the nuts and bolts for installing,
configuring, securing, and managing Windows Server 2003. Topics include
patch management, Active Directory replication, network access
quarantining, server clustering, and more. Designed for system
administrators of all levels, “Learning Windows Server 2003, 2nd
has also been completely updated for Service Pack 1 and release R2.>

Upcoming Events
***For more events, please see:

***Digital Photography Fundamentals Workshop with Stephen Johnson,
Pacifica, CA–January 28-29
Photographer and author Stephen Johnson (“Stephen Johnson on Digital
Photography”) presents a two day class designed to provide you with the
background and understanding to transition your work into the digital
realm. The digital basics are covered here, in real world terms, with
care to make sure the concepts are understood and the complications
simplified. Those basics are built on to tackle the thorny issues of
camera design and choice, data storage, color management and printing.>

***II Conferencia Internacional de Software Libre,
Malaga, Spain–February 15-17
“Innovation and Freedom” is the theme of the Second Open Source World
conference organized by both the Andalucia and the Extremadura Regional
Governments. Stop by our booth to check out our new titles and get 30%
discount on all purchases.>

***Derrick Story at NCMUG, Rohnert Park, CA–February 21
Author Derrick Story (“Digital Photography Pocket Guide, 3rd Edition,”
“iPhoto 5: The Missing Manual,” and “Digital Photography Hacks”)
“Dumb DigiPhoto Tricks” to the North Coast Mac Users Group. There are
many serious things to do with you Mac that sometimes we forget to
Join Derrick as he shows you how to entertain yourself (and friends)
with digital photography toys and your Mac.>

Conference News
***Upcoming 2006 O’Reilly conferences
-O’Reilly Emerging Technology Conference, March 6-9 in
San Diego, California
-MySQL Users Conference, April 24-27 in Santa Clara, California–early
registration discount ends March 6
-Where 2.0, June 13-14 in San Jose, California–registration opens in
-O’Reilly Open Source Convention, July 24-28 in Portland, Oregon–
Call for Participation ends February 13; registration opens in April
-O’Reilly European Open Source Convention, September 18-21 in
Brussels, Belgium–Call for Participation ends March 6; registration
opens in May
-Web 2.0, November 7-9 in San Francisco, California

For up to date information on each conference, go to:>

***MySQL Users Conference Registration in Open
Join us at the 2006 edition of the MySQL Users Conference, the largest
gathering of MySQL developers, users, and DBAs. It is the only event
where you will be able to join the core MySQL development team and over
1000 users, open source innovators, and technology partners under one

MySQL Users Conference, April 24-27, 2006
Santa Clara Convention Center, Santa Clara, CA>

User Group members who register before March 6, 2006 get a double
discount. Use code “mys06dusg” when you register, and receive 15% off
the early registration price.

To register for the conference, go to:>

***Register for O’Reilly Emerging Technology Conference
We’re five years into the O’Reilly Emerging Technology Conference and
the stuff of which it is made shows no sign of abating: bandwidth
continues to broaden, storage grows ever larger and cheaper, and
keeps streaming from the firehose. How do we visualize all of this
digital data, filter it, remix it, and access it in meaningful ways?
coming technical challenge is not about generating digital content-we
more than enough already. It’s time to do something with that data.
It’s time
to build The Attention Economy.

O’Reilly Emerging Technology Conference, March 6-9, 2006
Manchester Grand Hyatt, San Diego, CA>

User Group members who register with code “et06dsug” receive 20% off
the conference pricing.

To register for the conference, go to:>

News From O’Reilly & Beyond
General News
***Early Access to Cutting-Edge Technology
O’Reilly’s Safari Books Online has just announced a new service called
Rough Cuts that gives you early access to content on cutting-edge
technologies months before it’s published. Rough Cuts allows you to
purchase work-in-progress manuscripts of selected titles. You’ll even
have the chance to shape the final product by sending feedback to the
author and editors. The beta version just debuted with four
works-in-progress covering Ajax, Ruby, and Flickr. For more
go to:>

Titles now available:
Ajax Hacks: Rough Cuts Version>

Flickr Hacks: Rough Cuts Version>

Ruby Cookbook: Rough Cuts Version>

Ruby on Rails: Up and Running: Rough Cuts Version>

Rough Cuts FAQ>

***What Are Syndication Feeds?
O’Reilly recently commissioned Shelley Powers, a specialist in
technology architecture and software development, to create a
comprehensive PDF document that would help webmasters manage their
incoming and outgoing feeds. Shelley produced nothing short of a
must-have reference for online publishers, titled “What Are Syndication
Feeds?” You can download it today from the O’Reilly shopping cart.>

***Hacking Online Applications for Location Awareness
Based on his work developing a stable wireless mesh platform that
true peer-to-peer multi-hop network connectivity, Chris Ngan discusses
some proof-of-concept applications that demonstrate the power of this
network infrastructure and the ease with which text/chat, voice, and
video applications can be made location-aware.>

Open Source
***PHP Easter Egg
The Easter Bunny has come early. Kevin Yank uncovers a little-known PHP
Easter Egg.

***Simplify PHP Development with WASP
Where are the all-in-one PHP frameworks that make building
and maintainable applications as easy as building simple sites? Brian
Fioca shows how to make a simple database-backed site with WASP in just
a few lines of code.>

***Running Commercial Linux Software on FreeBSD
One intriguing feature of the BSDs is their ability to run binaries for
Linux distributions. This can be very useful for running commercial
software. Michael W. Lucas demonstrates how to configure and use the
Linux compatibility layer on FreeBSD.>

***Putting Google Video onto Your iPod
There’s some pretty interesting stuff on Google Video. In this article,
Erica Sadun shows you how to download videos, convert them to an
iPod-friendly format, and load them onto your new 5G video iPod.>

***Adding a New Style Preferences Window to Your App, Part 1
In this first of two articles, Martin Redington shows you how to add a
new style preferences window to your application that behaves in all
respects exactly like the Apple preferences windows.>

***Using the Windows Mobile 5.0 Emulators in Visual Studio 2005
Emulators are a must-have for anyone developing mobile applications. To
get you started, Wei-Meng Lee shows you how to use the emulator tools
that shipped with Windows Mobile 5.0 and Visual Studio 2005.>

***An Inside Look at IPSec in Vista
IPSec management tools are not particularly intuitive in XP. But things
are going to be better in Vista. Mitch Tulloch, author of “Windows
Server Hacks,” takes a look at IPSec support in Vista, and clues you in
on what you can expect.>

***What’s Your Link Reputation?
Forget Pagerank: as Gord explains, this measure no longer allows us to
accurately or consistently predict how a page will perform in the
results. Here, he unravels the concept of link reputation, explaining
why it’s important and what it means for your site’s ranking.>

***Building a Web Community with Bribes
Building a community on the Web is one of the hardest things to do.
Chris explains some shortcuts that you can take to drastically speed up
the process.>

***Help Choose a Cover Model for the Next Head First book
JavaRanch is hosting a contest to choose a cover model for the next
First book (“Head First Objects”), due out this Spring. Examine seven
wannabe photos, decide which would work best, then craft an essay or
describing why. Try your luck at winning one of five fabulous prizes,
including the chance to have your name appear in the new book. Deadline
for entries is January 29th.>

***Using Lucene to Search Java Source Code
Most uses of the Java-based Lucene search engine are for searching
typical text documents. But what if you want to search Java code
Renuka Sindhgatta argues that this would be a boon for finding reusable
code, and shows how to adapt Lucene to parse Java code for maximum

***Spring: Integrating iBATIS
iBATIS is one of the object-relational (OR) frameworks embraced by the
Spring framework, and it’s an ideal choice for those seeking a middle
ground between full-blown OR and hand-written JDBC. In this excerpt
“Spring: A Developer’s Notebook,” Bruce Tate and Justin Gehtland show
how to integrate iBATIS with Spring.>

***O’Reilly’s New Podcasting Site
Check out our latest podcasting shows and selections:

“Distributing the Future” hosted by Daniel Steinberg
O’Reilly Media’s weekly podcast show features the technology and the
people behind what you’re using now–and what you’ll use next. This
hour program includes interviews and commentary on science, technology,
related social issues, and is good fun, to boot.>

“MAKE Audio and Video” hosted by Phil Torrone
Each week MAKE magazine delivers audio and video of amazing Makers,
inventions, do-it-yourself projects, and lab tours. Phil also showcases
how all kinds of things are made, from wireless microphones to

“FOO Casts”–Podcasts from Friends of O’Reilly
FOO Casts feature great audio interviews from O’Reilly’s editors,
authors, conference presenters, and other friends. Get a whole new
perspective by hearing an author explain a concept in a new way, or
speak on new tech topics, gadgets, and tips and techniques.

“In Our Ears & Pick of the Week Selections”–Highlights what O’Reilly
editors, authors, and readers recommend.

Digital Media
***Connect the Video iPod to TV
Did you know you can use your Video iPod with your TV? Best-selling
author Derrick Story details how you can connect the Video iPod using
standard cables and share your content on a TV any time you visit with
friends and family.>

***Jack Herrington Interviews Founder of Fake Science
James Polanco, founder of Fake Science, chats with Jack about his
popular radio show and how he started podcasting to cover digital music
news, reviews, and to showcase favorite artists. James reveals his gear
setup for recording and editing the show.>

***MAKE Contest on Digg
MAKE and are testing the delivary of the latest news and top
stories from Digg using MAKEbot. On AIM/iChat, just add MAKEbot to your
buddy list and then type “subscribe digg 1” or “subscribe diggall 1” to
get the latest/top stories from Digg every hour. (“1” is the number of
hours, but you can change that. You can also just type digg or diggall
at any time). MAKE will randomly pick a user of the MAKEbot and give
a high-speed flash photography kit, T-shirts, a year of MAKE, and our
new book, “Makers.” So add the MAKEbot and start Digging to win! If you
need help with the MAKEbot, just type “help”during your chat.

***Meet Your Fellow Makers
Find and post events, exhibits, and more with Maker events listings:>

***Try a Sample Project from MAKE:>

From Your Peers
***Photos from Macworld
Check out photos from User Group University and Macworld. Thanks to
Maria O.
Arguello, Main Line Macintosh Users Group, for sharing these with us:>
(See if you can find the photos of Tim O’Reilly saving the day by
more copies of “Mac OS X: The Missing Manual, Tiger Ed” to David
talk at the O’Reilly Booth!)

***Don’t forget to check out the O’Reilly UG wiki to see what user
groups around the globe are up to:>

Why command df and du reports different output?

in Categories Debian Linux, File system, FreeBSD, RedHat/Fedora Linux, Solaris, Suse Linux, Troubleshooting, UNIX last updated January 31, 2006

You will never notice something like this on FreeBSD or Linux Desktop home system or your personal UNIX or Linux workstation. However, sometime on a production UNIX server you will notice that both df (display free disk space) and du (display disk usage statistics) reporting different output. Usually df will output a bigger disk usage than du.

If Linux or UNIX inode is deallocated you will see this problem. If you are using clustered system (file system such as GFS) you may see this scenario commonly.

Note following examples are FreeBSD and GNU/Linux specific.

Following is normal output of df and du for /tmp filesystem:
# df -h /tmp

Filesystem     Size    Used   Avail Capacity  Mounted on
/dev/ad0s1e    496M     22M    434M     5%    /tmp

Now type du command:
# du -d 0 -h /tmp/

22M    /tmp/

Why is there a mismatch between df and du outputs?

However, some time it reports different output (a bigger disk usage), for example:
# df -h /tmp/

Filesystem     Size    Used   Avail Capacity  Mounted on
/dev/ad0s1e    496M     39M    417M     9%    /tmp

Now type du command:
# du -d 0 -h /tmp/

 22M    /tmp/

As you see, both df and du reporting different output. Many new UNIX admin get confused with output (39M vs 22M).

Open file descriptor is main causes of such wrong information. For example if file called /tmp/application.log is open by third party application OR by a user and same file is deleted, both df and du reports different output. You can use lsof command to verify this:
# lsof | grep tmp

bash   594  root  cwd   VDIR  0,86      512      2 /tmp
bash   634  root  cwd   VDIR  0,86      512      2 /tmp
pwebd  635  root  cwd   VDIR  0,86      512      2 /tmp
pwebd  635  root  3rW   VREG  0,86 17993324     68 /tmp (/dev/ad0s1e)
pwebd  635  root   5u   VREG  0,86        0     69 /tmp (/dev/ad0s1e)
lsof   693  root  cwd   VDIR  0,86      512      2 /tmp
grep   694  root  cwd   VDIR  0,86      512      2 /tmp

You can see 17993324K file is open on /tmp by pwebd (our in house software) but deleted accidentally by me. You can recreate above scenario in your Linux, FreeBSD or Unixish system as follows:

First, note down /home file system output:
# df -h /home
# du -d 0 -h /home

If you are using Linux then use du as follows:
# du -s -h /tmp

Now create a big file:
# cd /home/user
# cat /bin/* >> demo.txt
# cat /sbin/* >> demo.txt

Login on other console and open file demo.txt using vi text editor:
# vi /home/user/demo.txt

Do not exit from vi (keep it running).

Go back to another console and remove file demo.txt
# rm demo.txt
Now run both du and df to see the difference.
# df -h /home
# du -d 0 -h /home

If you are using Linux then use du as follows:
# du -s -h /tmp

Login to another terminal and close vi.

Now close the vi and the root cause of the problem should be resoled, the du and df outputs should be correct.

Linux KDE Desktop Fonts problem: edges of curves in fonts

in Categories News last updated January 29, 2006

Recently I switched my Linux Desktop from Gnome to KDE. For some weird reason my keyboard was not functioning at all under Gnome so I thought just switch to KDE. My keyboard works very well under KDE but poor font quality was my problem. The edges of curves fonts were not smooth at all.

KDE poor font quality

After looking at control panel, I found something called Use anti-aliasing for fonts option turned off. You need to turn on this option. Click on K button > Control center > Select Index tab > Select Appearance & Themes > Fonts > Select option Use anti-aliasing for fonts > Click apply:

KDE Use anti-aliasing for fonts

Now my font edges of curve in fonts are smooth and I can enjoy KDE.

Kde Smooth fonts

FreeBSD IPFILTER (ipf) outgoing passive ftp problem

in Categories News last updated January 27, 2006

FreeBSD has ipf firewall. It is based on a kernel-side firewall very easy to and configure. However if you ever use ipf firewall then you may face the FTP passive connection problem. Whether an ftp session is active or passive is determined by whether the client or the server opens the data channels. Most new firewall administrator find FTP passive connection stuff little hard to digest. FTP has many problems.

Dealing with outgoing passive ftp client
If you are using pkg_add or outgoing ftp with ipf firewall then you need to add following rule in order to passive ftp work correctly:

pass out proto tcp all keep state

Before adding above rule ftp was not working for me. Now it works perfectly. Above rule keeps state on all outbound tcp sessions, resulting into outgoing passive ftp session. Here is small script that I am using on my old FreeBSD laptop:

pass in quick on lo0 all
pass out quick on lo0 all
# for passive ftp
pass out proto tcp all keep state

pass out quick on lnc0 proto tcp from any to PORT = 53 FLAGS s KEEP STATE
pass out quick on lnc0 proto udp from any to port = 53 keep state
pass out quick on lnc0 proto udp from any to port = 123 keep state

# allow http, ftp outgoing
pass out quick on lnc0 proto tcp from any to any port = 21 flags S keep state

pass out quick on lnc0 proto tcp from any to any port = 80 flags S keep state
pass out quick on lnc0 proto tcp from any to any port = 443 flags S keep state
pass out quick on lnc0 proto icmp from any to any icmp-type 8 keep state
pass out quick on lnc0 proto tcp from any to any port = 43 flags S keep state

pass in quick on lnc0 proto tcp from to port = 22 flags S keep state
pass out quick on lnc0 proto tcp from any to any port = 22 flags S keep state

block in log first quick on lnc0 all

See ipf man page and IP Filter FAQ for more information.

How do I forcefully unmount a Linux disk partition?

in Categories CentOS, Data recovery, Debian Linux, File system, Linux, RedHat/Fedora Linux, Security, Storage, Suse Linux, Sys admin, Troubleshooting, Ubuntu Linux last updated January 27, 2006

Sometimes you try to unmount a disk partition or mounted CD/DVD disk or device, which is accessed by other users, then you will get an error umount: /xxx: device is busy. However, Linux or FreeBSD comes with the fuser command to kill forcefully mounted partition. For example, you can kill all processes accessing the file system mounted at /nas01 using the fuser command.

Understanding device error busy error

Linux / UNIX will not allow you to unmount a device that is busy. There are many reasons for this (such as program accessing partition or open file) , but the most important one is to prevent the data loss. Try the following command to find out what processes have activities on the device/partition. If your device name is /dev/sdb1, enter the following command as root user:
# lsof | grep '/dev/sda1'

vi 4453       vivek    3u      BLK        8,1                 8167 /dev/sda1

Above output tells that user vivek has a vi process running that is using /dev/sda1. All you have to do is stop vi process and run umount again. As soon as that program terminates its task, the device will no longer be busy and you can unmount it with the following command:
# umount /dev/sda1

How do I list the users on the file-system /nas01/?

Type the following command:
# fuser -u /nas01/
# fuser -u /var/www/

Sample outputs:

/var/www:             3781rc(root)  3782rc(nginx)  3783rc(nginx)  3784rc(nginx)  3785rc(nginx)  3786rc(nginx)  3787rc(nginx)  3788rc(nginx)  3789rc(nginx)  3790rc(nginx)  3791rc(nginx)  3792rc(nginx)  3793rc(nginx)  3794rc(nginx)  3795rc(nginx)  3796rc(nginx)  3797rc(nginx)  3798rc(nginx)  3800rc(nginx)  3801rc(nginx)  3802rc(nginx)  3803rc(nginx)  3804rc(nginx)  3805rc(nginx)  3807rc(nginx)  3808rc(nginx)  3809rc(nginx)  3810rc(nginx)  3811rc(nginx)  3812rc(nginx)  3813rc(nginx)  3815rc(nginx)  3816rc(nginx)  3817rc(nginx)

The following discussion allows you to unmout device and partition forcefully using mount or fuser Linux commands.

Linux fuser command to forcefully unmount a disk partition

Suppose you have /dev/sda1 mounted on /mnt directory then you can use fuser command as follows:

WARNING! These examples may result into data loss if not executed properly (see “Understanding device error busy error” for more information).

Type the command to unmount /mnt forcefully:
# fuser -km /mnt

  • -k : Kill processes accessing the file.
  • -m : Name specifies a file on a mounted file system or a block device that is mounted. In above example you are using /mnt

Linux umount command to unmount a disk partition.

You can also try the umount command with –l option on a Linux based system:
# umount -l /mnt

  • -l : Also known as Lazy unmount. Detach the filesystem from the filesystem hierarchy now, and cleanup all references to the filesystem as soon as it is not busy anymore. This option works with kernel version 2.4.11+ and above only.

If you would like to unmount a NFS mount point then try following command:
# umount -f /mnt

  • -f: Force unmount in case of an unreachable NFS system

Please note that using these commands or options can cause data loss for open files; programs which access files after the file system has been unmounted will get an error.

See also:

Elsewhere book reviews, news and more Links

in Categories News last updated January 26, 2006

So many book reviews elsewhere on the net, so here are some of the good one:

Wicked Cool Java – Programmers and technical leads will love this book

Building Online Communities with Drupal, phpBB, and WordPress – Three popular web PHP based open source applications, it is fun to read and enhance your knowledge.

The ABCs of LDAP – a good book on LDAP

Postfix: The Definitive Guide – Anyone who works with Postfix should really read this book

Beginning Python: From Novice to Professional – Tour the Python language, from basics to advanced modules.