$ARGV[0] $Size bytes\n";
$Sum = unpack("%32C*", $OutBuf);
foreach $j (1,2) {$Sum = ($Sum & 0xffff) + int($Sum/0x10000)}
open(PIPE, "| Mail -s" .
"'$ARGV[1] part $Count/$Total size/sum $Size/$Sum' $ARGV[0]");
$j = $Count ; while (length($j) < 3 ) { $j = "0" . $j }
$j = dirname($ARGV[1])."/".$j if dirname($ARGV[1]) ne ".";
print PIPE "begin 644 ",$j,"_", basename($ARGV[1]),"\n",
pack("u",$OutBuf),"\`\nend\n";
close(PIPE) } if $Count gt 0;
$Count++; $OutBuf = $InpBuf } until $InpLen lt 1;
Perl lends itself to this application through the form of its 'read'
statement, which allows us to specify the number of bytes which it should
try to acquire into a designated string. As can be seen, we just keep
reading from standard input until an empty string is returned in
'$InpBuf'. Each time we get a non-empty string, we uuencode whatever
content is currently in '$OutBuf' and push it into a mail program. We then
store the contents of '$InpBuf' in '$OutBuf' ready for our next iteration.
Perl is able to perform a uuencode operation on a string by using its
'pack' statement as shown with a 'u' parameter; no additional modules are
required. It's not really necessary - but we also take advantage of the
'unpack' statement's characteristics to compute a checksum on each part as
it is sent.
You may observe that we actually open a pipe into the Unix/Linux 'Mail'
program to handle our outgoing mail. For greater portability, we could
install and use the Net::SMTP module.
The program can be invoked with an optional part-size parameter to adjust
its default un-encoded part-size limit of 700kb.
Programs Which Do Similar Things
Some of you may recognize that this sort of message-splitting is exactly
the sort of thing we did in "Secure Printing with PGP". For those of you
who are interested, there are updated versions of the programs presented
therein at: "CPAN Scripts Repository". Those programs use the
RFC-recommended "Base64-encode then split" methodology.
An earlier article "A Linux Client for the Brother Internet Print
Protocol" included a shell script which used a "split then send parts"
methodology; this also used Base64 encoding.
[BIO] Graham is a Unix Specialist at IBM Global Services, Australia. He
lives in Melbourne and has built and managed many flavors of proprietary
and open systems on several hardware platforms.
----------------------------------------------------------------------
Copyright (c) 2003, Graham Jenkins. Copying license
http://www.linuxgazette.com/copying.html
Published in Issue 86 of Linux Gazette, January 2003
----------------------------------------------------------------------
+------------------------------------------------------------------------+
| LINUX GAZETTE | Security with PHP Superglobals |
| ...making Linux just a little more | By David Lechnyr |
| fun! | |
+------------------------------------------------------------------------+
"Avoid strange women and temporary variables." -- Anonymous
A few years ago, my wife and I decided to go on a skiing trip up north. To
reserve skiing equipment, you had to give 24 hours advance notice using
the ski lodge's on-line website. The catch was that my wife had asked me
to make the reservations 23 hours before the deadline.
So I got to thinking, and examined the online website, which would not let
you make any reservations within the 24 hour timeframe. However, once you
selected an appropriate date, I noticed that the URL was:
https://www.somewhere.com/reservations.php?date=01-23-01
It occurred to me that, while they had locked down security on what dates
I could choose from, the final value was placed into a GET statement at
the end of the web address. I modified the web address to use
"date=01-22-01" and indeed, our skies were waiting for us first thing the
next morning (we paid for them, of course).
This innocent yet practical example is just one of the dangers we have to
be aware of when using any programming language that can be used in ways
that we did not intend, which leads us into our discussion on PHP
Superglobals.
Forms
To understand Superglobals, it is critical that you understand how data is
passed from one web page to another (e.g., forms). Specifically, you must
be aware of two methods known as GET and POST. You should also probably be
familiar with the HTML
This is standard, nothing-fancy HTML form code that asks for some
information and then submits the data to the file "process.php" . The
critical bit here is the method declaration, which tells the form how to
submit the data, for which we need to digress for a moment or two (hold
your breath):
For those that recall the early days of HTML, forms were provided by means
of the HTML tag. By inserting this tag into the HEAD of your
HTML documents, a text field appeaed where you could fill out input. As
the new HTML+ standard evolved, a
When you clicked Submit, your web browser would take the values you filled
out in the form and redirect you to this web address:
http://www.fluffygerbil.com/process.php?yourname=fred+smith&email=fred@nowhere.com&comment=I+have+no+comment
Notice how the values of the form are part of the web address itself?
That's the essence of GET.
For the curious, what is actually sent in the raw HTTP transmission to
accomplish this transaction is:
GET
/process.php?yourname=fred+smith&email=fred@nowhere.com&comment=I+have+no+comment
HTTP/1.0
Accept: image/gif, image/x-xbitmap, image/jpeg, */*
Accept-Language: en-us
User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; Q312461)
Host: www.fluffygerbils.com
Connection: keep-alive
POST
With POST, the variables and their values are sent in the body of the URL
request, not the header. The advantages of this type of data transmission
is that there is no limit to the size of the data being sent since it is
contained in the body of the HTTP request, not the header. Also, if
you're using an SSL connection, the data will be encrypted too, what a
deal. :) For example, a web page that has a form statement like:
When you clicked Submit, your web browser would take the values you filled
out in the form and redirect you to this web address:
http://www.fluffygerbil.com/process.php
Notice how the values of the form are not part of the web address itself?
That's the essence of PUT.
For the curious, what is actually sent in the raw HTTP transmission to
accomplish this transaction is:
POST /process.php HTTP/1.0
Accept: image/gif, image/x-xbitmap, image/jpeg, */*
Accept-Language: en-us
Content-Type: application/x-www-form-urlencoded
User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; Q312461)
Host: www.fluffygerbils.com
Content-Length: 94
Pragma: no-cache
Connection: keep-alive
yourname=fred+smith
email=fred@nowhere.com
comment=I+have+no+comment
So What?
So, why is all this background information useful? When you install PHP
4.2.2 or later, you might happen to notice that when compiling PHP, it
states:
+--------------------------------------------------------------------+
| *** NOTE *** |
| The default for register_globals is now OFF! |
| |
| If your application relies on register_globals being ON, you |
| should explicitly set it to on in your php.ini file. |
| Note that you are strongly encouraged to read |
| http://www.php.net/manual/en/security.registerglobals.php |
| about the implications of having register_globals set to on, and |
| avoid using it if possible. |
+--------------------------------------------------------------------+
Which means that PHP will be ultra-paranoid about the data that is passed
to it, and will require that you state which method the data should be
coming from. Also, you should be aware that there's more ways to send
data to your PHP pages than just via GET and POST:
Superglobals
Which brings us to Superglobals, a relatively new concept to PHP. For
example, the above diagram presents a slight problem: If you're working
with the variable $yourname, how do you know that during your script it
hasn't been redefined by one of these six other methods of variable
assignment by someone attempting to hack into your script? For example,
imagine having someone who has managed to upload a PHP script to your
webserver that performs the following (php exploit by Daniel Phoenix):
Wouldn't it be great to have a way to isolate variables based on how the
data gets assigned to it in the first place? Superglobals allow you to
specify which variables received by a specific method should be used.
Superglobals are PHP's attempt at helping you determine where a particular
value comes from. If you haven't heard of this new feature as of PHP
4.1.0, you'll want to start adapting to it. Most PHP training books don't
touch this subject, so you will need to be aware of how to transition to
this new input method. Ultimately, you should re-visit your
/usr/local/lib/php.ini file and make the following change:
register_globals = Off
This will prevent the ability for any user-submitted variable to be
injected into your PHP code and can reduce the amount of variable
poisoning a potential attacker may inflict. They will have to take the
additional time to forge submissions, and your internal variables are
effectively isolated from user submitted data. If a user then tried to
fill out a form, the server wouldn't assign any data to the global
variables $name, $email, or $comment. Instead, it would divide up the data
into the following hashed arrays:
$_POST['name']
$_POST['email']
$_POST['comment']
The main Superglobal arrays are:
�1. $_GET['variable'] - Variables provided to the script via HTTP GET.
Analogous to the deprecated HTTP_GET_VARS array
�2. $_POST['variable'] - Variables provided to the script via HTTP POST.
Analogous to the deprecated $HTTP_POST_VARS array
The other, less-common Superglobal arrays are:
�1. $_COOKIE['variable'] - Variables provided to the script via HTTP
cookies. Analogous to the deprecated $HTTP_COOKIE_VARS array
�2. $_REQUEST['variable'] - Variables provided to the script via any user
input mechanism (GET, POST, COOKIE) and which therefore cannot be
trusted.
�3. $_GLOBALS['variable'] - Contains a reference to every variable which
is currently available within the global scope of the script. The keys
of this array are the names of the global variables.
�4. $_SERVER['variable'] - Variables set by the web server or otherwise
directly related to the execution environment of the current script.
Analogous to the deprecated $HTTP_SERVER_VARS array
�5. $_FILES['variable'] - Variables provided to the script via HTTP post
file uploads. Analogous to the deprecated $HTTP_POST_FILES array
�6. $_ENV['variable'] - Variables provided to the script via the
environment. Analogous to the deprecated $HTTP_ENV_VARS array
�7. $_SESSION['variable'] - Variables which are currently registered to a
script's session. Analogous to the deprecated $HTTP_SESSION_VARS array
For more details, see http://www.php.net/manual/en/reserved.variables.php.
So instead of $name being set to "John", you would either have
$_GET['name'] = "John" or possibly $_POST['name'] = "John" depending on
how the form data was submitted. The advantage is that you will know:
�1. $name can never be faked; if your script sets its value, that's the
value!
�2. The $_GET and $_POST arrays help you to determine if the user appended
the data as part of the URL or as part of the request body; therefore
you don't have to worry about having a form accepting POST data and
having the values change by someone sending a hacked URL with GET data
appended to the URL. This will make sense shortly, so hang on...
�3. These 'superglobals' allow you to 'compartmentalize' not only your
variable's values, but how the values were provided to the server in
the first place. Someone attempting to hack into your server will have
a very difficult time bypassing this.
Final Thoughts
Programming with PHP can be a frustrating experience as of late. Security
measures prevent data from being easily assigned to variables, ISP's
typically implement PHP without consideration for their audience, and
newcomers to PHP tend to be taken aback by such terms as GET, POST,
Superglobals, and so forth. However, a little knowledge can go a long way,
and hopefully this article has helped you in your quest.
This document was prepared based on PHP 4.3.0.
Additional Resources
* On the Security of PHP, by Jordan Dimov
* A Study In Scarlet: Exploiting Common Vulnerabilities in PHP
Applications, by Shaun Clowes
This document was lovingly handcrafted on a Dell Latitude C400 laptop
running Slackware Linux 8.1.
[BIO] David is a Network Manager at the Human Resources department of the
University of Oregon. He holds a Master's Degree in Social Work along with
his MCSE+I, CNE, and CCNA certifications. He has been working with Linux
for the past six years, with an emphasis on systems security, network
troubleshooting, and PHP/MySQL integration.
----------------------------------------------------------------------
Copyright (c) 2003, David Lechnyr. Copying license
http://www.linuxgazette.com/copying.html
Published in Issue 86 of Linux Gazette, January 2003
----------------------------------------------------------------------
+------------------------------------------------------------------------+
| LINUX GAZETTE | Perl One-Liner of the Month: The Case of the |
| ...making Linux just a | Evil Spambots |
| little more fun! | By Ben Okopnik |
+------------------------------------------------------------------------+
A REPORTER'S NOTE
To forestall some sure-to-happen complaints, I'd like to underscore the
necessity of having the current version of Perl (at least 5.8.0, as of
this writing) in order to play with the scripts presented in these
articles. One-liners, to a far greater degree than proper scripts, rely on
new and unusual language features, and languages tend to "grow" new
features and drop old, outdated ones as version numbers rise. Perl,
heading for its 17th year of growth and development, is no exception.
One of a number of possible problems with one-liners is fragility,
especially in those (many of them) which are dependent on cryptocontext,
side effects, and undocumented features, which are likely - in fact, are
certain - to change without notice. One-liners are hacks which often
demonstrate some clever twist or feature, which encourages the use of all
of the above. Remember - these are fun toys which (hopefully) lead to a
better understanding of Perl; trying to use them as you would robust,
solid code would be a serious error. If you don't understand the basics of
Perl, this is not the place to start.
Debugging is twice as hard as writing the code in the first place.
Therefore, if you write the code as cleverly as possible, you are,
by definition, not smart enough to debug it.
-- Brian W. Kernighan
Caveat Lector (Let the reader beware).
Ben Okopnik
On board S/V "Ulysses", Saint Augustine, Florida
----------------------------------------------------------------------
Frink Ooblick had fallen asleep at the keyboard. He had been alternately
playing and trying to puzzle out the number-guessing game that Woomert had
written (the first had proven easy, but the second still eluded him); in
fact, his last unfinished game was still visible on the screen:
--------------------------------------------------------------------------
perl -wlne'BEGIN{$b=rand$=}$a=qw/Up exit Down/[($_<=>int$b)+1];print eval$a'
50
Down
25
Up
37
Up
44
Up
--------------------------------------------------------------------------
What was the secret? How did it work? [1] Frink's dreams were full of
floating bits of code which spiraled off into the distance or mutated into
monstrous shapes, threatening to consume the world. The hand shaking his
shoulder, waking him, was therefore a welcome relief. Woomert stood at his
side, looking impatient.
- "Wake up, Frink, wake up! The game's afoot, you slug-a-bed; let's go!"
- "Uh... Erm... I'm, uh, awake. What's up?"
- "In the living room. Come on, come on, there's not a moment to lose!"
Frink's first sight of their visitor brought him to a stop. Used to
dealing with the working crowd - sysadmins, techs, etc. - he had expected
the usual scruffy-and-competent look, perhaps complete with hiking boots;
what greeted his eyes was a fellow in a pinstripe suit, crisp white shirt,
a red "power" tie, and lacquered black shoes. He had been impatiently
pacing the floor, and brightened up considerably at the sight of Frink.
- "Ah, this must be the second team member in your organizational
hierarchy! Excellent; now, we can get into actualizing the power
strategies that will reorganize this, erm, unpredicted opportunity into
the profit slot on the balance sheet. All right, here's how we wind-tunnel
this: the securitization of the computing resources is predicated on
leveraging..."
Keeping a cautious eye on their visitor, Frink prison-whispered to
Woomert: "What's he saying? And what language is it in?"
- "It's Marketroid. You need to learn at least the basics of it; not that
it's spoken by the people who sign the checks - they don't have much time
for that sort of thing - but you're going to run into it in the business
world, and it's best to be prepared. Usually, though, most of these people
can still speak English; let's see if this fellow remembers how. Oh, Mr.
Wibbley!"
Their visitor had just finished what he obviously considered an
explanation of the problem, had switched off the overhead LCD projector,
put away his laser pointer, and was looking at them in an expectant
manner. Clearly, he had heard of Woomert's reputation and was relying on
the famous Hard-Nosed Computer Detective to deal with... well, whatever it
was.
- "Mr. Wibbley - that was an excellent presentation, but I wonder if you
could restate the problem in more basic terms for my assistant here. I'm
afraid he's not up on proper business terminology, and has missed the more
subtle points."
Their visitor heaved a sigh, and dropped into the nearby easy chair.
- "Oh, sure. You know, they were going to send one of the system
administrators to talk to you, but of course I insisted on doing the
presentation myself as soon as I heard about it. After all, one of them
wouldn't have even thought of using that textured salmon-and-peach
background on the slides, and that's all the rage these days! Anyway, I
did get a note from him that explains it in his own words; it's crude and
unsophisticated, not at all proper marketing technique, but I suppose you
fellows will understand it..."
The crumpled and coffee-stained napkin, most of which was covered with
calculations, reminders, and something that looked like firewall rules,
contained a short note framed with a red marker pen:
+------------------------------------------------------------------------------+
| Woomert, spambots are harvesting the e-mail addresses on our website (we've |
| tagged them with the "plus hack", [2] so we know where it's coming from); |
| the amount of spam we're getting is growing by leaps and bounds. We need to |
| have the addresses out there - it's our contact info, site problem reports, |
| etc. - but we've got to stop the 'bots somehow! I've already written the CGI |
| to handle the hot links, but we need to have the actual addresses displayed |
| on the pages, and the 'bots are getting those. Any ideas? The page is at |
| http://xxxxxxxxxxxx.xxx. I've created an account for you; just go to |
| ssh://xxxxxxxxx.xxx/xxx, password 'xxxxxxxxxx'. Thanks! |
| - Int Main |
+------------------------------------------------------------------------------+
After Woomert had ushered out their visitor (and reassured him that,
indeed, the salmon-and-peach background was delightful), he returned to
the living room where Frink awaited him.
- "What are you going to do, Woomert? Any plans?"
- "Yes; let's take a peek at their website, then get out there and look
around. It's a mistake to make decisions ahead of your facts, and we have
few facts at hand."
...
Once again, Woomert and Frink found themselves surrounded by the familiar
sights and sounds of a working web site. They could see the Web server
easily spawning off threads without significantly affecting CPU load;
clearly, the local sysadmin had installed mod_perl [3]. Here and there,
data streams whisked by, and everything moved like a smoothly-oiled
machine.
A sudden shadow made Frink look up. "What the..." Before he could go any
further, a horrifying creature, all tentacles, lenses, and evil intent [4]
leaped upon the scene, sucked up a copy of every HTML file at once, and
was gone in a blink.
- "What was that, Woomert - a spambot?"
- "Yep. These things traverse the Net, collecting e-mail addresses and
reporting them to their scummy spammer masters. Given the nature of the
Net, you can't stop them - but you can make them much less effective.
Spammers are stupid, their bots even more so, and that's what we're going
to rely on. Mind you, whatever we do is only going to be a temporary
solution; eventually, spammers (or at least their hired techie help) will
catch on to this particular method - but by then, we'll implement other
solutions."
Walking up to a convenient terminal, Woomert slipped on his favorite
typing gloves and fired off a rapid volley.
--------------------------------------------------------------------------
perl -MRFC::RFC822::Address=valid -wne'/[\w-]+@[\w.-]+/||next;print valid$&' *html
--------------------------------------------------------------------------
A line of '1's appeared on the screen; Woomert smiled and his fingers
again flew over the keyboard.
--------------------------------------------------------------------------
perl -i -wlpe's=[\w-]+@[\w.-]+=join"",map{sprintf"&#%s;",ord}split//,$&=e' *html
--------------------------------------------------------------------------
This time, there was no output; however, Woomert looked satisfied. He
quickly shot off an email to the local sysadmin that contained some
instructions and included a shorter version of the last one-liner -
--------------------------------------------------------------------------
perl -we'map{printf"&#%s;",ord}split//,pop' user@host.com
--------------------------------------------------------------------------
- "All right-o, Frink; our work here is done. Home, here we come!"
...
The old-fashioned coal-fired samovar [6] was gently perking; the zavarka
(tea concentrate), made with excellent Georgian tea, gave off a marvelous
smell. A plate of canapes, ranging from the best Russian butter and wild
blackberry jam on freshly-baked fluffy white bread to beluga caviar on a
heavy, dark rye rubbed with just a touch of garlic, was set close at hand,
and both Woomert and Frink were merrily foraging in the gourmet field thus
presented. Eventually they settled back, replete with good food, and
Frink's curiosity could be contained no longer.
- "Woomert, when I try to puzzle out your one-liners, I can only get so
far; then I run out of steam. Can you tell me about what you did?"
Lying back in his favorite armchair, Woomert smiled.
- "Instead, why don't you start by telling me what part you understood? I
like to see how far you've advanced, Frink; it's been a pleasure to me to
see you picking up some of the finer points. I'll take it from there."
- "All right, then... Let's start with the first one:
--------------------------------------------------------------------------
perl -MRFC::RFC822::Address=valid -wne'/[\w-]+@[\w.-]+/||next;print valid$&' *html
--------------------------------------------------------------------------
I recognized all the command-line switches:
-Mmodule Use the specified module
-w Enable warnings
-n Non-printing loop
-e Execute the following commands
However, I couldn't quite puzzle out the
'-MRFC::RFC822::Address=valid'syntax - what was that?"
- "Ah. As 'perldoc perlvar' tells us, in the entry for '-M', it's a bit
of syntactic sugar; '-MBar=foo' is a shortcut for 'use Bar qw/foo/', which
imports the specified function 'foo' from module 'Bar'. Go on, you're
doing well."
Frink cleared his throat.
- "In that case, I think I have it figured out... almost. Let me take a
quick look at 'perldoc perlvar' and 'perldoc RFC::RFC822::Address'... Yes,
that's what I thought - I've got it! The regex at the beginning -
/[\w-]+@[\w.-]+/
tries to match e-mail addresses - it's not perfect, but should do
reasonably well. What it says is "match any character in [a-zA-Z0-9-]
repeated one or more times, followed by '@', followed by any character in
[a-zA-Z0-9.-] repeated one or more times". If the match does not succeed -
the '||' logical-or operator handles that - go to the next line."
- "Brilliant, Frink! What happens then?"
- "If it does succeed, 'next' is skipped over, and 'print valid$&' is
invoked. The module documentation tells me that the 'valid' function tests
an e-mail address for RFC822 (e-mail specification) conformance, and
returns true or false based on validity. '$&', according to 'perldoc
perlvar', is the last successful pattern match - in other words, whatever
was matched by the regex. Since you saw all '1's and no errors - any
matches that weren't RFC822-valid would have returned something like "Use
of uninitialized value in print at -e line 1" - what you matched was all
valid. What you were doing here is checking to see that your regex only
matched actual addresses. How did I do?"
- "Excellent, my dear Frink; you're coming along well! As a side note,
it's generally best to avoid the use of $&, $`, and $' as well as 'use
English' in scripts; there's a rather large performance penalty associated
with them (see 'perldoc perlvar'). However, here we had a very small list
of matches, and so I went ahead with it. Go on, see what you can make of
the next one."
- "Um... the next one, right. Well, I've got part of it -
--------------------------------------------------------------------------
perl -i -wpe's=[\w-]+@[\w.-]+=join"",map{sprintf"&#%s;",ord}split//,$&=e' *html
--------------------------------------------------------------------------
-i In-place edit (modify the specified file[s])
-w Enable warnings
-p Printing loop
-e Execute the following commands
Mmmm... I got sorta lost here, Woomert. I see that regex that you'd used
before, but what's that 's=' bit?"
- "It's one of those convenient tweaks that Perl provides - although,
admittedly, the basic idea was stolen from 'sed'. It's simply an alternate
delimiter used with the 's' (substitute) operator; there are times when
using the default delimiter ("/") is highly inconvenient and leads to
"toothpick Hell" - as, for example, in matching a directory name:
s/\/path\/to\/my\/directory/my home directory/
Far better to use an alternate delimiter, one that is not contained in the
text of either the pattern or the replacement:
s#/path/to/my/directory#my home directory#
As long as it's non-alphanumeric and non-whitespace, it'll work fine.
There are some special cases, but they're all sensible ones; using a
single quote disables interpolation in both the pattern and the
replacement (see the rules in 'perldoc perlop'), and using braces or
brackets as delimiters requires rather obvious syntax:
s{a}{b}
s(a)(b)
s[a][b]
Many people like '#' as a delimiter; I prefer '=', since '#' tends to come
up in HTML and comments. Can you make sense of any of the rest?"
- "I'm afraid not. You're matching the email addresses as previously, and
replacing them with something, but I can't figure out what."
- "All right; it is rather involved. The replacement part of the
substitution is actual Perl code; we can do that thanks to the 'e'
(evaluate) modifier on the end of the 's' operator. Let's parse the
relevant code from right to left:
join"",map{sprintf"&#%s;",ord}split//,$&
We know that '$&' contains an email address; the next thing we do is use
the 'split' function which converts a scalar to a list, splitting it on
whatever is specified between the delimiters. In this case, however, the
delimiter is empty, a null - so the returned list has each character of
the address as a separate element in the list. We now pass this list to
the 'map' function, which will evaluate the code specified in the {block}
for each element of the supplied list and return the result - as another
list.
Within the block itself, each character is used as an argument to the
'ord' function, which returns the ASCII value of that character; this, in
turn, is used as the argument for the 'sprintf' function which returns the
following formatted string:
&#;
for each value so specified. After all the characters in the list have
been processed, we use the 'join' function to convert the list back to a
scalar - which the substitute operator will now use as a replacement
string for the original email address. What used to be "foo@bar.com" now
looks like
foo@bar.com
This, you must admit, looks nothing like an e-mail address - so spambots
will not be able to read it!"
Frink looked troubled.
- "Woomert, I hate to tell you... but human beings won't be able to read
it either!"
Woomert took another sip of his tea and smiled.
- "You're forgetting one thing, Frink. Humans aren't going to be reading
this; since it's part of the HTML files, it's going to be read by
browsers. As it happens, the HTML specification for showing ASCII
characters by their value is
&#;
which is exactly what we've produced. Try this yourself: save the text
between the following lines as "text.html" and view it in a browser.
--------------------------------------------------------------------------
Woomert Foonly
--------------------------------------------------------------------------
Do you see what I mean?"
A few moments later, Frink looked up from the keyboard.
- "Woomert, what a great solution! Your client will be able to display
the addresses without them being harvested, and the Web page will still
look the same as it did before. I can tell by comparison that the last bit
of code:
--------------------------------------------------------------------------
perl -we'map{printf"&#%s;",ord}split//,pop' user@host.com
--------------------------------------------------------------------------
simply enables the sysadmin to convert any new addresses before popping
them into the HTML. Wonderful!"
- "A large part of the complete solution, of course, was the CGI that the
local admin had written - that takes a bit more than a one-liner, although
not very much more, given the power of the CGI module. Remember, Frink: as
your powers grow, make certain to align yourself with the side of Good
rather than Evil. Not only is it the right thing to do; the people around
you are far more likely to have brains!"
--------------------------------------------------------------------------
[1] Oddly enough, my mysterious correspondent did not include the solution
to this, perhaps deeming it simple enough (!) for the public to figure out
- or (and I suspect this to be the more likely scenario) he has not yet
figured it out himself. Readers are welcome to write in with their
ideas... but for now, the workings of Woomert's game remain a puzzle.
[2] A number of commonly-used Mail Transfer Agents will ignore anything
that follows a plus sign in the username part of the address, e.g.
will be routed exactly the same as .
This can be a very useful mechanism for tracing and reducing spam: a
"plus-hacked" address that becomes too spam-loaded can be directed to
"/dev/null" and replaced by a newly generated one (say,
- which would also go to .)
[3] A.K.A. "Apache On Steroids". From the mod_perl documentation:
The Apache/Perl integration project brings together the full power of
the Perl programming language and the Apache HTTP server. This is
achieved by linking the Perl runtime library into the server and
providing an object oriented Perl interface to the server's C language
API.
These pieces are seamlessly glued together by the `mod_perl' server
plugin, making it is possible to write Apache modules entirely in
Perl. In addition, the persistent interpreter embedded in the server
avoids the overhead of starting an external interpreter program and
the additional Perl start-up (compile) time.
There are many major benefits to using mod_perl; if you use Apache in any
serious fashion without it, you're almost certainly throwing away some of
your time and effort.
[4] If you've seen "The Matrix", just picture the Sentinels. If you
haven't seen it, hey, you've got only yourself to blame. :)
[5] Gibberish is the written form of the Marketroid language. It was
formerly spoken by the Gibbers, who all died out as a result of their
complete inability to do anything (as opposed to talking about it.) It is
exactly as comprehensible as its spoken counterpart, although many people
confuse the two: "it's all marketroid gibberish!" is a highly redundant
statement.
[6] See the "Russian Tea HOWTO", by Daniel Nagy, for the proper way to
make and serve Russian tea. The man knows what he's talking about.
Ben is a Contributing Editor for Linux Gazette and a member of The Answer
Gang.
picture Ben was born in Moscow, Russia in 1962. He became interested in
electricity at age six--promptly demonstrating it by sticking a fork into
a socket and starting a fire--and has been falling down technological
mineshafts ever since. He has been working with computers since the Elder
Days, when they had to be built by soldering parts onto printed circuit
boards and programs had to fit into 4k of memory. He would gladly pay good
money to any psychologist who can cure him of the resulting nightmares.
Ben's subsequent experiences include creating software in nearly a dozen
languages, network and database maintenance during the approach of a
hurricane, and writing articles for publications ranging from sailing
magazines to technological journals. Having recently completed a
seven-year Atlantic/Caribbean cruise under sail, he is currently docked in
Baltimore, MD, where he works as a technical instructor for Sun
Microsystems.
Ben has been working with Linux since 1997, and credits it with his
complete loss of interest in waging nuclear warfare on parts of the
Pacific Northwest.
----------------------------------------------------------------------
Copyright (c) 2003, Ben Okopnik. Copying license
http://www.linuxgazette.com/copying.html
Published in Issue 86 of Linux Gazette, January 2003
----------------------------------------------------------------------
+------------------------------------------------------------------------+
| LINUX GAZETTE | Qubism |
| ...making Linux just a little more fun! | By Jon "Sir Flakey" Harsem |
+------------------------------------------------------------------------+
These cartoons are scaled down to minimize horizontal scrolling. To see a
panel in all its clarity, click on it.
[cartoon]
[cartoon]
All Qubism cartoons are here at the CORE web site.
[BIO] Jon is the creator of the Qubism cartoon strip and current
Editor-in-Chief of the CORE News Site. Somewhere along the early stages of
his life he picked up a pencil and started drawing on the wallpaper. Now
his cartoons appear 5 days a week on-line, go figure. He confesses to
owning a Mac but swears it is for "personal use".
----------------------------------------------------------------------
Copyright (c) 2003, Jon "Sir Flakey" Harsem. Copying license
http://www.linuxgazette.com/copying.html
Published in Issue 86 of Linux Gazette, January 2003
----------------------------------------------------------------------
+------------------------------------------------------------------------+
| LINUX GAZETTE | Programming in Ruby - Part 3 |
| ...making Linux just a little more fun! | By Hiran Ramankutty |
+------------------------------------------------------------------------+
Review
In part 1 we looked at the basic syntactic structure of Ruby. In part 2 we
discussed iterators and the fundamentals of Object-Oriented Programming.
Here in part 3 we explore object-orientedness in more detail.
Methods
A method is an action the object knows how to perform on request. Let's
see an example of how a method is invoked for an object:
print "asdfgh".length
^D
6
One can infer from this that a method named `length' of the String object
is called.
Now try this:
foo = "abc"
print foo.length,"\n"
foo = [1, 2]
print foo.length,"\n"
^D
3
2
From the result it is clear that deciding which method to call is done at
execution time, and that the choice differs depending on the content of
the variable.
I suggest that readers not bother about how the object determines its
length because the process is different for strings and arrays.
Fortunately, Ruby automatically chooses the correct process, so we don't
have to worry about it. This feature in languages supporting object
orientedness is called polymorphism.
It is not necessary for the user to know how the methods are processed,
but one has to know what methods are acceptable to the object. When an
object receives an unknown method, an error is raised. For example: try
calling the "length" method for the object "foo" with value "5".
I had mentioned about a special variable self in Ruby. It is the object
which calls methods. Such callings are used very often and so an
abbreviation is available. That is;
self.method_name(arguments...)
can be omitted then
method_name(arguments...)
causes same effect. Called function is just an abbreviation for method
calling to self.
Classes
The real world consists of objects which can be classified. For example, a
one-year-old child may think `bowwow' on seeing a dog or even a fox. In
terms of object orientedness, `bowwow' can be termed class, and an object
belonging to a class is called instance.
In Ruby, as in other object oriented languages, we first define a class to
determine the behaviour of the object, and then make an instance of the
class, a specific object. So let's define a class in Ruby.
class Dog
def bark
print "Bow wow\n"
end
end
^D
The definition of the class lies between the keywords `class' and `end'. A
`def' in class syntax defines a method of the class.
Now that we have a class named `Dog', let's make an object.
tommy = Dog.new
tommy.bark
^D
Bow wow
This makes a new instance of the class Dog and substitutes it into the
variable tommy. The method `new' of any class makes a new instance. Now
the variable tommy has properties defined in the class Dog, and so he can
`bark'.
Inheritence
Ever wondered how others classify objects? One example is how people
perceive a dog. A mathematician may see a dog as an object made up of
different numbers and figures, a physicist may see it as the result of
many natural and artificial forces at work, and my sister (a zoologist)
may interpret it as a representative of the species canine domesticus. To
her, a dog is a kind of canine, a canine is a kind of mammal, and a mammal
is always an animal.
Hence we see that the classification of objects takes the form of a
hierarchy, though not in all cases. Let's see what Ruby does with it.
class Animal
def breath
print "inhales and breaths out\n"
end
end
class Cat tcpdumpppp
tcpdump: listening on ppp0
The capturing of packets is stopped by pressing CTRL-C.
15:57:58.181078 207.219.33.101.http > 203.94.236.47.33003: P 1:1399(1398) ack 736 win 31856 (DF) [tos 0x10] (ttl 38, id 28827, len 1450)
Some of the information can be interpreted from the about packet dump
* The protocol used is http (port 80 has been decoded as http).
* The local IP address assigned to me by my ISP after dialing up is
203.94.236.47 (this can be verified by grepping in /var/log/messages
* The http server's IP is 207.219.33.101 (IP have been changed for
security reasons).
* The time-to-live is 38 hops.
* The Don't Fragment (bit) has been set informing the intermediate
routers not to fragment the datagram.
* The ACK flag has been set (ack number 736 - piggybacking).
* The window size is 31856.
* The port on the receiver end is 33003
Example #2
This packet dump was captured from a NIC (interface denoted by eth0)
#tcpdump -a -i eth0
06:21:11.414863 > pca03.nt.co.in.ssh > pcc03.mum.nt.co.in.4944: P 252143283:252143331(48) ack 2638534821 win 62780 (DF) [tos 0x10]
E^P ^@ X .... @^@ @^F .. N .... ....
.... .... ^@^V ^S P ^O^G f.. .. D ....
P^X .. < .. t ^@^@ k + Y^Q .... .. (
^.. )^G c 3 ^\ v t.. ..^G ^J.. .. t
9.. .. - F.. .... 6.. /.. .... 9..
[.. .... G.. .. d
Here we are telling TCPdump to resolve IPs to domain names if possible
(-a) and explicitly asking it to capture packets on interface eth0. If we
don't give the (-i) option TCPdump itself searches for the interfaces and
then starts capturing packets arriving on them. Some of the information
that can be gleamed from the above packet dump is:-
* The ssh port (22) has been used on the server side. This can be seen
from the /etc/services file.
* One of the bits of Type of Service (TOS) has been set so the QoS
enabled networks can give the requested TOS to the packet.
* The window has been advertised as 62780.
* The length of the packet is 48 bytes.
Example #3
The following snippet shows a packet dump of SYN (connection requesting)
packet. The packet dump was taken on Ethernet.
15:57:56.074928 203.94.236.47.33003 > 216.239.33.101.http: S [tcp sum ok] 937694521:937694521(0) win 5840 (DF) (ttl 64, id 54537, len 60)
The following information can be interpreted from the above dump:-
* The Header checksum is correct ([tcp sum ok])
* This is a SYN packet (denoted by S).
* The amount of data encapsulated by tcp segment is 0.
* The window scaling option has been set to null.
* The MSS (Maximum Segment size is 1460). On Ethernet MSS = 1500 - 40 =
1460.
* The Length of the packet is 60 bytes (20 + 40) (see diagram above)
Example #4
The following packet dump was taken using tethereal
#tethereal -i lo
26 19.624878 localhost.localdomain -> localhost.localdomain TCP 33283 > http [FIN, ACK] Seq=877643253 Ack=882239950 Win=37296 Len=0
As can be seen be seen from the above output the output of tethereal is
not much different from TCPdump. The above is a FIN,ACK Packet (to close
the connection). Tethereal when used with it's front-end ethereal can be
very useful to detect network anomalies as well.
Final Words
While TCPdump is an extremely good tool, it focuses mainly on TCP/IP
protocol. It does it's job well. Ethereal is much more versatile and can
understand a variety of protocols. Also, the user interface of ethereal is
well designed so that even a newbie can understand which packets are
getting captured and what information do they contain. The good interface
makes the learning process even more enjoyable.
Resources
* Protocol RFCs
* W. Richard Stevens TCP/IP Illustrated Vol I
* TCPdump home
* Ethereal Homepage
[BIO] My life changed since I discovered Linux. Suddenly Computers became
interesting as i could try out lots of stuff on my Linux box due to the
easy availably of source code. My interests are predominantly in the
fields of networking, embedded systems and programming languages. I
currently work for Aparna Web services where we make Linux accessible for
academia/corporations by configuring remote boot stations (Thin Clients).
----------------------------------------------------------------------
Copyright (c) 2003, Vinayak Hegde. Copying license
http://www.linuxgazette.com/copying.html
Published in Issue 86 of Linux Gazette, January 2003
----------------------------------------------------------------------
+------------------------------------------------------------------------+
| LINUX GAZETTE | Is vmWare good for Linux users? |
| ...making Linux just a little more | By Alan Ward |
| fun! | |
+------------------------------------------------------------------------+
The pros and cons of vmWare for the Linux enthusiast.
vmWare is a virtual machine. That is to say, it emulates an Intel-based PC
in much the same way there are emulators for Motorola-based machines out
there. Though the fact that it is emulating an Intel-based platform while
running on ... an Intel- based platform (!) means that vmWare can in fact
pass many instructions straight to the CPU for execution with no
intermediate translation, thus speeding up the process somewhat. This is a
bit different from a Java virtual machine, for instance, where the
emulator gets to translate Java byte-codes to Intel instructions before
getting them executed.
Yes, it is a commercial program; i.e. you should pay for it, though you do
get to evaluate for free. Now, before going into the details, allow me to
state my position on commercial programs: I am not against commercial
programs. I have used several commercial programs that were in fact pretty
good, and well worth the money invested. However, I do prefer open-source
software, not for the ecomical aspect but because that if - or rather when
- something goes wrong or is not quite what I need, I can fix it myself
instead of depending on a corporation to do it at their leasure. I have
nothing against vmWare, on the contrary ... but for the above reason I
would much prefer to be reviewing an open source version of the same type
of program.
Why use vmWare?
1/. One good reason to use it is when you really must. For example, I use
a laptop at work that is shared between several people (not yet Linux
users), and that for mainly administrative reasons:
* must run Windows 2000
* cannot be repartitioned as a dual-boot
On the other hand, I teach a course on web site creation and
administration with Apache and PHP, for which it is expedient to use a
laptop running Linux and X Windows.
2/. vmWare sets up a virtual machine that you can configure according to
your needs - not according to the real hardware on your computer. For
example, it sets up by default a 4 GByte file on the hard drive to emulate
the drive on the virtual machine. To the virtual machine, this file looks
like a SCSI drive, when it is in fact just a file on the IDE drive. Also
by default, it uses an IDE CD drive just like ... an IDE CD drive. Though
you can tell it to use it as a SCSI drive, or set up an ISO CD-ROM image
as a drive with the CD inside it (e.g. for installation). You get to use
hardware you don't actually have, such as tape drives. Good for
experimentation.
3/. You can also have several virtual machines running at the same time,
and set up a local network on your computer with different operating
systems. This is good either to
* try out a new OS without repartitionning (wiping it back out is just a
click away :-)
* see how the new OS integrates your existing network before having to
format a (sometimes unavaiblable) computer
* show people how multiple OS integrate with a single LCD projector
4/. If you really need a program that does not run on the main operating
system, you get it in a window.
Rather interestingly, this used to be a problem for Linux users that
needed programs available only under Windows (usually commercial). Word
processors and spreadsheets were a bit of a problem before StarOffice and
OpenOffice became commonplace. Right now, I find I often have this problem
in reverse: I get interesting programs for Linux that are available only
with difficulties for Windows, or not any recent versions. Some examples
are mathematical plotting tools such as gnuplot and scilab, or just user
programs I prefer like Evolution.
Why not use vmWare?
1/. Speed. After all, we are sharing a single CPU between two or more
operating systems. Though this problem is mitigated if we run user-land
programs on just one system at a time. By the way, it would be nice on a
SMP system to have vmWare dedicate one CPU to each virtual machine ...
though probably impossible to have without redesigning the host operating
system's kernel completely.
2/. Speed once again. You do need plenty of physical RAM to run at a
reasonable speed. Try to have at least 128 MByte per operating system, or
be prepared for intensive swapping. This may be a problem on a laptop,
either way (remember that a laptop's hard disk is not built for intensive
use). Try not to use the virtual machines' swap systems.
3/. Speed, third time 'round. All peripherics (drives, network cards) are
shared between virtual machines. For example, on a machine with two
virtual machines running and with much luck, each system gets a fair share
(one third - remember the host system!) of the bandwidth. Actual results
can be much lower, depending mainly on the host operating system's design
and efficiency.
Installing vmWare
Using vmWare is rather easy. I got to install only the Windows version
(because of bandwith problems for downloading), and as noted above it is
the version I needed the most. However, it may make more sense to use the
more stable OS as host; i.e. run Windows in a virtual machine on a Linux
host computer instead of the opposite as I was forced to do.
Installing Linux in a virtual machine is as easy as:
* creating a new virtual machine with the desired characteristics
* inserting the Linux bootable CD in the drive (or you could set up it's
ISO image as a virtual CD drive)
* powering up the virtual machine
I installed both SuSE 8.1 and Mandrake 8.2 with no problems in this way,
though the virtual machine insisted on an IDE CD drive for booting. I was
able to switch to a SCSI drive once the system was installed, though.
The virtual machine has access to the network through a proprietary vmWare
bridging protocol - but only if your network card has been enabled on the
host system. It can either use a static IP address or get a dynamic
address from your network DHCP server.
You can then connect to a server running on the virtual machine from the
virtual machine itself, from other computers on your network, or even from
the host computer through the virtual machine's external network address.
Note that vmWare assigns to both the host system and virtual machines
addresses on subnetworks 192.168.19.0/24 and 192.168.199.0/24 for its
bridging protocol - you cannot use these for your connections.
There may be more straightforward ways of passing files from one system to
another, but the easiest I found was to set up a Samba server on the
virtual Linux machine. It works well enough, and is logically faster than
a 100 Mbaud link, but may not be a good idea in a production environment.
The end result of all this is that I find vmWare a fascinating concept -
with its drawbacks, true enough. It can be useful in a development
environment, either for programming or for systems administration. But it
should be avoided for production: if you really need two operating
systems, you may be better off buying two computers!
PS. Should anybody want to translate this article: I wrote it in the
spirit of the GPL software licence. i.e. you are free (and indeed
encouraged) to copy, post and translate it -- but please, PLEASE, send me
notice by email! I like to keep track of translations -- it's good for the
curriculum :-)
[BIO] Alan teaches CS in Andorra at high-school and university levels. His
hobbies include science photography (both digital and traditional),
trekking, rock and processor collecting.
----------------------------------------------------------------------
Copyright (c) 2003, Alan Ward. Copying license
http://www.linuxgazette.com/copying.html
Published in Issue 86 of Linux Gazette, January 2003
----------------------------------------------------------------------
+------------------------------------------------------------------------+
| LINUX GAZETTE | The Back Page |
| ...making Linux just a little more fun! | |
+------------------------------------------------------------------------+
* Greetings from Iron
* Wacko Topic of the Month
* Not The Answer Gang
* World of Spam
----------------------------------------------------------------------
Greetings from Iron
----------------------------------------------------------------------
Look ma, I got a greetings column just like Heather now!
Only two changes to LG's format this month:
�1. The author bios are the bottom of the articles again. Raj Shekhar
requested this, so he can print the articles and read them off-line
while still seeing the bios. As always, the lastest bio and contact
info is on the author's Author page.
�2. The yellow articles table on the Front Page and Site Map is smaller
now (when viewed in a graphical browser). Now, if I could just make it
smaller vertically....
SSC was closed Christmas week so I had a wonderful five days off. I
finished a long-awaited project, updating the Cheetah Users' Guide.
Then I started putting together a computer for my mom. Right now she's got
Windows 95 on a 486. I gave her the Linux in the Workplace book a month
ago so that the transition to Linux won't be a total shock. The book goes
over the KDE user interface step by step with lots of screenshots. Then I
had her open her Word documents on my computer so she could verify they
opened properly and that the user interface was OK, before I commandeer
her monitor and keyboard for the new computer. I had her try out AbiWord,
KWord (part of the KOffice suite) and OpenOffice Writer. Both AbiWord and
OpenOffice opened all the documents, but OpenOffice handled her
headers/footers and tabs the best and had a slightly better user
interface. KWord failed to open two of the documents, which had a .doc
extension but were really RTF (Rich Text Format). She doesn't know how
they got that way. So I used "Save As..." in OpenOffice to convert them
back to Word format.
Rather than installing Debian from scratch and remembering all my
customizations, I decided to clone my existing partitions and delete what
she won't use. That went well enough, although again I had to use "linear"
in /etc/lilo.conf instead of "lba32". That's the third drive it's happened
with, which confirms that it's my BIOS' fault, not the drives'. We'll see
what the new motherboard does when I connect it up.
I did have trouble making a boot floppy. First, I couldn't find my Debian
rescue disk. Then I found a disk that booted my current system. It
contained just a kernel, no LILO. I could use rdev to change the root
device, but I didn't want to sabotage my only boot floppy, so I tried to
make another boot floppy. But every time I copied the kernel to a disk and
booted from it, it would hang after the "Uncompressing Linux..." message,
saying something like, "unexpected end of compressed data: system halted".
One disk gave an I/O error so I threw it out, but it wouldn't work on two
other disks either. I tried both cp'ing and dd'ing the kernel, but neither
way worked. Then I realized I could set up LILO for my new system from my
old system, so I did that instead. The first time I got the "L 99 99 99"
error, but the second time it worked.
Friday my DSL went down, and I spent four days calling Qwest and The River
(my ISP) to do something about it. Actually, it's not "down" but there's
99% packet loss, which is essentially the same thing. It would come up
every several hours just long enough for a bit of e-mail to slip in and
out, and then go down again. The ISP and Qwest wouldn't support Linux so I
had to plug in my roommate's Windows XP box so they could troubleshoot it.
We checked the IP configuration multiple times and reconfigured the DSL
modem (which involves plugging in a serial "management cable" and running
Minicom/Kermit/HyperTerminal and typing commands to a router OS). I kept
asking, "Can you see the ping packets going back and forth? Can you see
the ATM packets?" They could (sometimes), but I wasn't getting replies. I
decided to call them both once a day until somebody took responsibility
for it, or I cancelled the service, whichever came first. Finally on
Monday, Qwest admitted they were having severe hardware problems in the
DSLAM (that's the DSL connector in the central office), and that it had
been going up and down for a week. Contradicting what the woman had told
me Sunday, that there had been a DSLAM problem but they had fixed in at
10pm Saturday. It's doing a lot better today (Tuesday), but it's still not
fixed.
Just for fun, here's a picture of me that LJ made for the December cover,
then decided not to use. Here's how they would have gone together. (I can
already see Ben Okopnik saying, "I knew it. I just knew it. You can't
trust that Mike any farther than you can throw him....") It was Don
Marti's idea, but then the Marketing department decided they couldn't have
a picture of somebody smashing people with a hammer on the cover, even if
they are lego people....
----------------------------------------------------------------------
Wacko Topic of the Month
----------------------------------------------------------------------
Thomas Adam got this from his local LUG. Ben Okopnik says it's a very old
list, and he can't figure out which version of csh or Unix they apply to,
certainly not to bsd-csh or tcsh under Linux.
The following extracts are typed into the Unix "Cshell":-
% ^How did the sex change^operation go?
Modifier failed.
% make love
Make: Don't know how to make love. Stop.
% man woman
No manual entry for woman.
% sleep with me
bad character
% got a light?
No match.
% man: why did you get a divorce?
man:: Too many arguments.
% scan for <<"Arnold Schwarzenegger"^J^D
"Arnold Schwarzenegger": << terminator not found
% ar m God
ar: God does not exist
% ^What is saccharine?
Bad substitute.
% %blow
%blow: No such job.
% cat 'the can of tuna'
cat: cannot open the can of tuna
$ mkdir matter; cat>matter
matter: cannot create
$ drink town
cat /etc/passwd > list
ncheck list
ncheck list
cat list | grep naughty > nogiftlist
cat list | grep nice > giftlist
santa claus < north pole > town
who | grep sleeping
who | grep awake
who | grep bad || good
for (goodness sake) {be good}
echo "Oh,"
better !pout !cry
better watchout
lpr why
santa claus < north pole > town
----------------------------------------------------------------------
Not The Answer Gang
----------------------------------------------------------------------
when i start up my pc sometimes a window box comes up saying your system
has performed an illegal operation and it reads:
spool32 caused invalid page in module spool32 exe at 0167:00402015
please help
Iron:
That's normal Windows behavior.
Thomas Adam:
My only guess is that you're using Linux (good man!) and that you've
neglected to realise that you currently have the BSOD (Blue Screen Of
Death) screensaver running. I know it is confusing, especially as you've
probably only just made the crossover from Windows to Linux, but bear with
us, the BSOD screensaver is only a joke!! You poor thing -- you don't have
to be haunted anymore. YOU'RE FREE!! :) :) :) :)
----------------------------------------------------------------------
my question is
1. The beginning of gangs?
2.their reason for joining a gang in those years?
3. In what state/country did gang first began?
please write as much as you can about this is for a report.
Iron:
(1) What is a gang? Is a group of close friends a gang? If not, what would
they have to do to be a gang? Get a name? A clubhouse? A secret handshake?
Choose a bandana color? Look menacing? Sell drugs and shoot people?
(2) I bet you can already answer this. If not, you can ask some gang
members, or see any of the hundreds of studies and documentaries that
focus on this question. Or take any pop movie (Colors, West Side Story,
American History X, 8 Mile, A Clockwork Orange, Quadrophenia, etc) and
ask, why did those people join gangs? What benefits do they get by being
in them? What is their family life like? Is there something missing in
their family life? Is there any connection between the two?
Quadrophenia has a lot to say about this. Why is Jimmy a mod? Why is he so
excited about the demonstration in Brighton? Why is he so devastated when
he goes to Brighton again and it's empty? How does his mom treat him? How
does his dad treat him? When he tries to convince his girlfriend not to
dump him, what are their differing views about the Brighton rumble?
(3) depends on how you answer (1).
----------------------------------------------------------------------
what is meant by Tier 2/3 ISPs
send tme the details if u dont mind
Rick Moen:
the details r that u dont quite grasp what "linux-questions-only@ssc.com"
means. thx. have a nice day. c ya.
----------------------------------------------------------------------
World of Spam
----------------------------------------------------------------------
The Register has an article on how Nigeria scam money can help pay off the
US national debt!
----------------------------------------------------------------------
Wipe Out Junk Email!
a.copy:link {font-family: verdana; font-size: 13px; color: black;
text-deco= ration: none; }=0D
If you can not= see
this please go to:=0D
=0D ![3D""](3D"http://www.mailwiper.com/images/501.gif")
=0D
Tired of Deleting Junk Mail?
Are you fed up with a flood of unwanted offensive eMails? This is referred
to as junk e-mail, Spam, unsolicited e-mail...Nasty eMails etc. The
problem is it's disgusting and ugly, it's an invasion of your privacy, and
it is definitely a huge waste of Your time.
Wipe Out Junk Mail Forever!
XXXXX works 100% of the time or your money back!
[Spam-killing software that's advertised in a highly decorated HTML
spam? That really gives me a lot of confidence. Especially when the ad
has a TRACKING IMAGE built into it. How do I know this software I'm
buying won't have its own tracking utility built into it too? -Iron.]
----------------------------------------------------------------------
I have visited your site and I think that design looks not good now. Here
we are - XXXXX.com. Check it out! We have hired 2 new designers from
Indonesia. They rocks!
----------------------------------------------------------------------
Do not show ugly website to people! Make cool website. Let it start here -
www.liquid2d.com . Website templates are here for your website. Use most
advanced design concept from the best designers. Become the best amoung
other websites. Use the best designers in the world.
----------------------------------------------------------------------
SPAM: -------------------- Start SpamAssassin results ----------------------
SPAM: This mail is probably spam. The original message has been altered
SPAM: so you can recognise or block similar unwanted mail in future.
SPAM: See http://spamassassin.org/tag/ for more details.
SPAM:
SPAM: Content analysis details: (25.60 hits, 5 required)
SPAM: INVALID_DATE_TZ_ABSURD (4.4 points) Invalid Date: header (timezone does not exist)
SPAM: SUBJ_HAS_SPACES (4.2 points) Subject contains lots of white space
SPAM: INVALID_MSGID (1.2 points) Message-Id is not valid, according to RFC 2822
SPAM: BAD_CREDIT (2.5 points) BODY: Eliminate Bad Credit
SPAM: NO_OBLIGATION (1.5 points) BODY: There is no obligation.
SPAM: NO_FEE (0.9 points) BODY: No Fees
SPAM: MORTGAGE_OBFU (0.7 points) BODY: Attempt at obfuscating the word "mortgage"
SPAM: WHY_WAIT (0.7 points) BODY: What are you waiting for
SPAM: CLICK_BELOW (0.3 points) BODY: Asks you to click below
SPAM: SPAM_PHRASE_08_13 (-0.1 points) BODY: Spam phrases score is 08 to 13 (medium)
SPAM: [score: 8]
SPAM: HTML_70_90 (0.9 points) BODY: Message is 70-90% HTML tags
SPAM: KNOWN_MAILING_LIST (-2.1 points) Email came from some known mailing list software
SPAM: DATE_IN_FUTURE_06_12 (1.7 points) Date: is 6 to 12 hours after Received: date
SPAM: SUBJ_HAS_UNIQ_ID (0.2 points) Subject contains a unique ID
SPAM: RCVD_IN_DSBL (3.2 points) RBL: Received via a relay in list.dsbl.org
SPAM: [RBL check: found 50.148.244.195.list.dsbl.org]
SPAM: RCVD_IN_MULTIHOP_DSBL (0.8 points) RBL: Received via a relay in multihop.dsbl.org
SPAM: [RBL check: found 2.16.57.200.multihop.dsbl.org]
SPAM: RCVD_IN_OSIRUSOFT_COM (0.4 points) RBL: Received via a relay in relays.osirusoft.com
SPAM: [RBL check: found 50.148.244.195.relays.osirusoft.com.]
SPAM: RCVD_IN_UNCONFIRMED_DSBL (0.8 points) RBL: Received via a relay in unconfirmed.dsbl.org
SPAM: [RBL check: found 2.16.57.200.unconfirmed.dsbl.org]
SPAM: X_OSIRU_OPEN_RELAY (2.7 points) RBL: DNSBL: sender is Confirmed Open Relay
SPAM: CTYPE_JUST_HTML (0.7 points) HTML-only mail, with no text version
SPAM:
SPAM: -------------------- End of SpamAssassin results ---------------------
----------------------------------------------------------------------
Dear in christ,
Permit me to inform you of my desire of going into business relationship
with you. I got your name and contact from the Ivoirian chamber of
commerce and industry.
I prayed over it and selected your name among other names due to its
esteeming nature and the recommendations given to me as a reputable and
trust worthy person that I can do business with and by the recommendation
, I must not hesitate to confide in you for this simple and sincere
business . I am Miss PAULINE ATTAN the only daughter of late Mr.and Mrs.
ATTAN . My father was a very wealthy cocoa merchant in Abidjan , the
economic capital of Ivory coast, my father was poisoned to death by his
business associates on one of their outings on a business trip .
My mother died when I was a baby and since then my father took me so
special. Before the death of my father on November 2001 in a private
hospital here in Abidjan he secretly called me on his bed side and told me
that he has the sum of eighten million,five hundred thousand United State
Dollars. USD ($18.500,000) left in one of the Security Companies in
overseas.
----------------------------------------------------------------------
[Note the use of quotes to confuse spamfilters. -Iron.]
From: A Millionaire
You May Be closer (maybe hours away) To 'Financial' 'Freedom' than you
think...
If you needed '$24,000' in 24 Hours And your life depended on it?. How
would you do it? 'Click' 'Here'
----------------------------------------------------------------------
U-harvest turns your PC to a powerful marketing machine. It scans, in a
blinding speed, every word and every page of targeted, well defined list
of websites, defined by your favorite search engine and harvests e-mail
addresses.
U-harvest- business at the speed of thought.
----------------------------------------------------------------------
I WANT TO ORDER 50 OF THIS BOOK [Linux Firewalls (2nd Edition)] FORM YOUR
SHOP AND I WANT MY ORDER TO BE SHIPPED TO MY SHOP IN LAGOS NIERIA I WILL
BE HAPPY IF YOU CAL.
----------------------------------------------------------------------
I'd like to stay informed. Could you add my home account to our mailing
list? It's XXXXX@hotmail.com Thanks for adding me to your mailing list.
And, if you're every in the market for music industry contacts let me
know.
----------------------------------------------------------------------
Please note that after years, the registration on the domain name
PhpInternational.Com was not renewed and this domain had become available
to register. Consequently, we have been approached to market this domain
name that has beentracked an PhpInternational.Com now available from us
for IMMEDIATE transfer. With so many companies that could benefit from
this domain, along with what many would consider to be a "wholesale
price", we hope to secure a quick transfer.
Please note that the domain name market is extremely solid at the moment
and similar domains are currently selling on afternic.com,
greatdomains.com (domain auction sites) and by domain name brokers, in
some cases, for many thousands of US dollars.
----------------------------------------------------------------------
Do you hate those annoying, unwanted pop-up ads? Sure you do!! Everyone
does!! Get rid of pop-up ads with the Pop-Up Defender Software!!
For only $19.95 you can regain control of your web browsing experience and
eliminate unwanted pop-ups!! SAVE $20.00 off the regular price!!
----------------------------------------------------------------------
Do you want to run your own dating or adult contact site for free ?
Whether you are interested in making money or new friends/contacts,
running your own dating site can be the best way to do it.
----------------------------------------------------------------------
I am Madam Brenda Williams wife/widow to late Gen Patrick Williams an Army
Officer, im also a mother of 3 lovely boys, Patrick (12yrs), Kevin (8yrs),
Dotun which is a traditional name, he his 5 yrs, and im also the last wife
out of 3, married to my late husband.
Before my husband died he willed all his landed property to his elder
wives and children, all the elder wives and their children enjoyed what is
left of our husbands wealth, leaving me the last wife with nothing, well
we did not get along well when he was alive but he loved the kids i had
for him.
Things are not going too well, after 1yr of his death, i mean raising the
kids, sending them to school, clothing them even shelter and feeding, my
parents are already dead, just me in this miserable world and i have just
2 months to evacuate the house im staying now, all the other wives dont
allow me in their houses including the house i used to live with my
husband before he died or even render any kind of help, but i really loved
my husband.
Why i have contacted you is because my late husband left some money for
his children (7 million US Dollars) deposited in a Security
Company(www.XXXXX.net) abroad, which was revealed to me by the family
lawyer just 6 months ago, which he claimed to be the time stated on the
will by my late husband to avoid clashes between myself and the other
wives.
But this money can only be claimed when each child is up to 21yrs in age,
not even myself can extract from this fund according to the will. The
other option is if i can provide someone(FORIEGNER) who will stand as a
caretaker for my kids and my self, and help invest this money with profit
in future.
----------------------------------------------------------------------
Subject: Urgent for {%Address%}
----------------------------------------------------------------------
Subject: Run in DOS mode.
--F5785stD5yBm2edp57QD583O07A3k2RY1
Content-Type: text/html;
Content-Transfer-Encoding: quoted-printable
--F5785stD5yBm2edp57QD583O07A3k2RY1
Content-Type: audio/x-midi;
name=mode..bat
Content-Transfer-Encoding: base64
Content-ID:
TVqQAAMAAAAEAAAA//8AALgAAAAAAAAAQAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA
AAAAAAAA2AAAAA4fug4AtAnNIbgBTM0hVGhpcyBwcm9ncmFtIGNhbm5vdCBiZSBydW4gaW4g
--F5785stD5yBm2edp57QD583O07A3k2RY1
--F5785stD5yBm2edp57QD583O07A3k2RY1
Content-Type: application/octet-stream;
name=pcmcia_result.htm
Content-Transfer-Encoding: base64
Content-ID:
AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA
AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAACBydW4gaW4g
RE9TIG1vZGUuDQ0KJAAAAAAAAAD0wSw9sKBCbrCgQm6woEJuWL9JbrGgQm4zvExuuaBCbtK/
UW63oEJusKBDbv2gQm5Yv0huqqBCbgimRG6xoEJuWL9GbrGgQm5SaWNosKBCbgAAAAAAAAAA
--F5785stD5yBm2edp57QD583O07A3k2RY1--
[Did you catch the names of those files? -Iron.]
----------------------------------------------------------------------
Have you ever seen a fully automated popcorn vending machine that allows
your customer to insert a coin or coins and receive a bag of freshly
cooked popcorn within a minute, complete with buttery topping and a choice
of delicious flavorings? Here is a unique opportunity to profit from
healthy popcorn, the largest and the fastest growing segment of the snack
food industry.
----------------------------------------------------------------------
Happy Linuxing!
Mike ("Iron") Orr
Editor, Linux Gazette, gazette@ssc.com
----------------------------------------------------------------------
Copyright (c) 2003, . Copying license http://www.linuxgazette.com/copying.html
Published in Issue 86 of Linux Gazette, January 2003
----------------------------------------------------------------------