Linux Journal/2008.09

From Omnia
Revision as of 00:29, 7 May 2021 by Kenneth (talk | contribs) (Created page with "==[http://www.linuxjournal.com/issue/173 Linux Journal 2008 09 September]== Features * Power Up Your E-Mail with Mutt by Victor Gregorio : See how Mutt's text-based display...")
(diff) ← Older revision | Latest revision (diff) | Newer revision → (diff)
Jump to navigation Jump to search

Linux Journal 2008 09 September

Features

  • Power Up Your E-Mail with Mutt by Victor Gregorio
See how Mutt's text-based display outperforms the rest.
  • Nginx: the High-Performance Web Server and Reverse Proxy by Will Reese
A leaner, meaner Apache.
  • djbdns: More Than Just a Mouthful of Consonants by Cory Wright
Upgrade from BIND to djbdns.
  • Xtreme Illustrations by Dan Sawyer
Check out Xara Extreme, a Linux-compatible alternative to Inkscape.
  • Take a Ride on the Gentoo Train by Mike Diehl
Gentoo, power and flexibility, but not for the faint of heart.

Optimized Shell Script

Alternate Image Resizing Script

declare -i multiplier=75  # in percent (integer)

filename="edit.png"

string=( $(file "$filename") )  # make an array from output
width=${string[4]}  # select width
height=${string[6]}  # select height
height=${height/,/}  # remove trailing comma

let width=($width*$multiplier)/100  # new width
let height=($height*$multiplier)/100  # new height

echo "$filename scaled: width=$width height=$height"

Sed Is Your Friend

curl -s http://www.imdb.com/chart/top | \
 sed -e 's/>/>\
/g' | \
 sed -n -e 's/.*\(\/title\/tt.*\/\).*/http:\/\/www.imdb.com\1/pg' >
top250.txt

To fetch the titles:

curl -s "$1" | \
 sed -n -e '/<title>/s/<title>\(.*\) (\([0-9][0-9][0-9][0-9]\)).*/\1 |
\2/p'

And, finally, please—cat'ing a file into a pipeline that then uses head to peel off a subset of lines?

for name in $(head -10 top250.txt)
do
 sh ./getfileinfo.sh ${name}
done

diff -u: What's New in Kernel Development

"Recently, there was a fairly significant effort to eliminate the BKL (Big Kernel Lock) by replacing it with semaphores."

"In operating systems, giant lock, which is also known as big-lock or kernel-lock, is a lock which may be used to implement a concurrency control in the kernel, which is needed for SMP support." [1]

fork on windows?

"If you understand programming on Windows and on Linux, and you need some mental exercise, try to figure how you'd implement fork() on Windows. If you want to cheat, check out cygwin/fork.cc in the Cygwin CVS. "

grok

"Be prepared. Eclipse is a large, complex tool, and you won't grok it if you invest only 15 minutes."

"To grok (pronounced /ˈgrɒk/) is to share the same reality or line of thinking with another physical or conceptual entity. Author Robert A. Heinlein coined the term in his best-selling 1961 book Stranger in a Strange Land. In Heinlein's view of quantum theory, grokking is the intermingling of intelligence that necessarily affects both the observer and the observed.

From the novel:

Grok means to understand so thoroughly that the observer becomes a part of the observed—to merge, blend, intermarry, lose identity in group experience. It means almost everything that we mean by religion, philosophy, and science—and it means as little to us (because of our Earthly assumptions) as color means to a blind man." [2]

Linux video editing

Linux video editing software: Cinelerra and Kino

"I use it either for capturing video from my Sony tape deck, compressing the video, uploading the video to the Internet Archive's Digital Tipping Point Video Collection (www.archive.org/details/digitaltippingpoint) or for doing rough video editing with Kino, such as the 4:57 minute proof-of-concept video for the Digital Tipping Point Project (www.archive.org/details/proof_of_concept_four_mins.mpg)."

"With the help of Andrew Fife and Tom Belote of Untangle.com (a networking security company) and Linux expert Drew Hess, we will be turning the Edubuntu thin-client lab into an Edubuntu hybrid client network running the programs locally but serving up the files from the Zareason.com server. The thin clients were choking the server when audio or video was attempted, so we are shifting some of the work to the clients next year. "

News: New Top-Level Domains on the Way

"In late June 2008, ICANN accepted a proposal to relax restrictions on the top-level domain namespace and, in the process, opened up the possibility for thousands of new domains.

Currently, there are only 21 top-level domains, such as .com, .org or .info, and around 240 active country-code domains, such as .us, .de and .uk. The proposed plan would allow any organization or person to apply for a customized top-level domain. "

"Before you rush to register your new top-level domain, you may want to check your bank account first. ICANN is expected to charge a minimum of $100,000 for the right to operate your own top-level domain, provided you qualify. Applicants must prove that they have a “business plan and technical capacity”. There is hope that this measure will help keep domain squatters out of the top-level namespace. "

At the Forge - Shoehorning Data into a Database

Database inheritance with PostgreSQL

"To learn how PostgreSQL allows for inheritance, read the on-line manual at www.postgresql.org/docs/8.3/static/ddl-inherit.html. "

Cooking with Linux - Browsers with the Speed of Lightning

Linux based browsers:


Links.

"Links, created by Mikulas Patocka, is a text-only Web browser that is surprisingly rich in features (Figure 1). It can display tables and frames, and it supports colors, clickable links, SSL pages, background downloads and more. Sure, it works in text, but you have never seen pages load as quickly as you will when you decide to view the World Wide Web the way many of us first saw it—sans pictures"

Links' popularity means you don't have to look far for it. Most distributions have it in their repositories. Source is, of course, available from http://links.sourceforge.net.

An update to Links, available from Twibright labs at links.twibright.com, provides a graphical interface that works even if you aren't running a graphical desktop.

For a graphical version of Links, try links-graphic.


Dillo.

Another alternative to the monster browsers of today, and one that is entirely graphical in nature, is Dillo. Created by Jorge Arellano Cid, Dillo's demands on your system are meager, and its performance is seriously snappy. It won't render complex pages or tables particularly well, but it does support image browsing and bookmarks. Dillo's small size, speed and tiny memory footprint can sometimes make up for its limited features.

Those of you feeling a little brave and willing to do a little source code compiling are invited to download the development code from the site at www.dillo.org. The classic source is also available.


Midori.

Christian Dywan's Midori, a great little Web browser whose rendering engine uses WebKit instead of Gecko. For those who may not know, WebKit is an open-source rendering engine based on KHTML, the HTML rendering engine created by the fine people of the KDE Project. Midori (Figure 4) also features tabbed browsing, custom context menus, configurable interface, JavaScript plugins and, of course, peppy rendering, courtesy of WebKit.

It's the only browser on my system to pass the Acid3 test (acid3.acidtests.org)


Kazehakase.

Hidetaka Iwai's Kazehakase, a graphical browser that uses the Mozilla Gecko rendering engine to display Web pages. As such, it doesn't lack for much when it comes to showing off Web sites as you expect to see them. Kazehakase, which means “Wind Doctor” is named after a short story by the Japanese author Sakaguchi Ango. This is a great little program that features tabbed browsing, customizable mouse gestures and keyboard shortcuts, RSS bookmarks and more.

Possibly the coolest thing about Kazehakase is its graded user interface. It's a great concept. By default, the user interface is kept as simple as possible, providing users with only the basics both in terms of menu options and configuration of system preferences. The user interface level (UI levels) can be set to beginner, medium or expert. At each level, you find additional hidden gems under the surface that let you fine-tune the browser. There are two ways to change the UI level. The first is by changing the preferences. To get to the system preferences, click Edit on the menu bar, then select Preference. The beginner UI preferences window appears with the main options to the right and a sidebar menu on the left.


Work the Shell - Spreading Out Numbers

shell scripting this month. nothing spectacular.

Paranoid Penguin - Secured Remote Desktop/Application Sessions

Run graphical applications from afar, securely.

Accordingly, it's not only possible but easy to run individual X Window System applications over TCP/IP networks—that is, to display the output (window) of a remotely executed graphical application on your local system. Because the X Window System's use of networks isn't terribly secure (the X Window System has no native support whatsoever for any kind of encryption), nowadays we usually tunnel X Window System application windows over the Secure Shell (SSH), especially OpenSSH.

Tunneling X Window System applications over OpenSSH may be a lot easier than you imagine. All you need is a client system running an X server (for example, a Linux desktop system or a Windows system running the Cygwin X server) and a destination system running the OpenSSH dæmon (sshd).

mick@mylaptop:~$ ssh -X admin-slave@remotebox

Note the -X flag in my ssh command. This enables X Window System forwarding for the SSH session. In order for that to work, sshd on the remote system must be configured with X11Forwarding set to yes in its /etc/ssh/sshd.conf file. On many distributions, yes is the default setting, but check yours to be sure.

Next, to run the GNOME System Monitor on remotebox, such that its output (window) is displayed on mylaptop, simply execute it from within the same SSH session:

admin-slave@remotebox:~$ gnome-system-monitor &


VNC.

Originally a project of the Olivetti Research Laboratory (which was subsequently acquired by Oracle and then AT&T before being shut down), VNC uses a protocol called Remote Frame Buffer (RFB). The original creators of VNC now maintain the application suite RealVNC, which is available in free and commercial versions, but TightVNC, UltraVNC and GNOME's vino VNC server and vinagre VNC client also are popular.

VNC's strengths are its simplicity, ubiquity and portability—it runs on many different operating systems. Because it runs over a single TCP port (usually TCP 5900), it's also firewall-friendly and easy to tunnel.


SSH Tunneling.

On mylaptop (the system from which you want to connect to remotebox), open a terminal window, and type this command:

mick@mylaptop:~$ ssh -L 20226:remotebox:20226 admin-slave@remotebox

OpenSSH's -L option sets up a local port-forwarder. In this example, connections to mylaptop's TCP port 20226 will be forwarded to the same port on remotebox. The syntax for this option is “-L [localport]:[remote IP or hostname]:[remoteport]”. You can use any available local TCP port you like (higher than 1024, unless you're running SSH as root), but the remote port must correspond to the alternative port you set vino to listen on (20226 in our example), or if you didn't set an alternative port, it should be VNC's default of 5900.


Resources:

The Cygwin/X (information about Cygwin's free X server for Microsoft Windows): http://x.cygwin.com.

Tichondrius' HOWTO for setting up VNC with resumable sessions—Ubuntu-centric, but mostly applicable to other distributions: http://ubuntuforums.org/showthread.php?t=122402.

Hack and / - Do the Splits

there are four main programs I run in terminals: mutt, vim, screen and irssi


Mutt.

To use ten lines for this feature, simply add the following:

set pager_index_lines=10

to your ~/.muttrc.


Vim.

:split

By default, vim shows the same file in both panes. Press Ctrl-W, and then use the regular HJKL keys (or arrow keys if you aren't a home-row junkie like me) to navigate between panes. So, if I had made a horizontal split and wanted to open a new file in the bottom pane, I would press Ctrl-W J to move the cursor to that pane, and then I would type :open filename to open the new file. When you are finished with a particular pane, make sure the cursor is in that pane, and then save and close the file in the normal fashion.


Screen.

One way I commonly use screen is for irssi, a command-line-based IRC client. I open irssi within screen on a server that is always up. Then, no matter where I am, I can connect to the remote server and resume my irssi session, which always stays connected.

To split the pane within screen, press Ctrl-A Shift-S. Then, you can press Ctrl-A Tab to move your cursor between the two panes. You will notice that the bottom pane is empty at the beginning. Once you have moved the cursor to it, you either can switch to a currently open window with Ctrl-A <number>, or you can press Ctrl-A C to create a new window in that pane. Screen also supports multiple panes. Simply press Ctrl-A Shift-S a second time to split the session into three equally sized panes. When you are ready to close a pane, press Ctrl-A Tab until it has the cursor, and then press Ctrl-A Shift-X to close that pane.


irssi.

Irssi is definitely my favorite IRC client, and I probably spend as much time in it as I do in any other command-line program. It also supports an interesting split-screen feature that takes some getting used to. Basically, each channel you join in irssi ends up in its own numbered window. On my setup, I always have particular channels set to open in a particular window, so when I press Alt-7, for instance, I always will go to #linuxjournal. Sometimes you have a lot of activity going on in more than one channel and want to monitor all of them. So, for instance, if I want to view both #linuxjournal (in window 7) and #nblug (in window 4), and I already am in #nblug, I could type:

/window show 7

Irssi split windows become interesting once you start switching beyond two windows. Going back to the example, if I press Alt-5 now (my #knoppix window), the bottom window changes to that channel. By default, irssi makes the top window in a split screen “sticky”, so that it appears no matter what other windows you switch to along the bottom. If I want to turn off sticky mode for that window I would type:

/window stick 7 off

Once you are finished with your split screen (or if you are getting confused and want to turn it off), type:

/window hide

Power Up Your E-Mail with Mutt

Are you a system administrator who regularly needs a quick way to test e-mail servers? Tired of dealing with your laptop's mouse pad to read and send e-mail? Want to use Vim or Emacs to compose your e-mail? If any of these apply, Mutt will seduce you.

The first obvious advantage of Mutt is its small memory footprint

Another advantage of Mutt is the text-based display.

First, install Mutt. I recommend using Mutt 1.5.17 or newer.

use yum, apt-get or compile the source code from www.mutt.org.

Create and edit a ~/.muttrc file, and add the following configuration options (make sure to fill in your account specifics):

set from="YOUR NAME <USER@gmail.com>"
set imap_user=USER@gmail.com
set imap_pass=PASS

VIM Spelling

For spell-checking, I like Vim's spell-check as-you-type feature. Use these settings in your ~/.vimrc to underline misspelled words in red:

set spell
set spell spelllang=en_us
set spellfile=~/.vim/spellfile.add

highlight clear SpellBad
highlight SpellBad term=standout ctermfg=1 
highlight SpellBad term=underline cterm=underline
highlight clear SpellCap
highlight SpellCap term=underline cterm=underline
highlight clear SpellRare
highlight SpellRare term=underline cterm=underline
highlight clear SpellLocal
highlight SpellLocal term=underline cterm=underline

Once Vim's spell-checking is enabled, you have these options available to you when your cursor is over a misspelled word:

  • zg to add a word to the word list.
  • zw to reverse.
  • zug to remove a word from the word list.
  • z= to get list of possible spellings.

Nginx: the High-Performance Web Server and Reverse Proxy

Although Apache is an excellent Web server, what if there were an alternative with the same functionality, a simpler configuration and better performance? That Web server exists, and it's called Nginx.

Nginx, pronounced “Engine X”, is a high-performance Web server and reverse proxy. It was created by Igor Sysoev for www.rambler.ru, Russia's second-largest Web site. Rambler has used Nginx since summer 2004, and it's currently serving about 500 million requests per day. Like Apache, Nginx is used by some of the largest Web sites in the US, including WordPress (#26), YouPorn (#27), Hulu and MochiMedia. As of May 2008, Nginx is the fourth-most-popular Web server, and it is currently serving more than two million Web sites. As it is only trailing behind Apache, IIS and GFE, it is effectively the second-most-popular Web server available for Linux.

Why Use Nginx?

Like Apache, Nginx has all the features you would expect from a leading Web server:

  • Static file serving.
  • SSL/TLS support.
  • Virtual hosts.
  • Reverse proxying.
  • Load balancing.
  • Compression.
  • Access controls.
  • URL rewriting.
  • Custom logging.
  • Server-side includes.
  • WebDAV.
  • FLV streaming.
  • FastCGI.

I ran a simple test against Nginx v0.5.22 and Apache v2.2.8 using ab (Apache's benchmarking tool). During the tests, I monitored the system with vmstat and top. The results indicate that Nginx outperforms Apache when serving static content. Both servers performed best with a concurrency of 100. Apache used four worker processes (threaded mode), 30% CPU and 17MB of memory to serve 6,500 requests per second. Nginx used one worker, 15% CPU and 1MB of memory to serve 11,500 requests per second.

It is generally a good idea to test the Nginx configuration file for errors before reloading:

# nginx -t
# /etc/init.d/nginx reload

To determine the maximum number of concurrent requests, you simply multiply worker_processes by worker_connections.

Apache Benchmarking Tool

Apache v2.2.8 using ab (Apache's benchmarking tool)

Tech Tip - A Quick but Not Dirty Way to Create man Pages

Not found online!!! (pg 67)

txt2man converts flat ASCII text into the man page format. This allows you to author man pages without knowledge of nroff macros. It's a shell script that uses GNU awk, and it should run on any UNIX-like system. The script is available at mvertes.free.fr/txt2man/txt2man.

txt2man can generate its own man page for viewing on the screen via:

# txt2man -h 2>&1 | txt2man -T

The text source for the man page for txt2man is contained in the script itself; therefore, the source of the script shows you all you need to know to use txt2man.

djbdns: More Than Just a Mouthful of Consonants

Recently released into the public domain, djbdns is a fast and secure replacement for BIND.

A Brief History of BIND and djbdns

For the first 15 years of the Internet as we know it, there was only one real choice when it came to DNS server software: BIND. BIND began life as a project by several graduate students at the University of California, Berkeley (thus the acronym, the Berkeley Internet Name Domain). In the early 1990s, the Internet Systems Consortium (ISC) was created to maintain, distribute and support this critical software formally. The ISC released BIND 8 in May 1997 as a major update to the aging BIND 4. Although there were major configuration differences, both BIND 4 and 8 were based on the original Berkeley code from the early and mid-1980s. While trying to raise funding for a major rewrite, one of BIND's authors described this code as “sleazeware produced in a drunken fury”. A new team worked on the rewrite for several years, and BIND 9 was released formally in September 2000.

After years of dealing with security problems in BIND and frustration with its configuration syntax, Dan J. Bernstein began work on djbdns in 1999. Bernstein (or DJB as he is commonly known) already had made a name for himself as the author of qmail, the mail server software that was quickly gaining popularity among system administrators. At the time, Sendmail was the dominant mail server on the Internet, and, like BIND, it was notoriously difficult to configure and had a history of security problems. Bernstein's “thinking outside the box” design decisions about security and configuration simplicity not only catapulted qmail to success, but it also affected the way developers thought about writing software for the increasingly volatile Internet (Postfix, Courier and others were inspired by qmail's security partitioning design). Now that Bernstein had secured and simplified mail, it was time to do the same for DNS. The first alpha of djbdns was released in December 1999, and the current version, djbdns 1.05, eventually was released on February 11, 2001. That's right, the current version is more than seven years old. Remember, DNS is an old protocol, and it doesn't change very often. BIND software updates almost always are for bugfixes or security patches.

In the past, Bernstein's software was controversial because it lacked an explicit license. OS vendors were reluctant to distribute his packages because of the uncertainty around its licensing. However, in December 2007, Bernstein placed djbdns (as well as daemontools and qmail) into the public domain, allowing people to use or distribute it as they see fit.

Why djbdns?

BIND has been around since the earliest days of the Internet. It's still the most popular DNS server out there, so why should you consider switching to djbdns? For one, djbdns does not have BIND's history of problems. BIND's security record is on par with Sendmail's (not something to be proud of), and configuring it beyond the basics can be downright painful.

To complicate things further, BIND blurs the distinction between the different functions of DNS. There are two primary types of DNS services: DNS caches (also called recursive DNS servers) and DNS servers (also called authoritative servers or name servers).

Although these are completely different services, BIND uses the same server for both. This may seem handy, but it complicates the configuration and quickly can become a security headache.

On the other hand, djbdns adheres to the UNIX philosophy of “do one thing, and do it well”. The server components of djbdns are separated, with dnscache as the caching component and tinydns as the authoritative server.

This separation allows each program to run individually chrooted as its own unprivileged user. If an attacker is able to crash your DNS cache, it will not impact your authoritative DNS service. A side effect of this is that dnscache and tinydns need separate IP addresses, so that each may bind to port 53. You can't run both on the same IP address.

Using tinydns, an Authoritative DNS Server

If you have ever run BIND as an authoritative DNS server, it is likely that at some point you neglected to increment the serial on an SOA record, overlooked a missing semicolon somewhere or simply forgot to append a period (.) at the end of a record. These are just a few of the common mistakes people make when dealing with BIND's zone files. If you have been bitten by any of these issues, you probably remember the trouble it created for you. These errors can cause big headaches (just ask Google).

tinydns, the authoritative DNS server in djbdns, takes an entirely different approach and makes it much more difficult to get yourself in trouble. One major difference is that instead of separate zone files for each domain, tinydns uses a single text file named data to store every record of every domain. This data file is then compiled into a very fast database in cdb format. Of course, if you prefer managing domains in separate files, you still can, just concatenate them together before compiling the database.

daemontools

daemontools is a collection of tools for managing UNIX services. Like most of Dan Bernstein's software, djbdns relies on daemontools.

daemontools services are created in directories, and they must contain an executable script named run. To start a service, you simply create a symbolic link from that directory into /service. Within five seconds, the svscan process will notice the new service, start it and begin monitoring it.

Logging is handled by the multilog program from the daemontools package. Anything written to standard output by the program is recorded in the processes log file, named current. Typically, the logs are stored within the service directory. For example, dnscache's logs would be in /service/dnscache/log/main/current. multilog automatically rotates the current file once it reaches a certain size.

These days, I prefer the Ubuntu server distribution, which recently introduced the upstart replacement for init. I've written a patch for daemontools to make it compatible with upstart. See dnsfool.com/tips for the patch. daemontools is available from cr.yp.to/daemontools.html.

Installing djbdns

# tar xzf djbdns-1.05.tar.gz
# cd djbdns-1.05
# echo gcc -O2 -include /usr/include/errno.h > conf-cc
# make
# make setup check

TAI64 timestamps for tinydns

Records in tinydns-data format can have a timestamp that is used to expire or activate the record at a certain time. Here is a simple command that can be used to generate timestamps for use with tinydns records.

printf 4%015x\\n "$((10+$(date -d "2008-10-15 02:00" +%s)))"

DNS Replication

BIND servers use zone transfers to replicate DNS data between servers. This process is rather complicated, has a history of problems and is not exactly easy to configure. Instead, Bernstein recommends using existing data transfer tools, such as rsync or scp, that are known to be fast, efficient and secure.

update /service/tinydns/root/Makefile:

remote: data.cdb
    rsync -az -e ssh data.cdb \
        192.168.10.30:/service/tinydns/root/data.cdb
data.cdb: data
    /usr/local/bin/tinydns-data

Resources

Google Disappearing Act: tinyurl.com/ckx6x

daemontools: cr.yp.to/daemontools.html

DNS Fool Tips: www.dnsfool.com/tips

How to Install djbdns, by D. J. Bernstein: cr.yp.to/djbdns/install.html

Paul Jarc's cache-effect.pl: code.dogmap.org/djbdns

Mike Babcock's dnscacheproc.py: mikebabcock.ca/code/dnscacheproc

Replicating Your DNS Service: cr.yp.to/djbdns/run-server.html#replicate

Cory Wright has an unhealthy obsession with DNS. Once the Lead DNS Systems Engineer for Rackspace, he is now a developer and sysadmin at www.natuba.com. He enjoys beating Will Reese at foosball and Wii Tennis. His Web site is at dnsfool.com.

Take a Ride on the Gentoo Train

Gentoo is a completely source-based distribution, which means you don't install software by installing precompiled binaries using a package manager. With Gentoo, you compile almost everything from scratch, under the control of the Gentoo package manager, known as emerge.

As Indiana Jones once said, “We walk from here”. From this point, we perform all of the installation steps manually.

The Gentoo documentation is excruciatingly thorough, and although I don't recommend you send it to the laser printer, it is very much worth reading. Fortunately, it's also color-coded, so experienced Gentoo users quickly can go through the steps without skipping a beat. The documentation walks you through partitioning and formatting the drive and installing a base system, upon which the rest of the system builds.

When you first log in to a new Gentoo system, you're faced with a completely stripped-down version of Linux—no port mapper, no Apache, no (x)inetd, nothing. The SSH dæmon isn't even running by default! This is kind of the fork in the road. Are you building a Web server, a file server, a mail server or a desktop? Now you simply install the software that needs to be installed, and only the software that needs to be installed.

Portage is Gentoo's package management system. Although made up of a bunch of shell scripts, portage essentially is a database that tells emerge, the Gentoo software installer, how to download, build and install any given software package. Portage also takes care of calculating package dependencies. Installing a new software package is as easy as typing emerge apache, and emerge determines what other software packages are required, downloads all the needed packages, compiles them in order and installs the resulting binaries. Although not tied to a graphical environment, it is a pretty nice way to install software.

If you tend to prefer a more graphical experience, kuroo allows you to do anything that emerge can do, but with a point-and-click interface. Not much could be easier.

Source-based software installation is pretty slick, but Gentoo's use flags are what makes it as customizable as it possibly can be. Use flags are mechanisms that let you decide what optional features should be compiled into the system. For example, by setting or resetting the MySQL use flag, you can determine whether Qt is compiled with MySQL support. If you leave out the MySQL support, you also get rid of the MySQL dependency. So, by carefully tweaking the use flags, you can pare a system down to its bare necessities, and bare necessities are easier to secure and maintain.

Another benefit of installing from source is that you can configure GCC to take advantage of the particular chipset you are using. This feature, as well as the use flags, is configured in /etc/make.conf. By telling Gentoo that you are using an AMD processor, for example, you enable GCC to compile your software to take advantage of any AMD-specific instructions. Gentoo systems that run on a Pentium 4 computer will take advantage of the features of the P4 that are lacking from the PIII, AMD or PowerPC architectures.

I have to say, the Gentoo community is one of the stronger arguments for using Gentoo in the first place. The community understands that Gentoo has a learning curve, and they are more than up to the task of helping people climb it.

The Story of Firefox: from Underdog to Superhero

Firefox story

Spread Firefox campaign's advertisement in the New York Times: www.mozilla.org/press/nytimes-firefox-final.pdf

Tech Tip - Monitoring Processes with Kill

Not found online! (pg 87)

kill -0 will not terminate a process, but will return a status that can be used to determine whether a process is running.

$ echo $$  # show our process id
12833
$ /bin/sh  # create a new process
$ echo $$  # show new process id
12902
$ kill 09 12902
$ echo $?  # exists, exit code is 0
0
$ exit     # return to previous shell
$ kill -0 12982
bash: kill: (12982) - No such process
$ echo $?  # doesn't exist, exit code is 1
1
# kill -0 $(cat /var/run/cron.pid)
# echo $?
0

Tech Tip - Easily Remove an Application after Installing from Source

Not found online! (pg 94)

checkinstall

asic-linux.com/mx/~izto/checkinstall