Open Agenda
We'll start with a open discussion of GRUB and texinfo/info. If you have expertise that you'd like to share with the group I'd encourage you to attend and flesh out the program.
There are some simple things that you often need to do with GRUB in an 'emergency'. Things like start in a different run level. These often aren't easy to find in the documentation. We'll also take a look at how GRUB handles errors and the features/limitations there. We'll modify the config file. Pretty high level.
The GRUB documentation is in info. We'll show how to navigate the info pages, which is pretty straighforward, but maybe not obvious if you haven't done it before.
The visual aid/agenda is written as a texinfo/info document and if there is interest we can go into how to do this. Also, texinfo can be cast to many different formats: PDF, HTML, docbook, and a few other. We can demo this too.
Meeting Summary
The meeting started out by trying to configure a pcmcia wireless card in an HP laptop. The bases were covered with iwconfig and ifconfig, but the card wasn't working. My damaged laptop won't run in graphics mode on my monitors at home, but had no trouble running the projector in graphics mode. This was discussed a bit, but no real explaination was given (since the monitors work fine with the desktops).
GRUB was discussed. How to modify the configuration and kernel parameters at boot time was demonstrated. The configuration file was reviewed and some differences between GRUB and LILO were discussed. A bad configuration file was booted to show how GRUB deals with errors and to show how they can be addressed.
Before reviewing the GRUB info file, the info info file's navigation section was discussed. Info files are akin to man pages, only different. Armed with this knowledge, we then reviewed the GRUB info file, exploring various sections where an interest was expressed.
Automate your task - Open Agenda
Selenium is technically a tool for testing web pages. But, it can be used to log into a site automatically and retrieve information. It is a Firefox extension from openqa:
http://openqa.org/selenium-ide/
http://openqa.org/selenium-ide/
curl and wgetare command line tools for downloading information. They both support using cookies and can be made to log into a site and get information. I found one to work better that the other.
If we have web access, we'll demo these live. If not, I have some canned results or might be able to run against localhost.
ONE NIGHT ONLY - October 12th second Thursday
Following Brian Lavender's slide show and tales from behind the iron curtain on his recent stay with the Linux User Group of Havana, Cuba that unrepentant hacker Linus Sphinx will present part 3 of his continuing XML series,
"Lethal Codin' III" "this time it's portable"
in which he will walk through the original design and conversion of the example game from part II into a completely table/frame/flash free interactive graphical wonder demonstrating the awesome power of AJAX, CSS2, XHTML, XML and XSLT that may just alter your perception of web design completely as you witness his fledgling MMORPG staggering to it's feet.
A ONCE A YEAR EVENT - DON'T MISS IT
A good meeting that pretty much lived up to the hype. Both talks were good. 6 Books from O'Reilly were given away during the brief intermission between talks.
The meetings started with a discussion of some of the features and issues with sudo. Everyone was familiar with su, so that wasn't covered. The meat of the man pages were discussed and /etc/sudoers was edited using visudo. A users was created to show how to implement various restrictions.
The discussion them moved on to ACL's. There was some discussion on whether on not ACL's are dependent on SELinux. Without a detailed review of the code, it's hard to say for sure, but the documentation doesn't indicate any relationship. A file system was mounted with the ACL option on and some web resources were reviewed. How ACL's build upon the standard POSIX owner, group, user paradigm was discussed. A good working body of knowledge was provided without going into some of the finer points. Using ACL's and the setfacl and getfacl commands were demonstrated as the permissions for a user were modified. ACL's have been part of the kernel since 2.4.
The meetings started a little off-turf with a discussion of some of the J2EE persistence mechanisms and frameworks.
It then moved on to a comparison of SVN and CVS for version control. Progress that has been made by the SVN group was discussed. The change for the original database to the fsfs database was discussed. There was speculation that the fsfs database might retain more of some of the positive attributes of a file system, such as used by CVS. Although some felt that there were advantages to SVN over CVS, CVS was still being used. The main reasons for this were inertia and the effort required to change existing projects. Some members felt that SVM wasn't "better enough" to justify changing.
There was also a discussion of wireless access point security. The fact that the access point is on the same side of the firewall as you local lan is an issue. The appropriatness and advantages and limitations of MAC address restriction over WEP was discussed in cases where older hardward doesn't support WPA.
There was an open discussion on encryption. The meeting started with a brief discussion of how to create and use a loopback device as an encrypted file system. There was then some discussion of symetric vs. asymetric keys and the advantages of asymetric keys for certain applications and how this relates to verifying someones identity, etc.
In this context, stunnel and the -L and -R options for ssh were discussed. These two functions are very similar in what they can do. Basically, you can take an application that communicates over a network in an insecure fashon and create a secure tunnel for it to use. This makes the unencrypted, insecure communication stream, encrypted and secure. The main difference seems to be that ssh has to use the ssh port, whereas stunnel can use any port.
Next gpg and openssl were discussed. There is some overlap in features here. Openssl and gpg can both generate public/private key pairs. They can both generate message digest. The uses and limitations of message digest were briefly discussed. The syntax for the commands in each app is similar. Openssl can also generate certificates and certficate chains. Gpg can encrypt and decrypt messages/files. When we used gpg to create a key pair, we could see the keystroke randomizer work.
A simple message was encrypted and decrypted using gpg. We then went on to other file encryption applications, ccrypt and bcrypt. The man page documentation for ccrypt is pretty good. This, in addition to the gpg how-to pages, is a good reference for encryption technology. Ccrypt can use a variety of algorythms, whereas bcrypt uses only blowfish. I was perplexed as to why there wasn't any information on decrypting on the bcrypt man page. Apparently, its because the bcrypt/blowfish algorythm uses a symetric key and so you run the same command to encrypt or decrypt. Another difference is that ccrypt overwrites the original plain text file with the encrypted version. Stopping half way is a problem. Bcrypt writes the encrypted file as a new file. It then overwrites the original plain text file with random data multiple times. Also, bcrypt automatically compresses the file before encryptions, whereas ccrypt has no compression feature.
We also looked at where the various keys and certificates needed for encryption, decryption, and identification are stored. Then we looked at how a browser manages these and the RCL (Revoked Certificate List).
Milton Bailey started the meeting with an overview of file permissions with examples and demos. The other members put forward use cases and the group would try to respond with how they would be set up. This led to a discussion of setfacl and file access control list.
The group then moved on to sudo, the sudoers file, and su. How various members of the group were using sudo and some of the major things to avoid was discussed. We finished up the "formal" part of the meeting by discussing SELinux. No one seems to be using it much, although some members have it enabled. This lead to the access control aspects of chroot and virtualization technologies, such as Xen.
We started with a discussion of Linux HDTV cards. Then a new visitor to the meetings joined us and we discussed their experience with Linux and how they were using it. After about an hour of open discussion, we started playing with iwconfig, ifconfig and route to set up the wireless card on the laptop. We had a wireless route/gateway to talk to. We didn't get it to work at the meeting, but when I took the setup home, and change the routing to match my home network, it worked just fine. Must be the live demo effect.